Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Common questions about KeyArmor hardware

    • Updated:
    • 17 Feb 2015
    • Product/Version:
    • Endpoint Encryption 3.0 KeyArmor
    • Endpoint Encryption 3.1 PolicyServer
    • Platform:
    • Windows 2003 Enterprise
Summary

This article enumerates the frequently asked questions (FAQs) about the hardware of KeyArmor.

Details
Public

Endpoint Encryption, like many other companies, gets component parts from third party manufacturers. The proprietary software that is loaded to the blank key is what makes it a KeyArmor. The USB flash devices themselves are licensed from IronKey and SanDisk, both of whom are leaders in the USB market with proven technology. In addition, the embedded anti-malware and anti-virus is licensed from Symantec.

The actual secure flash drive is tamperproof and virtually impenetrable to physical cryptanalysis attacks. The crypto chip uses advanced self-aware technology, and if it detects a physical attack (via power attacks, electron microscopes, etc.), it will self destruct. All of the internal components are potted in an epoxy compound, which further protects the crypto chip, as well as preventing someone from pulling the encrypted data off your flash chips for offline distributed cryptanalysis.

Your AES encryption keys are truly unique as they are generated by the crypto chip using a FIPS-140-2 compliant True Random Number Generator. Also, they do not leave your secured hardware to be stored in flash memory, on your local computer, or in any KeyArmor database. This is why there is a delay during initialization, as the AES keys are generated at the time you setup your drive. We could have done this ahead of time for you to save you the trouble, but then we would have your encryption keys. For your privacy and protection, we make you the sole possessor of your encryption keys.

The encryption keys are generated and stored in the crypto chip and are never stored in the flash memory or on the local computer. This is because those areas are not hardened against advanced crimeware techniques like the crypto chip is, and would never be a safe place for storing.

The encryption happens on the USB flash device, using standard USB mass storage device drivers. Data is clear of viruses because the data is scanned for viruses when being copied to the device.

Metal casing: KeyArmor is encased in a metal housing (not plastic), making it one of the strongest USB flash devices you can buy. Your KeyArmor has a functional metal cap, with a rubber inner seal. When the cap is placed over the USB flash device connector, your KeyArmor is extremely waterproof (far exceeds MIL-STD-810F).

The interior of your KeyArmor is filled solid with an epoxy-based potting compound (not plastic). This seals in all the components. The process for an expert hacker to try to extract the data from the flash chips will almost certainly destroy the chips and connections inside, making further attack or disassembly useless.

KeyArmor also protects against attacks to the crypto chip itself. Key storage areas are protected with thin-film metal shielding. The chip itself defends against power attacks and other invasive attacks such as using an electron microscope to scan the onboard memory.

Rugged casing: KeyArmor is in a rugged plastic rubber coating housing. The interior of your KeyArmor has the crypto chip potted with the epoxy compound preventing someone from pulling the encrypted data off the flash chips.

Single-level cell (SLC) and multi-level cell (MLC) Flash memory are similar in their design. MLC Flash devices cost less and allow for higher storage density. SLC Flash devices provide faster write performance and greater reliability, even at temperatures above the operating range of MLC Flash devices. These factors make SLC Flash a good fit in embedded systems, while MLC flash makes it possible to create affordable mobile devices with large amounts of data storage.

Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install; Migrate
Solution Id:
1059914
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.