PQC Container Encryption Key Management System | Phio TX-EM
Schedule Demo

Phio TX-EM Datasheet

Explore our singular encryption key
management system, Phio TX-EM.

Phio TX-EM is a specialized FIPS validated container, integrated with Cisco networking platforms. It makes classic encryption quantum safe, enables a smooth PQC migration, and provides the most secure SKIP PQC implementation available, eliminating data leakage. Future-proof your infrastructure with zero downtime and no performance impact.

Download the Data Sheet

Overview

Phio TX® is a key management system that strengthens your encryption, protects data, and helps you implement the latest Post-Quantum Cryptography (PQC) standards for quantum-safe networking. Securing on-premises, hybrid, and cloud networks, the Phio TX® modular architecture enables a seamless integration into existing network infrastructures with minimal disruption to ongoing operations. There is no network performance degradation and no downtime due to cryptography upgrades.

Phio TX® supports standard key management protocols, such as SKIP and ETSI*, enabling drop-in integration without changes to existing router configurations. Phio TX® is available in multiple form factors, including a container version integrated with Cisco networking, secure hardware, and virtualized software appliances.

Phio TX® is the industry’s first NIST-validated FIPS 203 end-to-end PQC solution, enabling Quantum-safe MACsec and IPsec virtual private networks (VPNs).1 All versions of the FIPS 203 ML-KEM algorithm are supported. Phio TX® is also one of the first products to receive NIST validation for the latest FIPS 140-3 cryptographic module standard.2

Cisco Router Native Integration

The Phio TX virtualized container application (Phio TX-EM) hardens SKIP-enabled Cisco networking infrastructure by making classic encryption quantum safe and enables smoother migration to post quantum cryptography. Integrated with Cisco IOS XE and XR routers supporting SKIP and 3rd party containers such as the Cisco Catalyst 8000v, Phio TX-EM consistently supports the network topologies and operating scenarios of the other Phio TX form factors but has the added benefit of over-the-network provisioning, installation, configuration and distribution of Phio TX key management as an integrated process within the network itself. Furthermore, Phio TX-EM keeps SKIP key requests within the cryptographic boundary of the Cisco appliance, making this the most secure SKIP PQC implementation available. This eliminates the possibility of data leakage due to weakly configured and potentially vulnerable external SKIP calls

Certifications
  • UL, CE RoHS, FCC Part 15 Class B
  • NIST 2023 Entropy Source Validation
  • Hardware FIPS 140-3 Level 2
  • FIPS 203 (ML-KEM EncapDecap, KeyGen)
Cisco devices supported
  • IOS XE, XR routers supporting SKIP and 3rd party containers
  • Nexus switches supporting SKIP and 3rd party containers
Key Management Protocols
  • SKIP
  • ETSI QKD GS 104
Crypto-agility
  • Supports the use of multiple algorithms simultaneously
  • Ability to change algorithms on the fly without changes to endpoints or disruption of the data network
  • Failed algorithms no longer a threat — easily switch PQCs, keys, and algorithms on the fly
Key Sources
  • Supports keys from any source, protected by any method (QKD, QRNG, PQC or combination)
Key Delivery
  • Out of Band symmetric key delivery, separate path from data for highest security
  • Continuous key rotation and multipath, intelligent key routing
Key Storage
  • Static private or pre-shared keys that can compromise secrecy are not stored anywhere
  • Ephemeral PQC keypairs are dynamically generated then deleted after each use
Network Performance
  • Zero packet loss, zero latency introduced
Network Models
  • Cloud, hybrid, on-premises
Network Media Type
  • Works across any network media type (wireless, satellite, copper, fiber)
Optimized Network Stack
  • Includes bare minimum essential functionality for minimal attack surface
System hardening
  • Hardened kernel – built-in separation of privilege, non-root management processes, no user processes
  • Hardened binaries
  • Self-protection mechanisms, including input firewall, source IP filter, code-injection attack prevention
  • Command integrity checking at each command execution and system reboot
  • Granular access controls on all PhioTX® services

Tweet
Share
Share
Subscribe to the Quantum Xchange Monthly Newsletter

Quantum Xchange does not share or rent your information to any third parties.