The standard product variant for laptops, desktops and thin clients is referred to as simply Paradox (or Paradox USB when installed to and launched from a USB device).
Paradox SE is a variant of Paradox that mandates specific security controls, such as 2FA and customer CAs.
Paradox is designed to be deployed on x86 based hardware, and can run on lower power small form factor devices (such as Intel NUCs) through to high spec laptops and desktops.
Paradox inherits a broad range of hardware support by leveraging drivers used by the Debian (Ubuntu) Linux distribution.
Specific laptop models used for product test are listed within product release notes (see product news release items).
We can not provide an exhaustive list of all hardware supported, so if you have specific needs, please get in touch.
Currently there are no formal product certification schemes appropriate for Paradox.
NCSC have published a set of Device Security principles against which Paradox has been assessed, and a report can be provided on request.
Within government and defence, Paradox deployments are therefore accredited on a per project deployment. Further information regarding existing accreditations can be provided on request.
Becrypt remain engaged with and are supporting government initiatives that intend to provide new routes for product assurance.
Paradox is managed via the Becrypt Enterprise Manager (BEM) web app. We regularly review our customer’s experiences with BEM and managing devices so we can ensure that the management aspect is as easy as possible.
To register and install a new Paradox device can take a maximum of 15 minutes.
The BEM Server will require a minimum of 8gb memory, 80gb disk and 2 CPUs.
We aim to release a new OS updates every few months. App updates on the other hand are done when they are required. Our support team will contact you when any newer OS versions are released, and any relevant updates for apps along with the details of the improvements.
Below table gives indicative figures (in kilobytes):
https://www.becrypt.com/wp-content/uploads/2024/09/paradoxtraffic.jpg
The BEM Console supports five administrative roles:
• Super User, who manages the organisation’s assets and can access all functionality
• Operator, who can access all User and Devices functionality.
• Help Desk Admin, who can Wipe and delete iOS devices.
• Registrator, whose credentials are used to register certain device types to BEM, and who cannot access the BEM Console.
• SE Device Group Operator, who can manage the allocation of Paradox SE devices to Device Groups
Remote Attestation is the process of providing proof that the underlying device operating system is intact and trustworthy. It is also a mechanism for software to prove its identity. BEM trusts that the attestation data is accurate because it is signed by a Trusted Platform Module whose key is certified by an Attestation Certificate Authority.