SafeGuard Easy
This solution currently does not support the latest revision of RSA SecurID
800 tokens, which is revision D.
Partner Information
Product Information
Partner Name Utimaco Safeware AG
Web Site www.utimaco.com
Product Name SafeGuard© Easy
Version & Platform 4.50.3
SafeGuard© Easy is a sector based hard disk encryption combined with
a secure pre-boot user authentication.
SafeGuard Easy© uses transparent encryption to protect the
confidentiality of data that is stored on hard disks, floppy disks and
removable media in a simple and effective manner. Different algorithms
Product Description can be selected for encrypting different media, which include AES,
Rijndael, XOR, STEALTH-40, IDEA, BLOWFISH, DES and 3DES.
Pre-boot Authentication can either be performed by user ID /
password or optionally with a security token (2-factor
authentication), such as the RSA SID800 token.
Product Category Disk/File Encryption
This solution currently does not support the latest revision of RSA SecurID
800 tokens, which is revision D.
Page: 1
Solution Summary
SafeGuard© Easy uses the RSA Security SID800 Token to perform a two-factor pre-boot authentication,
and to derive the disk (media) encryption key from data stored on the token.
For pre-boot authentication the token is accessed directly via low-level communication, without the use of
any RSA middleware. Low-level communication is achieved by the implementation of the following two
software components:
Utimaco built and supported 16bit real-mode CCID driver developed to support the “reader part” of the token.
Utimaco developed interface to the SID800 “smartcard” via APDU (Application Protocol Data Unit) commands to
access the private container applet.
Page: 2
Product Configuration for Interoperability
Prerequisites
Interoperability between SGE 4.50.3 and the RSA SID800 is dependant on the successful application of
the SafeGuard Easy Token Add-On RP. Please contact Utimaco for details on obtaining this release
pack.
Run the SafeGuard Easy setup program and use following install option users to authenticate with an
RSA SID800 authenticator.
1. Select Next.
Page: 3
2. Select “Partitioned Mode” and “Next”.
3. When prompted, restart the PC and run the Utimaco Configuration File Wizard.
4. Under “General”, Change the Token Logon option to “RSA SID800 Token”.
5. Under “General”, Set Password at system start (PBA) to “Yes”.
Page: 4
6. Under “Encryption” set accordingly. For testing and proofs of concept it’s recommended you leave these settings
“Not Configured”. They can be turned on once authentication is working correctly.
7. Leave user settings as is for now. You’ll be prompted for a password when you hit next. Enter the passwords for
the System and User. Remember both passwords.
Page: 5
8. Select Install. Restart the PC when prompted.
Page: 6
9. Open the Utimaco administration console via the Start Menu.
Page: 7
Pre-Boot Authentication Process
During the next logon, you will be prompted for the Token Password first and then for a username and
password. As this user is required to authenticate with a SecurID USB authenticator, you’ll see the
following take place:
The pre-boot application will ask you to provide the Token Password to unlock the SID800. The
application will then ask for the username and password used when setting up the account within
SafeGuard Easy Administration.
Subsequent logins will require that the user provide only the pin to logon to the pre-boot environment
provided the token is inserted into the USB port.
Page: 8
Certification Checklist for 3rd Party Applications
Page: 9