Secure Firmware Transaction Signing Platform Apparatus, Methods, and Systems

Secure Firmware Transaction Signing Platform Apparatus, Methods, and Systems

Glossary

Term Definitions HSM (Hardware Security Module) A physical computing device used to protect and manage digital keys, perform encryption and decryption operations, and provide tamper-resistant operations. Master private keys are used to derive root keys in a hierarchical deterministic wallet from which other keys are derived. SFTS (Secure Firmware Transaction Signing) A software component of the secure firmware transaction signing platform described in this invention. Key Sharing A technique for splitting a key into multiple parts (shares) so that a certain number of shares are required to reconstruct the original key. Shamir Secret Sharing An algorithm that allows a key to be split into N shares so that K of them are required to reconstruct the original key. BIP-32 A standard for hierarchical deterministic wallets that allows a tree of keys to be derived from a single seed. TSS (Transaction Signing Server) A server that facilitates transaction signing, which can be part of a hot wallet or a cold wallet. Hot wallets Wallets that are connected to the internet and can be used for fast transactions. Cold wallets Wallets that are kept offline for increased security and are used only to sign transactions. PCIe HSM A type of HSM that is installed in a PCIe slot on a computer's motherboard. USB HSM A type of HSM that is connected to a computer via a USB port. Encrypted Master Private KeyA master private key encrypted with a public key that can only be decrypted with the corresponding private key. Private Key Decryption KeyA key used to decrypt the key that encrypted the master private key. Public Key Encryption KeyA key used to encrypt the key of the master private key so that only someone with the corresponding private key decryption key can decrypt it. Keychain PathA path in a hierarchical deterministic wallet used to derive a specific key. Signature Private KeyA key used to sign transactions. ECDSA SignatureA digital signature generated by the Elliptic Curve Digital Signature Algorithm. DER formatA binary format used to encode digital signatures. Backup HSMAn HSM used to back up the master key. Host HSMAn HSM that stores the master key and is used to sign transactions. Recovery UtilityA software tool used to recover the master key from a backup. Backup MaterialA physical material such as a paper printout, metal sheet, or plastic sheet used to store the master key share.

What is an HSM and what is it used for?

What is the SFTS module responsible for? Where is it located?

What is the difference between a hot wallet and a cold wallet?

How does Shamir Secret Sharing enhance key security?

How is the master private key encrypted and decrypted?

What is a keychain path and what role does it play in generating a signing private key?

What information is typically included in a transaction signing request message?

What is the difference between a backup HSM and a host HSM?

What is the purpose of a recovery utility?

Name three types of backup material that can be used to store a master key share.

Answer

An HSM is a tamper-resistant hardware device used to securely store and manage cryptographic keys and perform cryptographic operations. In the present invention, the HSM is used to store the master private key, perform key derivation, and sign transactions.

The SFTS module is responsible for performing security operations related to transaction signing, such as key derivation and signature generation. It is located in a tamper-resistant environment of the HSM.

Hot wallets are connected to the internet and can be used for fast transactions, while cold wallets are kept offline for increased security.

Shamir secret sharing enhances key security by splitting a key into multiple shares, so a certain number of shares are required to reconstruct the original key, which reduces the risk of a single point of failure.

The master private key is encrypted using a public key encryption key and can only be decrypted using the corresponding private key decryption key.

A keychain path is a path in a hierarchical deterministic wallet that is used to derive a specific key. It is used to generate a signing private key from a decrypted master private key.

The transaction signing request message typically contains the transaction data (e.g., the transaction hash), the keychain path to use, and any necessary authentication information.

The backup HSM is used to back up the master key, while the host HSM stores the master key and is used to sign transactions.

The recovery utility is used to recover the master key from a backup if the master key is lost or stolen.

Three types of backup material that can be used to store the master key share are: paper printouts, metal or plastic plates, and USB keys.