SecureDoc Disk Encryption, Version 4.3C
WinMagic Inc.
200 MathesonBlvd. W, Suite 201
Suite 210
Mississauga, Ontario
Canada
L5R 3L7
Telephone: 905-502-7000
Fax: 905-502-7001
SecureDoc Disk Encryption, Version 4.3C for Windows 2000/XP/2003, (hereafter referred to as SecureDoc) was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at DOMUS IT Security Laboratory, a division of NUVO Network Management, located in Ottawa, Ontario, Canada. The evaluation was completed in June 2007.
The evaluation of SecureDoc determined that this Information Technology (IT) product can be trusted, to an assurance level of EAL 4, to conform to the requirements of the associated security target.
SecureDoc controls access to the entire disk, disk partitions, files or removable media by encrypting them with 256-bit Advanced Encryption Standard (AES) keys assigned to established user accounts. Once SecureDoc has been installed and keys and user accounts have been created, a user needs to pass SecureDoc authentication to log on and access the data. SecureDoc works at the pre-OS-boot stage to identify and authenticate the user via password mechanism. In the appropriate IT environment multi-factor authentication may be invoked as well using tokens, smartcards, Trusted Platform Module (TPM), or biometrics. Once authenticated, SecureDoc will determine if the user has been assigned the key to decrypt the disk or other encrypted resource and will then make the information on the disk or removable media available to the user. The product works at the driver level, transparently encrypting/decrypting information. Users may accept various roles depending on the assigned privileges.
The threats that are countered by SecureDoc include: unauthorized access to information or resources; data corruption during the disk conversion process due to loss of power or an operating system fault; and denial of access resulting from users forgetting their passwords and thus not having access to their encryption keys.
The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the SecureDoc, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the SecureDoc satisfies its IT security requirements.
Consumers are advised to carefully review the certification report to gain an understanding of the security functionality, the evaluated configuration, and the intended operating environment for SecureDoc.
Product Type: Data Protection
Security Target: PDF (488KB)* Accessibility Notice * Official Languages Notice