Description

The world’s first and only PIN-authenticated, hardware-encrypted USB flash drive with removable iStorage microSD Cards

What is datAshur SD?

The iStorage datAshur SD is a PIN authenticated, hardware encrypted, USB Type-C flash drive designed to incorporate removable iStorage microSD Cards with capacities ranging from 32GB-1TB.

Rather than incorporating fixed memory, the datAshur SD is designed with an integrated microSD Card slot, making it a unique, ultra-secure, cost-effective solution that enables users to use one drive with as many iStorage microSD Cards as required, which are available in varying capacities, offering unlimited encrypted data storage.

Furthermore, the patented iStorage datAshur SD KeyWriter software clones datAshur SD flash drives with the same encrypted encryption key enabling a secondary drive as a backup and also permits organisations to share encrypted iStorage microSD Cards with as many authorised users of cloned datAshur SD drives as required, without compromising on data security.

All data stored on iStorage microSD Cards is encrypted (full disk encryption) using FIPS PUB 197 validated AES-XTS 256-bit hardware encryption. In addition to the datAshur PRO2, the datAshur SD is the world’s only encrypted USB flash drive to incorporate a secure microprocessor that is Common Criteria EAL 5+ certified, which enhances security through true random number generation and built-in cryptography. The data encryption key is protected by FIPS and Common Criteria validated wrapping algorithms and is securely stored on the secure microprocessor, separate from the data.

Easy to use

Insert your iStorage microSD Card into the datAshur SD microSD Card slot and simply enter your 8-64 digit PIN to authenticate
and use it as a normal flash drive. When the drive is locked, all data on the iStorage microSD card is encrypted (full disk encryption)
using AES-XTS 256-bit hardware encryption (no software required).

How secure is it?

On-device Crypto-chip

Offering 100% real-time military grade AES-XTS 256-bit Hardware Encryption with FIPS PUB 197 validated encryption engine.

Government validations

FIPS 140-3 Level 3 compliant.

Key-logger and Brute Force Attack Protection

The datAshur SD is authenticated (unlocked) and all functions are performed using the onboard alphanumeric keypad with zero software and host involvement, the device is not vulnerable to key-loggers and/or brute force attacks.

Polymer-coated, wear-resistant alphanumeric keypad

The datAshur SD keypad is coated with a layer of wear-resistant polymer that protects the keys and hides key usage to avoid tipping off a potential hacker to commonly used keys.

Brute force hack defence mechanism

If the User PIN is entered incorrectly 10 consecutive times, the User PIN will be deleted and the drive can only be accessed by either activating the User recovery PIN (if configured) or entering the Admin PIN.

If the Admin PIN is entered incorrectly 10 consecutive times, all data, PINs and the encrypted encryption key will be deleted and lost forever.

Immune to Bad USB

Both the USB Crypto chip and Secure Microprocessor incorporate digitally signed flash lock mechanisms making the datAshur SD immune to Bad USB.

Common Criteria EAL5+ secure microprocessor

Offers ultimate security against hackers, detecting and responding to tampering with features such as:

• Dedicated hardware for protection against SPA/DPA/SEMA/DEMA attacks.
• True Random Number Generator (TRNG), with NIST SP800-90B approved analogue noise source.
• Advanced hardware protection against physical
  attacks, including:
  • Active Shield, for detecting any physical intrusion or tampering
  • Enhance Protection Object, for protecting the memory against any attempts to introduce perturbations via laser attacks.
  • Glitch & Slope Detectors, for monitoring the internal power supply, and protecting the execution against glitch attacks on the power pins.
  • Built-in Parity Check mechanism, for detecting any corruption of sensitive states and registers.
  • Bare-metal Memory and Bus Encryption, for mitigating the risk of program, code and data integrity violation.
  • Environmental Protection Systems, for preventing any execution out of the operating ranges (voltage, frequency and temperature).
• Secure Memory Management & Access Protection, for preventing code injection attacks.
• In-house state-of-the-art secure firmware developed with pervasive protection throughout the code, and designed to resist advanced Side Channel Attacks.
• NIST SP800-90A approved Deterministic Random Bit Generator (DRBG), generating random numbers which are statistically equivalent to a uniformly distributed data stream.

Tamper proof & evident design

All critical components incorporated within the datAshur SD are completely covered by a layer of super tough epoxy resin, which is virtually impossible to remove without causing permanent damage to the components. The drive is also designed to be tamper-evident making it obvious if it has been tampered with.

Features

OS & platform independent

Cross-platform compatible with: MS Windows, macOS, Linux, Android, Chrome, Thin Clients, Zero Clients, Embedded Systems, Citrix, VMware, DVR’s, Medical Equipment, Printers, Scanners, CCTV etc. In fact, it will work on any device with a USB port!

Independent Admin & User PINs

Easily configure independent Admin and User PINs making it perfect for corporate and government deployment.

Unlimited capacity

Enables users to use one datAshur SD drive with as many iStorage microSD Cards as required, in varying capacities, offering unlimited and economical encrypted data storage.

Dust and water resistant – IP68 Certified

The datAshur SD is IP68 certified which means it will survive being submerged under 1.5m of water for 30 minutes and be deemed fit enough to withstand dust, dirt and sand.

Super tough drive

The datAshur SD housing and protective sleeve are made of hard anodised and ruggedised extruded aluminium, giving it a crush-proof design that can withstand the weight of a 2.7-ton vehicle.

Auto-lock

The datAshur SD automatically locks when unplugged from the host computer or when power to the USB port is turned off. It can also be set to automatically lock when idle following a predetermined length of time.

Read-only (write-protect) – Dual Mode

Both Admin and User can configure the datAshur SD as a read-only (write-protect) device. If configured by the Admin, the feature cannot be modified or disabled by the User, allowing the Admin to pre-provision a device with pre-loaded content as a read-only drive for the User.

Bootable

Ideal in certain cases where the datAshur SD needs to remain unlocked during USB port re-enumeration, such as during a reboot process or passing the device through a virtual machine. Allows users to install an OS on the datAshur SD and boot directly from it.

User recovery PIN

Extremely useful in situations where a User forgets their PIN, the recovery PIN allows the User to unlock the datAshur SD and set a new User PIN.

User PIN enrolment

Admin can set a restriction policy for the User PIN. This includes setting the minimum length of the PIN, as well as requiring the input of one or more ‘Special Characters’ if needed.

Whitelisting on networks

Configured with a unique VID/PID and internal/external serial number with barcode, allowing easy integration into standard end-point management software (white-listing), to meet internal corporate requirements.

Superspeed USB 3.2 (Generation 1)

Backwards compatible with older USB ports.