Desktop
Security
Everyday, computers at home and
in the office are facing greater danger of data theft and attack, that
is why CE-Infosys has developed the complete security solution that will
protect desktop computers and servers from unauthorized users and
intruders. Elkey comes in the form of a PCI card with external smart
card reader. It provides a strong two-factor authentication, which
provides access control through a smart card and password. It also
secures the operating system and data on hard drives through complete
hard disk encryption. Elkey will also provide hardware accelerated
network encryption for VPN connections to company networks.
Technical
Specifications
-
PCI plug-in card
-
Security-CPU (SuperCrypt)
-
Integrated data memory, program memory, real-time clock and battery
back up
-
Startup (BIOS) only with authorized smartcard and password
-
Automatic Logon (NT Logon+, optionally)
-
Strong encryption using extended DES (Triple-DES optionally) with 112,
168, 224 or 336 bit key length
-
Hard disk encryption
-
Floppy disk encryption
-
Network drive encryption (SafeLAN, optionally)
-
Encrypted data exchange ( DataCrypt,
optionally)
Personalized smartcard per user holding additional keys and
certificates where needed
Flexible security policies allow multiple users to share one PC
Central administration of all Elkeys (GlobalAdmin, optionally)
Remote password activation of locked Elkeys
Optional integration of Elkey within a public key infrastructure (PKI)
Secure Remote Access via VPN using IPSec
API for use with third party tools
System Requirements: Win NT, WIN 98, Win 95, OS/2, Windows 2000/XP
Certified by BSI
The
Security Concept
Contrary to a software based security solution,
Elkey provides the most effective protection from data attacks. As a
solid security system, Elkey operates independently from the main
processor of the computer. Its independent security processor has its
own peripherals such as data and program memory, a real time clock and a
battery buffer. All security related information, e.g. algorithms, keys,
user rights and passwords are stored within the Elkey and smartcard.
Whenever the computer is switched off, the battery ensures that
algorithms and the internal codes of the Elkey do not get lost.
Users with an authorised smartcard and password will be
able to start the operating system, to access to encrypted files and to
communicate over secured channels. This protection is effective even
before the booting process. If the user pulls the smartcard, the
computer turns into a secured mode.
|
Background processes, e.g. network applications,
continue their duty without interruption. As soon as the user has again
inserted his smartcard and password, he gets access to the data. The
implemented technology offers as well a perfect protection against
"Trojan horses."
Every security policy is identified by its own
unique key created at the beginning of the installation. Within a
security policy access can be organized using a tree model of families,
levels and groups. All Elkeys and smartcards of a given security policy
use identical keys. Only the key to access a hard disk is device
dependent. Thus, it is not possible to start a PC using a smartcard
belonging to a different policy setting. In addition to possessing the
appropriate smartcard, an individual password is needed to use the PC.
Administration
Elkeys can be used as stand alone devices or on a
company scale. Centralized administration for multiple Elkey-smartcards
is provided by a security administration system -
GlobalAdmin.
At the admin station smartcards are personalized and handed out to the
user. This is where replacement cards are configured as well. It is also
possible to organize multiple admin stations running
GlobalAdmin in
hierarchies. A company wide public key infrastructure (PKI) is not
required, but an integration is nevertheless possible. According to the
configuration of the smartcards it is possible to enable a controlled
access to one or multiple PC's by multiple users.
VPN -
Secure Remote Access (IPSec)
Elkey combined with other CE-Infosys' products
such as IPCrypt
Client and
IPCryptor
allows a secure communication within a virtual private network (VPN) and
the global connection of company-sites, roaming users and teleworkers.
With CE-Infosys
Secure Remote Access solution it is
possible to access to confidential resources from everywhere in the
world.
Further
features
With its own CPU, Elkey is able
to control multiple security services within the system. NT-Logon+
enables the automatic registration at the NT security system and SafeLAN
automatically encrypts files on central data servers. The data exchange
between communication partners gets automatically encrypted by DataCrypt
and encrypted CD's get read by CDCrypt.
|
