Modulus Key Carrier
Cryptographic approval infrastructure for regulated operations.
One tap, durable proof
Modulus Key Carrier turns the Apple devices employees already carry into cryptographic signing devices for sensitive approvals across banking, exchanges, payments, treasury, healthcare, insurance, fintech, and regulated enterprise operations.
A user reviews an exact action, approves it with one tap, and Key Carrier produces a tamper-evident receipt that can be independently verified without relying on a vendor-controlled approval log. The result is a faster approval experience for the user and a stronger evidence layer for compliance, audit, security, legal review, and internal control testing.
Key Carrier is built for organizations where sensitive actions require durable proof that a real accountable person approved a specific action under defined conditions.

The approval problem has changed
Regulated organizations already understand the need for strong authorization, cryptographic controls, access governance, and defensible records. The challenge is that the controls often create operational friction across every working day.
Hardware tokens create inventory, replacement, support, and exception-management burdens. Callback verification has become less reliable as AI voice cloning, social engineering, SIM swaps, compromised accounts, and insider risk continue to advance. Traditional approval logs can be useful for workflow tracking, although they still depend on the integrity of the system that recorded them.
Key Carrier modernizes the approval layer by turning sign-off into a cryptographic act performed on the user's own device. The organization receives a verifiable receipt as part of the normal workflow, rather than assembling evidence later from screenshots, logs, emails, calls, and administrative records.
One approval creates the evidence
With Key Carrier, the approver signs the exact action on the Apple device already in their possession. The signed payload can include the amount, destination, account, counterparty, policy exception, release approval, treatment workflow, administrative change, timestamp, workflow context, and any other fields required by the organization.
The private key is generated and protected on the user's device, while Modulus never holds the private key or signs on the user's behalf. Each approval creates a cryptographic receipt that can prove the holder of the corresponding key authorized the specific payload presented at the time of approval.
This gives organizations a practical way to connect human accountability, workflow authorization, and cryptographic proof without adding a separate hardware-token estate.
Cryptography reviewers recognize
Key Carrier is built on patent-pending cryptographic foundations that enterprise security teams already understand. The signing workflow uses NIST P-256 ECDSA, with keys generated and protected through Apple Secure Enclave backed storage.
That approach helps security, audit, compliance, and risk teams evaluate the system using familiar concepts such as hardware-backed keys, elliptic-curve signatures, signed payloads, key provenance, and independent receipt verification.
Key Carrier should be reviewed as the application and workflow layer built on these foundations. The value is not a vague claim of trust. The value is a clear mechanism that shows what was signed, where the key resides, how the receipt was created, and how the approval can be independently verified.
Evidence beyond the application
A standard approval log records what an application says happened. A Key Carrier receipt provides cryptographic evidence tied to the exact action that was approved.
The receipt can show that a specific key approved a specific payload at a specific time, with the signed data preserved for later verification. Because Modulus never holds the private key, Modulus cannot create the user's signature, rewrite the receipt, or manufacture an approval after the fact.
That distinction matters in audits, disputes, insurance reviews, fraud investigations, internal control testing, and regulatory examinations. The evidence survives beyond the application screen because the proof is in the signature and the signed payload.
Human sign-off for AI workflows
Financial institutions, exchanges, healthcare organizations, and regulated enterprises are beginning to let AI agents prepare actions, route workflows, summarize exceptions, draft approvals, monitor systems, and operate inside environments that touch money, accounts, customer data, patient data, financial records, and regulated processes.
Key Carrier provides the human sign-off gate for that environment. An AI agent may prepare the action, but a real accountable person signs the final authorization, and the resulting receipt proves what was approved, when it happened, and which cryptographic key authorized it.
As AI workflows expand, regulated organizations will need approval controls that are fast enough for automation and strong enough for audit. Key Carrier is designed for that control point.
A cleaner path toward quantum readiness
Quantum computing adds urgency to cryptographic control design because current elliptic-curve signatures, including P-256, are expected to require migration when cryptographically relevant quantum computers become practical. Key Carrier should therefore be understood as a crypto-agile approval architecture rather than a claim that today's elliptic-curve signatures are post-quantum resistant.
The product creates a defined cryptographic approval layer with explicit signed payloads, verifiable receipts, algorithm identifiers, key provenance, and receipt structures that can support future migration planning. As enterprise standards, device support, procurement requirements, and post-quantum signing methods mature, organizations gain a cleaner approval architecture to evolve rather than another unmanaged approval process buried inside application logs.
For banks, exchanges, healthcare systems, insurers, and regulated enterprises preparing cryptographic inventories and post-quantum roadmaps, Key Carrier can become part of a disciplined control strategy.
Sign-off without custody
Key Carrier captures approval while leaving money movement, asset custody, transfer initiation, and payment execution inside the systems the organization already uses.
This distinction matters for banks, brokerages, exchanges, payment companies, healthcare systems, and enterprise treasury teams because the product strengthens authorization without making Modulus a payment processor, custodian, money transmitter, or banking dependency.
Key Carrier can sit beside existing treasury, core banking, brokerage, payment, settlement, healthcare, compliance, and internal workflow systems as a cryptographic sign-off control.
Designed for regulated workflows
Key Carrier is built for workflows where the action is too important for a normal click, too frequent for heavy manual controls, and too sensitive to rely only on a mutable approval record.
Use cases can include wire approvals, treasury sign-offs, payment exceptions, vendor changes, trading operations, release approvals, privileged administrative changes, compliance attestations, healthcare authorizations, patient-data workflow approvals, model-risk approvals, settlement approvals, risk overrides, and AI-agent escalation workflows.
The common requirement is accountability. A person signs a defined action, the receipt proves what was signed, and the organization retains durable evidence without adding hardware-token complexity.
Enterprise adoption model
Key Carrier reduces operational drag because it works through devices people already carry. Organizations can deploy it through governed workspaces, approved users, defined workflows, receipt retention policies, independent verification tools, security review, and integration with existing enterprise systems.
Commercial models can be subscription based, workspace based, or integrated into cyber-insurance programs as a premium-discount control, similar to how insurers encourage MFA and other risk-reduction controls. Key Carrier is never priced as a percentage of funds and never as a per-transaction take rate.
What our clients say
Shawn Lucas
Apiary Fund
Praneil Ladwa
Questrade
Mark Schuler
Trade Navigator
Mark Ly
Investopedia
Josh Davidson
FX Internals
Reserved for your
success story.
Why Key Carrier
Regulated organizations need approvals that are fast for users, strong for security, and defensible for audit. Key Carrier delivers that combination by pairing a simple approval experience with cryptographic evidence that can be verified independently.
The user signs with one tap. The organization receives a tamper-evident receipt. The private key remains protected on the user's device. Verification works without relying on Modulus as the source of truth.
For exchanges, banks, brokerages, funds, healthcare organizations, payment companies, insurers, fintech platforms, and regulated enterprises, Key Carrier turns sign-off into a durable control for modern operations.
Secure your organization.
Learn how Modulus Key Carrier signs an exact action, creates a tamper-evident receipt, and verifies that receipt independently without relying on a vendor-controlled approval log.