Q. What is a USB hardware device?

Q. What is multi-factor authentication?

Q. How Does KeyDrive Secure Volume work?

Q. Why don't you encrypt the whole drive?

Q. What if a user loses their hardware device?

Q. What happens if I pull the hardware device out?

Q. What if a user leaves their hardware device with the laptop?

Q. What if a thief removes the drive and puts it into a Notebook/PC they have access to can they read my KeyDrive?

Q Is data stored in a secure volume ever accessible in clear text - i.e. not encrypted?

Q. What is a USB hardware device?

A. A USB hardware device is cost-effective security hardware device and provides an innovative solution to a wide variety of computer security and information control issues. They are ideal for controlling access to network services, or anywhere a password, cookie, digital certificate or smart card is used today.

The hardware device can be plugged into any standard USB port. Like smart cards and other cryptographic software keys, the USB hardware device is a reliable, easy-to-use security solution, without the complications and cost of a smart card reader.

A. Multi-factor authentication is where, to have one's identity confirmed, a user must supply more than one form of identification e.g. a software only identification, e.g. a software only Login and Password known to the user, uses only one type of data and so, is termed single-factor'. However, a physical piece of hardware, e.g. a USB hardware device, along with a piece of information known to the user requires two separate checks - possession of the hardware, and knowledge of the information. It is therefore, always more secure than single factor identification..

A. If the KeyDrive secure volume is enabled, once the login information is verified, access is granted to the secure volume - on the local machine or on a network server. If the hardware device is removed from the USB port or an invalid PIN code is entered access is denied.

All applications or data stored in the secure KeyDrive secure volume, whether locally or on a network drive is encrypted when en route to and from the application using the secure KeyDrive II secure volume - it is automatically, transparently and in real-time encrypted or de-crypted when used by the application.

A. Why encrypt standard software and the operating system if anything goes wrong with it you cannot recover your data. If you wish to protect bespoke or VPN software put it in the KeyDrive.

A. There is a full challenge response recovery process in KeyDrive to enable users to get back to their data without revealing their data to anyone including the administrator in the case of Pro.

A. It depends on the level of security set and if files are open but in all cases the data is protected etc.

A. Providing they don't leave the PIN number as well then after a pre-set number of wrong attempts by a unauthorised person we blow a software fuse in the hardware device so that it won't work without being sent back to the administrator. Most users or administrators set this at four or five.

A. No, the data on the KeyDrive remains encrypted at all times so even if they took it to a laboratory and read the data from the surface it will be encrypted gobble-dee-gook. Unlike some products we never decrypt data on the drive.

A Information protected with KeyDrive II remains encrypted at all times on the disk - even while the user is working with the files.

Q. What is the largest size drive I can create with KeyDrive II?

Q. I been trying to delete a KeyDrive II volume I created but after I re-run KeyDrive II program, the volume seen to be still there?

Q. I couldnˇ¦t find the option to change my workstation windows passwords?

Q. Does KeyDrive II interfere with or prohibit ActiveX Controls running on my machine?

Q. KeyDrive II secured data is decrypted in real time as it is passed to the video driver and re-encrypted as it leaves the screen. Does this means there wonˇ¦t be any spyware or Trojan or Keyboard Sniffer attack possible for any data secured by KeyDrive II, even it is open?

Q. Is there any facility available to validate the integrity of the encryption method? Is there any security certifications or audit facilities?

Q. What are the possibilities of data secured by KeyDrive II being hacked? Are any clues of passwords or phrase stored in windows files?

Q. What can I store in my KeyDrive Volume?

Q. Does KeyDrive have a speed impact?

Q. Can I have a KeyDrive volume On my network?

Q. Can I use KeyDrive without a USB port?

Q. What operating systems are supported?

Q. Will KeyDrive run on servers?

Q. I have a USB port on my PC but it does not recognise my USB hardware device?

Q. What are the main differences between KeyDrive II and KeyDrive II Pro?

Q. How does a KeyDrive secure volume work?

Q. Can KeyDrive II be re-installed on a new PC if the user upgrades his hardware? Can the secure data be transferred?

Q. What are the implications of losing a hardware device or forgetting PIN Numbers in KeyDrive II?

Q. Can a KeyDrive II user upgrade to KeyDrive II Pro?

Q. What if I think someone has discovered my PIN number?

Q. What if I run out of room on my KeyDrive?  

Q. Can I have more than one KeyDrive?

Q. What if my disk drive crashes do I lose my data? 

Q. What if I allow my local PC's drive to be shared whilst I'm on the network can others see my data?

Q. Do I need Administrative Rights to set up KeyDrive II?

Q. What is the largest size drive I can create with KeyDrive II?

A. This depends on a combination of the operating system and the version of KeyDrive. See the features page for a size comparison.

Q. I been trying to delete a KeyDrive II volume I created but after I re-run KeyDrive II program, the volume seen to be still there?

A. Control Panel/Uninstall will uninstall KeyDrive II but it will NOT remove the secure volume/data. This is deliberate policy to prevent malicious deletion of the secure data.

Q. I couldnˇ¦t find the option to change my workstation windows passwords?

A. What level of Desktop Security did you set up? This menu option is only visible if you selected authenticated Windows Logon.

Q. Does KeyDrive II interfere with or prohibit ActiveX Controls running on my machine?

A. KeyDrive has no effect on ActiveX or COM. KeyDrive does install a device driver for the file system and a service layer monitor. It may be that the monitor is clashing with your ActiveX controls but this is unlikely. Please provide more details including the ActiveX that has been stopped, the OS and version etc. to support@secure-technology.com

Q. KeyDrive II secured data is decrypted in real time as it is passed to the video driver and re-encrypted as it leaves the screen. Does this means there wonˇ¦t be any spyware or Trojan or Keyboard Sniffer attack possible for any data secured by KeyDrive II, even it is open?

A. KeyDrive works by brokering file read/write tasks received from Windows and only delivering the portion of the data required by Windows. In circumstances like playing media files the operating system uses streams. KeyDrive encrypts and decrypts those streams to and from Windows memory. Unlike many of our competitor products the entire file is never fully decrypted unless it is very small (less than one sector). Keyboard sniffers and Trojan attacks take many forms and KeyDrive will help in protecting against those attacks but it should not be a first line of defense against Trojans and sniffers. KeyDrive also has code to prevent the running of debuggers and executable viewers. These are the most common tools used against a crypto solution. KeyDrive has good defense against this type of attack.  

Q. Is there any facility available to validate the integrity of the encryption method? Is there any security certifications or audit facilities?

A. Yes - The encryption methods and algorithms used inside KeyDrive are part of the Secure Technology Group Cryptographic library. This library fully conforms to the industry standard vector testing. We can supply vector output documentation on request. A cryptographic vector is a known output for a known string with a known algorithm. All of our methods fully conform and produce 100% accurate vectors.

Q. What are the possibilities of data secured by KeyDrive II being hacked? Are any clues of passwords or phrase stored in windows files?

A. No. The only place the passwords are stored is in the device. The data in the device is also encrypted. KeyDrive does not pass the password to the device so the clear password does not route via the USB channel. KeyDrive creates a challenge/response for password validation. There is a recovery record stored in the KeyDrive volume which contains sufficient information to allow recovery of the volume but the security and PIN information is required to be input by the user.

Q. What can I store in my KeyDrive Volume?

A. Anything you can store on a standard hard disk. Applications, data, documents, presentations, spreadsheets. An easy trick is to set MS Office applications to save all documents to your KeyDrive - that way they will always be protected by default.

A. KeyDrive has been written in highly optimised code to be as fast as possible. You will not be able to see any meaningful difference in speed when using KeyDrive.

A. Yes. KeyDrive II and KeyDrive II Pro both support KeyDrive volumes saved to a disk on a network server.

A. No. You need a KeyDrive USB hardware device to complete the security system. If your PC or notebook does not have a USB port, you cannot use KeyDrive on it. You may wish to talk to your local PC store about the possibility of fitting USB port support to your PC.

A. KeyDrive is developed to run on Windows 98, Windows ME, Windows 2000 and Windows XP. It will also run on some later versions of Windows 95 with USB support loaded. It is not designed to run on earlier versions of Windows e.g. Windows 3.1, or on Apple or UNIX systems.

A. KeyDrive is designed as a client application. It is not designed to run on servers.

A. Check that your BIOS has USB port enabled and that you are using the most recent version of he BIOS. If in doubt, check with your local PC store.

A. For a detailed comparison, please see the Features table elsewhere on this site. However, in summary, the main differences are as follows: - KeyDrive II is a single user, two-factor, real-time encryption product which creates an encrypted virtual drive on a PC or laptop, access controlled by way of a personalised USB Hardware device. The maximum secure volume available is 10 GB.

It incorporates lost hardware device and PIN recovery routines. It also incorporates an advanced desktop security option with four settings including secure screen lockdown and authenticated Windows Logon. It also incorporates a number of advanced drive management tools including secure backup & Restore, drive resizing and relocation, disk and page file cleaning, integrated support and customisation potential. KeyDrive II Professional, is a network enabled two-factor, real-time encryption product which creates an encrypted virtual drive on a PC or laptop, access controlled by way of a personalised USB Hardware device. The maximum secure volume available is 2 TB.

It also incorporates an advanced desktop security option with four settings including secure screen lockdown and authenticated Windows Logon and the disk management utilities also included in KeyDrive II Advanced. It uses a central Administration Utility to pre-configure client builds and has extensive 'intelligent' rollout support and progress report capability built in.

Lost Hardware device and data and PIN recovery routines are also centralised as are extensive powers to customise user access to customisation and disk management features. purchase is a five license set which includes the Administration Utility.

A. KeyDrive creates an additional drive on the hard disk - let's call this the S:\ drive. This drive is ALWAYS ENCRYPTED, and can only be accessed when you plug in the special USB Hardware device into a USB port on the laptop and enter a PIN number chosen by and known only to you. With the hardware device in place the drive is mounted and is visible. Files can be read, saved, copied and deleted to and from as if it were a normal drive.

Take the key out of the USB port-and it disappears. The S:\ drive is dismounted and reverts to its hidden state. It is removed from the drive list in Explorer and is both ENCRYPTED and INVISIBLE If you lose your key or forget your PIN, YOU can recover your data but no one else can.

A. Yes. KeyDrive II can be re-installed as often as the user wishes. However, it is important to note that the hardware device will be re-programmed by this process which means that the previous secure KeyDrive volume will no longer be accessible. This data will therefore no longer be accessible. To prevent this happening, prior to creating the new installation, the user should: -

	open their current secure KeyDrive volume,
	copy the secure data into a non secure area,
	create the new KeyDrive volume and
	copy the data into the new KeyDrive volume and delete the copy of the data in the insecure location.

ˇ@

Q. What are the implications of losing a hardware device or forgetting PIN Numbers in KeyDrive II?

	Lost hardware device: - You can recover your secure data with a new Recovery hardware device provided you know the Recovery Phrase and Series Name used when programming the initial Hardware device or, if you used the Automatic Setup routine, you know your Security Password.
	Forgotten hardware device Password: - If you forget your hardware device Password, you will not be able to re-program your hardware device. However normal operation of KeyDrive II will not be effected.
	Forgotten PIN Number: - If you forget your PIN Number, you will be permitted four attempts after which your hardware device is disabled. If you enter the correct PIN Number after having entered incorrect PIN numbers less than four times, your PIN count is re-set to zero. If it is disabled, you can reset it under the procedure described n detail in the Manual.
	Forgotten Recovery Key or Phrase: - If you forget your Recovery Phrase, you will not be able to program a Recovery Hardware device should you lose your original hardware device and therefore will not be able to recover your secure data. However normal operation of KeyDrive II will not be effected (providing you haven't lost your original hardware device).
	Forgotten Series Name: - If you forget your Series Name, you will not be able to program a Recovery Hardware device should you lose your original hardware device and therefore will not be able to recover your secure data. However normal operation of KeyDrive II will not be effected (providing you haven't lost your original Hardware device).

Q. Can a KeyDrive II user upgrade to KeyDrive II Pro?

A. It is not possible to upgrade from KeyDrive II to other products within the KeyDrive Family.

A. In most cases you will be able to change this unless (in KeyDrive II Pro) your administrator disallowed this process.

A. You can change the size of your drive and which physical drive it is located on providing (in KeyDrive II Pro) your administrator has enabled this function.

A. Yes, but not with one hardware device, as each hardware device is unique to each KeyDrive.

A. If you have backed it up it can be copied onto another machine and only your hardware device will open it. If you don't have a back up and a recovery company manages to read the file (it will still encrypted and secure so that they can't read it in clear) they can copy it onto a new drive for you to use.

A. No, because the data is only decrypted on the local PC that has the matching Hardware device in it.

A. The proper operation of the KeyDrive II requires the ability to read and write to the Registry. Under some operating systems, Microsoft, by default, disables this ability for Restricted Users so, in these instances the user needs to be either given Standard User rights or given specific rights to read and write to the KeyDrive II area of the Registry. These are at HKEY_LOCAL_MACHINE / Software / Secure Technology Group / KeyDrive II.

With some operating systems, the host machine may need to have Administrator Rights during set-up and that set-up is completed when you successfully log onto your configured KeyDrive II drive for the first time. KeyDrive II is designed as a stand-alone product and the presumption is that the user will also be the installer i.e. you can assign yourself ADMIN RIGHTS when installing and setting up the KeyDrive volume.

If an Administrator is setting up KeyDrive II for a user other than himself, he may need to log onto the User's PC as ADMINISTRATOR, grant the User account temporary ADMIN RIGHTS, log out and log on again as the USER, install and set-up the KeyDrive volume, log out again, and if he wishes, log on again as ADMINISTRATOR and reduce the User's rights to standard user rights.

If, however, there is a corporate security policy requirement for Administrator configuration and control of KeyDrive II volumes, we would recommend that you consider KeyDrive II Professional instead of KeyDrive II.

KeyDrive II Professional

Q What is the purpose of the KeyDrive II Pro Administration Utility?

Q What is 'Intelligent Setup?

Q Can a KeyDrive II Pro user be migrated to a new PC? What happens to his data?

Q. What if my drive is on a server I access over the network could someone see my data as it travels across the network?

Q. What if I allow my local PC's drive to be shared whilst I'm on the network can others see my data?

Q. When I back up my data onto the server designated by the administrator will he/she be able to read it?

Q. I'm concerned that users will lose their hardware device?

Q. I understand how you can create a replacement hardware device but what if the MD is travelling abroad and loses his hardware device.

Q. Can you update Windows Passwords if you use Authenticated Windows Logon?

Q. Is there a maximum Administrator password length?

Q. Does a User need Administration Rights to set up KeyDrive II Pro Clients?

Q What is the purpose of the KeyDrive II Pro Administration Utility?

A. The Administration Utility is a specially designed software and hardware (two-factor) combination that allows central definition and management of KeyDrive II Pro user configurations. It enables the creation of rollout 'install sets' for users to access via a standard network. This means the Administrator can define such items as: -

	Desktop or Logon Security Level
	Which encryption algorithm to use,
	Which file format to use,
	Drive sizes and location,
	On-line support options and
	Customisation options.

Q What is 'Intelligent Setup?

A A significant feature of the Administration Utility is the ability to incrementally enable 'Intelligent Set-up'. This enables the client installation to default to the next nearest sensible option if that defined in the configuration profile is not available.

This should be configured in line with company IT Security Policy. For example if the company intends to roll out additional software that must reside on the secure drive, the drive letter must be correctly defined, therefore Intelligent Set-up should be disabled on this feature. If this were, for example, defined as 'E' and a PC/notebook already had a drive "E" then the install would "Fail" and the report automatically sent to the Administrator would enable him to rectify the problem.

If, on the other hand, the choice of drive letter was not critical, Intelligent Set-up could be enabled and the secure drive installation would default to drive "F". The report would now indicate a successful install but with a fully documented "Variance".

A. Yes. There is a facility in the KeyDrive II Pro Administration Utility to permit used user hardware devices to be recycled.

Q Can a KeyDrive II Pro user be migrated to a new PC? What happens to his data?

A. Yes. First create a 'dummy' installation on the new PC using the same configuration as the existing one. Then locate the .kdv file on the original PC and the .rcv file in the Secure Technology Group/KeyDrive II Pro folder in the original PC and copy them across to the new PC, overwriting the dummy .kdv and .rcv files. The new secure volume will contain all of the user's secure data.

If, however, 3rd party applications were also stored within the secure volume these may need to be re-installed.

A. No, the data is only decrypted and encrypted on your local machine so all data in both directions is encrypted at all times.

A. No, because the data is only decrypted on the local PC that has the matching hardware device in it.

A. No, your hardware device and PIN number is needed to open your KeyDrive.

A. The hardware devices are designed to go on a key ring so that they don't get lost. In some cases users put them on the chain they carry their company ID card on.

A. He can take a recovery hardware device with him and because it cannot be used until he goes through the challenge response and enters data known only to him the hardware device is no good to anyone.

A. Yes.

A. Yes. 16 characters.

A. The proper operation of the KeyDrive II Pro Client requires the ability to read and write to the Registry. Under some operating systems, Microsoft, by default, disables this ability for Restricted Users so, in these instances the user needs to be either given Standard User rights or given specific rights to read and write to the KeyDrive II Pro area of the Registry. These are at HKEY_LOCAL_MACHINE / Software / Secure Technology Group / KeyDrive II Pro.

Please also note that with some operating systems, the Client machine may need to have Administrator Rights set during set-up and that set-up is completed when the user successfully logs onto his configured KeyDrive II Pro drive for the first time.