If implemented correctly, passwords provide good baseline security. However, in order to protect
sensitive data, stronger authentication is required.
Pros Cons
Broad acceptance Lost passwords can be costly
No learning curve Easier to compromise
Universally deployed Strong (complex)password policies adversely affect usability
TPM embedded security chip authentication
A Trusted Platform Module (TPM) is a cryptographic security chip embedded in a computing client,
and can protect digital credentials and perform cryptographic functions. The TPM was conceptualized
and designed primarily for device authentication, and while the TPM is not inherently a user
authentication device, HP has enabled user authentication using the TPM. HP ProtectTools technology
builds on industry standards set by the Trusted Computing Group (TCG) and uses the TPM for strong
user authentication in the pre-boot environment as well as with the OS, in addition to the device
authentication function.
TPM-enhanced pre-boot user authentication allows an administrator to set a pre-boot user
authentication policy utilizing the TPM and the user’s TPM basic user key password. When such a
policy is enabled, the BIOS will prompt the user for their personalized TPM authentication data when
the computer is booted (instead of using a commonly shared BIOS system startup password) and then
use the TPM to validate the authentication data. Upon successful authentication, the BIOS will proceed
through system startup and ultimately boot to the operating system.
HP also utilizes TPM authentication to enhance Drivelock security, by utilizing the TPM to generate a
strong 2048 bit Drivelock password. In addition to improving security, this feature also improves
overall system usability as authenticating to the TPM during boot also unlocks Drivelock, effectively
linking the hard drive to the platform.
TPMs lend themselves to easy integration with PKI
2
deployments and provide functionality such as
email signing and data encryption.
Pros Cons
Can enable stronger device and user authentication Lost TPM passwords can be costly
Integrated into clients User credentials are not portable
Enhanced hardware based security for encrypted data
Smart card authentication
Smart cards combine two factors, possession and knowledge, and in doing so, provide a higher level
of security compared to authentication devices that use only a single factor. In the case of smart
cards, authentication requires that the user be in possession of the smart card and know the secret
PIN unique to that smart card.
With smart card authentication, unauthorized access can be prevented by keeping the smart card
separate from the system. Smart Card Security for HP ProtectTools adds a further layer of protection
2
Public Key Infrastructure (PKI): Technology that employs encryption to help protect and secure communications and data transfer over the
Internet.
4
To Next Page
Loading...
Need help?
General