Lazybit

Some might be interested in the history of data encryption programs developed by Dekart. The chronology is a bit different from what one expects, so here are some facts about what happened, as well as some ideas about what might happen in the future.

The first program in the line is Private Disk Multifactor, which was released somewhere in 1999; at that time it was called "Private Disk". This is a smart-card/token -oriented encryption tool that appeared as a "side effect" of Dekart's initial exposure to smart-card payment systems. It makes possible the use of three factors of authentication, adding a BioAPI or HA-API compliant scanner to the authentication procedure.

Some of Multifactor's core components are:

• The Smartkey library - it acts as an abstraction layer, providing a unified interface to a broad range of key storage devices such as smart cards, tokens. The list was further extended, encompassing floppy disks and CDs. Support for flash memory storage is now there as well (ex: SD or MMC cards, or digital mp3 players that are detected as mass storage class devices)
• Dekart BIOAPI - this library allows BioAPI and HA-API biometric scanners to be used in the same way, hiding the low-level details from the coder.

Other important components, such as the on-the-fly encryption, and the virtual drive mechanisms were tightly coupled to the program's source code. Later they were moved to a different module, to make maintainence easier. This is how Private Disk API was created.

Private Disk Light was released in 2001, being a "Hello world" application that demonstrates how the Private Disk API works. Eventually the program became more than just a simple demo.

In 2003 it was decided that Private Disk Light would evolve as Private Disk, a commercial product; the Light version continues to be a free encryption program. This is when the original "Private Disk" became "Private Disk Multifactor". It was expected that such a change would cause a confusion among end-users, but the transition went surprisingly smooth.

Throughout this time, Private Disk API was only used internally by Dekart developers. It was decided that the API would become a product on its own, which would encourage others to build their own encryption software with minimal time investments. The API was documented, and along with several sample projects, it is distributed as Private Disk SDK, the first date of release is August the 5th, 2005. The SDK is a very easy way to build a robust encryption solution, not only that it was tested by time (since Private Disk relies on the exact same API), but it also relies on NIST-certified cryptographic modules for encryption and hashing. Certification is handled by Dekart, so the coder who uses the SDK can have this at no additional cost. Other things that are there - support for 64-bit platforms (AMD64 and IA-64), as well as Windows Vista compatibility.

2006 is an important point on the timeline, Dekart has released Private Disk Multifactor 2.0, it was shown to the public during the Systems 2006 expo in Munich. This is a special release, the most important detail about it is that it relies on Private Disk API, rather than its old codebase.

(A silent photo of the Dekart-Ritlabs stand in Munich, click to enlarge)

At that point Multifactor became a super-set of Private Disk, if compared by the available features. This brought tools such as Disk Firewall, Autorun, Autofinish to the community of Private Disk Multifactor users. All of this happened without hindering the mobility of the program - Multifactor is fully self-contained, thus it can be used directly from a removable drive on another computer. Of course it is a bit different, because if multiple factors of authentication are used, drivers for the additional hardware are needed. However, if a USB drive (or a smart card reader for which Windows will automatically find a driver) is used as a key - two-factors of authentication can be applied.

The 2.0 release had a significant impact on the speed of development, because any change made in the underlying API would automatically become a part of Private Disk and Private Disk Multifactor.

It is now being discussed whether PD and PDMF should be merged into a single product, but a decision was not made yet.

Since several APIs were mentioned, it should be noted that Smartkey is also going to be available as a separate SDK. This makes the development of smart-card based solutions incredibly simple. Ease of use is not the only advantage; besides the fact that the API was thoroughly tested and used for many years, it provides compatibility with a lot of smart cards, tokens, and other types of storage devices.

Another important detail is that Smartkey interacts with the smart cards and tokens via APDU commands. As a result, the library is very light, and there is no need to install additional modules that came from the card or token manufacturer. A positive side-effect is that Smartkey can be used to build portable programs (i.e. programs that do not require a local installation).

Dekart also plans to release an API for SIM card management, as well as the biometric API which is used internally; it is not certain when they will become available to the public, but it is going to happen after Smartkey SDK is officially released. At that time it will probably be known as "Dekart Smart Card SDK".