Manualshelf

HP Client Security Commercial Managed IT Software

ManualsBrandsHP ManualsDesktopsHP EliteBook 820 G1 Notebook PC
11121314151617181920
11
Generate a PKI key pair to be used by the authentication service in conjunction with cryptographic functions.
Generate the PKI and symmetric keys (UUK) upon enrolling a user. The UUK is not stored in the clear or simply
obfuscated on the hard drive. The key is always protected via a credential. User’s Windows password is used to
derive a key that is then used to encrypt the UUK. Additiionally, the key is either encrypted as with the Smart
Card or securely stored in the authentication device as with the secure fingerprint reader. The UUK is only
released upon a successful user authentication. This key in turn encrypts other sensitive user data, the so called
“user secrets”. In the end, the secrets are always protected via user authentication.
Microsoft Enhanced Cryptographic Provider (ECP).
Design and Services
HP Client Security provides an authentication service to ensure that the user authentication capabilities
extend beyond Windows, and that BIOS and Drive Encryption login pages can participate in user
authentication as well. All communication between the authentication service and authentication
environments occurs at the service layer. The authentication service provides the following functionalities:
Manages the activation and deactivation of the authentication environments (Windows, BIOS, Drive Encryption).
Coordinates the authentication policies and user provisioning data across all authentication environments, thus
facilitating One Step Logon and ensuring that a lockout scenario is avoided.
Enroll users’ credentials.
HP Client Security - Setup Wizard
The HP Client Security setup wizard helps secure access to your computer via a password, a fingerprint
sensor (if available), or the HP SpareKey if a password or other credential is lost. The wizard safeguards
hard drive access and data using HP Drive Encryption for robust information protection. It ensures that
removable media cannot be accessed until authenticated with HP Device Manager with Just-In-Time
Authentication, and even then the access is granted for a limited time. The wizard also enforces the default
setting of Windows logon authentication and places the HP File Sanitizer icon on the desktop.