When custody meets technology: Aegis Vault

Aegis Vault
www.aegiscustody.com
USA・Hong Kong・Taiwan・Singapore
con
fi
ed Custodian

INTUITIVE PLATFORM
SEC-APPROVED POLICY ENGINE
AUDITED & INSURED CUSTODIAN WORKFLOW
KMS-AGNOSTIC SYSTEM ARCHITECT
LICENSED IN MULTIPLE JURISDICTIONS
ACCESS TO SERVICES
AUTHORIZATION
& AUTHENTICATION
INTERNAL CONTROL
REGULATION & COMPLIANCE
STRUCTURE
When custody meets technology: an insured custody work
fl
ow to meet quali
fi
ed custodian requirements
Con
fi
dential information included exclusively for this deck only.
KEY MANAGEMENT
SOLUTION ( MPC )
HIGHLIGHTS
• All requests are initiated by client and approved by Aegis
• MFA - web (password) + auth app (bio-metric + PIN)
• Hardware authenticator-included approval
• SOC2 Type1 & Type2 Certi
fi
ed
• Specie Insurance from
• Quali
fi
ed Custodian in the US ( South Dakota Charter )
• Regulated in HK ( TCSP License )

APPROVAL WORKFLOW
KMS Agnostic Work
fl
ow by Quali
fi
ed Custodian with SOC2 Certi
fi
ed Operations and Specie Insurance Coverage
Con
fi
CLIENT AEGIS - QUALIFIED CUSTODIAN AEGIS - KEY MANAGEMENT
Client Initiation
• Transactions must be
initiated and authenticated
via client-end policy before
submitted to Aegis
Custom Policy Engine
• Separate roles for request
initiation and approval
• Threshold design
• Flexible approval mechanism
MPC Technology
• MPC shards safeguarded in
geographically dispersed
locations with strict access
control
KMS Agnostic Design
• Ability to endorse approved
KMS for it to be operated by
Aegis’ existing, insured and
regulated custody work
fl
ow
Cold Storage Approval
• Hardware authenticator
stored in physical vault
• Operations comply with
insurance and regulatory
policies and procedures
Quali
fi
ed Operators
• Sta
ff
vetted by regulators in
the US and Hong Kong
• Sta
ff
with quali
fi
ed licenses
REQUEST APPROVE SIGN
Broadcast
Trigger
Initiate

PLATFORM-DRIVEN ENABLER
Beyond Custody : A Two-Directional Regulated Gateway Connecting Clients and Web3
Con
fi
REGULATED
GATEWAY
QUALITY
CLIENTS
Staking
WEB3 SERVICES
Liquid Staking
DeFi Execution & On/O
ff
Ramp
Full Suite
Custody Platform
via

ARCHITECTURE
Use cases facilitated by proprietary system architecture design
Con
fi
• MPC library by
• MPC nodes deployed in Hong Kong, US and Singapore managed
by separate individuals.
• Protocols not supported by proprietary KMS will be signed by the
3rd party KMS integrated to the system following the same
operational procedure and policy control.
• Aegis as the custodian remains control of the keys even with the
integrated 3rd party KMS.
MODULARIZED COMPONENTS
Easy to maintain, upgrade and integrate with internal and external components within a
relatively short timeframe.
ADAPTIVE & COMPATIBLE
Designed for fast, seamless integration with any external service providers without a
ff
ecting
the system logic, hence a
fl
exible architecture with less technical dependency on integrated
components.
MULTI-POINT ACCESS TO CUSTODY SERVICE
The same custody procedure can be accessed by multiple applications accommodating
di
ff
erent use cases and client types to provide
fl
exible, wide-ranging business opportunities.
Highlights
Level 1 - Custody client funds
Level 2 - Provide regulated gateways to custodian-approved products and services
Level 3 - Endorse Other KMS
• Evaluate technical risks and structure of other key management
solutions (KMS)
• Adopt and endorse approved KMS for it to be operated by Aegis’
existing, insured and regulated custody work
fl
ow.

CUSTODY PLATFORM
Aesthetically pleasing, intuitive custody platform for one-stop asset management
Con
fi
CUSTODY
Cryptocurrencies
NFTs
Fiat capabilities
COMPLIANCE
Whitelist
Policy Engine
KYC/B
KYT & AML
TRANSACTION
Deposit
Withdrawal
On-Chain Record
STAKING
Direct Delegation
DeFi Staking
Liquid Staking
EXECUTION
Fiat to Crypto
Crypto to Fiat
Crypto Swapping
YIELD
DeFi Protocols
Yield Products
Trusts & Funds
✓ POLICY-ENFORCED WORKFLOW
✓ INSTITUTIONAL-GRADE SECURITY
✓ MPC PRIVATE KEY MANAGEMENT
✓ INTUITIVE ASSET MANAGEMENT
✓ MULTI-DEVICE ACCESSIBILITY

HIGHLIGHTS
One-stop solution for asset management facilitated by custodian
Con
fi
HIGHLY ADAPTIVE
• Rapid support of new blockchain network
• Designed for fast integration
MODULARIZED FOR FLEXIBILITY
• Architecture with modularized components
• Minimized dependency of service providers
STANDARDIZED WORKFLOWS
• Access through platform and/or API
• Enhanced user experience via intuitive work
fl
ows
HARDWARE AUTHENTICATION
• Security enhancement
• Operational control
CUSTODY & INSURANCE
• Licensed in the US and Hong Kong
• Specie insurance coverage
KEY MANAGEMENT SOLUTION (KMS)
• Proprietary MPC KMS
• Multi-approval mechanism
CUSTODY AS AN INFRASTRUCTURE
• API connectivity & accessibility
• B2B2C business models facilitation
POLICY-ENFORCED CONTROL
• Custom policy on client-end by wallet
• Admin approval following audited procedure

WALLET OPENING WORKFLOW
TRANSACTIONAL WORKFLOW
POLICY ENGINE
Systematic safeguards with strictly enforced custom policy control
Con
fi
ROLE: REQUESTER
• Users with permission to initiate transactional
requests
• Con
fi
guration of max amount per transaction per
wallet required
Client Admin ( Aegis ) Key Management Solution
ROLE: APPROVER
• Users with permission to approve transactional
requests initiated by requesters
• Con
fi
guration of trigger condition required
ROLE: VIEWER
• View-only users that receive email noti
fi
cations
upon completion of transactions
TRANSACTIONAL REQUEST
GLOBAL POLICY
• Non-transactional requests such as adding new
users and creating new wallets can be initiated by
any user with a global policy requiring approval
from >50% of active users applied.
NON-TRANSACTIONAL REQUEST
ROLE: OPS OFFICER
• Aegis Ops O
ffi
cers review received requests from
clients
• Follow internal control to make approval using
auth app and hardware authenticator tool
ROLE: OPS MANAGER
• Aegis Ops Managers con
fi
rm veri
fi
ed requests
signed o
ff
from Ops O
ffi
cers
• Follow internal control to execute requests using
auth app and hardware authenticator tool
ROLE: COMPLIANCE
• Sign-o
ff
s from Compliance O
ffi
cers required only
when initiated requests exceed certain threshold
ROLE: WALLET MANAGER
• Manage wallet creation, edition and suspension
requests from clients
• Certain Aegis members who do not participate in
the transaction approval procedure
WALLET MANAGEMENT
MUST COMPLY WITH ADMIN PROCEDURE
• Only requests signed o
ff
by Ops O
ffi
cer and Ops
Manager can trigger the KMS
• Requests will be signed o
ff
by MPC cluster once
associated policy is ful
fi
lled and con
fi
rmed by KMS
ONLY FROM WALLET MANAGER
• Only requests signed o
ff
by Wallet Manager can
trigger the KMS to generate, update or archive
wallets
WALLET MANAGEMENT
ONLY FROM ACCOUNT MANAGER
• Updates of Aegis Admin users whitelisted in the
KMS must be initiated and approved by Account
Managers that do not participate in either wallet
management or transactional approval
• Aegis Admin users whitelisted in the KMS will
automatically be mapped with permissions based
on admin user role.
ADMIN MANAGEMENT
1
2
3
4
5
1 2
3

DigiQuick
con
fi
ed Custodian

TOKENIZATION
Highlight of , a custodian-managed tokenization platform for all asset types.
Con
fi

ASSET COLLATERALIZATION
How Aegis as a custodian solves common problems in asset-backed asset tokenization
Con
fi
Common problems Solutions by Aegis
• Moving physical or illiquid assets around the current
fi
nancial system is expensive
and ine
ffi
cient.
• Manual tasks, paperwork, and a variety of intermediaries make the process
cumbersome and error prone.
• Each asset type has its own rule and procedure, making it di
ffi
cult to manage.
REAL-WORLD ASSETS
• Alleviating the documentation and human resource requirements traditionally
associated with liquefying physical assets by leveraging the Ethereum blockchain
technology, making the process automated, e
ffi
cient, and cost-e
ff
ective.
• De
fi
ning the data input
fi
elds and tokenization data format to standardize the process
needed for any real world asset tokenization, making the solution asset type agnostic
with fast support of new asset type.
TOKENIZED REAL-WORLD ASSET MANAGEMENT
• NFT contains a hyperlink to its underlying asset, which the data of the uploaded
asset can be replaced without a
ff
ecting the hyperlink and it existence of the NFT
itself, causing concerns in the permanency and immutability of the tokenized asset.
• The authenticity and originality of the NFT are hard to verify, resulting in many
counterfeit NFT.
REAL-WORLD TOKENIZATION IN THE FORM OF NFT
• All data encrypted and stored in distributed IPFS network to ensure immutability and
permanency of data. Any modi
fi
cation of the submitted underlying documents will
result in change of associated IPFS link, hence making the NFT truly immutable.
• Designed for custodian-approved asset owners only to ensure credibility and quality of
underlying assets. Uniquely-designed authentication control during tokenization with
o
ffl
ine digital signatures from multiple parties leaves tracks of veri
fi
able attestation
embedded in the issued NFT.
AUTHENTICATION CONTROLLED TOKENIZATION
• With tokenized assets held under custody, the NFT becomes illiquid and inaccessible
by markets.
CUSTODY TOKENIZED ASSETS
• The carefully-designed smart contract provides
fl
exibility to issue ERC20 fungible
tokens acting as proof of ownership of the underlying NFT which is the proof of asset.
• The proof of ownership can be freely transferred and traded in the market while its
proof of asset remains in custody.
IN-CUSTODY LIQUIDITY

HIGHLIGHTS
In-custody real-world asset tokenization with standardized process, authentication control and ownership tracking
Con
fi
STANDARDIZED WORKFLOW
All asset types follow the same work
fl
ow to
achieve in-custody asset tokenization
ANY ASSET TYPES
System is asset type agnostic and designed for
fast support of new asset types
PERMANENT DATA STORAGE
Data encrypted and stored in distributed IPFS
network to ensure immutability and permanency
WIDE-RANGING USE CASES
Flexible options of ERC20, ERC721 and ERC1155
to adapt to a wide range of use cases
CUSTODY & INSURANCE
Licensed in the US and Hong Kong
Specie insurance coverage available for NFT
PROOF OF ASSET & OWNERSHIP
Carefully designed smart contracts for proof of asset
and proof of ownership through mapped NFT and FT
TRACKABLE OWNERSHIP RECORD
Frictionless ownership transfer trackable through
dashboard and veri
fi
able on-chain
AUTHENTICATION CONTROL
Authentication control embedded process through
o
ffl
ine multi-signatures veri
fi
able in resulted tokens

WORKFLOW
Standardized, authentication-controlled work
fl
ow for asset tokenization by approved-asset owner through a custodian
Con
fi
Complete KYC
& Due Diligence
1
Upload Asset’s
Underlying Documents
2
Asset Deployed as
Digital Certi
fi
cate
3
Management
via Dashboard
4
Tokenized Asset
Under Custody
5
Uploaded by user via
platform to custodian
Uploaded by user via
web-based platform
Issued by regulated
digital asset custodian
All digitized assets are
viewable on dashboard
Assets safely held in
custody
• Ensuring all tokenized
assets are from
custodian-approved
asset owners
• Automated due
diligence process
alleviates paperwork
and secures data
transmission
• Standardized input
format with custom
fi
eld for
fl
exibility
• Automated process via
platform
• Underlying documents
and information can be
encrypted if desired
while authenticity
remains provable
• Uniquely designed
authentication control
embeds immutable and
veri
fi
able digital
signatures from multiple
parties to secure
authenticity of the
issued tokens
• Asset information
stored as metadata
within the issued tokens
• Data pulled from
blockchain and
displayed on
dashboard in an easily
digestible format
• Veri
fi
able ownership
transfers are viewable
in the dashboard
• Dashboard accessible
from multiple devices
• Tokenized assets are
issued and deployed
to custody wallets
unless speci
fi
ed
• Proof of assets (NFT)
remains in custody
while trackable proof
of ownership (FT) is
liquid in the market
• All records viewable

Asset onboarding with authentication control through o
ffl
ine multi-signatures veri
fi
able in resulted tokens
Con
fi
UPLOAD ASSET
• Standardized input
fi
elds based on selected asset type with custom
fi
elds available
• Multiple token minting options for a wide range of use cases
• Document encryption available
Asset Onboarding with Authentication Control
ASSET ONBOARDING
AEGIS - CONFIRMS RECEIPT OF ASSET
• Aegis con
fi
rms the receipt of to-be-tokenized asset from the approved asset owner
• Aegis leaves a digital signature within metadata
ASSET OWNER - ACKNOWLEDGES TOKENIZATION
• Asset owner is asked to con
fi
rm the pricing and to authorize the tokenization
• Aegis is authorized to leave digital signature within metadata on behalf of the asset
owner using the key in custody generated only for this particular asset owner upon
completion of client onboarding
ADDITIONAL SIGNATURES AVAILABLE
• Unlimited numbers of digital signatures from 3rd parties available to participate in the
process to further enhance the proof of authenticity of the to-be-issued tokens
• Example: accredited appraiser for tokenize of artwork
PROOF OF ASSET ( NFT )
• ERC721 - issue 1 token only with unique metadata
• ERC1155 - issue multiple tokens with the same metadata
Token Minting Combinations
TOKEN TYPES
PROOF OF OWNERSHIP ( FT )
• 1 ERC20 - for non-fractional ownership
• Multiple ERC20 - for fractional ownership
• Issued ERC20 can be mapped and traced back to its underlying proof of asset (NFT)
ERC721 + 1 ERC20
• Proof of non fungible asset + non-fractional ownership
• Use case: trade debt, art
COMBINATIONS
ERC721 + MULTIPLE ERC20
• Proof of non fungible asset + fractional ownership
• Use case: art loan, securities
ERC1155 + MULTIPLE ERC20
• Proof of fungible asset (multiple copies) + 1:1 ownership
• Use case: art copies, mass-produced goods

MODULARIZED METADATA
Metadata structured in modules for readability and standardization
Con
fi
Each NFT contains a link to the metadata, presenting the content of the underlying asset
the token represents which was originally uploaded by the asset owner upon asset
onboarding. The link is generated via IPFS to ensure immutability and permanency.
The metadata is structured in below order:
• Timestamp of token creation
• The permanent and immutable link of the metadata (IPFS)
• Information uploaded by the original asset owner upon asset onboarding
• Supporting documents* uploaded by the original asset owner upon asset onboarding
• Digital signatures of all parties involved during the tokenization process to prove
authenticity of the asset
*Sensitive supporting documents can be encrypted by choice upon asset onboarding.
Viewer can request to view the original documents by contacting the custodian, as the
encrypted documents are also stored in custody.

Con
fi
dential information included exclusively for this deck only. 4
Product Dashboard - Asset Information
Information of each uploaded asset is viewable on the dashboard, details vary depending on the asset type.

Con
fi
Product Dashboard - Asset Type
Each type of asset has its own asset uploading interface with
fl
exibility to add supporting documents. We can
develop new asset type based on client requests.

Con
fi
Product Dashboard - Status
Client only needs to upload information of the underlying assets, and the rest is handled by the custodian.
Status of each asset can be viewed on the dashboard.
Uploaded assets being reviewed by custodian.
Rejected application is kept on the dashboard.
Client needs to con
fi
rm the action of digitization.
Cancelled application is kept on the dashboard.
Custodian handles the rest behind the scene.
One-click to view token on blockchain explorer.

Ovault
con

fi
• Smart contract driven strategies with no human intervention
• Custodian-managed design to ensure only approved participants are whitelisted and eligible
• Custodian-operated work
fl
ow to ensure all controls comply with regulatory requirements

GOVERNED BY CUSTODIAN
Many blockchain protocols rely on community governance mechanisms to shape its direction and to approve certain con
fi
gurations.
Implementation of multisig approval process ensures the transparency of permission controls and to prevent unauthorized actions a
ff
ecting
the protocols. Having a regulated custodian participated in the process enhances credibility and reassurance of the protocol, and ensures
that the user behaviour is monitored by the custodian.
Con
fi
• Most DeFi protocols are developed and managed by anonymous teams, raising
concerns of its transparency and credibility.
• Without proper control, unauthorized transactions can go through easily resulting in
loss of funds or damages.
CREDIBILITY & SECURITY CONCERNS
• Custodian participating in the approval process of a protocol indicates that
signi
fi
cant con
fi
gurations are reviewed and accepted by a regulated entity prior to its
implementation.
• Custodian participating in the control mechanism of actions such as deposit and
withdrawal can e
ff
ectively prevent suspicious attempters successfully initiating
unauthorized transactions.
CREDIBILITY & SECURITY ENHANCEMENT
• DeFi protocols are known for its permissionlessness and operation without central
authorities. This might lead to money laundering concerns given identity veri
fi
cation
is not required for ones to participate in the protocols.
• Even for protocols with high total value locked (TV) it is still challenging to gain
traction from institutions due to regulatory concerns. Institutions must access DeFi in
a way that aligns with safety, security, and operational requirements.
REGULATION & MONEY LAUNDERING CONCERNS
• Identity veri
fi
cation and know-your-business (KYB) screenings conducted by the
custodian to ensure all participants meet regulatory requirements.
• The custodian being the
REGULATED GATEWAY TO DEFI & ANI-MONEY LAUNDERING MONITOR
Common concerns Solutions by Aegis

WORKFLOW
Compliant, intuitive work
fl
ow for approved investors to interact with DeFi protocols
Con
fi
Completes KYC
& Due Diligence
1
Funds Custody
Wallet
2
Requests to
Deposit to Ovault
3
Aegis Approves
the Deposit
4
Ovault Sends
Funds To Strategy
5
Investor be approved by
Aegis and be added to
whitelist of Ovault
Investor transfers funds
from own wallet to the
custody wallet
Investor requests to
interact with Ovault using
whitelisted custody wallet
Aegis approves the
deposit request via internal
multisig procedure
Ovault sends the received
funds to a suitable strategy
Funds Back In
Custody Wallet
10
Aegis Approves
the Withdrawal
9
Requests to
Withdraw from Ovault
8
Generates Yields
Via Strategy
7
Aegis Approves
the Execution
6
Funds securely sent back
to the investor’s custody
wallet from Ovault
Aegis approves the
withdrawal request via
internal multisig procedure
Investor requests to withdraw
from Ovault to the whitelisted
custody wallet
Funds generating yields
from 3rd party DeFi protocol
via the strategy
Aegis approves the funds to
be sent to selected strategy
APPROVED & WHITELISTED PARTICIPANT CONTROLLER - DEPOSIT
CONTROLLER - EXECUTION
CONTROLLER - WITHDRAWAL

AegisRamp
con
ff
Ramping Gateway Managed by Quali
fi
ed Custodian

RAMPING GATEWAY
Highlight of , a
fi
at on/o
ff
ramping gateway designed with compliance and user-friendliness
Con
fi
• A platform operated by custodian to facilitate B2B2C business models
• Expandable with multiple underlying service and liquidity providers
• All conversions comply with regulatory requirements and are operated and monitored by custodian

When custody meets technology: Aegis Vault

Recommandé

Recommandé

Contenu connexe

Similaire à When custody meets technology: Aegis Vault

Similaire à When custody meets technology: Aegis Vault (20)

Dernier

Dernier (20)

When custody meets technology: Aegis Vault