Businesswire | July 18, 2023
The world’s efforts to secure digital communications from the threat posed by quantum computers took a significant leap forward today as a new standard for quantum-safe Virtual Private Networks (VPN) was ratified by the Internet Engineering Task Force (IETF).
The new protocol has already been used by Banque de France and Deutsche Bundesbank to secure payments messages, paving the way for full adoption by the Bank for International Settlements to secure communications between the world’s central banks.
‘Harvest Now Decrypt Later’ (HNDL) attacks currently represent the greatest quantum cybersecurity threat. These attacks see hostile actors steal encrypted data now which can be decrypted once a sufficiently mature quantum computer comes online. The new US Quantum Computing Cybersecurity Preparedness Act states that the HNDL risk presents the highest threat to humankind and stipulates that quantum migration must start now. Deploying a VPN based on new post quantum cryptography is the easiest way to protect data-in-transit from such attacks.
The new IETF standard specifies how VPNs can exchange communications securely in the quantum age. The novel approach prioritises interoperability by making it possible for multiple post-quantum and classical encryption algorithms to be incorporated into VPNs. Combining both old and new encryption is essential to ensure no disruption to the functioning of existing IT systems, and to protect data from attack by both classical and quantum computers.
This is a particularly important milestone for internet connectivity and security as we are transitioning from an era where the world relied upon just one or two algorithms (RSA and Elliptic Curve), to a situation where different nation states are deploying a wide variety of different post-quantum algorithms. This new IETF standard is the glue that allows parties using different public key encryption algorithms to talk with one another.
The new IETF standard was proposed and designed by Post-Quantum, a British cyber security company that’s built a portfolio of market-ready quantum-safe cyber security products. Post-Quantum’s own Hybrid PQ VPN uses the new IETF standard and is already in use by NATO to secure its communications from quantum attack, supporting interoperable communications between NATO members.
CJ Tjhai, CTO, Post-Quantum and original author of the new IETF standard said: “I’d like to thank all the technologists that collaborated with us on this IETF standard. Much of the focus has been on NIST’s new post quantum encryption algorithms themselves, but this is insufficient unless you have a protocol that defines how the connectivity is done. The easiest way to prevent Harvest Now Decrypt Later attacks is to deploy a PQ VPN based on the new IETF standard. NIST’s new algorithms are only useful if we have agreed standards for their use and mature products that can accommodate them.”
Andersen Cheng, Executive Chairman, Post-Quantum added: “CJ and his collaborators have completed important work that makes it possible for tech companies to build quantum-safe VPNs that communicate to one another. We are entering a period where different countries are now recommending different encryption algorithms, so engineering our communications infrastructure to be interoperable and backward compatible is absolutely crucial. That’s the value our own VPN is bringing to organisations like NATO, a diverse member organisation with a variety of post-quantum algorithms in use.
“In the commercial sector, we are pleased that Banque de France and Deutsche Bundesbank have also recently completed their project in transmitting payment messages using our protocol, which will pave the way for the Bank for International Settlements to build a complete chain of trust for central bank applications to counter any HNDL risks they already face today.”
José María Lucía Moreno, Lead Partner, EY Wavespace and a Post-Quantum partner added: “Our agreement with Post-Quantum is an important step in helping EY and its clients to become quantum-safe. We’re increasingly consulting with our clients to identify where they use traditional encryption that will need to be upgraded, and to help them prepare for the quantum era. Post-Quantum’s approach is particularly interesting because they have modular software-based products like the VPN, which can be implemented together, or as standalones within existing environments, to offer protection today.”
The IETF is the non-profit organisation with responsibility for developing the standards that define how the internet is built and used. Now that the IETF has ratified this work, VPN providers will adapt their protocols to match it, making this a defining standard for the future of cybersecurity as the world transitions from classical to new post-quantum encryption. Ratification represents the culmination of work dating back to 2017 when Post-Quantum took the lead in creating the original proposal for this standard.
Post-Quantum is upgrading the world to next-generation encryption. Our quantum-safe platform includes modular software for Identity, Transmission and Encryption that protect organisations across their entire digital footprint. Products are interoperable, backward compatible and crypto-agile - ensuring a smooth transition to the next generation of encryption.
Post-Quantum works with organisations in defence, critical national infrastructure and financial services, including a multi-year relationship with NATO to ensure its communications are secure against quantum attack.
Virtual Desktop Tools, Virtual Server Management
prnewswire | July 11, 2023
Anviz, an industry leader in professional and converged intelligent security solutions, has announced the launch of its next-generation access control solutions powered by Open Supervised Device Protocol (OSDP). The two new offerings – the SAC921 single-door access controller and C2KA-OSDP RFID keypad reader – are future-proof systems packed with state-of-the-art technology and smart features. Both solutions seek to ensure customer safety and peace of mind, providing a comprehensive security solution for today's modern world.
"Mounting concerns surrounding personal data security have raised awareness about the importance of digital safety in recent years, which is expected to drive significant changes in safety standards for data storage and transfer," said Felix, Product Manager of Anviz. "Aiming to take the lead in transforming how personal data is safeguarded, we launched our latest OSDP-based solutions equipped with tailor-made features for businesses looking for more advanced access control systems. We also believe SIA OSDP, the most widely-recognized standard for access control systems, will play a pivotal role in addressing security concerns by empowering manufacturers to offer enhanced security options with diverse functionalities to global users."
SAC921 Single-door access controller
SAC921 is a PoE-powered access control system that offers great flexibility and simplicity with a wider range of access control interfaces supporting alarm input, perimeter security, and device control. The SAC921 provides a revolutionary upgrade to the traditional Wiegand-based access control systems, significantly streamlining device operations while offering improved security features and better third-party compatibility.
Due to the adoption of PoE, OSDP, and built-in management software, installation of the SAC921 is easier and more cost-effective. Via Anviz's CrossChex remote control system, users can also access a more comprehensive set of security options, such as personnel identity verification, access control, and time attendance management system, granting powerful and customizable security capabilities.
C2KA-OSDP RFID keypad reader
The C2KA-OSDP RFID keypad reader ushers in a new era of PIN code access, delivering unrivaled convenience for both credentialed users and visitors alike. The cutting-edge reader goes beyond traditional access control by supporting multi-factor authentication with seamless integration of various credentials and access methods.
The keypad reader's breakthrough security capabilities are made possible by OSDP, securing connections and safeguarding against hacks. Unlike traditional Wiegand-based systems, OSDP-powered devices enable bidirectional communication between controllers and card readers using RS485, allowing for real-time monitoring of the card reader's status. This enables access control software to monitor, control, and encrypt data between the access control controller and card reader, delivering advanced tamper protection and usage tracking.
OSDP's key value come from its superior flexibility. Data shared between OSDP access control and readers are no longer confined to fixed-length data fields, such as 24 or 36, with AES128 encryption ensuring higher data security. As a member of SIA, Anviz intends to introduce more SIA OSDP Verified products to the global markets, allowing customers worldwide to enjoy higher security, richer functionality, greater ease of use, and increased interoperability brought by OSDP.
The packaged access control solution that combines the SAC921 access controller and C2KA-OSDP RFID keypad reader is scheduled to be launched in the second half of 2023. Anviz is also planning to upgrade its products to support greater compatibility with third-party solutions. This will be tailored to the needs of various industries, including education, government, commercial real estate, retail, manufacturing, healthcare, and hospitality users, allowing them access to a comprehensive and integrated security control experience.
Anviz is the leading security solution provider for the commercial market. We are providing smart solutions based on cloud and IoT technologies to SMB and enterprises clients globally. Security is crucial to any office or facility, every building needs a way to keep the space safe, and most organizations also need to restrict access to certain areas. Anviz is the first access control company to make use of biometrics-based, RFID cards, mobile access technology and specialized hardware to achieve space safety goals. The powerful security features with convenient and flexible system, provide office efficiency for enterprises small and large.
Cloud, Containers, Virtualized Environments
PR Newswire | June 29, 2023
StackPath, the industry-leading edge computing platform, today announced support for using Virtual Kubelet (VK), an open-source Kubernetes (K8s) technology, with StackPath Edge Compute Containers. With VK support, developers and operators can seamlessly integrate StackPath Containers (SP// Containers) into multi-cloud K8s clusters and manage them as part of their worker node deployment using standard K8s APIs/management consoles.
"Virtual Kubelet support delivers on all three of our core product values: speed, decentralization, and simplification," said Tom Reyes, Chief Product Officer for StackPath. "Nearly all internet-centric applications are distributed, latency-sensitive, and meant for multi- or hybrid-cloud deployment. Virtual Kubelet, paired with our edge compute, is the perfect solution. VK lets clusters span clouds without additional management overhead. StackPath gives those clusters more geographic diversity and higher proximity to data sources and destinations. We couldn't be happier to join the VK community as an official infrastructure provider."
Sponsored by the Cloud Native Computing Foundation, Virtual Kubelet is a revolutionary open-source technology transforming how companies approach Kubernetes clusters. Installed on a K8s cluster's control node, VK enables the control node to integrate and communicate with compute resources in other networks and platforms. The K8s cluster's administrator can centrally manage the entire cluster, regardless of where and how many other resources have been integrated.
No other VK provider offers complete compute containers with the physical proximity to end-users and on-premises networks as StackPath. Data can reach or be delivered from StackPath Edge Compute instances up to 300% faster than similar instances in hyperscale cloud data centers, providing exceptional speed and responsiveness for businesses' B2C, B2B, and even internal workloads.
"If you already use K8s and want to go to the edge, no need to rip and replace; just skip right to a better-performing application. Or if you held off leveraging K8s because you couldn't afford the latency or complexity, wait no more.," said Mr. Reyes. "The cloud is complicated enough with too much room for runaway costs and inadequate performance. StackPath and VK have the perfect combination of easy-to-use and familiarity. Keep using your same Kubernetes API server and API calls. We'll keep care of the infrastructure."
StackPath is a cloud platform built at the internet's edge, providing infrastructure and services physically closer to the source or destination of data than hyperscale cloud service providers. StackPath Edge Compute (including virtual machines and containers), Edge Delivery (including CDN and serverless scripting), and Edge Security (including WAF and L3-L4, L7 DDoS Protection) solutions run in edge locations strategically deployed in high-density markets and united by a secure global network and a single management system. Customers ranging from Fortune 50 enterprises to one-person startups trust StackPath to give their latency-sensitive workloads and real-time applications the speed, security, and efficiency they require.