Full Disk Encryption – Reliable hard drive encryption for laptops with classified data processing
- BSI-approved for information with RESTREINT UE/EU RESTRICTED, NATO RESTRICTED and VS-NfD classifications
- Sector-based, complete hard-disk encryption
- Reliable data security without loss of performance
- Highest security even with shared use of laptops
Key Benefits
Details
Full Disk Encryption – Reliable hard drive encryption for laptops with classified data processing
Full Disk Encryption is Utimaco’s solution for all government clients and the secret security industry. It was developed in accordance with the requirements of the German BSI and specially developed for the sector-based, complete hard-disk encryption of laptops. This ensures that unauthorized access to (personal) data on the hard drive caused by theft or loss of the laptop and bypassing the Windows password is effectively prevented.
Full Disk Encryption uses proven encryption algorithms for this purpose. This maximizes data security by encryption of all system files, including swap and temporary files, without affecting device performance.
The multi-user 2-factor authentication in the pre-boot authentication enables the shared use of laptops. The respective user passwords remain individual, and smart cards do not have to be shared among users. Based on the unchanged Windows operating system login process after the pre-boot authentication Full Disk Encryption provides secure and convenient device usage for the users.
In addition to the complete encryption of the entire hard disk, Full Disk Encryption also enables fast initial encryption.
Full Disk Encryption is approved by the BSI for data with the classification RESTREINT UE/EU RESTRICTED, NATO RESTRICTED and VS-NfD.
Features
Secure and convenient Pre-boot authentication
- Authentication before hard-disk boot using username and password or smart card
- Effective protection against unauthorized access to data in the event of theft or loss of the laptop
- Effective protection against bypassing the Windows password
- Enables the communal use of laptops with the same data security
- Simple user guidance through unchanged Windows operating sys-tem login process after Pre-boot authentication
Secure entropy generation
- German BSI-approved HSM – Utimaco CryptoServer CP5 VS-NFD
- German BSI-approved true random number generator with smart card integration
Supported operating systems
- Windows 10
- Windows 11
Technical Specifications
User Transparent Partition Encryption
- Use of the encryption algorithm AES-256-XTS
- Encryption using either full partition encryption or fast initial encryption
Support for various smart cards
- Atos smart card CardOS 5 (certified from German BSI) with different card profiles (Middleware Nexus Personal, DriveLock)
- Telekom TCOS 3
For a detailed overview of the compliant operation of the approved functions, please refer to the BSI’s conditions of use and operation. Our sales team will be happy to provide you with these.