Intel D915GAG, D915GUX, D915GEV, D915GAV manual Security Precautions, Password Procedures

Intel Desktop Board D915GEV/D915GUX/D915GAV/D915GAG Product Guide

Security Precautions

Security, like any other aspect of computer maintenance requires planning. What is unique about security has to do with understanding who "friends" and adversaries are. The TPM provides mechanisms to enable the owner/user to protect their information from adversaries. To provide this protection the TPM effectively puts "locks" around the data. Just like physical locks, if keys or combinations are lost, the assets (i.e., data) may be inaccessible not only to adversaries, but also to asset owner/user.

The TPM provides two classes of keys: migratable and non-migratable. Migratable keys are designed to protect data that can be used (i.e., unencrypted) on more than one platform. This has the advantage of allowing the key data to be replicated (backed-up and restored) to another platform. This may be because of user convenience (someone uses more than one platform, or the data needs to be available to more than one person operating on different platforms). This type of key also has the advantage in that it can be backed-up and restored from a defective platform onto a new platform. However, migratable keys may not be the appropriate level of protection (e.g., the user wants the data restricted to a single platform) needed for the application. This requires a non- migratable key. Non-migratable keys carry with them a usage deficit in that while the key may be backed-up and restored (i.e., protected from hard disk failure) they are not protected against system or TPM failure. The very nature of a non-migratable key is that they can be used on one and only one TPM. In the event of a system or TPM failure, all non-migratable keys and the data associated with them will be inaccessible and unrecoverable.

CAUTION

The following precautions and procedures may assist in recovering from any of the previously listed situations. Failure to implement these security precautions and procedures may result in unrecoverable data loss.

Password Procedures

The Infineon Security Platform software allows users to configure passwords from 6 to 255 characters.

A good password should consist of:

•At least one upper case letter (A to Z)

•At least one numerical character (0 to 9)

•At least one symbol character (!, @, &, etc.)

Example Passwords: “I wear a Brown hat 2 worK @ least once-a-month” or “uJGFak&%)adf35a9m”

NOTE

Avoid using names or dates that can be easily guessed such as: birthdays, anniversaries, family member names, pet names, etc.

All passwords associated with the Infineon Security Platform software (Owner, Emergency Recovery Token, and User passwords) and the Wave Systems EMBASSY Trust Suite are NOT RECOVERABLE and cannot be reset without the original text. The system owner should document all passwords, store them in a secured location (vault, safe deposit box, off-site storage, etc.), and have them available for future use. These documents should be updated after any password changes.

64