HP EliteDesk 800 G1 Ultra-slim PC Client Security Commercial Managed IT Softwa - Page 11

HP Client Security - Setup Wizard

Get HP EliteDesk 800 G1 Ultra-slim PC PDF manuals and user guides View all HP EliteDesk 800 G1 Ultra-slim PC manuals
Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

 Generate a PKI key pair to be used by the authentication service in conjunction with cryptographic functions.  Generate the PKI and symmetric keys (UUK) upon enrolling a user. The UUK is not stored in the clear or simply obfuscated on the hard drive. The key is always protected via a credential. User's Windows password is used to derive a key that is then used to encrypt the UUK. Additiionally, the key is either encrypted as with the Smart Card or securely stored in the authentication device as with the secure fingerprint reader. The UUK is only released upon a successful user authentication. This key in turn encrypts other sensitive user data, the so called "user secrets". In the end, the secrets are always protected via user authentication.  Microsoft Enhanced Cryptographic Provider (ECP). Design and Services HP Client Security provides an authentication service to ensure that the user authentication capabilities extend beyond Windows, and that BIOS and Drive Encryption login pages can participate in user authentication as well. All communication between the authentication service and authentication environments occurs at the service layer. The authentication service provides the following functionalities:  Manages the activation and deactivation of the authentication environments (Windows, BIOS, Drive Encryption).  Coordinates the authentication policies and user provisioning data across all authentication environments, thus facilitating One Step Logon and ensuring that a lockout scenario is avoided.  Enroll users' credentials. HP Client Security - Setup Wizard The HP Client Security setup wizard helps secure access to your computer via a password, a fingerprint sensor (if available), or the HP SpareKey if a password or other credential is lost. The wizard safeguards hard drive access and data using HP Drive Encryption for robust information protection. It ensures that removable media cannot be accessed until authenticated with HP Device Manager with Just-In-Time Authentication, and even then the access is granted for a limited time. The wizard also enforces the default setting of Windows logon authentication and places the HP File Sanitizer icon on the desktop. 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
11
Generate a PKI key pair to be used by the authentication service in conjunction with cryptographic functions.
Generate the PKI and symmetric keys (UUK) upon enrolling a user. The UUK is not stored in the clear or simply
obfuscated on the hard drive.
The key is always protected via a credential. User’s Windows password is used to
derive a key that is then used to encrypt the UUK. Additiionally, the key is either encrypted as with the Smart
Card or securely stored in the authentication device as with the secure fingerprint reader.
The UUK is only
released upon a successful user authentication.
This key in turn encrypts other sensitive user data, the so called
“user secrets”.
In the end, the secrets are always protected via user authentication.
Microsoft Enhanced Cryptographic Provider (ECP).
Design and Services
HP Client Security provides an authentication service to ensure that the user authentication capabilities
extend beyond Windows, and that BIOS and Drive Encryption login pages can participate in user
authentication as well. All communication between the authentication service and authentication
environments occurs at the service layer. The authentication service provides the following functionalities:
Manages the activation and deactivation of the authentication environments (Windows, BIOS, Drive Encryption).
Coordinates the authentication policies and user provisioning data across all authentication environments, thus
facilitating One Step Logon and ensuring that a lockout scenario is avoided.
Enroll users’ credentials.
HP Client Security - Setup Wizard
The HP Client Security setup wizard helps secure access to your computer via a password, a fingerprint
sensor (if available), or the HP SpareKey if a password or other credential is lost. The wizard safeguards
hard drive access and data using HP Drive Encryption for robust information protection. It ensures that
removable media cannot be accessed until authenticated with HP Device Manager with Just-In-Time
Authentication, and even then the access is granted for a limited time. The wizard also enforces the default
setting of Windows logon authentication and places the HP File Sanitizer icon
on the desktop.