SanDisk TrustedSignins User Manual

SanDisk, the SanDisk logo and Cruzer are trademarks of SanDisk Corporation, registered in the United States and other countries. Gruvi, the gruvi logo, TrustedFlash, the TrustedFlash logo and TrustedSignins are
trademarks of SanDisk Corporation. miniSD and the miniSD logo are trademarks. U3 and the U3 logo and the U3 smart logo are trademarks of U3, LLC. Other brand names mentioned herein are for
identification purposes only and may be trademarks of their respective holders. ©2007 SanDisk Corporation. All rights reserved. 1/07

TrustedSignins is based on SanDisk's TrustedFlash
technology. Every TrustedFlash device contains a unique
readable electronic serial number, a device certificate,
and an unknown random encryption key. A custom
controller partitions memory and manages access from
the host PC. A 32-bit cryptographic co-processor
automatically encrypts and decrypts all data written
to and read from the device, protecting against
information disclosure even if the components are
directly targeted.

The host OS has no direct access to TrustedFlash memory.
The device API supports strong authentication, including
PKI, allowing authorized host processes to create and
access their own information in the TrustedFlash partition
while preventing access even by other processes
authorized to access other information within the
TrustedFlash partition. For example, the shared secret used
to generate a one time password can be written and
erased but not read from the device. Similarly, the device
certificate can be used for authentication, verification, and
signing but cannot be modified. The device certificate can
be encapsulated in a PKCS#7 package, thus supporting
PKI applications.

SanDisk USB flash drives can make 3 disk volumes
available to the host PC; a read-only CD ROM
image, a public volume, and a password-protected
private volume.*

For more information on TrustedFlash technology or
TrustedSignins and how they can increase security
while lowering costs, please send an email to
[email protected]

Mass Storage

(R/W)

Applications

Public

Private

CD ROM

(ISO Image)

TrustedFlash™

Device Certificate

Secrets

(e.g. OTP Seeds)

Firmware

Memory

Controller

32-bit Crypto

Processor

TrustedFlash Technology

* TrustedSignins and the private volume require Windows 2000 Service
Pack 4 and later, Windows XP (all editions and service packs), and
Windows Server 2003.

Features and Advantages

• Based on TrustedFlash

™

Secure Storage

Technology

• One device supports multiple virtual tokens

and multiple algorithms

• OATH (Open Authentication) compliant

• Up to 4.0GB of password protected flash

memory storage