Business applications of Multi-Level Multi-Sig
Data management and security are critical issues for nearly every company today, and their importance is accelerating with no end in sight. How can a company make sure high value company and user accounts are protected from both external and internal misuse? How can they ensure that one security breach won’t compromise all their other data? How can they ensure that security features aren’t so inconvenient that users ignore them?
Multi-signature features can address many of these issues. Multi-signature accounts are one of the strongest security features in any value-transfer network. Implementing multisig capability on blockchain usually means using a multisig smart contract. As with most smart contracts, the more the contract has been security tested, the more limited the options available.
One of Symbol blockchain’s great features is its built-in multi-sig features, ready to use and fully security tested. It’s the most flexible plug-and-play multisig system in the industry, allowing up to 25 signers per account, or more if you configure your own network. Even better, Symbol introduces a layered logic approach to multisig that is unique in the industry. Let’s cover what this means and why these features are so powerful in business applications.
Benefits of basic Multi-Sig accounts
Multi-sig accounts provide higher security in terms of who can access accounts and make transactions using company blockchain assets. With multisig, a business can allow many employees to make transactions from a single on-chain account without giving them all the same password. Multi-sig account users can be added or removed as needed. This functionality is not built into most other blockchain platforms.
Another useful benefit is distributed approval. An account with critical data or a high balance can require many or all of its signers to approve any transactions.
We’ve seen this configuration repel attacks when an employee was hacked and the attackers’ attempts to drain accounts were stopped dead.
Individual users can also use multi-sig as a form of two-factor authentication.
In the above example, the individual set up her account so no transactions could be sent unless she approved them with both her desktop wallet and mobile wallet.
At the basic level, a good multisig feature will let you select the total number signers that CAN approve a transaction, and the total number REQUIRED to approve a transaction. This is referred to as M of N. For example, you can have an account that allows 10 different employees to approve a transaction, with only one signature required. Or you can have 10 signers with at least 5 required to approve a transaction. A unique part of Symbol blockchain’s system is that it can automatically send a prompt to all signers, including a message explaining what the transaction is for, invoice numbers, and so forth. This is all performed on-chain, either publically or encrypted.
Multi-Level (layered) Multi-Signature accounts
Symbol has all the above native capabilities, but it adds the ability to have multiple layers of approvals.
In the following use case, multiple layers are configured so each transaction has to be approved by at least one signer from the Finance team AND at least one signer from the Business Development team.
Alternatively, we could configure these accounts so that all signers from any one of the teams are required to sign each transaction.
The ability to easily configure “this AND OR that” configurations is one of Symbol blockchain’s powerful enterprise features. Here are a few more examples.
In a distributed account recovery configuration, a team of trusted signers can give access to an individual’s account, but only if they all agree. In this example, if the CEO gets locked out of his account, he can ask the COO, CTO, and VP to all sign a transaction to restore his access.
AND OR configurations are also useful for automated transaction monitoring. In this example, an automated fraud detection system, such as those used for credit cards, reviews each transaction and has the ability to stop it if it meets certain criteria.
These nested signing layers can go up to 3 layers deep with up to 25 signers or branches per step.
What if the business needs to track an asset that’s unique, or subject to change, such as a pool of mortgage debt? Symbol blockchain’s built in asset management allows each individual instance of a unique asset to have separate multisig permissions set up.
You can also use this in supply chain tracking. For example, you can have a shipment of pharmaceuticals with a specific batch number. The digital record of ownership won’t be transferred until each step of shipment and inspection is completed with a multi-signature transaction.
IOT data tracking also has multi-signature use cases, such as transactions requiring inputs from M of N inputs or sensors – perhaps payment for uploaded news video data requires verification of user, file format, and sensor-verified geolocation.
The flexibility of configurations allows a multitude of other use cases and the extensibility with business logic allows multi-sig to be integrated into service platforms and other systems. Hopefully you have a clearer understanding of Symbol blockchain’s multi-signature features and why they are so useful in business applications. You’re invited to read our tech documentation, ask questions in our forums, or contact us if you’d like to explore more ideas.