Glossary, Lxxvii – Lenovo ThinkVantage Client Security Solution 8.3 User Manual
Page 83
Glossary
Administrator (ThinkCentre)/Supervisor (ThinkPad)
BIOS Password
The administrator or supervisor password is used
to control the ability to change BIOS settings. This
includes the capability to enable or disable the
embedded security chip and to clear the Storage
Root Key stored within the Trusted Platform Module.
Advanced Encryption Standard (AES)
Advanced Encryption Standard is a symmetric
key encryption technique. The U.S. Government
adopted the algorithm as its encryption technique
in October 2000, replacing the DES encryption it
used. AES offers higher security against brute-force
attack than the 56-bit DES keys, and AES can use
128, 192 and 256-bit keys, if necessary.
Cryptography systems
Cryptography systems can be broadly classified
into symmetric-key encryption that use a single
key that both encrypts and decrypts the data, and
Public-key encryption that use two keys, a public
key known to everyone and a private key that only
the owner of the key pair has access to.
Embedded Security Chip
The embedded security chip is another name for a
Trusted Platform Module.
Public-key/Asymmetric-key encryption
Public-key algorithms typically use a pair of two
related keys — one key is private and must be kept
secret, while the other is made public and can
be widely distributed; it should not be possible
to deduce one key of a pair given the other. The
terminology of "public-key cryptography" derives
from the idea of making part of the key public
information. The term asymmetric-key cryptography
is also used because not all parties hold the same
information. In a sense, one key "locks" a lock
(encrypts); but a different key is required to unlock
it (decrypt).
Storage Root Key (SRK)
The storage root key (SRK) is a 2,048-bit (or larger)
public key pair. It is initially empty and is created
when the TPM owner is assigned. This key pair
never leaves the embedded security chip. It is used
to encrypt (wrap) private keys for storage outside
the Trusted Platform Module and to decrypt them
when they are loaded back into the Trusted Platform
Module. The SRK can be cleared by anyone that
has access to the BIOS.