Multi award-winning company Cardwave works with customers of all sizes across the world, providing specialist expertise to organisations who need to secure, distribute and recover their data.
Index This brochure outlines products and services designed to help your organisation secure, share and recover business data. Page Introduction: Don’t risk a data breach! Data encryption - hardware vs software.
4 5-6
Product portfolio SafeToGo® Solo Fully robust hardware encrypted USB that complies with EU GDPR encryption requirements.
7-8
SafeToGo® 302E Fully robust hardware encrypted USB with additional language options.
9-10
GateKeeper Enterprise From 5 workstations to 5,000, Gatekeeper Enterprise provides pain-free, centralised management of every person, password and computer on the network.
11-12
GateKeeper Halberd A wireless key with proprietary access control software, which locks and unlocks computers and websites based on a user’s proximity.
13-14
ThinC-VAULT ThinC-VAULT is an encrypted USB storage device with built-in fingerprint biometric security and 256-bit AES encryption.
15-16
ThinC-AUTH A secure USB-A hardware token to address the needs of authentication.
17-18
Data Resus - Data recovery service
19 - 20
Contact us
21 - 22
2
Don’t risk a data breach! Data breach incidents can be costly. In addition to hefty fines, the financial implications of failing to protect sensitive data from unauthorised access can be longer-term; reputational damage, business disruption, customer and staff churn. Despite the penalties associated with a data breach, they continue to be a daily occurrence for businesses globally. According to the Breach Level Index (BLI), approximately five breaches occurred every day in the first half of 2018, with a staggering 4.55 billion records compromised between January and June 2018. The latest BLI report reveals that although the number of incidents fell year on year by almost 19%, the number of records breached rose by 133%, with 291 records compromised every second.
Eliminate costly mistakes Human errors and poor security practices continue to be a major source of data breaches, with the BLI advising that organisations need to bolster internal security through staff training and security measures such as encryption and access management. With more businesses permitting employees the freedom and flexibility of remote working, the risk of data breaches linked to human error are greater than ever. Arming staff with tools designed to prevent unauthorised access to valuable information is an important step in the fight against data theft. Cardwave is a globally recognised expert in flash memory technology. We are a trusted partner to many high-profile companies across the world and industries, providing valueadd products and services that help them use flash memory in their business. We offer data security solutions designed to give you access to the data you need, when you need it, without having to worry about unauthorised access. All our products meet the encryption standard requirements of the GDPR.
www.safetogosolutions.com 4
What is encryption? Encryption of your data, in any way, is a good thing. Encrypting your data and hiding it from prying eyes by using password or PIN access is an important step to safeguarding your personal information. Encryption is the process of changing or transforming your files according to a set of rules and algorithms into a format that others cannot read. The only way to access those encrypted files is by applying your personally chosen password or PIN to the gateway application so the content can be decrypted. Off-the-shelf encryption solutions for consumers and businesses alike must conform to certain standards in order for them to claim to encrypt your data. At the very least, your chosen data security solution should perform AES-256 bit encryption for it be effective. This is a complex subject, one best left to the programmers and mathematicians to explain, but essentially it’s a series of linked mathematical operations used in a block cipher, operating on a fixed-length 5
group of bits with an unvarying transformation specified by a symmetric key. We did say it was complicated. The encryption can be implemented in software or in hardware.
Limitations of software encryption Many security solutions offer encryption using a software method. While this is easier and cheaper to implement than a hardware solution, it is simply a software programme that acts as the cipher, and can be hacked in much the same way that any software application can. Password hacking viruses on your computer will target and perform multiple attacks on your data, trying relentlessly to crack your password until it finds the key that unlocks your data. Making your password a long and complex combination of characters and numbers, as well as upper and lower case letters, will increase the difficulty level of these attempted hacks. The effectiveness of a “brute-force” attack is linked to the skill level of the hacker. Password and PIN gateways will lock-down data and prevent access attempts once the password has been incorrectly guessed a certain number of times. Knowledgeable
Keep your important data securely encrypted and away from prying eyes...
hackers will locate and reset these software counters and will continue with further attempts to decrypt your data. To truly safeguard your data and personal information against these kinds of attacks, you need hardware encryption.
Hardware encryption In a hardware encrypted USB device, access control counters and all information relating to encryption and decryption of the data are implemented in a crypto module located inside the USB flash drive.
The crypto module will shut down the USB device and keep the data safe in the event of unauthorised access attempts. Unlike a software based solution, hackers are unable to run analysis utilities on the USB drive to locate and reset this counter. By shutting down the USB device, a parallel attack can also be thwarted. A parallel attack is where data is copied and shared to many devices to increase the attempts at unlocking data. The USB device doesn’t allow the files to be copied, so they are safe.
To summarise the basic difference between software and hardware encryption, if you can encrypt using software, you can decrypt using software. However, a hardware encrypted device such as our hardware encrypted USB products offer superior security levels by using a cryptographic core in a location independent of the PC and operating system to encrypt your data. 6
SafeToGo® Solo SafeToGo® Solo is a fully robust, hardware encrypted USB 3.0 flash drive that protects your sensitive data on the move.
Key benefits and features include: Mandatory password protection: USB can only be accessed with password. Automatic hardware encryption: SafeToGo® Solo provides full hardware encryption of all data, featuring a single onboard security chip that can’t be bypassed and encrypts all data with AES-256 bit encryption. The PCBA is sealed by a nondestructible resin guaranteeing the memory chip cannot be removed. User-friendly setup: Totally transparent encryption and no software installation or administrative privileges needed. Timer lockdown: SafeToGo® Solo will lock after a customisable number of minutes. Hardware brute-force protection: Built in password attempt counter. Fast start-up: Unlock SafeToGo® Solo in as little as a few seconds after plugging it in. Rugged construction: Metal casing and a secure lid ensures the drive will survive a busy lifestyle. 7
Compact design: SafeToGo® Solo fits in the narrowest of USB ports, even in the tight compartments of many notebooks. Unique randomly generated key: Encryption keys are randomly generated on-board (using ANSI X9.31 RNG) at user set up, leaving no back door. Multi language support: SafeToGo® Solo currently supports English and German languages. Customisable: Your company logo can be printed on one side of the device and/or numbered (extra cost applies).
Key features:
Interface: USB 3.0 high speed. Backward compatible with USB 2.0 and 1.1.
•
Enterprise-grade security.
•
Data password protected with AES 256-bit XTS encryption.
•
100% hardware encryption.
•
Plug-and-play simplicity.
Transfer rate*: 5Gbit/sec for USB 3.0, 480Mbits/sec for USB 2.0, 12Mbits/sec for USB 1.1. *Theoretical speeds
•
High performance in a small formfactor.
Environmental: Operating (0°C to 70°C).
•
Anti brute-force attack.
•
Fast start-up times.
Compatibility: Windows 7-10 and Mac
temperature:
Dimensions: 56.7mm x 17.6mm x 6.5mm.
Capacity: 8GB, 16GB, 32GB, 64GB.
Hardware encryption: 256-bit AES XTS hardware module, 2048-bit RSA hardware module.
8
SafeToGo® 302E SafeToGo® 302E is a fully robust, hardware encrypted USB3.0 flash drive that protects your sensitive data on the move.
Key benefits and features include: Mandatory password protection: USB can only be accessed with password. Automatic hardware encryption: SafeToGo® 302E provides full hardware encryption of all data, featuring a single onboard security chip that can’t be bypassed and encrypts all data with AES-256 bit encryption. The PCBA is sealed by a nondestructible resin guaranteeing the memory chip cannot be removed. User-friendly setup: Totally transparent encryption and no software installation or administrative privileges needed. Timer lockdown: The device will lock after a customisable number of minutes. Hardware brute-force protection: Built in password attempt counter and user alert system that tracks faulty unlock attempts.
9
Authorised autorun: SafeToGo® 302E always overwrites the auto run.inf file from the encrypted storage volume to protect against autorun viruses. Fast start-up: Unlock SafeToGo® 302E in as little as a few seconds after plugging it in. Rugged construction: Metal casing and a secure lid ensures the drive will survive a busy lifestyle. Total reset: SafeToGo® 302E can be wiped clean and reset to factory settings. Compact design: SafeToGo® 302E fits in the narrowest of USB ports, even in the tight compartments of many notebooks. Customisable: Your company logo can be printed on one side of the device and/ or numbered (extra cost applies). Multi language support: SafeToGo® 302E currently supports English, German, French, Italian, Dutch, Spanish, Polish and Portuguese languages.
Key features: •
Enterprise-grade security.
•
Data password protected with AES 256-bit XTS encryption.
•
100% hardware encryption.
•
Plug-and-play simplicity.
•
High performance in a small formfactor.
•
Anti brute-force attack.
•
Fast start-up times.
•
Manufactured to ISO 9001:2008 and ISO 14001:2004.
Interface: USB 3.0 high speed. Backward compatible with USB 2.0 and 1.1. Compatibility: Windows 7-10 and Mac. Transfer rate*: 5Gbit/sec for USB 3.0, 480Mbits/sec for USB 2.0, 12Mbits/sec for USB 1.1. *Theoretical speeds Environmental: Operating (0°C to 70°C).
temperature:
Dimensions: 56.7mm x 17.6mm x 6.5mm. Capacities: 8GB, 16GB, 32GB, 64GB, 128GB.
Hardware encryption: 256-bit AES XTS hardware module, 2048-bit RSA hardware module.
10
GateKeeper Enterprise GateKeeper Enterprise brings security and convenience to employees by using wireless keys (Halberd or the Trident App) to simplify the login process, remove the need to remember complex passwords, and enable access to computers and websites based on their physical presence. From 5 workstations to 5,000, GateKeeper Enterprise provides pain-free, centralised management of every person, password, and computer on your network.
Key features: Eliminates manual logins: Automated login prevents shared and insecure passwords as well as offering password management. Windows and MacOS compatible: Windows 7-10 and Mac OSX version 10.13 or above. Secure: Credentials are secure with AES 256 encryption (not stored on keys). GateKeeper offers optional 2-factor authentication with a 4-digit PIN. Proximity-based lock and unlock functionality: Adjustable range up to 30 feet.
11
Multiple login methods available: Dynamically built for many clients on a single platform. Does not require physical contact with computer: Wireless hands-free authentication. Automated hands-free lock and unlock: GateKeeper ensures the computer is locked when unattended. Works with wireless key and smartphone app: GateKeeper Enterprise can be used in conjunction with a GateKeeper Halberd, or with the Trident App users can use their smartphone as a wireless key. Real-time location services: Track user location in real-time and log location history. Shared credentials identification: Differentiate users activity even if users share logins.
Gatekeeper hub-centralised access management dashboard: Server-based, not stored in the cloud, deploy security policies, add, edit or delete user access settings on the network and manage devices and users, with reporting and auditing. Active directory integration for Enterprise: Easily add a user with one click from Active Directory.
12
GateKeeper Halberd Proximity-based wireless key for handsfree computer access. Access computers and web credentials wirelessly using the Halberd token. GateKeeper Halberd is the wireless key for your computer and websites. With proprietary access control software, GateKeeper locks and unlocks computers and websites in the workplace based on the user’s proximity. GateKeeper Halberd provides users a hassle-free login experience by eliminating the need to type passwords, without compromising convenience, productivity and security.
Reduce risk by automating compliance GateKeeper Halberd ensures that users follow security best practices and adhere to compliance standards. This reduces the risk of sensitive information being exposed and organisations being subjected to compliance violation penalties. •
Computer locks automatically when user walks away.
•
Continuous 2-factor authentication.
•
Serves as unique identifier for individual users in shared credential environments.
•
No user information stored on the Halberd.
•
Secure workstation when working remotely.
Technical Specification •
Bluetooth Low Energy (BLE) technology.
•
Eliminates manual logins forever.
•
•
Proximity-based lock and unlock functionality.
Replaceable CR2450 battery with 6-month battery life.
•
Water resistant.
•
Adjustable range from inches to 30 feet.
•
Separate hardware key, independent of phone/internet.
•
Does not require physical contact with computer.
•
Lightweight and water/crush resistant.
13
Patented technology GateKeeper uses patented technology for wireless access management. Using real-time authentication (as opposed to traditional onetime), the GateKeeper constantly verifies.
Carry your Halberd with you to get seamless access to all your computers and websites. Secure all your workstations and eliminate the risk of internal threats and data breaches. Halberd locks your computer when you leave - unlocks when you return. Halberd supports multiple users per computer, and easy 2-factor authentication with a PIN.
14
ThinC-VAULT ThinC-VAULT is an encrypted USB storage device with built-in fingerprint biometric security and 256-bit AES encryption. ThinC-VAULT protects data with hardware-based encryption, the keys for encryption get generated and stored within the device’s secure element. The device is designed to encrypt data automatically as it enters the drive and then decrypt it as it moves out of the drive without compromising speed and efficiency. ThinC-VAULT prevents data access until the pre-registered fingerprint has been authenticated within the device itself - reducing the chance of automated malware propagation.
Devices are built with state-of-the-art biometric touch sensors from a leading global OEM and the biometric templates are completely encrypted and stored within the device. Fingerprints and digital identity remain private and cannot be extracted from the device. Available in 32GB, 64GB and 128GB.
15
Key features: Strong 3-factor authenticator with fingerprint biometrics: •
Fingerprint 360° touch-sensor for fingerprint authentication. Fingerprint data is securely stored within the device with on-device authentication.
•
Supports multiple fingerprint registrations.
•
Encrypted storage for biometric templates biometric data never leaves device.
•
Enrolled fingerprints can be verified and/or erased.
Security and cryptography: •
Secure Controller cryptographic acceleration - AES 256, RSA, ECDSA, EC-KCDSA, Ed25519, RNG, SHA256/SHA512.
•
Hardware-based AES 256 for data storage encryption.
•
Dynamic on-board key generation.
•
Device will be unlocked/accessed only on successful biometric authentication.
•
Design in compliance with FIPS 140-2 Level 2 standards.
•
Soft-tamper / Factory-reset.
Features and benefits Connectivity: High-speed USB 2.0.
Benefits:
Performance:
Management tool: This tool is used for managing the fingerprints, partitions and device settings. For Enterprises, a Remote Management Tool is also offered with advanced protection features while maintaining privacy, control and audit capabilities without compromising security.
•
Read speed @ 7 MB/s / Write speed @ 5 MB/s.
•
Durability: ~10,000 insertion cycles.
Environmental: •
Storage temperature:-40°C to 85°C.
•
Operating temperature:-5°C to 55°C.
•
Operating voltage: 4.9V ~ 5.1V / Over voltage protection: Up to +28V.
Device compatibility: Windows, Mac and Linux (ThinC-VAULT directly functions without any driver on any OS). Management tool compatibility: •
Desktops, laptops and servers support for Operating Systems: above
-
•
Windows 7 and desktop versions.
for
•
Windows 2012 and above for server versions.
•
MacOS.
Storage and partitions: User can create multiple storage partitions. Optional PIN based authentication to access secure partition. Storage permissions: Each partition can be set with read-only or read/write permissions. Ownership of each partition to single or a group of fingerprints. Customisation: Admin user can set the ‘Self Destruction’ timer to detect a number of unauthorised authentication attempts.
www.safetogousb.com Email info@cardwave.com Call 01380 738395
ThinC is a registered trademark of Ensurity 16
ThinC-AUTH ThinC-AUTH is a secure USB-A hardware token to primarily address the needs of authentication.
The ThinC-AUTH hardware token has been designed and developed with “Security” at its core and is built using trusted embedded hardware components with support for FIDO standards to provide simpler, stronger authentication using an open, scalable and interoperable approach. ThinC-AUTH devices are built with a state -of-the-art biometric touch sensor from a leading OEM. Biometric fingerprints obtained from the sensor are completely encrypted, securely stored and confined to the device. ThinC-AUTH enhances and establishes an authentic access control to the device using fingerprint-based biometric security along with strong cryptography. This touch-based sensor is exceptionally responsive; ThinC-AUTH uses hardware to match enrolled fingerprint, unlocking the device and securely authenticating using FIDO2/U2F.
17
Key features: Authentication standards: • FIDO 2.0 (including resident key, Bio-API, credential management). • FIDO 1.2 U2F. Connectivity: • Full-speed USB 2.0. Strong 3-factor authenticator with fingerprint biometrics: • Touch based fingerprint sensor. • 360° touch-sensor for fingerprint authentication. • Support for multi-fingerprint registrations. • User binding to the hardware token with individual biometrics. Security and cryptology:
•
Secure Element cryptographic acceleration AES 256, DES/TDES, RSA, DSA, ECC, ECDH, RNG, SHA256/SHA512.
•
Encrypted storage for biometric templates.
•
Dynamic on-chip generation.
•
Design in compliance with FIPS 140-2 Level 2 standards.
•
Soft-tamper / Factory-reset.
encryption/token
key
Performance: •
Durability: ~10,000 insertion cycles.
Environmental: •
Storage temperature:- 40°C to 85°C.
•
Operating temperature:- 5°C to 55°C.
•
Operating voltage: 4.9V ~ 5.1V
Fingerprint registration software compatibility: •
Microsoft Windows 7 MacOS 10.12 or above.
and
Fido2 - An open authentication standard: FIDO2 is an open authentication standard – a new era of ubiquitous phishing – resistant, strong authentication to protect internet users worldwide - hosted by the FIDO Alliance, that consists of the W3C Web Authentication specification (WebAuthn API), and the Client to Authentication Protocol (CTAP).
above. Find out more at tinyurl.com/thinc-auth
Benefits: Multi-factor authentication:
ThinC-AUTH generates and protects security credentials like keys, certificates, tokens and sequesters user information within the hardware. These credentials can be used for multiple purposes like digital signing, encryption, identity etc. The tokens can be used for identity, multifactor authentication, they are seamless and unique along with additional touch-toauthenticate functionality.
www.safetogousb.com Email info@cardwave.com ThinC isCall a registered of Ensurity 01380trademark 738395 18
Data recovery service In today's fast moving world, we save data to all types of devices, from our digital cameras and smart phones to more sophisticated business systems. Losing data from any type of device can be extremely distressing. Data Resus is a service by Cardwave Services Ltd and is committed to providing a first class recovery service, backed by excellent customer care.
Data Resus uses the latest generation software packages and hardware tools for recovering data from all types of media. We offer ‘DIY’ style recovery software online, and also a send in service at our UK centre for very sensitive, large, or difficult to recover data. Data Resus has the ability to recover data from the widest of product ranges. Even if we have not included it on the list below, please do get in contact and our technicians will be happy to try and assist. •
USB sticks and flash drive data recovery.
•
Camera data recovery.
•
Mobile phone data recovery.
•
Hard drive data recovery.
If you have accidentally deleted data files, images, videos or audio files from your media, or formatted or pulled out the media during a write process, we can hopefully recover your files and get your data back. We offer a 'no recovery, no fee' service for items sent in to us*. *Terms and conditions apply.
Find out more at www.dataresus.com
20
We care as much about your customer experience as you do Outstanding customer service is our goal and of utmost importance to us
Contact us It’s the service we give our customers that sets us apart from our competitors. Every customer is unique and they all have their own individual set of requirements. We will work closely with you to ensure you get the right product/service for your requirements.
Please get in touch today!
Emma Charlton Security and Authentication Division Lead emma.charlton@cardwave.com Tel: +44 (0) 1380 738395
Laura Zaman Customer Solutions Assistant laura.zaman@cardwave.com Tel: +44 (0) 1380 738395
Cardwave Services Ltd 6c Hopton Industrial Estate Devizes, Wiltshire SN10 2EU United Kingdom
Cardwave Inc 100 Allentown Parkway Suite 216 Allen TX, 75002 United States
Tel: +44 (0) 1380 738395 Email: info@cardwave.com
Tel: +1 469 640 5494 Email: info@cardwave.com 22
www.safetogosolutions.com safetogo@cardwave.com
6c Hopton Industrial Estate, Devizes, Wiltshire, SN10 2EU, United Kingdom. Company Reg. No. 5308339. VAT No. 850228151 Š 2019 Cardwave Services Ltd
19ELC722