U.S. National Security Agency Approves SPYRUS Hydra PC as First Commercial USB Encryption Device to Protect Classified Information

Approval Permits Organizations to Safely Transport Classified Data on a Portable
USB Encryption Drive Using Suite B On Board
SAN JOSE, Calif.--(Business Wire)--
SPYRUS, Inc. today announcedthat the patented SPYRUS Hydra Privacy Card Series
II (Hydra PC) Personal Encryption Device is the first and only commercially
available Suite B On Board encryption product that is approved to protect
tactical data in accordance with CNSS Instruction 4009 at the SECRET level and
below, when used with the approved operational security doctrine. Continuing its
innovation and leadership in the field of high-assurance security products, the
SPYRUS Hydra PC successfully completed a detailed review by the National
Security Agency (NSA) against strict security requirements for protecting data
at rest in a personal USB memory device. No other commercial-off-the-shelf
(COTS) personal USB encryption device has ever passed such a groundbreaking
review or met these strict security requirements. The Hydra PC is also validated
to FIPS 140-2 Level 3. 

Until today, government and business organizations handling classified data were
limited to expensive Type-1 encryption devices. As the only approved
commercially available USB encryption product, the pocket-sized Hydra PC is an
extremely cost-effective alternative to Type 1 products for securing classified
data. It is exempt from Type-1 device lifecycle procedures-and the personal
liabilities for mishandling Type-1 products-and it requires no Controlled
Cryptographic Item (CCI) approvals or auditing. This gives organizations a
flexible, easy-to-use mechanism to protect and transport tactical data at the
SECRET level. 

The Hydra PC is not limited to protecting classified data. It can also be used
by government and commercial organizations to protect valuable data and
personally identifiable information, with the strong security used to protect
classified data. 

In order to meet NSA requirements for classified use, the Hydra PC implements
advanced COTS security features. Hydra PC encrypts data on an individual
file/folder basis, which provides much stronger security than standard
sector-based encryption. It uses the strongest commercially available
cryptographic algorithms (ECC P-384, AES-256 and SHA-384) to hash, compress,
encrypt, digitally sign, and seal individual files and folders. 

All encryption is performed in hardware within a tamper-resistant security
boundary. Private keys cannot be imported, exported, or corrupted. The advanced
hardware-based security protects against sophisticated hacker attacks. For added
security against "brute-force" attacks, the Hydra PC permanently deletes the
encryption keys after 10 incorrect PIN entries, rendering the encrypted data
undecipherable. 

Use of the Hydra PC can be limited to administrator-authorized computers within
a defined enclave, preventing removal of sensitive data or unauthorized access
to the Hydra PC or its data. Even with the correct PIN, the encrypted data
cannot be decrypted outside of the secure enclave. 

"We are extremely proud to have worked very closely with NSA to qualify the
Hydra PC as a product secure enough to safeguard tactical data at the SECRET
level. The Hydra PC goes beyond conventional data encryption by uniquely
providing data containment through its advanced security techniques. AES
encryption alone, without equally strong key management and a secure
implementation, is just not good enough to protect sensitive data," said Tom
Dickens, SPYRUS Chief Operating Officer. "For the first time in history, NSA has
approved a personal USB memory device that every DoD or Federal employee and
contractor can purchase to protect tactical data at the SECRET level and below,
without the burden of Type-1 security paperwork and controls." 

About SPYRUS, Inc.

SPYRUS, Inc. provides high-assurance security technology for the U.S.
Government, industries required to comply with security regulations, and
everyday users who want the best protection for sensitive information. All
Secured by SPYRUS security technology is designed, developed, and manufactured
entirely in the USA. SPYRUS hardware and software support the strongest
commercially available cryptographic algorithms, including elliptic curve
cryptography (ECC) and AES-256, which exceed the U.S. Government Suite B
standard for SECRET data. SPYRUS holds patents in the U.S. and abroad that
enable peripheral device solutions for data-at-rest storage, secure
authentication, secure communication, and full disk encryption, as well as
patents relating to data protection and rights management for digital content.
SPYRUS, Inc. is headquartered in San Jose, California. See www.spyrus.com for
more information. 

SPYRUS, the SPYRUS logo, Hydra Privacy Card, Hydra PC, Suite B On Board and
Secured by SPYRUS are either registered trademarks or trademarks of SPYRUS,
Inc., in the U.S. and/or other jurisdictions. All other company, organization
and product names are trademarks of their respective organizations.

SPYRUS media contact:
Madison Alexander PR, Inc.
Dan Chmielewski, 714-832-8716
949-231-2965 (cell phone)
dchm@madisonalexanderpr.com



Copyright Business Wire 2009