Skip to main content

Multi-factor authentication with ID card or military ID card

How the ECOS SecureBootStick ZX works

The BSI-approved ECOS SecureBootStick ZX allows for the first time the German Armed Forces, NATO, federal authorities, or companies with a security clearance to access data and applications with classification level VS-NfD, EU and NATO RESTRICTED restricted from any, even private, PC or Mac.

The Secure Boot Stick ZX cascades numerous security measures to provide an extremely high level of security.

Its ID-1 card slot allows the use of PKI cards and ID cards, such as the military ID card of the German Armed Forces, for user authentication.

It is also identical to the ECOS SecureBootStick SX in design and software. Like its counterpart, the Secure Boot Stick ZX is BSI-approved for VS-NfD, EU and NATO-restricted too.

Secure Stick SX von ECOS steht platziert auf Tisch

Integrated smartcard

Learn more about the Secure Boot Stick with integrated smartcard and BSI approval for VS-NfD

Go to product
Deckblatt der Broschüre zum Secure Boot Stick von ECOS

Security to the X-treme

Are you interested in the Secure Boot Stick brochure?

Download area
Ein gelbes Fragezeichen vor vielen dunkelgrauen Fragezeichen

Any questions?

Use our contact form and we will get in touch with you as soon as possible.

Contact form
Technical data of the Secure Boot Stick ZX

BSI approval

  • Approved for processing data with classification level VS-NfD, NATO RESTRICTED, EU RESTRICTED

Applications

  • RDP Client, Citrix Workspace app (formerly Citrix Receiver), VMware Horizon via RDP, PCoIP, BLAST, Firefox, Chromium, VPN Client for IPsec
  • Citrix HDX RealTime Media Engine to optimize audio and video transmission for Skype for Business and Microsoft Teams
  • Microsoft RemoteFX for optimizing the audio quality with RDP

Supported destination systems

  • Microsoft RDSH, WTS 2000 and later, RDS, RD sharing, Citrix Virtual Apps & Desktops, VMware Horizon or web server

VPN

  • Connection to genua genuscreen by IPsec within a BSI-approved environment

Administration

  • Profiles for access to different applications/servers on user, group or role level
  • Use of local resources after release (external USB storage devices, local printers)
  • Rights assignment for external devices bound to manufacturer ID or serial number of the device
  • Remote update of all applications and firmware

Compatibility

  • Integrated smartcard reader for PKI cards, ID cards in ID-1 format
  • Drivers for all popular 64-bit PCs, Macs and tablets with x86 architecture
  • UEFI Secure Boot support
  • Keyboard drivers for more than 90 languages and countries
  • Multi-monitor support
  • Connection by LAN, WLAN, UMTS, LTE incl. browser for login to hotspot
  • Software in German and English (pre-configurable)

Data safe

  • 1 GB, usable for storing documents (not for VS-NfD), (larger storage capacities on request)
  • Hardware encryption with AES-256, secured by smartcard plus PIN
  • Installation-free use as USB drive in Windows, Linux and macOS

Additional features

  • Signing, encryption or Windows smartcard logon with PC/SC forwarding
  • Forwarding of external USB and LAN devices, e.g. for the connection of an IP telephone
  • Automatic reconnection after disconnection or connection change

Multi-factor authentication

  • Software certificate, tied to stick’s hardware ID and smartcard
  • Integrated numeric keypad for PIN entry on the stick

Security

  • Write-protected and signed partitions for bootloader and kernel
  • Encryption by hardware of all security-relevant partitions
  • Signed read-only partition for firmware and applications
  • Writeable partition for storage of user parameters
  • Hardened ECOS Secure Linux operating system
  • Digitally signed bootloader, firmware and applications validated in chain of trust
  • All processes secured by smartcard, e.g. Easy Enrollment, sign-in to gateway, stick update
  • Integrated firewall protecting against attacks over the same network and blocking ping requests
  • Encryption of RAM content except for the executable program code
  • VM start detection prevents use in virtual environment
  • Fingerprinting of the guest computer incl. peripherals
  • Instant logout on stick disconnection
  • Secured updating process for firmware and applications with verification of integrity and correct update server

Connection, dimensions and scope of delivery

  • USB-A | C | micro - 28 x 85 x 14 mm – 72 g
  • ECOS SecureBootStick ZX and carrying strap, 2 connection cables for USB A and C

Are you interested in the ECOS SecureBootStick ZX? Do you have questions?

We are looking forward to your message!