IDtec Case Study

CSfC Archon Integration

  • Problem

    • Ensuring secure computation and services for a mobile workforce is a daunting challenge for any enterprise
    • Add to that the complications of hardware configuration management, administrative overhead for security updates, user training and acceptance, and the task seems almost impossible
  • Solution

    • Archon ZV is the world’s first turnkey CSfC complete mobility solution

Overview.

ID Tec is pushing functional innovation within the CSfC area. We’ve created an End User Device called Archon ZV. At 1st glance, it appears to be a standard laptop. However, within the sheet metal, it is a completely different EUD appliance, built on a POSIX 178 Real Time Partitioning Operating System, and designed to function internally with Black/Gray/Red networks within the device.

 

What Archon Is.

Archon ZV functionally allows separate “guest” environments (Secure Domains) to separately and securely reside on the same endpoint protected by the Secure RTOS. Archon ZV supports native virtualization and multiple operating environments.

How Archon Works.

Within the virtual containers, the virtual machine may run a guest operating system (e.g. Windows, Linux, Android) and several tested and validated thin client operating systems, including Forcepoint TTC. However, because critical security components remain under the control of the trusted RTOS, each of the applications are isolated from the guest operating system. Secure authentication and communication between each are allowed with a high degree of assurance.

Leveraging these secure containers and in compliance with CSfC guidelines, classified network access is delivered through its own security stack without any interference, or threat of data leak to the FOUO side-service. What this means for the customers is that a deployed system is able to function in an environment with, or without connectivity.

Additionally, Archon ZV implements security address space within the RTOS Separation Kernel to provide the orchestration and enforcement of all CSfC-consistent double encryption processes. The Separation Kernel Orchestrator is utilized to enforce all flows for both network security as well as data-at-rest, providing protection for stored information using NSA approved cryptography while the EUD is powered off, or in an unauthenticated state. As a result, a system may be lost or discarded without compromising applications or data.

Finally, key management is included to enable dual encryption of all data-at-rest as well as dual encryption of any wired/wireless communications. This follows the Key Management Algorithm (KMA) implementation of OTA rekeying for EUDs. This dual encryption adheres to the NSA requirements for the Key Management Annex within the CSfC program.

How Archon Is Different.

Archon ZV was built to be able to scale to our customers needs. The system is delivered preconfigured and provisioned straight from the Dell factory so that only certifications need to be added at the site.  Our customers have share that this reduces the time to value from 48+hours per system to a matter of minutes.

Additionally, ID Technologies has developed an Over the Air (OTA) rekey solution which allows individuals to renew certifications or re-provision the systems remotely. Customers can therefore avoid unnecessary downtime required to send systems back on an annual basis for certificate renewals or whenever a new image is required.

Lastly, the Archon ZV interface and CSfC connection is elegant and performant, giving customers more of a commercial experience as was originally intended by the CSfC Program.

For more information, visit https://www.idtec.com/archon-zv/

Read More Case Studies.

  • West Point Army Athletics Case Study
    West Point Army Athletics Case Study

    The Army Athletics team needed help with aged wireless and switch network. ID Technologies was brought in by Ruckus as partner support to Sharp USA for this refresh. Ultimately, the end-user got a rock-solid network that started showing results from day 1 of operation.

  • Arnold AFB – ID Technologies and Trans-Tel
    Arnold AFB – ID Technologies and Trans-Tel

    The Air Force needed to expand fiber optic availability to the south-side of Arnold Air Force Base (AFB) that required new or upgraded connectivity. ID Technologies and Trans-Tel worked together to provide the customer with increased fiber connectivity to outlying areas and additional fiber counts for future usage.

  • Wireless Extension Box –	The WEB Slinger
    Wireless Extension Box – The WEB Slinger

    One of the challenges with Air Force Flight Line network communication is size. The challenge is to wirelessly extend the network, making it easier to extend the network to the clients. The ID Technologies Wireless Extender Box (WEB Slinger) is a ruggedized mesh node capable of extending the network for WiFi clients.