User Guide
IronKey Workspace
Models: W500
Updated: September 2013
PAGE 1IRONKEY WORKSPACE W500 USER GUIDE
Thank you for your interest in IronKey™
Workspace W500 by Imation.
Imation’s Mobile Security Group is committed
to creating and developing the best security
technologies and making them simple-to-use and
widely available. Years of research and millions of
dollars of development have gone into bringing this
technology to you.
We are very open to user feedback and would
appreciate hearing about your comments,
suggestions, and experiences with this product.
Feedback:
securityfeedback@imation.com
User Forum:
https://forum.ironkey.com
PAGE 1IRONKEY WORKSPACE W500 USER GUIDE
CONTENTS
About my device...........................................3
IronKey Workspace W500 ................................................3
How is it different than a regular ash drive? .................................3
What systems can I use it on? .............................................4
Device Security........................................................5
Product specications....................................................5
Recommended best practices .............................................6
About IronKey Control Panel..............................................6
Start the Control Panel..................................................7
How do I...? ...............................................8
Set up the host computer.................................................8
Set the host computer to boot from USB....................................8
Set up the device........................................................8
Activate a managed device...............................................9
Start the secure Workspace for the rst time................................10
Access the secure Workspace ............................................10
Boot from the device to access the secure Workspace .........................10
Unlock and lock the device ..............................................11
Unlock device ........................................................11
Lock device..........................................................11
Unplug the device .....................................................12
Access my device if I forget my password ...................................12
Change my password ...................................................13
Update my device .....................................................13
Find information about my device .........................................13
Manage my online account settings ........................................14
Change device nickname ...............................................14
Manage account settings ..............................................14
Where can I get Help? ....................................16
For more information...................................................16
To contact support ....................................................16
PAGE 2IRONKEY WORKSPACE W500 USER GUIDE
About my device
IronKey Workspace W500
IronKey Workspace W500 is a trusted, secure USB ash drive. The Microsoft-certied
Windows To Go device, IronKey Workspace W500, allows you to use virtually any computer
as your own secure personal workspace, capable of using all host system resources. Your
IronKey Workspace W500 device contains a fully functional version of Windows 8.
If your device is managed by IronKey Enterprise Server, you will receive update notications
and policy changes for the device when the device connects to the server. The IronKey Control
Panel application lets your device communicate with the IronKey Enterprise Server.
This guide refers to two different device environments:
» Host environment—Also called the “non-boot environment”. Describes the scenario when
you are using the operating system of the host computer and the device is just a USB device
and is not booted into Windows To Go.
» Secure Workspace—Describes when you boot the Windows To Go operating system on the
device.
How is it different than a regular ash drive?
Hardware Encryption
Inside your device is the IronKey Cryptochip, which protects your data to the same level as
highly classied government information. This security technology is always on and cannot be
disabled.
Password-Protected
Unlock the device with a password using the Unlocker software that is carried on the device.
Do not share your password with anyone. That way, even if your device is lost or stolen, no one
else can access your data.
Self-Destruct Sequence
If the Cryptochip detects physical tampering by a hacker, or if a specied number of consecutive
incorrect password attempts have been entered, it initiates a permanent self-destruct sequence
that securely erases all onboard data using ash-trash technology—so remember your
password.
PAGE 3IRONKEY WORKSPACE W500 USER GUIDE
Simple Device Management
Your device includes the IronKey Control Panel, a central management area for editing
your preferences, changing your device password and safely locking your device. For more
information about the IronKey Control Panel, see “About IronKey Control Panel” on page 6.
Waterproof and Tamper-Resistant
Designed to survive the extremes, IronKey Workspace W500 has a rugged metal encasing that
is injected with an epoxy compound that makes it not only tamper-resistant, but waterproof to
military specications (MIL-STD-810F).
What systems can I use it on?
» Windows
» Windows
PCs that are certied for use with Windows 7 or Windows 8 can be congured to boot directly
from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to
boot from USB.
NOTE: The computer must have a USB 3.0 or 2.0 port for high-speed data transfer. A USB 1.1
port or powered hub will also work, but will be slower. Each computer must be congured to
allow you to boot an operating system from a USB device. For more information, see “Set up
the host computer” on page 8.
®
8
®
7
How secure is it?
IronKey Workspace W500 has been designed from the ground up with security in mind. A
combination of advanced security technologies are used to ensure that only you can access
your data. Additionally, it is a physically secure device, to prevent hardware-level attacks and
tampering, as well as to make the device rugged and long-lasting.
The IronKey Cryptochip is hardened against physical attacks such as power attacks and bus
snifng. It is physically impossible to tamper with its protected data or reset the password
counter. If the Cryptochip detects a physical attack from a hacker, it destroys the encryption
keys, making the stored encrypted les inaccessible.
We strive to be very open about the security architecture and technology that we use in
designing and building this product. We use established cryptographic algorithms, we develop
threat models, and we perform security analyses (internal and third party) of our systems all the
way through design, development and deployment.
PAGE 4IRONKEY WORKSPACE W500 USER GUIDE
DEVICE SECURITY
Data Encryption Keys
» AES key generated by onboard Random Number Generator
» AES key generated at initialization time and encrypted with hash of user password
» No backdoors: AES key cannot be decrypted without the user password
» AES key never leaves the hardware and is not stored in NAND flash
Data Protection
» Windows To Go partition is not accessible until password is verified in hardware
» Password try-counter implemented in tamper-resistant hardware
» Once password try-count is exceeded, all data is erased by hardware
» Secure box architecture accessible only to firmware to store sensitive data and settings
Device Password Protection
» USB command channel encryption to protect device communications
» Password-in-memory protection to protect against cold-boot and other attacks
The device password is hashed using salted SHA-256 before being transmitted to the device
rmware over a secure and unique USB channel. It is stored in an extremely inaccessible
location in the protected Cryptochip hardware. The hashed password is validated in hardware
(there is no “getPassword” function that can retrieve the hashed password), and only after the
password is validated is the AES encryption key decrypted. The password try-counter is also
implemented in hardware to prevent memory rewind attacks. Typing your password incorrectly
too many times initiates a permanent “ash-trash” self-destruct sequence, which is run in
hardware rather than using software, ensuring the ultimate protection for your data.
Product specications
For details about your device, see “Device Info” in the IronKey Control Panel settings.
Specication Details
Capacity* Up to 32GB, 64GB, 128GB
Dimensions 82mm X 21.1mm X 9.1mm
Weight 1.12 oz (32 grams)
Operating Temperature 0C, 70C
Operating Shock 16G rms
Hardware Encryption • Data: 256-bit AES (CBC mode)
• Hardware: 256-bit AES
• Hashing: 256-bit SHA
PAGE 5IRONKEY WORKSPACE W500 USER GUIDE
Loading...