Recently we were asked by some of our users if it is possible to use a biometric (fingerprint) USB stick in combination with the Rohos Logon Software (for example if it is possible to logon using Rohos after a partition is made visible by a recognized fingerprint).
As a matter of fact, we have decided to test several Biometric USB flash drives, to discover which of them are compatible with the Rohos Logon Key.
We would like to present you the Transcend JetFlash 220 USB flash drive 2 Gb (fully compatible with the Rohos Logon) with the embedded fingerprint scanner for biometric access to the secured partition of the USB drive and included software.
Special features of the device:
- An advanced technology of fingerprints identification, allowing to register up to 10 fingerprints (even from different people);
- Biometric or password based security for the secured partition, web site logon, and encrypted files;
- Software based, Data Encryption with AES algorithm based on the 256-bite key.
- Automatic authorization performed on the web-sites where you have already been registered.
- There is a program that allows to change the size of the secure partition of the flash drive.
- The device fully supports Windows 2000, XP and Vista, which was proved by recent tests.
- You are not able to access the secure partiton without obtaining the Administrator privileges.
- While the secure partition of the flash drive is open, you are not able to use the un-secure partition of the device and vice-versa.
The main principle of the secure partition work in brief:
The whole flash drive space is divided into two main parts. The first one is an Open Partition with a usual access to it, while the second area represents itself a Secure Partiton, the access to which could be obtained due to personal fingerprints of its owner or a password.
How the device works:
While the flash drive is plugged in â€œMy computerâ€ window will notice you of the appearance of two drives, such as removable drive (for example H:\) and a virtual CD-ROM (F:\).
At this time the information you save on the drive H:\ will be saved on the Open Partition of the flash drive. To get the access to the Secure Partition on the flash drive you need to launch the authorization window (â€F:\PdtStart.exeâ€) where you may enter the password or just use your fingerprints by touching you flash drive.
If the fingerprint appears to become green – it was successfully identified.
After the successful authorization a new icon (an orange arm) appears on you taskbar, with the help of which you can change some settings.
You shouldnâ€™t wait for the new USB disk drive appearance in “My Computer”. The whole content of the disk drive H:\ now represents the Secure Partition, which is opened at the moment. (Probably the process of switching between the Open and Secure Partitions of the flash drive is performed by the hardware itself.) To switch back to the only Open Area of the flash drive you need to chose â€œExitâ€ in the arm-icon pop-up menu.
Also to switch off the Secure Area of the flash drive you can simply extract the flash drive. The information wonâ€™t be harmed or lost.
The first plug in and setup.
A step-by-step instruction on installation and software setup can be read here:
On your first launch a Wizard is downloaded, with the aim to help you register your fingerprints and preset the password to enter the control panel. Then all the functions are available through the control panel.
Creating the Secure Partition
Initially the Secure Partition is absent. To create it you need to use the â€œRepartition Wizardâ€ utility.
The fingerprints registration
Using program settings (System->System settings) you can register up to 10 different fingerprints (even of different people).
For example, the software is able to save the forefinger fingerprint of your right arm and the forefinger fingerprint of you friendâ€™s left arm, thus allowing you both the access to the Secure Partition of the flash drive. Nice idea!
â€œProtect Filesâ€ function (protection of the files out of flash drive)
The software obtains the function of protecting the files on your hard drives. It could be launched through the pop-up menu of the softwareâ€™s icon (Protect Files->Protect files). After it is launched a â€œFile protectionâ€ window appears. Clicking the â€œBrowseâ€ button you can chose the files to protect, which lately appear in the list. To start the encryption process click the â€œStartâ€ button. As a result the files will be encrypted. To open these files you need to use your fingerprint authorization in the authorization window. After successful authorization files will be decrypted. If you donâ€™t remember the exact place you have saved your files, you can find them with the help of a special “encrypted files search” program (Protect files->Search protected files).
Authorization on web-sites
While entering the username and password on whatever web-site, the software offers to save these data.
If you click â€œYesâ€ and chose â€œEnrollâ€ button in a pop-up window, your further access to this site will be performed due to â€œfingerprintâ€ authorization window with the automatic log-in.
- One of the features of the device is that it is not possible to have access to both Open and Secure Partitions of the flash drive. Probably, the manufacturer used to think users wonâ€™t use the Open Partition of the flash drive and will convert all the available space into Secured Partition.
- Obviously there is no hardware or software based encryption of the secured partition; We even dont sure the biometric authorization is performed by hardware or software.
- Also the fingerprint identification program didnâ€™t work with the Guest account, thus disabling anybody of using it without obtaining the Administrator account.
- While trying to format Open/Secure partitions of the flash drive under the NTFS – a bug was discovered: the Secure Area was crippled.
The Overall evaluation: biometrical scanner is quite good, and takes 4 point out of 5 available.
Transcend JetFlash 220 security review
The device description on the manufacturer’s web site and help files do not clearly state the most important things about its security:
- Where fingerprint authentication is performed? On the hardware or software part? Obviously the Software part reads authentication configuration from the hardware and it is not protected (how many fingers and which ones are enrolled, is there a backup password).
- The same question about which part is making decision about granting access to secured drive?
- Is there any attempts limit for Authentication by a backup password? Brute-force attack possibility looks like security vulnerability.
- Is the authentication configuration protected? Again, it’s clear that the Software part not only reads authentication configuration from the device, but also writes it. Is this API protected? On the software level or hardware?
As you see there are a few places where the device security maybe vulnerable. We believe that manufacturer implemented some crucial authentication task on the hardware level to make it more secured.
Search this blog to read more reviews of USB devices with data protection. Visit USB drives category.