Data Security
- Pre-boot authentication using password, fingerprint or Token; optionally applicable on up to eight OS partitions:
- Organization-specific password rules
- Optional Token or fingerprint authentication
- Comprehensive encryption capabilities:
- Full or partial hard disk encryption, independent of file system (e.g., NTFS, FAT)
- External media encryption (e.g., diskettes, Zip and Jaz disks, USB memory sticks)
- Sophisticated and efficient encryption algorithms:
- AES (256 and 128 bit), IDEA (128 bit) and others
- Secure key management: enciphering key dynamically generated from the password entered—not stored on disk
- Secure hibernation:
- Encryption of Suspend to Disk mode (hibernation image)
- Authentication after resume
- Use of TPM chip for encryption key generation and authentication procedure (e.g., IBM ESS support)
- Integrated Boot Manager to support multiple operating systems and/or secured/unsecured partitions on the same device
System administration
- Windows Installer (MSI)-based installation
- Optional central administration console:
- Queuing and distribution of configuration files to clients
- Central collection of client settings
- Remote management console for remote client management
- Scripting interface for automating administrative tasks
- Pre-boot event logging
- Secure Wake-On-LAN mode
Ease of use
- Single sign-on to the operating system
- Automated encryption without user intervention
- Efficient algorithms—negligible performance impact
- Secure and powerful challenge/response procedure to reset forgotten passwords without the need for an online connection
Interoperability
- Certified compatible with Lenovo Rescue and Recovery (RnR)—allows RnR to back up and restore data to SGE-encrypted hard disks (even a complete restore of the operating system)
- Compatible with Computrace from Absolute Software to locate stolen notebooks (one of Lenovo’s TVTs, new CT version required)
- Compatible with all leading software distribution tools (e.g., LANDesk)
- RSA SID800, Aladdin eToken PRO (32KB, 64KB or NG-OTP) or VeriSign USB token for pre-boot authentication
- Pre-boot fingerprint authentication on Lenovo PCs and notebooks (5x, 6x Series and external reader)
System requirements
Hardware
- PC with Intel Pentium or similar
- Minimum 25MB free hard disk space
- RSA SID800
- Aladdin eToken PRO, Aladdin eToken NG-FLASH and NG-OTP (all with CardOS)
Operating system
- Microsoft Windows XP/2000 (latest Service Packs)
- Microsoft Windows 2003 Server Standard Edition
Network
- All Microsoft-supported networks
Certifications
- Common Criteria EAL3
- FIPS 140-2
- NATO restricted
- Aladdin eToken enabled
- RSA secured
- EnCase compatible
Interfaces
- Scripting API to automate repetitive administration tasks
Standards/protocols
- PKCS #11, AES (256 and 128 bit), Rijndael (256 bit), IDEA (128 bit), DES (56 bit), 3DES (168 bit), Blowfish-8/16 (256 bit), Stealth-40 (40 bit)
Language versions
