SafenSoft SoftControl DeCrypt

SoftControl DeCrypt is a full-disk encryption solution designed specifically for ATMs and self-service devices (payment terminals, infokiosks). It encrypts the hard drive of an ATM to prevent the data stored on it from being used to attack the device or the banking system. The encryption key is derived from parameters of the hardware and connected peripheral devices (USB), rather than relying on local password entry or a TPM chip. This approach addresses operational constraints common to unattended self-service devices, where interactive password input at boot is not feasible and TPM usage would overwrite certificates stored for specialized hardware components (dispenser, bill acceptor, PIN pad, card reader). The product protects against the following ATM attack vectors: - Bypassing software self-protection by deleting files from an offline hard drive when booting from an external medium - Reverse engineering of ATM software from a stolen hard drive to prepare a targeted attack - Using a stolen hard drive to attack payment processing systems via stored connection certificates and sensitive data Key capabilities include AES-256 encryption (256-bit key, 14 rounds), pre-OS decryption of the system partition, hardware binding for automatic key derivation, a device blacklist to exclude slow-initializing peripherals from key generation, and a manual password fallback for cases of critical hardware configuration changes. Remote management and event monitoring are provided via a management server, covering OS boot events and manual password usage. The client module supports installation on Windows and Linux. The product is registered in the Russian Software Registry (entry No. 19585, dated 17.10.2023).