Hiddn KryptoDisk 2 Посібник користувача - Сторінка 9

Переглянути онлайн або завантажити pdf Посібник користувача для Зберігання Hiddn KryptoDisk 2. Hiddn KryptoDisk 2 17 сторінок. Selfkey model
Також для Hiddn KryptoDisk 2: Посібник зі швидкого встановлення (2 сторінок), Посібник користувача (16 сторінок)

KRYPTODISK 2 |
USER PRIMARY AND DATA RESTORE CARD
For information on how to zeroize and which method to use, please refer to section 8 – Admin menu.

Understand the principles behind Hiddn's unique security technology

To increase your familiarity with the security concepts underpinning the KryptoDisk 2, please refer to section –

6 - Important information about Hiddn's security principles.

6. Important information about Hiddn's security principles
This section contains information on the key principles of Hiddn's encryption and authentication technology,
the core of the KryptoDisk 2's encryption module.
The KryptoDisk 2 derives its matchless security from a two-factor authentication scheme, where the factors are
something you know – a PIN code – and something you have – a smart card. The key used to decrypt the data
on the KryptoDisk 2 is stored on the smart card, and it is only transferred to the device if the correct PIN code is
entered. Thus, the data on the device is impossible to access unless both factors are present.
The encryption solution used in the KryptoDisk 2 uses two Common Criteria EAL5+-approved smart cards (the
user primary card and the user data restore card), each of which contains two different keys.
The data encryption key ("DEK") is the key that is used to encrypt and decrypt the data stored on the device.
Without the DEK, the data is completely unreadable and impossible to interpret. Because of this, the key is
identical in the user primary card and the user data restore card.
The communication key is the key that allows the KryptoDisk 2 and the smart card to communicate securely,
which is necessary for the DEK to be transferred safely. The communication key is unique for each user primary
card and user data restore card.
During initialisation, the communication key is copied from the smart card to the KryptoDisk 2 in a non-
repeatable process, thus opening a secure communication channel between the device and that specific smart
card. Because the encryption module can only hold one communication key, it is impossible to unlock the
KryptoDisk 2 using another smart card, unless the device or card is zeroized.
Each time you use the KryptoDisk 2, the DEK is transferred from the user primary card to the device, allowing
you to decrypt and access the data on the drive. If the device is unplugged from the computer, the DEK is
deleted and must be transferred from the smart card again. This ensures that the data is secure even if the
KryptoDisk 2 is lost or stolen.
Zeroizing is the process of disabling communications between the KryptoDisk 2 and its matching smart cards,
and the opposite process of initialising. It is a key security feature, because the communication key can only be
transferred once from a smart card. Thus, zeroizing the KryptoDisk 2 ensures that a lost or stolen smart card
can never be used to access the data on the device. Please refer to section 8 – Admin menu for information on
how to zeroize your KryptoDisk 2 safely according to your needs.
NB: Zeroizing must be performed with care, as it can possibly make all the data on the device unrecoverable if
no user data restore card exists or while user data restore card is the active card.
9