EMBASSY® Security Center
Frequently Asked Questions
Click on the question to show the answer. Expand All Answers
What is the EMBASSY Security Center?
The EMBASSY Security Center (ESC) is a software application that will extensively help users manage and simplify use of the Trusted Platform Module (TPM) security chip.
At the same time, ESC supports Enterprise IT deployments by allowing to define, through Windows Security Policies, the specific features of ESC that users may modify and those which they may not modify.
What is Secure Windows Login?
Secure Windows Login allows users to use fingerprint and /or smartCard authentication and leverage security aspects of the TPM during the Windows login process.
ESC security settings allow the specification of two factor authentication (password and fingerprint) if desired. Users can configure ESC to use any combination of Windows password and fingerprint for both Windows login, Windows unlock, and TCG Security Password Vault authentication.
Can I upgrade my Dell D-Family PC with Dell PBA 126.96.36.199 and will I get the new ETS features?
No, you cannot upgrade your x30 series D-Family laptops to the latest version of ETS for Dell. The last version of ETS for Dell compatible with x30 series D-family laptops that are available on http://support.dell.com is 188.8.131.52. Most new features that appear in the latest versions of ETS for Dell require Dell Latitude E-Family specific hardware components and are therefore not supported on D-Family machines.
What are the differences between Dell PBA 184.108.40.206 and Dell PBA 220.127.116.11?
Dell PBA 18.104.22.168 includes the following new capabilities:
- Support for Samsung and all OPAL-compliant self-encrypting drives.
- Advanced Windows Logon features for Seagate Momentus™ Full Disk Encryption (FDE) drives.
- Single sign-on to Windows – increases security while reducing costs associated with password management.
- Windows password synchronization – support for existing password policies ensures ease of use. <
- New Multi-factor Authentication options for Dell Preboot.
- Enhanced Security and Usability for Fingerprint Authentication.
- Integration with Dell ControlPoint and ControlVault.
Does my existing EMBASSY Remote Administration Server (ERAS) support Dell PBA 22.214.171.124?
Yes. All supported versions of ERAS are fully compatible with Dell PBA 126.96.36.199. In addition to managing the security features of FDE hard drives, ERAS is used to activate TPMs to secure data on client machines and to protect access to corporate networks.
What are the Dell Systems which can take advantage of all new features included in ETS for Dell PBA 188.8.131.52?
Dell Latitude E4200, E4300, E5400, E5500, E6400, E6400 ATG, E6500
Dell Precision Mobile Workstation M2400, M4400
Does the Dell E4300 ultraportable laptop support Seagate Momentus FDE hard drives?
Yes. The Dell E4300 laptop uses a 2.5” hard drive and therefore is compatible with Seagate FDE drives. However, the Dell E4200 laptop uses solid state drive technology and is compatible with the Samsung line of solid state self-encrypting drives. These drives can be purchased from Dell and managed by ETS for Dell version 184.108.40.206.
Where can I find Wave EMBASSY Security Center on Dell Latitude E-Family and Precision Mobile Workstations?
For Dell PCs, where Dell ControlPoint is installed, Wave ETS software is launched from Dell ControlPoint Security Manager. However, ETS can be launched directly on these systems by going to Start -> All Programs -> Dell ControlPoint -> Security Manager -> Advanced -> EMBASSY Security Center.
Do I need to upgrade to Dell PBA 220.127.116.11 to support Seagate Momentus 7200 RPM FDE hard drives?
No. Previous ETS versions that contain Trusted Drive Manager will support both Seagate Momentus 5400 and 7200 RPM FDE drives.
How does Dell PBA 18.104.22.168 use Dell ControlVault?
Dell PBA 22.214.171.124 uses the Dell ControlVault for securely storing fingerprint templates and other authentication information for an enhanced Preboot authentication experience.
Do Dell Latitude™ E-Family Laptops and Precision™ Mobile Workstations ship with a Trusted Platform Module (TPM)?
Yes. These business class PCs come standard with a TPM that conforms to v 1.2 of the Trusted Computing Group specification. These machines incorporate a TPM as part of an integrated security chip that also includes Dell ControlVault, a hardware container used for storing secrets such as passwords and fingerprint templates.
What is Dell ControlPoint (DCP) and how does EMBASSY Trust Suite (ETS) integrate with it?
Dell ControlPoint is a new Dell application framework that provides an integrated and easy to use interface for managing laptop features including system, network and security settings. To enable security features, DCP utilizes Dell PBA 126.96.36.199. Users simply select which top level features to activate from DCP which in turn launches ETS for Dell. Once ETS is in use, users have the options of managing an FDE hard drive and a Trusted Platform Module (TPM), for application solutions such as full disk encryption and enabling strong pre-boot and multi-factor authentication.
Why are some options greyed out within EMBASSY Security Center?
Users may notice that certain functions in ESC are greyed out (inactive).
This could be caused by one of the two following reasons:
- You do not have the privileges to use those functions (you need to have administrative rights)
- You may not have enabled a function of ESC for which other functions are used. For example, The Trusted Platform Module contains an Owner tab. Within the Owner tab there is an option to Change the owner’s password. However, that option will remain greyed out until TPM Ownership is established and a password is set. Once the password has been set, the Change button will become available.
- What is the Trusted Software Stack (TSS)?
What is the Fingerprint Option?
Embassy Security Center gives users the option of using biometric authentication (fingerprint swipe) for logging into their Windows account, and to access additional components within ESC.
Users should note the following important items regarding fingerprint sensors:
- Users must ensure that fingerprints are properly enrolled before enabling Secure Windows Login and Preboot Single Sign On option.
- ESC supports a single fingerprint biometric device for each PC.
- Switching back and forth between two different fingerprint devices is not recommended. Should it be necessary to change biometric devices on a particular PC, users must re-enroll fingerprints using the new device.
What does the TPM Status bar indicate?
The TPM Status tab in the EMBASSY Security Center provides information on the current status for the TPM, related components of the system. It provides information on the security hardware and software installed, including:
- TPM Chip enabled state
- TPM Owner initialization state
- TPM Information – including Manufacturer, TPM Version, TSS Vendor and TSS Version information
- Wave Systems Software Information – including EMBASSY Security Center Version, KTM Version, CSP Name and CSP Version
Taking ownership is the first step to enabling TPM security . Use the Owner tab within EMBASSY Security Center to establish ownership of this TPM. Ownership must be taken, in order for the security functions of EMBASSY Security Center and other security applications to function properly.
Taking ownership of a TPM is essentially enabling the TPM to function, thereby allowing users to leverage the security available with a TPM. TPMs must have ownership taken, in order to function with most software applications. Before ownership may be established, the TPM security chip must be enabled (check your PC manufacturer’s documentation for instructions; this is typically done in the BIOS).
During the process to establish ownership, the user will define the TPM Owner password. Once this password is defined, ownership is established and the TPM is ready for use. On certain systems, users may notice that the Establish ownership button is inactive (not selectable). If this is the case, ownership of the TPM has already been established and the TPM is ready for use.
Users should ensure that the TPM Owner Password is not lost. The TPM Owner Password is required for certain advanced functions of the TPM. If this password needs to be changed, the TPM Owner may simply select Change and be guided through the process.
Does the Embassy Trust Suite Secure Login feature work with a Novell Client?
The Secure Login function of the Embassy Trust Suite has not been adapted to network login using a Novell Client. To use the Secure Login features, you will need to use the Windows GINA Login functionality.
What is TCG-Enabled CSP?
TCG-enabled refers to the Trusted Computer Groups standard for Cryptographic Services.
CSP is the Cryptographic Service Provider. The Wave TCG-Enabled CSP is included with the EMBASSY Security Center and is available for use whenever a CSP is required. Either directly called from an application or selectable from a list of installed CSPs.
What is the TCG Security Password Vault?
The TCG Security Password Vault is where ESC will store the individual TPM Key Passwords that it is managing for the current user. The Password Vault is secured by the TPM. Access to the Password Vault is only granted after a valid authentication is performed. Users may authenticate use of the Password Vault with their Windows Password and/or a fingerprint biometric.
The value of ESC’s Password Vault becomes apparent once users begin using TPM-based applications regularly. Typically, each application will create at least one TPM Key, often more, and use them to protect various types of data. Each TPM Key requires the creation of another password. One can see this could quickly become difficult for users to manage.
The ESC Password Vault solves this problem for users without undermining security. ESC allows users to save individual TPM Key passwords to the Password Vault. When TPM Keys are needed by an application, ESC retrieves them from the Password Vault. Users gain access to the Password Vault by simply entering their Windows Password and/or their fingerprint.
If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.