I. Core Positioning of the Solution
Piesia focuses on the core demands of network security: "Trusted Foundation, Comprehensive Protection, Compliance and Control, and Intelligent Response." Based on the product philosophy of "Native Security Hardware Matrix + Deep Integration of National Cryptographic Algorithms + All-Scenario Collaborative Protection," we create exclusive network security solutions. The solution uses trusted computing motherboards, industrial security gateways, and terminal security industrial control computers as core carriers, covering both Intel x86 and domestic Phytium dual-architecture platforms. It deeply integrates key technologies such as hardware trust roots, national cryptographic dual-certificate encryption, AI threat detection, and industrial-grade isolation protection. It is widely applied in industrial control, government networks, financial payments, energy and power, and other fields, providing enterprises and critical information infrastructure with full-link network security hardware support and system adaptation solutions from chip to application.
II. Core Products and Technological Advantages
1. Native Security Hardware Architecture, Building a Trusted Foundation
• Hardware Trust Root Integration: Adopting a native security design concept, integrating heterogeneous multi-core security chips and TEE trusted execution environment, building a security system from the chip level, and resisting malicious attacks through a dynamic "defense formation." The failure rate is reduced by 99% compared to traditional hardware, achieving kernel-level security without the need for additional protection equipment;
• Dual-Architecture Trusted Support:
◦ Intel Platform: Equipped with 13th generation Core/Xeon processors, integrating SGX trusted execution technology, supporting memory encryption and code isolation, and capable of building an independent security domain to run core encryption algorithms and sensitive applications;
◦ Domestic Platform: Based on the Phytium Tenglong E2000Q processor, adapted to Kylin/Tongxin secure operating systems, with a built-in national cryptographic compliant security module, achieving full-stack independent control of hardware, system, and algorithms, meeting the security needs of critical information infrastructure;
• Firmware Security Protection: Supports Secure Boot, with a built-in firmware integrity verification mechanism to prevent firmware tampering and malicious injection, complying with the configuration management requirements in the "Guidelines for Network Security Protection of Industrial Control Systems." 2. Deep Adaptation of National Cryptographic Algorithms, Ensuring Compliant Encryption
• National Cryptographic/RSA Dual Certificate Deployment: Fully supports the SM2/SM3/SM4 national cryptographic algorithm system, compatible with the RSA international algorithm, achieving adaptive switching between dual certificates. This ensures encrypted communication in both national cryptographic browsers and general browsers, meeting the compliance requirements of the "Cryptography Law" and the "Management Measures for Security Assessment of Commercial Cryptographic Applications";
• Full-Link Encrypted Transmission: Integrates a hardware encryption engine to provide end-to-end encryption for network communication, data storage, and device interaction. It supports the construction of IPsec/SSL VPN secure tunnels, ensuring the integrity and confidentiality of sensitive information transmission such as industrial control and government data, and complying with the GB/T 25070-2019 communication security level requirements;
• Secure Key Management: Built-in hardware key storage module supports the full lifecycle management of key generation, backup, and rotation, preventing key leakage and theft, and is suitable for high-strength encryption scenarios such as financial payments and cross-border data transmission.
3. Comprehensive Protection Across All Scenarios, Covering Diverse Security Needs
• Industrial Control Security Protection:
◦ Supports asset inventory and hierarchical protection of industrial control systems such as PLC, DCS, and SCADA. It features a built-in industrial protocol deep parsing engine (compatible with Modbus, Profinet, etc.) to achieve abnormal command interception and malicious attack blocking;
◦ Provides terminal protection functions such as USB port control and wireless interface shielding, configures account permissions following the principle of least privilege, and closes unnecessary ports and services, meeting the requirements for industrial control security host and terminal protection;
• Boundary Isolation and Access Control:
◦ Integrates industrial firewall and network gateway functions to achieve vertical isolation between the industrial control network, management network, and the internet. It supports zone-based management and bidirectional device authentication to prevent unauthorized access and lateral penetration;
◦ Strictly controls remote access, implementing two-factor authentication and access range restrictions for necessary services such as RDP and Telnet. Log retention time is no less than six months, meeting audit and traceability requirements;
• Terminal and Data Security:
◦ Supports application software whitelisting technology, allowing only authorized programs to run. It features a built-in anti-virus hardware acceleration engine to improve the efficiency of malicious code detection and removal, preventing ransomware and other network threats;
◦ Achieves data classification and hierarchical protection, supporting local storage and off-site backup of important data. Combined with disaster recovery mechanisms, it ensures data recoverability in extreme situations, complying with the requirements of the "Data Security Law".
4. Intelligent Collaboration and Response, Enhancing Security Operations Efficiency
• AI Threat Detection Capabilities: Integrating NPU computing power with a peak of 80 TOPS, running AI algorithms for abnormal traffic identification and vulnerability exploitation detection, enabling real-time detection of covert attacks and unknown threats with a detection accuracy of ≥99.2% and a response delay of <50ms;
• Comprehensive Collaborative Protection: Supports Security Orchestration, Automation and Response (SOAR) technology, enabling unified management of security devices and policy linkage, adapting to the distributed protection architecture of industrial cloud platforms, edge nodes, and terminal devices, building a "cloud-edge-endpoint" collaborative security system;
• Visualized Operation and Maintenance Management: Provides an integrated platform for security status monitoring, risk warning, and incident tracing, supporting automated execution of asset inventory, vulnerability scanning, and compliance checks. After deployment in an industrial enterprise, the efficiency of security incident handling increased by 70%.
III. Typical Application Scenarios
1. Industrial Control System Security Scenario
• Application Requirements: Requires protection of industrial control equipment, protocol parsing, and boundary isolation to prevent malicious attacks and unauthorized operations, meeting industrial control security compliance requirements;
• Core Hardware: Piesia Industrial Security Gateway (domestic Phytium platform) + Trusted Computing Module;
• Application Highlights: Supports parsing of 1000+ industrial protocols, enabling PLC instruction whitelisting and real-time alerting of abnormal behavior. After deployment at an energy power plant, it successfully blocked 3 targeted attacks, achieving 100% compliance;
• Core Value: Ensures the continuity of industrial production, meets the requirements of industrial control security protection guidelines, and avoids the risk of production interruption.
2. Government Network Security Scenario
• Application Requirements: Requires data transmission encryption, access control, and domestic adaptation to meet Level 3 security protection and national cryptographic compliance requirements;
• Core Hardware: Piesia Trusted Computing Industrial PC (Phytium Tenglong platform) + National Cryptographic Encryption Module;
• Application Highlights: Implements dual certificate deployment of national cryptography/RSA, supports secure cross-departmental communication and hierarchical access control for government systems, and log tracing covers all operational behaviors. After deployment in a government service hall, the risk of data leakage was reduced to zero;
• Core Value: Ensures the security of government information, meets domestic substitution and compliance requirements, and enhances the trustworthiness of government services.
3. Financial Payment Security Scenario
• Application Requirements: Requires transaction data encryption, terminal security protection, and fraud detection to ensure a secure and controllable payment process;
• Core Hardware: Piesia Terminal Security Industrial PC (Intel Xeon platform) + Hardware Encryption Engine;
• Application Highlights: Supports real-time encryption of transaction data using the SM4 algorithm, integrates an AI fraud detection model, achieving a transaction risk identification accuracy of ≥99.5%. After deployment at a bank, payment fraud cases decreased by 85%;
• Core Value: Ensures the security of financial transactions, complies with payment industry security standards, and protects user funds. 4. Edge Node Security Scenario
• Application Requirements: Requires edge device access authentication, local data encryption, and lightweight protection, adapted for low power consumption and compact deployment;
• Core Hardware: Piesia miniature trusted motherboard (Phytium Tenglong E2000Q platform) + edge security module;
• Application Highlights: Power consumption <15W, size only 140x100mm, supports bidirectional authentication and encrypted data transmission for device access, suitable for smart IoT and edge computing node scenarios. After deployment in a smart park, the edge device secure access rate reached 100%;
• Core Value: Fills the security gap at the edge node, achieving "cloud-edge-end" comprehensive protection and ensuring the security of IoT terminals.
IV. Core Value of the Solution
1. Reliable Foundation: Built on intrinsic secure hardware design and hardware trust root, it defends against attacks from the ground up, addressing the vulnerability of traditional software protection being "easily bypassed";
2. Comprehensive Compliance: Deep integration of national cryptographic algorithms and dual-certificate deployment meet multi-dimensional compliance requirements of laws such as the Cybersecurity Law and the Cryptography Law;
3. Holistic Collaborative Protection: Covering industrial control, government affairs, finance, and other scenarios, it achieves full-chain protection from "boundary - terminal - data," adapting to distributed deployment needs;
4. Flexible Dual-Platform Adaptation: The x86 platform meets high-performance scenario requirements, while the domestically produced platform ensures independent and controllable operation, covering critical information infrastructure and general enterprise scenarios;
5. Low-Power and Stable Operation: Industrial-grade design supports wide temperature operation from -40℃ to 85℃, with an MTBF of over 80,000 hours, meeting the need for 7x24 uninterrupted security protection.
V. Service Guarantee
As an Intel Platinum Partner and a national high-tech enterprise, Piesia possesses 20 years of experience in industrial embedded hardware research and development, providing end-to-end services from hardware customization and national cryptographic module integration to system debugging and long-term supply. Our professional technical team provides 24/7 support, complemented by a nationwide service network, offering customers a dual guarantee of "local support + remote diagnosis." Furthermore, we collaborate closely with mainstream security software vendors and compliance testing institutions to provide an integrated "hardware + software + compliance consulting" package service, helping customers quickly establish network security systems and achieve compliance.