The intrinsic safety of xCoreDisk

    We wanted to create a product that could provide maximum security in data protection: xCoreDisk condenses in a product all our experience and all our attention to details.

Access to the device

Physical access

  • The device has a shell made of rubber material printed on the electronics: an attempt to open it would result in complete breaking of the electronics making the device unusable.

Logical access

  • The device is part of the xCore family that provides an authentication process that leads to the opening of authenticated sessions for sending any command.
  • Once the authenticated session is opened, all exchanged data pass inside a channel encrypted with AES 256 key generated at the moment and used in GCM mode (Galois Counter Mode) in order to allow to sign each command.


    The device has inside a latest generation cryptographic coprocessor that allows you to execute the algorithms used directly in hardware, greatly increasing the speed of execution.


  • Different algorithms are used depending on the operation performed:
    • Admin Authentication for session opening: RSA 2048 PSS  -  RSA 4096 PSS
    • User authentication for session opening: RSA 1024 PSS  -  RSA 2048 PSS  -  AES 256
    • Communication within the authenticated session created: AES 256 GCM
    • Disk data encryption: AES 256 CBC with encryption related to DiskSignature, sector address and S/N (hardware) of the device


  • All keys are generated internally using the FIPS - certified Random Number Generator (RNG) unit.
  • Where present the private part of the asymmetric keys (RSA) is not exportable
  • The keys are generally not exportable from the device
  • Each device has its own keys that are always different from those generated by other devices

Disk management

  • All data is stored on the hard disk always and only in an encrypted form
  • The disk configuration is saved in an encrypted file together with the data of the disk itself
  • The disk configuration file is encrypted with a unique key only present on the device used
  • The keys to decrypt the disk data are unique and only the device is able to generate them
  • Each created virtual disk contains encrypted data with a different encryption key than all other created disks

Device management

  • You can configure the device by accessing it with the Admin credentials created during initialization
  • By customizing the Admin user credentials you will be the only person to be able to access the device for cloning
  • Only as Admin you can proceed with the cloning of the device in order to allow your employees to access the protected data
  • Time license - You can also decide the date after which the device will no longer allow access to data