Overview

Mobile com­put­ers are quickly emerg­ing as the indus­try stan­dard for increas­ing user pro­duc­tiv­ity. How­ever, the portable nature of these devices increases the pos­si­bil­ity of loss or theft. Con­se­quent expo­sure of sen­si­tive data can result in finan­cial loss, legal ram­i­fi­ca­tions, and brand damage.

PGP® Whole Disk Encryp­tion pro­vides enter­prises with com­pre­hen­sive, non­stop disk encryp­tion for Microsoft and Apple Mac OS X, enabling quick, cost-effective pro­tec­tion for data on desk­tops, lap­tops, and remov­able media. The encrypted data is con­tin­u­ously safe­guarded from unau­tho­rized access, pro­vid­ing strong secu­rity for intel­lec­tual prop­erty, cus­tomer and part­ner data, and cor­po­rate brand equity.

• Easy, auto­matic oper­a­tion–Pro­tects data with­out chang­ing the user experience.
• Enforced secu­rity poli­cies–Auto­mat­i­cally enforce data pro­tec­tion with cen­trally man­aged policies.
• Accel­er­ated deploy­ment–Achieves full disk encryp­tion using the exist­ing infrastructure.
• Reduced oper­a­tional costs–Result from cen­trally automat­ing encryp­tion policies.

As a PGP® Encryp­tion Platform-enabled appli­ca­tion, PGP Whole Disk Encryp­tion can be used with PGP Uni­ver­sal™ Server to man­age exist­ing poli­cies, users, keys, and con­fig­u­ra­tions, expe­dit­ing deploy­ment and pol­icy enforce­ment. PGP Whole Disk Encryp­tion can also be used in com­bi­na­tion with other PGP® encryp­tion appli­ca­tions to pro­vide mul­ti­ple lay­ers of security.

Tech­ni­cal Specifications

Sup­ported Oper­at­ing Systems

• Microsoft Win­dows Vista (all 32-bit and 64-bit ver­sions, includ­ing Ser­vice Pack 1)
• Microsoft Win­dows XP Pro­fes­sional 32-bit (Ser­vice Pack 1, 2 and 3)
• Microsoft Win­dows XP Pro­fes­sional 64-bit (Ser­vice Pack 1 and 2)
• Microsoft Win­dows XP Tablet PC Edi­tion 2005 (requires attached keyboard)
• Microosft Win­dows XP Home
• Microsoft Win­dows 2003 Server (Ser­vice Pack 1 and 2)*
• Microsoft Win­dows 2000 Pro­fes­sional (Ser­vice Pack 4)
• Mac OS X 10.4.10 and later (Intel-based Macs, sys­tem vol­umes only)
• Mac OS X 10.4.X and Mac OS X 10.5.X (Intel and PPC plat­forms, non-system vol­umes only)

* Full disk encryp­tion func­tion­al­ity is not sup­ported on Win­dows 2000 Server or 2003 Server.

Sup­ported Disks

• Desk­top or lap­top disks (par­ti­tions in the case of Win­dows, or the entire disk for Win­dows and Mac OS X)
• Exter­nal disks, exclud­ing music devices and dig­i­tal cameras
• USB flash disks
• Solid-state dri­ves

Local­iza­tion

• Eng­lish
• Ger­man
• Japan­ese

Authen­ti­ca­tion Options

• OpenPGP RFC 4880 keys
• X.509 keys

Sym­met­ric Key Algorithms-PGP® Whole Disk Encryption

• AES 256-bit keys

Cen­tral­ized Man­age­ment Requirements

• PGP Whole Disk Encryp­tion is cen­trally man­aged by PGP Uni­ver­sal Server which requires a ded­i­cated hard­ware server. For sup­ported hard­ware and other infor­ma­tion, please refer to the PGP Uni­ver­sal Server tech­ni­cal specifications.

Two-Factor Authentication(PGP Whole Disk Encryp­tion for Win­dows Only)

Sup­ported Pre-Boot Authen­ti­ca­tion Smart Cards and USB Tokens

The fol­low­ing smart card read­ers are sup­ported for com­mu­ni­cat­ing to a smart card at pre-boot time. These read­ers can be used with any sup­ported remov­able smart card (it is not nec­es­sary to use the same brand of smart card and reader). Any Chip/Smart Card Inter­face Device (CCID) smart card reader is sup­ported. The fol­low­ing read­ers have been tested by PGP Corporation:

• OMNIKEY Card­Man 3121 USB for desk­top systems
• OMNIKEY Card­Man 6121 USB for mobile systems
• Activ­I­den­tity USB 2.0 reader
• Reiner SCT Cyber­Jack pinpad
• Athena ASEDrive IIIe USB reader

PGP Whole Disk Encryp­tion sup­ports the fol­low­ing smart cards for pre-boot authentication:

• Activ­I­den­tity Activ­Client CAC cards, 2005 models
• Aladdin eTo­ken 64K, 2048-bit RSA-capable¹
• Aladdin eTo­ken PRO USB Key 32K, 2048-bit RSA-capable¹
• Aladdin eTo­ken PRO with­out 2048-bit capa­bil­ity (older smart cards)¹
• Athena ASEKey Crypto USB Token for Microsoft ILM²
• Athena ASE­Card Crypto Smart Card for Microsoft ILM²
• EMC RSA SecurID SID800 Token³
• Charis­math­ics Cryp­toIden­tity plug ‘n’ crypt Smart Card only stick
• S-Trust Star­COS smart card⁴
• SafeNet iKey 3000

¹ Other Aladdin eTo­kens, such as tokens with flash, should work pro­vided they are APDU com­pat­i­ble with the sup­ported tokens. OEM ver­sions of Aladdin eTo­kens, such as those issued by VeriSign, should work pro­vided they are APDU com­pat­i­ble with the sup­ported tokens.
² Athena tokens are sup­ported only for cre­den­tial stor­age.
³ This token is sup­ported only for cre­den­tial stor­age. SecurID is not sup­ported.
⁴ S-Trust SECCOS cards are not supported.

Sup­ported Smart Cards and USB Tokens-PGP® Vir­tual Disk and PGP Zip

PGP Whole Disk Encryp­tion rec­og­nizes and works with the following:

• DoD Com­mon Access Cards (CACs) with the Activ­Card Gold 2.0 profile
• Athena Smart Card Solu­tions smart cards, includ­ing the ASEKey USB token
• AET Safe­Sign smart cards, includ­ing ASEKey 1.0
• Axalto (for­merly Schlum­berger) smart cards, includ­ing the Cryptoflex 32K
• SafeNet smart cards, includ­ing iKey 2032
• Aladdin smart cards, includ­ing eTo­ken PRO USB 16K, 32K, and 64K
• Gem­Plus smart cards, includ­ing Safe­sITe and GemX­presso Pro, using Gem­Safe Libraries 4.2.0–015 (Gold)

PGP Whole Disk Encryp­tion also rec­og­nizes and works with smart cards from other ven­dors if the ven­dor includes a standards-based PKCS-11 library in its soft­ware drivers.