Ecos SECURE BOOT STICK XS Use and care manual
Administrator Manual (English)
ECOS SECURE BOOT STICK [SX]+[FX]
Hardware
Revision 0101
Sep 2018 DE/Dec 2018 EN
ECOS TECHNOLOGY GMBH
www.ecos.de
© by ECOS Technology GmbH 2000 - 2018
Reproduction, distribution and utilization of this document as well as
the disclosure of its content are prohibited unless expressly permitted.
Offenders will be held liable for the payment of damages. All rights
reserved in the event of a patent grant or utility model registration.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
4 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1 Functionalities of ECOS SECURE BOOT
STICK [SX/FX]
Besides the boot stick software itself, ECOS SECURE BOOT STICK [SX/FX] also
contains a hardware-encrypted data safe which can be used to store data securely.
The stick can be accessed from any operating system and doesn’t require any
installation of software. Both features require a smartcard, which is also included.
A range of functions, accessible through the stick’s keyboard, allow to administrate
data safe and smartcard. Besides securing the boot stick, the smartcard is also used
to encrypt the data safe. During Easy Enrollment, the stick is tied to the smartcard
and can, from then on, only be used in combination with this smartcard. The boot
stick and/or the data safe can only be used after this coupling of the ECOS SECURE
BOOT STICK by Easy Enrollment. (For a description of Easy Enrollment cf. ECOS
SECURE BOOT STICK User or Administrator Guide.)
All functions are secured by PIN. There are three PIN in total. The smartcard PIN
secures the smartcard. This is a prerequisite to start ECOS SECURE BOOT STICK
and access the data safe. The SO PIN allows to reset the smartcard PIN. There is
also an admin PIN which is independent from the smartcard and necessary to
administrate the stick.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 5
1.1 Connecting ECOS SECURE BOOT STICK [SX]
To use ECOS SECURE BOOT STICK, it is necessary to connect it to the computer by
using the enclosed adapter cables for USB-A, USB-B or USB-C.
Once the stick is plugged in and connected, the ECOS key first lights white, then
flashes green briefly to signalize that the stick’s smartcard has been detected,
finally lights white again.
If there’s no smartcard in the tray, if it hasn’t been inserted correctly or turns out
unreadable, the ECOS key will flash red. In this case, disconnect it from the
computer, insert the smartcard correctly, then reconnect the stick.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
6 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1.2 ECOS SECURE BOOT STICK [SX/FX] Keys
ECOS SECURE BOOT STICK [SX/FX] has 13 keys.
• The ECOS key calls up the menu.
•Thekey confirms an entry.
• The X key cancels an entry.
• The 10 numeric keys [0-9] select the function in menu mode or allow a PIN
entry.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 7
1.3 ECOS Keys — Functions and Colors
The ECOS key calls up the stick functions. It changes color according to the
respective status of the stick or the function that has been selected.
1.3.1 Colors during Operation
Normally, the ECOS key lights in different colors. The color signalizes the stick’s
status.
• white, the boot stick is inactive and write-protected, the data safe is deacti-
vated.
• orange, the boot stick is active, but write-protected, the data safe is deacti-
vated.
• yellow, the boot stick is fully active, the data safe is deactivated.
• purple, the boot stick is fully active, the data safe is unlocked, but write-
protected.
• green, the boot stick is fully active, the data safe is fully unlocked.
• magenta, the data safe is unlocked, but write-protected. The boot stick
isn’t active.
• light green, the data safe is fully unlocked. The boot stick isn’t active.
1.3.2 How to Execute Functions
The ECOS key calls up different functions.
• Pressing the ECOS key activates the menu mode.
ECOS key lights blue.
• Now a digit must be entered to select a function.
ECOS key lights in the color of the function (see below).
• Pressing the key confirms the function.
ECOS key lights in the color of the function (see below).
• The menu mode can be canceled by pressing the X key.
ECOS key shortly lights orange.
After pressing the ECOS key and selecting a function with a numeric key, the ECOS
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
8 ECOS SECURE BOOT STICK | SX/FX HARDWARE
key lights in different colors according to the activated function:
• green, to unlock the data safe (key 1);
• magenta, to activate read access for the data safe (key 2);
• light green, to activate writing access for the data safe (key 2);
• yellow, to change the smartcard PIN (key 3);
• light blue, to reset the smartcard PIN (key 4);
• orange, to generate a new DEK (key 7);
• light green, to set the storage timeout (key 8);
• purple, to change the stick’s admin PIN (key 9);
• red, to reset the coupling of smartcard and stick (key 0).
The different functions are described in detail hereafter.
1.3.3 Colors of PIN Entry
For security reasons, the different functions are protected by PIN. The ECOS key
flashes in different colors according to the PIN entry:
• ECOS key flashes yellow when the smartcard PIN is required.
• ECOS key flashes light blue when the SO PIN is required.
• ECOS key flashes magenta when the stick’s admin PIN is required.
1.3.4 Colors after PIN Entry
The ECOS key always lights briefly after PIN entry.
• green, when the PIN entry is correct.
• red, when the PIN entry is incorrect.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 9
1.4 Activating the Stick
ECOS SECURE BOOT STICK [SX] offers two functionalities. Onone hand it’s aboot
stick that allows to work on a distant server, on the other hand it’s a data safe
providing a secure, encrypted data storage.
1.4.1 Use as Boot stick
When the stick is connected and the computer turned on, the ECOS key first lights
white, then flashes green briefly to signalize that the smartcard is tied to the stick,
finally lights white again. ECOS SECURE BOOT STICK is now ready to be booted.
When the smartcard PIN is required on startup, the ECOS key flashes yellow. After
PIN entry, the ECOS key briefly lights orange to signalize that the smartcard is
released, then yellow once the boot stick is operating. If the data safe is being
unlocked during operation, the color will change accordingly.
see „1.3.1 / Colors during Operation" on page 7
1.4.2 Use as Date Safe
When the stick is connected, the ECOS key first lights white, then briefly flashes
green to signalize that the smartcard is tied to the stick, finally lights white again.
The data safe can now be unlocked.
see „1.5 / Data Safe Functions" on page 10
Just like other removable storage devices, the data safe should be removed
securely after use to ensure that the operating system has written all data
thoroughly.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
10 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1.5 Data Safe Functions
Two drives appear when the stick is connected to a computer. These drives are
used for the internal organization of the stick and should not be used to store data
as they are unencrypted.
The data safe must first be unlocked for a secure data storage.
see „1.5.1 / Unlock Data Safe | Key 1" on page 11
Once unlocked, another drive appears. This drive is hardware-encrypted and
allows to store data in a secure way. For a better differentiation, this drive is named
„DATENSAFE“ in the delivery state.
When the stick is disconnected or the computer turned off, the access to the data
safe is locked again. It is also possible to use the option „Storage Timeout“ to set a
specific lapse of time after which the data safe will be locked automatically.
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 11
1.5.1 Unlock Data Safe | Key 1
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 1 to select the function that allows to unlock the data safe.
ECOS key lights green.
3. Press key to confirm.
ECOS key flashes yellow.
4. Enter smartcard PIN.
ECOS key flashes yellow during entry of smartcard PIN.
5. Press key to confirm.
ECOS key briefly lights green when the smartcard PIN is correct, red if the
smartcard PIN is wrong.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
1
Press Key Status
Step #
1
4
2
3
3
3
5
09
-
Smartcard-PIN
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
12 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1.5.2 (De)activating Writing Access for the Data Safe | Key 2
Key 2 allows to switch the data safe from read-only access to writing access. When
the writing access is deactivated, the data safe content can be read, but not
modified. This is particularly recommended when the data safe is operated on
unknown devices to prevent any malware from manipulating the data safe’s
content.
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 2 to activate the data safe.
ECOS key lights magenta if the data safe is only active for read-access.
ECOS key lights green if the data safe is active for write-access.
3. Press key to confirm.
ECOS key flashes yellow.
4. Enter smartcard PIN.
ECOS key flashes yellow during entry of the smartcard PIN.
5. Press key to confirm. ECOS key briefly lights green when the smartcard
PIN is correct, red if the smartcard PIN is wrong. The ECOS key then lights
in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
2
Press Key Status 1 Status 2
Step #
1
4
2
3
3
3
5
09
-Smartcard-PIN
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 13
1.6 Functions for Smartcard PIN
1.6.1 Change Smartcard PIN | Key 3
The smartcard PIN can be modified with key 3. The PIN should have 4 to 15 digits.
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 3 to select the function that allows to change the smartcard PIN.
ECOS key lights yellow.
3. Press key to confirm.
ECOS key flashes yellow.
4. Enter smartcard PIN.
ECOS key flashes yellow during entry of the smartcard PIN.
3
Press Key Status
Step #
1
4
2
3
3
3
5
Smartcard-PIN
6
3
7
8
3
9
09
-
09
-
09
-
Smartcard-PIN
new
Smartcard-PIN
new
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
14 ECOS SECURE BOOT STICK | SX/FX HARDWARE
5. Press key to confirm.
ECOS key briefly lights green if the smartcard PIN is correct, then the ECOS
key flashes yellow again.
ECOS key briefly lights red if the smartcard PIN is wrong. The modification
is canceled. The ECOS key then lights in a color according to the stick’s sta-
tus.
see „1.3.1 / Colors during Operation" on page 7
6. Enter new smartcard PIN.
ECOS key flashes yellow during entry of the new smartcard PIN.
7. Press key to confirm.
ECOS key briefly lights green if the new smartcard PIN is correct, then the
ECOS key flashes yellow again.
ECOS key briefly lights red if the new smartcard PIN is wrong. The modifi-
cation is canceled. The ECOS key then lights in a color according to the
stick’s status.
see „1.3.1 / Colors during Operation" on page 7
8. Enter new smartcard PIN a second time.
ECOS key flashes yellow during reentry of the new smartcard PIN.
9. Press key to confirm.
ECOS key briefly lights green if the new smartcard PIN has been accepted,
red if the modification of the smartcard PIN wasn’t successful.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 15
1.6.2 Reset Smartcard PIN | Key 4
If the user has forgotten the smartcard PIN, this function allows to reset it with the
SO PIN (comparable to a PUK).
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 4 to reset the smartcard PIN.
ECOS key glows light blue.
3. Press key to confirm.
ECOS key flashes light blue.
4. Enter SO PIN.
ECOS key flashes light blue during entry of the SO PIN.
5. Press key to confirm.
ECOS key briefly lights green if the SO PIN is correct, then the ECOS key
flashes yellow.
4
Press Key Status
Step #
1
4
2
3
3
3
5
6Smartcard-PIN
new
3
7
8
3
9
09
-
09
-
09
-
SO-PIN
Smartcart-PIN
new
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
16 ECOS SECURE BOOT STICK | SX/FX HARDWARE
ECOS key briefly lights red if the SO PIN is wrong. The modification is can-
celed.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
6. Enter new smartcard PIN.
ECOS key flashes yellow during entry of the new smartcard PIN.
7. Press key to confirm.
ECOS key briefly lights green if the new smartcard PIN is correct, then the
ECOS key flashes yellow again.
ECOS key briefly lights red if the new smartcard PIN is wrong. The modifi-
cation is canceled.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
8. Enter new smartcard PIN a second time.
ECOS key flashes yellow during reentry of the new smartcard PIN.
9. Press key to confirm.
ECOS key briefly lights green when the smartcard PIN is correct, red if the
smartcard PIN has been reentered wrongly.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 17
1.7 Administration Functions
1.7.1 Generate New DEK (Data Encryption Key) | Key 7
The Data Encryption Key encrypts the content of the data safe. When a new key is
generated, the whole content of the data safe will be deleted and irremediably lost.
The data safe’s drives must be reformatted afterwards.
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 7 to select the function that allows to generate the DEK.
ECOS key lights orange.
3. Press key to confirm.
ECOS key flashes yellow.
4. Enter smartcard PIN.
ECOS key flashes yellow during entry of smartcard PIN.
5. Press key to confirm.
ECOS key briefly lights green when the smartcard PIN is correct, red if the
smartcard PIN is wrong.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
7
Press Key
Step #
1
4
2
3
3
3
5
09
-
Smartcard-PIN
Status
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
18 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1.7.2 Set Storage Timeout | Key 8
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 8 to start processing.
ECOS key turns light green.
3. Press key to confirm.
ECOS key flashes magenta.
4. Enter stick admin PIN for authentication.
ECOS key flashes magenta on admin PIN entry.
8
Press Key Status
Step #
1
4
2
3
3
3
5
6
3
7
09
-
09
-
current
Admin-PIN
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 19
5. Press key to confirm.
ECOS key briefly lights green if the stick’s admin PIN is correct, then the
ECOS key lights blue.
ECOS key briefly lights red if the stick’s admin PIN is wrong. The process is
cancelled.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
6. Enter a number from 0 to 30 to set the desired storage timeout in seconds.
ECOS key lights blue during entry.
7. Press key to confirm.
ECOS key briefly lights green if the modification was successful.
ECOS key briefly lights red if the modification couldn’t be performed.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
20 ECOS SECURE BOOT STICK | SX/FX HARDWARE
1.7.3 Changing Stick’s Admin PIN | Key 9
The admin PIN secures the storage timeout, a new DEK and the coupling. Every
stick has an individual admin PIN that can be modified by this function. The admin
PIN must have 4 to 12 digits.
Following steps must be performed:
1. Press ECOS key to access the menu mode.
ECOS key lights blue.
2. Press key 9 to select the function that allows to change the stick’s admin
PIN.
ECOS key lights magenta.
3. Press key to confirm.
ECOS key flashes magenta.
4. Enter present admin PIN.
ECOS key flashes magenta on admin PIN entry.
5. Press key to confirm.
9
Press Key Status
Step #
1
4
2
3
3
3
5
current
Admin-PIN
6new
Admin-PIN
3
7
8new
Admin-PIN
3
9
09
-
09
-
09
-
Functionalities of ECOS SECURE BOOT STICK [SX/FX]
ECOS SECURE BOOT STICK | SX/FX HARDWARE 21
ECOS key briefly lights green if the stick’s admin PIN is correct, then the
ECOS key flashes magenta.
ECOS key briefly lights red if the stick’s admin PIN is wrong. The process is
cancelled.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
6. Enter new stick admin PIN.
ECOS key flashes magenta during entry.
7. Press key to confirm.
ECOS key briefly lights green if the new admin PIN is correct, then the
ECOS key flashes magenta.
ECOS key briefly lights red if the new admin PIN is wrong. The process is
cancelled.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
8. Enter new admin PIN a second time to confirm.
ECOS key flashes magenta during entry.
9. Press key to confirm.
ECOS key briefly lights green when the new admin PIN is correct, red if the
new admin PIN has been reentered wrongly.
The ECOS key then lights in a color according to the stick’s status.
see „1.3.1 / Colors during Operation" on page 7
This manual suits for next models
1
Table of contents
