HP Dc5700 HP ProtectTools Security Manager Guide - Page 45

Trusted Platform Module (TPM) embedded security chip (some models only) Integrated security chip that can protect highly sensitive user information from malicious attackers. It is the root-of-trust in a given platform. The TPM provides cryptographic algorithms and operations that meet the Trusted Computing Group (TCG) specifications. TPM hardware and software enhance the security of EFS and the Personal Secure Drive by protecting the keys used by EFS and the Personal Secure Drive. In systems without the TPM, the keys used for EFS and the PSD are normally stored on the hard drive. This makes the keys potentially vulnerable. In systems with the TPM card, the TPM's private Storage Root Keys, which never leave the TPM chip, are used to "wrap" or protect the keys used by EFS and by the PSD. Breaking into the TPM to extract the private keys is much more difficult than hacking onto the system's hard drive to obtain the keys. The TPM also enhances the security of secure e-mail via S/MIME in Microsoft Outlook and Outlook Express. The TPM functions as a Cryptographic Service Provider (CSP). Keys and certificates are generated and/or supported by the TPM hardware, providing significantly greater security than software-only implementations. USB token Security device that stores identifying information about a user. Like a Java Card or biometric reader, it is used to authenticate the owner to a computer. Virtual token Security feature that works very much like a Java Card and reader. The token is saved either on the computer hard drive or in the Windows registry. When you log on with a virtual token, you are asked for a user PIN to complete the authentication. Windows user account Profile for an individual authorized to log on to a network or to an individual computer. ENWW Glossary 39