Manualshelf

HP ProtectTools security software 2011 - Technical white paper

ManualsBrandsHP ManualsDesktopsHP ProBook 6460b Notebook PC
12345678910
selected questions. If the answers match, login continues. Upon completion of the login process, the
user is asked to change the login credential with an option to accept or decline.
Answers to HP SpareKey questions are encrypted and cannot be deciphered by an unauthorized
person. The basic process for securing the questions is as follows:
Step 1 Answers to the three questions are concatenated into a single text string, eliminating all
spaces.
Step 2 The single text string is then used to derive an encryption key using a SHA1 hash function.
This encryption key is mathematically unique to the three answers given by the user.
Step 3 The derived encryption key is used to encrypt the login password. The encrypted
password is then stored.
On centrally managed systems, HP Enhanced Pre-Boot Security supports One Time Password (OTP)
access, allowing IT support to recover remote users even if they are not connected.
Neither the answers to the three questions nor the encryption key are stored in memory. The only
way to access the encrypted password is to answer the same three questions with exactly the same
responses used during initial enrollment.
Central Management for HP ProtectTools
Central Management for HP ProtectTools is developed in partnership with DigitalPersona, and is
available in two configurations: DigitalPersona Pro Enterprise and DigitalPersona Pro Workgroup.
Central Management allows administrators to create and deploy role based policies, revoke access
and recover users with lost credentials. DigitalPersona Pro Enterprise is designed for small to medium
businesses and enterprises that use Active Directory. It allows administrators to leverage Active
Directory for maximum scalability. Figure 7 shows the key features of HP ProtectTools with
DigitalPersona Pro. DigitalPersona Pro Workgroup makes central management accessible to smaller
organizations without Active Directory through simplicity of design and deployment, and attractive
per seat cost. DigitalPersona Pro Workgroup is a self-contained solution with no special server
hardware requirements. It makes security easy to deploy by allowing administrators to create role
based policies and implement them within the workgroup. Security keys are managed centrally and
allow the administrator to recover users with lost credentials. DigitalPersona Pro Workgroup can be
accessed directly from HP ProtectTools and can be deployed for up to five users with no per seat cost.
Figure 7. Key features of HP ProtectTools with DigitalPersona Pro