HP Client Security Commercial Managed IT Software Technical whitepaper

ManualsBrandsHP ManualsDesktopsHP EliteBook Revolve 810 G2 Tablet

HP Client Security Technical Whitepaper

August 2016

747889-002

HP Security Strategy 12

Table 3 Identity Protection Security Features

Layer

Identity protection

Description

BIOS Security

Power-on

Authentication

(See HP Client Security

– Manageability

Options on page 14)

Requires users to authenticate themselves when turning on the

computer before the operating system or any other software will

start.

Enhanced Pre-boot

Security

Additional pre-boot security capabilities consisting of multiple

users in the BIOS identified with their Windows credentials,

fingerprint reader reset, and HP One Step Logon.

Software-based

HP Credential

Manager

(See HP Client Security

– Manageability

Options on page 14)

Supports multiple authentication methods and two-factor

authentication policies:

 Windows Password

 Integrated Fingerprint Reader sensor

 Smart Card* (CSP, PKCS11 standards) with integrated Smart

Card reader or Smart Card keyboards

 Contactless / Proximity Card* (HID iCLASS and Proximity, MiFare

Classic 1K, 4K, and Mini) with supported card readers (OMNIKEY

readers, e.g. 5321, 5325)

 Bluetooth (mobile phone device)

 PIN

*Cards and middleware required and not included.

HP Password

Manager

Allows a user to conveniently use unique usernames and

passwords for websites and applications.

After the user identifies themselves with any enrolled credential,

Password Manger enters the appropriate account information on

their behalf.

HP SpareKey

(See HP Client Security

– Manageability

Options on page 14)

Allows users to securely log into their PC if they forget their

password, lose their smart card, or cannot use their fingerprint to

 Supports custom SpareKey questions in addition to the 10 pre-

defined questions.

 Eliminates the need for the end user to call the Help Desk to

reset their password.

 When used, HP SpareKey will start the Windows password

reset process.

 HP SpareKey support available in HP Drive Encryption and

Windows.

HP One Step Logon

Authenticate once at the first login prompt and the PC will

continue booting the user through Windows login without

requiring any additional authentication.

 One Step Logon supports Power-On Authentication, HP Drive

Encryption, and Windows.

Hardware-based

Smart Card Readers

An ISO7816 standards-based Smart Card Reader is an integration

option for HP Business Notebooks. Smart Card Keyboards are

available as an HP accessory option for HP Business Desktops. All

Smart Card readers are FIPS 201 compliant.