IBM has introduced the IBM Hyper Protect Offline Signing Orchestrator (OSO), a groundbreaking air-gapped cold storage solution designed for digital assets. Developed in collaboration with digital asset manager Metaco, an IBM partner and Ripple subsidiary, along with tier-1 banks, the new system addresses common vulnerabilities found in conventional cold storage solutions.
Described as an end-to-end asset encryption service, OSO tackles limitations associated with offline or physically air-gapped cold storage, such as privileged administrator access, operational costs, errors, and scalability challenges. IBM’s blog post emphasizes the role of human interaction as the underlying factor contributing to these limitations.
OSO eliminates manual functions related to initiating and conducting transactions, similar to a time-release safe. Configurable to send transactions from cold storage to the blockchain and vice versa only at specific times or through multi-body governance scheme authorization, OSO enhances security. This approach mitigates various insider attack vectors, including physical access, administrative manipulation, and coercion attacks.
In the event of unauthorized access, a bad actor can only initiate a transaction during approved times and must wait for approval before executing it. OSO further enhances security by enabling digital assets to be stored in an “air-gapped” storage container, disconnected from the internet or any internet-capable device, preventing remote attacks during asset rest periods.
Unlike traditional air-gapped cold storage solutions that require administrators to manually carry physical storage devices for signing transactions, OSO introduces a policy engine to facilitate communication between different applications without connecting to both simultaneously. Operating through a virtual, partitioned server via IBM’s Confidential Computing service, OSO lacks direct external network connectivity, preventing human errors and remote access during transactions.