SanDisk TrustedSignins Computer Drive User Manual


 
SanDisk, the SanDisk logo and Cruzer are trademarks of SanDisk Corporation, registered in the United States and other countries. Gruvi, the gruvi logo, TrustedFlash, the TrustedFlash logo and TrustedSignins are
trademarks of SanDisk Corporation. miniSD and the miniSD logo are trademarks. U3 and the U3 logo and the U3 smart logo are trademarks of U3, LLC. Other brand names mentioned herein are for
id
e
n
tifica
tion purposes only and may be trademarks of their respective holders. ©2007 SanDisk Corporation. All rights reserved. 1/07
TrustedSignins is based on SanDisk's TrustedFlash
technology. Every TrustedFlash device contains a unique
readable electronic serial number, a device certificate,
and an unknown
random encryption key. A custom
controller partitions memory and manages access from
the host PC. A 32-bit cryptographic co-processor
automatically encrypts and decrypts all data written
to and read from the device, protecting against
information disclosure even if the components are
directly targeted.
The host OS has no direct access to TrustedFlash memory.
The devi
ce API supports strong authentication, including
PKI, allowing authorized host processes to create and
access their own information in the TrustedFlash partition
while p
reventing access even by other processes
authorized to access other information within the
T
r
u
s
t
edF
lash partition. For example, the shared secret used
to generate a one time password can be written and
erased but not read from the device. Similarly, the device
certificate can be used for authentication, verification, and
signing but cannot be modified. The device certificate can
be encapsulated in a PKCS#7 package, thus supporting
PK
I applications.
SanDisk USB flash drives can make 3 disk volumes
available to the host PC; a read-only CD ROM
imag
e, a public volume, and a password-protected
private volume.*
For more information on TrustedFlash technology or
TrustedSignins and how they can increase security
while lowering costs, please send an email to
Trustedsignins@sandisk.com
Mass Storage
(R/W)
Applications
Public
Private
CD ROM
(ISO Image)
TrustedFlash™
Device Certificate
Secrets
(e.g. OTP Seeds)
Firmware
Memory
Controller
32-bit Crypto
Processor
TrustedFlash Technology
* TrustedSignins and the private volume require Windows 2000 Service
P
a
ck 4 and l
ater, Windows XP (all editions and service packs), and
W
indo
ws S
e
r
v
e
r 2003.
Features and Advantages
Based on TrustedFlash
Secure Storage
Technology
O
ne device supports multiple virtual tokens
and multiple algorithms
OA
TH (Open Authentication) compliant
Up to 4.0GB of password protected flash
memory storage