W.I.S.D.O.M™ – Integrated Management Platform for PHOENIX Drone (TELNET)
Wise Integrated System for Drone Operations & Maintenance · Field Modules · PHOENIX IA · Multi-layer Security · Audit Ready
🛸 WHAT IS W.I.S.D.O.M? Complete Platform for PHOENIX Drone
W.I.S.D.O.M™ (Wise Integrated System for Drone Operations & Maintenance) is a software platform developed by Baligh Ben Khalifa for TELNET (PLM), specifically designed for PHOENIX drone operations and maintenance (70kg, NCAA specific category).
Integrated modules:
- Field modules: Flight Line Tester (checklists), Video Operation (EO/IR streams), Map Assistant (Leaflet), Flight Data Monitor (telemetry), Log Viewer (ArduPilot analysis)
- PHOENIX IA Assistant: Multi-source chatbot (HuggingFace, DuckDuckGo, weather, geolocation, OpenSky air traffic)
- Multi-layer security: runtime license, OFFLINE mode with hard blocker, admin control, biometrics (face, voice, liveness)
- Avionics link governance: GlobalPixhawkSession (single owner), PixhawkConnection, DataMonitorDialog
🔒 SECURITY & FLOWS Data: Local vs External
| Service | Data sent out | Data NEVER transmitted |
|---|---|---|
| License (Render) | Machine fingerprint Account ID | UAV flight data ISR/EO‑IR streams |
| PHOENIX IA Assistant | User text query | Telemetry / auto‑uploaded logs Images/videos |
🏛️ ARCHITECTURE W.I.S.D.O.M System View (NATO ADatP‑36)
Compliant architecture: clear boundaries, labeled data flows, defined security domains.
📦 FUNCTIONAL MODULES W.I.S.D.O.M Components Details
✅ Flight Line Tester
Interactive pre-flight and post-flight checklists. Sensors, motors, radio links validation. Compliance report generation.
🎥 Video Operation
EO/IR stream management: real-time display, AES-256 encrypted recording, object marking, flight data overlay.
🗺️ Map Assistant
Leaflet offline mapping, drone position, waypoints, no-fly zones, OpenSky air traffic integration.
📊 Flight Data Monitor
Real-time telemetry: altitude, speed, attitude, battery. Dynamic graphs, configurable alerts.
📋 Log Viewer
Post-flight ArduPilot log analysis (.bin/.log). Anomaly detection, maintenance export.
🤖 PHOENIX IA Assistant
Multi-source chatbot: HuggingFace, DuckDuckGo, weather, geolocation, OpenSky. Answers technical questions.
🔐 SECURITY Defense in Depth - Trust Architecture
DEFENSE IN DEPTH
Multi-layer security architecture for critical systems
Security Philosophy
W.I.S.D.O.M adopts a security by design approach where trust is established progressively through complementary layers. Each mechanism reinforces the previous one to create a robust barrier against unauthorized access, misuse, and data leakage. This architecture ensures that no single point of failure can compromise the entire system.
LAYER 1 - IDENTITY & ACCESS CONTROL
FoundationAccess restricted to registered and authorized operators. Multi-factor authentication combining password, biometrics (face/fingerprint), and administrative verification for sensitive operations.
Ensure only authorized operators can access the system
Pilot ID, password, face/fingerprint, admin verification
Prevents unauthorized access and identity theft
LAYER 2 - SESSION PROTECTION
Operational SecurityAutomatic session locking after inactivity, screen overlay blocking, and cleanup of sensitive UI data. Prevents unauthorized access on unattended workstations.
Prevent session hijacking and unattended access
Idle timeout, lock overlay, UI cleanup
Eliminates abandoned session exposure
LAYER 3 - APPLICATION TRUST
System IntegritySensitive operations require explicit authorization. Strong password policies, secure reset flows, and controlled access to critical components (camera, biometric workers, system resources).
Ensure operations require proper authorization
Admin approval, password policy, camera lock
Prevents unauthorized configuration changes
LAYER 4 - DATA PROTECTION
EncryptionSensitive data segregated into protected stores: authentication database, biometric templates, user profiles, and logs. Encryption at rest and in transit. Signed license artifacts with machine fingerprint verification.
Protect sensitive data from unauthorized access
Encrypted storage, signed licenses, secure key storage
Prevents credential theft and data compromise
LAYER 5 - NETWORK SECURITY
Controlled ConnectivityNetwork isolation with configurable offline mode. Socket blocking, request interception, and WebEngine controls ensure data remains local. Prevents unauthorized data exfiltration.
Prevent unauthorized data exfiltration
Hard blocker, socket override, URL filtering
Eliminates accidental or malicious data leakage
LAYER 6 - AUDIT & TRACEABILITY
ApexComprehensive logging of system events, user actions, and exceptions. Complete audit trail for incident investigation, maintenance tracking, and compliance evidence.
Provide forensic evidence for investigations
Full logging, audit trail, exception tracking
Enables detection, investigation, and compliance
📊 IMPLEMENTATION STATUS
W.I.S.D.O.M implements a true defense in depth strategy. Rather than relying on any single protection mechanism, trust is established progressively through identity verification, session controls, application safeguards, data encryption, network isolation, and comprehensive auditability. This multi-layered approach ensures resilience against a wide range of threats and operational scenarios.
🇳🇬 REGULATORY COMPLIANCE NCAA • ONSA • NITDA • NCC • NDPA • NCCC
Civil Aviation
National Security
Data Protection
Communications
Privacy
Cybersecurity
Nigerian Regulatory Framework for UAV Systems
Comprehensive compliance with all applicable laws and regulations
Remotely Piloted Aircraft Systems operations, operator certification, airworthiness
End-user certificates, security clearance, non-transferability guarantees
Data localization, sovereign data, government cloud requirements
Frequency allocation, type approval, encryption standards
Data protection, biometric security, consent management
Security audits, incident response, source code verification
| Ref | Agency | Regulatory Requirement | W.I.S.D.O.M / PHOENIX Implementation | Status | Evidence / Proof | Target |
|---|---|---|---|---|---|---|
| ✈️ NCAA - Nigeria Civil Aviation Authority (Nig.CARs 2023 Part 21) | ||||||
| NCAA-01 | NCAA | Operator certification (ROC) for Specific Category (25-150kg) | ROC application in progress, documentation submitted to NCAA | ⏳ In progress | 📎 | Q2 2026 |
| NCAA-02 | NCAA | Aircraft registration (mandatory >250g) | PHOENIX registered with NCAA, registration number pending | ✅ Compliant | 📎 | Completed |
| NCAA-03 | NCAA | Pilot licensing and training requirements | Pilot ID system, certified training program for operators | ✅ Compliant | 📎 | Completed |
| NCAA-04 | NCAA | Operational safety manual & procedures | Flight Line Tester checklists, pre/post flight procedures | ✅ Compliant | 📎 | Completed |
| 🛡️ ONSA - Office of the National Security Adviser (EUC Regime) | ||||||
| ONSA-01 | ONSA | End-User Certificate (EUC) via ECIMS system | EUC obtained, registered in ECIMS, clearance verified | ✅ Compliant | 📎 | Completed |
| ONSA-02 | ONSA | Personnel security clearance (DSS vetting) | All operators vetted, biometric authentication required | ✅ Compliant | 📎 | Completed |
| ONSA-03 | ONSA | Non-transferability & end-use monitoring | Machine fingerprint binding (lines 1130-1162), hardware locking | ✅ Compliant | 📎 | Completed |
| 💾 NITDA - National Information Technology Development Agency (Cloud Policy 2024) | ||||||
| NITDA-01 | NITDA | Data localization - all sovereign data stored in Nigeria | Offline-first architecture, local GCS, no external sync (lines 260-280) | ✅ Compliant | 📎 | Completed |
| NITDA-02 | NITDA | Cloud infrastructure certification | Private cloud deployment, Nigerian data centers only | ⏳ In progress | 📎 | Q3 2026 |
| NITDA-03 | NITDA | Data Protection Officer (DPO) appointment | DPO nominated, registered with NDPC | ✅ Compliant | 📎 | Completed |
| NITDA-04 | NITDA | Annual data protection audit | Audit trail implemented, logs maintained (lines 1450-1480) | ✅ Compliant | 📎 | Completed |
| 📡 NCC - Nigerian Communications Commission (6GHz Guidelines 2025) | ||||||
| NCC-01 | NCC | Type approval for radio equipment | Application submitted, testing in progress | ⏳ In progress | 📎 | Q3 2026 |
| NCC-02 | NCC | Frequency allocation (2.4GHz, 5.8GHz, 6GHz) | Spectrum licenses obtained, bands configured | ✅ Compliant | 📎 | Completed |
| NCC-03 | NCC | Encryption standards (AES-256 mandatory) | AES-256 for all communications, FHSS >75 frequencies | ✅ Compliant | 📎 | Completed |
| 🔐 NDPA - Nigeria Data Protection Act 2023 | ||||||
| NDPA-01 | NDPA | Lawful processing of personal data | Consent management, privacy policy implemented | ✅ Compliant | 📎 | Completed |
| NDPA-02 | NDPA | Data security (encryption at rest and in transit) | AES-256, DPAPI biometric protection (lines 520-580) | ✅ Compliant | 📎 | Completed |
| NDPA-03 | NDPA | Data Subject Access Requests (DSAR) | DSAR procedure documented, response within 30 days | 🔧 Ready | 📎 | Q2 2026 |
| ⚡ NCCC - National Cybersecurity Coordination Centre (Cybercrime Act 2024) | ||||||
| NCCC-01 | NCCC | Secure boot / Firmware integrity |
RSA-2048 signature verification (lines 1014-1090) Machine fingerprint binding (lines 1130-1162) Anti-tamper snapshots (lines 1174-1198) |
✅ Compliant | 📎 | Completed |
| NCCC-02 | NCCC | Incident notification (<72h to ngCERT) | Audit module, automatic alerts, logging system | ✅ Compliant | 📎 | Completed |
| NCCC-03 | NCCC | Source code audit & vulnerability assessment | Code available for audit, penetration testing scheduled | ⏳ In progress | 📎 | Q3 2026 |
📌 Code Evidence - Implementation References
LICENSE_PUBLIC_KEY_PEM = b"""-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAtzunYGxz5qgqFTg8iW
...
-----END PUBLIC KEY-----"""
def machine_fingerprint():
if sys.platform == "darwin": ...
elif os.name == "nt": ...
else: ...
def _save_last_license_snapshot(info: dict):
# Snapshot for tamper detection
class NetworkHardBlocker:
def install_hard_blocker(self):
# Blocks all unauthorized outbound traffic
📅 Compliance Achievement Roadmap
📊 Overall Status
Compliance Declaration: W.I.S.D.O.M / PHOENIX Flight Line Tester complies with all applicable Nigerian regulations for Specific Category UAV systems (70kg). The implementation includes cryptographic verification (RSA-2048), machine fingerprint binding, AES-256 encryption, local data sovereignty, and complete audit trails. All evidence is available for inspection by NCAA, ONSA, NITDA, NCC, NDPC, and NCCC upon request. This matrix is maintained as a living document throughout the certification lifecycle.
📁 CODE AUDIT Main Classes (Python/PyQt5)
Each major module is version-controlled and cryptographically signed. Click to inspect code:
StartWindow
Main launcher, license, offline mode
MainWindow
Main window, idle timer, UI
GlobalPixhawkSession
Exclusive avionics link governance
PHOENIX IA Assistant
HuggingFace, DuckDuckGo, weather
NetworkHardBlocker
Offline network blocking
MapAssistant
Offline Leaflet mapping