Custody and the Master Key
Master Key Model Overview
The Platforms
The tokenization custody router solution is built using the following components:
- The Ownera Custody Router.
- A Custody Key Management System.
- An adapter connecting the two.
Each user of the Custodian is allocated a Master Key. The Master Key is a standard EVM-compatible Wallet Address (similar to an Ethereum wallet address). All transactions, regardless of the target blockchain, are signed by the Custodian key management system using the client's Master Key, adhering to the EIP-712 standard or the minimalized HashList structure.
Before signing, Custody can implement any desired policy (e.g., various authentication methods, multi-signatures, MPC, HSM, cold storage). This is all agnostic to the router, which simply waits for a valid signed transaction to route and orchestrate.
Verification Targets
The key aspects to verify include:
- Legal Possession: Verifying that the asset cannot be moved on the registry blockchain without a valid, signed transaction from the Custody Router, ensuring Custodian has a legally-binding, provable, undisputable record of ownership.
- Transaction Execution: Ensuring the transaction is correctly executed on any underlying asset registry blockchain.
- Transaction Proof: Obtaining cryptographic proof that the assets were indeed allocated to the owner of the Master Key on the registry blockchain.
How It Works
1. Transaction Execution:
The router determines the best course of action depending on the underlying blockchain's nature:
-
For EVM-compatible blockchains:
- Custodian signs with the Master Key.
- The routers route the transaction into the source blockchain via the tokenization engine (Ethereum, Polygon, Besu, Quorum, etc.).
- The Master Key serves as the wallet address holding the asset, making ownership EVM-native.
-
For non-EVM-compatible blockchains:
- The Master Key signature authorizes the custodian to manage a native account on the target blockchain.
- Ownera custody routers may include a built-in Ledger node (such as Canton node).
-
For non-blockchain assets (e.g., FIAT payments):
- The Master Key signature authorizes a traditional, non-blockchain transaction via legacy networks like SWIFT.
2. Transaction Proof:
Getting proof that a transaction was properly executed depends on the asset registry blockchain:
-
Public chains:
- If the asset is on a public chain, the Custody Router will receive the transaction details and can verify it independently. The tokenization engine can also add any cryptographic proof if needed, such as a Signed Receipts or Zero Knowledge Proofs where available.
-
Private chains:
- If Custodian has a node on that private chain, it can verify the transaction independently (e.g., Canton, Besu network).
- If Custodian does not have a node or third-party validation capability, the router will receive cryptographic proof from the remote blockchain, signed by the financial institution's router.
3. Possession:
Ensuring that only a signed transaction by Custodian can move the asset out of the Master Key holder's account involves several practices:
-
Legally:
- A contractual agreement between Custodian and the TA using the tokenization engine as a registry specifies that only valid signed transactions by Custodian can move assets in the client's wallet or account.
- This contract is backed by appropriate on-chain smart contracts.
-
Technologically:
- Custodian can validate the smart contracts of the tokenization engine before allowing clients access to assets.
- On public chains, smart contracts are public and auditable.
- On private EVM chains, smart contracts can be provided and audited.
- Custodian's node (embedded in the router) controls assets natively on networks like Canton or R3 Corda.
- All tokenization partners utilize regulated TAs or other registrars to manage the registry blockchain.
-
Ownership Record:
- Custodian will maintain a set of cryptographic proofs signed by the TAs for every transaction via the router. This provides an additional layer of legally-binding validation of ownership, independent of the source blockchain.
The routers also support immobilization to an Omnibus and reissuance of assets where it makes commercial sense, such as reissuing with CSDs or issuing DRs.
Updated 4 months ago