System Architecture and Integration scenarios
OmniSafe: Integration Scenarios for Secure Crypto Custody
This section outlines the various ways you can integrate your systems with ecrop’s OmniSafe platform. Choosing the right integration approach depends on your business needs, technical capabilities, and desired level of control over the user experience. We’ll describe three primary integration scenarios, focusing on the responsibilities of your system, the ecrop system, and how end-users interact with the platform. We’ll also cover a crucial aspect of integration: KYC/AML compliance.
Key Terms
- Client: You, the organization integrating with ecrop.
- End-user: Your customer, the individual or entity interacting with your platform and whose assets you’re custodying with OmniSafe.
- Asset: The cryptocurrency or digital asset being custodied and managed by OmniSafe.
- Wallet: A secure digital container for holding assets, managed by OmniSafe.
- Transaction: The transfer of assets into, out of, or within the OmniSafe custody system.
Core Components
- OmniSafe Custody API: The core engine of ecrop’s crypto custody solution. OmniSafe handles:
- Wallet Management: Creation, storage, and management of secure wallets.
- Transaction Processing: Secure initiation, authorization, and execution of cryptocurrency transactions.
- Compliance & Security: Enforcement of security policies, KYC/AML checks, and reporting requirements.
- ecrop’s OmniPersona: A mobile application providing a secure and user-friendly experience for:
- User Registration: Streamlining the onboarding process and verifying user identities through integrated KYC providers.
- Secure Access: Connecting to multiple applications and accessing their functionality after identity verification.
- Proof of Action (POA): Securing sensitive actions with state-of-the-art cryptographic technology.
- Regulatory Compliance: Ensuring all users and transactions meet the highest standards.
- ecrop’s Other Products: ecrop provides another products to integrate with as well:
- OmniAsset: OmniAsset is used for crypto security emissions and management. It can be used in conjunction with OmniSafe to reduce integration effort by alleviating the use to deal with the private keys investors and emitters use to access their securities.
- OmniEagle: OmniEagle is used for the real-time and automated AML analysis. This makes sure the platfrom is compliant with AML regulations.
- Client System: Your IT infrastructure and applications that interact with OmniSafe via API. Responsibilities vary based on the integration scenario (see below).
Integration Scenarios
Full API Integration
This scenario offers maximum flexibility and control. You manage the entire custody process within your systems, using ecrop’s API for wallet management, transaction processing, and compliance.
-
Client System Responsibilities:
- Creates and manages wallets via the /wallets API.
- Handles end-user authentication and authorization within their own system.
- Integrates ecrop’s security measures to enable strong authorization for critical actions, managing end-user public keys and ensuring API requests are properly authenticated.
- Handles any additional data that is necessary.
-
ecrop OmniSafe Responsibilities:
- Provides the API for wallet, transaction, and compliance management.
- Securely stores and manages wallet data.
- Executes transactions according to instructions and enforces security policies.
- Provides all regulatory required functions, including security measurements, AML analysis, auditing and reporting capabilities, etc.
-
End-User Interaction: The client is fully responsible for the end-user experience and interface.
-
Authentication:
- Client-ecrop: Bearer token-based authentication.
- End-User: Handled by the client’s system. Critical actions, such as withdrawals or creation of wallets, need to be secured by the client.
-
Security: Full security is handled by the client. It can be combined with OmniSafe’s security or handled independently.
Less API Integration with OmniPersona: PSD2-like transaction authorization with Secure End-User Management
This scenario leverages OmniPersona for end-user onboarding, identification and transaction authorization using the OmniSafe secure key management, drastically simplifying integration for the client system.
-
Client System Responsibilities:
- Reads the customer data from the OmniPersona platform.
- Receives the wallets public key for the wallet creation.
- Sends well-defined transaction requests to OmniSafe (using the OmniSafe API), specifying the source wallet, recipient address, and amount.
- Manages the user interface of the core application
-
ecrop OmniSafe Responsibilities:
- Provides the APIs for transaction submission, and compliance management.
- Handles the secure signing of transactions, leveraging OmniPersona for user authentication and Proof of Action (POA).
- Securely stores and manages all wallet data, including user credentials, public keys, and transaction history.
- Enforces all security policies and regulatory compliance requirements.
-
ecrop OmniPersona Responsibilities:
-
Has implemented all KYC actions, including compliant identification (using PostIdent).
-
Creates, holds and manages the users wallet.
-
Asks the user for transaction authorization using notifications, triggering transaction signing with the users private key.
-
Can provide information about the users (after approval).
-
End-User Interaction:
- Registers and completes KYC through the secure OmniPersona application.
- Authorizes transactions using their OmniPersona account, leveraging built-in security features.
- Can access various other applications under the OmniSafe ecosystem with a single login via OmniPersona.
-
Authentication:
- Client-ecrop: Bearer token-based authentication for API access.
- End-User: Securely authenticated via OmniPersona’s authentication methods (e.g., biometrics, device authentication) and does challenge response to ensure security.