Recently, CipherBC has launched CipherBC Flexify — the MPC wallet tailored for business. With its vision to better serve all sizes of businesses and the popularization of MPC technology, they further launched a unique protocal called RAFP (Role-Based Approval Flow Protocol). Joe, as our Head of Strategy, Product & Business Advisor shared his story on the birth of RAFP and the vision of how CipherBC will continue providing top notch secure wallet products in the future.
Balancing Between Premium Security and Easy to Use: the Origin of RAFP
In the field of cryptocurrency, financial security is the top priority, although the blockchain technology has achieved impeccable security, but it does not mean that the blockchain-based digital assets are safe. There are two major risk factors, one is the attack of external hackers, and the other is internal misconduct. MPC technology can effectively stop external attacks, but it can’t solve the problem of internal mischief. With RAFP, managers don’t need to rely on the loyalty of employees, and can even assume that all are malicious, though RAFP set a complete workflow approval rules, and can completely prevent the loss of assets caused by internal mischief. RAFP and MPC are the two main pillars of CipherBC wallet.
“The idea of RAFP was inspired by my previous working experience at Thomson Reuters, where as an IT Consultant I had to serve the different clients with different requirements. The system we developed at that time was amazing in that it didn’t require any modification of the source code to create different user interfaces as well as business logic, and was able to quickly serve dozens of clients at the same time with different requirements.” -Joe shared the inspiration of the secure design.
RAFP, or Role-Based Approval Flow Protocol, is a solution developed by CipherBC to address challenges in approval processes.“What can be easily operated and also secure?” When Joe was designing CipherBC Flexify with the engineers, Joe came across to himself. He found that usually workflow rule setting is a complex and important task, especially for financial organizations, where mistakes can be costly.
However, various errors often occur in practice. For example, rule setting errors, when setting up rules, certain important aspects may be missed or set up in an incorrect way, which may lead to procedural behavior not in line with expectations. There are also rule conflicts, where there may be certain conflicts between the rules set up, resulting in the rules not being executed properly. Also, due to the complexity of the workflow engine, the quality assurance team cannot cover all the logical branches, thus the bugs may affect the execution of workflow rules.
“Therefore, we spent a lot of effort on the workflow approval rule engine, to create an easy-to-use system, to empower Admin to configure logical and clear rules, to avoid modifying the existing complex rules when the approvers or their responsibility change to avoid the occurrence of errors.” According to Joe’s experience. RAFP is a structured process where approval decisions are made based on predefined roles within an organization rather than specific individuals.
How RAFP Plays Its Crucial Role in CipherBC Flexify
RAFP clearly defines the responsibilities and permissions of each role involved in the approval process. For approval, each transaction can be assigned to different groups, such as HR, finance, and testing. With CipherBC Flexify’s mobile version, each role receives notifications, enabling prompt review and approval of assigned tasks. This clarity eliminates confusion and unnecessary delays, improving approval process efficiency. Here’s how you can utilize RAFP in CipherBC Flexify.
Role Definition Each role in the organization (e.g., manager, department head, executive) is assigned certain approval responsibilities based on their position and authority level.
Dynamic Configuration For each role, he/she can see the approval information is also configured dynamically, for example, financial review and financial final review although they are in the same approval flow, but the data they see can be different. And administrators can dynamically modify the information access rights of each approver at any time according to changes in business or the approver’s responsibilities, so that the Admin can make changes on the fly without modifying the approval process to meet business needs.
Approval Routing When a request for approval is initiated, it is routed automatically to the person occupying the relevant role. For example, an expense report might be routed to the immediate manager for approval.
RAFP is like a Swiss army knife, in the case of not changing the underlying system code, very flexible to meet the workflow rule setter (rule maker) configuration needs, can be very convenient to design a clear logic, concise and not easy to error approval flow rules.
RAFP Outplays As the Game Changer In the Industry
Traditional approval processes often rely on specific individuals, causing disruptions if they are unavailable. RAFP ensures that approval decisions are based on roles rather than particular individuals, providing flexibility and continuity. Even with personnel changes or departures, the approval process can proceed smoothly as new individuals assume the corresponding approval responsibilities.
That being said, CipherBC has a highly cohesive, low-coupling hierarchical structure. When users set up rules, they only need to focus on the top-level design and set up rules directly with a Top-Down approach without considering the details of each role. In this way, the rules will be very concise and clear, and will not be prone to logic conflict errors. When the top framework is set up, you can configure the details of the lower level, and the configuration of the lower level will not affect the setting of the rules of the upper level.
This is similar to Lego building blocks to do rule configuration, there are any new changes in business requirements or changes in personnel and responsibilities, there is no need for software engineers to intervene to modify the underlying source code. A concise and clear approval flow rules can avoid the evil of internal staff, coupled with the MPC anti-external hacking technology, are the two major security cornerstones of CipherBC.
RAFP adds a layer of protection by ensuring that only authorized roles are involved in sensitive operations and approval processes. Furthermore, critical and sensitive data and computational methods are placed in a Trusted Execution Environment (TEE), making it impossible for hackers to tamper with the information within the TEE, even if they breach the operating system.
Looking Forward: The Future of CipherBC Product Outlooks
“Inventing the RAFP feature in the CipherBC Flexify MPC Wallet is only the first step.Our top priority is to optimize our product to be the strongest and most powerful to all sizes of businesses as we are improving the user interface and functionalities.” — Joe, the head of strategy mentioned. Also, Joe revealed that CipherBC was currently building up its own thorough security measures by upgrading the cold storage wallet.
As a top-tier expert in asset management, CipherBC is also dedicated to expanding the functionalities comprehensively to fully support Decentralized Finance (DeFi) features such as pledging and lending services in its products. Ensuring compliance with regulations and obtaining appropriate licenses in various countries is always a key priority.
Within 5 years, CipherBC aims to maintain its leading position in the global market while expanding its international presence in both established and emerging markets to cultivate a diverse global user base. Also, it is committed to fostering an integrated ecosystem by collaborating with fintech entities, merchants, and developers to propel the widespread adoption of Multi-Party Computation (MPC) technology.
Moreover, CipherBC poised to venture into offering a comprehensive array of financial services, including loans, insurance, and investment products, with the goal of evolving into a professional crypto asset custodian. By continuously investing in cutting-edge MPC technology and sustaining technological leadership, CipherBC is dedicated to driving innovation in its products and services to ensure enduring competitiveness and relevance in the ever-evolving financial landscape.