Article Index - Product Contact Details

June 2002
KeyDrive
by Wilf Hey

FOR
Provides encryption with all of the advantages and none of the drawbacks. Users have no direct responsibility for encryption and cannot be held to account even if draconian legal requirements are introduced. One encryption strategy serves locally, across the network, and allows encrypted access over the Internet.

AGAINST
None observed.

VERDICT
Simplicity is the key word, and it is achieved wonderfully in this package. Increased security all too often imposes a heavy burden on innocent users, but KeyDrive is a pleasure to use - virtually invisible yet safeguarding data at source, during movement, and even during authorized alteration.

KeyDrive is a significant new product, which facilitates high power encryption of data at its many vulnerable stages. With it you can select to keep vital data encrypted at source, safeguarded from unauthorized eyes. Essentially it is invisible in use, and does not depend on the wisdom, experience or integrity of the user to impose some discipline on how data is handled. Data is kept encrypted - always - and is decrypted for the user at his or her PC only as it is handled (in computer memory) or viewed on the monitor. Some data encryption packages actually decrypt data on the disk when the file is opened by an authorized user, and re-encrypt it when access to the file is released, but KeyDrive decrypts data only as it is accessed. At no point is unencrypted data written onto disk.

Hacker attacks will only net encrypted data, with no keys or clues as to how to make sense of the data, even if the attacks are made during live alterations to the file (such as an active database). The principal ‘cost?of this advanced encryption is that all protected files are treated (by Windows) as if they were mounted together on a removable disk volume. In all other respects, Windows utilities and applications will see the data as if it is clear and unencrypted, so long as these programs are being run by one authorized to see the data.

The technology behind KeyDrive includes the famous iKey, a lightweight device just over an inch long, which takes the role of a token in the encryption system. This iKey token contains within itself information that can be used to effect the encryption and decryption of data. Authorized users have two things: a password and an iKey token. When they begin to use the PC they plug the iKey token into a USB port, then supply their password. The correct password activates the iKey token, and it will in turn provide its information, by which a special driver within the PC system will decrypt information as it is read from outside. When the iKey is removed from the USB port, the necessary decryption information is no longer available. The iKey device is small, attractive (available in different colors) and suitable for use as a fob on a key chain or used as a pendant. The iKey serves the same purpose as a smartcard in that it serves as the key to unlock encryption when it is used, but itself requires a PIN (personal identification number). But an iKey has several advantages, among the strongest being that it does not need a special device (smartcard reader):a USB port is standard on all modern PCs, and supplementary ports are often provided on devices such as keyboards. Another is that it has a very low failure rate by comparison with a smartcard

Installation of KeyDrive on a single station is a matter of a few minutes, and is completely automated. A simple but noteworthy application of this product is to have data in two places - not only in the office but on a portable PC for instance - yet have it secured in both places, using the same method. In this way a sensitive database can be well protected, yet portable. An authorized personal can take away a copy on a portable PC secured by encryption exactly as the original. Even if both the portable PC and the iKey were stolen or lost, the data is still secure, since only the secret password will activate the decryption process.

The interface between KeyDrive and the Windows user is perfectly seamless: as long as KeyDrive is running and the iKey is still present at a USB port, encrypted data files appear as normal (unencrypted) within a special Removable Disk? assigned a device letter. If KeyDrive is closed down or if the iKey is removed, there is not even a letter assigned for the disk. The applications for applying encryption to certain files are numerous: because KeyDrive works at a low level (as a device driver) you can use it to secure even executable programs.

You can make your bank account records private by encrypting them, but you can also make certain programs secure by encrypting them. If the authorized user is sitting at the keyboard (with the iKey plugged in) then all is well. However, if another user gains control, he or she will find no trace of the programs that are on the encrypted volume. Please remember that this encrypted volume is a virtual device: encrypted files themselves need not be on the same physical device, and can reside on the same physical device as unencrypted files.

An advanced version of the KeyDrive system - KeyDrive Pro - has additional features that simplify the process of rolling out several notebook incarnations of KeyDrive and administrating their functionality. It also provides for the recovery of secured information without exposing the data. KeyDrive is built to work on all modern versions of Windows including Windows XP. It can be used in conjunction with standard networks. Yes, you can secure data at one location and use it at another place within the network, being confident in the fact that the data is never decrypted except at the user's application. Therefore, there is no chance that data can be siphoned off a line, eavesdropped, or even dug out forensically from transmission buffers, because it is kept in encrypted form, point to point.