💼
Cobo MPC Co-Managed Custody
English
EnglishChinese
English
EnglishChinese
  • Cobo MPC Co-Managed Custody
    • MPC-TSS Technology
    • Quick Start Guide
      • Cobo Custody
        • Manage Account
          • Team (Only Visible to Admins)
          • Me (Team Members)
      • TSS Node Deployment
      • MPC Wallet Management on Cobo Custody Web
    • Web User Guide
      • Add TSS Node
      • Create MPC Wallet(s)
        • Send / Receive Wallet
          • Manage Coins
          • Create and Manage Wallet Addresses
          • Export Addresses
          • View Transactions
          • Configure Risk Control Policies
          • Manage API
          • Manage API Callbacks
          • Manage Settings
        • Web3 Wallet
          • Create and Manage Wallet Addresses
          • View NFTs
          • Access DApps
            • Cobo Connect
            • MetaMask Institutional
          • View Transactions
          • Manage Coins
          • Configure Risk Control Policies
          • Manage API
          • Manage API Callbacks
          • Manage Settings
    • TSS Node User Guide
      • Network Requirements
      • Server Environment Preparation
        • SGX-Ready Server
        • Off-The-Shelf Server
        • Apple MacBook
      • TSS Node Deployment
        • TSS Node Package
        • TSS Node Initialization
        • TSS Node Startup
        • TSS Node on Cobo Custody Web & MPC Root Extended Public Key Derivation
      • TSS Node Callback
        • TSS Node Callback Mechanism
        • Callback Server Requirements
          • Callback Server Examples
        • Callback Server Configuration
        • TSS Node Configuration & Callback Server Startup
      • TSS Node Update
      • TSS Node Release Notes
      • Appendix
        • TSS Node Configuration Methods
        • TSS Node Command Lines
        • TSS Node Risk Control
    • MPC Key Share User Guide
      • MPC Key Share Management
        • Backup
        • Restore
      • Disaster Recovery
        • Soft Key Recovery
        • Hard Key Recovery
        • Third Party Key Recovery
    • Supported Tokens and Chains
Powered by GitBook
LogoLogo
On this page
  1. Cobo MPC Co-Managed Custody
  2. TSS Node User Guide
  3. Appendix

TSS Node Risk Control

TSS Node risk control is an embedded risk control mechanism. Before TSS Node callback, the risk control policies will be applied to the key generation (i.e. KeyGen), key signing (i.e. KeySign), or key recovery (i.e. KeyReshare) request. Only requests that match the risk control policies will be approved. Otherwise, the requests will be rejected. Based on your business requirements, you can decide whether to configure the TSS Node risk control policies.

TSS Node risk control can be configured using the configs/cobo-tss-node-config.yaml file. Please head to embedded_risk_control_rules and refer to the following for definition of specific configuration parameters:

embedded_risk_control_rules:
  enable: false           (whether to enable risk control; false by default)
  key_gen:                (KeyGen risk control policies)
    reject_all: false     (true: all KeyGen requests will be rejected; false: KeyGen requests will be check with following policies)
    allow_list:           (Risk control policies for KeyGen; request will be approved only if policies are matched)
      - threshold: 2      (Signature threshold for KeyGen)
        node_ids:         (Node IDs of parties allowed in KeyGen)
          - <Cobo TSS Node ID>        
          - <ThirdParty TSS Node ID>
          - <Customer TSS Node ID>
  key_sign:               (KeySign risk control policies)
    reject_all: true      (true: all KeySign requests will be rejected; false: KeySign requests will be approved)
  key_reshare:            (KeyReShare risk control policies)
    reject_all: false     (true: all KeyReShare requests will be rejected; false: KeyReShare requests will be check with following policies)
    allow_list:           (Risk control policies for KeyReShare; request will be approved only if policies are matched)
      - xpubkey: <EXTENDED_ROOT_PUBKEY>   (Root extended public key for KeyReshare)
        new_threshold: 2                  (New signature threshold for KeyReshare)
        new_node_ids:                     (Node IDs of parties allowed in KeyReshare)
          - <Cobo TSS Node ID>
          - <ThirdParty TSS Node ID>
          - <Customer TSS Node ID>

Do note that <EXTENDED_ROOT_PUBKEY>, <Cobo TSS Node ID>, <ThirdParty TSS Node ID> and <Customer TSS Node ID> must be replaced with the actual parameters. The "<>" symbol should not be included.

PreviousTSS Node Command LinesNextMPC Key Share User Guide

Last updated 2 years ago