x

OKCoin Reveals Security Policy: Sets Standard for Operational Transparency

by

         OKCoin Reveals Security Policy: Sets Standard for Operational Transparency

On Friday, Star Xu, CEO of trading platform OKCoin, published his company’s security policy in a Reddit thread.

“OKCoin has decided to openly share [its] cold wallet security information. Through this transparency, OKCoin aims to assure users of the security of their funds,” the post stated.

Xu then encouraged members of the community to contribute feedback.

He began by outlining the company’s security design philosophy, focusing on key vulnerabilities inherent in Internet connections, USB drives and reliance on centralized management.

He went on to explain how the company’s security design protocol addressed concerns surrounding private key generation and backup, depositing bitcoin from an online hot wallet to an offline cold wallet, and retrieving bitcoin from an offline cold wallet.

The post listed key highlights of the OKCoin security protocol:

  1. The cold wallet addresses can only hold a limited amount of bitcoin.

  2. Private keys are stored on completely offline computers.

  3. Certainty that the private key never had any contact with the Internet or USBs.

  4. Encrypted private key paper document requires offsite backup, and is controlled by different people in different places.

  5. AES private key password shall also be controlled by different people in different places, and shall not be the same person with the master of the private key.

  6. Holders of the AES private key password and those with the ability to retrieve the encrypted private key are different people and in different places.

  7. Once a private key has been used to transfer bitcoin out of the address, the address is no longer to be used again for deposits.

In an interview with Bitcoin Magazine, Michael Perklin, president of the CryptoCurrency Certification Consortium (C4) and president of Bitcoinsultants Inc., commended Xu.

“Having a strong security policy is one of five things that every cryptocurrency storage solution should have,” Perklin said, adding that the other four pillars include “procedures, trained personnel, secure hardware and secure software.”

According to C4’s Cryptocurrency Security Standard matrix, it appears that OKCoin’s manifesto covers many, though not all, of the points companies need to include in their security policies to earn Level II and Level III ratings.

Perklin added that by publishing its security policy, OKCoin doesn’t lose anything in terms of security. The move should, in fact, give their clients a degree of confidence.

“Kudos to OKCoin for doing this,” Perklin said.

Recommended

Op Ed: With Bitcoin, Anarchy Is the Point, Not the Problem

In a SXSW panel discussion, IBM’s Christopher Ferris asked bitcoiner Jimmy Song if he was arguing for anarchy over a regulated financial system . In this op ed, Kyle Torpey posits, "Yes! That’s the whole point!"

Kyle Torpey

Op Ed: Hanging Money Launderers Out to Dry: The Role of KYC/AML in Blockchain

In this op ed, CoolBitX CEO Michael Ou argues that "anonymity contributes to cryptocurrency’s notorious volatility and makes it that much less likely that digital currencies will become stable stores of value."

Michael Ou

Bitcoin Price Analysis: Slow Grind Could Lead to Short Squeeze

Last Friday, we discussed a macro resistance level bitcoin would likely test. The level was tested three times prior and immediately rejected. Now, for the fourth time, we find ourselves situated above the level as we wait to see if our support holds.

Bitcoin Schmitcoin

Bitcoin Price Analysis: Could Three Times Be the Charm for This Resistance Level?

Bitcoin remains in its tightly coiled range as the market continues its sideways trend for the third week in a row.

Bitcoin Schmitcoin