The following products are 'End of Life' and not subject to further standard release cycles. However, Becrypt can provide extended help desk support if requested by an existing customer. Please contact support@becrypt.com for further information.
Paradox support and maintenance contracts are currently available through to 31st December 2026. Please contact support@becrypt.com to discuss additional support and maintenance requirements.
Paradox support and maintenance contracts are currently publicised as available through to 31st December 2026.
Becrypt use a code-signing certificate to sign all Paradox OS Updates. BEM will not load OS updates or applications signed with an expired or invalid code signing certificate.
Paradox devices cryptographically validate that an OS Update has been issued by a trusted source by checking an update has been signed by a valid Becrypt certificate. OS update signing allows the Paradox device to ensure no tampering or corruption has occurred during transit. This prevents an attacker from sending a fake or malicious update, or to corrupt an update so it will not install.
If an update is rejected due to failing authentication or integrity checks, the event is reported to BEM over a secure (encrypted) channel. This allows an administrator to investigate and put in place appropriate mitigations. A remote attacker with no access to the management network will not have visibility of update failure.
Becrypt Enterprise Manager (BEM) simplifies the provision of OS updates and allows their deployment as a single administrative action once loaded within BEM. BEM allows the rollout of OS updates to be staged across an organisation by designated device groups.
Paradox prevents attackers from masquerading as a legitimate device to intercept or manipulate communicated data. Communication with BEM uses TLS with mutual authentication. Paradox supports 802.11X authentication for controlled access to networks preventing an attacker from spoofing a device, or causing the device to share sensitive data.
Paradox supports OUATH2, API signatures and 802.1x. Additional protocols may be configured by request.
Paradox supports certificate-based device authentication leveraging the TPM. Hardware-backed user authentication may be enabled through the use of physical tokens (e.g. Yubikeys) for secondary user authentication.
Firmware updates are validated using cryptographic signatures. The Paradox operating system image is integrity protected using cryptographic signatures and hash trees to ensure that it is only modifiable through an update process combined with the relevant signature.
Secure boot ensures that the operating system cannot be corrupted or compromised, enforced through bootloader validation of TPM register outputs.
The device is deployed by an organisation via their MDM (BEM) platform and once provisioned is instantly protected as no third-party software is required to be installed.
Cryptographic integrity checks of applications are performed as applications are executed.
Cryptographic integrity checks of policy updates are enforced to ensure they originate from a trusted management server.
Optionally, third-party antivirus software may be deployed.
Paradox undertakes device health measurements during system start. A remote attestation protocol has been implemented to allow a remote authentication service to validate device health and inform subsequent access control policies.
The remote attestation protocol and supporting device health measurement architecture is full documented and available for prospective customer review.
Paradox employs secure boot, followed by a TPM-backed trusted boot process to cryptographically validate the integrity of firmware, boot components and all operating system components including 3rd party binaries and drivers.
Evidence of an unsafe boot is available to Paradox and the device management software.
Paradox undertakes device health measurements during system start. A remote attestation protocol has been implemented to allow a remote authentication service to validate device health and inform subsequent access control policies.
The Paradox device management platform (BEM) is used to deploy authorised (signed) applications, allowing organisations to restrict trust in applications as appropriate e.g. Becrypt applications, VPN clients, VDI clients. Unauthorised applications will fail to execute on a Paradox device.
Becrypt provide the facility to allow organisations to sign their own applications (and operating system components) based on their own Certificate Authority if required.
The following products are 'End of Life' and not subject to further standard release cycles. However, Becrypt can provide extended help desk support if requested by an existing customer. Please contact support@becrypt.com for further information.