CompuSec HSM & CompuSec Mobile

Hardware-based

CE-Infosys

http://www.ce-infosys.com

The CompuSec® HSM is the hardware based encryption security suite for Desktop PCs that provides Access Control, Hard Disk Encryption, Email Security, VPN Client, File and Media Encryption, and Single Sign On. The product is developed on a 32-bit PCI board running at 33 and 66 MHZ PCI Bus speed and provides two Ethernet network ports for encrypted network traffic. With the CompuSec security features used in the product, the CompuSec HSM targets at high-end security demands. Incorporating the Pre-Boot-PKI2 technology invented by CE-Infosys, it provides unique features not yet seen on other security products, such as the use of two certificates provided by a smart card and its own integrated security chip to ensure secure authentication and secure remote control process. The product comes with a choice of the USB smart card reader or a Biometric Reader for fingerprint scanning and smart card reading.

The CompuSec® Mobile is the hardware based encryption product for Notebooks that provides Access Control, Hard Disk Encryption, Email Security, VPN Client, File and Media Encryption, and Single Sign On. With CompuSec security features used in the solution and together with CE-Infosys' Pre-Boot-PKI2 technology introduced in mobile devices, the CompuSec® Mobile provide unique features not yet seen on other security products. For the first time, the product combines the hardware based encryption functionality with an integrated smart card reader in a single PC-Card. The use of a smart card as an authentication tool allows easy combination with RF-ID transponder chips for physical access control and more. CompuSec® Mobile directly accesses the smart card using its inbuilt reader before the system loads the operating system to provide a high level of security.

Commercial

Information updated: 28 Jan 08

Free CompuSec

Software-based

CE-Infosys

http://www.ce-infosys.com

FREE CompuSec® is a Security Suite that protects Notebook, Desktop and Tablet PCs. It provides Access Control, Single Sign On, Hard Disk Encryption, CD encryption, file encryption, network encryption and VoIP encryption. This version of CompuSec® is free for private and commercial use with full product functions without any limitations.

FREE CompuSec® provides high level of security with a flexible and transparent mode of operation. Individuals, small groups of users as well as large enterprises use FREE CompuSec®. It combines a complete set of security functions, while providing users the option to configure the product to their own needs. Large organizations will also find a host of special functions to efficiently manage a large implementation of CompuSec®, such as unattended installation, centralized rollout, support for disk images, central software distribution, service functions and central user management.

Hard Disk Encryption - The hard disk encryption uses a fast implementation of the AES algorithm. This encryption also includes the operating system. Multiple Operating systems are supported on a single computer. The initial encryption can be performed immediately after reboot or transparent while the user is using the PC. The latter which is Background-Encryption allows the user to interrupt the encryption process and shut down the computer at any time. The support of the Hibernation mode is very important to mobile users. In Hibernation, the contents of the computer RAM are written to the disk and the computer shut down. When restarted, the contents in the RAM are reloaded from the hibernation file and the user can continue to work. This is faster and allows the user to shut down in the middle of an application. So far, most hard disk encryption products could not support this mode and disabled hibernation. CE-Infosys is the first company providing support for hibernation mode with its product line.

Free

Information updated: 28 Jan 08

EMBASSY Trusted Suite

Software-based, requires TPM

Wave Systems Corp.

http://www.wavesys.com

Wave Systems' EMBASSY Trust Suite (ETS) delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today. ETS 6 features a variety of secure business productivity capabilities with an easy-to-use security center and is compatible with all TCG-Compliant secure hardware platforms.

ETS 6 introduces support for Windows Vista, providing TPM management and security applications that further enhance Vista's security. ETS 6 includes multifactor strong authentication support for hardware-secured Windows login using fingerprints, smart cards, TPMs and passwords. ETS 6 also provides data protection, password management, TPM management, and TPM key backup/recovery. ETS 6 integrates with Wave's enterprise servers for domain-based strong authentication, for enterprise level key management, and for remote administration of Trusted Drives and TPM systems.

For systems containing the Seagate Momentus® 5400 FDE.2 hard drive, the EMBASSY Security Center includes the Trusted Drive Manager to activate and manage the drive’s hardware-based full disk encryption.

Commercial

Information updated: 28 Jan 08

PGP Whole Disk Encryption

Software-based

CE-Infosys

http://www.pgp.com

PGP Whole Disk Encryption provides enterprises with comprehensive, nonstop disk encryption, enabling quick, cost-effective protection for data on PCs, laptops, and removable media. The encrypted data is continuously safeguarded from unauthorized access, providing strong security for intellectual property, customer and partner data, and corporate brand equity.

* Easy, automatic operation – Protects data without changing the user experience.
* Enforced security policies – Automatically enforce data protection with centrally managed policies.
* Accelerated deployment – Achieves full disk encryption using the existing infrastructure.
* Reduced operation costs – Result from centrally automating encryption policies.

As a PGP Encryption Platform–enabled application, PGP Whole Disk Encryption can be used with PGP Universal Server to manage existing policies, users, keys, and configurations, expediting deployment and policy enforcement. PGP Whole Disk Encryption can also be used in combination with other PGP encryption applications to provide multiple layers of security.

Commercial

Information updated: 28 Jan 08

Entrust Entelligence Disk Security

Software-based

Entrust

http://www.entrust.com

Entrust Entelligence™ Disk Security, based on the award-winning Pointsec for PC technology, can enable automatic full disk encryption for laptop and desktop security. Full disk encryption protects all data on the disk, including the operating system, all drives and resident data, temporary files, deleted files and unused space. Entrust Entelligence Disk Security also delivers enforceable mandatory access control that simplifies hard disk security, without compromising performance and enables enterprise-wide policy enforcement that cannot be bypassed. A user must enter a username and password (fixed, dynamic or smartcard-generated) before the operating system will boot up. Users are also prevented from uninstalling Entrust Entelligence Disk Security without proper authorization.

Organizations can turn to Entrust Entelligence Disk Security to:
* Provide ‘government strength’ protection of vulnerable corporate information — Entrust Entelligence Disk Security has received third-party security certifications, including FIPS 140 and Common Criteria EAL-4
* Help enable compliance and information security requirements set out by regulations such as Sarbanes-Oxley, Gramm-Leach Bliley, HIPAA, EU Directive 95/46/EC and others
* Help lower the total cost of ownership by providing centralized administration for creating, deploying, managing and updating corporate laptop and desktop security policies
* Provide ease of use by enabling users to automatically encrypt data stored on their laptops and desktops with little impact to their normal behavior or substantially impeding the performance of their PCs

Entrust also offers Entrust Entelligence Mobile Security, a PDA encryption solution to protect applications and confidential data stored on devices such as PDAs and smartphones for Palm, Symbian and Windows Mobile.

Commercial

Information updated: 28 Jan 08

FlagStone Encrypted Hard Drives

Hardware-based

Stonewood Electronics Ltd.

http://www.flagstonerange.com

FlagStone Technology safeguards data by integrating sophisticated authentication, entire disk encryption and data storage into tamper-proof internal and portable hardware.

Each FlagStone Drive provides instant data protection without any adverse effects on the computer’s performance, encrypting and decrypting the data immediately and invisibly. Available capacities span from 40GB to 120GB, and operate independently of any operating system or application. FlagStone internal hard drives are a direct replacement for a computer’s standard hard drive and can be factory-fitted or retrofitted to laptop or desktop computers.

Data on a FlagStone Drive is secure even if the drive or computer is lost or stolen. The Drives have unique tamper-proof and tamper-evident construction; they require no maintenance, are free from renewable license fees, and call for no specialist IT knowledge or training.

Chosen by the world’s foremost financial, banking and medical corporations, Information Security is an increasing concern for all businesses as the amount of data they hold increases. FlagStone Technology incorporates identical security methods to protect corporate and Government data. FlagStone Drives are DIPCOG, CESG & FIPS Validated, Approved for Use by CSE for the Government of Canada (GoC), and in use by Departments of Defense in Australia, Canada, Europe and the USA.

Commercial

Information updated: 28 Jan 08

Windows Bitlocker Drive Encryption

Software-based, TPM can be used but is not required

Microsoft

http://www.microsoft.com

Windows® BitLocker™ Drive Encryption (BitLocker) is a data protection feature available in Windows Vista® Enterprise and Windows Vista® Ultimate for client computers, and in Windows Server® 2008. BitLocker addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned personal computers by providing a closely integrated solution in Windows Vista.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software attack tool against it or by transferring the computer’s hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing Windows Vista file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

BitLocker helps prevent unauthorized access to data on lost or stolen computers by combining two major data-protection procedures:
• Encrypting the entire Windows operating system volume on the hard disk. • Verifying the integrity of early boot components and boot configuration data.

The most secure implementation of BitLocker leverages the enhanced security capabilities of a Trusted Platform Module (TPM) version 1.2. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer running Windows Vista has not been tampered with while the system was offline.

In addition, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.

On computers that do not have a TPM version 1.2, you can still use BitLocker to encrypt the Windows operating system volume. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and does not provide the pre-startup system integrity verification offered by BitLocker working with a TPM.

Free, included with certain versions of Windows Vista OS and Windows Server 2008

Information updated: 28 Jan 08

Safeguard Enterprise

Software-based

Utimaco Safeware AG

http://www.utimaco.com

SafeGuard Device Encryption
Data loss or theft is a problem - The loss, theft, or misuse of electronic devices causes substantial financial losses every year. Companies and government bodies that store their sensitive data on notebooks, or removable media are especially affected. Every organization that relies on mobile computing needs a security solution that removes any vulnerability.

Device encryption safeguards your data - SafeGuard Device Encryption prevents unauthorized access to mobile and stationary end devices. Encryption is completely transparent to users. If the end device falls into the wrong hands, the data is unreadable even if the hard disk is removed. SafeGuard Device Encryption also provides wall-to-wall protection for mobile data media, such as USB memory sticks, CD/DVDs, memory cards (e.g. SD/MMC), and Compact Flash.

World’s First Smart Media Encryption - SafeGuard Device Encryption is the only solution in the world whose Smart Media Encryption allows sector- or file-based encryption of entire exchangeable data media in a single product. Smart Media Encryption allows a mix of unencrypted or encrypted data stored and managed on any media. Data exchange between employees and business partners has never been this secure and easy.

Scalable enterprise solution - SafeGuard Device Encryption is a functional module of SafeGuard Enterprise, the modular data security suite of Utimaco. The solution works in conjunction with the SafeGuard Management Center module to deliver the highest levels of data security and performance.

Commercial

Information updated: 28 Jan 08

Safeguard Easy

Software-based

Utimaco Safeware AG

http://www.utimaco.com

The ultimate PC security solution – for both in the office and on the move
Data is one of the most valuable assets that companies own today. These assets are increasingly vulnerable as mobile computing has become ever more widespread: sensitive information is often stored on notebooks and removable media – without any firewall protection.

Mobile devices and media, along with the sensitive and valuable information that is stored on them, are especially at risk of loss or theft. A company’s management team is responsible for taking all the appropriate steps to protect the organization’s data.

SafeGuard Easy provides this protection: No unauthorized user may access the device and read data or use the device as a tool to enter the company network. If a device gets into unauthorized hands, the data is securely protected even if the hard disk is removed. Complete encryption of the entire hard disk and a user authentication procedure that runs before the operating system boots provide secure protection.

Whether a single laptop or 10,000 PCs are to be protected, SafeGuard Easy allows easy implementation and enforcement of the IT security policy. With more than 3 million licences sold and certified according Common Criteria EAL 3, SafeGuard Easy is the market leader for hard disk encryption world-wide.

SafeGuard Easy is truly user-proof. It operates transparently in the background, so end users don’t need training or to change how they work. For security officers, IT managers, and system administrators, SafeGuard Easy offers transparent security, easy security policy implementation, and simple deployment.

Commercial

Information updated: 28 Jan 08

Seagate Momentus 5400 FDE.2

Hardware-based

Seagate Technology, LLC

http://www.seagate.com

The Seagate® Momentus 5400 FDE.2 drive is a hardware-based full disk encryption product that offers state-of-the-art data protection for personal and corporate laptop users. The Momentus 5400 FDE.2 drive is easy to use and simply requires a user password for authentication to ensure that everything on the hard disk drive, not just selected files or partitions, is secured with strong encryption technology. Data is protected from unauthorized access, whether a disk drive or system is stolen, retired or sold into a secondary resale channel. And with fast, thorough drive erasure, the Momentus 5400 FDE.2 drive also eliminates the need for corporate IT departments to spend additional money to securely wipe and dispose of drives scheduled for retirement or repurposing.

Commercial

Information updated: 28 Jan 08

DataArmor

Software-based

Mobile Armor, Inc.

http://www.mobilearmor.com

Mobile Armor's DataArmor™ software provides data protection, authentication, compliance, and advanced administration for all Windows, Linux, Blackberry, Palm, and Windows Mobile devices within your enterprise. With high-speed integrated encryption and unsurpassed security policy enforcement, DataArmor protects all of your computers, PDAs, and other mobile devices.

DataArmor offers transparent whole-device data encryption, authentication, and reporting features and plugs into Mobile Armor’s PolicyServer™, which provides a common interface and administrative console for all devices. DataArmor is included in the Managed Service Providers suite of products. Enterprise users can choose to include either DataArmor or FileArmor™ or both products in their suite of solutions.

DataArmor whole-device encryption runs transparently and requires no user intervention, constantly encrypting all data quietly and completely in the background and allowing users to continue using their devices without any noticeable impact. Only whole-device encryption can provide this total level of security for your data.

DataArmor provides mandatory authentication services on all protected devices, which requires that all users be properly authenticated prior to accessing the operating system and stored data and programs. DataArmor secures all data files, programs, registry settings, temporary files, and print spoolers.

DataArmor is compatible with common disk utilities including check disk, defragmentation tools, and partitioning tools.

Commercial

Information updated: 28 Jan 08

AlertBoot

Managed Service/Software-based

Data Guard Systems Inc.

http://www.alertboot.com

The privacy and protection of confidential customer and corporate data assets is one of your biggest concerns. It's one of ours too.

The AlertBoot suite of data security software was created to provide a highly-scalable and centrally-managed data encryption solution for organizations of all shapes and sizes. AlertBoot provides ironclad encryption and protection for your most valuable data.

At the core of AlertBoot is powerful full hard disk encryption. Powered by the award-winning SafeBoot Mobile Data Security, AlertBoot leverages airtight access control and pre-boot authentication to prevent any unauthorized access to workstations, laptops, and hard drives.

AlertBoot's full disk encryption utilizes industry-standard and certified data encryption algorithms, such as RC5-1024 and AES-256, to provide sector-level encryption of a computer's entire hard drive or drives. AlertBoot full disk encryption begins in the pre-boot, which ensures that unauthorized users cannot bypass the boot to the operating system.

Furthermore, as a convenience to users who have too many passwords to remember, AlertBoot also offers a single-sign-on option that allows users to reuse their Windows passwords to authenticate in with one login screen.

Via AlertBoot’s centralized management system, users create, modify, deploy, and upgrade security and encryption policies. Unlike other the encryption install packages from other cryptography software, the AlertBoot package is roughly 90% smaller than the competition at approximately 3-5MB in size. Furthermore, both the installation and the data encryption itself quickly and seamlessly runs in the background. This allows for the deployment and installation of the package with no performance degradation on the part of the machine or the user.

AlertBoot full disk encryption is completely transparent to the end-user. Files and folders are decrypted and re-encrypted on the fly behind the scenes with virtually no performance loss whatsoever. Added capabilities include secure hibernation, secure password-protected screensavers, the ability to block hardware and ports on a machine, as well as the option to whitelist or blacklist software applications on a device. All are included in the AlertBoot package.

AlertBoot’s major advantage over the competition is AlertBoot Central — a centralized management console that includes highly customizable reporting. Because AlertBoot is a web-based managed service, everything is fully managed with AlertBoot Central — from updating users to upgrading security policies, from reporting on failed logins to compliance auditing of an organization’s encrypted devices around the world.

Commercial

Information updated: 28 Jan 08

McAfee Endpoint Encryption (formerly SafeBoot)

Software-based

SafeBoot Technology

http://www.safeboot.com

Protect your company’s mission-critical information with McAfee Endpoint Encryption. This solution uses powerful encryption and strong access control to prevent unauthorized access to your sensitive data and stop its loss.

Endpoint Encryption offers two forms of encryption to protect data from unauthorized access wherever it is stored or travels:
* Full-disk encryption helps ensure that information remains secure when it’s stored on desktops, laptops, tablets, and other mobile devices
* File and folder encryption lets you control which specific file types and folders are encrypted—and ensure they stay encrypted regardless of where they are saved using Persistent Encryption Technology™

With both encryption types, encryption happens transparently and “on the fly,” with virtually no system performance degradation. There’s also no user interaction or training required. As a result, you never miss a beat to keep your data protected.

When users start up their PCs, they are met with strong two-factor authentication before their computers complete booting. These two factors could be the combination of a password challenge and possession of a smart card or token. Other options are also available. Thanks to single sign-on, once users authenticate, they have unfettered access to the information they need to do their jobs efficiently.

Through powerful encryption and strong access control, your data is now protected against unauthorized use. To demonstrate this fact to others and meet industry and government compliance requirements, Endpoint Encryption also offers extensive auditing and reporting capabilities.

Commercial

Information updated: 28 Jan 08

Disk Protect

Software-based

BeCrypt Limited

http://www.becrypt.com

DISK Protect is a full disk encryption solution for laptop and desktop computers. DISK Protect provides:
* Full disk encryption. DISK Protect transparently encrypts a computer's hard disk(s), automatically encrypting and decrypting data on the fly so that applications can be used as normal. If an unauthorized user attempts to access the hard drive directly, without going through the User Authentication process, the data remains encrypted and unusable. If the hard drive is later disposed of, any data it contains is unintelligible, even if specialist data recovery tools are used.
* Boot-time authentication. DISK Protect can be configured to call for a strong password or a token and a PIN. Authenticating the user at boot-time means that the operating system may be encrypted to prevent unauthorised data access using low-level tools. DISK Protect is compatible with most of the widely used tokens and smart cards.
* Removable media encryption. DISK Protect encrypts mass storage devices, such as USB thumb drives and floppy disks, to protect data in transit.

Once the user has been authenticated, DISK Protect is transparent and standard applications can be used as normal. DISK Protect 4.2 supports up to 26 password user accounts, or an unlimited number of token and PIN user accounts, per protected machine. Each User has a unique password (or token and PIN) which is used to authenticate him or her and 'unlock' the computer. A user may have DISK Protect accounts on several protected machines. DISK Protect 4.2 features Single Sign-On, and provides secure mechanisms for unlocking the protected machine if the user has forgotten his or her password or PIN. An easy-to-use Management Tool permits an Administrator to create and manage user accounts and to reconfigure the local machine policy, and permits users to manage their own DISK Protect accounts and their Removable Media Keys.

DISK Protect is currently undergoing FIPS 140-2 Level 1 validation, and may optionally be installed in a FIPS-compliant mode.

Commercial

Information updated: 28 Jan 08

GuardianEdge Hard Disk Encryption

Software-based

GuardianEdge Technologies, Inc.

http://www.guardianedge.com

By deploying GuardianEdge Hard Disk Encryption, organizations can:
* Use hard drive encryption to prevent data loss due to theft or accidental loss of laptop computers
* Assure that data stored on laptops and desktops is accessible only to authorized users
* Leverage a common enterprise-grade management and monitoring platform across multiple data protection controls
* Protect trade secrets, intellectual property, and sensitive customer and employee information

Whole-disk encryption
* Protects all confidential data, including trade secrets and intellectual property
* Uses 256-bit AES encryption
* FIPS 140-2 validated
* Common Criteria EAL-4 certification pending
* Supports digital certificates/PKI
* Provides mandatory pre-boot authentication
* Periodic check-in can disable authentication and lock-down a lost computer
* Supports multi-factor authentication using tokens and smart cards

Transparent to end-users
* Integrates with Single Sign-On, avoiding the need to remember and enter multiple passwords
* Works without the need for end-user actions: 100 percent transparent encryption/decryption of data
* Operates with little or no noticeable impact on performance
* Includes simple to use but robust self-service password recovery service (Authenti-Check®) that eliminates the need for help desk support, the hassle of long recovery codes, or the need for backup keys
* Includes comprehensive administrative recovery features, including One-Time Password and Local Administrator recovery
* Provides power failure protection for computers without a battery or backup power source during initial encryption

Enterprise-ready
* Scales easily to support large, distributed, and multi-national enterprise deployments
* Works with all standard enterprise-grade deployment tools, such as SMS, Tivoli, Altiris
* Unique integration with Microsoft Active Directory for Group Policy Object based policy management
* Leverages the standard management console (MMC Snap-in)
* Enables role-based control over who sets security policies or recovers encrypted disks and data
* Supports auto-logon for Wake-On-LAN services
* Provides real-time audit logging, including policy changes and user actions, of both successes and failures

Commercial

Information updated: 28 Jan 08

SECUDE secure notebook

Software-based

SECUDE International AG

http://www.secude.com

SECUDE secure notebook is secure hard drive encryption software with user authentication of configurable levels. Its innovative security mechanisms offer perfect power-off protection, and guarantee the highest security for both operating system and files when the computer is turned off. SECUDE secure notebook particularly protects against attacks such as booting from external media. Hacker tools don’t have a chance. Even installing the hard drive in another computer allows no access. Your data is always completely safe.

Innovative User Authentication with Smart Cards
SECUDE secure notebook can be operated in three different modes. The mode for fully transparent background operation affords the highest user acceptance.
A password-based login provides a higher degree of security.
The highest degree of security is provided by authentication based on smart cards or USB tokens. With smart card-based deployment, the computer is booted using a hardened Linux distribution. Even before the actual operating system (Microsoft Windows) is started, the user is authenticated with the smart card. This prevents unauthorized access to data effectively.

Commercial

Information updated: 28 Jan 08

SafeNet ProtectDrive

Software-based

SafeNet Inc.

http://www.safenet-inc.com

ProtectDrive 8.2 is a full-disk encryption solution that encrypts the entire hard drive of laptops, workstations and servers, as well as USB flash drives, to protect data in the case of the theft or loss of a hardware device.

ProtectDrive 8.2 eliminates the need for costly proprietary administration by leveraging organizations’ investments in Active Directory, an implementation of LDAP directory services by Microsoft to provide central authentication and authorization services.

* Most Secure Full Disk Encryption
* Ease of Deployment
* Ease of Administration
* Ease of Use
* Strong Two-Factor Authentication
* U.S. Government SmartBUY Approved

Commercial

Information updated: 28 Jan 08

DriveCrypt

Software-based

SecurStar GmbH

http://www.securstar.com

DRIVECRYPT securely and easily protects all proprietary data on notebooks and desktop computers 100% of the time without users having to think about security. Any organization, from a small company to a large international firm with thousands of users in the field, can effectively protect business plans, client lists, product specifications, confidential corporate memos, stock information, and much more with this disk encryption product.

Disk Partition and file volume encryption - DRIVECRYPT allows both, the encryption of an entire Hard Disk partition, as well as the creation of a virtual container file that will store all the encrypted information.

The installation is easy and fast. During installation, the administrator simply selects the drives to be encrypted, the encryption method he would like to use and the master password. DRIVECRYPT will then make the rest and crypt the selected disks.

Commercial

Information updated: 28 Jan 08

Pointsec PC

Software-based

Check Point Software Technologies

http://www.checkpoint.com

The Pointsec full disk encryption PC security and laptop security solutions from Check Point has proven itself in enterprises and government agencies around the world, delivering the highest level of data security by providing a strong, full-disk encryption solution for PCs and laptops as well as access control. It has the most and highest-level of certifications, works with Linux or Windows, and provides centralized management of PC data security.
* Mitigates data breach exposure from lost or stolen PCs or laptops
* Deploys quickly to meet compliance objectives and conserve resources
* Scales to meet the needs of any size enterprise or government agency
* Simplifies central management for lower total cost of ownership

Commercial

Information updated: 28 Jan 08

SecureDoc Disk Encryption

Software-based

WinMagic Inc.

http://www.winmagic.com

SecureDoc Disk Encryption provides full disk encryption to protect sensitive information stored on laptops, desktops and PDAs. By offering integration with popular tokens and PKI at preboot time (after bios POST but before the OS loads) with dual and triple factor authentication (password/token/biometrics), SecureDoc provides the ultimate security and flexibility in data protection.

Pioneer in the Disk Encryption technology, WinMagic's SecureDoc has achieved
* First AES validation from NIST
* First and only FIPS 140-1 Level 2 certification
* Common Criteria validation
* We achieved FIPS 140-2 level 1 & 2 (certificate number 698 & 699 issued by NIST
* The ONLY disk encryption (FORTEZZA version) certified by the NSA for SECRET data for US Government agencies.
* Chosen for the Support of HSPD-12 initiative by US State Department and Homeland Security

In addition to security, SecureDoc's UNIQUE FEATURES make it the most versatile disk encryption:
SecureDoc Enterprise Edition is the only one:
* Designed / architecture / built based on open standards such as PKCS#11
* Supporting a wide range of smart cards, USB tokens and popular Public Key Infrastructures (PKI)
* Enterprise deployment with remote installation, password recovery without vulnerability of "Master Password".
* Key labeling concept enabling flexible sharing of encrypted files, disk, removable media.

Commercial

Information updated: 28 Jan 08

SecureDisk Encryption Device

Hardware-based

Secure Communication Systems, Inc.

http://www.securecomm.com

Secure Communication Systems’ SecureDisk™ technology utilizes a proprietary ASIC engineered to encrypt/decrypt the entire hard disk bit-by-bit including the Boot Sector, Operating System, Temp and Swap files. Encryption/decryption operations occur in real-time to ensure zero performance degradation and total transparency to the end user. Secure's encryption technology ensures multi-level privacy, confidentiality, authentication and authorization using the industry standard proven certified TDES (Triple DES) algorithm.

Encryption key is stored in a serial EPROM that is local to the encryption ASIC and totally physically isolated from the main memory and processor busses. This allows key loading without the possibility of leaving traces or tracks in main memory or mass storage.

In the event it becomes necessary to “zeroize” the workstation disk this is accomplished by a key combination which erases the key memory in less than 30 msec. regardless of the state of the system. This includes both on and off, states and if the system is off, and the internal battery is "dead." Once the key has been erased the workstation processor will not recognize that a HDD is connected to it and will report “no boot device found”.

SecureDisk enclosures and hard drives are sold by a number of hardware sites.

Commercial

Information updated: 28 Jan 08

X-Wall ASIC Family

Hardware-based

Enova Technology Corporation

http://www.enovatech.net

Enova®'s patented X-Wall ASIC family has been engineered to encrypt/decrypt the entire hard disk bit-by-bit including the Boot Sector, Operating System, Temp and Swap files. Encryption/decryption operations occur in real-time to ensure zero performance degradation and total transparency to the end user. Enova®'s encryption technology ensures multi-level privacy, confidentiality, authentication and authorization using industry standard proven algorithms such as NIST (National Institute of Standards and Technology) of USA and CSE (Communications Security Establishment) of Canada certified DES (Data Encryption Standard), TDES (Triple DES) and AES (Advanced Encryption Standard). Authentication and access to system data is controlled using the X-Wall Secure Key or alternative authentication devices such as Smartcard, Fingerprint, PIN/Password and USB token.

Enova®'s X-Wall technology is completely independent of, and compatible with, all Operating Systems and functions with all Ultra DMA (Ultra ATA) 33/66/100/133 compliant disk drives. Backwards-compatibility with older drive protocols ensures all users are able to benefit from Enova®'s solution. The performance optimized DES/TDES/AES hardware core engine performs all encryption and decryption operations while offering unprecedented throughput of 1.6Gbit/sec. As no software components or specialized device drivers are involved, processor cycle interrupts and memory overhead are completely eliminated.

Enova®'s solution is available in multiple form-factors. A line of high performance Secure Notebook PCs feature integrated X-Wall encryption chips while end users can retrofit deployed systems with X-Wall add-on modules such as PCI cards, removable drives and external USB 2.0 devices. X-Wall chips may also be integrated directly into sub-systems or onto PC motherboards by OEMs to capture the increasing numbers of customers who require secured machines with embedded encryption.

Commercial

Information updated: 30 Jan 08

HIBUN AE

Software-based

Hitachi Software Engineering, Ltd.

http://www.hitachi-soft.com

Controlling sensitive information flow begins with a well-thought-out total security plan — a corporate scheme that sticks to compliance issues, ties in clear policy directives and ends with thorough end-user training. HIBUN Advance Edition (HIBUN AE), the respected guardian software from Hitachi, helps a company do just that, in part by simply focusing on three pivotal security basics: strict control over data transfer, robust encryption, and accurate access control. And those basics are the axis of HIBUN AE.

As a leader in Japan’s corporate security planning arena for over a decade, HIBUN AE is now that country’s tool of choice as a means of complying with the government’s newly enacted information security initiatives. With well over 1,400,000 licenses issued, HIBUN AE has a strong proven track record of being easy to deploy and to maintain. It may be installed completely or in separate modules that dovetail with enterprise planning. And most importantly, HIBUN AE has earned customer trust and satisfaction over a long span of real-time implementation. It is built on a solid foundation of safety and security.

HIBUN AE Solution
* HIBUN AE - Information Cypher (IC)
o Local drive encryption
o Removal media encryption

* HIBUN AE - Information Fortress (IF)
o Media access control
o Print access control

* HIBUN AE Server
o Centralized users administration
o Access log management
o Shared file access control

Benefits
* Enterprise-wide strict control data transfer will protect sensitive information from being leaked outside an organization.
* Robust encryption will keep sensitive data on PCs from being misused, lost or stolen.
* Accurate access controls will keep sensitive information protected from unauthorized users while enabling authorized users to collaborate freely.
* Adaptability to widely used technologies such as Windows Active Directory and RSA Secure ID will help rapid and secure deployment, and will minimize administration and support costs.
* As a result, HIBUN AE solution will help an organization to safeguard sensitive information, to implement and manage the security policy, and to offer a means of regulatory compliance.

Commercial

Information updated: 30 Jan 08

RocSecure Encrypted Drives and RAID Controllers

Hardware-based

RocStor

http://www.rocstor.com

ROCSECURE is

a division of Rocstor; pioneering in the secure encryption of digital content in any standard digital format.

resolving security issues before they arise
As businesses become increasingly dependent on data security, the reliability and availability of your data infrastructure becomes critical to your business success. In today’s unsecured environment you simply cannot afford downtime and embarrassment. That’s where Rocsecure line of products can help. We take a considered approach to data secure technology and its key management solutions, and will partner with you to implement an effective secure mobile data solution that delivers and Minimizes total cost of ownership (TCO) and state of mine.

leading the way
in encrypted data storage solutions. Our encrypted hardware based hard drives feature 40-bit to 192-bit Triple DES Real-Time hardware encryption and patented anti-shock enclosure to protect against unauthorized access and data corruption

Biometrics and finger print authentication solutions, designed and developed by Rocstor, are unique in the industry. Data encryption/decryption security solutions combined with biometrics authentication is the most advanced in the world, with several patents in progress.

Commercial

Information updated: 30 Jan 08

dLock Encrypted Drives and PC Locks

Hardware-based

dLock

http://www.dlock.com.tw

Hard Disk encryption kit, the only hardware solution for PC data security. The product provides data right protection even if the PC was stolen.

The DES TDES, AES key strength makes it impossible for anyone who wants to see the data without the right key.

Hard Disk encryption kit owns the following features protecting your data in HDD but keeping PC works efficiently.
* External and Portable KEY for authentication and operations
* CompatibleWorks with all Operating Systems
* Does NOT require any device drivers
* CompatibleWorks with all motherboards with standard PCI south bridge with IDE Interfaces
* Totally transparent to all Users
* Real-time DES TDES, AES encryption/decryption with throughput of 1.6GMbit/sec or higher
* IDE pin to pin compatible
* 128-pin LQFP small form factor package

Commercial

Information updated: 30 Jan 08

Encryption Plus Hard Disk

Software-based

Tryten Technologies, Inc.

http://www.tryten.com

Encryption Plus Hard Disk is vital in protecting sensitive data. While Windows provides minimal security protection to prevent unauthorized logins, password cracking tools such as lopht crack can break through a Windows password in hours or even minutes. Encryption Plus Hard Disk encrypts all files on your computer with a powerful 256-bit key, using on-the-fly disk encryption. On-the-fly means that Encryption Plus Hard Disk decrypts only the specific portion of a file that is in use and re-encrypts once the file is closed. It does not rely on virtual disks and Encryption Plus Hard Disk 7.0 can be set to deliver full hard disk encryption, no data need ever be left unprotected.

256 bit AES Encryption - Encryption Plus Hard Disk is utilizes a full 256 bit encryption key based on the robust AES encryption standard with both data level and disk level encryption options. While other products simply encrypt files, Encryption Plus Hard Disk can encrypt each sector on the hard disk. In addition, an 233-bit Elliptic Curve Cryptographic public-private key algorithm protects administrator passwords and is used to enable the program's secure challenge response password recovery functionality. Encryption Plus Hard Disk's strong encryption is complimented by the easy to use interface which allows for simple setup with a linear, screen by screen configuration wizard. The program's adjustible speed settings allow users to work with other applications while encryption and decryption occur seamlessly and invisibly in the background.

Stand-by Mode Support - Encryption Plus Hard Disk supports stand‑by mode which protects most powered down laptop computers, and enables users to instantly access their last screen when they resume work.

Error Recovery - Encryption Plus Hard Disk can recover from a variety of error conditions including power loss.

Commercial

Information updated: 30 Jan 08

Last page update: 30 Jan 2008