iQuila utilizes a secure connection that is safeguarded through a double-layered tunnelling process, reinforced with Quantum Random Number Generation (QRNG) technology. The system operates via an iQuila Enterprise server housed in your secure data centre. This server is protected by a corporate firewall, with port 443 enabled for remote connections. It connects to two networks: the WAN (linked to the internet through the firewall) and the LAN (which accesses the secure network server, such as one with the IP address 10.10.10.1). as in supplied diagram.
The iQuila server is configured with two types of Virtual switches: the DMZ and the Secure VSwitch. The DMZ switch allows internet access and interfaces with Cradlepoint routers running iQuila. These routers employ dual authentication methods: a 4096-bit SSL certificate and a secondary username/password system.
The connection process occurs in two stages – Initial Router Connection: When a Cradlepoint router tries to link to the DMZ virtual switch, it undergoes a four-step verification. First, it confirms the validity of the SSL certificate, and then it verifies user credentials. Following this, the internal security center checks the MAC address and hostname of the router for extra security. Upon passing these checks, the router connects to the DMZ virtual switch.
Remote Device Connection – Users on remote devices, like laptops or tablets in a police car, connect to the Cradlepoint router via Wi-Fi. Post this connection, the iQuila client software on the remote device establishes a connection through the previously set up iQuila tunnel to the data center. It then authenticates against the Secure Virtual switch using a 4096-bit SSL certificate. The user is prompted to enter their credentials, which could be stored on the iQuila server or linked to a RADIUS server. The iQuila server then verifies the device’s hostname or domain name. Successful authentication allows the device to join the Secure switch. Data transferred from the device to secure servers is filtered to ensure access is granted only to authorized resources and from verified MAC addresses and user accounts.
It’s important to note that remote devices can access the secure switch only through the established iQuila tunnel to the DMZ switch.
QRNG Option – Integrating a Quantum Random Number Generator (QRNG) with the iQuila server significantly enhances its security capabilities. Once this device is connected and activated, it supplies the iQuila server’s encryption mechanism with completely random numbers. These numbers are essential in generating highly secure session keys, which can be configured to a length of 4096 bits. This advancement in encryption technology is part of iQuila’ s initiative to embrace the latest in quantum encryption, in collaboration with Quantum Dice. This partnership signifies a major step forward in the realm of data security, especially for encrypted data packets transmitted over public internet networks.
Quantum Dice’s QRNG technology is unique because it utilizes the inherent randomness of quantum mechanics. This is a significant departure from traditional random number generators, which rely on complex algorithms that, despite appearing random, have a non-zero probability of being predicted. Quantum Dice’s approach leverages its patented source-device independent self-certification (DISC™) feature, ensuring that each number generated is verifiably random, even in the face of environmental disturbances. This results in a level of randomness and security that classical hardware random number generators, which are slower and vulnerable to physical attacks, cannot match.
The QRNG device developed by Quantum Dice operates by firing a laser through beam splitters, which then reach photon detectors, producing a random signal due to the quantum uncertainty inherent in this process. The DISC™ protocol provides a live measurement of the available randomness, directly extracted from the physics process, offering an unmatched level of assurance in creating securely unique encryption keys. These keys are then used within the iQuila VEN™ platform to encrypt data packets over the network, providing a level of security that stands out in the market.
Logging -The iQuila server is designed to meticulously record logs of all activities, encompassing everything from user authentication processes to the specifics of data transferred by clients, including the timing of such transfers. These logs are initially stored directly on the iQuila server itself. For enhanced convenience and streamlined analysis, there is also a feature to automatically forward these logs to a dedicated logging server. This setup aids in efficient monitoring and analysis of server activities and interactions