Skip to content

Architecture

The DINAMO Super Cloud architecture implements a distributed system designed to provide high-performance, scalable cryptographic services via a set of REST APIs. The computing behind these services is leveraged by HSMs manufactured by DINAMO, which ensures greater control over the cryptographic operations circuit and certifies that they follow ICP Brasil standards.

With a view to serving customers who have a private HSM DINAMO , the architecture allows these devices to be linked to the platform, enabling functionalities and extending management capabilities. For more details, see the HSM LAN topic.

Telemetry

The scheme for observing the operations carried out on the platform is based on analyzing the telemetry from the HSMs used internally. This scheme allows us to detail the consumption made by users, as well as extract statistical data on the use of APIs.

Master Key

The encryption architecture of DINAMO Super Cloud has been designed to ensure that the cryptographic data of an account will only be usable by those who receive the owner's permission. To this end, the Master Key security-dependent access scheme of the machines that operate the keys was introduced, i.e. a strong cryptographic key generated by the DINAMO HSMs and entrusted only to the account owner.

The Master Key serves the purpose of being part of the authentication in encryption operations that require high security and is also used to encrypt objects that require security and are linked to the account. It is not possible to use any encrypted material stored in the Cloud without its operation by the same set of devices that have had their context initialized by the m x n sequence of smart cards. This feature, combined with strong user authentication, provides the highest security for the operation of algorithms and products related to cryptography.

See the topic Critical area for details of the operation.

API token

To enable collaboration between accounts and minimize the chances of the master token being lost or leaked, we have adopted a key derivation protocol that allows new tokens to be generated from the master token: API tokens. These tokens must be used to operate the APIs, thus reserving the use of the master token only for generating other API tokens.

API tokens also allow controlled sharing of resources and functionalities. This makes it easier for a development team to manage access to resources.