HP Client Security Commercial Managed IT Software Technical whitepaper
HP Client Security Technical Whitepaper
August 2016
747889-002
© Copyright 2016 HP Development Company, L.P.
Appendix A - Frequently Asked Questions 35
16 Appendix A - Frequently Asked
Questions
Q. What authentication technologies are supported by HP Client Security?
A. HP Client Security Manager is a security platform that has been designed to easily grow with the user's needs. It supports
the following authentication technologies currently, but may support additional technologies as they become available.
Password
Fingerprint
Smart Card, Contactless Card, Proximity Card
Bluetooth
PIN
Q. How does Smart Card security compare to fingerprint security?
A. HP Client Security supports both Smart Card authentication and fingerprint authentication. Since both devices store
secrets using hardware protection, they have similar levels of security. Smart cards may be a better fit for large
organizations with the infrastructure to support creation and enrollment of certificates. Smaller organizations may prefer
the convenience of fingerprint authentication.
HP business notebooks offer both integrated Smart Card readers as well as integrated fingerprint reader sensors. HP’s
fingerprint sensors provide higher security than many external fingerprint scanners. This higher security includes an on-
sensor credential vault and on-sensor match before credential release. Smart cards store credentials on the card and use a
PIN to release the credentials.
NOTE: A very high level of security can be achieved by requiring both Smart Card AND fingerprint authentication for access
to critical assets.
Q. Is there a cost associated with HP Client Security?
A. HP Client Security and security modules are available as standard security features on most business PC’s.
Q. Can Smart Cards be used for pre-boot authentication?
A. Smart cards are not supported in BIOS. However, Drive Encryption login has select Smart Card support.
Q. How can I tell if my PC contains a TPM embedded security chip?
In general, if the PC contains a TPM embedded security chip, it will be listed in the Windows Device Manager, under the
category Security Devices. On business PC’s, the TPM embedded security chip will be listed as Infineon Trusted Platform
Module. However, TPM may be hidden/disabled in BIOS.
Q. Regarding the TPM chip itself, does it store any user specific information? If so, how can I clear it?
A. No. The TPM can be cleared via F10 Computer Setup Menu to return to factory default/cleared state.
Q. How does Credential Manager differ from other single sign-on solutions?
A. Most technologies and features provided by HP Client Security Manager are individually available. The value of HP Client
Security is that it brings these technologies together in a single, easy to use security solution. As an HP Client Security core
component, the features provided by Credential Manager are integrated into HP Client Security and work with the user
authentication features of HP Client Security. Additionally, 2-factor authentication can be enforced depending on what level
of security is required. Additionally, authentication in the pre-boot environment only supports a single factor, however the
user must still provide both factors before logging into Windows.
Q. Does Credential Manager for HP Client Security support multiple users on a single client device?
A. Yes.