Hiddn KryptoDisk 2 Manual del usuario - Página 9

Navegue en línea o descargue pdf Manual del usuario para Almacenamiento Hiddn KryptoDisk 2. Hiddn KryptoDisk 2 17 páginas. Selfkey model
También para Hiddn KryptoDisk 2: Manual de instalación rápida (2 páginas), Manual del usuario (16 páginas)

Imprimir página

KRYPTODISK 2 |

USER PRIMARY AND DATA RESTORE CARD

For information on how to zeroize and which method to use, please refer to section 8 – Admin menu.

Understand the principles behind Hiddn's unique security technology

To increase your familiarity with the security concepts underpinning the KryptoDisk 2, please refer to section –

6 - Important information about Hiddn's security principles.

6. Important information about Hiddn's security principles

This section contains information on the key principles of Hiddn's encryption and authentication technology,

the core of the KryptoDisk 2's encryption module.

The KryptoDisk 2 derives its matchless security from a two-factor authentication scheme, where the factors are

something you know – a PIN code – and something you have – a smart card. The key used to decrypt the data

on the KryptoDisk 2 is stored on the smart card, and it is only transferred to the device if the correct PIN code is

entered. Thus, the data on the device is impossible to access unless both factors are present.

The encryption solution used in the KryptoDisk 2 uses two Common Criteria EAL5+-approved smart cards (the

user primary card and the user data restore card), each of which contains two different keys.

The data encryption key ("DEK") is the key that is used to encrypt and decrypt the data stored on the device.

Without the DEK, the data is completely unreadable and impossible to interpret. Because of this, the key is

identical in the user primary card and the user data restore card.

The communication key is the key that allows the KryptoDisk 2 and the smart card to communicate securely,

which is necessary for the DEK to be transferred safely. The communication key is unique for each user primary

card and user data restore card.

During initialisation, the communication key is copied from the smart card to the KryptoDisk 2 in a non-

repeatable process, thus opening a secure communication channel between the device and that specific smart

card. Because the encryption module can only hold one communication key, it is impossible to unlock the

KryptoDisk 2 using another smart card, unless the device or card is zeroized.

Each time you use the KryptoDisk 2, the DEK is transferred from the user primary card to the device, allowing

you to decrypt and access the data on the drive. If the device is unplugged from the computer, the DEK is

deleted and must be transferred from the smart card again. This ensures that the data is secure even if the

KryptoDisk 2 is lost or stolen.

Zeroizing is the process of disabling communications between the KryptoDisk 2 and its matching smart cards,

and the opposite process of initialising. It is a key security feature, because the communication key can only be

transferred once from a smart card. Thus, zeroizing the KryptoDisk 2 ensures that a lost or stolen smart card

can never be used to access the data on the device. Please refer to section 8 – Admin menu for information on

how to zeroize your KryptoDisk 2 safely according to your needs.

NB: Zeroizing must be performed with care, as it can possibly make all the data on the device unrecoverable if

no user data restore card exists or while user data restore card is the active card.