Wave Systems Corp. (fka WAVXQ)

[reach567]

Vista & TPMs

http://www.microsoft.com/technet/windowsvista/evaluate/overvw.mspx#EFAA

Here's an excerpt:

Network Access Protection
Windows Vista includes an agent that can prevent a client from connecting to your internal network if the client lacks current security updates, lacks virus signatures, or otherwise fails to meet your security criteria. Network Access Protection can be used to protect remote access clients as well as local area network (LAN) connections. The agent reports Windows Vista client health status (such as having current updates and up-to-date virus signatures installed) to the server-based network access protection enforcement service, which determines whether to grant the client access to the internal network or to restrict it to a protected network. The client functionality is dependent on the Network Access Protection infrastructure, which will be included with Windows Server "Longhorn".

Platform Improvements
Windows Vista's authentication capabilities are more flexible, providing a variety of choices for customized authentication mechanisms such as fingerprint scanners and smart cards. Deployment and management tools, such as self-service personal identification number (PIN) reset tools, make smart cards easier to manage and deploy. Smart cards can now be used to log on to Windows Vista, too. Further, Windows Vista enables authentication using Internet Protocol version 6 (IPv6) or Web services.

Certificate enrollment is made easier because Windows Vista includes Credential Manager enhancements that enable backing up and restoring credentials stored on the local computer. The new Digital Identity Management Service (DIMS) provides certificate and credential roaming within an Active Directory forest and end-to-end certificate life cycle management scenarios.

Windows Vista's auditing capabilities make it easier to track what users do. Auditing categories now include multiple subcategories, reducing the number of irrelevant events. Windows Vista integrated audit event forwarding collects and forwards critical audit data to a central location, enabling enterprises to better organize and analyze audit data.


Multi-Tiered Data Protection
Theft or loss of corporate intellectual property is an increasing concern for organizations. Windows Vista has improved support for data protection at the document, file, directory, and machine levels. The integrated Rights Management client allows organizations to enforce policies around document usage. The Encrypting File System, which provides user-based file and directory encryption, has been enhanced to allow storage of encryption keys on smart cards, providing better protection of encryption keys. In addition, the new secure startup enterprise feature adds machine-level data protection. It provides full volume encryption of the system volume, including Windows system files and the hibernation file, which helps protect data from being compromised on a lost, stolen OR RECYCLED machine. In order to provide a solution that is easy to deploy and manage, a Trusted Platform Module (TPM) 1.2 chip is used to store the keys that encrypt and decrypt sectors on the Windows hard drive. It requires the TPM and an enterprise management infrastructure to ensure that the feature is easy to use for end users.