Confidential and Proprietary Information. This document contains confidential information belonging to Forward Edge-AI, Inc. and shall not be published, reproduced, modified, copied, disclosed, or used for other than its intended purpose without the express written consent of duly authorized representatives of Forward Edge-AI, Inc.

Forward Edge-AI is committed to enhancing the security of critical infrastructure, including both in-facility systems and remote access via cloud-based storage. The goal is achieved using our cost-effective devices with post-quantum encryption. These devices are designed to protect against advanced cyber threats and safeguard the confidentiality and integrity of sensitive data.

Our sophisticated data-driven analytics algorithm is housed within the Isidore Quantum device, which is crafted for straightforward integration into existing controller chassis. A seamless connection is created through the integration, enabling the Isidore Quantum device to efficiently understand the applications controlled by the controller.

By leveraging artificial intelligence and innovative physics-based modeling, the Isidore Quantum device comprehensively learns the operational dynamics of the system it monitors. Continuous monitoring and precise insights are made possible through this capability, strengthening system management and security.

As cybersecurity threats evolve, the Isidore Quantum device is engineered to update and respond to new challenges both efficiently and effectively, ensuring ongoing protection against both current and future threats. Adaptability and advanced protection make Forward Edge-AI’s solutions essential for modern critical infrastructure, delivering strong security and confidence in a connected environment.

The first Industrial IX Type A Ethernet port on the device and the second USB-C port on the device are assigned as the "red side," representing the trusted zone. The purpose of the zone is to support secure connections to end-user devices or trusted internal network areas that need strong protection.

To establish a connection:

Use an Ethernet cable: Connect your secure “Red side” end-user device or network enclave router/switch to the Isidore device’s “Red side” using an ethernet cable. Data transmitted through the port remains protected and restricted to the trusted internal network under this setup.

The second Industrial IX Type A Ethernet port on the device and the first USB-C port on the device are assigned as the "Black side" of the device, representing the untrusted zone. The purpose of the zone is to handle connections to external or lower-trust networks and devices.

To establish a connection:

Use an Ethernet cable: To link the black side of the device to your switch or router. The configuration manages data flow from less secure or external sources while protecting the integrity of the trusted zone.

Maintaining a clear distinction between these zones is critical for network security. The trusted zone (Red side) should only connect with secure, verified devices, while the untrusted zone (Black side) handles all external connections. The setup reduces the risk of security breaches by isolating potential vulnerabilities in the untrusted zone and strengthening your overall network security.

Each Isidore Quantum® device is carefully inspected and tested by our engineering team prior to shipment. Each unit is verified to meet quality standards, so it is ready for deployment when received.

Upon receiving your devices:

Note: All devices are pre-provisioned with unique node numbers and preloaded firmware to streamline the setup process.

Before integrating the devices into your network:

The Isidore Quantum hub and spoke devices are pre-configured and cryptographically linked, ensuring secure communication and seamless integration.

To easily identify paired devices, each unit is labeled with a product number, as shown in the example with "2". The product number will match between the provisioned devices, confirming they are correctly configured to work together.

To identify whether a device is Node 0, Node 1, Node 2, etc., check the label affixed to the device.

Proper identification of each device’s node number is essential for correct network configuration and overall functionality. The node number determines the IP address of the black-side interface, allowing initial access to the management portal.

Maintaining the integrity of the set of devices provisioned together is crucial for proper routing and initial network setup. By keeping track of this designated set, you can efficiently manage and configure the network, ensuring all devices communicate correctly and securely with their intended counterparts.

Each Isidore device is assigned a unique 16-digit alphanumeric serial number to track product type, hardware/firmware configuration, origin, and production sequence.

IMPORTANT: Ensure proper pairing of the boards for functionality. Please verify that each board is correctly paired with its respective counterpart.

The Isidore Quantum® Encryptors operate as the core of the one-way diode link.
Each encryptor represents one side of the unidirectional channel:

These two encryptors are connected point-to-point through a Layer 2 switch that serves as an Untrusted Zone.
The configuration ensures that data can only flow outward from Node 0 to Node 1 and can never return in the opposite direction.

Physical Wiring Diagram

EUD 1 → Node 0 (TX Only) → Switch (Untrusted Zone) → Node 1 (RX Only) → EUD 2

Data Flow Direction

Path:
Data flows outbound only from EUD 1 → Node 0 (TX) → Switch → Node 1 (RX) → EUD 2.

Path:
The diode’s internal hardware design prevents any electrical or logical signal from traveling in the reverse direction (EUD 2 → EUD 1).
No ARP replies, TCP acknowledgments, or other traffic can return across the link.

End User Devices / Network Enclaves:

For network communication between End User Devices (EUDs) or Network Enclaves through the Isidore device, it is essential that these devices or enclaves be routable to one another. If Isidore were removed from the network, the two enclaves or end user devices would be able to communicate over the network.

The Isidore Quantum® devices were configured and tested in a point-to-point topology to validate unidirectional data transfer. In this setup:

Each node is physically and logically configured to enforce a one-way data flow. This configuration ensures that information originating from Node 0 can be securely transmitted to Node 1, while no data can return in the opposite direction.

System Configuration

The Isidore one-way diode enforces hardware-level unidirectional communication between two networks. Unlike software-based firewalls or logical restrictions, the diode design physically prevents any electrical or optical signal from traveling in the reverse direction.

In simple terms:

Data integrity, isolation, and protection from external access or leakage are ensured through this approach.

To configure or manage the Isidore Quantum® Encryptors, you must first connect your PC to the same subnet as the management interface of the devices. The management network uses the 192.168.0.x subnet by default.

By following these steps, you should be able to successfully configure dual home IP addresses on your Windows machine. Greater flexibility and advanced networking options are enabled through the setup.

Test the Configuration

Once you have configured your computer with the appropriate IP addresses, you can access the management portals for both the node 0 and node 1 by typing the following URLs into your browser. Direct navigation to the management interfaces is enabled by this step, allowing you to view and adjust settings.

For Node 0: Type http://192.168.0.254 into the browser's address bar. You will be directed to node 0’s management portal to update settings, view activity, and manage hub connections.

For Node 1: Enter http://192.168.0.1 in the browser. Accessing the address takes you to node 1’s management portal to adjust and manage client-focused settings and operations.

Using these specific URLs ensures that you are directly accessing the correct device's settings within your network's structure, making it straightforward to manage each device. The method of access is especially effective in environments that require precise control and frequent network setting adjustments.

The Isidore Quantum® one-way diode and PFED architecture enforce unidirectional data flow, meaning traffic can only move in one direction from the transmit (TX) node to the receive (RX) node.

High assurance is provided by the design, preventing any data, acknowledgments, or signals from returning against the flow.

While this guarantees physical-layer security, it also changes how traditional network protocols such as UDP and IP routing—operate across the link.

UDP Transmission Behavior

Under normal bidirectional conditions, UDP packets can be sent freely between two endpoints because both devices can exchange ARP and routing information.
However, when a one-way diode is introduced between PFED-A (TX) and PFED-B (RX):

All unidirectional systems are designed to behave this way.

Routing Requirements

Because the EUD or application on the transmit side expects a normal two-way route, additional routing logic or forwarding configuration may be required in your environment to ensure packets reach the PFED’s transmit interface.
This can be achieved by:

These routing adjustments are handled at the enterprise or integration level they are not a function of the PFED hardware.

Test Results and Interpretation

During system validation, UDP throughput testing was attempted using a point-to-point diode setup.
Because standard routing and ARP exchanges could not occur across the one-way path:

In environments where routing logic is properly implemented (such as with Thunder’s integration plan), the PFED devices can achieve and exceed 50 Mbps one-way UDP throughput, which surpasses the 30 Mbps minimum requirement defined in the acceptance criteria.

Key Takeaway

The one-way diode enforces absolute directionality, so UDP transmission requires additional routing logic on the transmitting enterprise network. Once properly configured, the PFED devices fully support one-way, high-throughput UDP data transfer as part of the Isidore Quantum® secure communication framework.

To maintain your Isidore devices and ensure their longevity, please follow these guidelines:

Temperature and Environment:

Cleaning:

Handling:

Storage:

Usage:

By following these care instructions, you can help ensure the optimal performance and durability of your Isidore devices.

Avoid Submersion: Do not submerge this device in water under any circumstances. Exposure to water beyond the specified resistance level can cause severe damage to internal components, rendering the device inoperable.

Liquid Ingress Warning: Prevent any form of liquid ingress to safeguard the integrity and functionality of the device. Liquid exposure, including water, can lead to corrosion, short circuits, and other detrimental effects, potentially voiding the warranty.

Moisture Management: Minimize exposure to moisture to ensure optimal performance and longevity of the device. Avoid operating or storing the device in high humidity environments and take necessary precautions to shield it from moisture accumulation.

Fire Hazard Awareness: Exercise caution to mitigate the risk of fire hazards associated with the use of this device. Avoid placing the device near open flames, sparks, or sources of intense heat, as combustible materials within the device may pose a fire risk when exposed to elevated temperatures.

Ventilation Requirements: Ensure adequate ventilation during device operation to prevent overheating, which may increase the likelihood of fire incidents. Avoid obstructing ventilation ports, as thermal buildup could lead to fire hazards.

Emergency Preparedness: In the event of a fire involving the device, prioritize personal safety above all else. Immediately disconnect the device from power sources if it's safe to do so and evacuate the vicinity. Utilize appropriate fire extinguishing methods suitable for electronic fires, such as Class C fire extinguishers.

Make sure to read and understand the user manual and all safety guidelines before using the device.

Keep Out of Reach of Children: Small components in the device can be a choking risk for young children. Store the device away from children and pets.

Avoid Extreme Temperatures: Do not expose the device to extreme temperatures, both hot and cold, as it may affect its performance and lifespan.

Use Manufacturer Accessories: Only use manufacturer recommended accessories and replacement parts recommended by the manufacturer to prevent damage to the device and ensure safe operation.

Regular Maintenance: Perform regular maintenance as outlined in the user manual to keep the device in optimal condition and prevent safety hazards.

Proper Handling: Handle the device with care to avoid drops, impacts, and other physical damage that may compromise its integrity and safety.

Unplug During Maintenance: Always unplug the device from power sources before performing any maintenance or cleaning to prevent electrical shock.

Authorized Service Centers: In case of malfunction or damage, seek assistance from authorized service centers or qualified professionals for repairs and servicing.

Report Safety Concerns: If you encounter any safety concerns or abnormalities with the device, cease use immediately and report the issue to the manufacturer or authorized service center for investigation and resolution.

Note: These warnings and safety precautions are provided to promote safe usage and handling of the device. Ignoring these instructions may void the warranty and result in damage to the device or personal harm.

If you need any help or have any questions, our support team is here to assist you. Please use any of the following methods to reach out to us:

Contact Information

For all support inquiries contact Isidore helpdesk via email: [email protected].

Website: https://forwardedge.ai/

Visit our website for more information, including product documentation and for a live chat with a support representative.

Support Hours

Our support team is available during the following hours:

Monday to Friday: 9 AM to 6 PM (EST)

Saturday and Sunday: Closed

Social Media

Stay connected and get support through our social media channels:

Live Chat

For immediate assistance, use our live chat feature on our support website. Maven, our support bot, is ready to help you in real-time during support hours. Just ask Maven!

THE INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE.

LIMITED WARRANTY: IT IS EXPRESSLY AGREED THAT NO WARRANTY OF MERCHANTABILITY, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, NOR ANY OTHER WARRANTY (EXPRESS, IMPLIED OR STATUTORY) IS MADE BY FORWARD EDGE-AI, EXCEPT THAT FORWARD EDGE-AI

WARRANTS THE GOODS TO BE FREE FROM DEFECTS IN MATERIALS AND WORKMANSHIP FOR A PERIOD OF ONE (1) YEAR FROM DELIVERY.

DURING THIS PERIOD, WE WILL REPAIR OR REPLACE, AT OUR DISCRETION, ANY DEFECTIVE PARTS AT NO CHARGE. THIS WARRANTY DOES NOT COVER DAMAGE CAUSED BY MISUSE, ACCIDENTS, UNAUTHORIZED MODIFICATIONS, OR NORMAL WEAR AND TEAR.

IN NO EVENT SHALL FORWARD EDGE-AI OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL OR USE OR MISUSE OF THIS PRODUCT, EVEN IF FORWARD EDGE-AI OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.