Untethered Mobile Data Security
Encryption Management Made Easy
IceLock protects data on your laptop with centralized management from the IceLock Servers. Data never leaves your laptop and you do not need to be online to be protected.
At its simplest, IceLock consists of an agent on your laptop and the IceLock servers connected via the Internet. IceLock works whether you are online or offline and automatically checks into the IceLock servers when online.
The Agent manages:
Encryption of your data and access to your data
Protection against hackers accessing your data
Communication with the IceLock servers
The IceLock Servers:
Manage policies for protection
Let you report a computer as lost or stolen and determine actions to take
Restore access to computer files
Report on actions taken to protect your data
Data Encryption - Data Access
IceLock protects your data with 256 bit AES encryption. What really sets IceLock apart is how it manages the encryption process to simplify your life and keep your data secure.
Encryption is based on a key or a secret that is used to scramble the data. It is imperative that the secret cannot be guessed. IceLock's encryption keys are mathematically derived consisting of 256 bits so they can't be guessed or deduced by a dictionary type attack. This provides superior protection to password based keys.
The problem is, how do you remember a 256 bit key? The key has to be available on your computer to encrypt and decrypt your data every time you want to open a file. No one wants to try to remember this complex set of numbers so IceLock stores the encryption key on your computer. Good idea, except how do we protect the encryption key so that a hacker can't simply find it and get at your data?
Most encryption software uses a password to protect the encryption key. Again, good idea, but if someone can guess the password, they have access to the encryption key and your data. IceLock creates a second, extremely complex key with 4 distinct elements to protect the encryption key. This protection key is also a 256 bit AES key. As shown below, the 4 elements must all be present and correct to access the encryption key which allows you to open your files.
Protection Key Assembly and Encryption Key Protection
IceLock automatically manages this process for you, all you need to do is enter your Windows password and your IceLock password correctly.
The Four Elements
Username IceLock is user specific. Your data is only available to you. If an administrator or other user logs into your computer with their account they never have access to your data.
Computer Information IceLock automatically gathers unique data from your computer as you are booting up. If the hard disk is moved to another computer, even an identical model, IceLock will not allow access to your data.
IceLock Data As discussed below, IceLock protects your data against a variety of threats. The IceLock data is a set of information unique to your IceLock account that is deleted from your computer if a threat is sensed. Since this IceLock data is available on the IceLock servers, it can be restored by an authorized user if you mistakenly trigger protection.
IceLock Status This includes information indicating whether the computer has been registered as lost or stolen, if your license is expired and whether you entered your IceLock Password correctly.
The IceLock password is isolated from the encryption key and the protection key. If you enter the IceLock password correctly, the IceLock status information is complete and correct. If you do not enter it correctly, the IceLock status is incomplete and your files are not available.
Since the IceLock password is isolated from encryption and, as noted below, monitored for login failures, you do not have to use a complex password to protect your data.
IceLock guards against the following attacks on your data or computer:
Brute force password guessing Since the IceLock agent knows how many times someone enters their Windows or IceLock passwords, IceLock can take protective action if a hacker gets the password wrong too many times.
This is controlled by the IceLock servers and can be adjusted from 4 to 21 password failures.
Windows password changing If a hacker logs into Windows as you, they still have to guess your IceLock password to access your data. Since the IceLock password is isolated from Windows, the hacker has to start over again trying to guess. And since the IceLock password is monitored for login failures, the hacker only has a few tries before protective action is taken.
Moving the hard disk to a different computer If a hacker takes your hard disk out of your computer and puts it in another computer, the computer information that was required to unlock the encryption key is gone.
In every instance, IceLock's protection of the encryption key keeps the hacker from getting access to your files.
IceLock's Protective Action
The IceLock agent is pre programmed to protect access to your files if a threat is apparent. By monitoring password failures from Windows or IceLock, the agent can destroy elements of the protection key by deleting IceLock data and status. Since the IceLock data and IceLock status are derived from the IceLock servers, IceLock can regenerate the protection key if this happens inadvertently.
With the protection key destroyed, a hacker cannot gain access to your encryption key and thus cannot access your data files.
In the case of a lost or stolen laptop, you can make a choice on the IceLock website. You can choose to have the IceLock agent automatically destroy the protection key as it does in hack attempts or you can instruct the IceLock agent to securely delete your data. Only you can select data destruction, IceLock will never destroy your data.
Communication with the IceLock Servers
The IceLock agent automatically attempts to communicate with the IceLock servers once an hour. When the agent communicates it checks in to see whether there is any change in the protection policies, whether the computer has been listed as lost or stolen and what actions should be taken. In addition, a password change can be initiated for your IceLock password.
The status information downloaded from the IceLock servers is cached on the laptop. This allows the agent to function identically whether online or offline.
The next thing the agent does is to send any status updates to the IceLock servers. Did the agent take protective actions, when and what actions occurred and what IP address is the computer calling in from. In the case of too many password failures, IceLock will automatically generate an email to the technician alerting them to a potential threat against the computer.
The IceLock agent cannot access any data on the computer except for status data. All communications are carried out via SSL and are fully authenticated.
Managing IceLock is as simple as logging into a website. With no servers to buy or build, you can be fully functional with IceLock in a matter of minutes.
You determine how many password failures or how many days offline will trigger a protective action. You can also change the user's IceLock password which will take affect the next time their computer communicates with the IceLock servers. You can also set a warning to occur if the user is failing their IceLock password too many times. These policies can be set globally or individually.
These policies are automatically updated on computers each time they communicates with the IceLock servers.
Report a Computer Lost or Stolen
When you are logged into the IceLock servers it is just a click to list a computer as lost or stolen. By default a lost computer will destroy the protection key when the computer comes online. You can select to have the data deleted if you prefer. Data deletion is performed to military specifications with a multi pass wipe of the encrypted data.
Restore Access to Files
If IceLock takes protective action or you have listed a computer as lost and you have not requested data deletion, you can always recover access to the data. When you log into the IceLock servers you will get a visual indication of computers that have had multiple login failures by the red text and computers listed as lost are in green text. A click is all it takes to fix disabled access. The user resets IceLock from a menu and they are back to work!
If a computer has been offline more than the allowed number of days and has not been listed as lost or stolen, the IceLock servers will automatically regenerate the IceLock data and enable access once the computer comes online. If the computer has been lost it should be registered so if it does come online it will take protective action.
IceLock automatically accumulates information on actions requested from the management server and actions taken by computers. You can run a report that shows the computer an action occurred on, date and time an action was requested, date and time the action was taken, the status of the request and the IP address of the computer.
IceLock also provides a complete inventory of software, hardware and services on every protected computer.