Data security today is a more serious and widespread issue than ever before, due to the highly dispersed nature of the workforce, the enormous range of connected devices, and the sophistication of hackers.
The growth of the blockchain and cryptocurrency has added another dimension to this complex mix, as millions of individual users worldwide have become casual investors in cryptocurrency coins and tokens. Each of these users must manage their accounts securely, or risk losing those investments. Likewise, the investment firms themselves are at risk, as demonstrated by a $500 million Japanese cryptocurrency heist earlier this year.
For these reasons, we need innovative thinking and advanced strategies that enable people and institutions to connect and interact securely.
Goldilock, a blockchain-based developer group, set out to identify and solve these issues. Described on their website as a team that “has decades of combined entrepreneurial experience in financial services, emerging technology and marketing,” Goldilock filed the patent for their unique technology in 2017. They recently released a cryptocurrency wallet and launched the sale of LOCK tokens, which are required for access to the wallet.
And they are getting noticed, with press coverage by magazines such as Forbes, Entrepreneur, and WIRED, as well as major news outlets such as CNBC.
About the Goldilock security solution
The Goldilock story begins with “what if’s.”
What if…
- You manage a team of remote employees who use multiple channels of communication, all of which can be hacked, placing your company’s data integrity at risk?
- You are involved in any of the many blockchain-based projects that require you to use one or more keys to manage and access your account, but you don’t have a reliable way to secure those passwords?
- You trade cryptocurrencies over the Internet, and rightfully fear that your account information can be hacked while you are performing transactions?
- You are responsible for the storage of your financial institution’s sensitive digital assets, and you find that a hacker has found a backdoor to your network, resulting in a major data breach?
The threats are very real. The very connectivity that makes it possible to access information and perform transactions anywhere, from any device, at any time, puts that information at risk.
Security conscious organizations today use a combination of “hot storage” (readily accessible secure data storage) and “cold storage” (data storage that can take days to access) in an attempt to thwart hacking and data theft. But these too are vulnerable, as they can either be breached programmatically or physically.
To address these security issues, the Goldilock team determined that the ultimate solution must enable the right access to data, at the right time, and only at that time. The following three premises governed the development of their security system:
- Users must be able to access their private security keys and data very quickly, whenever needed.
- Security keys and other personal data must not be subject to human contact or human error; for this reason it must be sequestered and backed up fully, for both security and recovery.
- Users must be able to access their personal data and private security keys very quickly, whenever needed.
How Goldilock works
As you would expect, Goldilock is not just one thing. It is a suite of tools built on a set of modern best practices, including two-factor authentication and redundant, encrypted data backup. But the key differentiator is a unique key custody methodology that creates an “airgap” disconnection from electronic networks. In other words, user data is not accessible from the Internet.
There are three basic steps:
- Goldilock stores the digital wallet offline.
- As needed, the user activates the wallet with a non-IP mechanism, which makes it accessible via the Internet.
- This enables the user to access the wallet securely over an encrypted connection with a dedicated URL and credentials. Then the physical airlock environment is redeployed.
In a call for articles on the Steemit platform, they described the process as follows:
Wallet will launch in the user’s browser. When the user is granted access, the Wallet will write audit information to our own Private Audit Blockchain. These audit entries will ensure that every time your private key is brought online, this access is written to immutable storage that can be queried from the Goldilock Wallet.
Applications for Goldilock technology
Though the idea for their concept was generated as a way to secure private keys and electronic wallets for the millions of worldwide cryptocurrency users, the technology actually has a much broader application. Financial institutions, for example, can provide secure custodial services for users as well as secure transaction management. Like the personal use case, the institution’s security layer is connected only for the duration needed to interact with the data.
New security regulations will also expand the applications for this technology. As stated in the Goldilock white paper, “the European Union’s General Data Protection Regulation (GDPR) threatens fines of over €20 million for failure to protect consumer data. GDPR represents a massive opportunity for Goldilock, as many technology providers do not have a solution to sufficiently protect consumer data.”
In a connected and technologically sophisticated world, everyone with Internet access is vulnerable. It’s time for a truly bullet-proof solution that outsmarts hackers and gives us the peace of mind that our data and hard earned money are secure.
Goldilock's answer to data security: https://t.co/N3soIVawwB @GoldilockSecure #Goldilock
— jaynalocke (@jaynalocke) August 8, 2018
goldilocktwitter, goldilock2018