Learn more about cyber security and quantum security solutions.
Case Study: Key Management for Secure Financial Analytics
Case study for key management solution for a division of a large bank delivering data analysis applications for the finance industry.
Case Study: Key Management for Cloud Document Storage
How we delivered an enterprise key management solution with integrated true random key generation, for one of the global leaders in cloud-based document and email management.
Case Study: Cloud Storage Security for Major Bank
Helping a global bank with millions of customers implement a secure cloud storage solution and meet internal and regulatory requirements. Our solution provides full and complete control over data access, without any chance of exposing data content, and easily integrates with existing IT systems and available cloud storage APIs.
qStream™ – Quantum Random Number Generator
qStream is an appliance that features our quantum random number generator (QRNG) card. Uniquely, qStream is both a very high speed hardware random number generator and also a generator of true random numbers, two things that until now have not been possible from one device. Using the physical phenomena of quantum mechanics as the entropy source, conditioned full entropy random bit output (compliant with NIST SP 800-90B & C) is provided.
Trusted Security Foundation
The QuintessenceLabs Trusted Security Foundation™ (TSF™) is a highly secure platform that combines unrivaled capabilities to deliver a single, centralized solution.
The new TSF integrates the security of a FIPS 140-2 Level 3 hardware security module (HSM) with advanced key and policy manager qCrypt, and the qStream high-speed quantum random number generator, delivering the strongest foundation for data security.
qCrypt™ – Key and Policy Manager
qCrypt is a unique, vendor-neutral (KMIP compliant), key and policy management solution, addressing the toughest challenges in key management. qCrypt can also integrate our qStream full-entropy Quantum Random Number Generator (QRNG), for high speed true random key generation and/or an embedded hardware security module for FIPS 140-2 Level 3 compliance.
qProtect™ – Virtual Zeroization Storage System
qProtect™ safeguards sensitive data in uncontrolled environments. It uses mathematically unbreakable one-time pad encryption and at the same time destroys the encryption keys (virtual zeroization), protecting confidential information wherever it is, now and in the future.
qClient™ Software Development Kit (SDK)
The QuintessenceLabs qClient™ Software Development Kit (SDK) allows developers to quickly and easily integrate powerful and secure cryptographic key management and random number management into any application.
Random Number Generators
All random is not created equal. The performance and characteristics of random number generators underlying many security functions have a strong impact on security. To put it simply, attackers don’t crack encryption, they steal or guess keys. All too often, there is a trade-off between quality and quantity when it comes to random numbers. This paper reviews the risks associated with these choices, and discusses new alternatives, like high speed quantum random number generators, to securely address this issue.
Key Management Best Practices
Important concepts for cryptographic key management and how they are met by QuintessenceLabs encryption key management and policy management solutions.
What Is Quantum Key Distribution?
What is quantum key distribution (QKD) and why does it matter? This technical paper explores in detail how quantum physics provides a key exchange solution that is absolutely secure and future proof.
Quantum Key Distribution Systems Compared
There are two main quantum key distribution systems being developed, Discrete Variable QKD and Continuous Variable QKD (CV-QKD). We examine both systems and discuss the advantages of CV-QKD in terms of cost, form factor, power consumption, and performance.
CSA Quantum Safe Security Group: What is Quantum Safe Security?
Public Key Infrastructure securing the exchange of encryption keys is vulnerable to improvements in processing power, particularly Quantum Computers. This paper discusses that challenge and presents two technologies that intend to address the threat: Post-Quantum Algorithms (PQAs) and Quantum Key Distribution (QKD)
Booz Allen Hamilton Assessment of True RNG
This report by Booz Allen Hamilton shares the results of their investigation into the quality of true random number generators. See slide 25 for independent measurements of the performance of QuintessenceLabs’ qStream True Random Number Generator.
CSA Quantum Safe Security Working Group: What are Quantum Random Number Generators?
A random number is generated by a process whose outcome is unpredictable, and which cannot be reliably reproduced. Weak random numbers can significantly reduce the strength of otherwise robust and well-designed systems. This paper discusses the risks associated with poor RNG and how quantum random number generators can address them.
CSA Quantum Safe Security Group: What is Quantum Key Distribution?
This paper from the Cloud Security Alliance provides an overview of QKD technology. It discusses how the security of QKD relies on fundamental laws of nature, which are invulnerable to increasing computational power, new attack algorithms or quantum computers, making it secure against the most arbitrarily powerful eavesdroppers.
CSA Quantum Safe Security Working Group – Glossary
This glossary, produced by the Quantum Safe Security Working Group of the Cloud Security Alliance, provides the reader with a concise definition of important technologies and approaches that can be used to help protect information from the quantum computing threat.
QuintessenceLabs Company Overview
Trusted Security Foundation and Encryption Modules
qStream: What Is qStream?
qCrypt: Key and Policy Management – Features
qProtect: Unbreakable security for Uncontrolled Environments
Example Customer Verticals
The Idea Behind Quintessence Labs
Vello Tabur, Head of Engineering, discusses engineering a QuintessenceLabs.
Jason Chapman, Head of Operations talks about QuintessenceLabs Operations
Security experts from across the globe are meeting at the Moscone Center this week in San Francisco, for the RSA Conference, the world’s largest security conference.
The RSA Conference 2016 attempts to connect technology, trends and the people who protect the digital world.One issue in the spotlight is the FBI versus Apple in a case of security versus privacy.
Meanwhile, tech companies are now designing even tougher security, which includes unbreakable encryption.
Interview with CEO Vikram Sharma about QuintessenceLabs’ breakthrough security solutions
The science behind the technology and the Telstra Innovation Challenge
ABC’s film on QuintessenceLabs security breakthroughs
CEO Vikram Sharma on the business applications of frontier quantum research
Vikram Sharma and John Leiseboer discuss the IBM SmartCamp
Invest Canberra presents a video about local quantum cyber-security leader QuintessenceLabs.
Australian Prime Minister Malcolm Turnbull discusses the country’s cybersecurity industry, including QuintessenceLabs.
Jane Melia, VP of Strategic Business Development at QuintessenceLabs, gives an overview of what QLabs will be showcasing at this year’s RSAC 2017 event.
This glossary contains important terms used in key and policy management, encryption, and quantum cyber-security. It is regularly updated with the latest terminology and usage. Your participation and feedback are most welcome. Please contact us to submit comments, new entries, or suggestions.
Also called public key cryptography (or asymmetric cryptography). Asymmetric cryptography uses two keys. One key is called a public key and the other is called a private key. Asymmetric cryptography solves the secret key transport problem encountered during initial attempts to communicate securely using symmetric encryption.
An ISO/IEC 15408 standard also known as Common Criteria for Information Technology Security Evaluation Assurance Level 2.
Encryption is the process of converting data, also known as plaintext, to another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. It is commonly used to protect sensitive information – this includes files and storage devices, as well as data transferred over wireless networks and the Internet. The information is transformed from plaintext into ciphertext through encryption and then transformed back from ciphertext to plaintext via decryption.
see enterprise key management
The management of cryptographic keys used for encryption, This includes generating, exchanging, protecting, storing, using and replacing encryption keys throughout their full life cycle. Encryption key management is one of the most complex problems of encryption and is critical to the security of a cryptosystem.
A solution delivering encryption key management. Also called a cryptographic key management system (CKMS). Encryption key managers include policies, procedures, components and devices that are used to protect, manage and distribute cryptographic keys and associated information.
Refers to encryption key managers that provide encryption keys across a variety of operating systems and databases centrally managed and globally implemented throughout the enterprise.
A measure of the randomness of data. High entropy corresponds to higher levels of randomness. Many parameters used in security are based on random data. The security strength of such cryptographic parameters depends on the actual entropy delivered by the underlying random number generator.
Federal Information Processing Standards PUB 140-2 – Security Requirements for Cryptographic Modules, fully described in: http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
FIPS 140-2 defines four levels of security, simply named “Level 1” to “Level 4”. In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to critical cryptographic material held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper-detection/response circuitry that zeroes all plaintext critical security parameters when the removable covers/doors of the cryptographic module are opened.
A hardware security module (HSM) is a security device that serves as the server’s root of trust and provides encryption capabilities by storing and using keys. HSMs can be added to a system to manage, generate, and securely store cryptographic keys. HSMs are high performance and can be external devices connected to a network. HSMs can also come in smaller expansion card form factors making it possible to embed the HSM within the key and policy manager for ease of HSM management, operation, and deployment. Unlike TPMs, HSMs are removable or external devices. HSMs typically use a FIPS 140-2 Level 3 FIPS 140-2 Level 3 validated cryptographic module.
See Hardware Security Module
International Organization for Standardization
International Electrotechnical Commission
Two or more systems are interoperable if they have the ability to communicate, exchange data, and use the information that has been exchanged. Product vendors who implement open standards such as KMIP or PKCS#11 facilitate interoperability between themselves and competitors, ultimately giving the customer choice, flexibility, and the ability to continue to leverage prior CAPEX.
see encryption key management
The Key Management Interoperability Protocol, governed by the OASIS standards body, is a protocol for communication between encryption systems and enterprise applications.
Key Management Interoperability Protocol.
National Institute of Standards and Technology
This overall standard provides the NIST Recommendations for Key Management. NIST SP800-57 Part1 provides guidance on cryptographic key management. It includes in particular details on key management lifecycle requirements that encryption key management solutions should implement.
Recommendation for Deterministic Random Bit Generator Validation System (DRBGVS).
Recommendation for the Entropy Sources Used for Random Bit Generation.
Recommendation for Random Bit Generator (RBG) Constructions.
Organization for the Advancement of Structured Information Standards. OASIS is a nonprofit consortium that drives the development, convergence and adoption of open standards for the global information society. The OASIS KMIP Technical Committee works to define a single, comprehensive protocol for communication between encryption systems and a broad range of new and legacy enterprise applications, including email, databases, and storage devices. Additional KMIP goals include removing redundant, incompatible key management processes, providing better data security while at the same time reducing expenditures on multiple products.
In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. Using the OTP technique, a plaintext is paired with a random secret key (also referred to as a one-time pad) that is truly random and at least as long as the plaintext. Then, each bit or character of the plain text is encrypted by combining it with the corresponding bit or character from the pad using modular addition. If the key is truly random, is at least as long as the plaintext, is never reused in whole or in part, and is kept completely secret, then the resulting cipher text will be mathematically impossible to decrypt or break.
Public Key Cryptography Standards #11 Application Program Interface. The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards, and names the API itself “Cryptoki” (from “cryptographic token interface” and pronounced as “crypto-key” – but “PKCS #11” is often used to refer to the API as well as the standard that defines it). The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
The policy manager allows the administrator to define and manage usage and object polices.
PRNs are numbers generated from pseudo random number generators (PRNGs). PRNGs use a short random seed using deterministic mathematical algorithms. Poorly constructed pseudo-Random numbers have resulted in security breaches.
quantum key distribution
Quantum Key Distribution allows the information-theoretically secure distribution of keys between two spatially separate parties. There are several approaches to QKD, including discrete variable quantum key distribution (DVQKD) which uses single-photons or weak coherent states and single photon detectors; and continuous variable quantum key distribution (CVQKD), which uses coherent or squeezed states of light and homodyne detectors. Both continuous and discrete approaches have been experimentally demonstrated; just as importantly, both have been proven to be information-theoretically secure. QuintessenceLabs’ 2nd generation quantum key distribution technology (qOptica) uses a continuous variable bright laser beam for key distribution, while leveraging commercial off-the-shelf (COTS) telecommunications components and existing fiber optic cables to offer a very cost competitive solution.
This refers to cryptosystems whose security is guaranteed by the physical law of quantum mechanics. It differs from classical public-key cryptography; whose security relies on the difficulty of solving certain mathematical problems.
Quantum Random Number Generator
QRNGs are true random number generators using quantum physics. (QRNGs) can be truly random. Many quantum random number generators are based on the detection of single photons and have relatively limited throughput.
Quantum random numbers are numbers generated by QRNGs.
Virtual machines (VMs) do not have a hardware based HSM or TPM. Therefore (raw) memory is the storage location specified for RSA encryption keys.
QuintessenceLabs’ key and policy management solutions include encryption key replication – based on a multi-master protocol using sharding. Sharding allows for the distribution of data over multiple machines, provides greater redundancy, better load balancing, and more functionality available during network partition events.
Software Development Kit
A shard is a database instance running on an appliance or VM which stores part of the key management data.
Also called secret key encryption. Both the sender and receiver share a common secret key.
trusted platform module
A TPM is a hardware chip typically included on the key management server’s motherboard used to encrypt the keys. Keys protected by a TPM chip cannot be directly used on another system – they must be decrypted by a key which is locked inside the TPM chip. To preserve the secrecy of the key when exported, the key is exported as a pair of files. The first file is an encrypted blob and contains the key protected by an asymmetric key pair and then further encrypted using an OTP. The second file contains the OTP itself. Security conscious administrators can assign privileges to ensure no single account can download both the OTP and the encrypted blob – two administrators are required to take custody of an exported key, and the two files can be stored separately.
true random number generator
TRNGs uses random physical processes to generate numbers instead of deterministic computational algorithms used by pseudo random number generators. True random numbers based on classical deterministic systems can be predicted if enough is known about the system, or if they can be influenced by actions such as temperature changes. High speed true random numbers generated using quantum physics, also known as quantum random number generators (QRNGs), are truly random.
TRNs are numbers derived from true random number generators (TRNGs).
Usage policies specify the client groups that are allowed to perform various operations on an object.