IronKey Personal Password Manager Protection, Secure Facilities, Secure Environments & Policies

Password Manager Protection

The IronKey Password Manager and my.ironkey.com work together, giving you the ability to back up your online passwords to your Online Security Vault at my.ironkey.com. First, you must unlock your IronKey device, which requires two-factor authentication. Your passwords are securely stored in a hidden hardware-encrypted area inside the device (not in the file sys- tem), being first locally encrypted with 256-bit AES, using randomly gener- ated keys encrypted with a SHA-256 hash of your device password. All of this data is then doubly encrypted with 128-bit AES hardware encryp- tion.This is the strongest password protection we have ever seen in the industry.

When you back up your passwords online, IronKey performs a complicat- ed public key cryptography handshake with IronKey’s services using RSA 2048-bit keys. After successful authentication, your encrypted block of password data is securely transmitted over SSL to your encrypted Online Security Vault within one of our highly-secure data facilities.

IRONKEY SERVICES SECURITY

Secure Facilities

IronKey hosts its online services at state-of-the-art third-party data cen- ter facilities. Physical access to the IronKey systems requires multiple lev- els of authentication, including but not limited to hand geometry biomet- ric readers,“man trap” entry, government-issued photo ID verifications and individual access credentials. Each data center facility is equipped with numerous surveillance cameras, motion detectors, and a sophisticated alarm system.The IronKey infrastructure resides in a secured cage.The entire facility is monitored by dedicated on-site security personnel on a 24x7 basis.

Secure Environments & Policies

Logical access to the IronKey environments is controlled by multiple lay- ers of network technologies such as firewalls, routers, intrusion preven- tion systems and application security appliances. For additional protection, IronKey partitions its online services and backend applications into differ- ent network segments with independent security rules and policies.

Secure Communications & Data at Rest

When users access IronKey web sites and services, all information is ex- changed over an encrypted channel.This is accomplished through Secure Socket Layer (SSL) and by utilizing VeriSign Secure Site and VeriSign Secure Site Pro certificates.To ensure additional security for its services, IronKey qualified for and is using Extended Validation SSL.The IronKey applica- tions encrypt all sensitive data prior to transmitting it within the IronKey network and storing in databases.