Search
UK US
Call us

General Enquiries

0845 838 2050

Product Support Information

Technical FAQs

Which of your products are no longer under standard support?

The following products are 'End of Life' and not subject to further standard release cycles. However, Becrypt can provide extended help desk support if requested by an existing customer. Please contact support@becrypt.com for further information.

  • Advanced Port Control
  • Connect Protect
  • Convex430
  • DISK Protect Baseline
  • DISK Protect Enhanced
  • Media Client
  • mShare
  • tVolution
What Paradox support and maintenance contracts are currently available?

Paradox support and maintenance contracts are currently available through to 31st December 2026. Please contact support@becrypt.com to discuss additional support and maintenance requirements.

How long will Paradox receive security updates for?

Paradox support and maintenance contracts are currently publicised as available through to 31st December 2026.

https://www.becrypt.com/uk/products/product-suppor...

Can we verify that an update was issued by a trusted source and that it was not tampered with during transit?

Becrypt use a code-signing certificate to sign all Paradox OS Updates. BEM will not load OS updates or applications signed with an expired or invalid code signing certificate.

Paradox devices cryptographically validate that an OS Update has been issued by a trusted source by checking an update has been signed by a valid Becrypt certificate. OS update signing allows the Paradox device to ensure no tampering or corruption has occurred during transit. This prevents an attacker from sending a fake or malicious update, or to corrupt an update so it will not install.

If an update is rejected due to failing authentication or integrity checks, the event is reported to BEM over a secure (encrypted) channel. This allows an administrator to investigate and put in place appropriate mitigations. A remote attacker with no access to the management network will not have visibility of update failure.

How are updates managed across device fleets?

Becrypt Enterprise Manager (BEM) simplifies the provision of OS updates and allows their deployment as a single administrative action once loaded within BEM. BEM allows the rollout of OS updates to be staged across an organisation by designated device groups.

​ Does Paradox support mutual authentication with other devices, services, and networks?

Paradox prevents attackers from masquerading as a legitimate device to intercept or manipulate communicated data. Communication with BEM uses TLS with mutual authentication. Paradox supports 802.11X authentication for controlled access to networks preventing an attacker from spoofing a device, or causing the device to share sensitive data.

What authentication protocols are used?

Paradox supports OUATH2, API signatures and 802.1x. Additional protocols may be configured by request.

Does Paradox support hardware-backed methods of authentication?

Paradox supports certificate-based device authentication leveraging the TPM. Hardware-backed user authentication may be enabled through the use of physical tokens (e.g. Yubikeys) for secondary user authentication.

Is Device identity tightly bound to a single physical device identity?

Paradox binds device identity to a physical TPM instance, providing hardware-backed device identity. The TPM is used for key attestation to demonstrate that the identity is protected by the device.

​ Is the firmware and operating system on the device only modifiable through authorised update mechanisms?

Firmware updates are validated using cryptographic signatures. The Paradox operating system image is integrity protected using cryptographic signatures and hash trees to ensure that it is only modifiable through an update process combined with the relevant signature.

​ Does Paradox support pre-operating system boot security?

Secure boot ensures that the operating system cannot be corrupted or compromised, enforced through bootloader validation of TPM register outputs.

Does Paradox have built-in and a third-party available framework for runtime integrity protections?

The device is deployed by an organisation via their MDM (BEM) platform and once provisioned is instantly protected as no third-party software is required to be installed.

Cryptographic integrity checks of applications are performed as applications are executed.

Cryptographic integrity checks of policy updates are enforced to ensure they originate from a trusted management server.

Optionally, third-party antivirus software may be deployed.

Does Paradox provide documented exploit mitigation capabilities, and are these used by all system and pre-installed software?

All Paradox C++ components are built with stack canaries. ASLR in the kernel is turned on.

Use of stack canaries by 3rd party components cannot be verified.

​ During runtime, can the health of the device be queried remotely?

Paradox undertakes device health measurements during system start. A remote attestation protocol has been implemented to allow a remote authentication service to validate device health and inform subsequent access control policies.

The remote attestation protocol and supporting device health measurement architecture is full documented and available for prospective customer review.

Is health data handled on the device in a way to maintain its integrity?

A hardware-backed cryptographically validated chain of trust is used to protect device health measurements. Details are available as described above.

Does Paradox have a boot attestation process?

Paradox employs secure boot, followed by a TPM-backed trusted boot process to cryptographically validate the integrity of firmware, boot components and all operating system components including 3rd party binaries and drivers.

Evidence of an unsafe boot is available to Paradox and the device management software.

Does Paradox have a runtime attestation process?

Paradox undertakes device health measurements during system start. A remote attestation protocol has been implemented to allow a remote authentication service to validate device health and inform subsequent access control policies.

Is it possible to restrict execution of software based on trust?

The Paradox device management platform (BEM) is used to deploy authorised (signed) applications, allowing organisations to restrict trust in applications as appropriate e.g. Becrypt applications, VPN clients, VDI clients. Unauthorised applications will fail to execute on a Paradox device.

Becrypt provide the facility to allow organisations to sign their own applications (and operating system components) based on their own Certificate Authority if required.

Have another question? Call us: 0845 838 2080

Legacy Product Information

The following products are 'End of Life' and not subject to further standard release cycles. However, Becrypt can provide extended help desk support if requested by an existing customer. Please contact support@becrypt.com for further information.

  • Advanced Port Control
  • Connect Protect
  • Convex430
  • DISK Protect Baseline
  • DISK Protect Enhanced
  • Media Client
  • mShare
  • tVolution

Get in touch with Becrypt today

First name*

Last name*

Email address*

Phone number*

How can we help?*

By submitting your details you are agreeing that we may communicate with you about Becrypt.
I agree to receive marketing updates regarding relevant products and services from Becrypt. Please refer to our Privacy Policy for more information. You can unsubscribe at any time.