General Questions
For all inquiries, including Sales inquiries, please fill out the form on our Contact Us page or call us at +1 888-72-FLASH
USA (Headquarters)
BiTMICRO Networks, Inc.
47929 Fremont Blvd.
Fremont, CA 94538, USA
BiTMICRO’s Data Universal Numbering System (DUNS) number is 928791797.
BiTMICRO’s Commercial and Government Entity (CAGE) Code is 07SX4.
Since 1995, BiTMICRO has been designing verified-rugged and secure storage for hostile environments. Armed with in-house developed technology, BiTMICRO designs and develops efficiently-configurable platforms capable of distributed and configurable security through its customer-driven team. As a U.S.-based technology innovator, BiTMICRO continually strives to deliver highly secure and rugged storage to markets requiring the highest standards of quality and reliability. BiTMICRO is headquartered in Fremont, California.
The BiTMICRO MAXchannel Partner Program offers deal registration, joint marketing, and reseller partnerships to interested applicants. You can find more information here.
Cryptographic Key
“A cryptographic key is a string of data that is used to lock or unlock cryptographic functions, including authentication, authorization and encryption. It transforms plain text into cipher text or vice versa. This key remains private and ensures secure communication.”[1][2]
“Data Encryption Key (DEK) is automatically generated by the Self-Encrypted Drive (SED) during its operation. The DEK is used to encrypt and decrypt all of the data on the drive when written and when read, respectively. The drive generates the DEK and stored it in an encrypted format in multiple locations on the drive itself. By default the SED device is unlocked, and the DEK is used to encrypt and decrypt writes and reads to the media. The data is fully secured only when the drive is provisioned and locked. Using an Authentication Key (AK) in combination with DEK to read and write data to the SED is a way of provisioning a drive.” [3]
RELATED LINK(S):
A Self-Encrypting Drive (SED) is a Storage Device that integrates encryption of user data at rest. All user data written to the Storage Device is encrypted by specialized hardware implemented inside the Storage Device controller. The data is decrypted as it is read. The encryption and decryption are performed using a Media Encryption Key (MEK) generated internally in the Storage Device.”[1] Self-encrypting drives are focused on data at rest.
“All SEDs encrypt all the time from the factory onwards, performing like any other hard drive, with the encryption being completely transparent or invisible to the user.”[2]
RELATED LINK(S):
“Data encryption key (DEK): is a type of cryptographic key generated by an encryption engine that serves as a secured access key to encrypt and decrypt data at least once or possibly multiple times. Data is encrypted and decrypted with the help of the same DEK; therefore, a DEK must be stored for at least a specified duration for decrypting the generated cipher text.”[1]
Encrypted data is referred to as “cipher text” and unencrypted data as “plain text”.
RELATED LINK(S):
“Key encryption key (KEK): A “symmetric key wrapping key” type of encryption key that encapsulates a key material. KEK is generally used to encrypt DEK. [1] “It is used for encrypting other cryptographic keys.”[2]
RELATED LINK(S):
Yes, but not the data on the drive. The drive remains locked, and the data inaccessible and encrypted. The drive needs to be factory reset or formatted to be useable.
Opal-compliant drives require PSID to be factory reset.
RELATED LINK(S):
Theprotected SED can be reset to factory settings by using its public PSID value.
RELATED LINK(S):
“The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware to encrypt sensitive data throughout the world.”[1]
“SED drives use two versions of this standard, AES128 and AES256. The numbers refer to the bit-size of the encryption key (and the block size) used by the algorithm, which must be a 128-bit (16 byte) or 256-bit (32 byte) random number. Without knowing the encryption key, this algorithm makes it virtually impossible to decipher the code and since the algorithm is in general use, the more exposure it gets to being unsuccessfully attacked and bro-ken, the higher our confidence in it.”[2]
“A block cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time.”[3]
RELATED LINK(S):
Yes. This can be managed through ISV’s key management tool.
RELATED LINK(S):
Yes. This can be changed and managed through ISVs key management tool.
RELATED LINK(S):
http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/
No. Once the key is destroyed it cannot be recovered.
RELATED LINK(S):
http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/
The key can be destroyed simply just by deleting/erasing/changing the encryption key.
RELATED LINK(S):
http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/
No, but you do need the drive’s PSID and an application to send commands to the storage device.
OPAL is the TCG Specification for the SED function. It is an implementation profile for Storage Devices that incorporate mechanisms for managing access control to user data stored on the Storage Device, including controlling Media Encryption, Key Management, and Read/Write Lock State.
RELATED LINK(S):
Encryption key is automatically generated by SED drives during operation. This is created by the SED’s built-in hardware encryption engine.
RELATED LINK(S):
http://tcg.tjn.chef.causewaynow.com/commonly-asked-questions-answers-self-encrypting-drives/
No. You should always refer to the ISVs’ compatibility matrix.
“Full-disk encryption (FDE) is encryption done at the hardware level. FDE works by automatically encrypting data on a hard drive into a form that can be only understood by the one who has the key to decrypt the encrypted data.”[1]
RELATED LINK(S):
This depends on the USB to SATA bridge (tailgate) support, this is however not recommended. “The Secure Erase command disconnects the drive from the system and offloads all erase commands to the drive controller. The drive controller will not communicate with the host system until the erase command has been completed. The drive must be left alone for the duration of the erasure. SATA/PATA ports have no problem doing this (they’re designed with it in mind), the ATA-USB bridge used by external enclosures is not. If the hard disk controller stops responding (which it will during the erase command) the USB host controller will not be expecting the device to timeout and disconnect. The host controller may attempt to disconnect or reset the bridge device, which can interfere with the hard disk controller while it is performing the secure erase. This can cause undefined behaviour on the drive, including unrecoverable failure.”[1]
RELATED LINK(S):
Key management refers to managing cryptographic keys (e.g. DEK and KEK) within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.
RELATED LINK(S):
No. Key management refers to managing cryptographic keys (DEK and KEK) within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.
RELATED LINK(S):
Not necessarily an AES engine but a specialized hardware implemented inside the Storage Device controller that encrypts/decrypts data. AES is just one of those algorithms that are being used by the said hardware controller.
RELATED LINK(S):
No. You should always refer to the ISVs’ compatibility matrix.
No. You should always refer to the ISVs’ compatibility matrix.
Linux uses HDPARM and SMARTMON tools. Windows uses the STB Suite, customized scripts or batch scripts.
RELATED LINK(S):
Software can be corrupted or negated; hardware cannot. Software runs under an operating system that is vulnerable to viruses and other attacks. An operating system, by definition provides open access to applications and thus exposes these access points to improper use. Hardware-based security can more effectively restrict access from the outside, especially to unauthorized use. Additionally, dedicated hardware can have superior performance compared to software.
RELATED LINK(S):
Basic requirements for managing SEDs are encryption methods (i.e., AES), management software (i.e., securedoc, McAfee, Cryptomill,etc.), and supported environments.
RELATED LINK(S):
© 2020 BiTMICRO® Networks, Inc.
Power over Ethernet or PoE is a technology that lets network cables carry electrical power in addition to data and images. PoE devices can be an advantage in cases where power is not accessible or where additional wiring is not possible. PoE is also protected from overloads and short circuits, providing for safer power delivery. Since power is supplied centrally, no additional power supplies are necessary, and increasing power when needed, becomes much easier.
PoE Devices
RAMPART™ Distributed End-to-End Embedded Cyber Security delivers end-to-end AES-256 encryption. It is comprised of the RAMPART Cyber Secure Solid State Storage Modules and RAMPART Cyber Secure Management Software. It is a unique embedded security solution for data at rest and data in flight between at least two locations. The RAMPART Distributed Cyber Security solution addresses the End-to-End Encryption challenge by providing the most advanced and distributed, seamless, secure data storage and data transmission environment. RAMPART Distributed Cyber Security assures data is encrypted and cyber secure when stored on any RAMPART Cyber Secure Solid State Storage Module and when transmitted between any two RAMPART Modules.
RAMPART Distributed End-to-End Embedded Cyber Security
E-Disk Altima SSDs
Overcome challenges for secure, high speed, and high capacity data-intensive applications with ACUMEN™ Secure Network Storage Nodes. ACUMEN Secure Network Nodes offer a scalable storage architecture providing AES-256 encrypted storage for classified data. Increase performance and capacity as needed by combining multiple ACUMEN nodes to solve data-intensive workloads.
Secure Network Storage Nodes
RAMPART™ Distributed End-to-End Embedded Cyber Security delivers end-to-end AES-256 encryption. It is comprised of the RAMPART Cyber Secure Solid State Storage Modules and RAMPART Security Configuration Utility. It is a unique embedded security solution for data at rest and data in flight between at least two locations. The RAMPART Distributed Cyber Security solution addresses the End-to-End Encryption challenge by providing the most advanced and distributed, seamless, secure data storage and data transmission environment. RAMPART Distributed Cyber Security assures data is encrypted and cyber secure when stored on any RAMPART Cyber Secure Solid State Storage Module and when transmitted between any two RAMPART Modules.
RAMPART Distributed End-to-End Embedded Cyber Security
Whitepapers
Simplifies management of BiTMICRO® SSDs by providing easy-to-use interface with a quantitative view on performance, capacity, and drive usage. DriveLight™ Software is a convenient tool to execute security erase with a simple selection of sanitization mode. It also supports BiTMICRO SATA SSDs connected through a UASP-compatible USB to SATA converter. Offered in a standalone version or CLI for easy integration to existing management software.
* BiTMICRO maintains a hardware compatibility list (HCL) of UASP-compatible USB to SATA converters. For a copy, please contact BiTMICRO
DriveLight Software
Ideal for commercial and industrial applications requiring scalable, capacity-on-demand NVMe SSD in low profile, half-length AIC form factor. Built with industrial-grade components, MAXio® S-Series SSD can withstand industrial environments. Addresses issue on limited M.2 slots in a system by providing the option to scale up to 4 units of M.2 NVMe SSDs in one device.
MAXio S-Series SSD
For today’s most demanding business applications, the BiTMICRO® MAXio® family of SSD solutions delivers enterprise-class performance. Our unique technology enhances the speed and productivity of enterprise applications making them perfect for a variety of environments.
MAXio SSDs are built upon a history of innovation in military and mission-critical IT environments and as a result, remove barriers to achieve enhanced business performance and productivity. The MAXio enterprise SSDs combine military-like ruggedness, advanced flash management, high-capacity, and superior performance.
MAXio Enterprise SSDs
Featuring most of the technologies found in the military-grade models, E-Disk® Altima™ II I-Series SSDs address industrial requirements such as ruggedness, low SWaP (Size, Weight and Power), and data security. Offered in a wide variety of form factors and interfaces such as M.2 SATA, M.2 NVMe, U.2 NVMe, and 2.5” SATA 6Gb/s, the E-Disk Altima II I-Series line also provides data-at-rest protection through AES and TCG Opal features.
E-Disk Altima II I-Series SSDs
E-Disk® Altima™ and Altima™ II M-Series SSDs are verified rugged military-grade SSD products, tested and screened to meet extreme environmental requirements of mission critical defense applications. SSD hardening and tamper-proofing protect the drive from unauthorized physical access. Security features include AES-256 and TCG Opal support.
E-Disk Altima II M-Series SSDs
E-Disk Altima SSDs
Industrial SSD
Featuring most of the technologies found in the military-grade models, E-Disk® Altima™ II & III I-Series SSDs address industrial requirements such as ruggedness, low SWaP (Size, Weight and Power), and data security. Offered in a wide variety of form factors and interfaces such as M.2 SATA, M.2 NVMe, U.2 NVMe, and 2.5” SATA 6Gb/s, the E-Disk Altima II & III I-Series line also provides data-at-rest protection through AES and TCG Opal features.
E-Disk Altima III I-Series SSDs
E-Disk Altima II I-Series SSDs