Smart Card Systems is a leading integrator and consultant of premier security products.
.
 

Smart Card Readers
ActivCard
Encryption
Biometric
Token Log On
RADIUS Servers
Single Sign on
RADIUS for Web
Project Management
Global Fulfillment
Integration
Security Assessment
Gap Analysis
Remediation
HIPAA
Government

Applications

Navigate Security
 

catalog

SecureDoc’s unique Encryption Design

For pricing, please contact:Sales@smart-cardsys.com.

 

SecureDoc Disk Encryption features:

1) Full and transparent protection

SecureDoc simply encrypts all data written to the disks, leaving no chance of sensitive data leaking to temporary files. After an initial conversion, which encrypts existing data, your data on disks is AT ALL TIMES encrypted, even if the power goes out while you are working. Having even Windows system files and Windows registry encrypted, SecureDoc users do not have to consciously encrypt files or save them to certain encrypted folders to have them protected.

The user-friendly SecureDoc provides full protection with complete transparency. Users do not have to learn any new applications or procedures except to enter a password to boot the PC.

2) Support of hardware tokens

Actually users may have to possess a smart card to boot the PC.

For a higher level of security – and at the same time reducing support costs related to forgotten passwords - SecureDoc supports hardware tokens. Unlike other products, which only talk with the tokens after Windows starts and leave the real protection to password-only, WinMagic went the extra miles to integrate SecureDoc with hardware tokens right at PRE-BOOT time.

An organization can use a mix of combinations of passwords, tokens, biometrics and PKI authentication. SecureDoc currently supports Datakey smart cards with serial and PC-card readers. USB readers follow. In combination with Smart Cards, SecureDoc supports most PKI vendors such as Baltimore, Digital Signature Trust and VeriSign. You can use the same smart card, and its public key pair, to perform e-Commerce operations and protect your PC with SecureDoc.

3) Wide range of platforms

SecureDoc is available for Windows 95, 98, NT, 2000, ME and XP.

SecureDoc can encrypt FAT, FAT32 and NTFS drives. It is compatible with most disk utilities such as anti-virus, boot manager, disk imaging, defragmenter software. Folder encryption software such as Entrust ICE or Windows 2000/XP Encrypting File System EFS can work on disk encrypted by SecureDoc.

SecureDoc works with removable drives such as floppy disks, ZIP, and JAZ drives, IBM MicroDrives.

4) Key labeling (Role and Identity-based):

SecureDoc lets users assign names or labels to keys used for encryption. While adding an extra step users have to perform, this concept gives you features you won’t have otherwise: sharing access to encrypted objects. If, for example, you encrypt a floppy disk and would like to share access of that floppy to specific users, you can select to have that encrypted object (the floppy) protected by different keys available to different users.

You can have a role and identity-based key management by simply labeling user keys and group keys accordingly. As an example, John Smith may have a key file containing the role-based keys “Sales Department,” “Sales Department Group 3” and an identity-based key “John Smith”.

A laptop may be encrypted and protected with the key “Sales Department,” which is accessible by all sales agents in the department. Another laptop is shared only in the Group 3 of the sales department; and yet another desktop is protected by the key “John Smith,” to which only he has access.

Combinations of key files and key labeling represent a very flexible way to share access. The concept of sharing is a definite advantage when you consider removable drives such as the floppy disk, ZIP disks or IBM MicroDrives; you can specify only one user can use the disk, or thousands of users.

5) Enterprise version

  SecureDoc Central Database lets administrators manage users' profiles and keys. The central administrators can set users’ privileges such as disk re-encryption, decryption, select or modify disk accesses, password rules. The central administrators have access to all PCs; this guarantees the ability to recover data in case an employee forgets password, loses the smart card or leaves the company.

  Central Administration allows remote installations. This installs and sets up all users' PCs through the network without the time-consuming administration work on each individual PC. Users can be working while the initial disk encryption (conversion of existing data to encrypted) is taking place in the background or the admin can run the whole setup during the night without being at the workstation using software distribution tools such as Microsoft SMS, Novell ZENWorks, Tivoli etc...

Remote one-time password key recovery allows a user, who has forgotten his or her password, to log on his or her PC. The help desk can issue a one-time key to unlock the password in a special challenge-response way so that a potential attacker even if he has intercepted the key transmission would not pose a threat.

  All the events are logged into an audit log. Audit logs allow administrators to monitor and analyze possible attacks or users’ actions.

You may have heard of the concept of a “Master password” which allows the master administrator to access ALL computers of the enterprise. Some products offer “Master admin” and “Local Admin” both of which can access user’s PC. While offering the assurance that the enterprise can access all PCs even if user forgets password, this “Master password” carries a huge risk as price tag: it also means that if the “Master password” is compromised, ALL computers in the enterprise are compromised.

SecureDoc handles this issue differently. SecureDoc allows access to all enterprise PCs without having a “master password” or even a “master key”. A remote one-time challenge-response key file unlock is performed without the vulnerability of a master key or password.

For more information, please see “SecureDoc’s unique Encryption Design”.


6) Cryptographic Standard PKCS-11

A challenge in designing security applications is to provide best-of-breed solutions while aiming at an INTEGRATED secure solution where users need to authenticate only once to open all resources, whether they be Windows log-on, Network log-on, log-on to access encrypted disks and files, Database log-on or log-on to other applications. To achieve this goal, the international PKCS #11 standard for security products has been devised. It allows quick and easy compatibility. It is the most widely used cryptographic API in the world, supported in the Open Card Framework proposed by Sun, IBM, Netscape and Oracle, Entrust and other security vendors. It is also used in the Intel CDSA standard, adopted by the Open Group.

WinMagic is proud that SecureDoc is designed based on the PKCS #11 standards. Thanks to this structure, SecureDoc can easily facilitate integration with other products such as:

  • Smart Cards for use in Electronic Commerce
  • PCMCIA cards, biometric devices, and other hardware tokens
  • hardware accelerators
  • and other applications such as Email software, browsers, and Public Key Infrastructure applications.

In fact, SecureDoc is the only disk encryption software product with a version employing a PCMCIA card based FORTEZZA token, on which all the cryptographic functions are performed. Having the encryption performed on a hardware token provides a higher level of security as the encryption keys are NEVER in the PC memory.

7) Certification, Formal Evaluations

To determine whether a security product does as its vendor claims, a purchaser has three options: trust the vendor, test the product, and/or rely on an impartial third party with the experience and knowledge to evaluate the product. WinMagic believes in peer review as well as formal validation by third parties and has made SecureDoc source code available to several credible third party validation bodies.

a) Source code validation is the only way to verify that a product does not have (vendor) back doors. Bruce Schneier, world-renowned crypto-analyst and creator of the BlowFish and TwoFish algorithms (a final AES candidate) has reviewed and crypto-analyzed SecureDoc source code. Bruce has verified the strength of SecureDoc's construction, and testified that there are no security holes.

"SecureDoc's sector based encryption is smart. It sits at the lowest level and intercepts all requests to read and write to the disk, so the entire disk is encrypted and no sectors are missed. With strong, trusted encryption algorithms, SecureDoc has a clean design."

Bruce Schneier, world renowned cryptographer, author of "Applied Cryptography", and president of Counterpane Systems.



b) SecureDoc has undergone strict tests required by the Common Criteria Evaluation and Certification Scheme for security software. These standards are recognized and endorsed by 13 countries, including the United States, U.K., Germany, and Canada. All testing takes place in high-quality, controlled facilities accredited to ISO/IEC Guide 25 specifications (guidelines for the testing IT security products and systems). The results of the evaluation are that SecureDoc 2.0 is a secure product that in fact has all of the security features and strengths as laid out in its documentation. In addition, SecureDoc is one of the very few disk encryption products, if any, to receive Cryptographic module Validation Certificates for DES and triple DES from the National Institute of Standards and Technology (NIST) .

c) SecureDoc cryptographic engine has been submitted to FIPS 140-1 level 2 validation. The United States Congress requires the entire Federal government, including federal contractors, to use FIPS 140-1 certified cryptographic devices when they exist. SecureDoc, with an even higher level 2 validation, will satisfy this requirement for a broad class of government security implementations.

While most software products can only achieve a level 1 validation, WinMagic has designed SecureDoc to go for level 2 and even most of the level 3 requirements. This achievement underscores a trusted platform not only for the government but also for any enterprise that wishes to protect its sensitive data on laptop and desktop PCs.

SecureDoc is a pre-qualified IT security product for Canadian Government agencies, see the CSE pre-qualified product .

The FORTEZZA version is the only one disk encryption certified by the NSA for SECRET data for US Government agencies, see NSA certification.

In summary, SecureDoc’s encryption offers more security and adaptability. SecureDoc disk encryption is based on PKCS#11 standards from the ground up, employs state-of-the–art encryption concepts and possesses the unique centralized key management without the vulnerability of a “Master password”.

For more information, please see our White Paper and SecureDoc’s unique Encryption Design”.