Last Updated: October 29, 2025
Copyright 2024 - Forward Edge-AI, Inc.
Confidential and Proprietary Information. This document contains confidential information belonging to Forward Edge-AI, Inc. and shall not be published, reproduced, modified, copied, disclosed, or used for other than its intended purpose without the express written consent of duly authorized representatives of Forward Edge-AI, Inc.
1. Overview of Isidore Quantum®: Securing Critical Infrastructures
Forward Edge-AI is committed to enhancing the security of critical infrastructure, including both in- facility systems and remote access via cloud-based storage. This is achieved using our cost-effective, post-quantum encryption devices. These devices are designed to protect against advanced cyber threats and safeguard the confidentiality and integrity of sensitive data.
Our sophisticated data-driven analytics algorithm is housed within the Isidore Quantum device, which is crafted for straightforward integration into existing controller chassis. This integration facilitates a seamless connection, allowing the Isidore Quantum device to efficiently adapt to and understand the specific applications managed by the controller.
By leveraging Artificial Intelligence and innovative physics-based modeling, the Isidore Quantum device comprehensively learns the operational dynamics of the system it monitors. This capability enables it to provide continuous monitoring and deliver precise insights, enhancing system management and security.
As cybersecurity threats evolve, the Isidore Quantum device is engineered to update and respond to new challenges both efficiently and effectively, ensuring ongoing protection against both current and future threats. This adaptability and advanced protection make Forward Edge-AI's solutions crucial for any modern critical infrastructure, providing robust security and positive reassurance in a digitally connected environment.
2. Technical Description
2.1 Identifying the Trust Boundary on the Isidore 50
Figure 1: Identifying the Trust Boundary
2.1.1 Red Side
The first Industrial IX Type A Ethernet port on the device and the second USB-C port on the device are assigned as the "red side," representing the trusted zone. This zone is intended for secure connections to end-user devices or internal network enclaves that require a high level of trust and protection.
To establish a connection:
Use an Ethernet cable: Connect your secure “Red side” end-user device or network enclave router/switch to the Isidore device’s “Red side” using an Use an Ethernet cable: Connect your secure “Red side” end-user device or network enclave router/switch to the Isidore Quantum device’s “Red side” using an ethernet cable. This setup ensures that data transmitted through this port remains secure and confined to the trusted internal network.
2.1.2 Black Side
The second Industrial IX Type A Ethernet port on the device and the first USB-C port on the device are assigned as the "Black side" of the device, representing the untrusted zone. This zone is intended for connections to external networks or devices that may not be fully secure.
To establish a connection:
Use an Ethernet cable: To link the black side of the device to your switch or router. This configuration helps manage data flow from less secure or external sources without compromising the integrity of the trusted zone.
2.2 Importance of Proper Configuration
Maintaining a clear distinction between these zones is critical for network security. The trusted zone (Red side) should only connect with secure, verified devices, while the untrusted zone (Black side) handles all external connections. This setup minimizes the risk of security breaches by isolating potential vulnerabilities to the untrusted zone and enhancing the overall security posture of your network.
2.2.1 Hardware Check
Each Isidore Quantum® device is carefully inspected and tested by our engineering team prior to shipment. This ensures that every unit meets quality standards and is ready for deployment upon arrival.
2.2.1.1 Device Verification
Upon receiving your devices:
Inspect the Hardware – Ensure there is no visible shipping damage or missing components.
Verify Device Count – Confirm that all devices listed in your shipment are present.
Note: All devices are pre-provisioned with unique node numbers and preloaded firmware to streamline the setup process.
2.2.1.2 Power-On Check
Before integrating the devices into your network:
Connect Power – Attach the device to its designated power source.
Switch On – Use the On/Off switch located on the side panel to power the device.
Verify Operation – Confirm that the unit powers on and is functioning as expected. A successful power-on check ensures the device is ready for network configuration.
2.3 Identifying an Isidore Pair
The Isidore Quantum hub and spoke devices are pre-configured and crypto-graphically linked, ensuring secure communication and seamless integration.
To easily identify paired devices, each unit is labeled with a product number, as shown in the example with "2." The product number will match between the provisioned devices, confirming they are correctly configured to work together.
Figure 2: Isidore Product Number
2.3.1 Identifying the Node Number
To identify whether a device is Node 0, Node 1, Node 2, etc., check the label affixed to the device. Example:
Figure 3: Node Number
Proper identification of each device’s node number is essential for correct network configuration and overall functionality. The node number determines the IP address of the black-side interface, allowing initial access to the management portal.
Maintaining the integrity of the set of devices provisioned together is crucial for proper routing and initial network setup. By keeping track of this designated set, you can efficiently manage and configure the network, ensuring all devices communicate correctly and securely with their intended counterparts.
2.3.2 Product Identification Label
Figure 4. Identification Label
2.3.2.1 Serial Number (SN) Format
Each Isidore device is assigned a unique 16-digit alphanumeric serial number to track product type, hardware/firmware configuration, origin, and production sequence.
Example Serial Number: ISI22A0806UAZZ000123
IMPORTANT: Ensure proper pairing of the boards for functionality. Please verify that each board is correctly paired with its respective counterpart.
3. Isidore Connectivity Explained
Figure 5: Wired Connection
The wired configuration of the device involves connecting to the untrusted network using an Industrial IX Type A Ethernet cable. The design supports consistent and dependable data transmission between devices. By utilizing this Ethernet connection both the hub (Node 0) and the client (Node 1) will be able to seamlessly discover and communicate with each other over the network.
Hub vs. Client Roles Across Trusted (Red) and Untrusted (Black) Zones
Hub (Node 0) vs. Client (Node 1): |
|
Zone Identification: |
|
Black Side vs. Red Side: |
|
End User Devices / Network Enclaves:
For network communication between End User Devices (EUDs) or Network Enclaves through the Isidore device, it is essential that these devices or enclaves be routable to one another. If Isidore were removed from the network, the two enclaves or end-user devices would be able to communicate over the network.
4. Isidore Communication
4.1 Bi-Directional Configuration
Isidore operates in a bi-directional network, with traffic flowing in both directions. To satisfy requirements where Isidore is deployed in a unidirectional network configuration. This is the default Isidore setup and no additional configuration steps are needed.
Figure 6: Bi-directional network.
4.2 Uni-Directional Configuration
Certain high security requirements in a military environment require one-way network communication. In such a configuration, Isidore can function as a One-Way Diode device on the RED network side. The configuration uses a special RED-side setup that allows the RED side to send data but prevents it from receiving data from the Isidore device.
Figure 7: Uni-directional configuration.
With this configuration, communication on the RED side will be strictly unidirectional, whereas that on the BLACK side will still be bidirectional, as required by cryptography.
5 Accessing the Management Portal
The Isidore Hub is designated as Node 0, with the default IP address 192.168.0.254, and the Isidore Client is designated as Node 1, with the default IP address 192.168.0.1. If additional nodes are added, you would simply increment the last octet of the IP address by one.
For example:
Node 2: 192.168.0.2
Node 3: 192.168.0.3, and so on.
This default configuration allows for easy testing of the devices by linking them together via the Black side Ethernet interfaces using an Ethernet cable. Once the devices are powered on, they will establish a secure tunnel between each other. No unencrypted traffic will traverse the interconnect—not even a public, unencrypted handshake transaction. The Isidore Management Portal is also continually evolving to improve functionality and user experience. As such, its features and interface are subject to change.
You can connect to the Black Side Management Portal in multiple ways:
Direct Connection: Plug each encryption device into your computer via Ethernet, one at a time, to access the portal.
Switch Connection: Connect your computer and both encryption devices using a switch via Ethernet for simultaneous access to the Management Portal.
Node 0 Device Configuration:
Assign an IP address within the range 192.168.0.1 to 192.168.0.255 to the interface connecting to the Hub (Node 0) Isidore device (default IP: 192.168.0.254).
Node 1 Device Configuration:
Assign an IP address within the range 192.168.0.1 to 192.168.0.255 to the interface connecting to the Client (Node 1) Isidore device (default IP: 192.168.0.1).
For additional nodes, ensure each device is configured with a unique IP address that follows an incremental pattern (e.g., 192.168.0.2, 192.168.0.3, etc.).
Figure 8: Device Configuration
To access the Management Portal of your nodes, connect all the nodes you wish to manage to a switch using their Black side Ethernet interfaces. Then, connect your computer to the same switch and assign the computer an IP address, such as 192.168.0.50, ensuring this IP address is not already in use by any of the nodes.
Using your computer:
Connect to the switch using an Industrial IX to Ethernet cable.
Use your computer to access the Management Portals of the nodes one at a time by entering their respective IP addresses (e.g., 192.168.0.254 for the Node 0 or 192.168.0.1 for the Node 1) into a web browser.
This setup allows you to efficiently manage and configure all connected nodes from a single device.
5.1 Changing the IP Address of Your Computer
To access the Management Portal, you will need to change the IP address of your computer to match the required network configuration. This is done to ensure proper communication between your system and the encryption device. Here is how to do it:
Steps to Configure your IP Addresses on Windows
Step | Description |
1.0 | Open Network and Sharing Center:
|
2.0 | Open Adapter Settings:
|
3.0 | Open IPv4 Settings:
|
4.0 | Configure the IP Address:
 |
5.0 | Save and Apply Settings:
|
Troubleshooting
IP Conflicts: Ensure that the second IP address does not conflict with any other device on the network.
Network Segmentation: Ensure that the network segments (subnets) are correctly configured to avoid routing issues.
Firewall Rules: Adjust firewall rules if necessary to allow traffic through the second IP address.
By following these steps, you should be able to successfully configure dual home IP addresses on your Windows machine. Greater flexibility and advanced networking options are enabled through this setup.
Test the Configuration
Once you have configured your computer with the appropriate IP addresses, you can access the management portals for both node 0 and node 1 by typing the following URLs into your browser. Direct access to the management interfaces is enabled by this step, allowing you to monitor and adjust settings
For Node 0: Type http://192.168.0.254 in the browser. This address leads to node 0’s management portal allows you to configure settings, track activity, and control hub-side connections.
For Node 1: Type http://192.168.0.1 in the browser. This address leads to node 1's management portal, providing access to configure and manage the client-specific settings and operations.
Using these specific URLs ensures that you are directly accessing the correct device's settings within your network's structure, making it straightforward to manage each device. This method of access is particularly effective in environments where precise control and quick adjustments to the network settings are regularly required.
5.2 Point-to-Point Topology
Step | Description |
1.0 | Enter the device’s IP address in a web browser to access the management portal. If a security warning appears indicating the connection is not private, select Advanced, then select Proceed to Unsafe to continue
 |
2.0 | Enter the device’s IP address in a web browser to access the management portal. If a security warning appears indicating the connection is not private, select Proceed to Unsafe to continue. |
3.0 | After navigating to the portal, you will be prompted to log in. Default Credentials: Username: admin Password: 123qwe
 |
4.0 | Each node has a dedicated management portal:
The dashboard serves as the central interface for managing and monitoring all black-side operations of the device.
|
5.0 | From the dashboard, locate the Channel Number under the Action column. Select the three-dot menu and click Edit PFED Attributes. Here, you can set the Protocol, Remote Gateway, and Remote Port. In a Hub-and-Spoke configuration, spoke devices should use the Node 0 device IP as their gateway.
 |
6.0 | This view demonstrates how to configure the device to operate within your network environment. Once the network settings are changed, you must refresh the device.
Configuring the Isidore Device in your Network |
7.0 | Displays real-time PFED logs for monitoring system activity, troubleshooting, and verifying operational status.
PFED System Log Viewer |
8.0 | Displays the operational status of the PFED. If the system is functioning properly, the status will display as Active. This allows quick verification that the device is online and communicating correctly.
Checking PFED Status |
9.0 | Provides direct command-line access to the device for advanced configuration, diagnostics, and troubleshooting. Note: Terminal is best displayed in the Microsoft Edge browser.
 Accessing the Terminal |
10.0 | Allows the device to be restored to its factory default state, clearing configurations and returning it to its original setup.
PFED Factory Reset |
6. Network Topology Configurations
The Isidore Quantum encryption platform is designed to operate flexibly across a range of network topologies to support secure, quantum-resistant communications in diverse mission environments. It can be configured for point-to-point, point-to-multipoint, and full mesh deployments, depending on the operational requirements.
In point-to-point configurations, Isidore Quantum devices establish a direct, encrypted channel between two nodes, optimized for low-latency, high-assurance communication between isolated endpoints.
In point-to-multipoint (star) topologies, a central Isidore Quantum node (hub) communicates securely with multiple client nodes (spokes), ideal for centralized control or uplink/downlink scenarios in ground-to-satellite operations.
In mesh network configurations, Isidore Quantum devices dynamically form peer-to-peer encrypted links with multiple nodes, enabling distributed routing, redundancy, and resilient data flow in contested or infrastructure-less environments.
Each setup leverages the Protocol-Free Encryption Device (PFED) core and channel management capabilities to ensure secure data exchange regardless of the underlying transport or routing scheme. Note that PFED and Isidore Quantum are used interchangeably, but have the same meaning.
6.1 Point to Point Topology
In a point-to-point setup—also referred to as a hub-and-spoke configuration—the Isidore Quantum devices establish a direct, secure communication channel between two designated nodes: Node 0 (Hub) and Node 1 (Client/Spoke). This architecture is well-suited for environments requiring dedicated, low-latency, and high-assurance communication between two endpoints, such as secure site-to-site links or isolated ground-to-orbit transmissions.
Figure 9: Configuration for Point to Point
Upon deployment, users will receive two pre-configured Isidore Quantum devices:
Node 0 (Hub): Serves as the central node, initiating and maintaining the encrypted session.
Node 1 (Client): Operates as the connected endpoint, paired with the hub to complete the secure link.
Once powered and connected to their respective networks, the Isidore Quantum devices automatically form a secure point-to-point channel, ensuring all communication remains encrypted and confined to the authorized endpoints. This setup offers a straightforward and robust solution for secure, two-node communication.
6.2 Hub and Spoke Configuration
In a point-to-multipoint configuration, the Isidore Quantum devices are deployed in a hub-and- spoke topology where one central node (Node 0 – Hub) securely communicates with multiple remote nodes (Node 1, Node 2, Node 3, etc. – Clients). This setup is optimal for scenarios that require centralized control or data distribution, such as secure command-and-control environments, broadcast-style communications, or ground station uplinks to multiple space assets.
Figure 10: Hub and Spoke Configuration
Upon deployment, users will receive one Isidore Quantum device configured as the hub and multiple devices configured as clients. Each client is pre-paired with the hub to establish independent encrypted channels for data exchange. Key characteristics of this configuration include:
Centralized Encryption Management: The hub manages all PFED channel handshakes, ensuring that each client connection remains isolated and secure.
Scalable Architecture: Additional clients can be integrated without impacting existing secure links.
Efficient Broadcast Support: The hub can securely send the same data to multiple clients or receive data from each client over encrypted, isolated tunnels. The Isidore Quantum devices use PFED software to create and maintain these encrypted tunnels without relying on conventional network protocols. Once connected, each client automatically authenticates with the hub, forming a dedicated secure path. Communication between client nodes is not permitted in this topology, ensuring that all data is routed through the central hub for control, monitoring, and assurance.
This configuration is ideal for distributed operations requiring centralized command, secure multicast communications, or secure data collection from multiple remote endpoints.
6.3 Mesh Configuration
In a mesh configuration, Isidore Quantum devices are deployed in a decentralized topology where each node can establish secure, encrypted communication channels with multiple peer nodes in the network. This configuration supports resilient, distributed communication and is ideal for dynamic, contested, or infrastructure-limited environments such as tactical edge operations or space-based mesh networks.
Mesh communications within the Isidore Quantum system are initiated starting from Node 1, which is pre-configured to actively seek out and establish encrypted connections with other authorized nodes (e.g., Node 2, Node 3, etc.). Each Isidore Quantum device in the mesh acts as both a sender and receiver, enabling peer-to-peer encrypted tunnels through PFED software without reliance on traditional protocols or centralized infrastructure.
Key characteristics of the mesh configuration include:
Dynamic Link Establishment: Channels are created on demand, allowing adaptive routing and flexible communication paths.
Redundancy and Fault Tolerance: If one node or link fails, the network can dynamically reroute traffic through alternate secure paths.
Decentralized Architecture: Each node manages its own secure communication channels, eliminating any single point of failure. Each secure tunnel is isolated and uniquely configured, maintaining end-to-end confidentiality, integrity, and authenticity of transmitted data. This topology is particularly suited for applications requiring autonomous network formation, real-time adaptability, and resilient communications across rapidly changing operational environments.
7. Multi-Channel Configuration
The Isidore Quantum system supports a robust multi-channel architecture, enabling each node to simultaneously manage multiple encrypted communication links. This capability is essential for mission environments requiring secure, parallel data exchange across multiple nodes using dynamic network topologies such as mesh, point-to-point, and point-to-multipoint. Each channel functions as an isolated, protocol-free tunnel using PFED software, ensuring strict confidentiality and channel-level isolation.
� Important Note: Red-side Management on the Isidore Quantum devices must currently be performed via UART console access. A graphical user interface (GUI) is in development and will be available in a future release; however, until then, it is strongly recommended that this configuration be completed by a certified Forward Edge-AI engineer. Improper configuration may result in misaligned channels, failed communication links, or compromised encryption integrity.
8. Isidore Firewall
The firewall in the Isidore integration acts as a protocol break between two of the processing units. This isolation boundary consists of two stages, offering a more precise definition. It operates as a near-perfect firewall with a rule of one.
8.1 Isidore Processing Units
It is important to understand that Isidore has three independent processing units. These processing units are independent CPUs and do not share memory. Processing Units 1 & 2 are inside the secure network on the RED side. Processing Unit 3 is in the unsecure network on the BLACK side. A physical trust boundary separates processing units 2 & 3.
Figure 11: Processing Units
8.2 Packet Processing (Stage 1)
Processing Unit 2 first examines the incoming packets from Processing Unit 3 to determine if they meet the correct format, protocol, address, and other metadata criteria. This is achieved through a packet filter designed to ensure that only compliant packets are allowed through.
8.3 Filter Operation
The filter operates at the bottom of the network stack of Processing Unit 2, immediately after the packet leaves the network interface and before it enters the network stack. Only packets with a specific Ethernet type are accepted. Processing Unit 3 translates incoming Internet packets into ones with the required Ethernet frame. This ensures that any packets not matching the specified Ethernet type are automatically rejected.
8.4 Built-in Logic
The filtering logic is embedded within the system and is not configurable by the user.
This means:
Static Rules: Packets that do not match the required Ethernet type are automatically dropped. This built-in rule ensures a consistent high level of security
Security Implications: If an attacker gains access to Processor 3, they could potentially generate a valid packet with the correct Ethernet type, which the system would then accept. However, this scenario is mitigated by the subsequent encryption layer.
8.5 Encryption Layer (Stage 2)
The second critical layer involves robust encryption to further secure the packets:
Direct Packet Handling: Once a packet is accepted based on the Ethernet type, it is not processed by Processing Unit 2’s network stack. Instead, it is directly passed to the application for decryption.
Decryption and Integrity Checks: The application decrypts the packet and performs integrity checks. These checks verify that the packet has not been tampered with. If these checks pass, the packet is forwarded to Processing Unit 1, where a cryptographic hash is performed to ensure further integrity and authenticity.
8.6 Security Measures
For an attacker to bypass the firewall, they must overcome several layers of security:
Correct Port: The packet must be sent to the correct port.
Correct Format: The packet must adhere to the specified format.
Decryption Key: The attacker must possess the correct decryption key.
This multi-layered approach provides a nearly impenetrable barrier against unauthorized access, ensuring the integrity and security of the EUD.
9 Maintenance and Care
Warning: Safety Guidelines for Isidore Devices
Please read the following warnings, precautions, and safety guidelines carefully before using this device. Failure to adhere to these instructions may result in damage to the device, personal injury, or property damage.
To maintain your Isidore devices and ensure their longevity, please follow these guidelines:
Temperature and Environment:
Keep devices in a cool, dry area away from direct sunlight.
Avoid exposing devices to extreme temperatures and humidity.
Ensure devices are stored in a stable clean environment, free from dust and debris.
Cleaning:
Clean devices regularly with a soft, dry cloth.
Avoid using harsh chemicals or abrasive materials near the devices.
Ensure devices are powered off and unplugged before cleaning.
Handling:
Handle devices with care to avoid drops or physical damage.
Do not overload power outlets or use faulty extension cords to power devices.
Ensure all cables are securely connected and in good condition. Replace any damaged cables immediately.
Storage:
Store devices in their original packaging when not in use for extended periods.
Keep devices away from magnetic fields and electronic interference.
Usage:
Follow the guidelines for optimal usage and performance.
Allow adequate ventilation around devices to prevent overheating.
By following these care instructions, you can help ensure the optimal performance and durability of your Isidore devices.
9.1 Water Damage
Avoid Submersion: Do not submerge this device in water under any circumstances. Exposure to water beyond the specified resistance level can cause severe damage to internal components, rendering the device inoperable.
Liquid Ingress Warning: Prevent any form of liquid ingress to safeguard the integrity and functionality of the device. Liquid exposure, including water, can lead to corrosion, short circuits, and other detrimental effects, potentially voiding the warranty.
Moisture Management: Minimize exposure to moisture to ensure optimal performance and longevity of the device. Avoid operating or storing the device in high humidity environments and take necessary precautions to shield it from moisture accumulation.
9.2 Flammability
Fire Hazard Awareness: Exercise caution to mitigate the risk of fire hazards associated with the use of this device. Avoid placing the device near open flames, sparks, or sources of intense heat, as combustible materials within the device may pose a fire risk when exposed to elevated temperatures.
Ventilation Requirements: Ensure adequate ventilation during device operation to prevent overheating, which may increase the likelihood of fire incidents. Avoid obstructing ventilation ports, as thermal buildup could lead to fire hazards.
Emergency Preparedness: In the event of a fire involving the device, prioritize personal safety above all else. Immediately disconnect the device from power sources if it's safe to do so and evacuate the vicinity. Utilize appropriate fire extinguishing methods suitable for electronic fires, such as Class C fire extinguishers.
9.3 Safety Precautions
Make sure to read and understand the user manual and all safety guidelines before using the device.
Keep Out of Reach of Children: This device may contain small parts and components that pose a choking hazard to young children. Keep out of reach of children and pets.
Avoid Extreme Temperatures: Do not expose the device to extreme temperatures, both hot and cold, as it may affect its performance and lifespan.
Use Manufacturer Accessories: Only use manufacturer recommended accessories and replacement parts recommended by the manufacturer to prevent damage to the device and ensure safe operation.
Regular Maintenance: Perform regular maintenance as outlined in the user manual to keep the device in optimal condition and prevent safety hazards.
Proper Handling: Handle the device with care to avoid drops, impacts, and other physical damage that may compromise its integrity and safety.
Unplug During Maintenance: Always unplug the device from power sources before performing any maintenance or cleaning to prevent electrical shock.
Authorized Service Centers: In case of malfunction or damage, seek assistance from authorized service centers or qualified professionals for repairs and servicing.
Report Safety Concerns: If you encounter any safety concerns or abnormalities with the device, cease use immediately and report the issue to the manufacturer or authorized service center for investigation and resolution.
Note: These warnings and safety precautions are provided to promote safe usage and handling of the device. Ignoring these instructions may void the warranty and result in damage to the device or personal harm.
10 FEAI Customer Support
If you need any help or have any questions, our support team is here to assist you. Please use any of the following methods to reach out to us:
Contact Information
For all support inquiries contact Isidore helpdesk via email: [email protected].
Website: https://forwardedge.ai/
Visit our website for more information, including product documentation and for a live chat with a support representative.
Support Hours
Our support team is available during the following hours:
Monday to Friday: 9 AM to 6 PM (EST)
Saturday and Sunday: Closed
Social Media
Stay connected and get support through our social media channels:
Instagram: https://www.instagram.com/forwardedgeai/
Twitter: https://twitter.com/ForwardEdgeAI
Live Chat
For immediate assistance, use our live chat feature on our support website. Maven, our support bot, is ready to help you in real-time during support hours. Just ask Maven!
GLOSSARY OF KEY TERMS
ACRONYM | DEFINITION |
EU | Encryption Unit |
EUD | End User Device |
IX | Industrial Ethernet (Type A connector used for ruggedized networking) |
NID | Network Interface Device |
PFED | Protocol-Free Encryption Device (Isidore’s code name at the NSA) |
PKI | Public Key Infrastructure |
SWaP | Size, Weight, and Power |
Red Side | Trusted, secure internal network zone of the device |
Black Side | Untrusted external network zone of the device |
Hub (Node 0) | Central node responsible for initiating and maintaining encrypted sessions |
Client (Node 1, 2, …) | Endpoint nodes paired with the hub for secure communication |
Node Number | Unique identifier (0, 1, 2, …) assigned to each Isidore device for addressing |
Isidore Pair | Pre-configured and cryptographically linked hub-and-client devices |
Management Portal | Web-based interface used for configuration and monitoring of nodes |
Trust Boundary | Physical and logical separation between secure (Red) and unsecure (Black) processing units |
Processing Units (PU1, PU2, PU3) | Independent CPUs within the device, separated by security boundaries |
Encryption Layer | Cryptographic mechanism ensuring confidentiality, integrity, and authenticity of packets |
Unidirectional Configuration (One-Way Diode) | Network setup allowing traffic to flow only one way (typically Red → Black) |
Bi-Directional Configuration | Default setup allowing two-way communication between Red and Black |
Channel Assignment | Allocation of communication channels to nodes for encrypted links |
Point-to-Point Topology | Direct, secure communication channel between two designated nodes |
Hub-and-Spoke Topology | One hub node communicating securely with multiple client nodes |
Mesh Configuration | Decentralized topology where each node establishes encrypted peer-to-peer links |
PFED System Log Viewer | Monitoring tool for system activity, troubleshooting, and verifying operational status |
Factory Reset | Process to restore the Isidore device to its original configuration and clear settings |
THE INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE.
LIMITED WARRANTY: IT IS EXPRESSLY AGREED THAT NO WARRANTY OF MERCHANTABILITY, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, NOR ANY OTHER WARRANTY (EXPRESS, IMPLIED OR STATUTORY) IS MADE BY FORWARD EDGE-AI, EXCEPT THAT FORWARD EDGE-AI WARRANTS THE GOODS TO BE FREE FROM DEFECTS IN MATERIALS AND WORKMANSHIP FOR A PERIOD OF ONE (1) YEAR FROM DELIVERY.
DURING THIS PERIOD, WE WILL REPAIR OR REPLACE, AT OUR DISCRETION, ANY DEFECTIVE PARTS AT NO CHARGE. THIS WARRANTY DOES NOT COVER DAMAGE CAUSED BY MISUSE, ACCIDENTS, UNAUTHORIZED MODIFICATIONS, OR NORMAL WEAR AND TEAR.
IN NO EVENT SHALL FORWARD EDGE-AI OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL OR USE OR MISUSE OF THIS PRODUCT, EVEN IF FORWARD EDGE-AI OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.