SecureDoc is a disk encryption product that codes the entire hard disk, including operating system files and boot sector. Therefore it provides authentication of the user before the computer even boots up. It can also be used to encrypt all types of removable drives and media, including Flash cards. Although it can be installed in a password-only single-user environment, it provides an upgrade path to full enterprise-wide PKI and two- and three-factor authentication, integrating with third-party tokens.
Key recovery is not really a problem with SecureDoc. In a single-user environment, keys may be backed up to removable media and stored securely by the administrator, who can also prevent users generating or using their own keys. Keys that are backed up are still protected by a password. In an enterprise environment, all keys are generated centrally and securely stored and archived. Also, you can create an emergency boot disk for when the master boot record is damaged - this ensures that you will not be faced with a situation where the computer, and the data on it, become inaccessible.
An enterprise would install the optional SecureDoc Central Database, which enables the administrator to manage keys and support users remotely, without having to visit each PC. It adds extra functionality, such as password recovery and configurable strong password rules, to enhance the support and management of users. There is a facility for secure remote recovery using a one-time challenge-response system, as well as an automated, self-service, web-based password recovery system with unlimited challenge questions.
An additional feature is Disk Lock, which can be used to control user access to drives, whether or not they are encrypted. For example, to prevent data export by prohibiting write access to a floppy drive, or to prevent installation of unauthorized software by prohibiting read access to floppy and CD-ROM.
Quite apart from the disk encryption functionality, files and folders can also be encrypted - this can be useful for sending data by email, removable media, or sharing it on network drives. There is also a secure deletion facility that can overwrite data up to 35 times.
Windows 98SE/ME/NT/2000/ XP platforms are supported. Bulk data encryption uses the 256-bit AES encryption algorithm. Keys are stored, usually on hardware tokens, encrypted with the RSA algorithm.