Goldilock is a simple yet revolutionary patented technology that physically isolates sensitive data, networks and critical infrastructure from harm or interference, yet retains a layer of convenience for authenticated users.
Unlike existing network segregation techniques, Goldilock is an intelligent hardware appliance that uniquely contains a series of non-ip-controlled electromechanical relays to achieve total network disconnection. Only Goldilock's technology can be remotely controlled using out-of-band non-IP mechanisms, without using the a network or the internet.
This creates an inconvenience layer for attackers and protects potentially disruptive IT procedures, and physically shields digital assets.
Yes. Goldilock uses Reed Switches, which actually physically connect and disconnect. The data passing through is only able to flow when the contacts are connected. Goldilock is not a 'virtual' or 'logical' (i.e. sofrware governed) process, but rather a complete physical 'un-plugging' of the contact. In its simplest and most common form, it consists of a pair of ferromagnetic flexible metal contacts in a hermetically sealedglass envelope. The contacts are usually normally open, closing when a magnetic field is present, or they may be normally closed and open when a magnetic field is applied. The switch may be actuated by an electromagnetic coil, making a reed relay, or by bringing a permanent magnet near it. When the magnetic field is removed, the contacts in the reed switch return to their original position. The "reed" is the metal part inside the reed switch envelope that is relatively thin and wide to make it flexible.
No. A single number is all that is required.
The phone number is linked to user profiles, not the port. Users can be assigned to specific port(s), so when they attempt to control the port(s), they are challenged with the keywords attached to the user profile.
Each port is a pair of Layer 1 network interfaces, one in and one out, with no crossover or physical connection to any other port.
Ports are independently controlled and defined as a Layer 1 patch. Each port can be configured to one of two specific operational modes; connected or disconnected. It is possible to utilise a single port individually, or all of them, as required.
The appliance will automatically power up once power is restored.
There are three configurable states each port defaults to upon power up:
1. Default to connected state: The airgap will physically connect networks
2. Default to disconnected state: The airgap will physically disconnect networks
3. Default to previously set state: Whichever was the last known state.
Goldilock complies with the following standards: CE, UKCA, CISPR 22/32, FCC Part 15B Class A.
Each of the 12 available ports is capable of up to 10Gbps.
It is neither a Layer 1hub nor a Layer 2 switch, from a networking perspective it is the equivalent of a patch cable
Only the Administrator role is authorised to add Users. Users are added to the list of approved Users with basic detail such as name,, passphrases and phone number. From there, Users can log in, change their password, and send commands.
A range of intuitive commands are available to users when sending commands to the appliance, these include examples such as;
Input: Enable port [1-12]
Input: Disable port [1-12]
Input: Status port [1-12]
All commands and challenge response words are case sensitive.
On average, it takes typically 15 to 20 minutes for a first-time user to set up.
The appliance ships in a ready to be used condition, with everything pre-installed. It is simply a matter of racking the equipment if applicable, connecting the cabling, powering on logging in as Administrator via the Management Port and being set up.
No. The tech admin needs to disconnect (or reconnect) after each use. This is by design.
There are two roles, defined as follows;
By default, the Goldilock device ignores and rejects every incoming message.
To control a port via our secure messaging stack, an administrator would need to add the authorized sender's mobile number to the system's authentication list (whitelist) In addition, the administrator would select which ports this user is able and not able to control.
Finally, an OTP seed key is generated, unique to the newly added user. This seed key can be used with Google Auth, Microsoft Auth, Cisco Duo authentication apps. This will generate a unique one-time-password that is included in every future SMS command.
In total, if the controlling user's number has not been added to the authorization list, or tries to control a port which they are not authorized to control, or does not include the generated one-time-password within the command message, it will get rejected.
The management GUI is accessible by connecting the rear management console port to a network and visiting the device's assigned IP address via your web browser.
Security for the GUI meets the requirements of NIST 800-63 for password security and related functionality. This includes: