Bridging an Air-Gapped Network

During a Christmas break in 2019, I found this part.

It’s an Arduino shield for 4G/LTE and GPS.

I ordered it, played with it, and integrated it with an Arduino. It was an interesting part, but I had no practical application for it. Then the pandemic hit. Suddenly, I had extra time as my company had us take time off without pay. And a step in our engineering process became much more challenging. We sign artifacts with cryptographic material. We require two person-control of that material. And the signing operation occurs in a small computer room in the office with no network connectivity. The company had us working from home, but engineering staff had to travel to the office to sign our release artifacts.

That part I played with at Christmas now had a purpose. I devised the system shown here.

From a cellphone, a build engineer sends a text message to a receiving system in the computer room at the office. The system signs the artifact when a second build engineer authorizes the same operation. Using a relay switch to control access to a USB flash drive, the system transfers in the artifacts to be signed and transfers out the signed versions. I called the system Pons, Latin for bridge.

I used my unpaid time-off to put the parts together and write the software to receive and process authorization transactions. I had no access to cryptographic material at home, so the end result of a successful operation turned on a light in my prototype system. I prepared a PowerPoint presentation for stakeholders within my organization and made an unsuccessful pitch to gauge interest. I let my idea collect dust until our chief security officer heard about Pons. I explained it to him, and he encouraged me to progress with the idea. We collaborated to expand the process for remote, quorum-based authorization. I submitted a patent memo form on our behalf, and the patent committee approved the idea to go forward. In June 2022, Thales filed a patent application.