Introduction

The CoKeeps Platform serves as a foundational framework designed for institutional organisations to construct new blockchain-based products and manage digital asset operations. As the owner, you retain full control over your assets at all times. The CoKeeps Platform encompasses several key components:

Client Administration: This component functions as a centralised governance hub, facilitating the management of users, contacts, policies, organisational actions, and configurations.

Cold Wallet: This component oversees single and multi-signature accounts, executes transactions, and manages other wallet-related functions, including smart contracts. There are no limitations on the number of accounts you can create.

Hot Wallet: This component acts as the intermediary linking your platform, application, or service to CoKeeps Wallet functions. Communication takes place through REST API (TLS over HTTPS), enabling automation for the majority of processes. It empowers you to develop and concentrate on your products across desktop, web, or mobile applications, while CoKeeps seamlessly manages digital asset in the background.

Access Controls

Each CoKeeps component employs its own unique approach to data management and permission control for reading or modifying data. For Client Administration and Wallet components, login attempts are confirmed and verified through OTP (One Time Password) sent via email. TOTP (Time-based One Time Password) via an application of your choosing is required for any action that involves modifying information or initiating a transaction.

Additionally, the Cold Wallet component utilises passphrase and PIN mechanisms to safeguard against key generation. Access to this component is restricted to a single device per user.

Access to the Hot Wallet relies on the authentication mechanism tailored to your individual end users, rather than relying on token-based or back-end-driven actions. This authentication process is primarily managed by our JavaScript front-end SDK, which provides seamless integration to your platform. For further information, please consult the Hot Wallet Guide.

Data privacy and protection

Throughout the registration process and ongoing operations within the CoKeeps platform, we prioritise the privacy and security of your information. CoKeeps does not retain sensitive data such as PINs, passphrases, passwords, or any other personal information in our databases. We solely require your email address to facilitate OTP authentication and transaction notifications, with all other data handled cryptographically to ensure confidentiality.

For Hot Wallet integration with your existing platform, which may necessitate user data for tasks like address identification or approval processes, CoKeeps maintains a strict policy of not storing or processing any Personally Identifiable Information (PII). Instead, we require the use of Universally Unique Identifiers (UUIDs) to represent user data. These anonymous identifiers are internally mapped within the CoKeeps system to ensure anonymity and privacy.

To uphold the integrity of stored data, all information across our platforms undergoes verification using the Signature Based Data Verification (SBDV) algorithm. This rigorous validation process detects any tampering attempts, ensuring that further actions are prevented to uphold the security and reliability of the stored data.

Organisation

Roles & Permissions

Authoriser: An individual responsible for managing organisational information and configuring users, policies, contacts, smart contracts, and the hot wallet. Each Authoriser can be assigned to a specific scope. For example, roles can be segregated into three distinct categories: one authoriser may have permission to manage users and roles, another may oversee smart contract and hot wallet configurations, while the third may be tasked with managing contacts and policies.

Payer: An optional designated individual who oversees subscription and payment processes.

Signer: A designated entity responsible for account creation, executing transactions, and signing messages. This entity can either be a human user managing the process manually or a machine assigned to perform automated tasks. You have the flexibility to define the coins or tokens and the scope within which a signer can operate.

Hot Wallet Users: These users are those registered through the Hot Wallet API and are distinct from any roles previously mentioned. Typically, they are not CoKeeps users but rather your end users. Their capabilities are highly restricted, primarily limited to creating deposit addresses and conducting withdrawal operations, subject to the limits set by your platform.

Contacts

A contact, representing the address of a coin or token account, can serve as either a destination or a signer. A destination indicates that the address is now eligible to receive all outgoing transactions. On the other hand, a signer is a designated address that can participate in the creation of a multi-signature account.

These measures are implemented to facilitate organisational governance, ensuring that no single individual, such as the signer, can unilaterally send transactions or enlist others to join a multi-signature account without oversight.

Policies

An off-chain control mechanism for managing the process flow of multi-signature transactions. Our policy is designed to be platform-agnostic, meaning that policy information is stored in the IPFS (Interplanetary File System) and can be accessed by third-party platforms managing one or more multi-signature member accounts, should these platforms wish to adopt similar behaviour within their own systems.

NOTE

Every multi-signature account held under CoKeeps custody must have a policy established.