Hiddn KryptoDisk 2 Benutzerhandbuch - Seite 8

Blättern Sie online oder laden Sie pdf Benutzerhandbuch für Lagerung Hiddn KryptoDisk 2 herunter. Hiddn KryptoDisk 2 16 Seiten. Selfkey model
Auch für Hiddn KryptoDisk 2: Handbuch zur Schnellinstallation (2 seiten), Benutzerhandbuch (17 seiten)

KRYPTODISK 2 |
SELFKEY

Back up your data

Make sure that you have a secure backup of your data, in case your device is lost, stolen or malfunctions.

Understand the concepts of zeroizing

Zeroizing is a key security feature in the KryptoDisk 2, which allows the user to disable communications
between the device and the Smart Card. For an introduction to the concept of zeroizing, please refer to section
6 – Important information about Hiddn's security principles.
For information on how to zeroize and which method to use, please refer to section 8 – Admin menu.

Understand the principles behind Hiddn's unique security technology

To increase your familiarity with the security concepts underpinning the KryptoDisk 2, please refer to section 6

– Important information about Hiddn's security principles.

6. Important information about Hiddn's security principles
This section contains information on the key principles of Hiddn's encryption and authentication technology,
which lay at the core of the KryptoDisk 2's encryption module.
The KryptoDisk 2 derives its matchless security from a two-factor authentication scheme, where the factors
are something you know – a PIN code – and something you have – a smart card. The key used to decrypt the
data on the KryptoDisk 2 is stored on the Smart Card, and it is securely transferred to the device only if the
correct PIN code is entered. Thus, the data on the device is impossible to access unless both factors are
present.
The encryption solution used in the KryptoDisk 2 uses a Common Criteria EAL5+-approved Smart Card that
contains two different keys.
The data encryption key ("DEK") is the key that is used to encrypt and decrypt the data stored on the device.
Without the DEK, the data is completely unreadable and impossible to interpret.
The communication key is the key that allows the KryptoDisk 2 and the Smart Card to communicate securely,
which is necessary for the DEK to be transferred safely.
During initialisation, the communication key is copied from the Smart Card to the KryptoDisk 2 in a non-
repeatable process, thus opening a secure communication channel between the device and that specific smart
card. Because the encryption module inside the KryptoDisk 2 only can hold one communication key, it is
impossible to unlock the KryptoDisk 2 using another Smart Card, unless the device or card is zeroized.
Each time you use the KryptoDisk 2, the DEK is transferred from the Smart Card to the device, allowing you to
decrypt and access the data on the drive. If the device is unplugged from the computer, the DEK is deleted and
must be transferred from the Smart Card again. This ensures that the data is secure even if the KryptoDisk 2 is
lost or stolen.
Zeroizing is the process of disabling communications between the KryptoDisk 2 and its matching Smart Card,
and the opposite process of Initializing. It is a key security feature, because the communication key can only be
transferred once from a Smart Card. Thus, zeroizing the KryptoDisk 2 ensures that a lost or stolen Smart Card
can never be used to access the data on the device. Please refer to section 8 – Admin menu for information on
how to zeroize your KryptoDisk 2.
NB: Zeroizing must be performed with care, as it will make all the data on the device unrecoverable as the DEK
is no longer in the Smart Card. Before zeroizing we recommend you to take back-up of all data on the
KryproDisk 2. If you require the possibility to restore your data, consider our solution using two smart cards –
a User Primary Card and a User Data Restore Card. For more information, please refer to our website hiddn.no.
8