Apricorn Aegis Secure Key 3.0

• Bootable, USB 3.1 (3.0) flash drive; 16GB to 1TB • FIPS 140-2 level 3 Validated (Cert #2834)

• Dust & Water Resistant to IP68 with rugged, extruded aluminium enclosure

• On-the-Fly 100% Hardware-Based and military grade 256-bit AES-XTS Encryption

• Software-Free Setup/Operation; cross-platform compatible and operating system agnostic

• Onboard keypad authentication; critical security parameters never shared with the host

• Supports 1xadmin and 1xstandard user. No factory pre-set PINs

• Highly configurable either directly on the keypad or automatically and in bulk via the Apricorn Aegis Configurator & hub

The Apricorn Aegis Secure Key - USB 3.0 Flash drive (ASK3.0) is a high capacity, highly configurable, PIN pad authenticated, hardware encrypted secure portable data storage device.  The drive has a rechargeable battery allowing it to be authenticated and unlocked before it’s ever connected to its host. This onboard authentication circumvents all key logger software / malware attacks and ensures none of the User’s critical security parameters are ever shared with the host.

All Data is encrypted on the fly and the device’s PINs and Data remain encrypted while the drive is at rest. Completely cross-platform compatible and OS agnostic; thrives in Windows, Linux, Mac, Android, Chrome, embedded systems and any equipment possessing a powered USB port and storage file system. All internal componentry is protected from physical tampering with a layer of hardened epoxy, and locked-down firmware brings immunity to malware attacks such as BadUSB.

The ASK3.0 can be configured with independent User and Admin PINs and is designed to work with the Aegis Configurator which enables the creation and application of security policy and configuration settings automatically and en masse through a windows UI. The unique feature set and policy settings available are:

1. Automated, Mass Device Configuration though the Aegis configurator

2. Bootable/Lock Override. By default, the device automatically locks on re-enumeration to protect against attacks through powered USB hubs for example. However, certain use cases require this setting to be overridden, e.g. when booting

3. Two Read-Only Modes, either set by the administrator (which the user cannot override) or can be toggled by the user

4. Forced-Enrolment Mode/User Forced Enrolment. No factory set, default PINs, requiring the Administrator to create a unique PIN upon first use and, after applying the security policy to the device, the user is then required to create their own PIN in line with the applied policy.

5. Programmable Brute Force. Controls the number of incorrect, sequential authentication attempts allowed before the drive determines it is under attack and takes appropriate action.

6. Recovery PIN. Administrator can generate one-time use recovery PINs to assist users in the event they have forgotten their PIN.

7. Programmable Min PIN Length Setting. Administrators can set the minimum user PIN length policy required to authenticate to the device.

8. Self-Destruct PIN. Defends against physically compromising situations where user is under duress by erasing the device’s encryption key when applied and presenting the device as if it never had any data written to it.

9. Unattended Auto-Lock. Administrator can toggle Unattended Auto Lock on and off. If on, the device will lock after a predetermined period of inactivity, triggering after 5, 10 or 20 minutes of inactivity.

Product Images

NATO Classification


Product Categories

Security Mechanism Groups

General Information



Product Documents

No Product Documents are available for the moment.

Product QR Code

Last Update Time:
09-Apr-2019 04:25 PM
Please enter a search term !