Wave Systems Corp. (fka WAVXQ)

[wavxmaster]

'RWK'


I believe that the passage below says it all:

"TPMs provide an endpoint root of trust that allows companies to authorize and then only allow known computers on their network. This means only authorized, company-owned or partner company computers are allowed access to the network.
TPMs provide a unique advantage over other authentication methodologies since they are already deployed on most business class PCs. This represents a substantial cost savings over other technologies like unique key tokens and smart cards, which can cost over $200 per user to deploy. TPMs using third-party management software, such as Wave Systems, also support user authentication such as password and biometrics to access the TPM. Common Access Cards (CAC)/Personal Identity Verification (PIV) cards"



http://www.tscp.org/images/stories/library/APT%20Best%20Practices%20Paper-1%2087%20final%2011-15-2010.pdf


7.
Utilize endpoint security and TPM for higher assurance machine identity authentication and machine health checks
The heart of trusted computing consists of a Trusted Platform Module (TPM), a highly secure chip on the motherboard of personal computers (PCs), which can create and securely store a unique identification number for each device. Trusted computing can be further enhanced when a self-encrypting drive (SED) is added to the PC. Over the past few years, over 400 million Trusted Platform Modules have been shipped inside virtually every business class PC. Today over 90 percent of all platforms include the current version of the TPM specification (TPM 1.2). TPMs are based on an open, international industry standard shared by leading manufacturers through an industry association, the Trusted Computing Group. TPMs are manufactured by a number of leading chip companies including AMD, Broadcom, Infineon, and Intel. All the leading PC manufacturers incorporate TPMs in business class machines including Dell, HP, Toshiba, Acer, Lenovo, Samsung, Sony, Gateway, and Panasonic. TPMs are required by Microsoft Vista and Windows 7 business versions for those customers using BitLocker.
Security of VPNs, email, and many other services that rely on certificates or keys to protect networks or data are greatly enhanced when these items are stored in tamper-resistant hardware (e.g., TPM) rather than in software (e.g., Windows registry). These keys and certificates are non-spoofable and cannot be copied. Recently, the U.S. National Security Agency (NSA) demonstrated at their trusted computing conference that VPN certificates stored in the Windows registry can easily be hacked using readily available software from the Internet. The NSA is now publicly recommending using TPMs to store certificates (http://www.nsa.gov/ia/_files/host_networking_brochure.pdf). When TPM-secured VPN credentials are used with self-encrypting drives, then no additional password is necessary because the device is proved to be managed and an authorized user has been authenticated.
TPMs provide an endpoint root of trust that allows companies to authorize and then only allow known computers on their network. This means only authorized, company-owned or partner company computers are allowed access to the network.
TPMs provide a unique advantage over other authentication methodologies since they are already deployed on most business class PCs. This represents a substantial cost savings over other technologies like unique key tokens and smart cards, which can cost over $200 per user to deploy. TPMs using third-party management software, such as Wave Systems, also support user authentication such as password and biometrics to access the TPM. Common Access Cards (CAC)/Personal Identity Verification (PIV) cards
are also supported for single sign-on in situations where additional authentication is required.