LucidPort Chameleon Pro User manual

  • Hello! I am an AI chatbot trained to assist you with the LucidPort Chameleon Pro User manual. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
U.S. Patent Pending
Chameleon Pro
Master Device Manual
Chameleon Pro - Master Device Manual Doc# 100-03-100
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Contents
1 Introduction ............................................................................................................................. 1
2 Chameleon Pro Master Installation ......................................................................................... 1
2.1 Uninstalling ..................................................................................................................... 4
3 Chameleon Encrypted Drives: Protecting Your Data ............................................................ 4
4 Managing Users ...................................................................................................................... 7
4.1 Creating User Devices .................................................................................................... 7
4.1.1 User ID .................................................................................................................... 9
4.1.2 Passwords ................................................................................................................ 9
4.1.3 PC Lock ................................................................................................................ 10
4.1.4 AutoLogin ............................................................................................................. 10
4.1.5 Pagefile Encryption ............................................................................................... 10
4.2 User Logs ...................................................................................................................... 10
4.3 Using the Chameleon device with Multiple Computers ............................................... 11
4.4 Retiring Users .............................................................................................................. 12
4.4.1 Deleting User Drives............................................................................................. 12
4.4.2 Changing users with a Master ............................................................................... 13
4.4.3 Changing users with a Migration User Device ..................................................... 15
5 Duplicating a Master Device ................................................................................................ 17
6 Replacing a Master ............................................................................................................... 18
6.1 Updating User Devices ................................................................................................. 21
7 Encrypting Individual Files and Folders ............................................................................... 24
7.1 Encrypting Files ............................................................................................................ 24
7.2 Decrypting Files ............................................................................................................ 27
7.3 Migrating Encrypted Files ............................................................................................ 30
8 Changing Passwords ............................................................................................................. 32
9 Adding, Deleting, and Resizing Encrypted Drives ............................................................... 34
10 PC Lock ................................................................................................................................ 36
11 AutoLogin ............................................................................................................................. 37
12 Additional Functions and Limitations .................................................................................. 39
12.1 Display User Device Programming .............................................................................. 39
12.2 Windows Paging File .................................................................................................... 41
12.3 Safe Removal ................................................................................................................ 42
12.4 Backing up Data ............................................................................................................ 43
12.5 Using Multiple Chameleon devices with the Same Computer ..................................... 43
13 Limited Warranty and Legal Notices .................................................................................... 44
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 1
1 Introduction
Chameleon Pro protects the files on your PC with AES-256 encryption. Chamelon Pro differs
from other USB encryption devices by protecting the files on your hard disk rather than
transferring them to a USB device. Chameleon Pro creates an encrypted drive using the free
space in your hard disk. Files and applications stored in this encrypted drive are protected and
can only be accessed when the Chameleon device is plugged in. Like the key for your car, the
device acts like a physical key for your hard disk.
Chameleon Pro includes two types of devices: Masters and Users. User devices provide all of
the core Chameleon security features (encrypted drives, individual file encryption, etc.). Master
devices offer the same features in addition to being able to manage Users.
A Master can access, create, duplicate, set policies for, and lock out Users. While Users cannot
access data protected by other Users, the Master can access data protected by any User
associated with it. A Master can also manage its own independent, encrypted data.
The Chameleon Pro works with Windows XP, Vista, and Win7 based PCs.
2 Chameleon Pro Master Installation
1. Before installing the Chameleon software, make sure any previous versions of the
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 2
Chameleon are uninstalled. Uninstalling does not delete existing encrypted drives.
2. Insert the installation CD and run the Setup program.
1
(You can also download the setup
program from http://www.marathon6.com/chameleon.)
3. Click on the "Install" button to load the
software.
4. Insert your new Master device then press
"Start" to launch the installation wizard to
begin Master configuration. (User devices
are configured later)
5. Choose between A), B), or C)
A) Choose a Recovery Passphrase. This passphrase is used only for making duplicate copies
of your Master device (in case you lose it) and not used in normal operation. You can think of
the Recovery Passphrase as a password stored on the device itself.
Select a unique passphrase. Another Master with the same passphrase may be able to access
1
On some Windows7 computers, you may get a User Account Control warning that a program is trying to make
changes to the computer. Select “Yes” or “Install” if this occurs.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 3
your data. Once programmed, the Recovery Passphrase can never be changed.
A good passphrase is at least 16 characters long (the longer the better) and includes random
letters (upper and lower case), numbers, and special symbols. Protect your passphrase as you
would protect a password. An attacker who learns your passphrase can use it to make a duplicate
Master device. There is no way to duplicate a Master device without your Recovery Passphrase.
B) For the best balance of security and redundancy, use a random sequence of at least 64
numbers and letters as the passphrase. After completing the installation, make several Master
devices with this sequence as backups. (See 5 Duplicating a Master”). In order to create
additional Master duplicates in the future, save the random sequence in a secure location. Delete
the sequence, otherwise.
C) Disable the Recovery Passphrase. For the
strongest security, disable the Recovery
Passphrase. This instructs the device to
generate its own random encryption key.
However, this means that you will not be able
to duplicate or replace the device it if it is lost
or broken.
6. Choose a Password. Master devices are
always password protected. Passwords are
not optional for masters (Passwords are
optional on User devices.) The password
must be entered every time you plug in the
device. It should be different from the
Recovery Passphrase. A password protects
your Master device from unauthorized use.
7. Create an encrypted drive. This drive
will only be accessible by your Master
device. An encrypted drive owned by the
Master is required for duplicating or
replacing Master devices.
Specify the size and location of the drive. The installer creates the encrypted drive using free
space at that location. The encrypted drive does not need to be large. It can reside on your local
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 4
hard disk or on external USB drives. It can be resized later using the Chameleon Manager
software (Start > All Programs > Chameleon > Chameleon Manager).
All content copied to the encrypted drive is automatically protected. It is accessible when the
device is inserted, and disappears when the device is removed.
2.1 Uninstalling
You can uninstall the Chameleon software by locating “Chameleon from the Windows start
menu and selecting “Uninstall (Start > All Programs > Chameleon > Uninstall). Uninstalling
does not remove your encrypted drives. To remove the encrypted drives, delete the directory
ChameleonDrives from your hard disk’s top level directory (ex. C:\ ChameleonDrives\). The
ChameleonDrives directory can only be deleted when the Chameleon device is unconnected.
3 Chameleon Encrypted Drives: Protecting Your Data
Plug in your Chameleon device to access the encrypted drive. The encrypted drive appears like
any other hard disk in your system. You can store files in it, open files from it, install and run
programs from it, move files from one directory to another, and direct applications to use the
encrypted drive. Once the Chameleon device is removed, the encrypted drive disappears from
Windows. A forensic examination of your hard disk will reveal only encrypted, apparently
random, data.
Only files that are stored on the Chameleon drive are encrypted. Any files copied or read from
the encrypted drive are automatically decrypted. For instance, if a user were to attach a file from
an encrypted drive to an email, that file would be attached decrypted. For securing email
attachments and cloud storage, see section “7 Encrypting Individual Files and Folders”.
You can copy files to the encrypted drive simply by dragging and dropping them there.
However, this retains the original unencrypted file at its original location. A more secure method
is to right-click drag and drop. Hold down the right mouse button, then drag the selected file to
the encrypted drive. A dialog appears showing “Copy”, “Move”, and “Secure move”. The
secure move option moves the file into the encrypted drive, then scrubs away any traces of that
file from its original location.
2
If a significant amount of data is involved, this may take some
time.
2
The standard Windows move command copies the file, then marks the original file as deleted. The deleted file
may be recoverable with specialized tools. The secure move option prevents recovery by overwriting the deleted
file.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 5
You can also securely move a file to the encrypted drive by using the secure paste option. Right
click on the file or folder you want to move, then select “Cut”. Next, right click on a encrypted
drive or sub-directory, then select “Secure Paste”. Like the secure move option, the secure paste
command cleans away all traces of the unencrypted files from the hard disk.
Secure commands are only available when the Chameleon device is plugged in.
The Chameleon software also adds a secure delete command. Right click on any file or folder
then select “Secure Delete”. This is more secure than deleting the file then deleting it again from
the Windows’ Recycle Bin. Since secure delete overwrites every bit of the file from the hard
disk, this may take some time if a significant amount of data is involved. The normal Windows
cut, paste, and delete commands are still available.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 6
Deleting a file stored in an encrypted drive places it in the Windows’ Recycle Bin. You can
recover the file from the Recycle Bin as long as the Chameleon device is still inserted. Deleted
files disappear from the Recycle Bin when the device is removed. They reappear in the Recycle
Bin when the device is reinserted. There is no need to secure delete any files located in the
encrypted drive.
Any files you create directly on the encrypted drive are automatically protected. However, some
applications store temporary information to your unencrypted drive. This information may be
recoverable with specialized tools. You should direct your applications to store their temporary
files in the encrypted drive. This can usually be accomplished by installing your applications
directly in the encrypted drive.
You can plug or unplug the Chameleon device at any time. Your computer is still fully
functional without the Chameleon device. Only the encrypted drive (and any programs and data
in it) will be unavailable. Be aware that unplugging the device while writing data to the
encrypted drive may result in data corruption. This is similar to removing an external hard disk
in the middle of a write to it. To be absolutely sure that no writes are occurring, use the
Windows Safe Remove function before unplugging the device.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 7
If an application is open with an encrypted file, that application and file may still be accessible
even after you unplug the Chameleon device. For example, let’s say you are editing a protected
file in Microsoft Word. If you unplug the device, a copy of this file is still open in Word. You
cannot save this file to the encrypted drive until you re-insert the device. However, you are still
able to view and edit the parts of the file cached in working memory.
4 Managing Users
In addition to the core Chameleon functions, a Master can access, create, duplicate, set policies
for, and lock out User devices. While User devices cannot access data protected by other User
devices, the Master can access data protected by any User (even with passwords enabled)
associated with it.
A Master may only program brand new User devices or Users that were originally programmed
by the same Master. Masters cannot program a User device that was programmed by a different
Master.
4.1 Creating User Devices
1. Plug in the Master device
2. Enter your password
3. Start the Chameleon Manager
Click on Windows “Start” >
All Programs >
Chameleon >
Chameleon Manager
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 8
4. Select the “User Programming”
tab.
Define the User ID and other
settings, then press “Program”.
The sections that follow describe the
available settings.
Note: In order to change the settings
on a User device without changing
the User ID and Description, select
the “Program settings only
checkbox. Do not use this checkbox
on a User device that has not been
previously programmed.
5. Plug in the User device to be
programmed.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 9
6. Remove the programmed User
device when prompted.
User information is stored in the device as well as in an unencrypted text file in the
ChameleonDrives directory (e.g. C:\ChameleonDrives\UserLog.csv). This information is not
deleted when you uninstall the Chameleon software.
You can reprogram a User device at any time. User devices can only be programmed by the
Master that originally programmed it or a duplicate of that Master.
4.1.1 User ID
Each User device is defined by a User ID. The User ID is not a secret and is comprised of up to
31 numbers and letters. For example, the User ID can be your user’s name, email address, or
employee number. Each User ID is also linked with an optional description. This description
can be up to 255 characters.
User devices with the same User ID can access the same data. This may be useful for making
duplicates or giving access to a group (rather than an individual).
4.1.2 Passwords
A password prevents unauthorized people from using a particular Chameleon device. It is not
used for protecting data. When password protection is enabled, you must enter a password
whenever the device is plugged in or when the computer is restarted or wakes from sleep. You
can create multiple User devices, each with different passwords (or no passwords), but with the
same User ID. These different User devices can access the same data.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 10
Users are allowed to change their password. The Master can require password complexity in
Users’ passwords. If password complexity is required, the User password must contain a
minimum of 6 characters, and must contain at least one number and one letter.
User passwords do not prevent the Master from accessing data encrypted by its Users.
4.1.3 PC Lock
Unplugging the Chameleon device protects your sensitive data, but open documents, network
connections, and email may still be vulnerable. PC Lock automatically locks the Windows
session whenever the device is removed. The user must enter the Windows password to log
back into the Windows session.
A Master has the option of requiring its User to enforce PC Lock.
4.1.4 AutoLogin
Chameleon Autologin is the opposite of PC Lock: if enabled, you can log-in to Windows simply
by plugging in the Chameleon device (see “11 AutoLogin” for more details).
A Master has the option of forbidding its User from using AutoLogin.
4.1.5 Pagefile Encryption
Windows may store temporary data in its paging file (virtual memory). This file is usually
unencrypted, appearing as a jumble of characters that is updated continuously. Enable pagefile
encryption to direct Windows to encrypt its paging file. Encrypting the paging file eliminates a
potential security hole, but slows the computer down slightly. Only Windows 7 supports page
file encryption (ignored for other operating systems). Masters can program Users to require
pagefile encryption.
4.2 User Logs
The “History” tab displays the list of User devices that have been created. This information is
stored in an unencrypted text file in the ChameleonDrives directory
(C:\ChameleonDrives\UserLog.csv). It lists the User devices the Master created, their creation
date, User ID, description, and other settings.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 11
4.3 Using the Chameleon device with Multiple Computers
A single User device can be used with multiple computers. If the Chameleon software has
already been installed on the new computer, there is no need to reinstall it. If not, insert the
Chameleon installation CD and run the installer on the new computer.
The Master may access its User’s drives:
1. Plug the Master device into the computer that contains the User drive(s).
2. Enter your
password
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 12
3. In the “Select User”
window, select the
user whose drives are
to be accessed. Then,
click “Unlock”.
When an associated User is selected, the Master functionality is limited to what the User can do.
Select “Master” to utilize all of the Master’s User Management functionality.
4.4 Retiring Users
When a User device is lost, or an employee with a User device leaves the company, the need to
retire a User and its device arises. This can be accomplished several different ways:
If the data belonging to the User is no longer needed, then the drives belonging to the
User may be deleted and the User device can be programmed to a different User ID. See
4.4.1 Deleting User Drives”.
If the retired User’s drives are to be migrated to a different User ID, you can:
o Use the Master (See “4.4.2 Changing users with a Master”)
o Create a migration-enabled User device (See “4.4.3 Changing users with a
Migration User ).
4.4.1 Deleting User Drives
1. Plug the Master device into the computer that contains the User drive(s).
2. Enter your
password
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 13
3. In the “Select User”
window, select the
user whose drives are
to be deleted. Then,
click “Unlock”.
4. Start the Chameleon
Manager
Click on Windows “Start” >
All Programs >
Chameleon >
Chameleon Manager
5. Select the “Drive
Management” tab.
6. In the
“Delete/Resize” drive
section, select
“Delete Drive”.
7. Press the “Delete
Drive” button for
each of the user’s
drives.
4.4.2 Changing users with a Master
1. Plug the Master into the computer that contains the User’s encrypted drive(s).
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 14
2. Enter your password
3. In the “Select User” window, select
“Master” and click “Unlock”
4. Start the Chameleon Manager
Click on Windows “Start” >
All Programs >
Chameleon >
Chameleon Manager
5. Select the “User Drive Migration
tab.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 15
6. Enter the existing User ID for the
“’From’ User ID” and the new User
ID for the “’To’ User ID”.
To lockout all existing Users, enter
“Unused” for the “To” User ID.
7. Press the “Migrate” button.
Your hard disk (C:\) must have enough free space to contain all the files in the encrypted drives.
Depending on the volume of encrypted data, this process may take some time.
Any unconnected encrypted drives (and backups) will still be accessible by the original User.
You can repeat this process when those drives are connected. This process does not migrate or
lock out access to individually encrypted files (see 7.3 Migrating Encrypted Files).
4.4.3 Changing users with a Migration User Device
1. Plug in the Master
2. Enter your password
3. Start the Chameleon Manager
Click on Windows “Start” >
All Programs >
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 16
Chameleon >
Chameleon Manager
4. Select the “User Programming”
tab.
Select the “Enable User ID
Migration” checkbox.
Enter the new User ID, the retired
User ID, and the user settings.
Anything owned by the retired User
ID will be transferred to the new
User ID.
5. Press the “Program” button.
6. Plug in the User device to be
programmed.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 17
7. Remove the programmed User
device when prompted.
When the user inserts this migration-enabled User device into his PC, it will prompt him to run
the Chameleon Manager. The Chameleon Manager automatically migrates the encrypted drives
of the retired User to the new User ID. The hard disk containing the Windows temp folder
(usually C:\) must have enough free space to contain all the files on the encrypted drives.
Depending on the volume of encrypted data, this process may take some time.
Once migration completes, the migration-enabled User device functions as a standard User
device.
Any unconnected encrypted drives (and backups) will still be accessible by the retired User ID.
The user will be prompted to migrate them when they are later connected. Unmigrated
encrypted drives are not automatically loaded with the migration-enabled User device. They
must be migrated to the new User ID.
This process does not migrate or lock out access to individually encrypted files (see 7.3
Migrating Encrypted Files).
5 Duplicating a Master Device
If you lose or break your Master device, the data in the encrypted drive can be recovered using a
new Master device and the Recovery Passphrase you specified during installation. This process
can also be used to create duplicate Master devices. Masters without a Recovery Passphrase
cannot be duplicated.
Chameleon Pro - Master Device Manual
Copyright © LucidPort Technology, Inc.
485 E. Evelyn Ave., Sunnyvale, CA 94086
Tel: (408)720-8800 Fax: (408)720-8900
www.lucidport.com
Page 18
1. Plug a new Master device into a PC that contains an encrypted drive associated with the
Master to be duplicated.
2. Start the
Chameleon
Manager
3. In the “Duplicate
Key” tab, enter
your original
Recovery
Passphrase, and a
desired password.
4. Click the
“Duplicate” button.
You do not need the original Master to make a duplicate. But as a precaution, an encrypted drive
associated with the Master to be duplicated must be present for successful duplication. The
Chameleon Manager will verify that the entered passphrase matches the existing Master
encrypted drive before allowing the passphrase to be committed to the device.
6 Replacing a Master
In the event a Master device is lost, stolen, or compromised, it may be necessary to replace the
Master and re-encrypt all associated data. This process includes:
updating the Master device encryption key
/