Manual
Table Of Contents
- Preface
- Chapter 1. Overview
- Chapter 2. Installation
- Chapter 3. Working with Client Security Solution
- Chapter 4. Working with ThinkVantage Fingerprint Software
- Chapter 5. Working with Lenovo Fingerprint Software
- Chapter 6. Best Practices
- Deployment examples for installing Client Security Solution
- Switching Client Security Solution modes
- Corporate Active Directory rollout
- Standalone Install for CD or script files
- System Update
- System Migration Assistant
- Generating a certificate using key generation in the TPM
- Using USB fingerprint keyboards with 2008 ThinkPad notebook computer models (R400/R500/T400/T500/W500/X200/X301)
- Appendix A. Special considerations for using the Lenovo Fingerprint Keyboard with some ThinkPad notebook models
- Appendix B. Synchronizing password in Client Security Solution after the Windows password is reset
- Appendix C. Using Client Security Solution on a reinstalled Windows operating system
- Appendix D. Using the TPM on ThinkPad notebook computers
- Appendix E. Notices
- Glossary
Glossary
Administrator(ThinkCentre)/Supervisor(ThinkPad)
BIOSPassword
Theadministratororsupervisorpasswordisused
tocontroltheabilitytochangeBIOSsettings.This
includesthecapabilitytoenableordisablethe
embeddedsecuritychipandtocleartheStorage
RootKeystoredwithintheTrustedPlatformModule.
AdvancedEncryptionStandard(AES)AdvancedEncryptionStandardisasymmetric
keyencryptiontechnique.TheU.S.Government
adoptedthealgorithmasitsencryptiontechnique
inOctober2000,replacingtheDESencryptionit
used.AESoffershighersecurityagainstbrute-force
attackthanthe56-bitDESkeys,andAEScanuse
128,192and256-bitkeys,ifnecessary.
CryptographysystemsCryptographysystemscanbebroadlyclassied
intosymmetric-keyencryptionthatuseasingle
keythatbothencryptsanddecryptsthedata,and
Public-keyencryptionthatusetwokeys,apublic
keyknowntoeveryoneandaprivatekeythatonly
theownerofthekeypairhasaccessto.
EmbeddedSecurityChip
Theembeddedsecuritychipisanothernamefora
TrustedPlatformModule.
Public-key/Asymmetric-keyencryption
Public-keyalgorithmstypicallyuseapairoftwo
relatedkeys—onekeyisprivateandmustbekept
secret,whiletheotherismadepublicandcan
bewidelydistributed;itshouldnotbepossible
todeduceonekeyofapairgiventheother.The
terminologyof"public-keycryptography"derives
fromtheideaofmakingpartofthekeypublic
information.Thetermasymmetric-keycryptography
isalsousedbecausenotallpartiesholdthesame
information.Inasense,onekey"locks"alock
(encrypts);butadifferentkeyisrequiredtounlock
it(decrypt).
StorageRootKey(SRK)Thestoragerootkey(SRK)isa2,048-bit(orlarger)
publickeypair.Itisinitiallyemptyandiscreated
whentheTPMownerisassigned.Thiskeypair
neverleavestheembeddedsecuritychip.Itisused
toencrypt(wrap)privatekeysforstorageoutside
theTrustedPlatformModuleandtodecryptthem
whentheyareloadedbackintotheTrustedPlatform
Module.TheSRKcanbeclearedbyanyonethat
hasaccesstotheBIOS.