• Any device with DataEX installed self-authenticates via a secure EEPROM memory region before it responds to requests to access the secured partition. When attempts are made to access the partition, a dynamic authentication hash is generated which is compared with a hash in this protected hidden portion of memory. If they match then the access attempt is granted as it is deemed to be authentic. Access to this hidden area can only be authorised using DataEX's patent pending technology. The portion of memory that is required to perform this primary authentication will not render during any unauthorised access attempts or EEPROM memory "dumps". Primary authentication will thus be missing and will generate an error: "Invalid Memory Reference". The simplicity of its operation nullifies cloning and hacking.

• Data is encrypted using two symmetric encryption algorithms, a propriety IDAT algorithm called Trinity (that is based upon a private key), which then feeds a date/time stamped dynamic key into AES-256. AES-256 is the standardised encryption specification used globally by everyone from corporations to governments. IDAT selected AES-256 instead of AES- 128 in order to ensure that the most secure combination possible is enabled when combined with Trinity. It is possible to break AES128 with a quantum computer, but it is impossible to do the same with AES-256. With Trinity performing the initial encryption on the Private Key, the inputs into AES-256 are dynamic, a feature that no other encryption system has. This differential ensures that even if a packet of encrypted data is intercepted, it cannot be reused by a 'man-in-the-middle' attack
• Whenever authentication to the DataEX "vault" is required the embedded DataEX executable uses a dynamic Secure Hash Algorithm 3 (SHA-3 hash) to create an authentication code, which is reproduced within the secure area and compared. If they match then authentication is successful. Note, that the authentication code is only generated once user authentication is completed via the input of a standard username and password sequence, and any additional authentication protocols that were enabled
• There are three symmetric keys used for authentication on each DataEX protected device:
• The Private Key (PK) - is used to encrypt personal data or highly sensitive data.
• The Card Issuer Key (CIK) - is company, reseller, IDAT deployer, installer specific. The CIK is like a public key but it is never openly exposed and is used within the authentication algorithm. The reason this key is never exposed is to prevent fraudulent authentication. A big risk today is that access to any public key gives hackers a huge advantage to cracking the private key, as it is generally a derivative of the public key. As IDAT uses symmetric and not asymmetric encryption as happens in PKI public - private keys, the CIK "public Key" is in no way related to or a derivative of the private key. Even if the public key is compromised it has no effect on the private key.
• A Web Key (WK) - is used to authenticate the user over the public web via an IDAT "session key" technology algorithm.

• Makes you the master of your own data - The essence of DataEX is that the user, or Private Key holder, is the master of their own data. It is up to them to authorise access to their hardware or card. They are not reliant upon a certificates authority, an operating system or any application which could be compromised.
• Easy data encryption - Once DataEX has been installed and configured, you can begin adding to your "vault". New documents are generated in the "vault" from the start and attachments are saved prior to decryption. This is done by rightclicking on the file you wish to secure and selecting the "DataEX Secure Vault" option. Once selected the file will be encrypted and secured in the local vault. This prevents data from being exposed by someone running an undelete command and retrieving deleted data from an existing hard drive partition. Any delete that IDAT's solution performs is not simply a severed registry link or header deletion, but is instead a physical delete where all parts on that memory being deleted are written over to 1s, completely erasing data, even from forensic analysis.
• You choose the size of the partition to be masked - during the installation process the user is able to stipulate what portion of non-volatile memory should be protected
• You choose your combination of authentication protocols - a standard username and password sequence is required. Thereafter additional authentication protocols or combinations thereof can be added, including:
• A secure USB dongle attached to the device.
• A smart card reader and authentication card insertion.
• A proximity device (encoded RF/Wi-Fi signal or transponder) that will only allow access whilst within range e.g. at home or at the office.
• An RF enabled Bank card, ID card or Sim card that has the IDAT technology to confirm access.
• A one-time external code generator.
• Ensures secure web and e-mail encryption - once you have installed DataEX on any web-enabled device, and completed the registration process, a "web-key" is deployed which is used to authenticate you. The web key, along with the card issuer's key (akin to the Public Key used to identify the deploying source) then creates a hashed message authentication code (HMAC) that is used to authenticate the user and web server. The two create a "session key" that is used to encrypt data between the points. These session keys are dynamically created and you can set a time limit on its validity, or limit the dynamic key to its function.
• Secures company confidential data on mobile devices (laptops, tablets and smartphones etc.) in either company owned or BYOD Environments - It is extremely challenging to protect private company data when staff are increasingly "on-the-go" or using their own devices. DataEX enables enterprises to enact several additional conditions, over-andabove the username and password and the symmetric company key used for authentication. These options include, but are not limited to, USB dongles, proximity devices or portable password generators. By securing company confidential data, you increase your compliance and mitigate potential issues pertaining to corporate governance and risk. By partitioning only a portion of the non-volatile memory on the device, the employee is free to use their device for personal use or use company devices in potentially unsafe/ hostile environments, without risking fraudulent access to the company's private data. This protection is extendable to servers as well as sensitive data on web servers or portals.
• Ensures that sensitive data on mobile devices is never compromised if installed with an IDAT SimEX enabled SIM card - Your device cannot be compromised without the authentic SIM. In the event of the device being stolen, the SIM is disabled via the network and a signal is sent once a username and password has been authenticated to ensure that your sensitive data is deleted.

DataEX is available in three user-friendly versions