Skip to content

6.0 Security

Security is a core component of the MBI platform. It ensures that all interactions between applications, MBI, and the blockchain remain protected from unauthorized access, tampering, and misuse.

6.1 Authentication and Authorization

API Key-Based Access

API Key-Based Access

All digital asset API calls are secured through the use of unique API keys. Each API key is linked to a specific subscription, ensuring that only authorized requests are processed. This mechanism helps prevent unauthorized access and enforces a strong security boundary between different users or applications.

Key Rotation

Key Rotation

Users have the ability to rotate their API keys at any time through the subscription detail page. Regular rotation of keys is strongly recommended to reduce the risk of compromise. When a key is rotated, the old key is immediately invalidated, ensuring uninterrupted protection of digital assets.

Access Control & Permissions

Role-Based Access Control (RBAC)

Beyond API keys, the system enforces role-based access control (RBAC). This ensures that users only have access to resources and actions appropriate to their role.

Examples:

  • Administrative users - Granted wallet creation rights
  • Standard users - Limited to viewing balances and transaction history

Monitoring & Logging

Audit & Compliance

All authentication and authorization events are logged for auditing and compliance purposes:

  • Login attempts
  • Failed authentication
  • API key rotations

This provides transparency and allows detection of unusual or malicious activities.

6.2 Wallet Handling and Management

Wallet Creation & Ownership

Wallets are automatically created and managed within the MBI system. Each user is assigned a unique wallet address that they can view and use for transactions. Wallet creation follows standardized protocols to ensure compatibility with supported blockchain networks.

Secure Key Management

Private keys are securely stored in HashiCorp Vault, a trusted enterprise-grade solution for secrets management. This approach ensures that sensitive key material is never exposed to the user or application layer directly. Vault handles encryption, access policies, and lifecycle management of the keys.

Security Benefits

  • Keys never exposed to user or application layer
  • Enterprise-grade encryption
  • Automated access policies
  • Complete lifecycle management

User Visibility & Transparency

While users do not have direct access to private keys, they can view their wallet addresses and track their transaction history within the platform dashboard. This balance of visibility and restricted access ensures transparency without compromising security.

Available to Users:

  • Wallet addresses
  • Transaction history
  • Balance information

Restricted Access:

  • Private keys (stored securely in Vault)
  • Signing operations (performed server-side)

Transaction Signing

All transactions are signed securely within the MBI infrastructure using private keys stored in Vault. This guarantees that sensitive signing operations occur in a controlled environment, reducing risks of key leakage or misuse.

Backup & Recovery

Redundant backup strategies are in place for wallet data, with recovery procedures designed to prevent loss in case of system failures. Recovery processes are secured to ensure that keys and transactions remain protected during any restoration event.

Recovery Features

  • Redundant backup systems
  • Secure recovery procedures
  • Protection during restoration events
  • No loss of wallet data or keys

Compliance & Auditability

Wallet operations are fully auditable, with detailed logs maintained for all critical actions:

Operation Logged Information
Wallet Creation Timestamp, User ID, Wallet Address
Transaction Initiation Transaction details, Initiator, Status
Key Access Requests Requester, Purpose, Authorization

These logs support regulatory compliance and provide accountability in asset management.

6.3 Data Privacy and Integrity Controls - Pending Completion

Protecting sensitive data is essential for trust.

  • Encrypted Communication – All traffic between clients, MBI, and blockchain is secured using TLS to prevent interception.
  • Hashing & Digital Signatures – Data stored off-chain is hashed, with the hash recorded on-chain to ensure immutability and authenticity.
  • Logging & Auditing – All system actions are logged for traceability, anomaly detection, and compliance reporting.