Skip to Content

EMBASSY® Security Center
The First Industry-Wide Application for
Managing Trusted Computing

TCG-Compliant Solutions for Securing Your PC

Wave Systems’ EMBASSY Security Center (ESC) delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today. ESC features a variety of secure business productivity benefits including self-encrypting drive management. The  EMBASSY Security Center is easy-to-use and is compatible with all TCG-Compliant secure hardware platforms.

ESC includes multifactor strong authentication support for hardware-secured Windows login using fingerprints, smart cards, TPMs and passwords. ESC also provides data protection, password management, TPM management, and TPM key backup/recovery. For systems containing SEDs, the EMBASSY Security Center enables activation and management of the drive’s hardware-based full disk encryption.

ESC integrates with Wave’s enterprise servers for domain-based strong authentication, for enterprise level key management, and for remote administration of self-encrypting drives (SEDs) and TPM systems. (For more information on EMBASSY Security Center or EMBASSY Remote Administration Server, please contact Wave Sales at

Key Features

TPM Management

Wave’s EMBASSY Security Center facilitates acquiring platform ownership, changing the owner password, and setting up or modifying security-based machine policies. TPM platform management features include status information verifying the state of the TPM and installed software.

Self-Encrypting Drive Management

A Self-Encrypting Drive with the Wave pre-boot authentication feature enforces policy-driven access control immediately as the drive powers up. Integration with the Windows login process for a single sign-on experience and/or synchronization with the Windows password provide additional flexibility for enterprises and ease-of-use for users without sacrificing security.

  • Activates  the advanced encryption features of Seagate, Samsung, Micron,  and all available Opal-compliant self-encrypting drives
  • Enrolls the drive administrator and users
  • Backs up the drive access credentials
  • Allows for single sign-on to Windows® and Windows password synchronization
  • Enables hardware-based pre-boot authentication to the encrypted hard drive
  • Provides password and credential recovery
  • Facilitates the instant cryptographic erase feature for secure drive repurposing
  • Seamless performance for media-speed full disk encryption
  • Eliminates the complexity and risks of software-based of full disk encryption
  • Complies with data protection regulations
  • Cost-effective compared to software-based solutions

For more information on EMBASSY Security Center’s SED management, please contact Wave Sales at

Strong Authentication

EMBASSY Security Center provides multifactor authentication which enables users to select from various authentication mechanisms including individual passwords, a master password, biometrics, smart cards, TPM PKI certificate, or specific combinations thereof. Multi-factor authentication provides an additional strong authentication mechanism and facilitates Windows login, network/domain login, computer unlock, application login, and authentication to the TPM.

Robust Password Management

Streamlined password management is provided by the EMBASSY Security Center through caching and automatic recall of passwords from TPM-secured storage, valuable for managing the myriad of passwords required by a Trusted Platform. This feature supports key passwords, migration passwords and more.

TPM Key Archive Capability

A main function of the TPM is to generate keys. As use of the TPM increases with more functions and applications, the user and enterprise need assurance that the keys are properly backed up for disaster recovery. Backup and restore of allowed TPM keys is also provided by the EMBASSY Security Center. Restoration is possible on machines having a similar TPM model and TCG Software Stack (TSS) version.

Key Benefits

Hardened Security Solution

By leveraging the intrinsic benefits of PCs with hardware security features, or TPMs, the EMBASSY Security Center optimizes security while adding flexibility and convenience to PC users in an enterprise.

Security Policies & User Preferences in One Location

The EMBASSY Security Center provides centralized management of security policies at the machine and user levels. The robust user security preferences include secure Windows login, simplified password management, fingerprint authentication, and emergency recovery of Trusted Platform keys.

Simplified Security

Additional security many times entails more complexity and even additional passwords to remember. The EMBASSY Security Center combines easy-to-use functions with a comprehensive security approach. Password management features simplify the usage of secure functions allowing users to select the password behavior desired.

TPM 1.2 Support

In addition to TPM version 1.1b, the EMBASSY Security Center supports Trusted Platforms conforming to TPM version 1.2, the latest Trusted Computing Group (TCG) standard.

PC Transfer and Recovery

When a Trusted Platform malfunctions, whether it is the Trusted Platform Module (TPM) security chip, motherboard, or hard drive, the EMBASSY Security Center has the tools to provide backup and easy recovery so that users can continue to access sensitive data and documents. These same key management functions ease the transition to a new secure PC.

Multifactor Authentication

Based on the familiar 3 factors of authentication, the EMBASSY Security Center controls secure authentication beyond passwords with the flexibility to combine (1) a password (something you know) (2) the TPM security chip (something you have), and (3) a fingerprint (something you are).

Interoperable Across Trusted Platforms

The EMBASSY Security Center enables the enterprise to deploy Trusted Platforms from multiple manufacturers using a single management system. Standardizing on the EMBASSY Security Center reduces support and training costs.

Central Management

Remote management of ESC features can be enabled using ERAS, Wave’s EMBASSY Remote Administration Server. Read more.