Wallets and security: CIEO combine wallet and vault storage
Wednesday 19 March 2014
Security of bitcoins has become a much-discussed topic, and has recently come to the fore again after one of the world’s largest bitcoin exchanges, MtGox, lost around 850,000 bitcoins belonging to its customers.
It means providers of wallets and storage solutions are putting extra emphasis on their security practises, hoping to maintain and in some cases, regain, the trust of users.
Robert Onesian and Noah Case, co-founders of CIEO, a Bitcoin Solutions and Development firm have launched a new wallet solution based on open-source code, which creates portability between a single wallet and multiple devices. They have just released an OSX compatible version after the rejection of the last bitcoin wallet app, Blockchain, from the App store.
They have also recently come out asking for a public forum to discuss Bitcoin’s technology and its future in the wake of the MtGox scandal, so Noah Case answered a few of our questions about security, their technology, and a future with Apple.
BitScan: Can you explain how CIEO is different to many of the other wallet platforms out there?
Noah Case: We are pleased to have built our wallet based on roots from the open-source community and continue to utilize those technologies in conjunction with our intense security practices moving forward. The sources are Oracles ZFS platform and GELI for encryption and storage. We leverage ZFS AND GELI to create a TPM module for an encryption PIN. We also use freebsd and a storage system powered by a leader in high availability uptime and a robust leader in TCP/IP Stacks. Our next release of CIEOwallet 2.0 in April 2014 will have noticeable visual and user function changes that will brand our own look, feel and unique functionality.
B: Will consumers and merchants receive different benefits?
NC: Our core wallet and storage products are universal. Our sister company ClearGate, an established payment gateway will be targeting merchant services, both in the domestic and international markets. ClearGate will be releasing their virtual terminal with integrated QR technology allowing merchant to accept Bitcoin, credit, debit and check in 2nd Quarter 2014. ClearGate’s virtual terminal works in symphony with CIEOwallet and CIEOvault that offers our merchant base a complete payment solution for retail and ecommerce applications.
B: How is CIEO addressing the security issues that came to light after the MtGox problems?
NC: As the Mt.Gox saga continues with numerous sources alleging an abundance of possible problems that lead to their demise, it seems one common theme may have been their lack of robust, system security practices. As internally reported, “transaction malleability” was to blame for their exposure allowing perpetrators to steal their Bitcoin reserves. The topic of malleability isn't new to crypto-currency and has been known as a weakness for some time. It does appear this issue was not properly addressed in their cold storage technology and further compounded by their lack of a well-functioning, internal transaction auditing system. Management of CIEO and ClearGate has years of experience in cardholder security system and compliance. We have a high level of confidence that our experience in working with financial institutions, card associations and their related PCI requirements gives us a bit of an advantage over newcomers to merchant services.
B: And what measures are CIEO taking to ensure their clients' bitcoins are secure?
NC: Our years in cardholder information protection have led us to develop an excessively secure environment for our customers. For example obvious practices we recommend are the use of passwords that are at least 16 characters. When it comes to storage, we recommend that users store 33% cold, 33% warm on your primary device and 33% on a secondary device. Of course that can vary by user given their usage trends and amount of Bitcoin. We are releasing our next wallet version with a PIN login authorization feature and auto-vaulting process. Through CIEOvault, users are able to manage the balance between all platforms. Simply said, “our system gives you 100% control of your Bitcoin”
B: You say you are making the recovery of wallets a simpler process – how are you doing this?
NC: Our proprietary storage software (CIEOvault) manages in “real time” an unlimited amount of phone wallets (CIEOwallet) to be cloud stored and active, simultaneously. If you were to lose a phone, destroy it or simply misplaced it, CIEOvault has a complete transaction audit and accounting of your Bitcoin. You’re protected! No longer do you have to be worried that your Bitcoins are unrecoverable.
B: You also offer cold storage options. Can you give us a little more detail?
NC: We offer “cold”, “warm”, and “hot” storage. “Cold” is the highest level of security whereby your Bitcoin reserve is converted to an offline VMDK and not accessible via the Internet. A “warm” wallet is vaulted utilizing CIEOvault providing real time synchronization with unlimited wallets. “Warm” wallets can store Bitcoin or act in a “looking glass” mode. A vaulted wallet guarantees your Bitcoin will not be compromised if your mobile wallet is lost, damaged or malware infected. “Hot” wallet storage simply operates in a stand-alone mode on your mobile device.
B: Apple users can now use your wallet via OSX but will you be offering it on any other platforms in the future?
NC: We currently offer our solutions on Android, Linux, Mac and Windows and plan to release an iOS application when Apple cooperates with the Bitcoin community.
Thanks to Noah Case of CIEO for answering our questions.
For more safety information check out the articles on Bitcoin security.
comments powered by Disqus