FOR
Provides
encryption with all of the advantages and none of the drawbacks. Users
have no direct responsibility for encryption and cannot be held to
account even if draconian legal requirements are introduced. One
encryption strategy serves locally, across the network, and allows
encrypted access over the Internet.
AGAINST
None
observed.
VERDICT
Simplicity
is the key word, and it is achieved wonderfully in this package.
Increased security all too often imposes a heavy burden on innocent
users, but KeyDrive is a pleasure to use - virtually invisible
yet safeguarding data at source, during movement, and even during
authorized alteration.
KeyDrive
is a significant new product which facilitates high power encryption of
data at its many vulnerable stages. With it you can select to keep vital
data encrypted at source, safeguarded from unauthorized eyes.
Essentially it is invisible in use, and does not depend on the wisdom,
experience or integrity of the user to impose some discipline on how
data is handled. Data is kept encrypted - always - and is decrypted for
the user at his or her PC only as it is handled (in computer memory) or
viewed on the monitor. Some data encryption packages actually decrypt
data on the disk when the file is opened by an authorized user, and
re-encrypt it when access to the file is released, but KeyDrive
decrypts data only as it is accessed. At no point is unencrypted data
written onto disk.
Hacker attacks will only net encrypted
data, with no keys or clues as to how to make sense of the data, even if
the attacks are made during live alterations to the file (such as an
active database). The principal ‘cost’ of this advanced encryption
is that all protected files are treated (by Windows) as if they were
mounted together on a removable disk volume. In all other respects,
Windows utilities and applications will see the data as if it is clear
and unencrypted, so long as these programs are being run by one
authorized to see the data.
The technology behind KeyDrive
includes the famous iKey, a lightweight device just over an inch
long, which takes the role of a token in the encryption system. This iKey
token contains within itself information that can be used to effect the
encryption and decryption of data. Authorized users have two things: a
password and an iKey token. When they begin to use the PC they
plug the iKey token into a USB port, then supply their password.
The correct password activates the iKey token, and it will in
turn provide its information, by which a special driver within the PC
system will decrypt information as it is read from outside. When the iKey
is removed from the USB port, the necessary decryption information is no
longer available. The iKey device is small, attractive (available
in different colors) and suitable for use as a fob on a key chain or
used as a pendant.
The iKey serves the same purpose
as a smartcard in that it serves as the key to unlock encryption when it
is used, but itself requires a PIN (personal identification number). But
an iKey has several advantages, among the strongest being that it
does not need a special device (smartcard reader): a USB port is
standard on all modern PCs, and supplementary ports are often provided
on devices such as keyboards. Another is that it has a very low failure
rate by comparison with a smartcard.
Installation of KeyDrive on a
single station is a matter of a few minutes, and is completely
automated. A simple but noteworthy application of this product is to
have data in two places - not only in the office but on a portable PC
for instance - yet have it secured in both places, using the same
method. In this way a sensitive database can be well protected, yet
portable. An authorized personal can take away a copy on a portable PC
secured by encryption exactly as the original. Even if both the portable
PC and the iKey were stolen or lost, the data is still secure,
since only the secret password will activate the decryption process.
The interface between KeyDrive
and the Windows user is perfectly seamless: as long as KeyDrive
is running and the iKey is still present at a USB port, encrypted
data files appear as normal (unencrypted) within a special ‘Removable
Disk’, assigned a device letter. If KeyDrive is closed down or
if the iKey is removed, there is not even a letter assigned for
the disk. The applications for applying encryption to certain files are
numerous: because KeyDrive works at a low level (as a device
driver) you can use it to secure even executable programs.
You can make your bank account records
private by encrypting them, but you can also make certain programs
secure by encrypting them. If the authorized user is sitting at the
keyboard (with the iKey plugged in) then all is well. However, if
another user gains control, he or she will find no trace of the programs
that are on the encrypted volume. Please remember that this encrypted
volume is a virtual device: encrypted files themselves need not be on
the same physical device, and can reside on the same physical device as
unencrypted files.
An advanced version of the KeyDrive
system - KeyDrive Pro - has additional features that
simplify the process of rolling out several notebook incarnations of KeyDrive
and administrating their functionality. It also provides for the
recovery of secured information without exposing the data. KeyDrive
is built to work on all modern versions of Windows including Windows XP.
It can be used in conjunction with standard networks. Yes, you can
secure data at one location and use it at another place within the
network, being confident in the fact that the data is never decrypted
except at the user’s application. Therefore, there is no chance that
data can be siphoned off a line, eavesdropped, or even dug out
forensically from transmission buffers, because it is kept in encrypted
form, point to point.
[Ed note: The company points out that
KeyDrive supports encrypted drives of between 16Mb to 2Tb and can create
the drive as a FAT drive, a FAT32 drive, or, on Windows NT, 2000 and XP,
as NTFS.]
