Telefónica Tech, Telefónica's holding company that comprises the digital businesses of Cloud, Cyber Security, IoT, Big Data and Blockchain; together with Entrust, a global enabler in trusted identity, payments and data protection; have signed a collaboration agreement to incorporate Entrust technology into TrustOS, Telefónica Tech's managed blockchain platform.
Telefónica Tech's TrustOS platform is a private ecosystem of trust that enables companies to connect their business processes with the Blockchain network. In order to operate in this network, users must be properly authenticated by means of a certificate issued and signed by a centralised entity in the network, called Certification Authority (CA).
In this way, as it is a public key infrastructure (PKI), good security practices recommend that the private keys issued are suitably protected so that they cannot be compromised and prevent identity theft with valid credentials by having their certificate signed by a stolen but legitimate key.
Thanks to the incorporation of Entrust nShield hardware security modules (HSMs) into the TrustOS ecosystem, the management of users' cryptographic keys is achieved by protecting them in a secure, hardened, tamper-resistant environment. The solution protects the private keys associated with network identity certificates so that they cannot be used outside the HSM for unauthorised manipulation or actions that have not been previously determined.
This type of solution also provides an answer to one of the biggest challenges of managed blockchain networks, which is the secure custody by the operator of the cryptographic material that allows users' identities to be unlocked when using the network. In this way, the TrustOS Platform takes a significant step towards providing sovereign identity services in the cloud, a field with one of the greatest growth potential in the blockchain sub-industry, which has not yet solved the usability problems related precisely to the management of its keys by the user.
In 2020, Telefónica Tech already launched the TrustID project within the framework of Hyperledger Labs, the largest open-source community for blockchain business, which enabled the use of externally issued identities in a blockchain network. With this collaboration, any user with a digital certificate issued by a PKI will be able to operate in ecosystems managed with TrustID, the TrustOS identity module.
José Luis Núñez, Head of Blockchain at Telefónica Tech, assures that "the collaboration with Entrust allows us not only to solve a common concern of our most expert clients related to the management of cryptographic material in the Platform, but also to approach the digital identity and cryptography market with a leading partner in such innovative concepts as the tokenisation of digital certificates used for signing documents or identifying ourselves before the administration or the intersection between blockchain, cryptography and quantum technologies, where we have already executed a proof of concept in 2020".
Javier Sánchez, Territory Sales Manager for Data Protection Solutions at Entrust, comments that “applications and services deployed on the blockchain do not exclude security policies, especially when security around encryption is as strong as the strategy of protecting private keys. In this sense, we are delighted to be part of this business initiative with Telefónica Tech by providing the key protection component with our nShield HSMs”.
Rocío Martínez, Head of Entrust Digital Identity for Spain, says: “We highly value the collaboration with Telefónica Tech around its TrustOS platform and we hope to open new lines of collaboration, particularly in the field of digital identity protection through PKI technology, in which Entrust has been a global leader for more than 25 years. Implementing this type of solution also in distributed systems such as blockchain will allow us to apply strict security procedures while exploring bold initiatives such as identity tokenisation”.