System Overview

TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 1 of 8

1. The Solution
Zyalin Group has developed a unique, robust and scalable infrastructure to provide internet parental control
to parents worldwide via Network Operators. This single infrastructure allows parents to manage their
children’s devices whether connected via Wi-Fi or mobile data service.

Zyalin’s iKydz Parental Control Solution is a fully re-brandable parental control solution. We have developed
our product suite to provide a complete end-customer ready solution to our clients and partners.
Developed as a SaaS application with hardware product suite, our white-label solution enables partners and
clients to resell the iKydz Parental Control service under the partner/client’s own brand name.

Using IOT technologies, any device connected to the internet can be connected to the infrastructure. Once
connected the Zyalin solution set immediately uniquely identifies the device based on defined set of
information gathered. The device is then made available to the associated account for management and
control.

• All traffic from the device resolves to the Zyalin DNS service for filtering and control.
• Parental access is either via a secure (Https) portal of mobile app (Android or IOS).
• Devices are seamlessly managed across both WIFI and Mobile.

2. Zyalin Core System Components

The iKydz Parent Control App Suite and Customer Web Portal Suite can be re-branded with the client’s
chosen colours, fonts and logos. Any images or fonts used may be subject to copyright agreements and may
incur additional charges.

2.1. ZSDS - Global DNS Protection in the Cloud

Blocking access to known bad websites, downloads, and locations is at the cornerstone of Zyalin’ s Secure
DNS service (ZSDS). All device traffic resolves DNS requests to the ZSDS ensuring that all appropriate filtering
and blocking are delivered to the device. In addition, all web searches are resolved to Google Safe Search
engine filtering word-based requests. Zyalin’s Global Block list category list includes (amongst others):
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 2 of 8

• Adult Content
• Social Media
• Violence
• Terrorism
• Drugs and Alcohol
• Video
• Gaming

Zyalin also provides specific services for the most popular services such as Facebook, Snapchat, WhatsApp,
Instagram, etc and allows the parent to easily manage their children’s access to these services. Zyalin’s
infrastructure also enables clients to dynamically add local or urgent sites/services, thus making them
immediately available to end users.

2.2. IDM – Device Identification and Management

Zyalin’s system uniquely identifies each device connected to the account, thereby enabling every device to
be individually managed by the end user (i.e. the parent). In addition, Zyalin’s infrastructure can identify
non-human devices (such as IOT devices), which can be monitored or removed from the system/service
based on the end user’s preferences. Some useful system features that are enabled as a result of Zyalin’s
ability to uniquely identify devices include:
• Blocking internet access for specific devices
• Applying age-based filter settings for YouTube services
• Blocking access to certain apps or websites for specific devices
• Applying blanket category filters to specific devices (e.g. total adult content blocking, gambling, etc)
• Scheduling timed access to the internet for devices

2.3. ZAS – Zyalin Analytics Service

As all DNS request from all devices resolve to ZSDS, all device access requests are logged and stored against
the end user’s account. This provides insights for parents into their children’s internet habits including:
• Time spent online
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 3 of 8

• Time spent per application/service

• All web requests
• All blocked requests
• Dynamic links to URLs per device

2.4. ZCSE – Zyalin Cyber Security Engine

In addition to DNS filtering and content blocking, Zyalin’s Cyber Security Engine (ZCSE) blocks all ads and
malware being delivered to connected devices. A complete list of blocked components is also available to
parents to review via ZAS.
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 4 of 8

3. Integration
The Zyalin infrastructure can be provided to clients as a fully hosted, hybrid or on-premise solution. Our
fully hosted solution ensures that there are minimal integration requirements for Network Operators – all
that is required is a simple connection via RESTful API from the Operator’s originating subscription service.

3.1. Infrastructure Design

Zyalin uses Amazon Web Services (AWS) to power our infrastructure. With AWS, we can dynamically scale
our fleet of servers in real-time. AWS elasticity enables Zyalin to reliably serve a growing user base and scale
with our clients’ end-user growth. We employ the following AWS services from data centres in Ireland and
Frankfurt, Germany:
• EC2
• EBS
• ELB
• RDS
• SNS
• NATGateway

Figure 1. Zyalin Fully Hosted Solution

 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 5 of 8

Our secure API interface allows for the secure transfer of information between client, end user and the
Zyalin platform. All data is encrypted in transit and at rest.
• SSL encrypted transactions; no HTTP transport of data + VPC protected systems, nothing is exposed
to public that absolutely does not have to be exposed.
• Database information is obfuscated and encrypted Percona + MySQL 8.
• Passwords and other relevant personal information are encrypted and not transported nor stored
in clear text on any of our systems.
• Payment related information is handled by PCI compliant partner and not stored on Zyalin’s
systems.

Figure 2. Zyalin Infrastructure

3.2. End user registration and subscription update

For ease of integration, our process is simple. End user subscription initiation and updates are passed from
client systems to Zyalin via our secure API gateway. End user interactions with the parental control service
are managed similarly via our secure API gateway via MQTT and Redis. Information transferred includes the
following:
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 6 of 8

What When How

• End-user name
• End-user email address
• End-user phone number
• iKydz unit MAC Address
• IP Address
• Device MAC address
When creating end-user account within Zyalin Via secure API from
core system client CRM
When enabling the iKydz service on initial Via secure API
subscription and connection to the service, to request
commission the end-user account and to

• IMEI (for mobile data) associate the device(s) with the account and

• IMSI (for mobile data) service.

• Device information
• DNS requests When active request is made to ZSDS DNS request
• Applied Functions When end-user applies any change to device Via secure API
config
• Subscription status When end-user subscription status changes with Via secure API from
client client CRM
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 7 of 8

Figure 3. Zyalin > Client > End-user registration and subscription update flow

4. End-user Deployment Options

Deployment of Zyalin services is available to clients in multiple ways. We offer omni-channel deployment
options to make distribution and revenue-generation quick and easy.

4.1. Electronic delivery

All of Zyalin’s services (except for our customer-ready hardware components) can be electronically
delivered to the end user. A sale/subscription originating from the client’s internal systems can immediately
trigger the provisioning and delivery of services to the end user. Our secure API interface has been created
to quickly allow integration between systems irrespective of geography.
 System Overview
TITLE: System Overview

REVISION DATE: 17-06-2019

REVISION NO.: 1.4 Page 8 of 8

The Zyalin Mobile solution is easily deployed either via emailed QR codes that scan directly to the parent
app for deployment to the child’s device. The same printed QR code can be sold through client retail
operations at the point of device purchase by the parent. In addition, Zyalin provide the ability to deploy
the service access via SIM which can be purchased by parents in retail or as a replacement SIM offering.

4.2. Physical hardware deployment

The Zyalin group provide a range of hardware components to complement the client’s existing or
established broadband offerings. Our hardware offering includes standard 2.4Ghz 300Mbps WIFI service,
2.4/5GHZ AC and Mesh solutions. All of Zyalin’s WIFI hardware operate through any CPE, so long as the
router has an available LAN port. Traditionally, our hardware is provided with a minimal upfront cost and
recurring subscription per month based on a 12/24-month contract and/or in line with client’s current
broadband offerings.

4.3. NVDS - Network Virtualisation Deployment Services

Zyalin Group provide a full suite of virtualisation services to complement many of our clients’ network
virtualisation and convergence projects. Our proven technology (which already operates as a virtual routing
service for clients) can immediately deliver benefits and revenue streams as part of any virtualisation
project.

Figure 4. Zyalin Infrastructure supporting Virtualisation and network convergence