MANX Security Architecture

— — Dr. Yang Tang

The MANX security architecture is an area where MANX is leveraging and extending leading concepts from the international financial security field. This paper describes our overall security architecture.


Overall Security Architecture

The MANX security architecture leverages a financial-grade, smart and proactive blockchain security system to provide intelligent, one-stop, open-share and on-demand security services, including:

· Secure fund transactions, customer information

· Balance transaction security and customer experience

· Source level, full lifecycle protection

Introduction

MANX has considered security protection throughout the entire software lifecycle (product requirements, development, testing and operation) to create a secure and trusted blockchain application infrastructure. The security protection system covers the whole process of project development: business security, technical security, detection, monitoring and emergency response. MANX considers security design across different dimensions and platforms.

Figure 1: MANX Security Protection System

Infrastructure Security

Pluggable

The pluggable encryption/decryption module of MANX enables seamless switching between international encryption standards (AES) and national standard cryptosystems (SM4). The signature and verification module supports the elliptic curve ECC, the national standard SM2 signature algorithm and the verification algorithm. The underlying blockchain protocol supports transaction packaging, sending and verification of existing common public-chain platforms.

In MANX security design, the security service adopts a pluggable and loosely-coupled deployment approach. The node integrates general and standardized security agent plug-ins. All security services (such as encryption algorithm selection and transaction fraud identification) are loaded through the security agent plug-in so that security services can be selected and combined in a flexible way. This design solves the pain point in traditional application security architectures where the close coupling of security service and system results in security strategy curing.

In the future, MANX-based business application systems will integrate general and standard security agent plug-ins. Upgrades of security services will not affect business systems. Through the security policy management center, the security service can respond rapidly and flexibly to risks. As a result, the security service can meet different security requirements for different scenarios.

Dual Authentication + Multi-mode Control

MANX uses an advanced two-factor authentication mechanism: password + biometrics to improve system security. The system uses multiple defense techniques to strengthen biometric identification reliability and enhance account authentication security. MANX also supports a variety of biometric identification technologies, such as fingerprint, voiceprint, face, iris.

Figure 2: MANX Multiple Authentication and Upgrade Mechanism

As shown in Figure 2, multi-mode control can select the most appropriate security control method in real time choosing various control strategies to make the system’s performance meet user experience and security requirements.

Application Security

During the application deployment process, MANX takes both security and customer experience into account. The security system includes multi-channel, cross-domain data to analyze security status risks with big data technologies and to intelligently identify unknown risks. MANX will realize intelligent risk prevention and control through rapid and flexible risk control strategy adjustment, risk model self-adaptation and unknown risk prediction ability.

Smart Authentication

Using biometric authentication technology, MANX adopts intelligent security authentication methods that incorporate environmental factors and the transaction habits of mobile nodes into the authentication analysis. Security rules and security levels are intelligently generated based on context information, transaction amounts and experience to create effective security verification methods for users. The system implements a regular upgrade of the security model through self-learning and intelligent optimization techniques to adapt to external attacks and changing fraud prevention requirements.

Security Monitoring

During the operation of MANX-based dAPPs, the system collects and analyzes the mobile operating environment, system root, system crashes, abnormal operations, counterfeit applications, environmental threats, etc., to help security policy centers judge security rules and levels.

In addition, the security threat awareness system can automatically learn rules by clustering and classifying application access data to baseline expected user behavior to help customers identify environmental security risks, ongoing APP attacks and to trace malicious transactions.

Application Security Components

MANX also provides security components that can be called by users, including client-auth components, small and micro enterprise user-auth components, cryptographic service components, data security components, security monitoring components and infrastructure security components.

Privacy Protection

Data Governance

Privacy protection is a key area that MANX focuses on. The European Union’s “General Data Protection Regulations” (“GDPR”) came into effect on May 25, 2018. Any organization that collects, transmits, retains or processes personal information from EU member states is subject to this regulation. For example, even if a company does not belong to an EU member state (including free services), it is governed by GDPR as long as one of the following conditions is met: (1) the company collects and processes information to provide goods and services to identifiable natural persons in the European Union. (2) the company collects and processes information to monitor identifiable natural persons in the European Union. Violation of GDPR can result in serious legal consequences, up to 20 million Euros or 4% of the company’s total global annual business turnover in the previous financial year (whichever is higher).

For this reason, the MANX team has carried out in-depth research and analysis of IT privacy protection regulations and standards in 18 countries and regions. The privacy protection compliance review will be incorporated into the development process.

Figure 3: IT Regulation Requirement
Technical Implementation

MANX provides security in blockchain transactions, transmission and storage through homomorphic encryption, post-quantum encryption and other methods.

Please join our telegram group t.me/macrochain, get informed, get engaged, get invited, and get whitelisted!