HP ProBook 4325s - Notebook PC Frequently Asked Questions Manual page 23

Q. If a TPM encrypted file is copied moved to a second system which does not have the key to
decrypt the file, what would happen to the file. W ould it remain on the second as an unreadable file
or would it be automatically deleted? W ould the user of the second system be able to delete the file
even if he does not have the decryption keys? Is there a solution to automatically delete such files?
A. This depends on the application being used to move data from one system to the other. If the
application reads the data, repackages it and sends to another platform (say you email an
encrypted file on your system), then the data/ file is typically read/ accessed by your email
program, thereby unencrypting it. N ow the email program may indeed encrypt the data across
the internet if that option is selected, but the TPM is no longer in the picture protecting data. This is
true of any data on your system encrypted by MSFT EFS (Microsoft's Encrypting Filesystem where
TPM can be used to protect the file/ folder encryption keys) and also same for files encrypted
within PSD (" ProtectTools'" Personal Secure Drive). It is possible to have file remain encrypted no
matter where it resides but typically in those types of applications the file is changed. For instance
from " hello.doc" to hello.doc.enc" or some way of showing then that actual file is encrypted and a
separate program must process the file before it's readable.
Q. Regarding the TPM chip itself, does it store any user specific information? If so, how can one
clear it?
A. There is no user data in the TPM, however if required, the TPM can be cleared via F10 BIOS to
return to factory default/ cleared state.
Q. W hat is the Credential Manager module for HP ProtectTools?
A. Please refer to the " Credential Manager for HP ProtectTools" section of the white paper.
Q. How does Credential Manager differ from other single-sign-on solutions?
A. Most technologies and features provided by HP ProtectTools Security Manager are individually
available. The value of HP ProtectTools is that it brings these technologies together into a single
easy to use security solution. As an HP ProtectTools add-on, the features provided by Credential
Manager are integrated into HP ProtectTools and work with the user authentication features of HP
ProtectTools.
Q. Does Credential Manager for HP ProtectTools use the embedded security chip if available?
A. Yes, Credential Manager uses the embedded security chip, if available, to encrypt passwords
stored in the password vault.
Q. Does Credential Manager for HP ProtectTools support multiple users on a single client device?
A. Yes, Credential Manager works on the concept of " identity" . In order to log on to a computer,
a user simply needs to create a Credential Manager ID.
Q. W hat if a user has multiple Microsoft W indows accounts?
A. This would function the same as multiple users on a single PC. The user would have to create a
different identity for each account.
Q. W hat is the difference between user and administrator rights for Credential Manager for HP
ProtectTools?
A. An administrator has full rights to all Credential Manager Configuration options. A user can use
the Credential Manager for authentication and use the single sign-on features, but does not have
access to the Authentication and Credential configuration or the Advanced Settings.
2 3