BIIM Support     Overview Installation Using the BIIM MFA Authentication - TPM - Biometrics - SmartCards / Tokens Windows Client Logon Single Sign On Secure eWallet Document Manager Managing My Identity BioCert BIIM Settings AD & LDAP Integration

BioCert® Intelligent Identity Manager Support

Trusted Platform Module

The Trusted Platform Module (TPM) provides the ability to run the system or applications more securely and makes communications more trustworthy.

A TPM provides the first level of trust by hardening the base platform and system software in the following areas:

• Protected Storage– Hardware-protected storage of sensitive data that may include user passwords, certificates and other credentials
• Platform Authentication– Attestable authentication of the platform that ensures that the platform is secure
• Protected Cryptographic Processes– Hardware-protected key generation, random number generation, and hash and digital signature
• Platform Trust State– Ability to communicate the attestable trust state of the platform

The following topic sections provide additional information about TPM functionality supported in BioCert® Identity:

Configuring TPM Authentication

To configure the TPM authentication method:

1. In BioCert® Identity, select Authentication and Credentials.
2. Select Credentials tab.
3. In the list of authentication methods, select TPM Authentication and the click Properties.
4. In TPM Authentication Properties dialog box, configure the desired settings, and then click OK to save the changes.

Registering TPM

Important
The Trusted Platform Module must be initialized prior to registering TPM credentials. The initialization is performed outside the BioCert® Identity, usually by Security Platform Settings tools provided by Infineon or HP.

To register a Trusted Platform Module (TPM):

1. In BioCert® Identity, select My Identity.
2. Select Register Credentials. The BioCert® Registration Wizard is displayed.
3. On the Authentication Methods dialog box, select the TPM Basic User Key Password, and then select Next.
4. On the Register with Trusted Platform Module dialog box, type your Basic User Key password, and then click Finish.

Using Trusted Platform Module

Logging on to BioCert® Identity using TPM authentication

To log on to BioCert® Identity using a Trusted Platform Module (TPM):

1. Launch the BioCert® Logon Wizard.
2. On the Introduce Yourself screen, type the user name, and then click Next.
3. On the Logon Policy screen, select the TPM Password authentication method, and then click Next.
4. On the Enter TPM Password screen, type your Basic User Key password. After the password is validated, you will be logged on to BioCert® Identity.

Encrypting a user record with TPM

BioCert® Identity encrypts the user data automatically after the TPM is installed and properly initialized.

To verify and change the type of encryption of the user data:

1. In BioCert® Identity, select Settings.
2. Select Security tab.
3. Select the desired type of encryption, and then click OK to save the changes.

Managing a Trusted Platform Module

A Trusted Platform Module (TPM) is managed through the HP Embedded Security Manager for ProtectTools. This tool allows the user to initialize the TPM, manage platform settings, perform migration, obtain current status, and perform other TPM-related operations. Refer to the Embedded Security Manager online help for details.

Note
BioCert® Identity installation does not install the HP Embedded Security Manager for ProtectTools.