Motion Computing le1600 부록 매뉴얼

 

Customer Whitepaper:  Motion Tablet PC Security Basics, Rev A03 

Page 6 

 

 
The Motion Tablet PC has several security mechanisms built-in and ready to go for out-of-the-box 
protection. They can be enabled using the pre-installed software applications, by developing or 
using your own applications, or by installing a third-party application. Most of the built-in security 
technologies have software development kits available for custom development. Motion’s 
technology partners also have business relationships with many third-party software vendors that 
have already developed or qualified the Motion Tablet PC for use with their applications.  
 
Fingerprint Reader 
The Motion Tablet PC includes a built-in fingerprint reader.  Biometric authentication has two 
primary advantages over usernames and passwords.  First, it is more difficult to hack a fingerprint 
than a password.  Second, users don’t have to worry about forgetting passwords and calling the 
IT department.  Using passwords and biometric authentication together is more powerful than 
using either option by itself.   
 
With the fingerprint reader you can securely and conveniently identify yourself with your 
fingerprint to applications requesting user authentication. The Motion OmniPass software 
application enables you to use the fingerprint for Windows logon, VPN authentication, file and 
folder encryption, and various web-based authentication requests. 
 
Trusted Platform Module (TPM) 
Motion’s tablets also include a built-in Trusted Computing Group 1.1b compliant TPM.  The TPM 
is a self contained, secure micro-controller that is attached to the tablet PC motherboard.  When 
enabled and configured, it provides the core level of trust for the platform security.  It does this by 
storing sensitive data within the chip, instead of in the more vulnerable hard drive, providing 
authentication for the platform, protecting cryptographic functions, and communicating the 
attestable trust state of the platform.  For example, an organization’s security policy may require 
all machines that access the network to have a registered TPM.  This prevents unknown 
machines from accessing the network and sensitive data.  If you use a digital certificate to sign 
and encrypt email, you can store the keys for the certificate in the TPM.    
 
The TPM can integrate with most secure applications that use Public Key Infrastructure (PKI) 
solutions through the Microsoft CryptoAPI or PKCS#11 interface.  It uses 2048 bit RSA 
encryption to protect keys and secrets. 
 
With the Motion OmniPass software application, you can use the TPM to enable strong 
encryption algorithms as well as for user and platform authentication. The Infineon TPM software 
application provides a personal encrypted hard drive partition and various maintenance functions. 
Some other applications that are also strengthened by the TPM include Check Point VPN/FW, 
Entrust Enterprise PKI Solution, Internet Explorer, Adobe Acrobat, Verisign PKI, RADIUS EAP, 
Netscape, NS Messenger Sun ONE PKI, and PGP. 
 
Data Execution Prevention (DEP) and Execute Disable 
DEP, a built-in OS level software technology, and Execute-Disable, a CPU hardware feature, 
enables stronger memory-protection policies to help prevent malicious code from executing in the 
data page segment of memory. The technology can help prevent block viruses and malicious 
code from taking advantage of exception-handling mechanisms in Windows.  The Intel chipset 
combined with Windows XP Tablet PC Edition 2005 makes this technology available to every 
customer. 
 
BIOS Level Security 
The Motion tablet PC BIOS has several security features. The BIOS is built-in software that is 
separate from the operating system.  It controls the keyboard, display screen, disk drives, as well 
as communication devices.  If the operating system is damaged, the computer will still be able to