WORLD'S FIRST Software-based Compartmental Computer

Securely Separated

• Enforced by Encryption
• All data in all compartments are encrypted
• Based on WinMagic's world leading disk encryption software SecureDoc
• If one compartment is infected with a virus, it will not spread to others

• Compartmental SecureDoc runs on Windows 2000/XP.
• The PC disk may be divided into 2 or 3 compartments.
• The user can select which compartment to employ when booting the PC.
• The data cannot be shared between the compartments - the exception would be via removable disks similar to any existing separate computers. However it is possible in the setup configuration to disallow removable disks.
• The separation is cryptographically enforced. The partitions of one compartment are encrypted with keys different to the others. Key files to one compartment do not have keys to others, thus the separation is not only through access control (partitions of other compartments are hidden) but also via encryption.

Unique features of Compartmental SecureDoc:

1. Hardware tokens and biometrics - one, two or even three-factor authentication is available with SecureDoc:
   a. Password only
   b. Hardware token with password
   c. Hardware token with fingerprint verifier and password
   
   The Administrator can set up different hardware tokens to access different compartments. Without the correct hardware tokens, users will not be able to access specific compartments. The authentication takes place right at PRE-BOOT TIME. As with the SecureDoc disk encryption product, users without proper authentication cannot access the computer at all.
2. Disk Access Control - SecureDoc disk encryption permits Administrators to control disk access, for example for block read and/or write access to all drives of the computer. Or, dependent upon configuration, the media may be accessed only if encrypted. This can further assist the control of data flow when used in conjunction with Compartmental SecureDoc.
3. BIOS and Boot code integrity check - SecureDoc can be configured to check the BIOS and boot code integrity. Any attempt to alter parts of the BIOS or the boot code will result in integrity check failure and the computer will need an Admin logon to allow access.
4. Configuration of computers and Network access - the administrator can fully configure the specific OS for use in any compartment, for example to disable Internet Access in the compartment with classified data.

Compartmental SecureDoc offers other advantages over existing hardware compartmental solutions:

• Solution for laptop computers. With SecureDoc, a laptop computer can be a Compartmental Computer, functioning as a Multi-Level Security System. Hardware based solutions cannot be used on laptops;
• It is much more cost effective than current hardware-based solutions;
• AES 256-bit encryption for USB/FireWire External Drives, pocket drives, flash cards, PCMCIA Drives, Zip, Jazz, etc. - thus providing a full range of protection for virtually all forms of storage devices;
• It includes entire disk encryption and unique features of SecureDoc, such as Disk Access Control, centralized administration and PKI and Smart Card integration.