USPTO 62/904689), as it delegates encryption and decryption operations to a trusted 3rd-party service. Our new key management architecture is called Delegated Key Management (pat. The design behind the new Delegated Key Management architecture Building trust is a long-term process and investment, and Fortmatic aims to be as transparent, auditable, and have mature security controls (SOC 2 compliant, penetration tests) as possible. There are many potential ways for companies to be evil ( consumers are skeptical), which means trust is always required between company and customer. Companies provide value by taking responsibility and serving customer needs. Fortmatic keys can also be used in conjunction with smart contract wallets to introduce more layers of security.Ĭompany needs to be accountable.
#Wechat windows dev infrastructure database cache Patch#
We can’t lock ourselves into an inflexible or unscalable architecture to the point that we cannot support a large number of users and quickly react to changing user/attacker behaviors to patch or upgrade our system instantly. Users will also be able to export or import their keys at any time - giving them complete control and ownership of keys. One of the worst things that can happen to users is them getting locked out of their accounts. With a large enough audience, users will lose their device, recovery kits, and forget their passwords or recovery questions, etc.
We summarize our philosophy into three pillars.Īccounts need to be recoverable. To make steady advances in key management, we have to assume that human behavior is indeterministic, both users and attackers will eventually evolve and exhibit different behaviors. Transformative technology always resonates with user behaviors and aligns involved parties’ incentives. Here at Fortmatic, we adhere to a humanistic and pragmatic philosophy on key management. Finally, after months of building and testing, we launched our 1.0 version and rolled out our new non-custodial Delegated Key Management architecture to mainnet on. Since launch, we’ve been working with over thousands of developers and users on pushing the boundaries of key management, exploring ideas on what’s acceptable and what’s not. From working closely with developers and partners, the most significant criticism we faced was the traditional custodial key management model. The incredible amount of traction from developers looking for alternative key management approach caught us by surprise, and we’ve learned so much about the essence of Web 3. Since our launch, we’ve been surfing a tornado… iterating with developers, partners, fighting fires, and prioritizing features for our roadmap. We had to leverage our team’s past expertise securing internal sensitive data, secrets, and infrastructure, and therefore, the initial version of Fortmatic key management adopted a traditional Web 2 custodial model where users’ private keys are generated and encrypted within a secure enclave in our infrastructure. We had to make many pragmatic decisions, balancing between challenging priorities, especially around our key management architecture. We couldn’t afford to build the wrong product, and want to get started iterating with developers quickly to stay on top of such a rapidly changing ecosystem. We started building Fortmatic in June 2018, and beta launched our minimal viable product in February 2019 during the ETHDenver hackathon.
0 kommentar(er)
