USPX tokens are being offered on Orderbook, a decentralized trading platform of a new generation. The most important difference from a security perspective is that Orderbook team never has control over customers’ assets, unlike most of the existing custodial exchanges. This lays well in-line with the latest statement published by two leading U.S. regulators: the Securities and Exchange Commission (SEC) and Financial Industry Regulatory Authority (FINRA). Non-custody is achieved by using smart contracts on Ethereum blockchain that hold assets and process the transactions. Orderbook is developed by Ambisafe as a part of our core mission — making financial markets universally accessible.
The security of our clients’ data is our priority. Ambisafe and Orderbook take numerous physical, technical and organizational measures needed to safeguard our clients’ data. We are using all reasonable efforts to protect our clients’ information in a highly secure data center, adhering to strict computer security standards. We have enforced internal Information Technology Cyber Security Policy designed to ensure that our customers’ information remains safe, secure and private.
User passwords are never created, transmitted, or stored by Orderbook, as the password only leaves user’s browser after being hashed by a strong algorithm (SHA-3).
Private key management
All transactions are signed client-side, private keys never leave the browser in an unencrypted form. Orderbook uses a strong encryption algorithm to encrypt private keys before storage. The encryption key is derived from user’s password using PBKDF function.
Secure browser connections
HTTPS provides a secure internet connection between the Orderbook application and a user’s local computer. This secure connection provides a bidirectional encryption of communications.
Orderbook is built and hosted exclusively on the Google Cloud Platform (GCP) platform. Thus, the physical securities of Orderbook are equivalent to that of Google Cloud Platform, which Google uses to run its own services as well. For more information regarding Google Cloud Platform Security, please view Google’s own Security and Privacy Documentation: https://cloud.google.com/security/
Orderbook tracks performance, errors, and uptime of the production systems using externally hosted commercial vendors and internally hosted open-source software. The production instance of the application runs on Google Cloud Platform for high availability, and critical data is backed up for recovery in the case of unexpected failures.
Database backups are performed daily and stored in two geographically distributed data centers.
New system components pass internal code reviews to evaluate architecture and security. These focus primarily on how to prevent financial losses of users upon successful hacker attack. Proper encryption and key handling mechanisms are included to ensure that the fundamentals of good security are in place.
QA testing is performed before every release, both in an automated and manual fashion. To guarantee extensive coverage tests are based on checklists and focus on key components based on the risk analysis performed in the requirements phase.
Secure methods of deployment that use full automation, encrypted network connections, logging, and monitoring ensure that code is deployed with appropriate evidentiary support for forensics and incident response. All deployments are logged and tested to confirm that the changes deployed match the expected changes.
People, organization and management
Ambisafe has a documented company structure. Each potential Ambisafe employee passes an established onboarding workflow which includes security checks against public governmental records, getting references from previous employers and signing all required legal documents. Ambisafe has a dedicated team and does not use freelance contractors for engineering, management or support roles.
Ambisafe uses certified industry standard commercial providers to provide a secure and controlled work environment. Company timely communicates its policies, processes, procedures, commitments, and requirements to employees using established channels. Email, communication, blogging and social media activities are regulated by internal security policies.
Monitoring of controls
Only approved services are used to store, upload, convert, share or work with company data. Ambisafe uses certified industry standard commercial providers to provide a secure and controlled work environment. Checklist procedures for employee offboarding process are defined to include proper and timely access termination to all Ambisafe and Orderbook systems.
Ambisafe uses commercial SaaS Operations Management (SOM) system to automate the operational admin and security tasks that are required to keep the employees’ activity in SaaS applications within defined Information Technology Cyber Security Policy.
C-level meetings are held regularly to ensure the operating effectiveness of the controls, directors and lead employees, and take action to address deficiencies identified.
Ambisafe uses automated software processes to launch, provision, deploy and update all versions of the Orderbook systems. DevOps engineers do not have direct access (such as SSH, Telnet or terminal) to these systems and do not perform any manual command line configuration.
Orderbook identifies the need for changes to the system through a dedicated Product Owner, makes the changes following a defined change management process, which follows best practices of software development and uses commercial bug tracking, issue tracking, and project management systems. To prevent unauthorized code changes a version control system is used. The deployment process is fully automated and does not allow manual access to production servers.
The system is available for operation and use as committed in Orderbook Terms of Service.
Order processing by Orderbook is complete, valid, accurate, timely, and authorized. All these properties are guaranteed by the nature of smart contracts running on an Ethereum blockchain.