Visit to Ottawa Canada – October 28 to 31 2014

October 13th, 2014

I am visitingCanadafor Gtec (28/29 October) with private visits from 28 to 31 October 2014. I am still available, just ask me for a meeting.

ECLYPT Core 600 Drives are CSE (Communication Security Establishment) certified for use by the Government of Canada at and up to Top Secret. cseBADGE

No other hardware encryption device is approved for use by CSE.

For For further information on ECLYPT in Canada or for an appointment, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Tablet – SST SCT1150E Dell Venue

September 17th, 2014

ECLYPT Core 600 Drives are CAPS evaluated to protect and hold up to TS Data.

SST have designed a housing, that can hold an ECLYPT Core 120GB rotating or 128GB / 256GB / 512GB Solid State Drive.

Dell Venue Tablet Protected by ECLYPT Core Drive


SST integrate an ECLYPT Core encrypted drive into the back of a Dell Venue 10.8 inch tablet. A special ECLYPT Core PAE (Pre-Authentication Environment) is provided by ViaSat that allows touch screen entry of the username and password.


If the password and USB user token is correct, the Tablet is successfully authenticated and the Windows 8.1 OS is booted allowing full touch screen functionality.

For For further information on ECLYPT Tablet Encryption, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Improvement Version 34

June 29th, 2014

ViaSat UK are conscious that as new computers keep evolving ECLYPT Encryption has to keep up.

This involves:

  • our customer support team identifying computers that do not work with the current version of ECLYPT Core Drives;
  • our development team fixing the problem(s);
  • our Test Team testing many computers – lent from PC Manufacturers;
  • our accreditation team presenting the revised version to the accreditor,
  • CESG who evaluate every small change for its security implications,
  • conduct penetration testing prior to the improved version being;
  • CAPS Approved ready for HMG release.

Following this process ViaSat UK has released version 34 that allows PCs with AHCI interface to work without any BIOS revisions. The AHCI interface allows Native Command Queuing which increases read and write performance.

ViaSat UK is now supplying version 34, except in Canada where CSE has not yet approved this version or unless you specify otherwise.

For further information just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT freedom Portable Drive Sizes

June 29th, 2014

ECLYPT freedom Portable USB Hard Drives - which are accredited to encrypt backups and transfer data up to TS - are now available in Capacities up to 1TB

The ECLYPT electronics
are approved by CESG to encrypt integral hard drives
up to 144,155 TB.As the integral drive supplier can now provide 1TB 2 1/2″ drives the ECLYPT freedom is now available as a 1TB hardware encrypted USB hard drive.

500GB ECLYPT freedom capacity is still available.
Please ask for the capacity of the ECLYPT freedom capacity solid state encrypted USB hard drive.

ECLYPT freedom with encryption electronics and internal drive

ECLYPT freedom showing encryption and internal drive

A faster ECLYPT freedom 200 with a USB 3.0 interface is also available in 2TB and 1TB models. This is undergoing CESG Accreditation.

For further information on the 1TB ECLYPT freedom Portable USB Hard Drives, or other sizes, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Tablet – Panasonic FZ-G1

March 19th, 2014

ECLYPT Core 600 Drives are CAPS evaluated to protect and hold up to TS Data.

EuroTempest have designed a housing, that can hold an ECLYPT Core 120GB rotating or 128GB / 256GB / 512GB Solid State Drive, for the back of the Panasonic FZ-G1 10.1 inch Windows tablet, with a choice of Windows 7 or Windows 8 as the operating system. A tempest protected verison is available.
FZG1BackS
The Panasonic FZ-G1 allows entry of a username and password into it's touch screen BIOS (without an external keyboard). This is transferred into the ECLYPT Core Drive's PAE (Pre-Authentication Environment) using the buttons below the screen .
FZ-G1 BIOS Keyboard
If the password and USB user token is correct, the FZ-G1 is successfully authenticated and the Windows OS is booted allowing full functionality through the touch screen keyboard.

The FZ-G1 can also be dropped into adocking station to provide access to your desktop display and keyboard.

Panasonic Docking Station Showing ECLYPT Fitted to FZ-G1

Panasonic Docking Station Showing ECLYPT Fitted to FZ-G1 Tablet

For For further information on ECLYPT Tablet Encryption, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT works with Windows 8

March 19th, 2014

ViaSat UK have tested ECLYPT Core with the current version of Windows 8 operating system, both 32 bit and 64 bit versions, and all types of KeyStone Tokens (F and H) . All these tests were successful.

There is talk of Windows 8 working without a BIOS using UEFI, so ViaSat UK even have a solution for this combination, even though they have not found many computers that rely on this method yet.

For further information just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Management Application 4 – Works on Linux

March 18th, 2014

ViaSat have released ECLYPT Core 200 Drives with the new EMA4 ( ECLYPT Management Application).
EMA4 is supported by: Windows and Macintosh OSX operating systems; Debian and RPM Linux Distributions.

ECLYPT 200 drives with EMA4 supports:

  • Token Management
  • Saving Core 200 keys to KeyStone User Tokens
  • Remote Host Management
  • Emergency Key Purge
  • Drive Sets allowing the authentication of multiple ECLYPT Drives with a single password (and token if required)
EMA4 - ECLYPT Management Application

EMA4

For For further information on ECLYPT Core Hard Drives with EMA4, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT as described by ViaSat UK CEO

March 18th, 2014

ViaSat UK’s CEO describes ECLYPT Encryption. I suggest you view the article on ITProPortal:

www.itproportal.com-when-we-talk-about-protection-we-protect-whole-system

For For further information on ECLYPT Core Hard Drives, just email robert.palmer@viasat.uk.com Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

My ECLYPT Drives

March 18th, 2014

To secure my data I use:
1. A Dell E6400 ATG Laptop with an ECLYPT Core replacement encrypted hard drive show below (1). This is secured inside the laptop, so a casual observer will not know it is there, with tamper evident labels applied over the drive bay cover. Dell E6400 ATG Laptop showing its internal ECLYPT Core Encrypted Drive	Dell E6400 ATG Laptop showing its internal ECLYPT Core Encrypted Drive

In my desk:
2. To back-up my laptop (in reality my ECLYPT Core encrypted drive) I use the ECLYPT freedom portable drive (2), shown below in its silicon sleeve. It is connected to my laptop with the black USB cable (3). Removal from the USB Cable makes it instantly secure.
4. To transfer small files I use my ECLYPT nano USB 2GB memory stick drive. The ECLYPT nano is a miniaturised ECLYPT freedom drive that just plugs directly into the USB Port.
5. ECLYPT Setup CD (5) NPM contains:

  • the user manual - just load into any computer's CD drive to read
  • Setup Utilities
  • The ECLYPT Management Application (EMA) Programme to manage all your ECLYPT Drives.
  • On its front face the telephone number of the ViaSat UK free support helpline:
  • +44(0)1929 55 44 00 Option 2

My desk drawer showing my ECLYPT freedom, ECLYPT nano and the ECLYPT set up and manual CD

In my pocket:
6. A KeyStone USB Token - that contains a digital password - to separate it from the ECLYPT Core protected laptop (1), the ECLYPT freedom portable drive (2) and the ECLYPT nano USB drive (4).
It authenticates the three ECLYPT drives (1)(2)(4), so I only need to carry a single KeyStone Token.
All KeyStone Tokens are NPM, so they require no further protection, when kept in my pocket - whether worn or in my wardrobe.
KeyStone User Token in Pocket

For further information just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Drive Set Authentication – Getac X500 Servers

January 3rd, 2014

ViaSat UK's PAE2 (Pre-Authentication Environment) functionality allows several ECLYPT Drives to be:

  • grouped in a Drive Set;
  • so multiple ECLYPT Drives can be authenticated together by
  • a single password      (and single token for Core 600)
  • Getac X500 Server with 6 x ECLYPT Core Drives
  • The Getac X500 Server with an expansion bay, with 5 drives, has been sucessfully tested with 6 x 512GB ECLYPT Core Solid State Drives
  • providing 3 terabytes of Storage
  • with RAID options available.

For For further information on multiple ECLYPT Core Drives Protecting Servers, just email robert.palmer@viasat.uk.com

 Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Automatic Authentication – Good for Tablet Computers

December 23rd, 2013

ViaSat UK have improved the functionality of the PAE (Pre-Authentication Environment) of ECLYPT Core 200 FIPS validated Drives, allowing a single token to be designated the authomatic authentication token.

When an account configured for Token only authentication is designated and the correct Token is inserted, the ECLYPT Core 200 Drive is automatically unlocked and the computer protected by the ECLYPT Core 200 Drive is turned on:

  1.  the Token’s digital password is checked;
  2. if it is correct the ECLYPT Drive is unlocked and
  3. the Computer automatically boots its operating system – providing full access to its internal hard drive whose data is immediately decrypted as it is required.

The ECLYPT Automatic Authentication functionality was developed for:

  • the Panasonic CF-D1 TabletPanasonic CF-D1
  • and another bespoke computers system.
  • However we are extending this concept for other higher protectively marked systems.

For For further information on ECLYPT Core Hard Drive Automatic Authentication, just email robert.palmer@viasat.uk.com

 Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT can protect Macintosh Computers

March 13th, 2013

Current data at rest encryption (including all other CESG approved competitors) relies on BIOS interupt. The latest ECLYPT version however can be configured to utilise the UEFI. Both Macintosh and Windows 8 use this interface.

So ViaSat UK can now provide ECLYPT Core Drives to protect 64 bit Macintosh Computers running Mac OS X versions 10.4 Tiger, 10.6 Snow Leopard, 10.7 Lion, 10.8 Mountain Lion and 10.9 Mavericks.

Current ECLYPT version 34 drives can be configured to protect Macintosh Computers:

  • So current ECLYPT Core 200 , FIPS validated, are ready to be protect Macintosh. They are being evaluated by several clients.
  • CESG Approved ECLYPT Core 600 / 300 hardware can be configured to protect Macintosh Computers (the configuration is currently under CESG evaluation)
  • Macintosh Computer Showing ECLYPT authentication screen
  • Macintosh computers can also be securely backed up onto ECLYPT freedom Drives

For further information on ECLYPT Core Hard Drives protecting Macintosh Computers, just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT Core 512GB SSD Drive ready for ordering

January 4th, 2013

ECLYPT Core SATA Hard Drives - which are accredited to encrypt and secure data up to TS - are now available in Capacities up to 512GB

The ECLYPT electronics are approved by CESG to encrypt integral hard drives up to 144,155 TB. As the integral drive supplier can now provide 512GB 1.8" solid state drives the
ECLYPT Core can now be ordered with a 512GB hardware encrypted hard drive in a 2 1/2" x 9.5mm form factor.

The other capacities as still available.

For further information just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

Why ECLYPT Hardware Encryption is best

December 7th, 2012
  • 1. Fully Encrypted Hard Drive Enclosed within:
  • 2.Tamper evident case. Proves that the integral drive, encryption key and electronics haven’t been attacked,
    even if tamper evident labels or ECLYPT Core have been removed from the drive bay cover.
  • 3.Tampering with this layer destroys the encryption key and electronics.

ECLYPT how it works picture

  • 4. Key held on ECLYPT Encryption electronics allows ECLYPT Core to be moved to another computer to keep your system working.
  • 5. Encryption is done inside the ECLYPT Core so it does not slow down the host computer. ECLYPT Core is operating system independent allowing upgrade to a new operating system for no extra cost.
  • 6. Integral drive cannot be overwritten prior to authentication preventing denial of service attacks.
  • 7. Hardware emergency key purge
  • 8. SATA connector can only read data decrypted after strong authentication succeeded, preventing network and key discovery attacks.
  • 9. Case's thermal characteristics prevent Cold Boot attack.

For further clarification just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

Skyfall with ECLYPT = no film

November 5th, 2012

The latest James Bond film starts with the theft of a laptop hard drive.

Watching Skyfall should be compulsory for all managers responsible for data security - it shows the range of threats and corresponding attacks.

If the list was stored on an ECLYPT Core Drive the data on the stolen drive would have been secure and 007 would not have to retrieve it - so the Sam Mendes would be filming another plot.

However if MI6 used one of ViaSat UK's software competitors solutions, the list would have still been compromised.

  1. Ripping out the hard drive, made it obvious that it was tampered with, however:
  2. a professional spy would have removed the valuable drive with a screw driver and performed a disk copy.
  3. 'M' would not have even known, but
  4. if an ECLYPT Core Drive was used the theft would have been obvious, so the imbedded agents could be withdrawn.
  5. Also the ECLYPT Core Drive's tamper respondant layer would have destroyed the decryption electronics.
  6. So with ECLYPT Core Drive no film no compromise

For further information just email robert.palmer@viasat.uk.com

Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT 600 & 200 Tokens

December 19th, 2011

ECLYPT 600 drives (Core 600, freedom 600 & nano 600) require a password and user token ( having 2 factor authentication).

ECLYPT 200 drives are more flexible and can authenticate in any of these 3 ways:

  1. Password Only
  2. Token Only
  3. Password and Token for 2 factor authentication.
Examples
Computers Users Tokens
Computer Protected by ECLTPT Core 600 Computer Protected by ECLTPT Core 600
Crypto Officer
Manager
Eclypt User 1
Eclypt User 2
KeyStone User Token with unique digital password
KeyStone User Token with unique digital password
KeyStone User Token with unique digital password
KeyStone User Token with unique digital password
Computers Users Tokens
Here Computer Protected by ECLTPT Core 600
ECLTPT freedom 600
ECLTPT freedom 600
ECLTPT freedom 600
There Computer Protected by ECLTPT Core 600
Crypto Officer
At Here
Manager Here
User Here
At There
Manager There
User There
All 3 freedom drives move between Here and There without tokens and passwords
KeyStone User Token with unique digital password
spacer
KeyStone User Token with unique digital password
KeyStone User Token with unique digital password
spacer
KeyStone User Token with unique digital password
KeyStone User Token with unique digital password

For further information about token setup just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT and Tempest

November 8th, 2011

When encryption such as ECLYPT Core becomes too difficult to penetrate, attackers turn to other methods such as Tempest. So you can have your data protected both ways ViaSat UK works with Tempest Computer Suppliers.

ECLYPT Core encrypted internal drives are designed to be compatible with all computers with a 2 ½” or larger drive bay, a SATA conection and are X386 compatible with a BIOS. This includes the Modulus RLC31 - a rugged laptop - available in Tempest Levels A, B and C , that has successfully passed ECLYPT Core 600 compatibility tests at ViaSat UK in Wareham.

For further information just email robert.palmer@viasat.uk.com
Disclaimer: This blog is written by Robert Palmer, an employee of ViaSat UK Ltd, but the views and opinions expressed on this website are those of the author, and do not necessarily represent the views and opinions of ViaSat

ECLYPT RAID Installation in Getac B300

October 24th, 2011

ECLYPT supports software RAID, including Microsoft's built in RAID in Windows 2003 Server.
GETAC B300+ECLYPT Encrypted Drive+ECLYPT Encrypted Drive=RAID 1

ViaSat UK tested and proved this on a Getac B300 where they installed 2 x ECLYPT 120GB Core 600 Drives:

  • Disk0 into the standard drive bay (on right hand side of the B300) and
  • Disk1 in the CD RoM Drive bay caddie adaptor (on left hand side of the B300).
  1. The GETAC B300 BIOS setting: SATA controller was changed to compatibility mode.
  2. Windows Server 2003 was installed on Disk0.
    BIOS update (R1.19.070520d) was loaded and updated using win 98 boot disk.
  3. Downloaded Getac drivers from Web site - as you need to ensure that the Chipset and RAID drivers are installed to enable the ECLYPT Drives to be seen by the Windows operating system.

Upon simulating a Drive failure - by removing Disk0 turning the power back on - and after authenticating the other ECLYPT drive it automatically booted from Disk1, proving that not only
can 2 ECLYPT Drives operate as a RAID 1 but that the RAID 1 recovery also works.