$29.95
SecurityVault works by adding new devices to your computer called 'secure disks'. To your operating system, these secure disks appear as physical storage devices attached to your computer. As with any device, it is the responsibility of the device driver to mediate between the operating system and the underlying hardware. In this case, the operating system forwards file system operations to SecurityVault, which in turn provides a means of storing and retrieving the supplied data.
SecurityVault's device driver differs from the typical model in that it merely emulates a physical device. When you create a secure disk of a given capacity, SecurityVault creates a single monolithic file on an existing physical storage device (such as a local disk drive, a network drive or removable storage). As data is stored on the secure disk, SecurityVault automatically encrypts it and stores it in the volume file.
In this manner, an entire encrypted file system is stored within a single data file. This approach not only protects your files from unauthorized access but also hides the very presence of the files and folders from unauthorized users. When the vault is closed, the secure disk is removed from the system, together with all traces of the data stored therein.
Your lockbox content is stored within a single binary file using strong encryption. This encryption can only be reversed using a specific digital key which matches the key used to encrypt the data. SecurityVault protects this key using additional encryption derived from one of two sources:
Given the above, it is possible to control access to your lockbox contents using either Windows or password-based security. Each of these options are discussed in the following sections.
As discussed above, your Windows account on a given workstation includes a number of digital keys that are intrinsically associated with your account. Upon logon, Windows invokes the appropriate authentication mechanism which proves your identity to the operating system. This mechanism may require a fingerprint, a smart card, a password or combinations therein. Once authenticated, Windows allows other applications to effectively leverage this positive identification of the user.
Windows-based authentication relies upon the Windows operating system to validate whether or not the user has access to the lockbox data. The Windows account that created the lockbox has immediate access to the lockbox contents. All other Windows accounts (or the same account on a different computer) must prove valid access via the lockbox password before being added to the list of trusted accounts. All of this information is stored in the lockbox data file and hence moves around with the lockbox as you transfer it from computer to computer.
Windows-based security provides a means of restricting lockbox access to the rightful owner(s) while also providing access without the need to enter a password. This is possible because SecurityVault re-uses the authentication mechanism that validated the user when they logged on to Windows.
Although this is convenient, it is recognized that some users may be uncomfortable with their lockboxes opening and closing with seemingly no authentication. In addition, perhaps you wish to secure access to your lockbox contents in the event that you inadvertently leave your workstation unlocked and unattended. Should you do this with Windows-authentication, an unauthorized user has the ability to sit at your machine and open your lockbox contents using your logged on Windows session.
Password-based security requires that the user enters their password before accessing the lockbox contents, regardless of whether or not the Windows account is trusted. This authentication choice can be made on a per-lockbox basis and, as with Windows-authentication, this preference is stored in the lockbox and moves with it as you move the lockbox data file from machine to machine.
