Aegis Padlock DT User’s Manual Remember to memorize / save your authentication and recovery PINs in a safe place.
Table of Contents First-Time Use 4 LED States and Their Meaning 4 Locking the Drive 5 Unlocking the Drive 5 Admin Mode 5 Adding a New User PIN (Via Admin Mode) 6 Adding a New User PIN (Via User Forced Enrollment Mode) 6 Deleting the User PIN 7 Changing the User PIN 7 Changing the Admin PIN 7 Setting One-Time-Use Recovery PINs 8 Using One-Time-Use Recovery PINs 8 Setting Read-Only or Read / Write Modes from Admin Mode 9 Setting Read-Only or Read / Write Modes
Package contents • • • • Aegis Padlock DT FIPS AC Adapter USB 3.0 data cable (backwards compatible with USB 2.0) Quick Start Guide Aegis Padlock DT Quick Start Guide NOTE: if you are using the Aegis Configurator to set up your Padlock DT, First CONFIGURABLE ensure that the device has the “configurable” logo on the belly label.
First-Time Use Before you begin, ensure that the USB cable is connected, the power cable is connected to the drive and plugged into an outlet, and the power switch is turned ON. Each Aegis Padlock DT is shipped without a preset Personal Identification Number (PIN) installed on the device. A 6- to 16-digit Admin PIN must first be established before the drive can be used. This Admin PIN can be used to set any and all of the Admin Mode Features of the drive, as well as to access its data.
Unlocking the Drive Enter either a User PIN or Admin PIN and press the button. If the PIN is accepted, the GREEN LED will blink three times, then will rapidly blink for a short time, followed by steady glowing, indicating that it’s now unlocked and ready for use. If the PIN is incorrect, the RED LED will blink. Locking the Drive Press the CANCEL button. When successfully locked, The RED LED will glow steadily, indicating that it’s returned to its standby state.
Establishing a User PIN If no additional Users beyond the Admin will be permitted to access the drive’s data, disregard this page’s contents as it relates only to the “User” PINs. The Aegis Padlock DT can have one Admin and four additional Users, making a total of five authentication PINs. Adding a User is a perfect way to securely share the drive or deploy it for use where the Users do not require access to the drive’s Admin features.
Deleting the User PIN You can delete the User PIN by doing the following: 1. Enter the Admin mode. (Hold + 0 for five seconds. With the RED LED blinking, enter the Admin PIN and press the button.) The BLUE LED will now glow steadily. 2. Press the 7 + 8 buttons together for five seconds. The GREEN LED will blink three times and then will be followed by the RED and BLUE LEDs blinking alternately. 3. Press the 7 + 8 buttons together again for five seconds. The GREEN LED will glow steadily for two seconds.
Setting One-Time-Use Recovery PINs Gives the Admin the ability to set Recovery PINs that will allow a User to access data on the Padlock DT in the event of a forgotten PIN by creating a new state of User Forced Enrollment in which a new User PIN can be established without wiping any data off of the drive. The Admin can establish up to four one-time-use Recovery PINs. Once a Recovery PIN has been used to access the drive, it will no longer be available.
Setting Read-Only or Read / Write modes from Admin Mode With a large number of viruses and Trojans that attach themselves to USB devices, this feature is especially useful if you need to access data on the drive when used in a public setting. Additionally, Read-Only is an important feature for forensic applications, where data must be preserved in its original, unaltered state and can’t be overwritten or modified. The Admin can set the drive to a Read-Only mode for both the Admin and the Users.
Setting Read-Only or Read / Write From the User Mode This mode allows the User to set the Read / Write status of the drive without having access to the Admin functions. When the drive is unlocked in Read-Only mode the RED LED will blink once every three seconds while the GREEN LED will glow steadily. If the drive is set to Read-Only in the Admin mode, the User cannot override that setting. Only the Admin can return the drive to Read / Write Mode. To Set the Drive to Read-Only: 1.
Setting LED Flicker / Button Press Indicator Creates a flickering effect in LED lights indicating positive button presses 1. Enter the Admin mode. (Hold + 0 buttons for five seconds – with RED LED blinking, enter the Admin PIN and press the button.) The BLUE LED will glow steadily. 2. Once in the Admin mode, press 0 + 3 together to enable LED Flicker mode. 3. To disable LED Flicker mode, (while in Admin mode) press the 0 + 4 buttons together.
Setting a Self-Destruct PIN For certain users, it’s important to have a “last-resort” level of security where sensitive data falling into the wrong hands must be avoided. The Padlock DT’s Self-Destruct PIN defends against physically compromising situations by erasing the key’s contents, leaving it to look as if it never had any data written to it.
Aegis Padlock DT Brute-Force Protection What is Brute-Force Attack? A Brute-Force Attack is a means of breaching a cryptographic data defense scheme by systematically running an astronomical number of decryption possibilities. With AES 256 having never been cracked, the data stored on a Padlock DT is going to be more than well-protected against brute-force. But brute-force attacks aren’t necessarily aimed at the bulk of the data itself, but rather, at the drive’s access PINs.
Performing a Complete Reset NOTE: A complete reset will erase encryption keys and PINs and leave the Aegis Padlock DT in an unformatted condition. There may be circumstances (forgotten PIN, redeployment, return to factory default settings) when you need to completely reset the drive. The complete reset feature will perform a crypto-erase on the drive, generate a new encryption key, delete all users, and return all of the settings to factory default.
Initializing and Formatting the Aegis Padlock DT After a Complete Reset A complete reset of the Aegis Padlock DT will erase all information and partition settings. You will need to initialize and format the drive again after reset. To initialize your Padlock DT, perform the following steps: 1. After a complete reset, press + 9. The BLUE LED will glow steadily and the GREEN LED will be blinking. 2. Enter the new Admin PIN and press the button.
Hibernating, Suspending, or Logging Off from the Operating System Be sure to save and close all the files on your Aegis Padlock 3 before hibernating, suspending, or logging off from the Windows operating system. It is recommended that you lock the Aegis Padlock manually before hibernating, suspending, or logging off from your system. To log off the Aegis Padlock 3, double-click Safely Remove Hardware on the Windows desktop and remove the Aegis Padlock 3 from your computer.
Diagnostic Mode The keypad has a manual diagnostic mode built-in to verify proper keypad function and troubleshooting key issues. This mode will not allow access to any data or admin function. It can only be used to identify the firmware level and to test button recognition. To enter the diagnostic function: 1. From standby mode, press LOCK + 1, release, then press and continue to hold the 0 button as the RED and BLUE LEDs blink alternately. Once all three LEDs illuminate steadily, release the 0 button.
Lock-Override Mode Certain users may encounter a case where they need the drive to remain unlocked during a reboot, passing the device through a virtual machine or other similar situations which, under normal circumstances, would cause the drive to lock. To help facilitate this use case, “Lock-Override Mode” will allow the drive to remain unlocked through USB port re-enumeration and will not lock again until USB power is interrupted.
Troubleshooting This section contains troubleshooting information and FAQs for the Aegis Padlock 3. Q: What can I do if I forget the User PIN? A: Use your Admin PIN to enter the Admin Mode and create another User PIN. Additionally you may access the drive by enabling a recovery PIN and establishing a new USER PIN.
Quick Reference Guide for Programming Key Combinations Standby Mode • 7+6 = Read-Only On • 7+9 = Read-Only Off Cancel +1 then hold 0 = Diagnostic Mode User Mode • Unlock + 1 = Enter User PIN (from forced enrollment state) • Unlock + 3 = Set Self-Destruct PIN ADMIN Mode • Unlock + 0 = Enter Admin Mode • Unlock + 1 = Create User PIN • Unlock + 2 = not used • Unlock + 3 = Set Self Destruct PIN Admin or User setup • Unlock+ 4 = Set Minimum PIN length • Unlock + 5 = Set Brute Force Attempts
Technical Support Apricorn provides the following helpful resources for you: 1. Apricorn’s Website (http://www.apricorn.com) This gives you the ability to check for up-to-date information 2. E-mail us at support@apricorn.com 3. Or call the Technical Support Department at 1-800-458-5448 Apricorn’s Technical Support Specialists are available from 8:00 a.m. to 5:00 p.m.
© Apricorn, Inc. 2017. All rights reserved. 12191 Kirkham Road Poway, CA, U.S.A. 92064 1-858-513-2000 www.apricorn.
