We are having good success with the deployment of GoldKey Secure Web. The need for a very secure way to protect access to key websites is expanding daily. As more and more important functions and transactions are accomplished online, the number of websites being compromised is a serious industry problem in need of urgent resolution. The problem is not just limited to unfriendly parties getting into a website. There are also the problems associated with users being misdirected to a counterfeit site where they might unknowingly divulge sensitive information.
The idea of using security tokens to protect remote login has been around a long time, and has limited acceptance. Upfront, this approach has the challenge of getting tokens distributed and users properly registered. In addition, the idea that a user would carry around multiple tokens to access multiple sites is just not practical and is cost-prohibitive. Furthermore, many of the token solutions that have hit the market have proven to be vulnerable to the various types of security attacks. At the same time, customer support costs have skyrocketed as users have lost their tokens or forgotten their PINs.
The GoldKey entry into this market began over ten years ago, and was careful and methodical. We started with the preconceived notion that something needs to happen, and when all of the elements are put together just right, the opportunity exists not only for a major deployment, but also for and the emergence of a de facto security standard. To make all of this a reality, a solution is needed that combines military-grade security with the elements of easy deployment, user self-help, universal usage of a single device, and some sort of a history tracking system that would establish credibility with long-term usage similar to the rating system of sellers on eBay.
Now that a significant volume of users are beginning to depend on the system, we are becoming confident that GoldKey Secure Web is a winning proposition. We are finding less and less new-product resistance from users as they begin to realize that the single GoldKey token can secure their local computer, protect and encrypt their files in the cloud, while also providing secure login to their favorite “GoldKey Ready” websites. A common scenario is that a user will initially obtain a GoldKey token to provide access to a specific website which requires a GoldKey login. From there, usage grows.
Websites wishing to add GoldKey Secure Web are easily able to do so by deploying a rack-mounted GoldKey Secure Portal to their datacenter. By adding a few lines of code to their web servers’ login sequence, they are able to immediately begin taking advantage of the enhanced two or three-factor authentication protection of the system. To distribute the authentication and access privileges required by GoldKey to the website’s users, various options are available, due to the fact that GoldKey tokens are hardware Managed by Master and Grand Master tokens.
Among these options are onsite administration, such as requiring a customer to show up at a branch with proper photo ID and a GoldKey token; sending out email links; or even allowing existing customers to log in with their existing user name and password, then adding the GoldKey token authentication to secure the account once they are logged in. The good news is with GoldKey it does not matter. Each organization can choose just how rigorous a process is appropriate for the nature of the access being protected.
GoldKey security was specifically designed so one token would provide all of the security needs for a user. This is a mandatory feature for any solution having even a modest chance for widespread deployment. Using the GoldKey core technology (patents pending), it is possible for a user with just one token to securely log in to millions of unrelated sites, each with a separate and unique credential. To my knowledge, this important capability is currently only available through GoldKey.
The other part of this whole system – that has already been deployed and is now in commercial usage – is the integration of the user history aspect. Each user is issued a unique, personal GoldKey ID. Through goldkeyID.com, users are able to recover forgotten PINs, deactivate lost or stolen tokens, and even make duplicate tokens when needed. The GoldKey ID also provides subscribers with the ability to access user historical information to determine how much access will be given and to also obtain alerts issued by other subscribers to know immediately that a user ID may have been compromised.
Where does this all head? I believe that a security revolution is at hand, forced upon us by necessity, but at the same time, providing to users new features and advantages that will quickly catch on. We are soon to announce a line of GoldKey-based door locks which will allow users to gain access to secured buildings using the same GoldKey token they use to access their computer. The units we are working on also keep track of access history, catch a photo of the user, and provide an easy way to change a user’s building access privileges. We are also working on the GoldKey credit card feature. If things go the way I expect, it will not be long before you will see a USB port at grocery store checkout credit card scanners and on gas pumps. Using the GoldKey credit card feature will be much safer than credit or debit cards in use today, and just one GoldKey token will handle all of your credit card and bank accounts. Further down the road comes “Gold Bank.” That is when things all begin to get really exciting, but will need to wait for a later post.