LucidPort Chameleon Pro User manual

U.S. Patent Pending

Chameleon Pro

Master Device Manual

Chameleon Pro - Master Device Manual Doc# 100-03-100

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Contents

1 Introduction ............................................................................................................................. 1

2 Chameleon Pro Master Installation ......................................................................................... 1

2.1 Uninstalling ..................................................................................................................... 4

3 Chameleon Encrypted Drives: Protecting Your Data ............................................................ 4

4 Managing Users ...................................................................................................................... 7

4.1 Creating User Devices .................................................................................................... 7

4.1.1 User ID .................................................................................................................... 9

4.1.2 Passwords ................................................................................................................ 9

4.1.3 PC Lock ................................................................................................................ 10

4.1.4 AutoLogin ............................................................................................................. 10

4.1.5 Pagefile Encryption ............................................................................................... 10

4.2 User Logs ...................................................................................................................... 10

4.3 Using the Chameleon device with Multiple Computers ............................................... 11

4.4 Retiring Users .............................................................................................................. 12

4.4.1 Deleting User Drives............................................................................................. 12

4.4.2 Changing users with a Master ............................................................................... 13

4.4.3 Changing users with a Migration User Device ..................................................... 15

5 Duplicating a Master Device ................................................................................................ 17

6 Replacing a Master ............................................................................................................... 18

6.1 Updating User Devices ................................................................................................. 21

7 Encrypting Individual Files and Folders ............................................................................... 24

7.1 Encrypting Files ............................................................................................................ 24

7.2 Decrypting Files ............................................................................................................ 27

7.3 Migrating Encrypted Files ............................................................................................ 30

8 Changing Passwords ............................................................................................................. 32

9 Adding, Deleting, and Resizing Encrypted Drives ............................................................... 34

10 PC Lock ................................................................................................................................ 36

11 AutoLogin ............................................................................................................................. 37

12 Additional Functions and Limitations .................................................................................. 39

12.1 Display User Device Programming .............................................................................. 39

12.2 Windows Paging File .................................................................................................... 41

12.3 Safe Removal ................................................................................................................ 42

12.4 Backing up Data ............................................................................................................ 43

12.5 Using Multiple Chameleon devices with the Same Computer ..................................... 43

13 Limited Warranty and Legal Notices .................................................................................... 44

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 1

1 Introduction

Chameleon Pro protects the files on your PC with AES-256 encryption. Chamelon Pro differs

from other USB encryption devices by protecting the files on your hard disk rather than

transferring them to a USB device. Chameleon Pro creates an encrypted drive using the free

space in your hard disk. Files and applications stored in this encrypted drive are protected and

can only be accessed when the Chameleon device is plugged in. Like the key for your car, the

device acts like a physical key for your hard disk.

Chameleon Pro includes two types of devices: Masters and Users. User devices provide all of

the core Chameleon security features (encrypted drives, individual file encryption, etc.). Master

devices offer the same features in addition to being able to manage Users.

A Master can access, create, duplicate, set policies for, and lock out Users. While Users cannot

access data protected by other Users, the Master can access data protected by any User

associated with it. A Master can also manage its own independent, encrypted data.

The Chameleon Pro works with Windows XP, Vista, and Win7 based PCs.

2 Chameleon Pro Master Installation

1. Before installing the Chameleon software, make sure any previous versions of the

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 2

Chameleon are uninstalled. Uninstalling does not delete existing encrypted drives.

2. Insert the installation CD and run the Setup program.

1

(You can also download the setup

program from http://www.marathon6.com/chameleon.)

3. Click on the "Install" button to load the

software.

4. Insert your new Master device then press

"Start" to launch the installation wizard to

begin Master configuration. (User devices

are configured later)

5. Choose between A), B), or C)

A) Choose a Recovery Passphrase. This passphrase is used only for making duplicate copies

of your Master device (in case you lose it) and not used in normal operation. You can think of

the Recovery Passphrase as a password stored on the device itself.

Select a unique passphrase. Another Master with the same passphrase may be able to access

1

On some Windows7 computers, you may get a User Account Control warning that a program is trying to make

changes to the computer. Select “Yes” or “Install” if this occurs.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 3

your data. Once programmed, the Recovery Passphrase can never be changed.

A good passphrase is at least 16 characters long (the longer the better) and includes random

letters (upper and lower case), numbers, and special symbols. Protect your passphrase as you

would protect a password. An attacker who learns your passphrase can use it to make a duplicate

Master device. There is no way to duplicate a Master device without your Recovery Passphrase.

B) For the best balance of security and redundancy, use a random sequence of at least 64

numbers and letters as the passphrase. After completing the installation, make several Master

devices with this sequence as backups. (See “5 Duplicating a Master”). In order to create

additional Master duplicates in the future, save the random sequence in a secure location. Delete

the sequence, otherwise.

C) Disable the Recovery Passphrase. For the

strongest security, disable the Recovery

Passphrase. This instructs the device to

generate its own random encryption key.

However, this means that you will not be able

to duplicate or replace the device it if it is lost

or broken.

6. Choose a Password. Master devices are

always password protected. Passwords are

not optional for masters (Passwords are

optional on User devices.) The password

must be entered every time you plug in the

device. It should be different from the

Recovery Passphrase. A password protects

your Master device from unauthorized use.

7. Create an encrypted drive. This drive

will only be accessible by your Master

device. An encrypted drive owned by the

Master is required for duplicating or

replacing Master devices.

Specify the size and location of the drive. The installer creates the encrypted drive using free

space at that location. The encrypted drive does not need to be large. It can reside on your local

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 4

hard disk or on external USB drives. It can be resized later using the Chameleon Manager

software (Start > All Programs > Chameleon > Chameleon Manager).

All content copied to the encrypted drive is automatically protected. It is accessible when the

device is inserted, and disappears when the device is removed.

2.1 Uninstalling

You can uninstall the Chameleon software by locating “Chameleon” from the Windows start

menu and selecting “Uninstall” (Start > All Programs > Chameleon > Uninstall). Uninstalling

does not remove your encrypted drives. To remove the encrypted drives, delete the directory

ChameleonDrives from your hard disk’s top level directory (ex. C:\ ChameleonDrives\). The

ChameleonDrives directory can only be deleted when the Chameleon device is unconnected.

3 Chameleon Encrypted Drives: Protecting Your Data

Plug in your Chameleon device to access the encrypted drive. The encrypted drive appears like

any other hard disk in your system. You can store files in it, open files from it, install and run

programs from it, move files from one directory to another, and direct applications to use the

encrypted drive. Once the Chameleon device is removed, the encrypted drive disappears from

Windows. A forensic examination of your hard disk will reveal only encrypted, apparently

random, data.

Only files that are stored on the Chameleon drive are encrypted. Any files copied or read from

the encrypted drive are automatically decrypted. For instance, if a user were to attach a file from

an encrypted drive to an email, that file would be attached decrypted. For securing email

attachments and cloud storage, see section “7 Encrypting Individual Files and Folders”.

You can copy files to the encrypted drive simply by dragging and dropping them there.

However, this retains the original unencrypted file at its original location. A more secure method

is to right-click drag and drop. Hold down the right mouse button, then drag the selected file to

the encrypted drive. A dialog appears showing “Copy”, “Move”, and “Secure move”. The

secure move option moves the file into the encrypted drive, then scrubs away any traces of that

file from its original location.

2

If a significant amount of data is involved, this may take some

time.

2

The standard Windows move command copies the file, then marks the original file as deleted. The deleted file

may be recoverable with specialized tools. The secure move option prevents recovery by overwriting the deleted

file.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 5

You can also securely move a file to the encrypted drive by using the secure paste option. Right

click on the file or folder you want to move, then select “Cut”. Next, right click on a encrypted

drive or sub-directory, then select “Secure Paste”. Like the secure move option, the secure paste

command cleans away all traces of the unencrypted files from the hard disk.

Secure commands are only available when the Chameleon device is plugged in.

The Chameleon software also adds a secure delete command. Right click on any file or folder

then select “Secure Delete”. This is more secure than deleting the file then deleting it again from

the Windows’ Recycle Bin. Since secure delete overwrites every bit of the file from the hard

disk, this may take some time if a significant amount of data is involved. The normal Windows

cut, paste, and delete commands are still available.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 6

Deleting a file stored in an encrypted drive places it in the Windows’ Recycle Bin. You can

recover the file from the Recycle Bin as long as the Chameleon device is still inserted. Deleted

files disappear from the Recycle Bin when the device is removed. They reappear in the Recycle

Bin when the device is reinserted. There is no need to secure delete any files located in the

encrypted drive.

Any files you create directly on the encrypted drive are automatically protected. However, some

applications store temporary information to your unencrypted drive. This information may be

recoverable with specialized tools. You should direct your applications to store their temporary

files in the encrypted drive. This can usually be accomplished by installing your applications

directly in the encrypted drive.

You can plug or unplug the Chameleon device at any time. Your computer is still fully

functional without the Chameleon device. Only the encrypted drive (and any programs and data

in it) will be unavailable. Be aware that unplugging the device while writing data to the

encrypted drive may result in data corruption. This is similar to removing an external hard disk

in the middle of a write to it. To be absolutely sure that no writes are occurring, use the

Windows Safe Remove function before unplugging the device.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 7

If an application is open with an encrypted file, that application and file may still be accessible

even after you unplug the Chameleon device. For example, let’s say you are editing a protected

file in Microsoft Word. If you unplug the device, a copy of this file is still open in Word. You

cannot save this file to the encrypted drive until you re-insert the device. However, you are still

able to view and edit the parts of the file cached in working memory.

4 Managing Users

In addition to the core Chameleon functions, a Master can access, create, duplicate, set policies

for, and lock out User devices. While User devices cannot access data protected by other User

devices, the Master can access data protected by any User (even with passwords enabled)

associated with it.

A Master may only program brand new User devices or Users that were originally programmed

by the same Master. Masters cannot program a User device that was programmed by a different

Master.

4.1 Creating User Devices

1. Plug in the Master device

2. Enter your password

3. Start the Chameleon Manager

Click on Windows “Start” >

All Programs >

Chameleon >

Chameleon Manager

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 8

4. Select the “User Programming”

tab.

Define the User ID and other

settings, then press “Program”.

The sections that follow describe the

available settings.

Note: In order to change the settings

on a User device without changing

the User ID and Description, select

the “Program settings only”

checkbox. Do not use this checkbox

on a User device that has not been

previously programmed.

5. Plug in the User device to be

programmed.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 9

6. Remove the programmed User

device when prompted.

User information is stored in the device as well as in an unencrypted text file in the

ChameleonDrives directory (e.g. C:\ChameleonDrives\UserLog.csv). This information is not

deleted when you uninstall the Chameleon software.

You can reprogram a User device at any time. User devices can only be programmed by the

Master that originally programmed it or a duplicate of that Master.

4.1.1 User ID

Each User device is defined by a User ID. The User ID is not a secret and is comprised of up to

31 numbers and letters. For example, the User ID can be your user’s name, email address, or

employee number. Each User ID is also linked with an optional description. This description

can be up to 255 characters.

User devices with the same User ID can access the same data. This may be useful for making

duplicates or giving access to a group (rather than an individual).

4.1.2 Passwords

A password prevents unauthorized people from using a particular Chameleon device. It is not

used for protecting data. When password protection is enabled, you must enter a password

whenever the device is plugged in or when the computer is restarted or wakes from sleep. You

can create multiple User devices, each with different passwords (or no passwords), but with the

same User ID. These different User devices can access the same data.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 10

Users are allowed to change their password. The Master can require password complexity in

Users’ passwords. If password complexity is required, the User password must contain a

minimum of 6 characters, and must contain at least one number and one letter.

User passwords do not prevent the Master from accessing data encrypted by its Users.

4.1.3 PC Lock

Unplugging the Chameleon device protects your sensitive data, but open documents, network

connections, and email may still be vulnerable. PC Lock automatically locks the Windows

session whenever the device is removed. The user must enter the Windows password to log

back into the Windows session.

A Master has the option of requiring its User to enforce PC Lock.

4.1.4 AutoLogin

Chameleon Autologin is the opposite of PC Lock: if enabled, you can log-in to Windows simply

by plugging in the Chameleon device (see “11 AutoLogin” for more details).

A Master has the option of forbidding its User from using AutoLogin.

4.1.5 Pagefile Encryption

Windows may store temporary data in its paging file (virtual memory). This file is usually

unencrypted, appearing as a jumble of characters that is updated continuously. Enable pagefile

encryption to direct Windows to encrypt its paging file. Encrypting the paging file eliminates a

potential security hole, but slows the computer down slightly. Only Windows 7 supports page

file encryption (ignored for other operating systems). Masters can program Users to require

pagefile encryption.

4.2 User Logs

The “History” tab displays the list of User devices that have been created. This information is

stored in an unencrypted text file in the ChameleonDrives directory

(C:\ChameleonDrives\UserLog.csv). It lists the User devices the Master created, their creation

date, User ID, description, and other settings.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 11

4.3 Using the Chameleon device with Multiple Computers

A single User device can be used with multiple computers. If the Chameleon software has

already been installed on the new computer, there is no need to reinstall it. If not, insert the

Chameleon installation CD and run the installer on the new computer.

The Master may access its User’s drives:

1. Plug the Master device into the computer that contains the User drive(s).

2. Enter your

password

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 12

3. In the “Select User”

window, select the

user whose drives are

to be accessed. Then,

click “Unlock”.

When an associated User is selected, the Master functionality is limited to what the User can do.

Select “Master” to utilize all of the Master’s User Management functionality.

4.4 Retiring Users

When a User device is lost, or an employee with a User device leaves the company, the need to

retire a User and its device arises. This can be accomplished several different ways:

 If the data belonging to the User is no longer needed, then the drives belonging to the

User may be deleted and the User device can be programmed to a different User ID. See

“4.4.1 Deleting User Drives”.

 If the retired User’s drives are to be migrated to a different User ID, you can:

o Use the Master (See “4.4.2 Changing users with a Master”)

o Create a migration-enabled User device (See “4.4.3 Changing users with a

Migration User ”).

4.4.1 Deleting User Drives

1. Plug the Master device into the computer that contains the User drive(s).

2. Enter your

password

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 13

3. In the “Select User”

window, select the

user whose drives are

to be deleted. Then,

click “Unlock”.

4. Start the Chameleon

Manager

Click on Windows “Start” >

All Programs >

Chameleon >

Chameleon Manager

5. Select the “Drive

Management” tab.

6. In the

“Delete/Resize” drive

section, select

“Delete Drive”.

7. Press the “Delete

Drive” button for

each of the user’s

drives.

4.4.2 Changing users with a Master

1. Plug the Master into the computer that contains the User’s encrypted drive(s).

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 14

2. Enter your password

3. In the “Select User” window, select

“Master” and click “Unlock”

4. Start the Chameleon Manager

Click on Windows “Start” >

All Programs >

Chameleon >

Chameleon Manager

5. Select the “User Drive Migration”

tab.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 15

6. Enter the existing User ID for the

“’From’ User ID” and the new User

ID for the “’To’ User ID”.

To lockout all existing Users, enter

“Unused” for the “To” User ID.

7. Press the “Migrate” button.

Your hard disk (C:\) must have enough free space to contain all the files in the encrypted drives.

Depending on the volume of encrypted data, this process may take some time.

Any unconnected encrypted drives (and backups) will still be accessible by the original User.

You can repeat this process when those drives are connected. This process does not migrate or

lock out access to individually encrypted files (see 7.3 Migrating Encrypted Files).

4.4.3 Changing users with a Migration User Device

1. Plug in the Master

2. Enter your password

3. Start the Chameleon Manager

Click on Windows “Start” >

All Programs >

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 16

Chameleon >

Chameleon Manager

4. Select the “User Programming”

tab.

Select the “Enable User ID

Migration” checkbox.

Enter the new User ID, the retired

User ID, and the user settings.

Anything owned by the retired User

ID will be transferred to the new

User ID.

5. Press the “Program” button.

6. Plug in the User device to be

programmed.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 17

7. Remove the programmed User

device when prompted.

When the user inserts this migration-enabled User device into his PC, it will prompt him to run

the Chameleon Manager. The Chameleon Manager automatically migrates the encrypted drives

of the retired User to the new User ID. The hard disk containing the Windows temp folder

(usually C:\) must have enough free space to contain all the files on the encrypted drives.

Depending on the volume of encrypted data, this process may take some time.

Once migration completes, the migration-enabled User device functions as a standard User

device.

Any unconnected encrypted drives (and backups) will still be accessible by the retired User ID.

The user will be prompted to migrate them when they are later connected. Unmigrated

encrypted drives are not automatically loaded with the migration-enabled User device. They

must be migrated to the new User ID.

This process does not migrate or lock out access to individually encrypted files (see “7.3

Migrating Encrypted Files”).

5 Duplicating a Master Device

If you lose or break your Master device, the data in the encrypted drive can be recovered using a

new Master device and the Recovery Passphrase you specified during installation. This process

can also be used to create duplicate Master devices. Masters without a Recovery Passphrase

cannot be duplicated.

Chameleon Pro - Master Device Manual

485 E. Evelyn Ave., Sunnyvale, CA 94086

Tel: (408)720-8800 Fax: (408)720-8900

www.lucidport.com

Page 18

1. Plug a new Master device into a PC that contains an encrypted drive associated with the

Master to be duplicated.

2. Start the

Chameleon

Manager

Click on Windows “Start” >

All Programs >

Chameleon >

Chameleon Manager

3. In the “Duplicate

Key” tab, enter

your original

Recovery

Passphrase, and a

desired password.

4. Click the

“Duplicate” button.

You do not need the original Master to make a duplicate. But as a precaution, an encrypted drive

associated with the Master to be duplicated must be present for successful duplication. The

Chameleon Manager will verify that the entered passphrase matches the existing Master

encrypted drive before allowing the passphrase to be committed to the device.

6 Replacing a Master

In the event a Master device is lost, stolen, or compromised, it may be necessary to replace the

Master and re-encrypt all associated data. This process includes:

 updating the Master device encryption key

Page is loading ...

LucidPort Chameleon Pro User manual

LucidPort Chameleon Pro User manual

Other documents