IronKey Personal User Manual

PAGE 

IRONKEY USER GUIDE

Password Manager Protection

The IronKey Password Manager and my.ironkey.com work together, giving

you the ability to back up your online passwords to your Online Security

Vault at my.ironkey.com. First, you must unlock your IronKey device, which

requires two-factor authentication. Your passwords are securely stored in
a hidden hardware-encrypted area inside the device (not in the file sys-
tem), being first locally encrypted with 256-bit AES, using randomly gener-
ated keys encrypted with a SHA-56 hash of your device password. All

of this data is then doubly encrypted with 8-bit AES hardware encryp-

tion. This is the strongest password protection we have ever seen in the
industry.

When you back up your passwords online, IronKey performs a complicat-
ed public key cryptography handshake with IronKey’s services using RSA

048-bit keys. After successful authentication, your encrypted block of
password data is securely transmitted over SSL to your encrypted Online
Security Vault within one of our highly-secure data facilities.

IRONKEY SERVICES SECURITY

Secure Facilities

IronKey hosts its online services at state-of-the-art third-party data cen-
ter facilities. Physical access to the IronKey systems requires multiple lev-
els of authentication, including but not limited to hand geometry biomet-
ric readers, “man trap” entry, government-issued photo ID verifications
and individual access credentials. Each data center facility is equipped with
numerous surveillance cameras, motion detectors, and a sophisticated
alarm system. The IronKey infrastructure resides in a secured cage. The
entire facility is monitored by dedicated on-site security personnel on a
4x basis.

Secure Environments & Policies

Logical access to the IronKey environments is controlled by multiple lay-
ers of network technologies such as firewalls, routers, intrusion preven-
tion systems and application security appliances. For additional protection,
IronKey partitions its online services and backend applications into differ-
ent network segments with independent security rules and policies.

Secure Communications & Data at Rest

When users access IronKey web sites and services, all information is ex-
changed over an encrypted channel. This is accomplished through Secure
Socket Layer (SSL) and by utilizing VeriSign Secure Site and VeriSign Secure
Site Pro certificates. To ensure additional security for its services, IronKey
qualified for and is using Extended Validation SSL. The IronKey applica-
tions encrypt all sensitive data prior to transmitting it within the IronKey
network and storing in databases.