Motion Le1600 Security Features - Motion Computing LE1600 White Paper

Motion LE1600 Security Features

The Motion Tablet PC has several security mechanisms built-in and ready to go for out-of-the-box
protection. They can be enabled using the pre-installed software applications, by developing or
using your own applications, or by installing a third-party application. Most of the built-in security
technologies have software development kits available for custom development. Motion's
technology partners also have business relationships with many third-party software vendors that
have already developed or qualified the Motion Tablet PC for use with their applications.
Fingerprint Reader
The Motion Tablet PC includes a built-in fingerprint reader. Biometric authentication has two
primary advantages over usernames and passwords. First, it is more difficult to hack a fingerprint
than a password. Second, users don't have to worry about forgetting passwords and calling the
IT department. Using passwords and biometric authentication together is more powerful than
using either option by itself.
With the fingerprint reader you can securely and conveniently identify yourself with your
fingerprint to applications requesting user authentication. The Motion OmniPass software
application enables you to use the fingerprint for Windows logon, VPN authentication, file and
folder encryption, and various web-based authentication requests.
Trusted Platform Module (TPM)
Motion's tablets also include a built-in Trusted Computing Group 1.1b compliant TPM. The TPM
is a self contained, secure micro-controller that is attached to the tablet PC motherboard. When
enabled and configured, it provides the core level of trust for the platform security. It does this by
storing sensitive data within the chip, instead of in the more vulnerable hard drive, providing
authentication for the platform, protecting cryptographic functions, and communicating the
attestable trust state of the platform. For example, an organization's security policy may require
all machines that access the network to have a registered TPM. This prevents unknown
machines from accessing the network and sensitive data. If you use a digital certificate to sign
and encrypt email, you can store the keys for the certificate in the TPM.
The TPM can integrate with most secure applications that use Public Key Infrastructure (PKI)
solutions through the Microsoft CryptoAPI or PKCS#11 interface. It uses 2048 bit RSA
encryption to protect keys and secrets.
With the Motion OmniPass software application, you can use the TPM to enable strong
encryption algorithms as well as for user and platform authentication. The Infineon TPM software
application provides a personal encrypted hard drive partition and various maintenance functions.
Some other applications that are also strengthened by the TPM include Check Point VPN/FW,
Entrust Enterprise PKI Solution, Internet Explorer, Adobe Acrobat, Verisign PKI, RADIUS EAP,
Netscape, NS Messenger Sun ONE PKI, and PGP.
Data Execution Prevention (DEP) and Execute Disable
DEP, a built-in OS level software technology, and Execute-Disable, a CPU hardware feature,
enables stronger memory-protection policies to help prevent malicious code from executing in the
data page segment of memory. The technology can help prevent block viruses and malicious
code from taking advantage of exception-handling mechanisms in Windows. The Intel chipset
combined with Windows XP Tablet PC Edition 2005 makes this technology available to every
customer.
BIOS Level Security
The Motion tablet PC BIOS has several security features. The BIOS is built-in software that is
separate from the operating system. It controls the keyboard, display screen, disk drives, as well
as communication devices. If the operating system is damaged, the computer will still be able to
Customer Whitepaper: Motion Tablet PC Security Basics, Rev A03 Page 6