Small in size, powerful on security

CommLock Connect protects any IP-enabled device such as computers, SCADA and healthcare equipment, and even mobile platforms with hardware-based security.

CommLock Connect VPN Hardware

The Problem

Today's ever-present cyber threats and endless number of high profile attacks are defeating even the most robust software security solutions. Everything from our financial data, to family healthcare records, to even the equipment that keeps our lights on is exposed to the Internet, securing the Internet of Things is complex.

Many vendors are offering solutions that, at their heart, are software-based Virtual Private Networks (VPNs). These solutions are highly susceptible to software vulnerabilities that could have major impacts to your overall security. They also require a specific operating system on the endpoint to complete their software install, a requirement that many devices (i.e., healthcare equipment, SCADA devices, older computers) simply don't have.

The Solution

Our Rampart tablet was our first product to utilize the CommLock technology. Our latest hardware security module, CommLock Connect, utilizes a hardware-based Root of Trust incorporating software security features, cryptographic isolation, and most importantly, ease of use! With multiple interfacing options, it easily adds high-end network security to any device. CommLock Connect supports both wired and wireless secure network connectivity.

CommLock Connect's flexible architecture allows for it be at the core of many network security solutions. It is designed as a bump-in-the-line (BITL) IP network subsystem receiving unencrypted IP traffic as input and transmitting encrypted IP network traffic as output to a single server. In addition to encrypting the IP network traffic, it also provides an integrated firewall capability.

Contact Charon for a demo today

CommLock logo

What is CommLock Connect?

CommLock Datasheet

Click graphic for full size.

CommLock Connect provides a private, secure, and trusted network channel for data exchange between a client device and the CommLock Server that shields your private cloud / network. A client device can be any device supporting standard wired (Ethernet or USB) or wireless connectivity, such as a desktop, laptop, IP phone, and M2M device.

Once connected through the CommLock Server, the client device has access to any services within your private cloud / network that are set up (e.g., email, instant messaging, VoIP telephony, document sharing, remote desktop, data storage, industrial remote device control/monitoring). CommLock Connect is cryptographically bound to the CommLock Server providing the secure and trusted network connectivity to the private cloud / network architecture.

CommLock diagram

CommLock Connect provides two security functions for the remote client device, network lock down and data packet encryption. The network lock down function provides Internet access security and firewall functionality. The client device will only be able to transmit IP packets to an allowed destination IP address, or fully qualified domain name, and only receive IP packets from allowed source IP addresses. The data packet encryption function provides certificate-based authentication and data encryption (currently 256bit AES ECDH, but this is configurable).

World-class security technology

  • Self-contained hardware-based VPN network security
  • Secure Key/Certificate Management
  • Isolates and protects the host device from malicious network activity
  • Can be deployed as a Bump-In-The-Line or embedded into a client device
  • Simple and flexible interface to host device (i.e. USB, Ethernet, Serial, Wireless)
  • Plug and Play (no cryptographic knowledge required)
  • Reduces Time-to-Market for OEMs requiring network security functionality
  • Secures any IP-based network
  • Small form factor

Who needs CommLock Connect?

Remote Office Networking

Frequent business travelers, US Government personnel, travelers to high-risk locations, and remote employees working sensitive projects are all examples of remote office networking that demand secure communications. In these cases, traversing unknown and untrusted foreign, or even domestic, networks utilizing highly vulnerable software-based tools is exceptionally risky.

CommLock Connect allows for you to easily set up a point-to-point hardware-based VPN connection to a single point in your network.

CommLock diagram

Industrial Device Networking

Networking industrial devices that were never designed for transiting an IP-based network is commonplace these days. Being able to remotely control and monitor industrial equipment to reduce operations and maintenance costs is a requirement in order to meet today's cost conscious consumers. However, industrial network security and protection of these devices from hacking, a known and very serious problem, is extremely difficult as these devices aren't computers that easily accept 3rd party security software. Adversaries are using seemingly benign infrastructure components, such as heating and air conditioning systems, as attack vectors and entry points to attack other networked systems. Industrial markets struggling to secure critical infrastructure include power generation, water treatment, oil and gas pipelines, electrical power transmission, and many others.

As CommLock Connect doesn't require any software to be loaded on the end device, it is perfect for protecting everything from heating, ventilation, and air conditioning units to the nation's most critical electrical distribution grids.

CommLock diagram

Secure Intranet Office Networking / Enclaves

Protecting data in motion over enterprise intranet networks is becoming more important as we have learned in the numerous large data breaches of large publicly traded companies. These breaches show that the attackers have resided in the networks for months, sometimes years, before being found. As these bad actors gain access to the LAN and begin to traverse the network, they many times go laterally across the network.

Protecting data passing through the enterprise LAN segments can be achieved by simply adding CommLock Connect and CommLock Server between two LAN end points, such as a desktop computer and a database server, preventing unauthorized access to data in motion.

CommLock diagram

Interested in learning more about Charon?

We’d like to hear from you.

Charon Technologies, LLC
13615 Dulles Technology Drive
Suite 100
Herndon, VA 20171

[Phone] 703.662.6061
[Email] [email protected]