Hiddn KryptoDisk 2 Руководство пользователя - Страница 8

Просмотреть онлайн или скачать pdf Руководство пользователя для Хранение Hiddn KryptoDisk 2. Hiddn KryptoDisk 2 16 страниц. Selfkey model
Также для Hiddn KryptoDisk 2: Руководство по быстрой установке (2 страниц), Руководство пользователя (17 страниц)

KRYPTODISK 2 |

SELFKEY

Back up your data

Make sure that you have a secure backup of your data, in case your device is lost, stolen or malfunctions.

Zeroizing is a key security feature in the KryptoDisk 2, which allows the user to disable communications

between the device and the Smart Card. For an introduction to the concept of zeroizing, please refer to section

6 – Important information about Hiddn's security principles.

For information on how to zeroize and which method to use, please refer to section 8 – Admin menu.

To increase your familiarity with the security concepts underpinning the KryptoDisk 2, please refer to section 6

6. Important information about Hiddn's security principles

This section contains information on the key principles of Hiddn's encryption and authentication technology,

which lay at the core of the KryptoDisk 2's encryption module.

The KryptoDisk 2 derives its matchless security from a two-factor authentication scheme, where the factors

are something you know – a PIN code – and something you have – a smart card. The key used to decrypt the

data on the KryptoDisk 2 is stored on the Smart Card, and it is securely transferred to the device only if the

correct PIN code is entered. Thus, the data on the device is impossible to access unless both factors are

present.

The encryption solution used in the KryptoDisk 2 uses a Common Criteria EAL5+-approved Smart Card that

contains two different keys.

The data encryption key ("DEK") is the key that is used to encrypt and decrypt the data stored on the device.

Without the DEK, the data is completely unreadable and impossible to interpret.

The communication key is the key that allows the KryptoDisk 2 and the Smart Card to communicate securely,

which is necessary for the DEK to be transferred safely.

During initialisation, the communication key is copied from the Smart Card to the KryptoDisk 2 in a non-

repeatable process, thus opening a secure communication channel between the device and that specific smart

card. Because the encryption module inside the KryptoDisk 2 only can hold one communication key, it is

impossible to unlock the KryptoDisk 2 using another Smart Card, unless the device or card is zeroized.

Each time you use the KryptoDisk 2, the DEK is transferred from the Smart Card to the device, allowing you to

decrypt and access the data on the drive. If the device is unplugged from the computer, the DEK is deleted and

must be transferred from the Smart Card again. This ensures that the data is secure even if the KryptoDisk 2 is

lost or stolen.

Zeroizing is the process of disabling communications between the KryptoDisk 2 and its matching Smart Card,

and the opposite process of Initializing. It is a key security feature, because the communication key can only be

transferred once from a Smart Card. Thus, zeroizing the KryptoDisk 2 ensures that a lost or stolen Smart Card

can never be used to access the data on the device. Please refer to section 8 – Admin menu for information on

how to zeroize your KryptoDisk 2.

NB: Zeroizing must be performed with care, as it will make all the data on the device unrecoverable as the DEK

is no longer in the Smart Card. Before zeroizing we recommend you to take back-up of all data on the

KryproDisk 2. If you require the possibility to restore your data, consider our solution using two smart cards –

a User Primary Card and a User Data Restore Card. For more information, please refer to our website hiddn.no.