The intrinsic safety of xCoreDisk

    We wanted to create a product that could provide maximum security in data protection: xCoreDisk condenses in a product all our experience and all our attention to details.


Access to the device

Physical access

  • The device has a shell made of rubber material printed on the electronics: an attempt to open it would result in complete breaking of the electronics making the device unusable.

Logical access

  • The device is part of the xCore family that provides an authentication process that leads to the opening of authenticated sessions for sending any command.
  • Once the authenticated session is opened, all exchanged data pass inside a channel encrypted with AES 256 key generated at the moment and used in GCM mode (Galois Counter Mode) in order to allow to sign each command.

Cryptography

    The device has inside a latest generation cryptographic coprocessor that allows you to execute the algorithms used directly in hardware, greatly increasing the speed of execution.

Algorithms

  • Different algorithms are used depending on the operation performed:
    • Admin Authentication for session opening: RSA 2048 PSS  -  RSA 4096 PSS
    • User authentication for session opening: RSA 1024 PSS  -  RSA 2048 PSS  -  AES 256
    • Communication within the authenticated session created: AES 256 GCM
    • Disk data encryption: AES 256 CBC with encryption related to DiskSignature, sector address and S/N (hardware) of the device

Keys

  • All keys are generated internally using the FIPS - certified Random Number Generator (RNG) unit.
  • Where present the private part of the asymmetric keys (RSA) is not exportable
  • The keys are generally not exportable from the device
  • Each device has its own keys that are always different from those generated by other devices


Disk management

  • All data is stored on the hard disk always and only in an encrypted form
  • The disk configuration is saved in an encrypted file together with the data of the disk itself
  • The disk configuration file is encrypted with a unique key only present on the device used
  • The keys to decrypt the disk data are unique and only the device is able to generate them
  • Each created virtual disk contains encrypted data with a different encryption key than all other created disks


Device management

  • You can configure the device by accessing it with the Admin credentials created during initialization
  • By customizing the Admin user credentials you will be the only person to be able to access the device for cloning
  • Only as Admin you can proceed with the cloning of the device in order to allow your employees to access the protected data
  • Time license - You can also decide the date after which the device will no longer allow access to data


WARNINGS FOR YOUR DATA SECURITY  WARNINGS