| |
|
DigitalPersona Pro
Workgroup
|
DigitalPersona Pro
Enterprise
|
DigitalPersona Pro
Kiosk
|
Administration
|
|
|
General administration
|
Through browser-based management console |
Through Active Directory tools (MMC and ADUC) |
Through Active Directory tools (MMC and ADUC) |
| |
Initial connection between server and managed PCs
|
Through "connection" file deployed via email or via Active Directory |
Managed PCs automatically connect to the server |
Managed PCs automatically connect to the server |
| |
Granular policies
|
IT Manager can create groups and organize managed PCs from the server, or create group-specific connection files and assign PCs upon first connection to the server |
IT Manager can deploy security and authentication policies to specific Organizational Units within Active Directory |
IT Manager can deploy security and authentication policies to specific Organizational Units within Active Directory |
| |
Authentication policies
|
Besides group-based policies, allows different authentication policies for:
- Computer logon vs. within Windows
- Local administrators vs. standard users
|
Besides Organizational Unit-based policies, allows different authentication policies for:
- Computer logon vs. within Windows
- Local administrators vs. standard users
|
Authentication policies can be set by Organizational Unit.
|
Available security applications
|
|
Full disk encryption |
AES algorithm with 256 bit key length. Encrypts all sectors of the hard drive. Includes pre-boot authentication.
|
AES algorithm with 256 bit key length. Encrypts all sectors of the hard drive. Includes pre-boot authentication.
|
—
|
| |
Fingerprint biometrics |
Available (see Technical Requirements for additional information) |
Available (see Technical Requirements for addtional information) |
Available (see Technical Requirements for addtional information) |
| |
Multi-credential authenticaton |
Supports password, fingerprints, smartcards, face recognition (see Technical Requirements for additional information) |
Supports password, fingerprints, smartcards, face recognition (see Technical Requirements for additional information) |
—
|
| |
Access recovery |
Includes recovery for BIOS (select computer only), full disk encryption, and Windows |
Includes recovery for BIOS (select computer only), full disk encryption, and Windows |
—
|
| |
Single sign-on & password manager |
Available (see Technical Requirements for additional information)
|
Available (see Technical Requirements for additional information)
|
Available (see Technical Requirements for additional information)
|
| |
Two-factor authentication for VPN |
—
|
Available (see Technical Requirements for additional information)
|
—
|
| |
Digital signature and encryption for email and documents |
—
|
Available (See Technical requirements for additional information)
|
—
|
| |
Roaming of user credentials |
—
|
Allows roaming of user credentials (e.g. fingerprints) and other data (e.g. passwords for applications used with Single Sign-On) to any computer within the domain |
Allows roaming of user credentials (e.g. fingerprints) and other data (e.g. passwords for applications used with Single Sign-On) to any computer within the domain |
| |
Support for shared PCs and kiosks |
—
|
—
|
Allows quick identification of users based on fingerprints. No username or other credentials required. |
Technical Requirements
|
|
|
General network requirements |
Network with DNS |
Active Directory network |
Active Directory network |
| |
Components |
- Server software
- Client software
- DigitalPersona Pro Workstation for Workgroup; OR,
- HP ProtectTools 2010 plus Workgroup Add-on
|
- Server software (ncludes Administration tools)
- Client software
- DigitalPersona Pro Workstation for Enterprise; OR,
- HP ProtectTools 2010 plus Enterprise Add-on
|
- Server software (includes Administration tools)
- Client software: DigitalPersona Pro Kiosk client
|
|
Server operating system |
- Windows Vista (32 and 64 bits)
- Windows 7 (32 and 64 bits)
- Windows Server 2008
|
- Windows Server 2003
- WIndows Server 2008
|
- Windows Server 2003
- WIndows Server 2008
|
| |
Client operating system |
- Windows 7 (32 and 64 bits)
- Windows Vista (32 and 64 bits)
- Windows XP (32 bits)
|
- Windows 7 (32 and 64 bits)
- Windows Vista (32 and 64 bits)
- Windows XP (32 bits and 64 bits)
|
- Windows 7 (32 and 64 bits)
- Windows Vista (32 and 64 bits)
- Windows XP (32 bits and 64 bits)
|
| |
Requirements for Single Sign-On |
Single Sign-On module supports
- Internet Explorer 6 or later
- Firefox 2 or later
|
Single Sign-On module supports
- Internet Explorer 6 or later
- Firefox 2 or later
|
Single Sign-On module supports
- Internet Explorer 6 or later
- Firefox 2 or later
|
| |
Requirements for two-factor VPN authentication |
Supports most RADIUS-based Virtual Private Networks (SSL and IPSEC).
Requires one-time passwords generated using OATH-compliant tokens.
|
Supports most RADIUS-based Virtual Private Networks (SSL and IPSEC).
Requires one-time passwords generated using OATH-compliant tokens.
|
—
|
| |
Requirements for digital signature and encryption for email and documents |
—
|
Secure Communications module supports
- Microsoft Office 2007 or later
- Microsoft Outlook 2003 or later
- Adobe Acrobat Professional 8 or later
|
—
|
| |
Supported fingerprint readers |
DigitalPersona Pro client software:
- Most commercial fingerprint readers built-in into notebooks (e.g. Authentec 2501, 2550 and 2810, Upek Touch Chip, Validity VFS201 and VFS301)
- Validity VFS451 (allows match-on-chip configuration)
- FingerPro
- U.are.U 4500
HP ProtectTools 2010:
- Validity VFS451 (requires match-on-chip configuration)
|
DigitalPersona Pro client software:
- Most commercial fingerprint readers built-in into notebooks (e.g. Authentec 2501, 2550 and 2810, Upek Touch Chip, Validity VFS201 and VFS301)
- Validity VFS451 (allows match-on-chip configuration)
- FingerPro
- U.are.U 4500
HP ProtectTools 2010:
- Validity VFS451 (requires match-on-chip configuration)
|
- Most commercial fingerprint readers built-in into notebooks (e.g. Authentec 2501, 2550 and 2810, Upek Touch Chip, Validity VFS201 and VFS301)
- Validity VFS451 (allows match-on-chip configuration)
- FingerPro
- U.are.U 4500
|
|
Supported smart cards |
- HP Java cards (support in pre-boot and Windows)
|
- Most smarcards based on PKCS#11 and CSP standards (support in Windows only)
|
|
| |
|
|
|
|