IBM Digital Asset Haven with Offline Signing Orchestrator

Divya K Konoor, IBM Senior Technical Staff Member, IBM Confidential Computing and Digital Assets

Brian Fabec, Senior Technical Architect, IBM Confidential Computing and Digital Assets

Sandeep Batta, Lead Solutions Architect, IBM Z Systems & LinuxONE

Jean-Yves, Principal, Head of Delivery, IBM Digital Asset Infrastructure

IBM Digital Asset Haven is a comprehensive platform designed for institutional digital asset operations, providing enterprise-grade security, governance, and compliance. It can integrate a cold wallet that leverages Hardware Security Module (HSM) integration with confidential computing ensuring data protection at all stages and features a Zero Trust architecture to enforce end-to-end data integrity. IBM Digital Asset Haven supports multiple cryptographic models, including Multi-Party Computation (MPC) and HSM-Based Signing, and offers a range of features such as wallet lifecycle management, governance and policy enforcement, and settlement and transaction routing. The platform is designed to address various institutional use cases, including digital asset custody, tokenization programs, payment systems, trading operations, and settlement infrastructure, making it a trusted foundation for institutions entering the digital asset economy.

Fig.1 IBM Digital Asset Haven Wallets

Fig.1 IBM Digital Asset Haven Wallet Details

Please check out IBM Digital Asset Haven Announcement Blog and IBM Digital Asset Haven - The Enterprise-Grade Digital Assets Stack on LinuxONE for more information

Cold, Warm & Hot Signing Configurations

IBM Digital Asset Haven combines different institutional-grade signing models in a single platform - allowing clients to select and mix the right approach per asset, per use case, or per jurisdictional requirement:

Hot wallets

·         Online signing via MPC/HSM

·         Useful for high-frequency payments, trading, or interacting with decentralized applications

Warm wallets

·         Signing requires partial online participants + delayed approval

·         Best for institutional/enterprise treasury operations offering increased security compared to hot wallets

·         Example: MPC shares online + key quorum that triggers via separate network segment

Cold wallets

·         Offers the highest level of security with critical components that are never connected to the internet

·         IBM supports offline HSM modules and transaction approval flow via Offline Signing Orchestrator (OSO).

·         Ideal for long-term storage or regulated custodians

The above options provided by IBM Digital Asset Haven, ensures that institutions can adapt their key management strategy across “hot”, “warm”, and “cold” operational tiers, without compromising control, recoverability, or regulatory posture.

Traditional Cold Wallet Operation

Traditional Cold Wallet operations involve “manual transport” between online and offline systems, usually through a “bridge-device”, such as a USB device or laptop. A pending transaction is loaded on to the bridge-device on the “Hot / Online” systems, by the digital custody provider. An authorized person will have to disconnect the bridge-device from the “hot” side, take it physically into the “offline / cold-storage / protected” area and attach it to the cold-wallet servers. Once the transaction is signed / recorded in the cold-wallet, the authorized person will have to disconnect the bridge-device from the backend, walk it back to the unsecure area and connect it to the frontend where the blockchain will record the transaction.

Fig.3 Traditional Cold Wallet Operations

IBM Offline Signing Orchestrator (OSO) and Cold Wallet Solution

IBM Offline Signing Orchestrator (OSO) is a technology from IBM to help deploy cold storage solutions for digital assets. OSO is designed to address limitations of current cold storage offerings for digital assets, including the need for people to perform manual procedures for the execution of a cold storage transaction. It helps protect high-value transactions by offering additional security layers including disconnected network operations, time-based security and electronic transaction approval by multiple stakeholders.

OSO provides a policy engine that brokers communication between two different applications that have been designed not to communicate directly with each other for security purposes, providing an efficient and securable solution to facilitate digital asset transactions.

Fig.4 Cold Wallet Transactions with OSO

OSO uses three isolated partitions on LinuxONE that communicate through secure channels without direct internet connectivity—providing the security of air-gapped cold storage with the operational efficiency of automated policy-driven signing.

IBM Offline Signing Orchestrator (OSO) replaces this manual process to enable on demand scaling, with administrative oversight and auditability, by deploying “confidential computing” and hardware enforced isolation technologies on IBM Z and LinuxONE, as shown below:

Hardware Enforced Isolation on IBM Z and LinuxONE is unique to the platform through a “type-1” implementation of the hypervisor, also dubbed as PR/SM, which runs directly on the physical hardware

·         Memory Encryption: a standard feature starting from IBM Z16 / LinuxONE 4, protects the memory against physical attacks

·         IBM Secure Execution for Linux (SEL): creates a Trusted Execution Environment (TEE) that isolates virtual servers from the host OS, hypervisor, and other workloads, allowing only authorized code to run in a secured CPU-level enclave.

·         HiperSockets: provides high-speed communication between LPARs on the same physical machine (CEC)

·         Hardware Security Module (HSM): a FIPS compliant capability that supports industry standard cryptographic algorithms that are required to sign digital asset transactions

IBM Digital Asset Haven with OSO

For cold wallet requirements, IBM Digital Asset Haven integrates with the IBM Offline Signing Orchestrator—enabling automated cold storage operations through a policy-based system that creates a digital air gap between online and offline signing environments. This feature addresses regulatory requirements in an increasing number of jurisdictions that mandate cold storage for digital asset custody.

Once OSO is installed and configured, the IBM Digital Asset Haven OSO plugins—integrating both the HSM and the IBM Digital Asset Haven platform—can be initialized. With this integration, all cold wallet transactions (e.g., wallet creation, asset transfers) initiated from IBM Digital Asset Haven pass through the Offline Signing Orchestrator cold-storage solution, where a multi-party approval mechanism is enforced. Transactions are also securely held within the offline OSO vault during configurable time periods, functioning like a digital safety box.

Fig.5 IBM Digital Asset Haven with OSO 

Conclusion: Next Generation Digital Asset with Cold Wallet Architecture

IBM Offline Signing Orchestrator stands out as a truly unique cold-wallet solution, purpose-built to resolve the operational pain points that banks and custodians face today. Beyond simplifying cold-wallet workflows, it provides the advanced security controls required by regulators and delivers strong protection against internal threats, making it an ideal choice for secure, compliant, global deployments.

Its seamless integration with IBM Digital Asset Haven enables institutions to launch robust, enterprise-grade digital-asset platforms.

Learn More

•        IBM Digital Asset Haven: www.ibm.com/products/digital-asset-haven

•        IBM Digital Asset Platform: https://www.ibm.com/solutions/digital-assets

•        IBM Digital Asset Haven Product Documentation: https://www.ibm.com/docs/en/daw

•        IBM Offline Signing Orchestrator: https://www.ibm.com/docs/en/hpdaoso/1.4.0?topic=getting-started-hyper-protect-offline-signing-orchestrator

•        IBM Hyper Protect Platform: www.ibm.com/products/hyper-protect

•        IBM LinuxONE: https://www.ibm.com/products/linuxone-5