Lenovo ThinkVantage Client Security Solution 8.3 User Manual download pdf (Page 27)

ThefollowingdiagramprovidesthestructurefortheSystemLevelKey:

System Level Key Structure - Take Ownership

Trusted Platform Module

Encrypted via derived AES Key

Storage Root Private Key

Storage Root Public Key

System Leaf Private Key

System Base Private Key

System Leaf Public Key

System Base Public Key

System Base Private Key

System Base Public Key

If Passphrase

loop n times

CSS Admin PW/PP

One-Way Hash

System Base AES

Protection Key

(derived via output

of hash algorithm)

Auth

Figure1.SystemLevelKeyStructure-TakeOwnership

EnrollUser

Inordertohaveeachuser’sdataprotectedbythesameTrustedPlatformModule,eachuserwillhavetheir

ownuserbasekeycreated.Thisasymmetricstoragekeycanbemigratedandisalsocreatedtwiceand

protectedbyasymmetricAESKeygeneratedfromeachuser’sWindowspasswordorClientSecurity

passphrase.

ThesecondinstanceoftheUserBaseKeyisthenimportedintotheTrustedPlatformModuleandprotected

bythesystemSRK.WiththeUserBaseKeycreated,asecondaryasymmetrickeycalledtheUserLeafKey

iscreated.TheUserLeafKeyprotectsindividualsecretssuchasthePasswordManagerAESKeyusedto

protectinternetlogoninformation,passwordusedtoprotectdata,andtheWindowspasswordAESKey

usedtoprotecttheaccesstotheoperatingsystem.AccesstotheUserLeafKeyiscontrolledbytheuser’s

WindowspasswordorClientSecuritySolutionpassphraseandisautomaticallyunlockedduringlogon.

Chapter3.WorkingwithClientSecuritySolution21

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 85 86

No comments

Lenovo ThinkVantage Client Security Solution 8.3 User Manual Page 27