KeyDrive products use a number of different ciphers to process and store the information used internally. Using different cryptographic techniques makes it much more difficult for any un-authorised individual to expose the secret information used and processed by the KeyDrive II product family.

Information protected with KeyDrive remains encrypted at all times on the disk - even while the user is working with the files.

The end-user application, once installed on the users notebook or desktop is practically invisible to the user and requires no action on the part of the user other than inserting their authentication Hardware device, and supplying the user entered PIN number.

The KeyDrive II Pro Administration Utility is a specially designed software and hardware combination that allows central administration of the KeyDrive II client parameters for remote end-users. The utility also provides automatic creation of rollout install sets for users to access via a standard network.

Access to the KeyDrive II Pro Administration Utility is protected by a dedicated Hardware device containing both user entered and system-generated information. This information is used to dynamically generate the appropriate cryptographic certificates/keys for the physical disk encryption in conjunction with a very sophisticated random number generator.

The RNG is a Linear Feedback Shift Register (LFSR) Random Number Generator with a variable Period from 2^32 -1 to 2^2032 -1, Standard is 2^128 -1 with .Seed('', -1). This will produce a very high quality random number and the period has no effect on the speed. This is considerably more efficient than generating very large prime numbers and something like 1,000 times faster.

Due to the high quality of the random number and the way in which the key information is stored this information is critical to the operation of KeyDrive II Pro. As a security measure we recommend the creation of two Administration hardware devices, one to act as the primary Hardware device and the other to act as a backup hardware device. We strongly suggest these Hardware devices are stored in a safe under the control of a company officer/director in accordance with the Corporate IT Security Policy.

The information stored on the Administration hardware device is encrypted with Blowfish, using Cipher Feed Back and a random vector. No information is stored on the hardware device in clear form. The communication architecture ensures that all information sent to the hardware device is stream encrypted prior to writing to the Hardware device. All information read from the hardware device is retrieved in raw stream encrypted form and is decrypted directly into memory. After the information has been used the area of memory where the information resided is "burned". This results in a secure data exchange between the Hardware device and the PC.

The information stored on the KeyDrive II and KeyDrive II Pro client or user Hardware devices is encrypted with IDEA, using Output Feed Back and a random vector. No information is stored on a user Hardware device in clear form. The communication architecture ensures that all information sent to the Hardware device is stream encrypted prior to writing to the Hardware device. All information read from the Hardware device is retrieved in raw stream encrypted form and is decrypted directly into memory. After the information has been used the area of memory where the information resided is "burned". This results in a secure data exchange between the Hardware device and the PC.

Control and configuration information files used by KeyDrive II and KeyDrive II Pro are stored in encrypted form on the users disk. These files are encrypted with TwoFish, using Cipher Block Chaining and a defined initialisation vector. Once again the only time this information is decrypted is in very short-term memory, which is "burned" after use.

PIN Numbers and Master Security Officer Passwords are NOT stored on the hardware device. KeyDrive II and KeyDrive II Pro stores a secure hash of the codes in a secure area of the Hardware device in protected firmware. PIN numbers and passwords are hashed prior to being passed to the hardware device and a result code is received from the hardware device directly into the application.

The actual KeyDrive volume itself is encrypted with a highly optimised version of Blowfish, Cast-256, Des-56, Triple DES or IDEA, as selected by the user or Administrator (depending on product). These are written in assembly language to give the highest possible speed. The key used for the encryption remains a secret even, in KeyDrive II Pro, from the administrators who created the system.

Some Questions & Answers

Q. KeyDrive II secured data is decrypted in real time as it is passed to the video driver and re-encrypted as it leaves the screen. Does this means there wonˇ¦t be any spyware or Trojan or Keyboard Sniffer attack possible for any data secured by KeyDrive II, even it is open?

A. KeyDrive works by brokering file read/write tasks received from Windows and only delivering the portion of the data required by Windows. In circumstances like playing media files the operating system uses streams. KeyDrive encrypts and decrypts those streams to and from Windows memory. Unlike many of our competitor products the entire file is never fully decrypted unless it is very small (less than one sector). Keyboard sniffers and Trojan attacks take many forms and KeyDrive will help in protecting against those attacks but it should not be a first line of defense against Trojans and sniffers. KeyDrive also has code to prevent the running of debuggers and executable viewers. These are the most common tools used against a crypto solution. KeyDrive has good defense against this type of attack.  

Q. Is there any facility available to validate the integrity of the encryption method? Is there any security certifications or audit facilities?

A. Yes - The encryption methods and algorithms used inside KeyDrive are part of the Secure Technology Group Cryptographic library. This library fully conforms to the industry standard vector testing. We can supply vector output documentation on request. A cryptographic vector is a known output for a known string with a known algorithm. All of our methods fully conform and produce 100% accurate vectors.

Q. What are the possibilities of data secured by KeyDrive II being hacked? Are any clues of passwords or phrase stored in windows files?

A. No. The only place the passwords are stored is in the device. The data in the device is also encrypted. KeyDrive does not pass the password to the device so the clear password does not route via the USB channel. KeyDrive creates a challenge/response for password validation. There is a recovery record stored in the KeyDrive volume which contains sufficient information to allow recovery of the volume but the security and PIN information is required to be input by the user.

ˇ@

ˇ@