IBM has launched the Hyper Protect Offline Signing Orchestrator (OSO), an air-gapped cold storage solution for digital assets. Developed in collaboration with digital asset manager Metaco and Tier-1 banks, OSO aims to enhance the security of cold storage solutions by eliminating manual functions during transactions. The system operates similarly to a time-delay safe, allowing transactions only at specified times or through authorized multibody governance. OSO's design addresses vulnerabilities associated with privileged administrator access, operational costs, and human errors, preventing common insider attacks. This article explores the features and advantages of OSO in securing digital asset transactions.



IBM has unveiled the Hyper Protect Offline Signing Orchestrator (OSO), a cold storage solution designed to enhance the security of digital assets. Developed in collaboration with digital asset manager Metaco and tier-1 banks, OSO addresses vulnerabilities associated with traditional cold storage solutions.

Cold storage solutions, particularly those that are air-gapped or physically disconnected from the internet, often face limitations related to privileged administrator access, operational costs, and human errors. IBM's OSO aims to overcome these challenges by automating transaction processes and implementing advanced security features.

OSO operates similarly to a time-delay safe, ensuring that transactions can only be initiated and executed at specific times or through the authorization of a multibody governance scheme. This approach eliminates the need for manual intervention during transactions, reducing the risk of insider attacks, including physical access, administrative manipulation, and coercion.

Key features and advantages of the Hyper Protect Offline Signing Orchestrator (OSO) include:

  • Automated Transaction Processes: OSO removes manual functions associated with initiating and conducting transactions, minimizing the risk of human errors and potential exploits.

  • Time-Delay Safe Concept: Transactions can only be sent from cold storage to the blockchain or vice versa at specific times, enhancing security and preventing unauthorized access.

  • Multibody Governance Authorization: OSO allows transactions only through the approval of a multibody governance scheme, adding an additional layer of security against insider attacks.

  • Air-Gapped Storage Containers: Digital assets can be stored in air-gapped storage containers, disconnected from the internet and external devices, preventing remote attacks during asset storage.

  • Policy Engine: OSO features a policy engine that facilitates communication between different applications without simultaneous connections, reducing the risk of human errors during transactions.

  • Confidential Computing Service: The system operates through a virtual, partitioned server via IBM's Confidential Computing Service, ensuring no direct external network connectivity and enhancing security.

The launch of OSO reflects IBM's commitment to addressing the limitations of traditional cold storage solutions and enhancing the security of digital asset transactions. By automating processes and implementing advanced security measures, OSO aims to provide a more robust and resilient solution for safeguarding digital assets.


(TRISTAN GREENE, COINTELEGRAPH, 2023)