Quantum random number generator for networked and security applications
The Quantis Appliance is a network-attached device, which securely generates and delivers high-quality random numbers for security and cryptographic applications in enterprise, government, gaming, datacenter and cloud environments. The Quantis Appliance is designed for environments, where high availability is necessary. It can be inserted in, or removed from, an operating network with no impact on any other appliance, such as servers, switches and Hardware Security Modules (HSMs).
The random numbers generated by the Quantis Appliance are used for different applications: to generate high-quality cryptographic keys for encryption or authentication; to seed deterministic PRNGs and provide additional randomness for commercial HSMs, or to provide entropy for online gaming and mathematical simulations
The Quantis Appliance serves as a hardware source of trust for cloud or distributed environments, with both Linux and Windows operating systems. It provides secure keys for Virtual Machines (VMs), Virtual Private Networks (VPNs), HSMs and remote desktops. It is also used in Randomness-as- a-Service (RaaS) or Security as a Service (SaaS) environments.
The Quantis Appliance (QA) was specifically designed to meet the requirements of high availability environments. Using an Ethernet port, the QA is a distributed device that can provide several systems with randomness. It is an autonomous device, which integrates seamlessly into different types of networks. Its watchdog control guarantees low maintenance. The Quantis Appliance provides high-quality randomness to any number of connected devices.
The Quantis Appliance supports SNMPv3 (Simple Network Management Protocol). This allows the user to collect information from the server to help manage the server and analyse its status. For troubleshooting, the Quantis Appliance supports syslogs which provide a correlated view on the log data generated by different system components.
The Quantis Appliance serves as a hardware source of trust for cloud or distributed environments, with both Linux and Windows operating systems. The Linux entropy pool is notoriously bad as it has little access to external entropy sources apart from disc interrupts and other fluctuations. By installing a daemon on the Linux host, the Quantis Appliance monitors the kernel entropy pool and feeds entropy into the pool e.g for establishing secure SSL connection. As this is done on the level of the Linux entropy pool, the FIPS or other security certifications of the crypto stack are retained.
Additionally, a custom-developed tool is available which enables the direct seeding of leading Hardware Security modules (HSMs) without the need for an external server. The user configures the Quantis Appliance to deliver a chosen rate of random numbers to the HSM, which are then mixed with the internal HSM entropy source to improve randomness and trust in the crypto functions performed by the HSM.
1. Quantis Appliance with multiple servers
2. Quantis Appliance seeding an HSM
The different elements, server, HSM and the Quantis Appliance are integrated in a LAN. The server organises the communication to the devices and orchestrates the distribution of random numbers to the HSM. The Quantis Appliance is hot pluggable and swappable, ensuring seamless integration, even within an operating network.
In addition, a proprietary tool was developed by ID Quantique to enable direct seeding of market leading HSMs, without the need for an external server. The user configures the Quantis Appliance to deliver a chosen rate of random numbers to the HSM. Tools for the other types and other brands of HSMs will be added at a later stage.