Optimizing Your Wallets’ Transaction Security With Custom Approval Settings

2024-07-05  •  4 min read

Institutional investors have complex and ever-evolving needs. They require a secure and reliable custody platform that is also flexible and adaptive, enabling the efficient management of their digital assets at all times. 

This guided the design of our crypto custody platform and wallet infrastructure with two key account management components that ensure our clients retain full control of their fund movements in and out of their wallets: our Transaction Approval Policy (TAP) and Multi-Approval Scheme (MAS) frameworks. These frameworks allow Ceffu clients to set up their own governance controls with specific transaction parameters within their organization. This ensures that all movement of assets are authorized based on their predetermined criteria before being submitted to the network/blockchain for signing. 

These governance controls operate independently of key shard ownership, providing an extra layer of security as a fundamental feature of our storage solutions. By entrusting the complexities of key shard management and security to Ceffu, clients can focus on developing the most robust internal governance controls to meet their organizational requirements.

Assigning Roles and Permissions Within Your Organization 

The TAP framework offers our institutions the ability to create their internal policies with six distinct user roles: creator, admin, spender, approver, auditor, and trader.

Each of these roles delineate the permissions for each of their team members, either restricting or enabling various actions. For instance, the Admin role retains the same level of permissions as the Creator, allowing them to edit wallet settings. Conversely, roles such as Approver are confined to only authorizing transactions within their designated MAS and TAP rules.

Secured at Both the Software and Encryption Levels

Multi-party Computation (MPC) technology requires M out of N key shards (e.g., 3 out of 5) to validate and sign a transaction. This form of encryption is integrated into all our wallets to ensure the highest level of security, safeguarding client assets effectively. 

This same principle is applied to the design of the MAS framework, where clients can assign specific team members within their organization to the Ceffu platform and distribute approval responsibilities among multiple individuals. For example, 8 team members may be granted access to Ceffu and assigned to a Qualified Wallet’s approver role, but only 3 out of those 8 approvers (M out of N) may be required to approve a transaction.

The MAS security framework is essentially a software-level security feature we provide internally to our clients before the transaction is broadcasted onto the network/blockchain for signing. By enabling MAS, we eliminate any single point of failure, ensuring that all key shards remain in the custody of Ceffu at all times. This relieves our clients of the responsibility and complexities associated with key shard security, thereby mitigating risks.

Key Share Security 

Our team at Ceffu has developed a sophisticated network of air-gapped FIPS 140-2 devices distributed across various geographical regions to securely store your key shards. This ensures that even in the event of a security breach affecting one of your key shards, your account security remains intact.

Key shard storage can be an extremely resource-intensive and challenging task. Poor management practices or negligence can put your assets at significant risk. It is always advised that clients, especially those who are inexperienced, leave these intricacies in the hands of their entrusted custodian.

Your Last Line of Defence

As a client of Ceffu, you bear the responsibility of maximizing the effectiveness of your internal security measures by fully leveraging both the MAS and TAP features. However, should your configured parameters fail and become compromised by illicit attackers, Ceffu stands as your final line of defense. As the custodian of your key shards, it is our duty to implement robust checks and balances, ensuring that all transactions align with your true intentions.

Deep liquidity without compromising on security

To learn more about how Ceffu’s custody and liquidity solutions can help drive your business forward, contact us using our institutional form.

About Ceffu

Ceffu is a compliant, institutional-grade custody platform offering custody and liquidity solutions that are ISO 27001 & 27701 certified and SOC Type 1 & Type 2 attested. Its multi-party computation (MPC) technology, combined with a customizable multi-approval scheme, provides bespoke solutions allowing institutional clients to safely store and manage their digital assets.

Institutions may also benefit from Ceffu’s secure gateway to a wide range of liquidity products within the Binance ecosystem. This can be achieved through MirrorX, our off-exchange settlement solution, provided in partnership with Binance.

Media contact: pr@ceffu.com 

Stay informed

LinkedIn: Ceffu

Twitter: @CeffuGlobal