As post-quantum security becomes critical for edge devices, Francisco Serrano Ariza, Co-Founder of FlowLockX, puts forward a new approach.
Francisco has a strong background in cybersecurity and low-level embedded engineering for ECUs, gained from work at ND SatCom and BMW. He is deeply versed in the security challenges faced by connected devices in the satellite communications and automotive industries.
FlowLockX secures distributed systems by establishing a private, encrypted control connection to edge devices. Its software stack—and optional hardware appliance—automatically connects endpoints as soon as they are deployed, creating a secure tunnel network over an untrusted network. These paired instances come online instantly, form a fully encrypted channel, and use post-quantum–safe cryptographic algorithms to protect all device communications.
The concept is that OEMs across various distributed systems, such as satellite communications, can establish their own secure control channel networks to manage device communications and connected device constellations.
FlowLockX eliminates the complexity of cryptographic key distribution. The system automatically establishes a network of secure control channels, enabling authenticated point-to-point and group communication between all devices in the deployment.
Unlike traditional VPNs, FlowLockX uses a Network Controller as the central orchestrator, with lightweight NEXUS agents deployed at each endpoint. The agent—either as software or a hardware appliance—handles all cryptographic operations transparently, connecting securely to any device regardless of its native capabilities.
This architecture enables highly secure distributed systems spanning satellite constellations, global industrial operations, or any geographically dispersed infrastructure. Devices across multiple continents can participate in the same private network, with all connections rendered quantum-safe through FlowLockX's hybrid post-quantum cryptography.
The design is particularly valuable for long-lifecycle assets expected to operate for 10-20+ years. Rather than facing costly replacements when quantum computers arrive, organizations can deploy FlowLockX today and maintain cryptographic security throughout the entire operational lifespan.
FlowLockX NEXUS enables retrofitting existing infrastructure with post-quantum cryptographic protection. Written in Rust for memory safety and cross-platform compatibility, NEXUS runs across embedded operating systems from industrial controllers to satellite ground terminals.
Deployment is straightforward: install the NEXUS agent via software update, or for systems that cannot be modified, deploy the NEXUS hardware appliance at the network edge via Ethernet. This approach is particularly valuable for critical infrastructure—satellite ground stations, industrial control systems, and other long-lifecycle equipment can be quantum-hardened without replacement.
FlowLockX employs NIST-standardized post-quantum algorithms in a hybrid architecture:
If advances in cryptanalysis weaken one algorithm family, the other remains protective—essential for high-assurance deployments.
Quantum computers capable of breaking current cryptography are projected within years. FlowLockX protects against "harvest now, decrypt later" attacks today while positioning infrastructure for the post-quantum era.
OEMs can continue using their existing cryptographic designs without modification, while layering FlowLockX NEXUS technology on top as a future-proof security solution. Even if a malicious actor records communications today, they would not be able to exploit them in the future once quantum computers become available. FlowLockX NEXUS eliminates this risk by employing quantum-resistant cryptographic algorithms that are designed to be unbreakable.
A key advantage of FlowLockX NEXUS, as Francisco notes, is the full separation of the control plane from the data plane:
This separation allows FlowLockX to support virtually any network topology, independent of transmission medium or protocol. It works with TCP, UDP, raw L2 Ethernet, satellite links, LoRa, and other specialized buses. The FlowLockX protocol is fully media-agnostic and modular, enabling OEMs to integrate it atop their existing transmission channels with minimal adaptation.
The solution is backed by over 30 years of combined experience from Francisco Serrano Ariza and co-founder Bernd Jungblut. Francisco emphasizes that in today’s hyper-connected world, current security mechanisms will soon require upgrades. While timelines vary by field, he predicts that tangible threats from quantum computing could emerge within two years. OEMs should begin preparing now, with FlowLockX as a trusted partner.