XQ provides software developers a SMART way to add Zero-Trust To Their Apps
Existing data protection solutions cannot handle today’s mobile, a cloud-centric world where millions of nodes generate billions of messages, or the emerging 5G IoT world where billions of nodes will generate trillions of messages. XQ is a clean-sheet approach to data protection in highly distributed environments such as privacy-compliant consumer email or SMART city sensor data. XQ’s Secure Message Authorization Routing Tracking (SMART) architecture is a Zero-Trust data protection solution that’s easier to implement, manage, and far more cost-effective than existing solutions.
XQ: Data Encryption + Access Control + VPN + Policy Enforcement + Logging = Zero-Trust data protection
There are 2 kinds of technologies to protect data: file encryption and VPNs. One is to protect data that doesn’t move while the other to protect data while moving. Unfortunately, since file encryption keys are server-specific when data is sent across VPNs it is usually sent in clear text providing cyber attackers to get it.
XQ treats all data as messages which can only be accessed by authorized software applications. Every message is individually encrypted to reduce the impact of data exfiltration attacks. XQ has been designed to support mobile and IoT devices transmitting sensitive data to clouds. XQ combines the best aspects of file encryption and VPNs into one solution.
SMART Zero Trust data protection
XQ has developed a new data protection concept that combines the best features of file encryption and VPNs to create a Zero-Trust Data Protection solution. XQ data is encrypted at the edge device (phone, PC, IoT Gateway) and then routed to one or more destinations. The encrypted data is wrapped in a meta-tag which serves as a pointer to the policies set by the data owner. The policies and keys for access and authorization are sent to a key cache.
XQ backend cache only forwards keys and never touches the data nor knows anything about the edge devices except identity and authorization. All events are automatically logged and geo-tagged to meet compliance requirements as well as instantly detect data exfiltration attempts. To meet emerging privacy laws such as CCPA and GDPR XQ provides the option to regulated entities of running their own key cache on a cloud or physical server.
Enabling Technology:
Edge Processing + API-based Key Cache
One of the technical advantages of XQ’s architecture is that it is easy for data owners to change encryption algorithms, policies, and entropy sources. This is an important feature for Smart Cities that have a mix of low-power computing devices (think of it as a light bulb) that must be accessible by the homeowner and Smart Energy infrastructure.
XQ’s patent-pending design streams quantum random numbers (qRNG) to edge systems (phone, PC, IoT Gateway) where it is used to generate a local encryption key. That key encrypts the data inside the RAM. The key is then posted to XQ’s backend key cache with retrieval policies such as authorization rights.
An example of XQ’s advanced architecture can be seen in its Apple iMessage application. The XQ icon appears inside iMessage as an embedded application. User data never leaves the iMessage app even though XQ is used for key distribution. XQ ensures only authorized iMessage users can read messages.