For all inquiries, including Sales inquiries, please fill out the form on our Contact Us page or call us at +1 888-72-FLASH

USA (Headquarters)

BiTMICRO Networks, Inc.
47929 Fremont Blvd.
Fremont, CA 94538, USA

BiTMICRO’s Data Universal Numbering System (DUNS) number is 928791797.

BiTMICRO’s Commercial and Government Entity (CAGE) Code is 07SX4.

• BiTMICRO’s North American Industry Classification System (NAICS) codes are the following:
  • 334 Computer and Electronic Product Manufacturing
  • 334112 Computer Storage Device Manufacturing
  • 541330 Engineering Services  

Since 1995, BiTMICRO has been designing verified-rugged and secure storage for hostile environments. Armed with in-house developed technology, BiTMICRO designs and develops efficiently-configurable platforms capable of distributed and configurable security through its customer-driven team. As a U.S.-based technology innovator, BiTMICRO continually strives to deliver highly secure and rugged storage to markets requiring the highest standards of quality and reliability. BiTMICRO is headquartered in Fremont, California.

The BiTMICRO MAXchannel Partner Program offers deal registration, joint marketing, and reseller partnerships to interested applicants. You can find more information here.

“A cryptographic key is a string of data that is used to lock or unlock cryptographic functions, including authentication, authorization and encryption. It transforms plain text into cipher text or vice versa. This key remains private and ensures secure communication.”^[1][2]

“Data Encryption Key (DEK) is automatically generated by the Self-Encrypted Drive (SED) during its operation. The DEK is used to encrypt and decrypt all of the data on the drive when written and when read, respectively. The drive generates the DEK and stored it in an encrypted format in multiple locations on the drive itself. By default the SED device is unlocked, and the DEK is used to encrypt and decrypt writes and reads to the media. The data is fully secured only when the drive is provisioned and locked. Using an Authentication Key (AK) in combination with DEK to read and write data to the SED is a way of provisioning a drive.” ^[3]

RELATED LINK(S):

1. https://www.techopedia.com/definition/24749/cryptographic-key
2. https://en.wikipedia.org/wiki/Cryptographic_key_types
3. http://h20331.www2.hp.com/Hpsub/downloads/Self_encrypting_drives_whitepaper.pdf

A Self-Encrypting Drive (SED) is a Storage Device that integrates encryption of user data at rest. All user data written to the Storage Device is encrypted by specialized hardware implemented inside the Storage Device controller. The data is decrypted as it is read. The encryption and decryption are performed using a Media Encryption Key (MEK) generated internally in the Storage Device.”^[1] Self-encrypting drives are focused on data at rest.

“All SEDs encrypt all the time from the factory onwards, performing like any other hard drive, with the encryption being completely transparent or invisible to the user.”^[2]

RELATED LINK(S):

1. http://nvmexpress.org/wp-content/uploads/TCGandNVMe_Joint_White_Paper-TCG_Storage_Opal_and_NVMe_FINAL.pdf
2. http://www.computerweekly.com/feature/Self-encrypting-drives-SED-the-best-kept-secret-in-hard-drive-encryption-security

“Data encryption key (DEK): is a type of cryptographic key generated by an encryption engine that serves as a secured access key to encrypt and decrypt data at least once or possibly multiple times. Data is encrypted and decrypted with the help of the same DEK; therefore, a DEK must be stored for at least a specified duration for decrypting the generated cipher text.”^[1]

Encrypted data is referred to as “cipher text” and unencrypted data as “plain text”.

RELATED LINK(S):

1. https://www.techopedia.com/definition/5660/data-encryption-key-dek

“Key encryption key (KEK): A “symmetric key wrapping key” type of encryption key that encapsulates a key material. KEK is generally used to encrypt DEK. ^[1] “It is used for encrypting other cryptographic keys.”^[2]

RELATED LINK(S):

1. https://info.townsendsecurity.com/definitive-guide-to-encryption-key-management-fundamentals
2. https://link.springer.com/referenceworkentry/10.1007%2F978-1-4419-5906-5_291

Yes, but not the data on the drive. The drive remains locked, and the data inaccessible and encrypted. The drive needs to be factory reset or formatted to be useable.

Opal-compliant drives require PSID to be factory reset.

RELATED LINK(S):

• https://superuser.com/questions/408809/how-to-format-a-drive-encrypted-with-bitlocker
• https://wiki.archlinux.org/index.php/disk_encryption

Theprotected SED can be reset to factory settings by using its public PSID value.

RELATED LINK(S):

• https://library.netapp.com/ecmdocs/ECMP1636022/html/GUID-76C16F4E-7497-42D3-B22B-89E94279C1BF.html
• https://community.spiceworks.com/topic/459297-removing-winmagic

“The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware to encrypt sensitive data throughout the world.”^[1]

“SED drives use two versions of this standard, AES128 and AES256. The numbers refer to the bit-size of the encryption key (and the block size) used by the algorithm, which must be a 128-bit (16 byte) or 256-bit (32 byte) random number. Without knowing the encryption key, this algorithm makes it virtually impossible to decipher the code and since the algorithm is in general use, the more exposure it gets to being unsuccessfully attacked and bro-ken, the higher our confidence in it.”^[2]

“A block cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time.”^[3]

RELATED LINK(S):

1. https://www.techopedia.com/definition/1763/advanced-encryption-standard-aes
2. https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100515636b.pdf
3. http://searchsecurity.techtarget.com/definition/block-cipher

Yes. This can be managed through ISV’s key management tool.

RELATED LINK(S):

• https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/overview-of-key-management-for-always-encrypted?view=sql-server-2017

• https://www.sc.edu/about/offices_and_divisions/university_technology_services/security/sc_technologies/ses_client_v65_user_manual.pdf

Yes. This can be changed and managed through ISVs key management tool.

RELATED LINK(S):

http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

No. Once the key is destroyed it cannot be recovered.

RELATED LINK(S):

http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

The key can be destroyed simply just by deleting/erasing/changing the encryption key.

RELATED LINK(S):

http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

No, but you do need the drive’s PSID and an application to send commands to the storage device.

OPAL is the TCG Specification for the SED function. It is an implementation profile for Storage Devices that incorporate mechanisms for managing access control to user data stored on the Storage Device, including controlling Media Encryption, Key Management, and Read/Write Lock State.

RELATED LINK(S):

• http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

• https://en.wikipedia.org/wiki/Opal_Storage_Specification
• http://nvmexpress.org/wp-content/uploads/TCGandNVMe_Joint_White_Paper-TCG_Storage_Opal_and_NVMe_FINAL.pdf

Encryption key is automatically generated by SED drives during operation. This is created by the SED’s built-in hardware encryption engine.

RELATED LINK(S):

http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

No. You should always refer to the ISVs’ compatibility matrix.

“Full-disk encryption (FDE) is encryption done at the hardware level. FDE works by automatically encrypting data on a hard drive into a form that can be only understood by the one who has the key to decrypt the encrypted data.”^[1]

RELATED LINK(S):

1. http://whatis.techtarget.com/definition/full-disk-encryption-FDE

This depends on the USB to SATA bridge (tailgate) support, this is however not recommended. “The Secure Erase command disconnects the drive from the system and offloads all erase commands to the drive controller. The drive controller will not communicate with the host system until the erase command has been completed. The drive must be left alone for the duration of the erasure. SATA/PATA ports have no problem doing this (they’re designed with it in mind), the ATA-USB bridge used by external enclosures is not. If the hard disk controller stops responding (which it will during the erase command) the USB host controller will not be expecting the device to timeout and disconnect. The host controller may attempt to disconnect or reset the bridge device, which can interfere with the hard disk controller while it is performing the secure erase. This can cause undefined behaviour on the drive, including unrecoverable failure.”^[1]

RELATED LINK(S):

1. http://www.tomshardware.co.uk/answers/id-1984547/secure-erase-external-usb-hard-drive.html
2. https://wiki.archlinux.org/index.php/Securely_wipe_disk
3. https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

Key management refers to managing cryptographic keys (e.g. DEK and KEK) within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.

RELATED LINK(S):

https://en.wikipedia.org/wiki/Key_management

No. Key management refers to managing cryptographic keys (DEK and KEK) within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.

RELATED LINK(S):

https://en.wikipedia.org/wiki/Key_management

Not necessarily an AES engine but a specialized hardware implemented inside the Storage Device controller that encrypts/decrypts data. AES is just one of those algorithms that are being used by the said hardware controller.

RELATED LINK(S):

• https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption
• https://www.snia.org/sites/default/orig/DSI2015/presentations/Security/MichaelWillett_Encrypted%20Storage_final.pdf

No. You should always refer to the ISVs’ compatibility matrix.

No. You should always refer to the ISVs’ compatibility matrix.

Linux uses HDPARM and SMARTMON tools. Windows uses the STB Suite, customized scripts or batch scripts.

RELATED LINK(S):

• https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
• http://www.stbsuite.com/support/virtual-training-center/issuing-ata-commands

Software can be corrupted or negated; hardware cannot. Software runs under an operating system that is vulnerable to viruses and other attacks. An operating system, by definition provides open access to applications and thus exposes these access points to improper use. Hardware-based security can more effectively restrict access from the outside, especially to unauthorized use. Additionally, dedicated hardware can have superior performance compared to software.

RELATED LINK(S):

• http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/

• https://www.kingston.com/en/usb/encrypted_security/hardware_vs_software
• http://h20331.www2.hp.com/Hpsub/downloads/Self_encrypting_drives_whitepaper.pdf

Basic requirements for managing SEDs are encryption methods (i.e., AES), management software (i.e., securedoc, McAfee, Cryptomill,etc.), and supported environments.

RELATED LINK(S):

• https://www.winmagic.com/products/features/sed-self-encrypting-hard-drives

• http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/