InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
5,421.10
(
1.44%
)
US TECH 100
18,472.80
(
2.31%
)
Dow Jones
39,669.44
(
0.79%
)
Brent Oil
80.43
(
-1.45%
)
Bitcoin
61,386.39
(
3.42%
)

Replies to post #137392 on Wave Systems Corp. (fka WAVXQ)

Replies to #137392 on Wave Systems Corp. (fka WAVXQ)
icon url

awk

02/09/07 10:46 AM

#137394 RE: Elan Vital #137392

Elan Vital: "I thought security was at the desktop"

Wave provides tools to manage the IT infrastructure.
A client side platform (desktop, laptop) are access points to the network. These access points need to be secure i.e they need to behave as set in IT policies. The IT department must be in a position so that they know that clients accessing the network are authorized to access.

The TPM is the device (the container of the core-root-of-trust) that provides the "mechansims to be trustworthy" on the client side. The TPM provides the information to the server that not only the acessing platform is a "secure" platform, moreover it provides the server with a report of intalled features (measurement, hash) that the server can evaluate and then make decisions whether to allow the client to get/provide the information it wants to.

So, there are two ways to configure the client side platform:

1. Everything is done on the client side (desktop, notebook) and the end user of that client platform configures the desktop/notebok. The end user sets the policies whether to use biometrics, smartcard or PIN or any combination of the three. the end user is responsible to make and keep a back-up of the TPM info. So, it's a stand-alone system.

As you can easily see this, the larger the company, will invariably lead to difficult if not catastrophic events; the user my forget to back-up, and the end user defined policies could be anything.

2. Central management of IT policies and services is therefore the corner stone of a manageable network. The IT group can set policies in any which way. They can have a certain set of policies for different subsidiaries, hey can set different IT policies for different departments etc.

Additionally, using the example of FDE hard drives the IT department centrally controls the preboot mechanisms for the FDE drive, it makes sure that the client side user can not inadvertantly erase the data on the FDE drive and TPM backup is automatically done in the background. The IT department can also determine if and what the end user is allowed to manage on the client side, everything, some of it, or nothing etc...


Like your cell phone, the networked and "secure" PC of the future will be managed - in a certain way - like your cell phone. The difference being that the IT department sets the policies and not the service provider.

Hope this helps.






icon url

scorpio_esq

02/09/07 11:56 AM

#137399 RE: Elan Vital #137392

No-one else would be physically in control of the remote administration server console. And the person who was, would have to authenticate him-, herself.