VD & USB crypt
Disk protected system VDcrypt basic description
It is a system of data protection stored on memory media designed for files storage, or in devices with file system that is made accessible after their mounting (connecting) to the Windows OS. The protection is conducted by encryption. The encryption is being conducted completly transparently on-the-fly. Encryption is conducted on data stored by the file system into container files, which are mounted as virtual disk volumes. It is an analogue to a dynamic host disk space division into disk partitions. The access to virtual disks that are being created by this process is granted only to authorized persons after successful authentication (logon) and insertion of the valid encryption key, which is located either on chip-card, USB token or in basic version of the VDcrypt in an encrypted form in masterboot record of the encrypted container. The disk container manifests itself as an encrypted file, which is freely relocatable and can be stored anywhere in the directory structure of a given memory medium.
Brief description of the VDcrypt v3.6 system features for Windows XP up to Windows 11 operating systems group with the x86 and x64 processor architecture:
• Program accessories of VDcrypt system is designed for all 32 and 64-bit operating systems of the NT family (New Technology), such as Windows XP, Windows Server 2003 up to Windows 11 for 64 bit processor architecture.
• It secures dynamic creation and online encryption of mounted virtual disks without the neccesity to create disk partions using the disk manager,
• Division of disks is being done virtually and dynamically using the container files mounting process and new disk devices creation process,
• Virtual disks are allowed to be mounted or dismounted „On-the-fly“, i. e. during the full OS operational status without the neccesity to reboot,
• The number of mounted virtual disk devices and their individual capacity is limited only by particular system resources,
• Completly wholesome virtual disks are being encrypted including their system partitions,
• Encrypted disks are made accessible only after successful authentication,
• Encrypting with strong encryption algorithm SEA-64A, or AES256 with keeping the encryption key elsewhere than in particular PC with installed USBprot will provide high degree of disk container stored data protection,
• Encryption is being done online by the encrypted disks driver integrated into OS kernel,
• The encryption system uses the SEA-64A or AES256 algorithms with 256-bit key done in software,
• The system is FAT and NTFS virtual disks file systems compliant, the host file system in which the container file is stored can be virtually any type that particular Win OS uses,
• 100 percent file system compatibility with the file system used by that particular Windows OS is provided,
• To an unathorized user the encrypted disk is visible only as a mere encrypted file, which after mounting represents the encrypted section of the memory medium with new disk volume,
• The VDcrypt system controls are provided via an icon in the systray,
• Executed events and activities within VDcrypt software are being logged into Security audit event log,
• The system has a full compatibility with key management provided by software KRYPTOSERVIS for Central Security Authority (CSA) – in case that high degree of data protection necessity arises.
The main encryption key for both SEA-64A and also for AES encryption algorithms is 256-bit. The access passwords for users authentication with USB token or XICOR chipcard have maximum length of 8 characters. The length is given by compatibility with memory chipcards XICOR series X76F641. PIN codes with length from 4 up to 8 digits can be used instead of passwords. Executing VDcrypt system in regime without the use of authentication items, the access password, which strength is practically unlimited (max. 256 characters), is used to access the encrypted disk volume.
The entire security of the VDcrypt system is built within the Windows kernel. The most important and the lowest layer is the disk driver for virtual disk devices support. It executes disk management (mounting, dismounting, authentication and deauthentication) and encryption plus another supported functions. It also writes and reads into and from disk container file. System coherently builds the compatibility using this driver with the layered IO system of Windows NT family OS kernel.
Any given free drive letter can be used for naming disk volume mounted to the particular container.
Supported data storage media
In general VDcrypt supports all kinds of storage spaces on memory media, where it is possible to work with files under Windows operating system.
Requirements for the supported memory media:
1. Possibility of access via file system of Windows operating system,
2. Possibility of file creation, which will be the VDcrypt’s container file,
3. Possibility for realizing the OS function for opening such file for reading or writing,
4. Possibility for reading from the opened container file,
5. Possibility for writing into the opened container file,
6. Possibility for closing the container file after VDcrypt’s kernel operations finish.
These requirements are met practically by all media used for work with files under Windows OS. The exception are CD/DVD/BD optical discs. VDcrypt only reads from these media and the mounted disk volume is thus R/O – Read Only.
Memory media working under Windows OS file system are devided according to characteristcs into:
1. Fixed media (FIXED) – classic hard disk drives, SSD disks, external USB HDDs,
2. Removable media (REMOVABLE) – USB flesh drives, memory cards, cell phones memory cards,
3. Read only media R/O (READ ONLY) – CD/DVD, BD (BLUE RAY) optical discs,
4. Remote media (REMOTE) – network computers and their folders or disks accessible via network sharing
The VDcrypt system supports all sorts of these data storage media. It is possible to create brand new disk container files on these memory media, or copy disk container files created somewhere else on them. It is required to burn the created disk containers onto the CD/DVD/BD optical discs. It is only possible to read from such disk volumes mounted from these types of memory media. Thus it is possible to create encrypted archives in this manner. First the container is created on the hard disk drive, then it is mounted as a disk volume, the desired data files are copied onto it, then it is dismounted and only then is the container file burnt onto optical disc. VDcrypt then mounts it as a R/O disk volume (Read-only).
Protected USB disk system USBcrypt
It is a system of data protection stored on removable USB drives using data encryption. The encryption is being conducted completly transparently on-the-fly. Encryption is conducted on data stored by the file system into containers, which are mounted as virtual disk volumes. It is an analogue to a dynamic host disk space division into disk partitions. The access to disks is granted only to authorized persons after successful authentication (logon) and insertion of the valid encryption key, which is located either on chip-card, USB token or in basic version of the USBcrypt in encrypted form in masterboot record of the encrypted container. The disk container manifests itself as an encrypted file, which is freely relocatable and can be hidden anywhere in the directory structure of non encrypted space of the USB removable drive.
Brief description of the USBcrypt v2.6 system features for Windows XP up to Windows 11 operating systems group with the x86 and x64 processor architecture:
• Program accessories of USBcrypt system is designed for all 32 and 64-bit operating systems of the NT family (New Technology), such as Windows XP, Windows Server 2003 up to Windows 11 for 64 bit processor architecture.
• It secures dynamic creation and online encryption of mounted virtual disks without the neccesity to create disk partions using the disk manager,
• Division of disks is being done virtually and dynamically using the container files mounting process and new disk devices creation process,
• Virtual disks are allowed to be mounted or dismounted „On-the-fly“, i. e. during the full OS operational status without the neccesity to reboot,
• The number of mounted virtual disk devices and their individual capacity is limited only by particular system resources,
• Completly wholesome virtual disks are being encrypted including their system partitions,
• Encrypted disks are made accessible only after successful authentication,
• Encrypting with strong encryption algorithm SEA-64A, or AES256 with keeping the encryption key elsewhere than in particular PC with installed USBcrypt will provide high degree of disk container stored data protection,
• Encryption is being done online by the encrypted disks driver integrated into OS kernel,
• The encryption system uses the SEA-64A or AES256 algorithms with 256-bit key done in software,
• The system is FAT and NTFS file systems compliant,
• 100 percent file system compatibility is provided,
• To an unathorized user the encrypted disk is visible only as a mere encrypted file, which after mounting represents the encrypted part of USB drive with new disk volume,
• The USBcrypt system controls are provided via an icon in the systray,
• Executed events and activities within USBcrypt software are being logged into Security audit event log,
• The system has a full compatibility with key management provided by software KRYPTOSERVIS for CSA – in case that high degree of data protection necessity arises.
The main encryption key for both SEA-64A and also for AES encryption algorithms is 256-bit. The access passwords for users authentication with USB token or XICOR chipcard have maximum length of 8 characters. The length is given by compatibility with memory chipcards XICOR series X76F641. Executing USBcrypt system in regime without the use of authentication items, the access password is needed to access the encrypted part of USB removable drive .
The entire security of the USBcrypt system is built within the Windows kernel. The most important and the lowest layer is the disk driver for virtual disk devices support. It executes disk management (mounting, dismounting, authentication and deauthentication) and encryption. It also writes and reads into and from disk container file. System coherently builds the compatibility using this driver with the layered IO system of Windows NT family OS kernel.
Any given free drive letter can be used for naming disk volume mounted to the particular container.
USBcrypt supports only portable USB media with the REMOVABLE characteristic, which is native to USB flash drives and memory cards. This means that external hard drives connected via USB are not supported, because their native characteristic is as with fixed HDD/SSD drives.