DiskEncrypt – Reliable hard drive encryption for laptops with classified data processing

- BSI-approved for information with RESTREINT UE/EU RESTRICTED, NATO RESTRICTED and VS-NfD classifications
- Sector-based, complete hard-disk encryption
- Reliable data security without loss of performance
- Highest security even with shared use of laptops
Key Benefits
Details
DiskEncrypt – Reliable hard drive encryption for laptops with classified data processing
DiskEncrypt is UTIMACO’s solution for all government clients and the secret security industry. It was developed in accordance with the requirements of the German BSI and specially developed for the sector-based, complete hard-disk encryption of laptops. This ensures that unauthorized access to (personal) data on the hard drive caused by theft or loss of the laptop and bypassing the Windows password is effectively prevented.
DiskEncrypt uses proven encryption algorithms for this purpose. This maximizes data security by encryption of all system files, including swap and temporary files, without affecting device performance.
The multi-user 2-factor authentication in the pre-boot authentication enables the shared use of laptops. The respective user passwords remain individual, and smart cards do not have to be shared among users. Based on the unchanged Windows operating system login process after the pre-boot authentication DiskEncrypt provides secure and convenient device usage for the users.
In addition to the complete encryption of the entire hard disk, DiskEncrypt also enables fast initial encryption.
DiskEncrypt is approved by the BSI for data with the classification RESTREINT UE/EU RESTRICTED, NATO RESTRICTED and VS-NfD.
Secure and convenient Pre-boot authentication
- Authentication before hard-disk boot using username and password or smart card
- Effective protection against unauthorized access to data in the event of theft or loss of the laptop
- Effective protection against bypassing the Windows password
- Enables the communal use of laptops with the same data security
- Simple user guidance through unchanged Windows operating system login process after Pre-boot authentication
User Transparent Partition Encryption
- Use of the encryption algorithm AES-256-XTS
- Encryption using either full partition encryption or fast initial encryption
Secure entropy generation
- German BSI-approved HSM – Utimaco Crypto Server CP5 VS-NFD
- German BSI-approved true random number generator with smart card integration
Support of the Microsoft upgrade mechanism
- Support for the respective Windows 10 Semi-Annual Channel (SAC) from version 1809
- Support for the integrated Microsoft In-Place upgrade mechanism
- Allows the update of Windows 10 SAC to a successor version while maintaining encrypted partitions/hard drives.
Support for various smart cards
- Atos smart card CardOS 5 (certified from German BSI) with different card profiles (Middleware Nexus Personal, DriveLock)
- Telekom TCOS 3
For a detailed overview of the compliant operation of the approved functions, please refer to the BSI’s conditions of use and operation. Our sales team will be happy to provide you with these.