CAC authentication
Trusted Platform Module Chip or TPM.
The Trusted Platform Module (TPM) chip was introduced in 2003 by the Trusted Computing Group (TCG). It was designed to provide hardware-based security functions, including secure generation and storage of cryptographic keys, to enhance the security of computing devices. The TPM standard has evolved over the years, with TPM 2.0 being released in 2014, offering improved features and capabilities.
It uses the trusted platform module (TPM).
TPM (Trusted Platform Module) chip. The TPM chip holds the BitLocker encryption key (also called the startup key).
Trusted Platform Module (TPM)
system bios
The Trusted Platform Module (TPM) provides several key features, including hardware-based security for cryptographic operations, secure generation and storage of cryptographic keys, and platform integrity verification through remote attestation. TPM enhances system security by ensuring that sensitive data is protected from unauthorized access and tampering. Additionally, it helps in establishing a device's trustworthiness by checking the integrity of the software and hardware during the boot process.
A trusted platform module (TPM) is a chip that handles FDE (full-disk encryption) and other encryption-based security on a computer. It is primarily used in operating systems such as Windows 7 and 8 with the advent of BitLocker, which if enabled will disallow you from using the hard disk in another computer.
Two names for the database that holds digital signatures provided by an operating system are the "Trusted Platform Module (TPM)" and the "Certificate Store." The TPM is a hardware component that securely stores cryptographic keys and digital signatures, while the Certificate Store is a software repository used to manage and validate digital certificates and signatures within the OS.
The Trusted Platform Module (TPM) chip designed by the TCG (Trusted Computing Group), it stores passwords, encryption keys and digital certificates. Pros: -Provides added security in case your laptop got lost or stolen, the above average joe won't be able to get into it. - Data stored on your hard-drive can be encrypted, again the above average joe won't be able to access the content of drive of your stolen laptop. -With SSO(Single Sign-On) you don't have to remember a ton of complicated passwords anymore, let your fingerprint be your identity. Cons: -with DRM (Digital Rights Mgmt) being worked on by the same group, it's a matter of time that they merge the two; which means that sofware and hardware vendors will have the possibility to constantly have be looking over your shoulder. - It all comes that to a trust issue. Are we going to trust these companies to protect us just because they are nice guys or are they doing it to increase their bottom line. You decide, meanwhile TPM is being installed on most laptop shipped since 2006. I must add the feature needs to be turn on by the user(owner). it's going mobile as well.
Platform IntegrityThe primary scope of a TPM (in combination with other TCG implementations) is to assure the integrity of a platform. In this context "integrity" means "behave as intended" and a "platform" is generically any computer platform - not limited to PCs or just Windows: Start the power-on boot process from a trusted condition and extend this trust until the OS has fully booted and applications running.Together with the BIOS, the TPM forms a Root of Trust: The TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. A good example can be found in Microsoft's BitLocker Drive Encryption (see below).Therefore the BIOS and the Operating System have the primary responsibility to utilize the TPM to assure platform integrity. Only then can applications and users running on that platform rely on its security characteristics such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.[edit]Disk encryptionFull disk encryption applications, such as TrueCrypt, the dm-cryptfeature of modern Linux kernels and the BitLocker Drive Encryption feature of some Windowsoperating systems, can use this technology to protect the keys used to encrypt the computer's hard disks and provide integrity authenticationfor a trusted boot pathway (i.e. BIOS, boot sector, etc.). A number of third party full disk encryption products also support the TPM chip.[edit]Password protectionAccess to keys, data or systems is often protected and requires authentication by presenting a password. If the authentication mechanism is implemented in software only, the access typically is prone to 'dictionary attacks'. Since the TPM is implemented in a dedicated hardware module, a dictionary attack prevention mechanism was built in, which effectively prevents from guessing or automated dictionary attacks, while still allowing the user for a sufficient and reasonable number of tries. With this hardware based dictionary attack prevention, the user can opt for shorter or weaker passwords which are more memorable. Without this level of protection, only passwords with high complexity would provide sufficient protection.[edit]Other uses and concernsAlmost any encryption-enabled application can in theory make use of a TPM, including:Digital rights managementSoftware license protection & enforcementOther uses exist, some of which give rise to privacyconcerns. The "physical presence" feature of the TPM addresses some of these concerns by requiring BIOS-level confirmation for operations such as activating, deactivating, clearing or changing ownership of the TPM by someone who is physically present at the console of the machine.[6][7]
To configure Windows BitLocker, a Trusted Platform Module (TPM) version 1.2 or later is typically required for enhanced security features. Additionally, a compatible operating system, such as Windows Pro or Enterprise editions, is necessary. Users must also enable BitLocker in the system settings and may need a recovery key for access in case of issues.