Protecting password and identities: from the dumb vault to the dedicated secure OS

03/10/2015 | Blog posts

From the dumb storage to the dedicated secure OS

With the rapid development of cryptographicaly-enabled digital identities such as Bitcoin private keys, the data security industry is going through major changes.
Password management has always been a headache for the average internet user. Making sure passwords are secure, memorable and unique for each service is just wishful thinking and the majority of passwords end up looking like “password123″ or “[daughtername][birthdate]”.

The last password

Some startups have well understood this problem, and come up with great solutions in the idea of a vault automatically generating and storing unique passwords for the user. The only (and last) password you will need to remember is your master password, unlocking all the others. Combined with great UX tricks such as auto-fill and auto-lock, these solutions finally bring security and peace of mind to the end-user.

The hardware vault

Following this trend, Apple is offering its users to conventiently store all their passwords and sensitive data in a secure vault, encrypted by their unique biometric properties (Touch ID functionnality). The Mooltipass, a hardware vault, recently successfully completed their Indiegogo fundraising.

The Mooltipass hardware vault stores passwords and send them back to the computer host when needed

Digital identities: a new challenge

Digital identities are not passwords. They are very sensitive pieces of data, but the major difference is that they cannot ever be revealed to anyone or any service. Digital identities are cryptographic private keys, which are used to sign another piece of information, such as a document (PGP), an authentication challenge (SSH), a payment transaction (Bitcoin), a contract, etc.

If passwords can be managed in a “dumb” vault (i.e. securely storing encrypted pieces of data, and delivering them unencrypted when needed), digital identities — or private keys — must be confined to a secure realm leveraging them by executing specialized and sensitive tasks such as signing a message or building a transaction.

Passwords can be managed by a simple vault, but digital identities management must be built on a secure computer running a specialized OS

For these reasons, solutions similar to Apple’s Touch ID alone cannot securely handle Bitcoin private keys or other digital identities: additional logic needs to be applied, in a standard and trusted way, to verify that the credentials or assets are used legitimately.

Fido alliance

Many people and industries are realizing that passwords are obsolete and will be replaced by crypto-digital identities. It then becomes crucial to make sure that more secure solutions are not used to push more vendor lock ins. Cross industries standard initiatives, such as the FIDO Alliance, or community initiative, such as BitID, need to get maximum support for the community.

Digital identities security will revolve around a new kind of technology: a secure, portable, real time and specialized operating system. It is a shift from dumb storage to programmable logic.

The Ledger OS

Developed by Ledger and targetting the Bitcoin ecosystem, the Ledger OS already runs on several environments, such as a secure element based hardware wallet or a trustlet in a TEE (Trusted Execution Environment).

The Ledger OS has been ported on various environments, for various vertical integrations

Not only the secrets are secured inside an impenetrable architecture, but they can be leveraged by applying programmable logic to them. What was dumb storage becomes contract validation elements.

Secure element architecture

The very first real-world digital identity management solution, the Ledger Wallet Nano is a small USB hardware wallet, that integrates a EAL5+ certified Secure Element (smartcard) and the Ledger OS. It provides a simple user experience, so that anyone can use Bitcoin while benefiting from a truly secure environment.


Hitting the shelves in Q4 2015, the Ledger Wallet Blue extends the Nano experience in a simple, credit card-sized device.
The combination of a screen and a keyboard allows transaction verification directly on the device, without having to rely on an external security card or companion apps.

Hardware Security Modules (HSM)

Ledger is planning to market enterprise solutions based on hardware security modules in 2016. Acting like a Ledger Wallet Nano on steroids, Ledger’s HSM solutions will be able to control, secure and sign hundreds of transactions per second for securing exchanges, wallet APIs and business payments.

Running on a Hardware Security Module, Ledger OS provides bulk signature and fine programmable transaction capabilities. It makes possible to implement customized solutions such as a hot wallet with built-in safeguards, locking itself when transactions go past a predefined threshold.

Trusted Execution Environments (TEE)

Ledger uses Trustonic’s Trusted Execution Environment t<base to virtualize their hardware wallet solutions in a smartphone. These products are well integrated with the Bitcoin ecosystem to support fully decentralized, contactless transactions. Users may simply download a virtual hardware wallet rather than buying a new device, helping create a safe, standardized environment for the community of wallet developers

By providing the right tools to secure digital identities, Ledger aims to unleash Bitcoin’s potential and adoption.