DataLocker.com - Simply Secure

The DataLocker wipes or destroys data when the self destruct routine is initiated and when the zeroization or key regeneration routine is initiated. In these cases, the DataLocker deletes all encryption keys making the stored data irretrievable. 

According to DoD 5220.22-M directive dated February 28, 2006

8-301. Clearing and Sanitization.  Instructions on clearing, sanitization and release of IS media shall be issued by the accrediting CSA.  

a. Clearing. Clearing is the process of eradicating the data on media before reusing the media in an environment that provides an acceptable level of protection for the data that was on the media before clearing. All internal memory, buffer, or other reusable memory shall be cleared to effectively deny access to previously stored information.  

b. Sanitization. Sanitization is the process of removing the data from media before reusing the media in an environment that does not provide an acceptable level of protection for the data that was in the media before sanitizing. IS resources shall be sanitized before they are released from classified information controls or released for use at a lower classification level.

http://www.dss.mil/isp/odaa/documents/nispom2006-5220.pdf

The DataLocker's hardware based encryption and wipe routines fully meet the requirements for clearing data. 

Security Level 1
Security Level 1 provides the lowest level of security. Basic security requirements are specified for a cryptographic module (e.g., at least one Approved algorithm or Approved security function shall be used). No specific physical security mechanisms are required in a Security Level 1 cryptographic module beyond the basic requirement for production-grade components. An example of a Security Level 1 cryptographic module is a personal computer (PC) encryption board.
Security Level 1 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an unevaluated operating system. Such implementations may be appropriate for some low-level security applications when other controls, such as physical security, network security, and administrative procedures are limited or nonexistent. The implementation of cryptographic software may be more cost-effective than corresponding hardware-based mechanisms, enabling organizations to select from alternative cryptographic solutions to meet lower-level security requirements.
 

Security Level 2
Security Level 2 enhances the physical security mechanisms of a Security Level 1 cryptographic module by adding the requirement for tamper-evidence, which includes the use of tamper-evident coatings or seals or for pick-resistant locks on removable covers or doors of the module. Tamper-evident coatings or seals are placed on a cryptographic module so that the coating or seal must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module. Tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access.
Security Level 2 requires, at a minimum, role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services.
Security Level 2 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that
• meets the functional requirements specified in the Common Criteria (CC) Protection Profiles (PPs) listed in Annex B and
• is evaluated at the CC evaluation assurance level EAL2 (or higher).
An equivalent evaluated trusted operating system may be used. A trusted operating system provides a level of trust so that cryptographic modules executing on general purpose computing platforms are comparable to cryptographic modules implemented using dedicated hardware systems.

Security Level 3
In addition to the tamper-evident physical security mechanisms required at Security Level 2, Security Level 3 attempts to prevent the intruder from gaining access to CSPs held within the cryptographic module. Physical security mechanisms required at Security Level 3 are intended to have a high probability of detecting and responding to attempts at physical access, use or modification of the cryptographic module. The physical security mechanisms may include the use of strong enclosures and tamper detection/response circuitry that zeroizes all plaintext CSPs when the removable covers/doors of the cryptographic module are opened.
Security Level 3 requires identity-based authentication mechanisms, enhancing the security provided by the role-based authentication mechanisms specified for Security Level 2. A cryptographic module authenticates the identity of an operator and verifies that the identified operator is authorized to assume a specific role and perform a corresponding set of services.
Security Level 3 requires the entry or output of plaintext CSPs (including the entry or output of plaintext CSPs using split knowledge procedures) be performed using ports that are physically separated from other ports, or interfaces that are logically separated using a trusted path from other interfaces. Plaintext CSPs may be entered into or output from the cryptographic module in encrypted form (in which case they may travel through enclosing or intervening systems).
Security Level 3 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that
• meets the functional requirements specified in the PPs listed in Annex B with the additional functional requirement of a Trusted Path (FTP_TRP.1) and
• is evaluated at the CC evaluation assurance level EAL3 (or higher) with the additional assurance requirement of an Informal Target of Evaluation (TOE) Security Policy Model (ADV_SPM.1).
An equivalent evaluated trusted operating system may be used. The implementation of a trusted path protects plaintext CSPs and the software and firmware components of the cryptographic module from other untrusted software or firmware that may be executing on the system.

Security Level 4
Security Level 4 provides the highest level of security defined in this standard. At this security level, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access. Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate zeroization of all plaintext CSPs. Security Level 4 cryptographic modules are useful for operation in physically unprotected environments.
Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature. Intentional excursions beyond the normal operating ranges may be used by an attacker to thwart a cryptographic module's defenses. A cryptographic module is required to either include special environmental protection features designed to detect fluctuations and zeroize CSPs, or to undergo rigorous environmental failure testing to provide a reasonable assurance that the module will not be affected by fluctuations outside of the normal operating range in a manner that can compromise the security of the module.
Security Level 4 allows the software and firmware components of a cryptographic module to be executed on a general purpose computing system using an operating system that
• meets the functional requirements specified for Security Level 3 and
• is evaluated at the CC evaluation assurance level EAL4 (or higher).
An equivalent evaluated trusted operating system may be used.

Source :FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION "SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES"

The "Self Destruct" feature is a defense against brute force password hack attempts. The DataLocker performs this by "zeroizing" all the devices encryption keys once a preset number of failed login attempts is reached. 

Once the encryption key is deleted your data can not be recovered.  Powering off the unit does NOT reset the unsuccessful password attempts counter. Use this feature with caution.

DataLocker Enterprise

When activated, after nine unsuccessful password entries the encryption key is deleted rendering all of the data on the drive inaccessible.  

The initiation sequence is : 3 unsuccessful attempts, power down, 3 unsuccessful attempts, power down, 7th unsuccessful attempt and a "Hack Detected" warning message will apprear, 8th unsuccessful attempt and warning will appear again, after the 9th unsuccessful attempt the device self destruct will initiate. 

This feature can be disabled in the "Options" menu which is available immediately after entering your initial password.

DataLocker DL3

The user can set the counter from 10-30 attempts through the setup menu. If the attempt counter is set for 10 attempts, the self destruct sequence is 5 unsuccessful attempts, power down, 7th unsuccessful attempt and a "Hack Detected" warning message will apprear, 8th and 9th unsuccessful attempt and warning will appear again, after the 10th unsuccessful attempt the device will self destruct.

No, this would violate the most important principal in password based data security.

The Advanced Encryption Standard (AES), is a block cipher adopted as an encryption standard by the U.S. government for military and government use.

ECB (Electronic Codebook) is essentially the first generation of the AES. It is the most basic form of block cipher encryption.

CBC (Cipher Blocker Chaining) is an advanced form of block cipher encryption. With CBC mode encryption, each ciphertext block is dependent on all plaintext blocks processed up to that point. This adds an extra level of complexity to the encrypted data.

The practical difference is best illustrated with this graphic :

Unencrypted Data	ECB MODE Encrypted Data	CBC Mode Encrypted Data

Images Courtesy Wikipedia.com

References : Wikipedia - "Block cipher modes of operation"

The DataLocker is secured with our patented authentication panel and then the drive is fully encrypted with 256 bit AES / CBC mode encryption. Every sector of your hard drive is encrypted.