|
Like a Safe Deposit Box in Your Pocket
Personal Encryption Device USB encryption devices are secure, yet versatile. Think of individual safe deposit boxes. Even if safecrackers force open the vault, they must still break into each box, one at a time to reach anything of value. Like a safe deposit box, Personal Encryption Device provides secure hardware-based encryption to each file using a unique key.
Secure Storage
Personal Encryption Device uses replaceable microSD memory cards for infinite expandability. When you run out of storage space, just install a new card. Unique to Hydra PC encryption devices, encrypted files can be stored anywhere, including the computer hard drive, Web servers, and even in the cloud.
Secure Transfer with Data Containment
Hardware-enforced security domains ensure that encrypted files on the device can be accessed only when the Personal Encryption Device is connected to a designated computer. If the device is connected to a computer outside of its security domain, encrypted data cannot be accessed, even with the correct device password. Security domains prevent users from removing sensitive data or using an unauthorized computer to maliciously or inadvertently breach data security. Administrators can block read/write access from the Personal Encryption Device to “rogue” external storage devices.
Strong Hardware-Based Encryption
All data encryption is performed in the tamper-resistant, epoxy-coated cryptographic hardware. The access password is never stored on the device, in software, or on a host computer, even in encrypted or hashed form. This safeguards the keys, passwords, and encrypted data from physical attack whether or not the device is connected to a computer. The encryption algorithms meet or exceed U.S. Government requirements, making Hydra PC USB security devices the strongest commercially available.
Integrity checks at each encryption and decryption operation verify that the data has not been tampered with while encrypted.
Signed, Encrypted, and Sealed
At encryption time, both the plaintext and the resulting ciphertext are digitally signed and time-stamped, and the originator’s credentials are embedded. The encrypted file becomes the sealed document of record because, when encrypted, nothing, including who has access to it, can be altered without destroying the ability to decrypt the file. The content, time of encryption, and the device used to encrypt the file can all be independently verified.
Secure Key Generation and Protection
All SPYRUS security devices use the latest approaches to random number and key generation, using a hardware-based random-number generator. After generation, private keys can never be exported or extracted from the device. Because encryption keys are never exported or escrowed, they are never exposed or vulnerable to hackers.
Any attempt to penetrate or probe the device while it is connected to a computer causes the RAM and all keys, variables, public security parameters, and certificates stored in EEPROM to be deleted.
|
