Spyrus has marketed a variety of USB drives and other storage devices, offering encrypted storage via embedded microSD cards that are sealed in tamper-proof epoxy. While these devices protected data, however, users were still vulnerable in cases where they attempted to browse the web or run software on untrusted computers, including those in homes or public spaces.

Announced in February, Spyrus' Secure Pocket Drive solves this problem by, in the company's words, "turning a commodity microSD card into a militarized security device."

Available in 2GB, 4GB, 8GB, or 16GB capacities, the device was originally available with the Windows Embedded Standard 2009 operating system -- apparently preconfigured with display, keyboard, and network drivers that can support most modern PCs -- but is now also offered with the Windows 7-based Windows Embedded Standard 7 operating system.

The Secure Pocket Drive from Spyrus

If a host PC can be configured to boot from a USB drive, it makes no difference whether that system is contaminated with spyware or malware, or even what operating system is installed, Spyrus noted earlier this year. That's because the Secure Pocket Drive runs Windows from its own secure storage, bypassing the host's hard disk and making use of only its keyboard, mouse, display, and RAM (512MB minimum), the company explained.

Spyrus announced in July that it had received U.S. Patent No. 7,757,100, which covers the implementation of a secure boot loader to authenticate and check the integrity of an encrypted storage device and the operating system loaded onto it. At the time, the company also said the Secure Pocket Drive had been verified as being "Citrix Ready."

The company touts the Secure Pocket Drive as being better than competing devices -- presumably referring to the likes of MXI Security's Stealth Zone, which we covered in August -- because it does not employ a hypervisor. As a consequence, there is less overhead and the device can run faster, claims Spyrus.

According to Spyrus, its Secure Pocket Drive is available in three editions: Remote Access, Productivity, and Productivity RO (Read Only). The Remote Access edition is a read-only device designed for secure web surfing, virtual private network connectivity, and virtualized application access. The Productivity edition adds to this functionality by supporting the installation of applications such as Microsoft Office, with the ability to store user data on the device or on a a separate secure USB device. Finally, the Productivity RO edition offers all of the functionality of the Productivity edition, except that an external storage device must be employed.

It's further said that all editions can be customized to meet organization-specific requirements. Unlike a bootable CD, for example, the Secure Pocket Drive can be unlocked and updated remotely by authorized administrators using Microsoft System Center Configuration Manager (SCCM) and Active Directory policy settings. The device can also be managed via the Spyrus Enterprise Management System (SEMS), which allows remote disable or destruction of devices, according to the company.

Background

Spyrus says its security technology has been designed and developed entirely in the USA, meeting FIPS 140-2 standards. The cryptographic algorithms employed are "the strongest commercially available," including elliptic curve cryptography (ECC), AES, and SHA-2, collectively known as Suite B, the company adds.

The company adds that it first developed a hardware-based pre-boot authentication system for Windows more than ten years ago. Building on this, the Secure Pocket Drive uses a secure boot loader to authenticate and check the integrity of the host PC, and it will not boot the Windows Embedded Standard 2009 operating system if the device has been tampered with, says Spyrus.

According to Spyrus, the Secure Pocket Drive uses FIPS 140-2 Level 3 tamper-resistant epoxy potting, with built-in anti-tamper and self-destruct mechanisms, to protect against unauthorized access to the device and data stored on it. The protected sectors of the device's memory, its operating system, and all data and application files are encrypted with advanced, hardware-based XTS-AES 256-bit encryption, fully compliant with the newly approved NIST SB800-38E security standard, the company adds. Finally, it's said "Suite B On Board" hardware security (ECDSA P-384, EC-DH, AES-256, SHA-384) supports the full set of Suite B cryptographic algorithms for all security services.

David S. Hill, senior manager of business development for Microsoft's Trustworthy Computing division, stated, "This presents a new, exciting and tangible approach utilizing a trusted stack. For the first time, a truly trusted mobile computing environment providing security of data, identity, applications, and operating system is provided by cryptographically binding the operational and storage bits to the hardware of the device."

A demonstration of the Secure Pocket Drive
Source: Spyrus
(click to play)

Further information

More information about the Secure Pocket Drive, whose pricing was not cited, may be found on the Spyrus website, here.

---

Related stories:

• USB security device includes Windows Embedded Standard
• USB security device includes Windows Embedded Standard
• Bootable USB stick includes encrypted Windows Embedded OS
• Microsoft unleashes new embedded OS
• MicroSD Smart Card adds Windows CE security
• Embedded security software rev'd
• Software utility speeds public key encryption on Via CPUs
• App secures Windows Mobile devices and their data
• Primer on elliptical curve cryptography