Areas of application

The features of the Kobra VS storage devices (Kobra Stick VS and Kobra Drive VS) offer extensive possibilities for the secure storage, archiving and transmission of sensitive, personal and confidential information up to classification level EU RESTRICTED, NATO RESTRICTED and German VS-NfD.

The following application scenarios are also within the scope of the German VS-NfD-, NATO-Restricted and EU-Restricted approval by the German Federal Office for Information Security (BSI). Deviations from the described procedures must be approved by the German Federal Office for Information Security (BSI).

Data Defence Zone

  1. Interface control: VID (USB Vendor-ID), PID (Produkt-ID), SN (Serial number), DAK (Device Authentication Key)
  2. Host authentication: HAK (Host authentication key)Host authentication: HAK (Host authentication key)
  1. Secure exchange of data between protected systems
  2. To achieve this, interface control software (e.g. Microsoft group policies, itWess, ivanti, DriveLock, DeviceLock etc.) on all host systems is used to authorise only Kobra VS data storage devices for connection and data exchange by means of the USB parameters VID and PID
  3. In addition, access to only predefined Kobra VS data storage devices can be restricted via the USB parameter serial number. These measures already protect the systems in the KDZ.

Kobra Connect

  1. Kobra VS storage devices can be used with Kobra Connect as a smartcard reader with PIN pad or as an authentication token.
  2. Support of host and device authentication ensures that the storage device only works on authorized systems.
  3. Sensitive data remains accessible exclusively within protected IT environments.
  4. When connected to higher-ranked systems, the storage device automatically switches to read-only mode.
  5. As a boot device in Windows read-only mode, the storage device provides a portable, unchangeable, and tamper-proof system environment.

Host-Authentisierung

  1. Administrators can use Kobra Connect to specify which host systems are allowed to use the Kobra VS storage device.
  2. A Host Authentication Key (HAK) is stored in both the storage device and the host system.
  3. When connected, the storage device automatically checks whether the system is authorized and only then grants access.
  4. Unauthorized systems remain locked; this security setting cannot be changed by the user.
  5. Even if the VS storage device is lost or stolen, sensitive data is protected by host authentication.

Secure mobile workplace / remote working (e.g. Linux, Mac OS and Windows)

  1. Integrated power supply enables pre-boot authentication
  2. Encrypted installation of operating systems on Kobra VS storage devices
  3. Flexible change of purpose from laptop/PC
  4. pSLC memory recommended to ensure the longest possible lifespan
  5. When the storage device is disconnected from the PC, the data remains encrypted and is stored only on the Kobra VS storage device.
View supported operating systems

Simplified data transport

  1. Storage device is prepared by admin for access by sender and recipient.
  2. Cost-effective transport by parcel service provider instead of own staff

Geo-Redundant Backups

  1. Protects data against unauthorised access
  2. Secure backups of project-related notebooks
  3. Activation with your own smartcard or ID card
  4. VS storage device can be distributed geo-redundantly across different locations and objects.
  5. In an emergency, data or VMs can be made available immediately.
  6. Hardware write protection ensures the data integrity of the backup
  7. This means that connection to live systems is risk-free.

Use as data diode

  1. Activated write protection against unwanted leakage of information from higher classified systems to lower classified systems.
  2. Administrator can define two smartcards: Smartcard 1 for work in the NATO Restricted and EU Restricted area (read and write) and smartcard 2 for secret area (read only).

Log data from vehicles

  1. Log data from emergency vehicles (aircraft, helicopters, utility vehicles, ships) are stored on Kobra VS storage devices after use and transported for evaluation.

Two-factor authentication for:

  1. Kompatibilität des Kobra VS-Datenträger Smartcard-Readers mit allen CCID-fähigen Softwarelösung
  2. Kobra Smartcard kann mit zusätzlichen Zertifikaten und Schlüsseln über PKI-Lösungen beschrieben werden
  3. Funktion als Smartcard-Reader mit PIN-Pad, Reduzierung der benötigten Hardware-Komponenten für Endanwender
  4. Beispielhafte Einsätze des Kobra VS-Datenträgers umfassen die UEFI Preboot-Authentisierung für softwarebasierte Festplattenverschlüsselungslösungen wie R&S® Trusted Disk oder Utimaco DiskEncrypt VS-NfD, die sichere E-Mail-Verschlüsselung mit Softwareprodukten wie Cryptovision GreenShield oder GnuPG VS-Desktop sowie die Einrichtung sicherer VPN-Verbindungen mit Clients wie R&S® Trusted VPN Client, GenuConnect, NCP VS GovNet Connector oder TheGreenBow.

Read Only Windows / OS

  1. Activated write protection against unwanted leakage of information from higher-rated systems to lower-rated systems
  2. Faster booting due to flash memory
  3. no modification of system data possible
  4. Processed information is not persistently stored on the Kobra VS storage device at any time
  5. Easy update of the software systems by exchanging the storage devices via simple postal dispatch

Deposit of source code

  1. Contract-based software development requires secure storage of the source code.
  2. Storage of source code on Kobra VS storage devices
  3. Handing over the storage device to the client, no mountains of paper stacks necessary
  4. Deposit of the smartcard with a notary for access authorization in case of need
  5. Securing investments, business continuity, and intellectual property protection

Use as an encrypted boot device

  1. Integrated power supply enables pre-boot authentication
  2. Encrypted installation of operating systems on KOBRA VS storage devices
  3. Flexible change of use of laptop/PC Purpose of use
  4. For these purposes, Kobra VS storage devices with pSLC memory are recommended to ensure the longest possible service life.
  5. When the storage device is disconnected from the PC, data remains encrypted and stored only on the KOBRA VS storage device.

Server system migration

  1. Kobra Drive VS with up to 16TB storage on one storage device
  2. Protects data against unauthorised access
  3. Offers full control over sensitive and personal data
  4. Several Kobra VS storage devices can be operated with one smartcard
  5. Secure transport of data to new location

Secure Software Deployment

  1. Software is copied from the source system to the Kobra VS storage device and transported to the place of use/vehicle.
  2. The software/firmware is then transferred/installed/updated on the target system.
  3. Protection of the integrity and confidentiality of software systems and configurations during transport, especially in the case of larger physical distances.

Airgap bypass

  1. Activated write protection against unwanted leakage of information
  2. Administrator can define two smartcards: Smartcard 1 for work in the NATO Restricted Area (read and write) and smartcard 2 for VS-NfD Area (read only).

Increasing the level of protection for Kobra VS storage devices in the company

  1. The administrator can set security policies, e.g., number of allowed failed attempts, timeouts, read or delete rights.
  2. The lockout function determines whether the smartcard must remain in the VS storage device after authentication.
  3. Users cannot change these settings themselves.

Separation of storage device and authentication features

  1. Access only through the cooperation of three persons
  2. Distribution of authorizations: storage device (X), smartcard (Y), PIN (Z)
  3. Shared data transfer at the destination, no individual access possible

Use of fewer storage devices for a large customer base

  1. Cost-effective and secure data transport with just a few Kobra VS storage devices
  2. Individual smartcards per user with serial number and public key stored in the data center
  3. Smartcard table recreated for data exchange, old table deleted (admin PIN required)
  4. No need for time-consuming data deletion, as old data is protected by non-reconstructable cryptographic keys
  5. Flexible use of any VS storage device in the company by importing the smartcard table

Use of fewer storage devices in field service and at government agencies

  1. Personalized smartcard with individual cryptographic features for each field service employee
  2. Preparation of the Kobra VS storage device by deleting the old smartcard table and creating a new one
  3. Storage of data using the employee's own cryptographic keys
  4. Return and quick reallocation of the storage device for the next user, automatic deletion of old data
  5. Recommendation for prior deletion of the current crypto key by the employee

Operating multiple storage devices with just one smartcard

  1. Storing identical smartcard information on multiple Kobra VS storage devices via Kobra Client VS
  2. Use for data volumes exceeding the capacity of a single storage device by distributing the data across multiple storage devices
  3. Efficient use for frequent data exchange, daily dispatch with the same smartcard table possible

Use on different operating systems and smartphones

  1. Operating system-independent use thanks to hardware encryption and authentication, compatible with all USB devices
  2. Optimized power consumption for use with smartphones and tablets

Use as an authentication medium

  1. Secure storage of authentication features: user names, complex passwords, certificates, key pairs
  2. Configuration as a read-only storage device after saving authentication data
  3. Approval by administrator enables secure access without compromising corporate IT security

Use as a smartcard reader with PIN pad

  1. Use as a smartcard reader with PIN keypad or authentication token with PIN pad
  2. Using the Kobra Infosec smartcard for email encryption, VPN access, system login, and two-factor authentication
  3. Use of “Kobra Connect” on host systems required for smartcard reader function

Integration into existing smartcard and PKI infrastructures

  1. Integration of the Kobra VS storage device is possible when using smartcards such as Atos CardOS 5.0/5.3 or other VS-NfD-compliant cards.
  2. Integration into existing PKI infrastructures of public authorities or companies
  3. Use of employee ID card to activate storage device

Integration of existing software solutions

  1. Reuse of existing software solutions for external storage devices
  2. Supplementary use to enhance safety features and application possibilities

Use of VID, PID, SN, and DAK to protect company data

  1. Custom implementation of USB Vendor ID (VID) and Product ID (PID) possible
  2. Clear assignment of storage devices to departments/user groups via VID, PID, serial number, and DAK, with optional different permissions
  3. Control of USB ports to prevent unauthorized storage devices; additional software may be required

Data-Logging

  1. Connection to all information processing equipment, machines, and systems possible
  2. Direct, encrypted storage of log data without prior unencrypted temporary storage

Combined use with data locks

  1. Use of data locks such as PROVAIA, itWash, OPSWAT MetaDefender Kiosk, Hunna USB Sanitation System
  2. Checking mobile storage devices before transferring them to protected networks
  3. Restriction to certain Kobra VS storage devices for connection to internal networks
  4. Option to set Kobra VS storage devices to read-only mode after verification
  5. Combination with Kobra Defence Zone to ensure trustworthy network connections and block unauthorized storage devices

Password storage

  1. Secure storage of the password database in the encrypted memory of the Kobra VS storage device
  2. Access only after two-factor authentication via smartcard and PIN entry

Protection of sensitive data against accidental or unauthorized deletion

  1. Integration of a user with write permission for data entry
  2. Integration of a user without write authorization for transport and evaluation
  3. Disabling the function  “Can delete DEK” for both users

Remote management of VS storage devices with TOM system

  1. Central management system R&S® Trusted Objects Manager (TOM system) for data up to VS-NfD, EU & NATO RESTRICTED
  2. Remote management of Kobra VS storage devices for the military, government agencies, and businesses
  3. Central provision of storage devices via web interface and distributed endpoints
To the products

Windows® is a registered trademark of Microsoft Corporation.