On February 8, 2017, the professional services company Accenture unveiled a patent-pending solution for blockchain technology to integrate with industrial-grade security systems that support sectors including financial services, healthcare and government. Collaborating with technology provider Thales, Accenture will utilize the company’s hardware security modules so that blockchain platforms can incorporate security features seamlessly through a developer-friendly interface. Thales brings years of technological experience and knowledge to this project, as their existing hardware solutions are used by most major banks to secure records and assets from cybertheft and other threats.
Thales’ HSMs are essentially crypto-processors that securely generate, protect, and store digital keys. According to comments made by Thales and Accenture, keys stored in the HSM architecture cannot be extracted or used except under a highly controlled protocol. The solution is built off of the widely used nShield HSM developed by Thales and facilitates large-scale commercial use of blockchain technology.
Simon Whitehouse, senior managing director and head of blockchain technologies at Accenture, states:
“Blockchain is quickly maturing across industries and is set to profoundly change how businesses operate. But current applications cannot meet the high security standards of most mission-critical IT infrastructure. That is because the digital keys used to secure and validate messages and transactions historically have proven vulnerable to network attacks. Our solution provides the same kind of physical security that banks have relied on for decades to keep money and transaction records safe from cyberthieves. It will clear a wider path not only for banks but for governments, insurers, healthcare providers and others to do real-world deployments of blockchain technology.”
Traditional blockchain-based systems rely on cyberwallets to store digital keys for blockchains. Because keys typically reside on software servers, they are vulnerable to network breaches that have plagued cryptocurrency exchanges in recent years. Accenture’s new solution makes it nearly impossible for digital keys to be misappropriated since their storage is physically isolated from IT networks and are designed with highly sophisticated, deterministic security mechanisms.
An additional feature of the solution is that platforms need only to be installed once, allowing companies to secure each of their blockchain applications – regardless of which blockchain they use – and eliminating the need to craft an individual code for each solution.
According to Jon Greater, CTO at Thales e-Security:
“The possibilities for blockchain are endless. In the financial sector everything from transactions to contracts and deeds could use a blockchain to legitimize and simplify the settlement process, and industries such as healthcare and federal government also stand to benefit from this technology. However, in order for blockchains to work, we need to believe and trust them, which means every participant must agree and anticipate how they will take part in the chain. Unfortunately innovation and vulnerability very often go hand-in-hand. Accenture has built trust and security into the technology of the chain itself, using Thales HSMs to protect the chain and prevent any nefarious activity. Thales continues to invest in blockchain delivering the ‘root of trust’ to this emerging technology.”
Accenture’s solution utilizes Hyperledger’s Fabric that leverages container technology to host smart contracts that comprise the application logic of a system, and can be adapted for other blockchain platforms. Although Accenture’s solution is patent-pending, HSMs have been utilized by banks to safeguard and manage digital keys for ATM machines, mainframe operations, and point-of-sale machines, and to verify and sign SWIFT messages. HSMs are used in virtually any application that requires secure and verified signatures – for example, when a customer withdraws cash from an ATM, the bank’s data center uses HSMs to validate a personal PIN.
Benefits of HSMs include:
• Keys are stored within secure HSM boundary: the keys always live inside the secure, certified HSM boundary vs. in software or on a hard drive where they are vulnerable to attacks.
• Tamper–resistant hardware: FIPS 140-2 Level 2 and 3 certified HSMs are tested to stringent standards and are extremely difficult to access by unauthorized users.
• Sophisticated cryptography: HSMs use a certified, cryptographically secure random number generator to create keys, providing superior quality keys than a typical computer system.
David Treat, the managing director and financial services blockchain lead at Accenture, said:
"The opportunity to benefit from blockchain technology within sectors like financial services and healthcare depends on an ability to protect digital keys using conventional standards of security. While there have been bespoke blockchain integrations with HSMs before, this solution offers a simpler and more flexible standard to connect blockchain platforms with the leading HSMs. We are committed to delivering these types of real-world innovations that will serve as the stepping stones to make blockchain technology a reality for large-scale enterprises."
Because Thales is a leader in advanced data security solutions and services, from ground transportation to aerospace technology, this collaboration will help strengthen the broad range of services Accenture provides to blockchain-based platforms such as strategy, consulting, digital, technology and operations. The use of HSMs for blockchain-based systems is just one example of how interoperability within the space is steadily advancing to provide the reassurance companies want and need, which will aid in blockchain’s mainstream adoption.