AreaGuard Security System The AreaGuard security system is intended to protect coded company and user data from being stolen and its subsequent misuse by an undesirable person. AreaGuard integrates into the Windows NT or 2000 operating system. The first part of the AreaGuard security system is to "Protect company dataö, with which users (employees) normally use and have the possibility to steal electronically. The second part is "Protecting user dataö, which with it's help common users can code their data with their own encoding key. Users, which are interested in archiving their personal data, sending them by e-mail, and transferring them to data storage devices, without the possibility of being misused by undesirable persons, value this function. An advantage of the AreaGuard security system is its inconspicuous operation. A common user, which works with company data and respects the system manager's rules, doesn't notice any changes. Exceptions are situations where its activities lead to potentially unsafe situations. Individual parts of the AreaGuard security system AreaGuard's "Company data securityö system concentrates on data which belongs to the company but which is used by many employees. The system manager defines the following safety settings of the AreaGuard system: encoding key and algorithm code "Protected areaö, where protected discreet data is placed (directory on the local or network disk) "Privileged applicationsö, which, as the only ones, can work with data placed in the protected area. Discreet data is placed in protected areas in coded form. Privileged applications are allowed to normally work with the data and AreaGuard will ensure transparent encoding and decoding of data. Privileged applications can't save data or its parts, export or move them to any other area other than a protected area. If a privileged application is reading data from a protected area, which is at other than local disk, via network then data is transferred in coded form and decoding occurs at the target station. It is impossible to move protected data modified by privileged applications to other applications, not even with the help of the clipboard. The AreaGuard system provides the possibility to increase On-line encoding security of PAGEFILE.SYS files and temporary files in the TEMP directory. All information about the AreaGuard system (code key, a list of protected areas and privileged applications) are saved in AGD "AreaGuard Database", which is part of the operating system's registration database. AGD is encoded with the help of MEK "Master Encription Key", which is saved in the secure hardware card "AreaGuard Card". The second part of the AreaGuard security system is encoding user files. The user has the possibility to encode selected files or directories with the help of a defined encoding key, which is it's secret. The context menu of directories and files is expanded by items "Encodeö and "Decodeö, with which the user can encode or decode files or entire directories. While working with encoded files, On-line encoding and decoding are done transparently with the help of a key which the user enters from the keyboard. Principles of operation AreaGuard is integrated directly into the core of the operating system as a controller of the file system. High security is achieved by its implementation right after the activation of Windows NT Kernel (core), even before the activation of the first File System controller. Security is also increased by the use of the hardware accessory AreaGuard Card. The AreaGuard parameter settings are done in the AreaGuard control panel which is available only to the security manager. All access to the settings of the system are under the security policy of Windows NT, 2000. The first installation of the AreaGuard security system is simple, isn't time consuming , and it is possible to implement it into an already installed workstation Reliability and security of the AreaGuard system The AreaGuard security system is built on the strength of the encoding algorithm and the length of the encoding key. The security manager can use standard algorithms DES and CAST with a key length of 64 and 128 bits, which is at present time regarded as insolvable in real-time. All the operations are done directly in the core of the operating system. The security manager can export the entire AreaGuard settings to backup media which is used to restore settings in the case of a system crash. AreaGuard Card The security ISA hardware card, AreaGuard Card, secures the start of the correct operating system and at the same time securely saves MEK. As soon as the AreaGuard is activated, the card is deactivated and it is impossible to communicate with it. If it is removed from the computer then the operating system can't start and during the subsequent insertion of the AreaGuard Card the PIN code is required which is available only to the security manager. AreaGuard light is purely software security which is not using AreaGuard card and it is reasonably priced for users with lower security demands.