Hiddn Security AS

The [hiddn]™ Crypto Module sits in the data path between the hard drive controller and the storage media, encrypting all data at rest, including boot-up information, swap space and temporary files (the Crypto Module has well defined red and black interfaces and the data interfaces obey the ATA specification). As users work, real-time encryption is performed on all user data as it is written to the hard disk.

User authorization is performed using a hardware key token, typically a smart card. The key and storage media pairing feature implies that each [hiddn]™ encrypted storage media can be unlocked by a specific key only, and users must use the correct smart card in order to decrypt and access any data stored. All encryption keys are in addition stored in encrypted form on the separate smart card.

[hiddn]™ protects data at rest on any storage media by implementing encryption of all data through the certified and approved AES 256-bit encryption engine. [hiddn]™ is completely independent of operating system, type of computer and/or storage media, there is no need for drivers or additional software,  and all products encrypt transparent to the user. All encryption keys are stored on a separate, physical, smart card, and for management of users, products, smart cards, PIN-codes, and encryption keys, HDD has developed the secure, proprietary and intuitive [hiddn]™ Key Management System.

Features

• Transparent operation at full ATA speed
• ALL data on the storage media is encrypted -  providing true Full Disk Encryption
• No additional software or drivers required
• Operating System independent  (No transition cost for introduction of new OS)
• Integrated card reader for Smart-card
• Up to 32 different encryption keys per user
• Flexible key policies – multiple keys, lifetime setting, split key
• Keys stored in controlled environment and zeroized at power-off by validated mechanisms
• Supports multiple clearance levels on the same drive
• Support for shadowed Master Boot Record
• Periodic self-tests of all cryptographic functions

Key Differentiators

• The only FIPS Level 3 module for protection of data at rest on PCs
• No Encryption keys stored on module after power off
• Completely transparent use with no need for user intervention
• 256 bits AES encryption
• Certified by US certification authorities (NIST/NSA) & laboratories (SAIC/InfoGard)
• Unparalleled user flexibility enforced by encryption key attributes
• KMS allows Crypto Officer to set and change all the attributes and consequently enable all features and capabilities embedded within the [hiddn]™ Crypto Module
• Operating System, Platform, and  Hardware manufacturer independent
• [hiddn]™ does not use PC resources such as CPU and memory compared to software

The [hiddn]™ Crypto Adapter is a unique product for encryption of any USB-connected storage media. Instead of buying expensive specialized encryption memory sticks, the organization can continue using its existing, and cheaper, memory sticks but encrypt them using the Crypto Adapter.

Implementing the FIPS and Common Criteria certified Crypto Module, the Crypto Adapter conforms with strict requirements for information assurance, and is the ideal solution to secure the mobile workforce and ensure safe transport of data to customers and clients, between branches and between home and office. The [hiddn]™ Crypto Adapter is the only solution needed to secure memory sticks, backup drives, and other transportable media!

[hiddn]™ Laptop provides the user with a full disk encryption solution that is fully transparent to the user and completely independent of operating system and the computer in which it is installed. It replaces the original 2.5” drive in the laptop, in capacities 120GB for SATA drives and 128GB/256GB for SSD.

With all keys stored on a separate, physical, smart card, and the optional two-factor authentication (PIN-code), the certified [hiddn]™ Laptop offers unprecedented protection and user-friendliness. The optional [hiddn]™ Contactless key transfer (pictured) opens up for greater flexibility, simply power on, swipe the smart card over the drive to authenticate, and start operating the laptop as normal – efficient, cost effective, and user friendly!

The [hiddn]™ Desktop PCI/PCIe card offers full disk encryption for up to two internal SATA drives per desktop, implementing all security features and advantages of other [hiddn]™ products, including the unique smart card storing all keys and the pre-boot PIN-code authentication for added security.

Ideal for protection of corporate data, in the home office, and in the open landscape as one of the features available is the option to partition the drive with one unique smart card per partition, i.e. multiple users or clearance levels on the same workstation.

[hiddn]™ Desktop – affordable and easy to use data protection!

The [hiddn]™ SATA Adapter is the latest addition to the portfolio; a new and clever approach at securing data stored in external hard drives, workstations, office copiers, faxes and printing stations. The card is easily installed between the processing unit and storage media of the device, providing full disk encryption.

Authenticate with the smart card and start using the office equipment. At end-of-life of the encrypted hard drive, simply disconnect the drive and recycle it – no more expensive data erasing services – the drive is protected through the certified and validated [hiddn]™ Crypto Module, and inaccessible to anyone not holding the unique smart card.

The [hiddn]™ USB encrypted external hard drive meets needs for an easily implemented and secure solution for protection of larger amounts of data, and is perfect for sharing sensitive data between two parties; simply issue two separate smart cards sharing a common media encryption key and ship the encrypted drive back and forth using regular post.

Data is inaccessible to anyone not holding the unique smart card, and the organization is provided with an efficient and cheap alternative to expensive and time consuming couriers. With its independence of operating system or software and transparent encryption, the [hiddn]™ USB also makes for an ideal backup drive.

The [hiddn]TM Key Management System is installed and delivered on a dedicated laptop protected with  [hiddn]TM encryption, together with a smart card reader/writer for production of smart cards.

The [hiddn]TM KMS utilizes the following functionality:

• Create, manage, and retire encryption keys
• Create and manage encryption key attributes
• Key escrow
• Management of roles and services
• Management of users, units, smart cards and their correlation

[hiddn]™ is a patented technology that offers the unparalleled flexibility of keying material including key lifetime, read/write only keys, forensic capabilities, split key functionality etc. This technology comes with top of the line security, validated by certification authorities both governmental and military.

The [hiddn]™ technology is Operating System and Platform independent, which makes it easy to deploy in a variety of scenarios expected in large organizations. Management becomes much easier since there is just one product organization has to relate to for securing data at rest. [hiddn]™ works on laptops, desktops, servers, external USB drives etc., and one solution will cater for all data protection needs.

Deploying [hiddn]™ technology in an organization releases from dependency on hardware and software manufacturers as the [hiddn]™ technology works with all of them. The [hiddn]™ technology is built on a simple but very robust “bump in the wire” approach. Operating on the ATA protocol level enables [hiddn]™ technology to encrypt all user data sent to the hard disk while maintaining Operating System and Platform independency.

Physically and logically separated data and key interface prevents cross-contamination between user data and keying material. All encryption keys are erased from the [hiddn]™ module during power-off using validated mechanisms. If a computer is lost or stolen no attacker can retrieve the encryption keys because they are simply not residing on the [hiddn]™ module in power off state. Certified two-way authentication mechanisms keep the unauthorized persons away from trying to access the data with false Smart cards.

The [hiddn]™ technology builds on three basic principles:

• Robust – FIPS, Common Criteria and NATO certifications, and passed NSA extended vulnerability analysis
• Flexible – [hiddn]™ devices support up to 32 different encryption keys per user, provides support for multiple clearance levels on the same computer, and has a shadowed Master Boot Record, two-way authentication, and split keys.
• Simple – transparent true Full Disc Encryption that encrypts ALL outgoing data and decrypts ALL incoming data