Supported Electronic Keys & Modes
StrongDisk Pro implements the international PKCS#11(Cryptoki) standard for work with electronic identification devices such as electronic keys and smart cards. Therefore, StrongDisk Pro can work with any PKCS#11-compatible device.
StrongDisk Pro also supports electronic keys of Touch Memory (iButton) type that work through RS-232(COM-port) interface and do not use PKCS#11.
PKCS#11 allows for implementing two modes of electronic key operation: standard and protected ones. In the standard mode the external key is stored in the electronic key in plain mode, so that it can be copied from there without any problems using standard software. For example, that can be done with tools built into StrongDisk Pro. In the protected mode a personal identification number (PIN) is required to store, copy, or modify the code contained in the electronic key. Nobody can acquire the value of the external key's code without entering the PIN code. Therefore, every time the external key is to be used the user must enter his PIN code.
Using electronic keys in the protected mode improves the security level significantly, since nobody can read or copy the contents of the electronic key. When working in this mode, the PIN code has to be entered every time a protected disk is mounted. It is also acceptable from the security standpoint to use an electronic key in standard mode (without PIN code protection) together with a strong password. In this case even if the attackers copy the contents of the electronic key and the disk image file, they will still be unable to mount it without knowing the password. Choice for protection level is up to the user and depends on how valuable the protected data are. For extreme precautions, the user can use four security mechanisms simultaneously, namely password, electronic key in protected mode, PIN code, and file-key. |
