Central to the Wallet-as-a-Service (Palisade) security framework is ‘Zero Trust Architecture’ (ZTA), a security model which assumes that networks and users are hostile and should not be trusted by default.
In practice, this means that a rigorous authentication process governs all requests to access your digital assets, whether they originate from inside or outside your organization.
In Wallet-as-a-Service (Palisade), ZTA is implemented through a number of features:
- Multi-factor authentication – Users must complete multi-factor authentication to login to their Wallet-as-a-Service (Palisade) account
- User management - organization administrators can assign different levels of access to different users. We recommend assigning the least amount of privilege/access needed for users to complete tasks
- Policies – organization administrators can select which users are authorized to initiate transactions from wallets
- Approvals – setting up approval groups means that certain users must approve transactions before they are submitted to the blockchain
HSMs are secure, tamper-resistant hardware devices specifically designed to store and manage cryptographic keys, execute cryptographic operations and process sensitive information.
Wallet-as-a-Service (Palisade) utilizes HSMs that are certified to Federal Information Processing Standard (FIPS) 140-2 Level 3 or higher. They are therefore fully compliant with federal regulations. These HSMs are architected to defend against unauthorized access and tampering, and they respond to intrusions by automatically zeroizing (or erasing) sensitive information.
See our Wallets guide for information on how Wallet-as-a-Service (Palisade) uses HSMs to generate and protect your digital asset wallet keys.
Wallet-as-a-Service (Palisade) implements Multi-Party Computation (MPC) with Threshold Signature Scheme (TSS) to provide institutional-grade security for private key management. MPC-TSS eliminates single points of failure by distributing key shares across multiple independent devices, ensuring that no single party ever has access to the complete private key.
Key benefits of MPC-TSS:
- Breach resilience – Compromising some key shares does not compromise the key
- No single point of failure – The private key is never fully constructed in any location
- Transaction security – Quorum-based signing prevents unauthorized access
- Operational continuity – Key operations (resharing, restructuring) without wallet disruption
See Understanding MPC-TSS for a comprehensive explanation of how Wallet-as-a-Service (Palisade) implements this technology, or MPC terminology for key terms and definitions.