Kingston IronKey Vault Privacy 50 SeriesFIPS 197 Certified & XTS-AES 256-bit Encrypted USB Drive for Data Protection
Kingston Technology
Category
Storage Hardware Innovation of the Year
Entry Description
Kingston IronKey Vault Privacy 50 SeriesFIPS 197 Certified & XTS-AES 256-bit Encrypted USB Drive for Data Protection

“Kingston has been one of the pioneers in supplying hardware-encrypted USB solutions to the global market, and it still leads the market today. Kingston is committed to providing customers with strong data security for mobile data and to ensure compliance to laws and regulations such as GDPR. In 2016, Kingston purchased IronKey, which was a company known for developing encryption solutions for the U.S. Government and military. Today, the Kingston IronKey branded hardware-encrypted drives are the best-known drives in the data security market.

The foundation of hardware-encrypted drives is to properly implement the state-of-the-art encryption algorithm, such as the 256-bit Advanced Encryption Standard (AES) in the latest XTS mode. Kingston offers drives with FIPS 197 certification, which means they were lab-tested to verify they are properly encrypting and decrypting data.

For higher security, Kingston offers FIPS 140-2 Level 3 drives which are designed for military-grade applications with strong anti-tampering protections. For example, the Kingston D300S series of drives is NATO-certified as an example; the S1000 series is used by governments worldwide as a best-in-class encrypted drive.

All Kingston drives include Brute Force attack protection. That means that someone guessing a password has 10 retries before the password either locks up or resets the drive by crypto-erasing the data. Brute Force attack protection is a differentiator from software encryption that does not block the unlimited guessing of passwords with powerful computers and tools. In addition, firmware on the drives is digitally signed to block BadUSB attacks; if the firmware is replaced by a bad actor, the controller will detect it and “brick” the drive.

Starting in May 2022, Kingston has launched new IronKey drives that have incorporated additional security options to make drives even more user-friendly and secure:

1. Multi-Passwords: Kingston’s new Vault Privacy 50 (VP50), Vault-Privacy80ES (VP80ES) now incorporate multi-password option. Customers can now enable multi-password mode. The VP50 allows for up to 3 passwords and VP80ES allows up to two. In the case of VP50, the Admin password can be used to unlock a drive if Brute Force attack protection was triggered on the other passwords and locked them, allowing small and medium businesses to locally manage their drives. Multi-passwords address Kingston’s customers’ #1 request for data recovery options should a password be forgotten. In addition, new regulations for forensics often require companies to account for what data was on a recovered drive or drive returned by an employee; using the Admin role and password, VP50 drives can be unlocked to reset the User password and/or access the data that is stored on the drive.

2. New Passphrase mode: Complex passwords are still there, but people are getting fatigued with remembering them. Passphrase allows for new passwords from 10-64 characters long; this means customers can use passwords that are lists of words, a sentence, a line from a poem or lyrics, etc. They are much easier to remember and hard to guess. The FBI recommended that people use passphrases of 15 or more characters as stronger password security for encrypted drives.

3. New Eye symbol: Entering a new password can be fraught with typos. VP50 and VP80ES are the first mainstream drives to allow for users to click on the eye symbol and see their password. No more typos!

4. New Virtual Keyboard: VP50 adds a virtual keyboard to enter the password for Windows and macOS. This new feature can block keyloggers and screenloggers that try to capture the keys being entered.


When designing the IronKey VP80ES External SSD and VP50 USB drive, Kingston has been single-minded about strong data security. A keypad drive, whether using physical buttons or a touch screen like VP80ES, can be attacked by analysing fingerprint traces on the keys. VP80ES comes with a Key Randomizer feature, set by default, that scrambles the digits and rows of alphabet keys upon every login; in this case, a Mission Impossible style of attack by analysing fingerprint smudges is not feasible.

The potential situations where you’d get the most benefit from Kingston IronKey hardware-encrypted drives are quite different to typical usage scenarios of traditional external storage, though. We believe this will be well understood by customers, who will make the right choice for their needs using a trusted company with a strong track record.”

– Tiago Gomes, Flash Business Manager, Kingston Technology.
Supporting Documents