Wave Systems Corp. (fka WAVXQ)

[reach567]

Does the bolded phrase mean that Waves' KTM Enterprise AD product will be subsumed by Microsoft AD?

Hopefully, corporations and government feel it's worth while to spend the $10,000 for Wave's KTM in the meantime.


http://www.microsoft.com/technet/windowsvista/evaluate/feat/secfeat.mspx


Feature Description
Theft or loss of corporate intellectual property is an increasing concern for organizations. Windows Vista has improved support for data protection at the document, file,directory, and machine level. The integrated Rights Management client allows organizations to enforce policies around document usage. The Encrypting File System, which provides user-based file and directory encryption, has been enhanced to allow storage of encryption keys on Smart Cards, providing better protection of encryption keys. In addition, the new secure startup enterprise feature adds machine-level data protection. On a computer with appropriate enabling hardware, it provides full volume encryption of the system volume, including Windows system files and the hibernation file, which helps protect data from being compromised on a lost or stolen machine. In order to provide a solution that is easy to deploy and manage, a Trusted Platform Module (TPM) 1.2 chip is used to store the keys that encrypt and decrypt sectors on the Windows hard drive. It requires the TPM and an enterprise management infrastructure to ensure that the feature is easy to use for end users.

Secure Startup's full volume encryption seals the symmetric encryption key in a Trusted Platform Module (TPM) 1.2 chip. A TPM chip is a hardware component available in some newer computers that stores keys, passwords, and digital certificates.

Secure Startup also stores measurements of core operating system files in a TPM chip. Every time the computer is started, Windows Vista verifies that the operating system files have not been modified in an offline attack. An offline attack is a scenario where an attacker boots an alternative operating system in order to gain control of the system. If the files have been modified, Windows Vista alerts the user and refuses to release the key required to access Windows. The system then goes into a recovery mode, prompting the user to provide a recovery key to allow access to the boot volume.

Recovery mode is also used if a disk drive is transferred to another system. Recovery mode requires a recovery key that is generated when Secure Startup is enabled, and that key is specific to one machine. As a result, Secure Startup is intended for enterprises with a management infrastructure in place to store the recovery keys, such as Active Directory. Otherwise, there is the potential for data loss if a computer fails and its drive is moved to another computer and the recovery key is not available.