ID Tec is pushing functional innovation within the CSfC area. We’ve created an End User Device called Archon ZV. At 1st glance, it appears to be a standard laptop. However, within the sheet metal, it is a completely different EUD appliance, built on a POSIX 178 Real Time Partitioning Operating System, and designed to function internally with Black/Gray/Red networks within the device.
Archon ZV functionally allows separate “guest” environments (Secure Domains) to separately and securely reside on the same endpoint protected by the Secure RTOS. Archon ZV supports native virtualization and multiple operating environments.
Within the virtual containers, the virtual machine may run a guest operating system (e.g. Windows, Linux, Android) and several tested and validated thin client operating systems, including Forcepoint TTC. However, because critical security components remain under the control of the trusted RTOS, each of the applications are isolated from the guest operating system. Secure authentication and communication between each are allowed with a high degree of assurance.
Leveraging these secure containers and in compliance with CSfC guidelines, classified network access is delivered through its own security stack without any interference, or threat of data leak to the FOUO side-service. What this means for the customers is that a deployed system is able to function in an environment with, or without connectivity.
Additionally, Archon ZV implements security address space within the RTOS Separation Kernel to provide the orchestration and enforcement of all CSfC-consistent double encryption processes. The Separation Kernel Orchestrator is utilized to enforce all flows for both network security as well as data-at-rest, providing protection for stored information using NSA approved cryptography while the EUD is powered off, or in an unauthenticated state. As a result, a system may be lost or discarded without compromising applications or data.
Finally, key management is included to enable dual encryption of all data-at-rest as well as dual encryption of any wired/wireless communications. This follows the Key Management Algorithm (KMA) implementation of OTA rekeying for EUDs. This dual encryption adheres to the NSA requirements for the Key Management Annex within the CSfC program.
Archon ZV was built to be able to scale to our customers needs. The system is delivered preconfigured and provisioned straight from the Dell factory so that only certifications need to be added at the site. Our customers have share that this reduces the time to value from 48+hours per system to a matter of minutes.
Additionally, ID Technologies has developed an Over the Air (OTA) rekey solution which allows individuals to renew certifications or re-provision the systems remotely. Customers can therefore avoid unnecessary downtime required to send systems back on an annual basis for certificate renewals or whenever a new image is required.
Lastly, the Archon ZV interface and CSfC connection is elegant and performant, giving customers more of a commercial experience as was originally intended by the CSfC Program.
For more information, visit https://www.idtec.com/archon-zv/