Latest SPYRUS Innovation Introduces Secure File Sharing and Recovery Agent

SPYRUS, Inc., an innovator in portable high-security hardware and software cryptography products, today announced the availability of the Hydra Privacy Card® (Hydra PC™) Series II Enterprise Edition, the world’s first USB 2.0 commercial-off-the-shelf Hardware Security Module providing military-grade security while permitting users to share encrypted data, regardless of where the data is stored or how the data is transmitted. Hydra PC uses the latest Suite B cryptographic algorithms to protect sensitive data at rest (DAR) on computers or mass storage memory devices, and data in transit (DIT). The U.S. Government has approved Suite B algorithms as the strongest commercial-off-the-shelf cryptographic algorithms available to protect even classified data.

The Hydra PC Enterprise Edition features the first hardware-based Secure File Sharing system that permits a user to encrypt data, store the data in multiple locations, and share the encrypted data with one or more user-designated recipients. Each file is uniquely encrypted, and the permissions required to decrypt the data are embedded within the encrypted data itself. Unlimited amounts of data can be encrypted by the Hydra PC and stored on miniSD storage cards, the computer’s hard drive, a shared network drive, or an external storage drive, and only the designated recipients can decrypt the data. The Hydra PC Enterprise Edition can be used as part of an enterprise disaster recovery plan to store encrypted data in multiple offsite locations.

The Hydra PC Enterprise Edition includes a Recovery Agent that can decrypt encrypted files when the Hydra PC is lost or destroyed or the PIN is unavailable. One Hydra PC is designated as the Recovery Agent Hydra PC for a specified work group and safeguarded to secure it from loss or damage. When the Recovery Agent feature is enabled by the administrator, the public key of the Recovery Agent Hydra PC is automatically included whenever a file is encrypted by any Hydra PC in the work group, ensuring encrypted files in the workgroup can be decrypted, even if a work group user’s encrypting Hydra PC is lost, stolen, or destroyed.

The Hydra PC Enterprise Edition makes use of Elliptic Curve Cryptography (ECC) with strong 384-bit keys, which are equivalent in strength but much more efficient than RSA 7,680-bit keys. Even though most Certification Authorities do not support ECC keys, the Hydra PC can make use of data in the legacy certificates to provide assurance that the originator and intended recipient of the message are who they say they are. For the U.S. Government, this means that users’ certificate information on the 4 million plus Common Access Cards (CAC) and Personal Identity Verification (PIV) cards can be used in combination with the Hydra PC Enterprise Edition to protect data confidentiality and integrity for decades longer than legacy RSA keys.

The Hydra PC Enterprise provides strong hardware based encryption. All data is hashed, compressed, and then encrypted and sealed on a file-by-file basis in the Hydra PC hardware, ensuring that rogue software or malicious viruses cannot compromise the confidentiality of the data. Competing USB flash memory drives claim to use strong encryption, but their encryption is frequently performed in software, not hardware, and the encryption key is typically derived by hashing a simple password, a process that can easily be broken by brute force attack. In addition, such devices provide little or no protection against data modification attacks.

By contrast, Hydra PC uses a true security processor with a high-grade hardware random number generator. The private keys are generated on the Hydra PC and can never be compromised, even if the correct PIN is known. Security experts agree that protecting the private key is equivalent to protecting the “the keys to the kingdom.” All Hydra PC encryption operations are performed in hardware, so the encryption keys are never exposed to a computer virus or malware, and extensive health tests ensure superior security. Both the plaintext and ciphertext are digitally signed to prevent undetected modification.