Market exchanges employ multiple security methods to secure transactions between members. While digital signatures are often used to complete financial settlement and authorise transfer of ownership, securing these signatures against tampering can be challenging.
The digital certificates market exchanges issue to their members mostly rely on:
- Identity verified by certificate provider
- Unique digital certificate and key (such as a PIN or physical token)
- Encryption of signature plus document
- Re-validation of signature and signed document
Additional layers of security can add complexity and cost, and still cause issues:
- Physical security tokens (with a key on a USB for example) won’t protect the user if the token is left attached to a computer that becomes compromised.
- Lost tokens require a costly re-verification of identity before a new token can be created, and often the new token is delivered via post.
- Tokens require additional software (web browser plugin for example) that some users find difficult to properly configure, adding extra burden to the issuer’s technical support team.
- Exchanges generally can’t pre-purchase and store digital certificates for their members, so if a token is lost, its certificate is lost too.
Fraud prevention with Haventec Sanctum
Haventec Sanctum vaults can replace the physical security tokens used by market exchanges to help protect digital signatures.
Sanctum vaults present a safer, more efficient and cost effective long term solution for securing digital certificates:
- Sanctum online vaults secured on market exchange members’ devices
- Sanctum offline recovery vaults secured within the market exchange ecosystem.
When a member uploads a digital certificate into the market exchange ecosystem a new Sanctum offline vault is created.
The member then synchronises this Sanctum offline vault into a PIN-protected Sanctum online vault on their nominated devices (e.g. desktop, laptop, mobile device).
Once the online vault is secured on authorised devices, it is enabled to sign documents within the secure system.
How Sanctum secures digital signatures:
Sanctum employs three main security methods:
- Deconstruction – breaking data into several parts
- Decentralisation – separating those parts and distributing them across multiple locations
- Single-use encryption keys — changing keys and re-encrypting data for every transaction.
These methods ensure that only authorised market exchange members with Sanctum vaults on their authorised devices can access their digital signatures to complete transactions within a market exchange ecosystem.
Business benefits of Haventec Sanctum
- Protects against unlawful access to digital certificates
- Streamlines highly secure end user experiences
- Lowers complexity of data security operations and reduces operating costs