Seagate ST500LM020 Guía de usuario descargar pdf (Pagina 18)

TPM Lifecycle Management | Wave Systems Corp.  2012

ESC 2.9.5 Client Manual

4.2. Wave Cryptographic Service Providers (CSPs)

The following CSPs are made available on the client, and can be selected when making an advanced

certificate request to a Microsoft Certificate Authority (CA). For information on how to enforce the use

of a Wave CSP (to enforce the use of a TPM to access a resource), refer to the ERAS manual on the

section dealing with TPM central management.

Wave TCG-Enabled CSP

This CSP is the 'standard' Wave CSP used for generating TPM keys and related functions unless one of

the below apply. The Wave TCG-Enabled CSP also must be used if a use case for VPN authentication

requires a user to login to the VPN prior to logging into Windows.

Wave TCG-Enabled Strong Authentication CSP

This CSP is very similar to the "Wave TCG Enabled CSP" with the following exceptions:

1. All Keys created with this CSP are always password protected.

2. This CSP will never store the individual TPM key password in the Wave Password Vault.

3. This CSP must be used for password protected keys with Microsoft VPN. A protected key is one that

uses a pin.

4. This CSP must be used for Wave’s TPM PKI logon.

Wave TCG Enabled SChannel CSP

This CSP uses the "Microsoft RSA SChannel Cryptographic Provider" as a pass-through CSP so that it can

work with SSL based applications (For locating the private key in the SSL connection).

4.3. Wave Key Service Providers (KSPs)

The Wave KSP is another mechanism to provide advanced authentication through the TPM, but it

supports access through the Microsoft Cryptography Next Generation (CNG) API. A KSP is necessary for

Direct Access authentication, and the Wave KSP can be configured with Direct Access to provide TPM

based authentication to Direct Access resources. This guide is limited to explaining how to access the

KSP. Please refer to Microsoft documentation for instructions on setting up Direct Access authentication

using a KSP. Information on Direct Access can be found at

http://technet.microsoft.com/en-

us/network/dd420463 and instructions to set up a Direct Access test lab are found at

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=24144.

The KSPs have a couple of pre-requisites before they can be used:

1. The TPM must be activated and owned.

2. ESC must have a supported TSS.

3. A supported Microsoft Windows operating system:

a. Windows 7 - Supports Microsoft DirectAccess and KSP.

b. Windows Vista – KSP only.

NOTE: Windows XP does *not* support either KSP or Direct Access.

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 62 63

Sin comentarios

Seagate ST500LM020 Guía de usuario Pagina 18