Master and GrandMaster GoldKey Tokens

Powerful Encryption Without Locking You Out


When it comes to encryption, nobody wants a backdoor – especially not one that can be downloaded off the Internet or looked up in a manual. However, no one wants to lose their data either. So security engineers have an interesting challenge: avoid locking users out of their data and preclude a compromise of data security.

 GoldKey Master Tokens

GoldKey Master Tokens are an elegant solution to this challenge. Utilizing b² cryptography, they provide immediate access to any data encrypted by users in their organization without weakening the security of the implementation.

Master Tokens are also necessary to create and manage groups, reset GoldKey personalization data, such as the PIN, and to duplicate GoldKey Tokens. Any GoldKey in a set of duplicates can access any data encrypted by any of its duplicates. There is no limit to the number of duplicates a GoldKey can have. You can make as many duplicates as you need using a Master Token.

Complete Control

With GoldKey, organizations can have complete control over who can access their confidential files. Master and GrandMaster Tokens can be used to administer GoldKey Tokens throughout an organization. Master Tokens can designate various permission levels to decide what each of its registered GoldKey Tokens can access.

GoldKey Tokens can also be assigned to various groups so that secure files can be shared between all tokens inside a group. Master Tokens can open or unlock any files that any of its registered tokens have encrypted. This means if a token is lost, the files it encrypted can still be recovered by its Master Token. The Master Token can disable the lost token’s access to data stored in the cloud, and can even program a new token to take the lost token’s place.

Management in Hardware

GoldKey groups and permission levels are decided and then stored in GrandMaster Tokens instead of in software. Using a secure connection, Master Tokens can be registered to the GrandMaster. Each Master can then register GoldKey Tokens.

This architecture keeps encryption ciphers off hackable servers and other appliances running software. Since the internal secret never leaves the key, this solution is true multi-factor authentication – without a correct token, the permissions cannot be accessed. This also allows administration to be transported physically and stored safely, perhaps in a bank vault.


Unlimited Number of Users

Because of its clever design, a Master Token can manage an unlimited number of GoldKey tokens registered to it. This allows organizations to add additional keys as they grow in users without any fear of outgrowing their data security system.

Learn more about GoldKey Hierarchical Management with b² cryptography >




Part Number GK-M1A
Casing Stainless steel, waterproof, tamper resistant and tamper evident
Supported Operating Systems Windows: 10, 8, 7, Vista, XP
Mac: Mac OS X v10.6 or higher
Compliance FIPS 140-2 certified
Certifications CE, FCC
Standards NIST PIV spec SP-800-73-2 and SP-800-73-3, X.509 v3 certificate storage, CCID, USB 1.1
Certificate Storage Up to four X.509 certificates (up to twenty-four X.509 certificates with Windows Smart Card Minidriver)
Security Algorithms AES, 3DES, RSA-1024, RSA-2048, ECC Curve P-256, and ECC Curve P-384
Supported Data Objects Card Capability Container, Cardholder Unique Identifier, X.509 Certificate for PIV Authentication, Cardholder Fingerprints, Security Object, Cardholder Facial Image, Printed Information, X.509 Certificate for Digital Signature, X.509 Certificate for Key Management, X.509 Certificate for Card Authentication, the Key History Object, twenty Retired X.509 Certificates for Key Management, and Cardholder Iris Images
Physical Dimensions 30 x 12 x 4.5 mm (1.18 x 0.47 x 0.18 in.)
Operating Temperature 0°C to 70°C (32°F to 158°F)
Storage Temperature -40°C to 85°C (-40°F to 185°F)
Humidity Rating 0-100% without condensation
Connector USB type A (Universal Serial Bus)
Life Expectancy Over 10 years