HAINAN DIGITAL ASSET BANK
”The secure custody platform for distributed digital assets”
The Hainan Digital Asset Bank (DAB) is the compliance issuer, secure custodian, trusted transaction, and financial innovation platform, providing full life-cycle technology and regulatory solutions. It strives to serve as an infrastructure that promotes the rapid development of Hainan's digital industry, and the new governance model of the digital economy.
It is a decentralised digital assets banking and cloud wallet based on blockchain technology. The basic service and priority of DAB is a key storage security scheme that is implemented by TBTL Custody Service system.
TBTL is keen to work with other parties who are interested in working with us on the creation of further Digital Asset Bank platforms.
DAB primarily addresses and solves:
TBTL Custody Service
Trusted security guaranteed throughout the whole life cycle of functional code, from the user opening the wallet, to the digital identity authentication, to the transaction transfer, all in the TEE environment.
TBTL CS custody service system relies on Intel SGX (software guard extensions) technology and provides a full life cycle trusted execution environment (TEE) for DAB key storage and function code. The system integrates key management, policy engine, security computing service, multi-factor authentication technology, full nodes and basic blockchain functions, making the whole system extremely robust.
Figure 1: DAB - TBTL CS System data interaction diagram
The system diagram above describes the basic data interaction between the DAB and TBTL custody service. When DAB users are engaged in key operations such as registration, account recovery, transaction signing, etc., the key storage, management, encryption and decryption processes are carried out in a trusted enclave, which effectively resist the attacks of hackers and malware.
At the same time, DAB function code running depends on the main core components of the custody service, such as full node, policy engine and key vault. Typically, the custody service policy engine is one of the core components of the custody service system. It is flexible in configuration and adapts to the rapid change and update of business policies. The system can trigger the corresponding process according to the specified rules.
The custody service rule engine provides each DAB user with basic transaction strategy and additional rules pre-specified by the DAB. The following figure shows the multi-signature transfer process of the DAB organisation account, based on the custody service system policy engine.
Figure 2: DAB multi-signature transfer process
1: The DAB user initiates multi-signature transaction request.
2: Custody service receives the request and judges whether multi-factor verification is needed. In case of a large transfer amount, multi-factor verification is required; otherwise, it is not required.
3: If multi-factor authentication is required, users need to submit the authentication data to the trusted identity authentication service. The identity authentication server will verify the information and return the result.
4: Custody service query the authentication status and result from the authentication server. If verified, it will further judge whether the number of signatures has reached the minimum number of people who have signed successfully (threshold).
5: Threshold reached: return transaction information once signed.
6: Threshold not reached: wait for other members to sign.
5 BENEFITS OF deploying TBTL CUstody service
Multi-signature, intelligent risk control, KYC live identification to retrieve the key, comprehensive security hardening, anti-infiltration attack, formal verification
Provide precise, service-oriented, personalised, and customised services for individuals and organisations
Support joint management for alliance members, and achieve privacy protection and compliance supervision based on the alliance chain technology architecture
The private key generation, storage, and signature are performed in the TEE based on SGX. Protect the private key from the external environment and prevent private key leakage
Collective wisdom, democratic decision-making, co-construction, co-governance, co-sharing
individual multi-signature scenario
Service offer for an individual to set up a joint-management account.
The individual sets up how many co-administrators are required to agree and sign a transaction before it takes effect.
organisational multi-signature scenario
Service offer for organisations to make payments using designated employees as verification nodes.
When an individual initiates a payment transaction, the designated verification for it to be successfully complete.