Operation Modes

Infineon Security Platform

previous page next page

Infineon Security Platform Solution - Operation Modes

Operation Modes

Server Mode

In server mode, Server Integration Services integrate the Security Platform into a Trust Domain with centralized management.

More detailed information on server mode is available in the Technical Guide for Trusted Computing Management Server.

Preconditions for Platform enrollment and User enrollment in server mode

Explanation

Platform Enrollment

 Platform enrollment is done automatically without any user interaction.
Preconditions are:
  • The Trust Domain Platform is member of the Platform Enrollment Group (For more details, refer the Technical Guide for Trusted Computing Management Server).
  • The Trusted Platform Module is enabled and activated.
  • The Trusted Platform Module has not been initialized yet (neither by Infineon TPM Professional Package in stand-alone mode nor by Trusted Domain Server in server mode, or by any other software like Windows' Trusted Platform Module (TPM) Management).
  • The Trust Domain Platform is online, i.e. it has a network connection to the Trust Domain Server.

 

User Enrollment

 User enrollment is done interactively as in stand-alone mode, if the following preconditions are met:
Preconditions are:
  • The Trust Domain User is member of the User Enrollment Group (For more details, refer the Technical Guide for Trusted Computing Management Server).
  • The Trusted Platform Module on the user's platform is enabled and activated.
  • The Trust Domain Platform is online, i.e. it has a network connection to the Trust Domain Server.
  • The user has logged on to the domain.

Stand-alone Mode

In stand-alone mode the Security Platform is not integrated into a Trust Domain with centralized management.

Differences between Operation Modes:

The following table lists the behavior of the different user interface components in Operation Modes:

Component Stand-alone Mode Server Mode
Settings Tool This component is designed as a Control Panel Applet. Administrators and users can perform initialization, configuration of Security Platform Features and manage all the functionality of Security Platform. Configuration of all Security Platform Owner and authentication settings are automatically handled by the Trusted Computing Management Server. Advanced page and Migration page are not available.
Quick Initialization Wizard Combines platform and user initialization with default settings (recommended for most users). Platform-specific tasks are skipped, since the Trust Computing Management Server takes care of these.
Initialization Wizard Initialization, Enabling and Restoration of Security Platform Features (administrative steps). This wizard is fully functional in this mode. Initialization, Enabling and Restoration happen automatically once the client system is integrated into a Trust Domain with centralized management, i.e. the administrator does not have to perform this task. Security Platform Wizard is non-functional if platform is a member of the platform enrollment group.
User Initialization Wizard User Initialization Wizard supports initializing Security Platform Users and configuration of Security Platform Features. This wizard is fully functional in this mode. User initialization is possible only if the current user is a member of the user enrollment group specified on the Trusted Computing Management Server. This wizard is also fully functional in this mode.
Migration Wizard Migration of user-specific keys and certificates from a source platform to a destination platform comprises of user and administrative steps. This wizard is fully functional in this mode. This wizard is non-functional since migration of user-specific keys and certificates are automatically taken care by the Trusted Computing Management Server, i.e. the administrator and user do not have to perform this task.
Backup Wizard Automatic and manual Backup and Restoration comprises of user and administrative steps. Also if Personal Secure Drive (PSD) has been configured, then manual Backup and Restoration of this drive can be done.

 Backup and Restore is done by the Server Integration Services. If Personal Secure Drive (PSD) has been configured, then manual Backup and Restoration of this drive can be done.
Password Reset Wizard Resetting of Basic User Password comprises of administrative and user steps. The administrator prepares the password reset for a user and provides the Password Reset Authorization Code. The user resets his Basic User Password The Trusted Computing Management Server takes care of preparing and providing the Password Reset Authorization Code for the specific user and administrator.
There is an additional option to retrieve the Reset Authorization Code from the server.
PKCS #12 Import Wizard This wizard is used to import Personal Information Exchange files into the Security Platform and is fully functional in this mode. No change in the behavior of this wizard and is also fully functional in this mode.
Taskbar Notification Icon Perform Security Platform administrative tasks and get status-sensitive information. This application is fully functional in this mode. Tasks that server takes care without user interaction are not available in this mode.


©Infineon Technologies AG

previous page start next page