Hardware Encryption

Your IronKey is literally packed with the latest and most secure encryption technologies, all enabled by the powerful onboard Cryptochip. Rather than employing "homegrown" cryptographic algorithms that have not undergone rigorous cryptoanalysis, IronKey follows industry best practices and uses only well-established and thoroughly tested cryptographic algorithms.

All of your data on the IronKey drive is encrypted in hardware using AES CBC-mode encryption.

Always-On Encryption

Because your IronKey implements data encryption in the hardware Cryptochip, all data written to your drive is always encrypted. There is no way to accidentally turn it off or for malware or criminals to disable it. Also, it runs many times faster than software encryption, especially when storing large files or using the on-board portable Firefox browser.

Encryption Keys

The encryption keys used to protect your data are generated in hardware by a FIPS 140-2 compliant True Random Number Generator on the IronKey Cryptochip. This ensures maximum protection via the encryption ciphers. The keys are generated in the Cryptochip when you initialize your IronKey, and they never leave the secure hardware to be placed in flash memory or on your computer.

Two-Factor Authentication

Beyond simply protecting the privacy of your data on the IronKey flash drive, the IronKey Cryptochip incorporates advanced Public Key Cryptography ciphers that allow you to lock down your online IronKey account. That way you must have your IronKey device, in addition to your password, to access your online account. This highly complex process runs behind the scenes, giving you state-of-the-art protection from phishers, hackers and other online threats.

Hardware Encryption

Your IronKey is literally packed with the latest and most secure encryption technologies, all enabled by the powerful onboard Cryptochip. Rather than employing "homegrown" cryptographic algorithms that have not undergone rigorous cryptoanalysis, IronKey follows industry best practices and uses only well-established and thoroughly tested cryptographic algorithms.

All of your data on the IronKey drive is encrypted in hardware using AES CBC-mode encryption.

Always-On Encryption

Because your IronKey implements data encryption in the hardware Cryptochip, all data written to your drive is always encrypted. There is no way to accidentally turn it off or for malware or criminals to disable it. Also, it runs many times faster than software encryption, especially when storing large files or using the on-board portable Firefox browser.

Encryption Keys

The encryption keys used to protect your data are generated in hardware by a FIPS 140-2 compliant True Random Number Generator on the IronKey Cryptochip. This ensures maximum protection via the encryption ciphers. The keys are generated in the Cryptochip when you initialize your IronKey, and they never leave the secure hardware to be placed in flash memory or on your computer.

Two-Factor Authentication

Beyond simply protecting the privacy of your data on the IronKey flash drive, the IronKey Cryptochip incorporates advanced Public Key Cryptography ciphers that allow you to lock down your online IronKey account. That way you must have your IronKey device, in addition to your password, to access your online account. This highly complex process runs behind the scenes, giving you state-of-the-art protection from phishers, hackers and other online threats.

Private Surfing

For those concerned about online security threats like man-in-the-middle attacks, there is a whole new way to surf the Web: using IronKey's Secure Sessions service and the Firefox browser already installed on your IronKey.

This allows you to safely connect to your favorite websites, even public computers, and tunnel through unprotected wireless networks and snooping ISPs.

Surfing the Web Safely

With IronKey's Secure Sessions Service, your Web communications travel through an encrypted tunnel on the Internet to our network routing servers and eventually out to your destination website. This approach works just like an instant VPN (virtual private network), but is portable, so you can use it on other computers without having to install and configure complicated software.

Since IronKey controls the server your traffic will exit from, you get the benefit of additional online protection. IronKey performs a check to ensure that your traffic goes to the actual destination site using known DNS databases. It will also check to make sure that it is not a known phishing site. These anti-pharming and anti-phishing methods give you the latest in online protection.

This gives you simple but effective protection against phishing attacks and spyware that tracks your keystrokes.

Surfing the Web Privately

Not only does IronKey's Secure Sessions service encrypt your online communications, but it provides a layer of anonymity to protect your identity and confidentiality. Websites will no longer be able to see your IP address or know where in the world you are coming from because it will appear as though you are coming from one of IronKey's Tor servers instead of from your computer. And you can easily change which country your Web traffic is coming from at any time.

To protect your privacy, IronKey has extended Tor technology originally sponsored by the US Naval Research Laboratory. IronKey's Secure Sessions Service sends your Web traffic through multiple network routing servers before decrypting it on an IronKey server and sending it to the destination site. This makes it virtually impossible to track who is going where or correlate your surfing to your computer.

Optimized for Speed

IronKey's Secure Sessions Service uses complex routing algorithms and high performance Tor servers to ensure an enjoyable web experience. This is done without requiring identifiable information that could be tied back to an individual user or IronKey device. And, you can easily and quickly disable the service by clicking a button right in the browser, which is handy when security and privacy are not important but data transfer speeds are.

Device Security

Ensures that only you can get into your IronKey.

Protecting your data and privacy requires more than just encryption-adequate security policies and threat mitigation technologies.

The IronKey has been designed from the ground up with security in mind. A combination of advanced security technologies are used to ensure that only you can access your data. You can rest assured that your data is protected when you carry an IronKey.

Locking Your Device with a Password

When you first initialize your IronKey, you create a password for that device. This password must be entered after you plug your IronKey into a computer's USB port. The encrypted drive will only mount and be accessible if the password is correct.

To prevent unauthorized people or crimeware (malicious software such as viruses and Trojans) from gaining access to your encrypted drive, the IronKey prevents password guessing attacks (e.g. brute-force or dictionary attacks). After 10 incorrect password attempts (and ample warnings), the IronKey locks out all further password attempts. It initiates a patent-pending self-destruct sequence that securely and permanently erases your encryption keys and data. You can use IronKey's Secure Backup software to restore your backed-up data to a new IronKey.

Hardware-Level Security

Hardware-based encryption systems can be vulnerable to brute-force attacks if they store a counter in the flash memory. The attacker simply rewinds the counter after every attempt. It is then only a matter of time before the system is cracked. To mitigate such a threat, the IronKey uses a separate cryptographic processor (the IronKey Cryptochip) with its own internal password guessing counter. This counter is not stored in the flash memory, so is not vulnerable to memory rewind attacks.

Preventing Physical Attacks

This IronKey Cryptochip is hardened against physical attacks such as power attacks and bus sniffing. It is physically impossible to tamper with its protected data or reset the password counter. If the Cryptochip detects a physical attack from a hacker, it will destroy the encryption keys, making the stored encrypted files inaccessible.

Secure Web Services

IronKey has secured its network infrastructure for protecting your data.

Secure Facilities

IronKey is hosting its online services at state-of-the-art third-party data center facilities. Physical access to the IronKey systems requires multiple levels of authentication, including but not limited to hand geometry biometric readers, "man trap" entry, government-issued photo ID verifications and individual access credentials. Each data center facility is equipped with numerous surveillance cameras, motion detectors, and a sophisticated alarm system. The IronKey infrastructure resides in a secured cage. The entire facility is monitored by dedicated on-site security personnel on a 24x7 basis.

Secure Environments & Policies

Logical access to the IronKey environments is controlled by multiple layers of network technologies such as firewalls, routers, intrusion prevention systems and application security appliances. For additional protection, IronKey partitions its online services and backend applications into different network segments with independent security rules and policies.

Secure Communications & Data at Rest

When users access IronKey web sites and services, all information is exchanged over an encrypted channel. This is accomplished through Secure Socket Layer (SSL) and by utilizing Verisign Secure Site and Verisign Secure Site Pro certificates. To ensure additional security for its services, IronKey qualified for and is using Extended Validation SSL. The IronKey applications encrypt all sensitive data prior to transmitting it within the IronKey network and storing in databases.

Rugged Design

The IronKey has been specially designed to be waterproof and tamperproof.

IronKey has gone all-out to protect your data, identity, and privacy. In addition to IronKey's fortified hardware, software, and network security architecture, the IronKey is designed so that it cannot be physically tampered with or disassembled by a determined hacker.

Whether you are storing your secret recipes or highly confidential corporate files, and whether you have your IronKey in hand or someone stole it, you can rest assured that your data will remain safe.

Waterproof

The IronKey has tested, passed, and exceeded military waterproof standards (MIL-STD-810F). You need not worry if you send your IronKey for a swim in the pool or a trip through the washing machine-it is built to last.

Tamperproof

Your IronKey is numerically stamped with a unique serial number. You can also personalize your IronKey by writing your name or some other secret code identifier on the back. If someone were to replace your IronKey with a fake one, you could tell by examining the backside for forgery.

Besides potting the insides of the device, IronKey uses tamper-reaction technology in the Crypochip itself. Key storage areas are protected with thin-film metal shielding. The chip itself defends against power attacks and other invasive attacks such as using an electron microscope to scan the onboard memory. It will self-destruct when it detects such an attack.

It's your strongbox for storing your most private information, passwords, and files.

Potted Metal Casing

Your IronKey is encased in a rugged metal housing, not plastic. This makes it one of the strongest USB devices you can buy. Whether it is dropped, thrown or run over, it is built to survive the needs of today's mobile lifestyle.

The interior of your IronKey is filled solid with an epoxy-based potting compound. This seals in all the components and prevents the IronKey from being crushed, even under extremely high pressure. The process of trying to remove encrypted data from the flash chips will be extremely difficult, time-consuming and almost certainly destroy the chips and connections inside. Such an attempt would cause permanent, noticeable damage.