General Questions and Answers

GENERAL ABOUT SafeStick & SafeStick SuperSonic

What is SafeStick? Or what is a safestick?

SafeStick is a secure USB flash drive. It automatically password-protects and encrypts all stored information. Replace your USB sticks with SafeSticks and assure information security at all times.

All stored information is 100% encrypted and the algorithm (AES256-CBC) fulfills government and military standards.
SafeStick USB drives can be managed and audited with a central management server software namned SafeConsole. SafeConsole I able to manage thousands of SafeStick drives in a corporate environment.

SafeStick is a BlockMaster world-wide registered brand but has by many people become synonym with a secure USB flash drive.

Why would I need an encrypted USB Memory Stick?

Each year thousands, upon thousands, of unsecure USB drives are lost every day. The data upon these drives are completely exposed and will risk organisation brand value, business partner relationships, users’ employment and will mean non-compliance to local information legislation.
With SafeStick the secure USB stick your information is safeguarded. All your data is always password-protected and encrypted within the hardware. A lost device is merely a lost device, your data is safe and no breach will ever occur. If a lost SafeStick later on is found you can be 100% sure that the data is intact and has not been read or manipulated by anyone. Just plug it into the user computer and it is automatically “Found” and ready to work for you again. This saves money from day one as data breaches and surrounding routines and procedures are all costly. Not to mention the headaches you will avoid for all involved.

What happens if a user forgets the password for SafeStick?

It is not possible in any way to get access to stored information without the correct password. There are no back-doors and tests by independent security labs and customers have confirmed this over and over again. It is statistically and technically impossible to retrieve data. There are two options to continue:

  • If an organisation has SafeConsole deployed it is possible to perform a password reset if the SafeStick password is forgotten. The procedure credentials are unique for each organization and are handled with a secure PKI-based challenge response procedure that is protected against social hacking. No information is lost and the user is securely back to work in minutes. The password reset can be handled over phone, email or in person.
  • If SafeConsole is not installed the SafeStick needs to be factory reset. This procedure does not require administrator privileges except for the SafeStick BM7741 on Windows XP computers. All stored data will be wiped and cannot be recreated by any means available as the storage is completely reset and the encryption keys are destroyed/renewed.

It is encouraged that the user chooses a password hint during the quick SafeStick setup.

What sizes of SafeStick are available?

SafeStick secure USB drive is available in these storage sizes: 1GB, 2GB, 4GB, 8GB, 16GB, 32GB, 64GB, 128GB
SafeStick SuperSonic ultra fast secure USB drive is available in these storage sizes: 4GB, 8GB

Which USB-ports is SafeStick compatible with?

SafeStick works on all available USB-ports, both 1.1 and 2.0 (high-speed/full-speed). The small form factor means that it will fit even is space is scarce as with close adjacent ports on ultra mobile laptops.

Does SafeStick require software-installations or admin rights?

No. Just plug the stick in and all necessary resources are run directly from the stick and no traces are left behind.

Can SafeStick be managed in a Corporate Environment?

SafeConsole allows you to manage hundreds of thousands of SafeStick drives wherever they may be in the world.

SafeConsole is rapidly deployed and provides optional Windows Active Directory integration, full management capabilities, complete device life-cycle management, assignment of policies and features dependant on AD membership, remote reset of passwords, compliant auditing, remote wiping of rogue sticks and much more.

How tough is SafeStick? Will it break?

SafeStick is a small device but it is also extremely though and rugged.

Some of the things SafeStick have proven to withstand:

  • Repeated rolling over by a 2500lb V8 Range Rover.
  • Repeated full washing machine cycles at the highest temperature.
  • 30 seconds of red-hot angle grinder sparks.
  • A whack with a 10lb sledge iron smith hammer.

On YouTube there are several videos displaying SafeStick under extreme conditions

What operating systems does SafeStick support?

SafeStick is fully compatible with:
Windows 7, Vista, XP, 2000(SP4), server 2008, 2003
MacOS X 10.5. 10.6
Linux Kernel 2.6 or later

How can I TRY SafeStick?

Representatives for organizations can apply for a trial version of SafeStick and/or SafeConsole for free.
Request free trial of SafeStick here »

Where can I BUY SafeStick?

Please contact your local distributor or reseller.
Find your distributor here »

You are also always welcome to contact BlockMaster at [email protected] and we will redirect your contact details to a local reseller.


What is SafeConsole?

SafeConsole is a software developed to provide remote control of your secure USB flash drives. SafeConsole enables the possibility to for example remotely reset lost drives, configure password policies and provides many productivity enhancing features.

Administrators use a web-based interface in a standard browser to create and assign SafeStick device configurations. Functionality in SafeConsole is made available based on staff roles created in Active Directory or stored in an XML file. SafeConsole can serve more than 100,000 SafeStick drives. Installation can be done either before or after the issuance of SafeStick drives.

SafeConsole is a BlockMaster world-wide registered brand.

Which USB drives can be managed by SafeConsole?

SafeStick secure USB flash drives can be managed by SafeConsole. One single installation of SafeConsole can manage more than 100′000 drives.

BlockMaster’s SafeConsole already manages more secure USB flash drives than any other, as it is the most widely deployed USB management software. Future plans include Kingston rolling out a version of its DataTraveler Vault – Privacy Edition that requires management by SafeConsole to activate the drive. This product will be able to address the strictest security requirements of the market, ensuring that the drive will not work unless managed. The launch of this product is scheduled for Q3, 2010.

Is SafeConsole expensive?

SafeConsole is purchased as a yearly license and the price is based on the amount of USB drives you would like to manage.

SafeConsole is available in three licensing levels: INTRO (I), ENFORCE (E) and ENFORCE & ENABLE (E2). SafeConsole INTRO enforces the organization’s password policy. SafeConsole ENFORCE includes the full range of policy-enforcing features, and SafeConsole ENFORCE & ENABLE multiplies the benefits of SafeStick and SafeConsole and adds all the productivity-boosting features.

How can I TRY SafeConsole?

Representatives for organizations can apply for a trial version of SafeStick and/or SafeConsole for free.
Request free trial of SafeStick here »
Request free trial of SafeConsole here »

How do I BUY SafeConsole?

Please contact your local distributor or reseller.
Find your distributor here »

You are also always welcome to contact BlockMaster at [email protected] and we will redirect your contact details to a local reseller.


Which chip (micro processor) is used for encryption?

The chip is BM7741 (BlockMaster chipset 77 version 41) which is based on an Intel 8051-archictecture. BM7741 handles all security processes such as password validation, streaming encryption, key handling onboard the USB drive outside the host-computer.

Does SafeStick have a timer lock-down (timeout/lock) feature?

Yes, it is administrator or user configurable. If SafeStick is left behind or forgotten when unlocked it will automatically lock down after preset time interval.

How does SafeStick brute-force protection work?

If a SafeStick is subjected to a intrusion attempt that tries numerous passwords SafeStick will lock-down or factory reset (dependant on SafeConsole settings). The counter of faulty passwords cannot be reset and is handled within the embedded system onboard the SafeStick. There are no possibilities to tamper with this from a host computer.

How does SafeStick protect against physical tampering?

The circuitry of SafeStick is covered with environmentally friendly epoxy which means that tampering will be extremely time-consuming. Tampering by any means is result-less as all processes and data are encrypted.

How are the SafeStick encryption keys generated and stored?

The encryption keys (standard based AES256 CBC) are generated and stored securely onboard the embedded system. No copies or duplicates are kept anywhere else and cannot by any means be regenerated.

Why should the AES256 algorithm be used instead of AES128?

SafeStick uses AES256 to encrypt your information. 256-bit AES is much more secure than 128-bit AES, as 256-bit is the square of the strength of 128-bit encryption.

Can the SafeStick host application be manipulated?

No, it is encrypted at runtime and is bit sensitive. All security is handled in the embedded system but this helps to assure the solution integrity.

Is it possible to eavesdrop on SafeStick?

No the stream of data through the port is encrypted (RSA512).

Software-encryption of USB memory is cheaper (or even free like TrueCrypt). What is wrong with these solutions?

Software encryption of portable USB storage, using file containers or file level encryption schemes, has multiple inherent problems that can prove very troublesome. Some of these can be security flaws, file corruption, high support costs, usability issues and that admin user rights are often required. The white-paper “7 Major Weaknesses of software-based USB security” outlines a selection of these flaws.

Where are the PKI-certificates stored that are used for the SafeStick feature ZoneBuilder (“Trusted zones”) and Password reset?

The certificates are stored encrypted and hidden outside the normal file system but are considered public information in data security terminology. The certificates cannot be used to access any information on the drive. The only token that can be used to access the device when performing a password reset or using ZoneBuilder is the private key that corresponds to the specific certificate. This private key is never stored on SafeStick but on a computer (SafeConsole server or trusted client computer for ZoneBuilder)

Promote This Page
  • Digg
  • Facebook
  • Technorati
  • LinkedIn