SPYRUS announced Secure Pocket Drive, the first and only licensed device that boots Microsoft’s mobile, flagship operating system, Windows Embedded Standard 7, from an encrypting USB flash drive.
The read-only device can be booted on almost any Windows compatible PC to create a user-friendly experience in trusted computing. The Secure Pocket Drive only uses the RAM, keyboard, mouse, and monitor on the host computer. It prevents cross-contamination and the transfer of malware from the host PC by not mounting the internal hard drive.
In addition to the built-in browser and Citrix XenApp client, it is easy to add VPN software to access internal corporate applications. No matter how you use Secure Pocket Drive, it presents a safe environment both for the user and the network to which it is connected.
Multiple SPYRUS patents are used to lock Windows to the device and provide cryptographic protection against modification to the boot loader and the operating system.
The patented methods enforce on-the-fly integrity validation to enable fast and secure boot-up and enhance the user experience without suffering the performance or vulnerability penalties incurred by other bootable products. Secure Pocket Drive was designed from the ground up with strong FIPS 140-2 Level 3 hardware, U.S. Government-approved next-generation cryptographic algorithms, and extensive built-in self-checking functionality to protect the device, the operating system, and the user.
Unlike a bootable CD, authorized administrators can use Microsoft System Center Configuration Manager (SCCM) and Active Directory policy settings to install and update software on Secure Pocket Drive with no additional training. Secure Pocket Drive can also be disabled remotely through the SPYRUS Enterprise Management System (SEMS).
Secure Pocket Drive uses the same on-board hardware security infrastructure that is built into the SPYRUS Hydra Privacy Card family, including AES CBC, ECDH, ECDSA, ECC P-384, and SHA-384, which together make up the National Security Agency’s Suite B cryptography, part of its cryptographic modernization program. Sector-based full disk encryption is based on XTS-AES 256 encryption (NIST SP800-38E).