Tpm Embedded Security Chip Authentication; Smart Card Authentication - HP Compaq NC4010 Security Manual

If implemented correctly, passwords provide good baseline security. However, in order to protect
sensitive data, stronger authentication is required.
Pros
Broad acceptance
No learning curve
Universally deployed

TPM embedded security chip authentication

A Trusted Platform Module (TPM) is a cryptographic security chip embedded in a computing client,
and can protect digital credentials and perform cryptographic functions. The TPM was conceptualized
and designed primarily for device authentication, and while the TPM is not inherently a user
authentication device, HP has enabled user authentication using the TPM. HP ProtectTools technology
builds on industry standards set by the Trusted Computing Group (TCG) and uses the TPM for strong
user authentication in the pre-boot environment as well as with the OS, in addition to the device
authentication function.
TPM-enhanced pre-boot user authentication allows an administrator to set a pre-boot user
authentication policy utilizing the TPM and the user's TPM basic user key password. When such a
policy is enabled, the BIOS will prompt the user for their personalized TPM authentication data when
the computer is booted (instead of using a commonly shared BIOS system startup password) and then
use the TPM to validate the authentication data. Upon successful authentication, the BIOS will proceed
through system startup and ultimately boot to the operating system.
HP also utilizes TPM authentication to enhance Drivelock security, by utilizing the TPM to generate a
strong 2048 bit Drivelock password. In addition to improving security, this feature also improves
overall system usability as authenticating to the TPM during boot also unlocks Drivelock, effectively
linking the hard drive to the platform.
TPMs lend themselves to easy integration with PKI
email signing and data encryption.
Pros
Can enable stronger device and user authentication
Integrated into clients
Enhanced hardware based security for encrypted data

Smart card authentication

Smart cards combine two factors, possession and knowledge, and in doing so, provide a higher level
of security compared to authentication devices that use only a single factor. In the case of smart
cards, authentication requires that the user be in possession of the smart card and know the secret
PIN unique to that smart card.
With smart card authentication, unauthorized access can be prevented by keeping the smart card
separate from the system. Smart Card Security for HP ProtectTools adds a further layer of protection
Public Key Infrastructure (PKI): Technology that employs encryption to help protect and secure communications and data transfer over the
2
Internet.
Cons
Lost passwords can be costly
Easier to compromise
Strong (complex)password policies adversely affect usability
2 deployments and provide functionality such as
Cons
Lost TPM passwords can be costly
User credentials are not portable
4