Frequently asked questions
How does the system protect against software vulnerabilities?
Any software corruption in the open chamber, including operating systems and applications, is prevented from accessing data from the secure chamber by hardware. The hardware forces applications and updates from the internet, flash drives, etc. to be installed only in the open chamber. If there are vulnerabilities in the secure chamber, that software cannot communicate data to the internet, nor can it receive instructions from the internet that may activate a virus
How does the system protect against network vulnerabilities?
It provides stronger security by default; sensitive data is protected even if software is compromised. Data is never exposed to outside users. Any network vulnerabilities that attack the open chamber can not access data from the secure chamber. Every packet that passes through to the secure chamber is authenticated by the hardware key. Every packet that comes from the secure chamber is encrypted and digitally signed by the key
Is the network vulnerable to quantum computing?
No. Quantum computers attack public key encryption that is used to exchange private encryption keys. In the system, encryption key data is encoded into hardware that is physically exchanged between trusted users.
Does this protect from AI attacks?
Yes, data in the secure chamber is isolated from external networks and cannot be used for training public AIs. The hardware firewall guards against software vulnerabilities found by AI and AI social engineering attacks cannot trick users into releasing protected data.
How does the system protect against human error?
It provides simplicity for users since there are no complex security decisions or setup. This includes no user-facing configuration for the secure chamber or settings that may allow a user to bypass security. It provides lower risk of human error since users can’t accidentally bypass protections. The secure chamber has no access to I/O ports that would allow users to copy data in or out of the secure chamber. Insecure actions such as public email, web browsing, social media, etc. are constrained to the open chamber by hardware. Backups cannot be done locally. They must be done over the secure network to the secure servers.
How does this help the IT department?
It provides ease of use with no complex security decisions or setup. It also provides flexible everyday use with regular apps and browsing still working normally. The open chamber of the computer does not need to be rigorously locked down. This means that users can have flexibility to install and run software without getting approval for every change. The IT department will have complete control of the software installed in the secure chamber. Users can be set up by sending them an encrypted disk image over the internet. Only the hardware key can activate the image and enable the secure chamber. Keys will have a remote self destruct. When activated the user will not have access to network or local data.
Can you import or export data from the secure chamber?
Yes, but not directly. The secure data center may have a monitored port to the internet. Any exchanges, even between chambers on the same computer, would need to be sent to the center to pass through the
monitored port. The permeability of the port would be at the discretion of the organization based on their
security needs and can vary from complete shut down, to applying rules that implement company policy and log all transfers.
How does the system protect against duplicated keys?
Hardware Keys are generated in sets by an air-gapped programmer. The programmer does not have non-volatile memory so it forgets the encryption data after it programs the set. Since the hardware keys include both the encryption data and the encryption engine, the critical encryption data will never leave the hardware key and will never be exposed to software or stored in memory. The keys cannot be copied. If five keys are made in a set, there will only ever be five keys.
How does the system provide authentication?
Possession of the key provides one level of authentication to the secure networks. It is recommended that this is supplemented with other methods including passwords, two-factor authentication, biometric scanning, and network monitoring to provide greater security.
Are there applications that are not suitable for this technology?
The physical key transfer of the system is less convenient than the public key system used in
today’s internet, so it may not be appropriate for all applications. This is not suitable for short-term security among large groups of people (like a web server). For example, this would not be recommended for an individual accessing their video streaming service. However, for those responsible for running the video streaming service servers, it would be highly recommended to protect the information on their servers.
This website uses cookies.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.