• Products:
  • By Category
    • Business Intelligence
    • Storage
    • Networks & Telecom
    • Terminal Emulation & FTP
    • Integration, SOA & Modernization
    • Database & Security
  • By Platform
    • Linux
    • System z (IBM Mainframe)
    • System i (AS/400)
    • Windows
    • HP OpenVMS
  • By Brand
    • Arkivio
    • ASTRAC
    • BlueZone Software
    • CorVu
    • Mainstar
    • Seagull Software
    • Servergraph
    • SmartDB
  • Additional Products
    • Web Page Customization & Help/Assistance
    • Windows Utilities
    • Free Tools
  • All Products
• Support
• Partners
  • OEM Partners
  • Technology Partners
  • VAR Partners
• News & Events
  • Press Releases
    • 2009
    • 2008
    • 2007
    • 2006
    • 2005
    • 2004
    • 2003
    • 2002
    • 2001
    • 2000
  • In the News
    • 2009
    • 2008
    • 2007
    • 2006
    • 2005
    • 2004
    • 2003
    • 2002
    • 2001
    • 2000
  • Events
• About Us
  • Management Bios
  • Rocket R&D Labs
  • Locations
  • Careers
  • Contact Us
• Rocket Brands:
  • Arkivio
  • ASTRAC
  • BlueZone Software
  • CorVu
  • Mainstar
  • Seagull Software
  • Servergraph
  • SmartDB
•  

How It Works

SecurityVault works by adding new devices to your computer called 'secure disks'. To your operating system, these secure disks appear as physical storage devices attached to your computer. As with any device, it is the responsibility of the device driver to mediate between the operating system and the underlying hardware. In this case, the operating system forwards file system operations to SecurityVault, which in turn provides a means of storing and retrieving the supplied data.

SecurityVault's device driver differs from the typical model in that it merely emulates a physical device. When you create a secure disk of a given capacity, SecurityVault creates a single monolithic file on an existing physical storage device (such as a local disk drive, a network drive or removable storage). As data is stored on the secure disk, SecurityVault automatically encrypts it and stores it in the volume file.

In this manner, an entire encrypted file system is stored within a single data file. This approach not only protects your files from unauthorized access but also hides the very presence of the files and folders from unauthorized users. When the vault is closed, the secure disk is removed from the system, together with all traces of the data stored therein.

Protecting Your Confidential Data

Your lockbox content is stored within a single binary file using strong encryption. This encryption can only be reversed using a specific digital key which matches the key used to encrypt the data. SecurityVault protects this key using additional encryption derived from one of two sources:

• A digital key that is intrinsically part of your Windows logon account. This key is protected by your computer's security model, be it a fingerprint reader, a smart card or traditional username/password logon. When you logon to Windows, these keys identify you to other running applications such as SecurityVault. When someone else logs onto your workstation, different keys will be provided by Windows.
• An encryption key derived from a user-supplied password. The password is required to be entered by the user in order to generate a matching key which will provide access to the lockbox digital key. In addition, SecurityVault protects the key with a second mechanism, derived from the user's secret question and answer, which will be used to reset the password should the user forget it at a later date.

Given the above, it is possible to control access to your lockbox contents using either Windows or password-based security. Each of these options are discussed in the following sections.

Windows-based Security

As discussed above, your Windows account on a given workstation includes a number of digital keys that are intrinsically associated with your account. Upon logon, Windows invokes the appropriate authentication mechanism which proves your identity to the operating system. This mechanism may require a fingerprint, a smart card, a password or combinations therein. Once authenticated, Windows allows other applications to effectively leverage this positive identification of the user.

• If you select Windows-based security for a given lockbox, you will be able to instantly open and close it without supplying a password so long as you are logged into Windows using the account that created it.
• If you move the lockbox to a different computer or logon to the same computer using a different Windows account, you will be required to enter the lockbox password upon first use (to prove that you have valid access to the contents). If the password is correct, the new account will also be trusted and you will then be able to open and close the lockbox without further identification.

Windows-based authentication relies upon the Windows operating system to validate whether or not the user has access to the lockbox data. The Windows account that created the lockbox has immediate access to the lockbox contents. All other Windows accounts (or the same account on a different computer) must prove valid access via the lockbox password before being added to the list of trusted accounts. All of this information is stored in the lockbox data file and hence moves around with the lockbox as you transfer it from computer to computer.

Password-based Security

Windows-based security provides a means of restricting lockbox access to the rightful owner(s) while also providing access without the need to enter a password. This is possible because SecurityVault re-uses the authentication mechanism that validated the user when they logged on to Windows.

Although this is convenient, it is recognized that some users may be uncomfortable with their lockboxes opening and closing with seemingly no authentication. In addition, perhaps you wish to secure access to your lockbox contents in the event that you inadvertently leave your workstation unlocked and unattended. Should you do this with Windows-authentication, an unauthorized user has the ability to sit at your machine and open your lockbox contents using your logged on Windows session.

Password-based security requires that the user enters their password before accessing the lockbox contents, regardless of whether or not the Windows account is trusted. This authentication choice can be made on a per-lockbox basis and, as with Windows-authentication, this preference is stored in the lockbox and moves with it as you move the lockbox data file from machine to machine.