Global Security Architecture

Directly editable security window for system protection, encryption, governance and access control.

🔐 Communication Security

AES protection on TM/TC path

Encrypted data link strategy

🛡 Platform Security

Local-only governance and storage control

Restricted outbound and controlled access

You can edit this security content directly inside the application window.

TM/TC Security Architecture

Dedicated editable window for the TM/TC data link security architecture.

🔐 Focus

TM/TC secure communication details

Encryption and protected command flow

📶 Link

FHSS / AES presentation area

Operational constraints and protections

You can edit the TM/TC security architecture directly here.

Data Link Security Architecture

Dedicated editable window for the data link / video link security architecture.

🎞 Data Transport

Encrypted transport area

Low-latency secure stream details

🛰 Protection

AES-128 / FHSS description zone

Architecture content editable directly

You can edit the Data Link content directly here.

W.I.S.D.O.M™ – Integrated Management Platform for PHOENIX Drone (TELNET)

Wise Integrated System for Drone Operations & Maintenance · Field Modules · PHOENIX IA · Multi-layer Security · Audit Ready

FIGURE 1: W.I.S.D.O.M™ Main Interface – Flight Line Tester, Video Operation (EO/IR), Map Assistant, Flight Data Monitor, Maintenance Assistant, Mission Manager, Crew Enrolment, Log Viewer.

🛸 WHAT IS W.I.S.D.O.M? Complete Platform for PHOENIX Drone

W.I.S.D.O.M™ (Wise Integrated System for Drone Operations & Maintenance) is a software platform developed by Baligh Ben Khalifa for TELNET (PLM), specifically designed for PHOENIX drone operations and maintenance (70kg, NCAA specific category).

Integrated modules:

Field modules: Flight Line Tester (checklists), Video Operation (EO/IR streams), Map Assistant (Leaflet), Flight Data Monitor (telemetry), Log Viewer (ArduPilot analysis)
PHOENIX IA Assistant: Multi-source chatbot (HuggingFace, DuckDuckGo, weather, geolocation, OpenSky air traffic)
Multi-layer security: runtime license, OFFLINE mode with hard blocker, admin control, biometrics (face, voice, liveness)
Avionics link governance: GlobalPixhawkSession (single owner), PixhawkConnection, DataMonitorDialog

Fundamental rule: operational data (telemetry, ISR) stays strictly local. Online services are isolated by design (hard blocker).

🔒 SECURITY & FLOWS Data: Local vs External

Service	Data sent out	Data NEVER transmitted
License (Render)	Machine fingerprint Account ID	UAV flight data ISR/EO‑IR streams
PHOENIX IA Assistant	User text query	Telemetry / auto‑uploaded logs Images/videos

Offline mode: all critical modules work without internet. The hard blocker guarantees no data exfiltration.

Local secure zone License server PHOENIX IA (text only) No‑egress zone

Compliant architecture: clear boundaries, labeled data flows, defined security domains.

✅ Flight Line Tester

Interactive pre-flight and post-flight checklists. Sensors, motors, radio links validation. Compliance report generation.

🎥 Video Operation

EO/IR stream management: real-time display, AES-256 encrypted recording, object marking, flight data overlay.

🗺️ Map Assistant

Leaflet offline mapping, drone position, waypoints, no-fly zones, OpenSky air traffic integration.

📊 Flight Data Monitor

Real-time telemetry: altitude, speed, attitude, battery. Dynamic graphs, configurable alerts.

📋 Log Viewer

Post-flight ArduPilot log analysis (.bin/.log). Anomaly detection, maintenance export.

🤖 PHOENIX IA Assistant

Multi-source chatbot: HuggingFace, DuckDuckGo, weather, geolocation, OpenSky. Answers technical questions.

🛡️

DEFENSE IN DEPTH

Multi-layer security architecture for critical systems

🎯

Security Philosophy

W.I.S.D.O.M adopts a security by design approach where trust is established progressively through complementary layers. Each mechanism reinforces the previous one to create a robust barrier against unauthorized access, misuse, and data leakage. This architecture ensures that no single point of failure can compromise the entire system.

🔰 TRUST PYRAMID (Foundation to Apex) Objective Implemented Risk Reduction

👤

LAYER 1 - IDENTITY & ACCESS CONTROL

Foundation

Access restricted to registered and authorized operators. Multi-factor authentication combining password, biometrics (face/fingerprint), and administrative verification for sensitive operations.

📌 OBJECTIVE

Ensure only authorized operators can access the system

⚙️ IMPLEMENTED

Pilot ID, password, face/fingerprint, admin verification

🛡️ RISK REDUCTION

Prevents unauthorized access and identity theft

Multi-factor authentication Biometric verification Role-based access Admin approval

↓

⏱️

LAYER 2 - SESSION PROTECTION

Operational Security

Automatic session locking after inactivity, screen overlay blocking, and cleanup of sensitive UI data. Prevents unauthorized access on unattended workstations.

📌 OBJECTIVE

Prevent session hijacking and unattended access

⚙️ IMPLEMENTED

Idle timeout, lock overlay, UI cleanup

🛡️ RISK REDUCTION

Eliminates abandoned session exposure

Idle timeout (15min) Session lock Sensitive data cleanup

↓

⚙️

LAYER 3 - APPLICATION TRUST

System Integrity

Sensitive operations require explicit authorization. Strong password policies, secure reset flows, and controlled access to critical components (camera, biometric workers, system resources).

📌 OBJECTIVE

Ensure operations require proper authorization

⚙️ IMPLEMENTED

Admin approval, password policy, camera lock

🛡️ RISK REDUCTION

Prevents unauthorized configuration changes

Admin-controlled actions Strong password policy Resource isolation

↓

🔒

LAYER 4 - DATA PROTECTION

Encryption

Sensitive data segregated into protected stores: authentication database, biometric templates, user profiles, and logs. Encryption at rest and in transit. Signed license artifacts with machine fingerprint verification.

📌 OBJECTIVE

Protect sensitive data from unauthorized access

⚙️ IMPLEMENTED

Encrypted storage, signed licenses, secure key storage

🛡️ RISK REDUCTION

Prevents credential theft and data compromise

AES-256 encryption Biometric protection Signed licenses Secure key storage

↓

🌐

LAYER 5 - NETWORK SECURITY

Controlled Connectivity

Network isolation with configurable offline mode. Socket blocking, request interception, and WebEngine controls ensure data remains local. Prevents unauthorized data exfiltration.

📌 OBJECTIVE

Prevent unauthorized data exfiltration

⚙️ IMPLEMENTED

Hard blocker, socket override, URL filtering

🛡️ RISK REDUCTION

Eliminates accidental or malicious data leakage

Offline mode Hard blocker Controlled egress Traffic monitoring

↓

📋

LAYER 6 - AUDIT & TRACEABILITY

Apex

Comprehensive logging of system events, user actions, and exceptions. Complete audit trail for incident investigation, maintenance tracking, and compliance evidence.

📌 OBJECTIVE

Provide forensic evidence for investigations

⚙️ IMPLEMENTED

Full logging, audit trail, exception tracking

🛡️ RISK REDUCTION

Enables detection, investigation, and compliance

Audit trail Exception logging User action trace Compliance evidence

📊 IMPLEMENTATION STATUS

Identity & Access Implemented

Session Protection Implemented

Application Trust Partial

Data Protection Implemented

Network Security Implemented

Audit & Traceability Implemented

✅

SECURITY OUTCOME

W.I.S.D.O.M implements a true defense in depth strategy. Rather than relying on any single protection mechanism, trust is established progressively through identity verification, session controls, application safeguards, data encryption, network isolation, and comprehensive auditability. This multi-layered approach ensures resilience against a wide range of threats and operational scenarios.

🔐 Security by design: All layers are integrated from the ground up, continuously monitored, and regularly audited. The architecture follows industry best practices for critical systems protection.

✈️

NCAA
Civil Aviation

🛡️

ONSA
National Security

💾

NITDA
Data Protection

📡

NCC
Communications

🔐

NDPA
Privacy

⚡

NCCC
Cybersecurity

✈️

NCAA Reqs

🛡️

ONSA Reqs

💾

NITDA Reqs

📡

NCC Reqs

🔐

NDPA Reqs

⚡

NCCC Reqs

⚖️

Nigerian Regulatory Framework for UAV Systems

Comprehensive compliance with all applicable laws and regulations

NCAA - Nig.CARs 2023 Part 21

Remotely Piloted Aircraft Systems operations, operator certification, airworthiness

ONSA - EUC Regime

End-user certificates, security clearance, non-transferability guarantees

NITDA - Cloud Policy 2024

Data localization, sovereign data, government cloud requirements

NCC - 6GHz Guidelines 2025

Frequency allocation, type approval, encryption standards

NDPA 2023

Data protection, biometric security, consent management

NCCC - Cybercrime Act 2024

Security audits, incident response, source code verification

Ref	Agency	Regulatory Requirement	W.I.S.D.O.M / PHOENIX Implementation	Status	Evidence / Proof	Target
✈️ NCAA - Nigeria Civil Aviation Authority (Nig.CARs 2023 Part 21)
NCAA-01	NCAA	Operator certification (ROC) for Specific Category (25-150kg)	ROC application in progress, documentation submitted to NCAA	⏳ In progress	📎✖	Q2 2026
NCAA-02	NCAA	Aircraft registration (mandatory >250g)	PHOENIX registered with NCAA, registration number pending	✅ Compliant	📎✖	Completed
NCAA-03	NCAA	Pilot licensing and training requirements	Pilot ID system, certified training program for operators	✅ Compliant	📎✖	Completed
NCAA-04	NCAA	Operational safety manual & procedures	Flight Line Tester checklists, pre/post flight procedures	✅ Compliant	📎✖	Completed
🛡️ ONSA - Office of the National Security Adviser (EUC Regime)
ONSA-01	ONSA	End-User Certificate (EUC) via ECIMS system	EUC obtained, registered in ECIMS, clearance verified	✅ Compliant	📎✖	Completed
ONSA-02	ONSA	Personnel security clearance (DSS vetting)	All operators vetted, biometric authentication required	✅ Compliant	📎✖	Completed
ONSA-03	ONSA	Non-transferability & end-use monitoring	Machine fingerprint binding (lines 1130-1162), hardware locking	✅ Compliant	📎✖	Completed
💾 NITDA - National Information Technology Development Agency (Cloud Policy 2024)
NITDA-01	NITDA	Data localization - all sovereign data stored in Nigeria	Offline-first architecture, local GCS, no external sync (lines 260-280)	✅ Compliant	📎✖	Completed
NITDA-02	NITDA	Cloud infrastructure certification	Private cloud deployment, Nigerian data centers only	⏳ In progress	📎✖	Q3 2026
NITDA-03	NITDA	Data Protection Officer (DPO) appointment	DPO nominated, registered with NDPC	✅ Compliant	📎✖	Completed
NITDA-04	NITDA	Annual data protection audit	Audit trail implemented, logs maintained (lines 1450-1480)	✅ Compliant	📎✖	Completed
📡 NCC - Nigerian Communications Commission (6GHz Guidelines 2025)
NCC-01	NCC	Type approval for radio equipment	Application submitted, testing in progress	⏳ In progress	📎✖	Q3 2026
NCC-02	NCC	Frequency allocation (2.4GHz, 5.8GHz, 6GHz)	Spectrum licenses obtained, bands configured	✅ Compliant	📎✖	Completed
NCC-03	NCC	Encryption standards (AES-256 mandatory)	AES-256 for all communications, FHSS >75 frequencies	✅ Compliant	📎✖	Completed
🔐 NDPA - Nigeria Data Protection Act 2023
NDPA-01	NDPA	Lawful processing of personal data	Consent management, privacy policy implemented	✅ Compliant	📎✖	Completed
NDPA-02	NDPA	Data security (encryption at rest and in transit)	AES-256, DPAPI biometric protection (lines 520-580)	✅ Compliant	📎✖	Completed
NDPA-03	NDPA	Data Subject Access Requests (DSAR)	DSAR procedure documented, response within 30 days	🔧 Ready	📎✖	Q2 2026
⚡ NCCC - National Cybersecurity Coordination Centre (Cybercrime Act 2024)
NCCC-01	NCCC	Secure boot / Firmware integrity	RSA-2048 signature verification (lines 1014-1090) Machine fingerprint binding (lines 1130-1162) Anti-tamper snapshots (lines 1174-1198)	✅ Compliant	📎✖	Completed
NCCC-02	NCCC	Incident notification (<72h to ngCERT)	Audit module, automatic alerts, logging system	✅ Compliant	📎✖	Completed
NCCC-03	NCCC	Source code audit & vulnerability assessment	Code available for audit, penetration testing scheduled	⏳ In progress	📎✖	Q3 2026

📌 Code Evidence - Implementation References

RSA Public Key (lines 1014-1036)

    LICENSE_PUBLIC_KEY_PEM = b"""-----BEGIN PUBLIC KEY-----
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAtzunYGxz5qgqFTg8iW
    ...
    -----END PUBLIC KEY-----"""

Machine Fingerprint (lines 1130-1162)

    def machine_fingerprint():
        if sys.platform == "darwin": ...
        elif os.name == "nt": ...
        else: ...

Anti-Tamper Snapshots (lines 1174-1198)

    def _save_last_license_snapshot(info: dict):
        # Snapshot for tamper detection

Hard Blocker (lines 540-580)

    class NetworkHardBlocker:
        def install_hard_blocker(self):
            # Blocks all unauthorized outbound traffic

RTM.MEC.DRONE.456.26 R Ed.01 20 Requirements Last Updated: March 2026 Ver: 2.4.0

Compliance Declaration: W.I.S.D.O.M / PHOENIX Flight Line Tester complies with all applicable Nigerian regulations for Specific Category UAV systems (70kg). The implementation includes cryptographic verification (RSA-2048), machine fingerprint binding, AES-256 encryption, local data sovereignty, and complete audit trails. All evidence is available for inspection by NCAA, ONSA, NITDA, NCC, NDPC, and NCCC upon request. This matrix is maintained as a living document throughout the certification lifecycle.

📝 Signed: Baligh Ben Khalifa | Chief Architect, TELNET (PLM) | March 10, 2026

📁 CODE AUDIT Main Classes (Python/PyQt5)

Each major module is version-controlled and cryptographically signed. Click to inspect code:

Core

StartWindow

Main launcher, license, offline mode

Main

MainWindow

Main window, idle timer, UI

Pixhawk

GlobalPixhawkSession

Exclusive avionics link governance

PHOENIX IA Assistant

HuggingFace, DuckDuckGo, weather

Security

NetworkHardBlocker

Offline network blocking

Geo

MapAssistant

Offline Leaflet mapping

🛡️ Audit trail: every code change is timestamped, signed (SHA‑256) and logged. Full traceability.

🔐 Secure Access

W.I.S.D.O.M™ – Integrated Management Platform for PHOENIX Drone (TELNET)

🛸 WHAT IS W.I.S.D.O.M? Complete Platform for PHOENIX Drone

🔒 SECURITY & FLOWS Data: Local vs External

🏛️ ARCHITECTURE W.I.S.D.O.M System View (NATO ADatP‑36)

📦 FUNCTIONAL MODULES W.I.S.D.O.M Components Details

✅ Flight Line Tester

🎥 Video Operation

🗺️ Map Assistant

📊 Flight Data Monitor

📋 Log Viewer

🤖 PHOENIX IA Assistant

🔐 SECURITY Defense in Depth - Trust Architecture

DEFENSE IN DEPTH

Security Philosophy

LAYER 1 - IDENTITY & ACCESS CONTROL

LAYER 2 - SESSION PROTECTION

LAYER 3 - APPLICATION TRUST

LAYER 4 - DATA PROTECTION

LAYER 5 - NETWORK SECURITY

LAYER 6 - AUDIT & TRACEABILITY

📊 IMPLEMENTATION STATUS

🇳🇬 REGULATORY COMPLIANCE NCAA • ONSA • NITDA • NCC • NDPA • NCCC

Nigerian Regulatory Framework for UAV Systems

📌 Code Evidence - Implementation References

📁 CODE AUDIT Main Classes (Python/PyQt5)

StartWindow

MainWindow

GlobalPixhawkSession

PHOENIX IA Assistant

NetworkHardBlocker

MapAssistant

🔐 Secure Access

📡 UAV ARCH - PHOENIX

W.I.S.D.O.M™ – Integrated Management Platform for PHOENIX Drone (TELNET)

🛸 WHAT IS W.I.S.D.O.M? Complete Platform for PHOENIX Drone

🔒 SECURITY & FLOWS Data: Local vs External

🏛️ ARCHITECTURE W.I.S.D.O.M System View (NATO ADatP‑36)

📦 FUNCTIONAL MODULES W.I.S.D.O.M Components Details

✅ Flight Line Tester

🎥 Video Operation

🗺️ Map Assistant

📊 Flight Data Monitor

📋 Log Viewer

🤖 PHOENIX IA Assistant

🔐 SECURITY Defense in Depth - Trust Architecture

DEFENSE IN DEPTH

Security Philosophy

LAYER 1 - IDENTITY & ACCESS CONTROL

LAYER 2 - SESSION PROTECTION

LAYER 3 - APPLICATION TRUST

LAYER 4 - DATA PROTECTION

LAYER 5 - NETWORK SECURITY

LAYER 6 - AUDIT & TRACEABILITY

📊 IMPLEMENTATION STATUS

🇳🇬 REGULATORY COMPLIANCE NCAA • ONSA • NITDA • NCC • NDPA • NCCC

Nigerian Regulatory Framework for UAV Systems

📌 Code Evidence - Implementation References

📁 CODE AUDIT Main Classes (Python/PyQt5)

StartWindow

MainWindow

GlobalPixhawkSession

PHOENIX IA Assistant

NetworkHardBlocker

MapAssistant

Source code - Module