Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

Transcription

1

2 Secure encrypted data Encryption Access Control XOR encryption RFID token 128 bit AES in ECB mode Security HDD fingerprint reader enter password by keyboard 256 bit AES in CBC mode PIN 256 bit AES in XTS mode smart card + PIN Who generated it? Where is it stored? How can it be destroyed? Functional diagram: RFID key or smart card + 8-digit PIN Authentication totally encrypted...invoice.pdf crm.sql......u%r\i6... Hardware Crypto-Engine... s.pst fina......j!$t%ä... Plain Data Transmission Encrypted Data Transmission

3 The most important criteria Data privacy and data security are extremely sensitive issues for companies. Again and again, business processes require the mobile availability of research, financial, customer or account information. For the storage and the transport of the data a company must be able to rely on absolute security. To ensure this, the main criteria are: Encryption The choice of an appropriate encryption is essential for data security. For high standards of data security, it is recommended to use at least an AES encryption with a key length of 256 bit in CBC mode. Access control The access control can range from a simple password to complex multi-factor authentication methods. A complex access method with a two-factor authentication (e.g. by smart card and PIN) offers a very high level of data security. Administration of the cryptographic key It should be known, how the cryptographic key was produced and if during the production or on the way to the user a copy of the key could have been made. It s also important to know where and how safe the key is stored for the use. In addition, it should be checked, if the cryptographic key can be destroyed, if it is necessary. Highest security provide storage devices on which the cryptographic key is stored externally and the user can generate, change and destroy the key by himself. For the selection of an appropriate security storage device always all 3 safety criteria need to be considered. If one of these criteria has a security hole, the whole security chain will be endagered.

4 Unique selling points of DIGITTRADE security storage devices widest portfolio of encrypted storage devices including high security external HDD/SSD storage devices are customized for different security requirements wide range: from a secure basic solution for private users to professional solutions for companies and government agencies user-friendly handling and plain user manuals all DIGITTRADE security storage devices are delivered with the Acronis True Image OEM Quick Backup software, with which data can be synchronized fast and easily.

5 Overview of the DIGITTRADE security storage devices The DIGITTRADE GmbH develops and produces external hard drives, SSDs and USB sticks with hardware encryption to protect business and private data extensively and securely against unauthorized access. DIGITTRADE USB Security Stick USS256 Secure solution for companies and private user Password protected access control, 256 bit AES hardware encryption in CFB mode, encrypted storage of the cryptographic key in the flash memory DIGITTRADE RFID Security HDD/SSD RS64 - Secure basic protection for private users Triple data protection: RFID access control, XOR hardware encryption, S.M.A.R.T. lock HDD lock, encrypted storage of the cryptographic key on the HDD DIGITTRADE RFID Security HDD/SSD RS128 Secure solution for private users RFID access control, 128 bit AES full disk hardware encryption in advanced ECB mode, encrypted storage of the cryptographic key on the HDD DIGITTRADE RFID Security HDD/SSD RS256 Secure solution for companies and private users RFID access control, 256 bit full disk hardware encryption in XTS mode, encrypted storage of the cryptographic key on the HDD, robust aluminum enclosure, integrated silicone Anti-Shock protectors, USB 3.0 DIGITTRADE High Security Festplatten HS128 und HS256 Professional solution for companies 2-factor authentication by smart card and PIN code, certified full disk hardware encryption according to 128 bit AES in ECB mode or 256 bit AES in CBC mode, external and encrypted storage of the cryptographic key on the smartcard DIGITTRADE High Security Festplatte HS256S Professional solution for government and companies Further development of the DIGITTRADE HS256 - provides the possibility to administrate the cryptographic key by the user (generate, change, copy and destroy). HS256S is in the certification process of the BSI (Certification ID: BSI-DSZ-CC-0825)

6 DIGITTRADE USB Security Stick USS256 secure solution for companies and private users The high resistance of the classy and robust metal case protects the DIGITTRADE USS256 stick additionally from light impacts. Features: password protected access control 256 bit AES hardware encryption in CFB mode encrypted storage of the cryptographic key in the flash memory all data will be stored automatically encrypted by the hardware encryption module in real-time epoxy sealing protects the hardware against manipulations and humidity freely selectable number of password misentries automatic delection of data after the preset number of password misentries is exceeded indicator for password security write protection switch for safe usage on different computers plug & play for all Windows OS compatible to USB 1.1 and 2.0 up to 16 GB storage capacity 2 years guarantee

7 DIGITTRADE USB Security Stick USS256 At home, at the office or during transport the USS256 protects sensitive data against unwanted looks. All data is stored by a 256 bit encryption according to AES in CFB mode. Thereby all data is protected against unwanted looks even in case of loss of the device. The integrated high-speed AES hardware-based encryption module operates independently of any software and is resistant to cold boot and similar attacks. The authentication works by password entry. To increase the safety of the USS256 it has a kind of self destruction mechanism. If an unauthorized access occurs and the preset number of password misentries is reached, the data stored on the stick will be destroyed and the USS256 will reset to factory defaults. The epoxy sealing protects the hardware against manipulations and humidity. With the DIGITTRADE USB Security Stick USS256 it is easy to guarantee a high level of data security. This storage device captivates also with its elegant and robust design. In addition, the DIGITTRADE USS256 is delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data. The USS256 offers a storage capacity of up to 16 GB. Due to its numerous security features this stick offers a high degree of security for your data.

8 DIGITTRADE RFID Security HDD RS64 secure basic protection for private users Features: RFID access control XOR full disk hardware encryption S.M.A.R.T. lock HDD lock (activates an ATA password which prevents from a readout of the HDD outside of the security enclosure) encrypted storage of the cryptographic key on the HDD no access to the DIGITTRADE Security HDD and your data without one of the two included RFID key automatic lock of the DIGITTRADE Security HDD as soon as it is disconnected from the PC all data will be stored automatically encrypted by the hardware encryption module in real-time bootable and independent of operating systems compatible to USB 1.1 and 2.0 available with 320GB, 500GB, 640GB, 750GB and 1TB as HDD and 120GB, 240GB as SSD available in black and white color 2 years guarantee

9 DIGITTRADE RFID Security external HDD/SSD RS64 All data stored on the DIGIT- TRADE RS64 is protected against unauthorized access by three essential safety functions. A combination of data encryption, S.M.A.R.T. lock and RFID access control offers private users and small companies a secure basic protection for portable data. The user authentication takes place by RFID access control with the included RFID keys. To lock or unlock the DIGITTRADE RS64 one of the RFID key will be placed above the RFID reader integrated in the HDD. Thanks to the combination of the hardware-based encryption module and RFID access control the security storage device works independent of any operating system and can be used flexibly. The integrated hardware encryption module stores data encrypted and in real-time. The S.M.A.R.T. lock function is automatically activated, if the HDD is removed from the enclosure, turns off or is locked by the RFID key. In this case an ATA password will be generated automatically to prevent from a readout of the HDD outside of the enclosure. The ATA password is not stored at any time and therefore it cannot be readout. The unauthorized access to the data will be complicated significantly. In addition, the DIGITTRADE RS64 is delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data.

10 DIGITTRADE RFID Security HDD RS128 secure solution for private users Features: RFID access control 128 bit AES full disk hardware encryption in advanced ECB mode encrypted storage of the cryptographic key on the HDD no access to the DIGITTRADE Security HDD and your data without one of the two included RFID key automatic lock of the DIGITTRADE Security HDD as soon as it is disconnected from the PC all data will be stored automatically encrypted by the hardware encryption module in real-time bootable and independent of operating systems compatible to USB 1.1 and 2.0 mini USB and integrated USB connector available with 320GB, 500GB, 640GB, 750GB and 1TB as HDD and 120GB, 240GB as SSD 3 years guarantee

11 DIGITTRADE RFID Security external HDD/SSD RS128 The DIGITTRADE RS128 RFID Security HDD protects sensitive data reliably against unwanted looks. The encryption of all data takes place with 128 bit AES in advanced ECB mode. In the process every sector uses additionally a different encryption vector. The integrated hardware encryption module stores data encrypted and in real-time. The user authentication takes place by RFID access control with the included RFID keys. To lock or unlock the DIGITTRADE RS128 one of the RFID keys will be placed above the RFID reader integrated in the HDD. The connection to the computer can be made directly using the integrated USB connector or via the included USB cable. Thanks to the combination of the hardware-based encryption module and RFID access control the security storage device works indepen- dent of any operating system and can be used flexibly. In addition, the DIGITTRADE RS128 is delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data.

12 DIGITTRADE RFID Security HDD RS256 secure solution for companies and private users Features: RFID access control 256 bit AES full disk hardware encryption in XTS mode encrypted storage of the AES key on the HDD no access to the DIGITTRADE Security HDD and your data without one of the two included RFID key automatic lock of the DIGITTRADE Security HDD as soon as it is disconnected from the PC all data will be stored automatically encrypted by the hardware encryption module in real-time integrated silicone Anti-Shock protectors robust aluminium enclosure protects against mechanical influences and electromagnetic waves bootable and independent of operating systems compatible to USB 3.0 and 2.0 available with 320GB, 500GB, 750GB and 1TB as HDD and 120GB, 240GB as SSD 3 years guarantee

13 DIGITTRADE RFID Security external HDD/SSD RS256 The DIGITTRADE RFID Security HDD RS256 is a secure solution for companies and private users. The computer magazine CHIP appreciated the mobile RFID Security HDD with the test result excellent (6/2012) and the PC WELT magazine has chosen the RS256 as the award winner and the best 2.5-inch hard drive with USB 3.0 (7/2012). All data on the DIGITTRADE RS256 is stored by a 256 bit full disk encryption according to AES in advanced XTS mode. The integrated hardware encryption module stores data encrypted and in real time. concussions and impacts. The data transmission and power supply can be made via a fast USB 3.0 connection. Thanks to the combination of the hardwarebased encryption module and RFID access control the security storage device works independent of any operating system and can be used flexibly. In addition, the DIGITTRADE RS256 is delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data. The user authentication takes place by RFID access control too. Thereby the access is only with one of the two included RFID keys possible. In addition the smart and robust aluminium enclosure protects the RS256 against mechanical influences and electromagnetic waves. The specifically developed silicone protectors increase the resistence against to

14 DIGITTRADE High Security HDD HS128/HS256 professional solution for companies Certified by The National Institute of Standards and Technology of the United States of America (NIST) Features: 2-factor authentication by smart card and 8-digit PIN certified full disk hardware encryption according to AES 128 bit in ECB mode or AES 256 bit in CBC mode external and encrypted storage of the cryptographic key on the smart card (prevents from the readout of the key from the HDD) access protection onto the smartcard with the 8-digit PIN certified encryption method (NIST: FIPS 197) all data will be stored automatically encrypted by the hardware encryption module in real-time automatic lock of the DIGITTRADE High Security HDD as soon as it is disconnected from the PC bootable and independent of operating systems compatible with USB 1.1, USB 2.0 and FireWire 100 / 200 / 400 / 800 available with 320GB, 500GB, 640GB, 750GB and 1TB as HDD and 120GB, 240GB as SSD 3 years guarantee

15 DIGITTRADE High Security external HDD/SSD HS128 and HS256 The DIGITTRADE High Security HDDs/SSDs use the worldwide unique 2-factor authentication to access the data. The 2-factor authentication works according to the having and knowing principle: Factor 1 (Having): It is verified, if the user has a smartcard with the correct cryptographic key. This verification is done by inserting the smart card into the HDD enclosure. Factor 2 (Knowing): It is verified, if the user knows the correct 8-digit PIN and consequently is authorized to use this smart card. This verification is done by the entry the 8-digit PIN. Thanks to the full disk hardware encryption according to the AES and the two-factor authentication, the DIGIT- TRADE HIGH SECURITY HDD combines the benefits of portable storage devices with highest security standards for data privacy. In addition, the DIGITTRADE HS128/HS256 is delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data. In case of any manipulation the smart card will be irrevocably destroyed and disabled. In that case the access to the data is prevented. If the HS128/HS256 has been unlocked successfully by smart card and PIN, the data will be transmitted like to a normal hard disk without a delay or an additional program.

16 DIGITTRADE High Security HDD HS256S professional solution for government and companies Certified by The National Institute of Standards and Technology of the United States of America (NIST) and in certification process of the German Federal Office for Information Security (BSI). Features: 2-factor authentication by smart card and 8-digit PIN 256 bit AES full disk hardware encryption in CBC mode external and encrypted storage of the cryptographic key on the smart card administration of the cryptographic key by the user (generate, change, copy and destroy) access protection onto the smart card with the 8-digit PIN certified encryption method (NIST: FIPS 197), in certification process of the BSI (BSI-DSZ- CC-0825) smart card Oberthur Cosmo 64 v5.4d certified according to FIPS Level 3 optionally available: smart card NXP J3A081 v2.4.1 R3 certified by BSI according to EAL 5 (Certification ID: BSI-DSZ-CC ) bootable and independent of operating systems compatible to USB 1.1, USB 2.0 and FireWire 100 / 200 / 400 / 800 available with 500GB and 1TB as HDD and 120GB, 240GB and 512GB as SSD 3 years guarantee

17 DIGITTRADE High Security external HDD/SSD HS256S The external High Security HS256S protects government, business and private data comprehensively and securely against unauthorized access. It had been developed according to the lastest requirements of the BSI (Federal Office for Information Security) for portable storage media and it is in the process of the certification BSI (BSI-DSZ- CC-0825). Data stored on the DIGITTRADE HS256S is protected against unauthorized access with regard to the data confidentiality, e.g. if the DIGITTRADE HS256S is lost, misplaced or stolen, as well as in the event of logical or physical attacks. The DIGITTRADE HS256S ensures the data confidentiality with these security mechanisms: - Encryption - Access control - Administration of the cryptographic key and PIN, the HS256S provides the possibility to administrate the cryptographic key independently of computer or software on the storage device. The user is able to generate, change, copy and in case of emergency to destroy the encryption key. The cryptographic key which is needed for de- and encryption is created and stored encrypted on the smart card. Thereby the cryptographic key is physically separated from the encrypted data. So it is impossible to read it out of the DIGITTRADE HS256S or to decrypt the stored data. With it s special security features this encrypted external storage device offers a lot of solutions for single users, companies and government agencies. In addition, the DIGITTRADE HS256S is also delivered with the Acronis True Image OEM Quick Backup software. This software can be used for backup and recovery of data. Besides the established 256 bit AES hardware encryption in CBC mode and the 2-factor authentication by smart card

18 Examples for special application possibilities of the HS256S: Secured and cost-effective data transport: If sensitive data needs to get from one location to another it is possible to send the HS256S easily by post. The matching smart cards are stored at the sender and the recipient and both know the matching PIN(s). If the HS256S gets lost during the transport, no one will have access to the data because the cryptographic key is not available but stored encrypted on the smart cards. Separating of storage device and authentication attributes: The access to the data can be regulated in a way, that it will be only possible by bringing to gether of e.g. three persons. Person X possesses the storage device, person Y possesses the smart card and person Z knows the smart card PIN. These three persons get together only for the data transfer at the receiving center and separate afterwards again. Person X,Y and Z seperately, are not able to access the data.

19 Multiple application possibilities of the DIGITTRADE security storage devices Traveling and field work If the storage device gets lost, no one will be able to access the data, because it is always stored encrypted. Business secrets It is possible to control which persons are able to access the security storage devices by selective handover of the authentication features (smart card and PIN, RFID key). Data security in case of break-ins In case of a break-in into an office, it is not possible to access the encrypted data. Independent of operating systems Because of the hardware encryption the security storage device can be used with every device that supports USB (computer, multimedia devices, machines etc.) DIGITTRADE offers with it s security storage devices solutions for different security requirements, which permit a broad data security in everyday working life without a big effort. Mobile Back-Up device With the help of the included Acronis Quick Backup software data can be synchronized easily and fast. Bootable All data, programs and operating software can be stored and started directly from the security storage device. No traces remain on the used PC or laptop.

20 Acronis Backup Software All DIGITTRADE security storage devices are delivered with the Acronis True Image OEM Quick Backup software. This program is not an encryption software but a special feature for a fast and easy data backup and recovery. Acronis True Image OEM Quick Backup is a program compilation for the preservation of all information on your computer. It can save the operating system, installed application, settings and all your data. In addition several partitions or complete HDDs can be saved. If the storage device is damaged or deseased by a virus or malware, the data can be restored quickly and easily. The Acronis software contains all the essential tools which are needed to restore a computer system in case of a disaster, for example by a data loss and accidentally deleting essential files.

21 Glossary XOR - exclusive-or operation, either or AES - Advanced Encryption Standard, symmetric encryption system, approved in the USA for top secret information CFB Mode - Cipher Feedback Mode, is an operation mode for block encryptions, that generate a chaining of the blocks. ECB Mode - Electronic Codebook Mode, is an operation mode for block encryptions. The plaintexts are encrypted separately from each other. CBC Mode - Cipher Block Chaining Mode, is an operation mode for block encryptions. The plaintext is XORed with the privious ciphertext before being encrypted. RFID - Radio Frequency Identification, is used for the access to the DIGITTRADE RFID security devices. Cryptographic key - the key which is needed for the de- and encryption of the data. Smart card - High Security storage on which the cryptographic key for DIGITTRADE High Security HDDs/SSDs is encrypted stored. It is part of the 2-factor authentication. Backup - refers to the copying and archiving of computer data so it may be used to restore the original after a data loss event. BSI - German Federal Office for Information Security XTS Mode - XEX-based tweaked codebook mode with ciphertext stealing, is an operation mode for block encryptions, for which 2 different keys are used.

22 Service and Support DIGITTRADE GmbH Ernst-Thälmann-Str Teutschenthal Web: Phone: +49 / 345 / Fax: +49 / 345 / support@digittrade.de DIGITTRADE is member of the IT Security Association Germany (TeleTrusT) Our consulting team can be reached during weekdays between 8.00 and h via or telephone. Source of supply: Germany Switzerland Austria

23

24