HP Nc6220 HP ProtectTools: Authentication technologies and suitability to task - Page 4

TPM embedded security chip authentication, Smart card authentication - hard drive

Get HP Nc6220 - Compaq Business Notebook PDF manuals and user guides View all HP Nc6220 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 4 highlights

If implemented correctly, passwords provide good baseline security. However, in order to protect sensitive data, stronger authentication is required. Pros Broad acceptance No learning curve Universally deployed Cons Lost passwords can be costly Easier to compromise Strong (complex)password policies adversely affect usability TPM embedded security chip authentication A Trusted Platform Module (TPM) is a cryptographic security chip embedded in a computing client, and can protect digital credentials and perform cryptographic functions. The TPM was conceptualized and designed primarily for device authentication, and while the TPM is not inherently a user authentication device, HP has enabled user authentication using the TPM. HP ProtectTools technology builds on industry standards set by the Trusted Computing Group (TCG) and uses the TPM for strong user authentication in the pre-boot environment as well as with the OS, in addition to the device authentication function. TPM-enhanced pre-boot user authentication allows an administrator to set a pre-boot user authentication policy utilizing the TPM and the user's TPM basic user key password. When such a policy is enabled, the BIOS will prompt the user for their personalized TPM authentication data when the computer is booted (instead of using a commonly shared BIOS system startup password) and then use the TPM to validate the authentication data. Upon successful authentication, the BIOS will proceed through system startup and ultimately boot to the operating system. HP also utilizes TPM authentication to enhance Drivelock security, by utilizing the TPM to generate a strong 2048 bit Drivelock password. In addition to improving security, this feature also improves overall system usability as authenticating to the TPM during boot also unlocks Drivelock, effectively linking the hard drive to the platform. TPMs lend themselves to easy integration with PKI2 deployments and provide functionality such as email signing and data encryption. Pros Can enable stronger device and user authentication Integrated into clients Enhanced hardware based security for encrypted data Cons Lost TPM passwords can be costly User credentials are not portable Smart card authentication Smart cards combine two factors, possession and knowledge, and in doing so, provide a higher level of security compared to authentication devices that use only a single factor. In the case of smart cards, authentication requires that the user be in possession of the smart card and know the secret PIN unique to that smart card. With smart card authentication, unauthorized access can be prevented by keeping the smart card separate from the system. Smart Card Security for HP ProtectTools adds a further layer of protection 2 Public Key Infrastructure (PKI): Technology that employs encryption to help protect and secure communications and data transfer over the Internet. 4

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
If implemented correctly, passwords provide good baseline security. However, in order to protect
sensitive data, stronger authentication is required.
Pros
Cons
Broad acceptance
Lost passwords can be costly
No learning curve
Easier to compromise
Universally deployed
Strong (complex)password policies adversely affect usability
TPM embedded security chip authentication
A Trusted Platform Module (TPM) is a cryptographic security chip embedded in a computing client,
and can protect digital credentials and perform cryptographic functions. The TPM was conceptualized
and designed primarily for device authentication, and while the TPM is not inherently a user
authentication device, HP has enabled user authentication using the TPM. HP ProtectTools technology
builds on industry standards set by the Trusted Computing Group (TCG) and uses the TPM for strong
user authentication in the pre-boot environment as well as with the OS, in addition to the device
authentication function.
TPM-enhanced pre-boot user authentication allows an administrator to set a pre-boot user
authentication policy utilizing the TPM and the user’s TPM basic user key password. When such a
policy is enabled, the BIOS will prompt the user for their personalized TPM authentication data when
the computer is booted (instead of using a commonly shared BIOS system startup password) and then
use the TPM to validate the authentication data. Upon successful authentication, the BIOS will proceed
through system startup and ultimately boot to the operating system.
HP also utilizes TPM authentication to enhance Drivelock security, by utilizing the TPM to generate a
strong 2048 bit Drivelock password. In addition to improving security, this feature also improves
overall system usability as authenticating to the TPM during boot also unlocks Drivelock, effectively
linking the hard drive to the platform.
TPMs lend themselves to easy integration with PKI
2
deployments and provide functionality such as
email signing and data encryption.
Pros
Cons
Can enable stronger device and user authentication
Lost TPM passwords can be costly
Integrated into clients
User credentials are not portable
Enhanced hardware based security for encrypted data
Smart card authentication
Smart cards combine two factors, possession and knowledge, and in doing so, provide a higher level
of security compared to authentication devices that use only a single factor. In the case of smart
cards, authentication requires that the user be in possession of the smart card and know the secret
PIN unique to that smart card.
With smart card authentication, unauthorized access can be prevented by keeping the smart card
separate from the system. Smart Card Security for HP ProtectTools adds a further layer of protection
2
Public Key Infrastructure (PKI): Technology that employs encryption to help protect and secure communications and data transfer over the
Internet.
4