EDMUND - A digital asset custody service
Edmund (https://www.edmundhq.com/) is a digital asset custody service with the focus on security, fraud detection and regulatory compliance. The service was designed especially for digital asset issuers, funds and investors.
The product was designed around processes. Deposit and withdrawal processes are defined at the time of contract signing. The transaction had to forego a series of checks from approvals to time-locks and also transaction signing. Each of which would require a 100% of positive outcome.
The task at hand
Our task was to implement a process engine that will be used in many parts of the system, implement MFA using different technologies from email, google authenticator to Yubikeys and start the design of an automatic transaction signing service using nCipher (now Entrust) Hardware security modules (HSM).
The HSM signer task was especially challenging as the platform used to implement these features is embedded C on an integrated PowerPC platform.
The process engine development took quite some time due to write constraints and data signatures on the database level. We had to thoroughly test the state changes for different cases and implement a web designer for the processes.
The automated signers project required that the result of the processes was verifiable via cryptographic signatures on the HSM device. The data had to be securely transferred and verified. If the verification was successful the HSM program would sign the transaction and broadcast it to the right blockchain.
Implementation was conducted using Java with Spring Boot, C and AnularJS.