Several weeks ago, I received an email inviting me to write a review on Apricorn’s Aegis Secure Key 3NX-C. Before replying, I did some research on both the company (Apricorn) and the Aegis Secure Key 3NX-C.
Apricorn focuses on designing, manufacturing, and marketing 256-bit AES encrypted external data storage devices. Storage platforms range from 4 USB flash drives to 6 devices using either HHDs or SSDs for storage. Eight of these devices use an alpha-numeric keypad for password authentication and access, and one uses biometric authentication for access. It appears that Apricorn is also an innovative leader in its industry.
From Jon Fielding, Apricorn’s managing director: “Even before the COVID-19 pandemic, remote and mobile working was on the rise, along with the associated risks to data. As the global workforce shifted from office to home practically overnight, the demand for our encrypted secure keys skyrocketed, as did the demand for our A-to-C adapters.”
“We accelerated the release of the Aegis Secure Key 3NXC to provide an efficient way of ensuring that employees using MacBooks, iPads, and Android devices can securely store and move sensitive data, wherever and however they’re working.”
Apricorn’s Aegis Secure Key 3NX-C is the newest addition to the company’s line-up of external storage devices. It is also the first USB 3.2 encrypted flash key with a C-type connector to be marketed. The device has a demure size of 81mm X 18.4mm X 9.5mm and weighs in at only 22 grams. There is a surprising amount of technology going on both inside and outside of this device. All of this technology is geared toward one end: keeping the data stored within safe.
Both the company and its products are very unique. I replied to their request saying I wanted to do the review, and within 24 hours, I had my hands on the new Aegis Secure Key 3NX-C to check out.
Communication with Apricorn has been excellent. Several days after I received the 3NX-C, I had a conference call with two Apricorn representatives who explained the Aegis Secure Key 3Nx-C’s features and answered any question I had about the device. During this call, we discussed how the 3NX-C controls heat, and for comparison, I was sent an Aegis Secure Key 3z drive (more on the question of heat later). During the course of writing this review, I emailed the same two Apricorn representatives several times with questions, and their responses were quick and precise.
Now, on to the review……
About The Company
Apricorn’s devices help secure data in highly regulated sectors like government, defense, manufacturing, and healthcare. Apricorn was established in 1983 as a private company and headquarters in Poway, California(1).
For the past 37 years, Apricorn has been this industry’s innovative leader and has been the first to market their technological innovations. A good example can be found in the recent release of the Aegis Secure Key 3NX-C, the first USB 3.2 encrypted flash key with a C-type connector to be marketed.
Another measure of Apricorn’s impressive technological leadership can be seen by the number and type of patents they have received for their products. Here are some examples:
• First keypad authenticated encrypted external drive to attain FIPS 140-2 level 2: Aegis Fortress, July 2013
• Admin forced enrollment created: (DT FIPS launch) May 2014
• First Lock override mode: Aegis Secure Key 3.0, January 2015
• Separate admin and user mode access: Aegis Secure Key 3.0, January 2015
• Programmable brute force mode: Aegis Secure Key 3.0, January 2015
• First 480GB hardware-encrypted flash key: Aegis Secure Key 3.0, January 2015
• Programmable max PIN length: Aegis 3z, Jan 2017
• User forced enrollment: Aegis 3z, Jan 2017
• Data Recovery PINs: Aegis 3z, Jan 2017
• Aegis Configurator launched: Jan 2017
• Fixed Disk / Removable media toggle: August 2018
• First (and still only) 1TB encrypted flash key: Aegis Secure Key 3.0, Nov 2018
• Aegis Configurator, Central Database Version launched: Aug 2019
• Aegis Secure Key 3NXC – first hardware encrypted USB flash key with C-Type Connector (July 2020)
The Aegis Secure Key 3NX-C becomes the recipient of 37 years of experience in engineering and technological innovation.
Aegis Secure Key 3NX-C Certifications Awarded, Compliancies Acheived, And What It All Means
To be used and marketed in many national and global industries and institutions products may need to meet specific standards and regulations for performance and safety. Certifications and Compliance awards are an industry’s or institution’s way of saying, “Though you have a good product, we need to verify that it will meet our needs?”
Here are some examples where the Aegis Secure Key 3NX-C has been certified and/or been found compliant with either an organization’s, an institution’s, or specifically, the US government’s (or a number of governments’) standards and/or regulations:
FIPS 140-2 Level 3. Encryption is considered an essential security technology to protect sensitive data, but the fact is, there is no single standard way to encrypt information. Various encryption schemes use different algorithms to transform clear text information into cipher-text, and they are not equally effective in securing information(2).
Organizations in the private sector can choose whatever encryption schemes work best for them. The U.S. federal government, however, has set an encryption standard for its non-military agencies. The use of this standard is mandatory for these agencies and is enforced according to the Federal Information Security Management Act (FISMA) of 2002. Contractors and service providers who work with the U.S. government must also follow FIPS(3).
The Federal Information Processing Standard 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards. FIPS PUB 140-2 provides details about the Security Requirements For Cryptographic Modules(4).
FIPS 140-2 has also become the de-facto standard for encryption beyond the federal government and is recognized as an important security standard outside the United States. This standard is used extensively in many state and local government agencies as well as non-governmental industries, particularly manufacturing, healthcare, and financial services, or wherever there are federal regulations governing data security. Regulations in such industries may require FIPS 140-2 compliance(5).
Level 3 in FIPS 140-2 refers to requirements for physical tamper-resistance and identity-based authentication(6).
Note: The Aegis 3NX is the “sister” to the Aegis Secure Key 3NX-C. With the exception that the 3NX has a USB A-type connector while the 3NX-C has a USB C-type connector (and runs up to 25% cooler), the two are identical. The Aegis Secure Key 3NX has just received its FIPS 140-2 Level 3 certification. As the Aegis Secure Key 3NX-C has just been introduced, and this device is still in the certification process. Certification is expected in the third quarter of 2020.
CE Certification. The Aegis Secure Key 3NX-C has been tested and has met the European Union’s safety standards and other requirements for sale.
IP68 Compliant. Devices backed by an international standard rating of IP68 are deemed fit enough to withstand dust, dirt, and sand, and are resistant to submersion up to a maximum depth of 1.5m underwater for up to thirty minutes.
VCCI Compliant. Founded in Japan, VICCI is an organization that promotes the self-reduction of radio disturbances by member manufactures of electric and electronic equipment. A VCCI symbol on a product proves that the device is harmless as disturbance emission levels are controlled under the organization’s tolerant levels. This symbol is on the back of the Aegis 3NX-C.
RoHS Compliant. This is a product level compliance based on the European Union’s Directive 2002/95/EC, the Restriction of the Use of certain Hazardous Substances in Electrical and Electronic Equipment (RoHS). Products compliant with this directive do not exceed the allowable amounts of the following restricted materials: lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls (PBB), and polybrominated diphenyl ethers (PBDE), with some limited exemptions(7).
FCC Compliant. In this case, this means that the product has been tested and has met regulated limits for ionizing radiation.
TAA Compliant. Refers to the Trade Agreements Act and requires that the US Government may acquire US-made or designated country end products. Being US-made, the US Government does not restrict the Aegis Secure Key 3NX-C for purchase by a US Government agency.
Data Transfer Rate: USB 3.0 – up to 5 Gbps
Power Supply: USB Port / Internal Battery
Interface: Super Speed USB 3.2 type C
Dimensions: 81mm x 18.4mm x 9.5mm | 22 g
Storage Available: 4 GB, 8GB, 16 GB, 32 GB, 64, 128 GB
Warranty: 3 year limited
System Requirements: Windows®, Mac®, Linux, Android and Symbian systems, or any powered USB OS with a storage file system
*Automatically uses 256-Bit AES XTS Military-Grade Hardware Encryption. Encrypts all data on-the-fly.
• No Software: Ready to use right out of the box, no drivers, and no updates. Nothing to key-log or hack.
• Versatile: Compatible with PC, MAC, Linux, Android, Symbian, or any mass storage compliant system with a powered USB port.
• Forced Enrollment: No factory-preset default PINs.
• Aegis Configurator Compatible: Create custom profiles and mass configures multiple Aegis devices at once.
• Onboard Keypad: All PIN entries are performed on the device’s alpha-numeric keypad making it compatible with systems without keyboards and shares no critical security parameters with its host computer. All authentication takes place within the device itself.
• Wear-resistant keypad designed not to reveal commonly used keys.
• Lock-Override Mode: Can be programmed to remain unlocked during reboot / USB re-enumeration.
• Two Read-Only Modes preserve data in its original, unaltered state while blocking malware.
• Data Recovery PINs: provide access to the device in the event of forgotten PINs.
• Programmable Brute Force PIN Attack Protection: After a predetermined number of consecutive incorrect PIN entry attempts, the Aegis Secure Key will conclude that it is under attack by Brute Force and destroy its encryption key and PINs, rendering all data. undecipherable. In short, it Self Destructs data and key operating features.
• Drive Reset: All Apricorn Devices can be Reset and Redeployed Over and Over. Drive reset clears both the User and Admin PINs, destroys the data, creates a new randomly generated encryption key, and allows the drive to be reused repeatedly, with an infinite number of randomly generated encryption keys, allowing the admin and or user to reset the drive as often as is needed.
• Rugged Design: Dust and water resistant Aluminum exoskeleton. All internal components are protected from physical tampering by a layer of hardened epoxy, and locked-down firmware. This brings immunity to malware attacks such as BadUS. IP68 rated.
Features Unique To The Aegis 3NX-C
Both the Aegis Secure Key 3NX and the Aegis Secure Key 3NX-C share features not available in the rest of Apricorn’s line:
- In order to increase compatibility, each device may be configured as a removable disk, or a fixed disk. Taken directly from their Quick Start Guide, this is how Apricorn explains this feature:
“Two devices in one: Windows, Mac, and Linux all deal with Mass Storage devices differently depending on whether they report themselves to the host as Removable Media or as Fixed Disks. Some applications or embedded systems may allow one type but not the other. Example: Windows 2 Go will work with devices that report as Fixed Disk but not as Removable Media. Alternately, there are USB boot drive creators and Windows imaging tools that will only work with Removable Media and not with Fixed Disk. It’s not uncommon for older equipment with built-in USB ports (such as those found in hospitals, manufacturing, and monitoring) to only look for Removable Media and ignore any Fixed Disk that is attached.
To accommodate all situations, Apricorn has developed a means to allow the Secure Key and 3NX and the 3NXC to be configured as either Fixed Disk or Removable Media. By default, the drive is set as Removable Media but can be easily changed to Fixed Disk in the Admin mode and can be toggled between these modes as needed. (The default boot record is set to MBR; If you need to set the drive as Fixed Disk and use a GPT boot record, either reset the drive or use a tool like Diskpart to clean the drive to allow a new boot record and format to be applied.)”
- Unique to the 3NX-C: the device operates at up to 25% cooler operating temperatures.
A Question Of Heat
The Aegis Secure Key 3NX-C runs up to 25% cooler than the other 3 drives in the Aegis product line. This statement brings up two questions: Why does the drive need to be cooler? How does it get cooler?
Why does the drive need to be cooler? First, let’s start answering that question by stating some things that are obvious. All typical flash drives have current going through them, a “chip” of some sort, and they perform processes: read, write, delete, and save. When there is a lot of reading, writing, deleting, or saving happening, the typical flash gets warm.
Next, all the Aegis Flash Drives perform the same processes the typical flash drives do, and then some. Not only do the Aegis drives use power, but they also store power as well. Now, please go to the earlier topic titled, “Core Features”. Now take a look at all the features. Depending upon what is set up, each of those features mentioned in that section takes power both to initiate and use the feature. A larger firmware chip is needed to store the firmware (Aegis Ware), and the chip takes power to run. I am sure there are more processes going on inside the device, but the point is the more processes you have running, the more power it takes to both run, and manage the “running” of the processes. In the end, all of these running processes make heat and increase the temperature inside the device. The platform (or casing) surrounding all the electronics is aluminum and helps dissipate some of the heat. This dissipation isn’t instantaneous. So, when you touch the drive it can be quite warm. Don’t think the build-up of heat inside a secure flash drive is unique to Aegis drives. It is consistent with all secure flash drives, varying both figuratively and literally by degrees.
Isn’t heat in electrical devices a bad thing? As long as the heat isn’t damaging the product, its function, or its surroundings (people included), then no, it isn’t a bad thing. Here’s a personal example, I have a home theater receiver that drives sound through seven discrete audio channels, through seven amplifiers, to seven speakers. It is also driving the 4K video channel to the TV set. All this is driving is helped along by a power supply that weighs more than half the weight of the whole receiver. The power supply drops current from 110 volts to a much lower voltage for all the electrical components in the receiver. In performing its function, the power supply gets very warm. After only a few minutes of operation, you can place your hand 6 inches over the receiver and feel considerable heat. Eight hours of constant use later, the receiver is still very warm but no warmer than it was after say 30 or 45 minutes of use.
To see if I could obtain a similar result from the 3NX-C and 3z drives, I placed a two-hour movie on the 3NX-C drive. I then started to watch the movie. There is no writing going on in the drive, it is constantly reading, – its green light was rapidly blinking. I felt the drive after 30 minutes or so, and it was warm. After two hours of use, the drive was still warm, but not perceptibly different than it did an hour and half earlier. Next, I transferred the same movie to the 3z drive, and started the movie. I then again felt the drive after 30 minutes or so of operation and the 3z drive was really quite warm. After two hours of use, when I felt the drive, I got the same experience as I did with 3NX-C drive, there was no perceptible difference in the temperature of the drive.
OK, to tell the truth, from all three of these examples I can clearly state that I am not a human thermometer. I am pretty sure my tactile senses are not developed enough to tell any difference from any moderate swings in temperature during a two hour period. But I can discriminate the difference between “warm” and “Wow! That’s Hot!” over any time frame one might suggest. The receiver and the two drives never reached the “Wow! That’s Hot!” stage. Also, it was a foregone conclusion that the 3z drive would be the hotter of the two drives, as the 3NX-C has an extra feature to lower its heat, and among other differences to the 3NX-C, the 3z has a much faster data speed (thus more heat being is created by this little data-rocket).
From my not-so-scientific tests, a pattern is apparent: over an extended period of time, for each device (my receiver and two Aegis flash drives) heat grew, and then to some minor degree of variance, leveled off. Why? Here’s the punch line, for both the receiver and the Aegis flash drives: their company’s engineers designed each device to safely handle the heat. How the engineers did it, is way beyond the scope of this document. If heat management wasn’t a design element, over an extended period of time, each device would likely have been damaged or destroyed by the heat.
If you need further confirmation for designed heat management, take a look again at the “Certifications Awarded…” section in this article. These drives are tested by Apricorn, independent agencies, institutions, and governments. Safety standards are addressed in many, if not all, of these Certifications, and heat certainly is a necessary element to test.
In summary, heat if managed with a proper threshold is not a serious operational issue. Then why did Apricorn design the Aegis Secure Key 3NX-C to run up to 25% cooler? Because the perception of possible damage due to heat is an issue. I think Apricorn wisely responded to their customers’ perceptions.
How did they make the drive cooler? Take a look at the form factor of the 3NX-C. There isn’t any room for a heat sink or a fan. The drive already has an aluminum housing. What’s left? And the answer is: a heat sensor is used to lower the drives speed slightly when a pre-determined internal temperature is met. How dramatic is the drop in speed? During my tests, I transferred Giga-Bytes of data to and from the 3NX-C drive, ran videos, etc., and I haven’t noticed any latency from speed toggling.
Aegis Secure Key 3NX-C Setup
As far as the actual setup goes, if you follow the well written instructions provided, Aegis Ware (Apricorn’s patented built-in firmware) will do all the complex work necessary to set your 3NX-C up with any of the available security options you select for this device.
An important note: Do not press any buttons while the Aegis Secure Key 3NX-C is plugged into a USB port. Doing so may cause damage to the USB port and the Aegis Secure Key 3NX-C.
Here is an excerpt from the actual “Quick Start” guide. Aegis drives do not come with a default PIN. These are the instruction for creating your initial Admin PIN, and how to enter the Admin Mode:
Once in the Admin mode, you can establish, delete, and change User Pins; set one-time-recovery PINS; change the Admin PIN; set read-only or read/write mode; allow User to set read-only or read/write mode; set LED flicker and button press indicator; set minimum PIN length requirement; set unattended auto-lock feature; set self-destruct PIN; and more.
After researching data for this device, using the Aegis Secure Key 3NX-C for a couple of weeks, and writing this review, here are my conclusions:
1. The Aegis Secure Key 3NX-C has a 37 year pedigree, and this little guy may be the new kid on the block, but he is most definitely a thoroughbred. The device is loaded with plenty of features to keep your data safe, and they all work as advertised.
2. The 3NX-C, though being new on the market, has already received numerous certifications and compliancies from institutions, organizations, and governments.
3. I found only one small blemish with this device, and this is almost to the point of being picky. The rubber boot that the 3NX-C slips into when not at use, with little resistance, simply falls off the product. It appears that this same boot is used on both the 3NX and the 3z flash drives. Both of these devices use an USB Type A connector. Located on the inside bottom of the rubber boot is a rubber “tab”. When a 3NX or a 3z drive is pushed into the boot, this rubber tab goes into the Type A connector, and helps secure the boot to the drive. The 3NX-C has a USB Type C connector that is much smaller than a Type A connector, so the tab on the bottom of the rubber boot cannot fit into the connector. As a result, the only thing securing the boot to the 3NX-C is the rubber’s resistance to the device’s aluminum body. The boot is not a snug fit to the 3NX-C, so the boot falls off.
4. Setting up the device was painless. Prior to this review, I had never worked with a secure flash drive. The instruction was simple, and within a few minutes, I had an Admin PIN initiated, and was off setting up security options. You don’t have to be a computer whiz to set up, configure, or use the Aegis Secure Key 3NX-C.
5. The Aegis 3NX-C can help you secure your data, but it cannot keep you from losing the device itself, or from a natural disaster. You should back up your data to another secure device, like another 3NX-C, and store that device in another location.
6. The 3NX-C, with its USB Type C connector helps keep the drive current. The USB Type C connector is the connector of choice on most new computers now, and many other devices using USB drives.
7. Considering Apricorn’s history in the marketplace, the quality of the build and engineering of the Aegis Secure Key 3NX-C, number of patents obtained by the company, ease of setup and use, the assortment of security processes available on the device itself, and the certifications achieved, you would be very hard-pressed to find a better secure flash drive to protect your data.
- Wikipedia, en.wikipedia.org/wiki/Apricorn,_Inc.
- McAfee, https://www.mcafee.com/enterprise/en-us/about/cloud-compliance/fips-140-2-encryption-compliance-requirements.html#:~:text=The%20Federal%20Information%20Processing%20Standard,meet%20well%2Ddefined%20security%20standards.
- ibid, McAfee
- ibid, McAfee
- ibid, McAfee
- Simms, https://www.simms.co.uk/tech-talk-2/levels-of-encryption/#:~:text=What%20is%20the%20difference%20between%20FIPS%20140%2D2%20and%20FIPS,of%20the%20product’s%20physical%20properties.
- Thomas, https://certifications.thomasnet.com/certifications/glossary/other-certification_registration/european-commission/rohs-compliant/#register