Kelp Exploit Post-Mortem: Three Treasury Risk Blind Spots Behind the $292M Loss
Platform Updates

Safeheron to Launch TEE KMS Node: Transforming Digital Asset Security Management

By Safeheron Team
|

As the Web3 market continues to evolve, security threats have grown increasingly sophisticated, making secure key management a critical concern for enterprises and institutions. To address these challenges, Safeheron is planning to introduce its TEE KMS Node, a hardware-level key management solution powered by in-house developed and open-sourced Trusted Execution Environment (TEE) technology.

This innovative solution not only delivers a significant boost in security but also offers exceptional flexibility, adapting seamlessly to diverse business scenarios such as blockchain wallets and financial payment systems. By leveraging this robust technology, Safeheron empowers enterprises to efficiently handle high-frequency business demands with confidence and ease.

TEE: Trusted Execution Environment, a secure and reliable execution environment at the hardware level.

What is TEE KMS Node?

TEE (Trusted Execution Environment) is a hardware isolation technology that creates a protected execution environment at the hardware level, providing enhanced security for processing sensitive data. Safeheron has independently developed its TEE technology based on the Intel SGX SDK and open-sourced the world’s first Intel SGX TEE native framework in C++.

Safeheron’s MPC self-custody SaaS services and MPC Node Suite are seamlessly integrated with TEE technology, fundamentally enhancing the system’s security and trust. Through serving an increasing number of institutional clients, Safeheron has noticed that single-key and single-device use cases remain prevalent. By leveraging TEE technology, single-key security management and usage are exponentially improved, leading to the idea of the TEE KMS Node.

KMS is responsible for generating, storing, and managing keys while providing controlled access. By integrating the powerful security from TEE, the TEE KMS Node offers enterprises a high-performance, low-latency, and hardware-protected secure execution environment. It ensures hardware-level protection for the single private key, eliminates the risks of key leaks and malicious usage, and guarantees that critical operations are efficiently completed within a tamper-proof and trusted environment.

Additionally, the TEE KMS Node provides multi-party asset management mechanisms, ensuring the transparency of enterprise asset management while mitigating single-point risks.

Why Choose TEE KMS Node?

  • Hardware-Level Security: Built on Intel SGX SDK, TEE KMS Node ensures that key generation and usage are performed within a secure, trustworthy environment, fundamentally eliminating key leakage risks.
  • Open-Source Transparency: Developed using Safeheron’s in-house and open-source native TEE framework SSGX, the product integrates modular capabilities. It provides enterprises with an open, verifiable, and reliable single-key management solution.
  • Multi-Party Key Management: Support multi-party key management for organizations, reducing single-point risks and significantly enhancing operational security and compliance.
  • Multi-Chain Support: Compatible with multiple signature algorithms like ECDSA (Secp256k1), EdDSA (Ed25519), and Schnorr (Secp256k1), it supports transaction signing across mainstream blockchain networks, enabling unified management of multi-chain keys.
  • Scalable Design: Flexibly scale to deliver exceptional performance in high-concurrency, low-latency transaction scenarios. It meets intensive transaction demands while reducing scaling costs and improving concurrent processing capabilities.
  • Seamless Migration: Offer easy migration without the need to build a secure layer from scratch. Keys or recovery phrases can be imported to integrate effortlessly with existing business systems, upgrading key management infrastructure, and unifying wallet management.
  • HD Wallet Accounts: Support the BIP44 hierarchical deterministic (HD) wallet protocol, allowing HD-derived signatures, simplifying key management, and efficiently supporting large-scale account systems.
  • Secure Access: Safeheron APIs implement a multi-signature authentication mechanism, combined with TEE technology, to ensure the authenticity and legality of signatories. This avoids single-point control risks and ensures API call security.
  • Technical Support: Offer professional technical support with security advice and solutions for specific user scenarios, ensuring enterprises receive optimal assistance.

As a fundamental key management solution, TEE KMS Node ensures technical verifiability. Users can explore Safeheron’s open-source SSGX framework to understand its implementation of its proprietary TEE technology.

What Scenarios Can TEE KMS Node Support?

Trading Bots: Ensuring Transaction Efficiency and Preventing Key Leaks

Trading bots need to execute numerous transactions quickly and efficiently, often relying on single keys to control assets. Key leaks pose significant risks, and even traditional KMS services may expose keys due to issues like memory leaks. TEE KMS Node encloses the entire lifecycle of keys within the TEE environment, paired with API multi-signature authentication mechanisms, ensuring keys remain invisible and API access is secure.

With TEE KMS Node, managing trading bot asset keys ensures transaction efficiency while fundamentally eliminating key leakage risks.

Exchange API Keys: Establishing Enterprise-Level Trusted Key Management

For exchanges managing assets, API key security is critical. Traditional methods expose risks during key generation, storage, and usage, potentially leading to asset loss. TEE KMS Node securely generates and hosts API keys within a trusted TEE environment, ensuring keys are non-exportable and invisible throughout their lifecycle.

By integrating TEE KMS Node, enterprises can establish a trusted API key management system, eliminating leakage risks at the source and ensuring comprehensive asset security for exchanges.

Future Outlook

Safeheron’s TEE KMS Node is a hardware-level key management solution that integrates TEE and KMS technologies to significantly improve digital asset security and management efficiency. With high security, low latency, scalability, and cost-effectiveness, the product is tailored to meet diverse business needs in terms of performance, cost, algorithm support, and extensibility.

Looking ahead, Safeheron aims to build an open and transparent ecosystem, offering secure and reliable solutions for enterprises in the Web3, and driving the development of digital asset management and Web3 security.

Previous Next
SHARE THIS ARTICLE

Related Articles

We use cookies to optimize site functionality & application and give you the best possible experience.

For more information, please read our Cookie Policy. By choosing "Accept All", "Accept Preferences" or turning off the pop-up, you agree to the storage of cookies on your device to improve website navigation, analyze site traffic and provide customer service.

联系我们