IronKey Personal User Manual
Page 8
PAGE
IRONKEY USER GUIDE
Password Manager Protection
The IronKey Password Manager and my.ironkey.com work together, giving
you the ability to back up your online passwords to your Online Security
Vault at my.ironkey.com. First, you must unlock your IronKey device, which
requires two-factor authentication. Your passwords are securely stored in
a hidden hardware-encrypted area inside the device (not in the file sys-
tem), being first locally encrypted with 256-bit AES, using randomly gener-
ated keys encrypted with a SHA-56 hash of your device password. All
of this data is then doubly encrypted with 8-bit AES hardware encryp-
tion. This is the strongest password protection we have ever seen in the
industry.
When you back up your passwords online, IronKey performs a complicat-
ed public key cryptography handshake with IronKey’s services using RSA
048-bit keys. After successful authentication, your encrypted block of
password data is securely transmitted over SSL to your encrypted Online
Security Vault within one of our highly-secure data facilities.
IRONKEY SERVICES SECURITY
Secure Facilities
IronKey hosts its online services at state-of-the-art third-party data cen-
ter facilities. Physical access to the IronKey systems requires multiple lev-
els of authentication, including but not limited to hand geometry biomet-
ric readers, “man trap” entry, government-issued photo ID verifications
and individual access credentials. Each data center facility is equipped with
numerous surveillance cameras, motion detectors, and a sophisticated
alarm system. The IronKey infrastructure resides in a secured cage. The
entire facility is monitored by dedicated on-site security personnel on a
4x basis.
Secure Environments & Policies
Logical access to the IronKey environments is controlled by multiple lay-
ers of network technologies such as firewalls, routers, intrusion preven-
tion systems and application security appliances. For additional protection,
IronKey partitions its online services and backend applications into differ-
ent network segments with independent security rules and policies.
Secure Communications & Data at Rest
When users access IronKey web sites and services, all information is ex-
changed over an encrypted channel. This is accomplished through Secure
Socket Layer (SSL) and by utilizing VeriSign Secure Site and VeriSign Secure
Site Pro certificates. To ensure additional security for its services, IronKey
qualified for and is using Extended Validation SSL. The IronKey applica-
tions encrypt all sensitive data prior to transmitting it within the IronKey
network and storing in databases.