-
your Windows® embedded community
Windows For Devices
your Windows® embedded community
Announced in February, Spyrus' Secure Pocket Drive solves this problem by, in the company's words, "turning a commodity microSD card into a militarized security device." Available in 2GB, 4GB, 8GB, or 16GB capacities, the device is loaded with the Windows Embedded Standard 2009 operating system, apparently preconfigured with display, keyboard, and network drivers that can support most modern PCs.
If a host PC can be configured to boot from a USB drive, it makes no difference whether that system is contaminated with spyware or malware, or even what operating system is installed, Spyrus noted earlier this year. That's because the Secure Pocket Drive runs Windows from its own secure storage, bypassing the host's hard disk and making use of only its keyboard, mouse, display, and RAM (512MB minimum), the company explained.
Now, says Spyrus, it has received U.S. Patent No. 7,757,100, which covers the implementation of a secure boot loader to authenticate and check the integrity of an encrypted storage device and the operating system loaded onto it. It's said the new patent was issued on July 13 as a continuation of patent 7,380,140, and additionally describes how user data on the encrypted device can be backed up without decryption.
According to Spyrus, the Secure Pocket Drive has now also been verified as being "Citrix Ready." The combination of Citrix's XenApp and the USB drive "creates a portable computing environment that can be deployed anywhere by mobile workers, without fear of keyloggers or screen-scrapers on home or public PCs capturing passwords and risking the compromise of confidential information," the company says.
Background
Spyrus says its security technology has been designed and developed entirely in the USA, meeting FIPS 140-2 standards. The cryptographic algorithms employed are "the strongest commercially available," including elliptic curve cryptography (ECC), AES, and SHA-2, collectively known as Suite B, the company adds.
The company adds that it first developed a hardware-based pre-boot authentication system for Windows more than ten years ago. Building on this, the Secure Pocket Drive uses a secure boot loader to authenticate and check the integrity of the host PC, and it will not boot the Windows Embedded Standard 2009 operating system if the device has been tampered with, says Spyrus.
According to Spyrus, the Secure Pocket Drive uses FIPS 140-2 Level 3 tamper-resistant epoxy potting, with built-in anti-tamper and self-destruct mechanisms, to protect against unauthorized access to the device and data stored on it. The protected sectors of the device's memory, its operating system, and all data and application files are encrypted with advanced, hardware-based XTS-AES 256-bit encryption, fully compliant with the newly approved NIST SB800-38E security standard, the company adds. Finally, it's said "Suite B On Board" hardware security (ECDSA P-384, EC-DH, AES-256, SHA-384) supports the full set of Suite B cryptographic algorithms for all security services.
Tom Dickens, chief operating office for Spyrus, stated, "Public-sector organizations understand the need for mobility, but are wary of employees using untrusted USB flash devices and home PCs. Security for the Secure Pocket Drive is designed, developed, and manufactured in the U.S.A. to mitigate the dirty supply chain problem that is of increasing concern to governments around the world."
Further information
More information about the Secure Pocket Drive, whose pricing was not cited, may be found on the Spyrus website, here.
