EMBASSY® Security Center

Frequently Asked Questions

Click on the question to show the answer. Expand All Answers

What is TCG-Enabled CSP?
TCG-enabled refers to the Trusted Computer Groups standard for Cryptographic Services.

CSP is the Cryptographic Service Provider. The Wave TCG-Enabled CSP is included with the EMBASSY Security Center and is available for use whenever a CSP is required ï¿½ either directly called from an application or selectable from a list of installed CSPs.

Visit the following links for further information:
- http://www.wave.com/products/csp.asp
- Trusted Computing Group
I am receiving an error which states the EULA.txt file can not be located?
There has been instances, when the EULA.txt file is not found giving the following error:

"The End User License Agreement(EULA) could not be located."

Look at the following Knowledge Base Article for details on how to solve this.
How to Delete Users Fingerprint Credentials from the computer?
The following steps outline how to delete fingerprints using the ESC enrollment wizard.
- Click Start/All Programs
- Navigate to Wave Systems Corp.
- Choose EMBASSY Security Center
- Click Preboot Manager
- Click Enroll/Update Fingerprints
- Click Select
- Click Locations (This allows you to choose local users or domain users.)
- Click Advanced
- Enter part or all of the username you want to un-enroll fingerprints for.
- Click " Find Now ";
- Choose the user you want and click OK
- Swipe your finger to authenticate
- You are now presented with a screen that shows 2 hands.
- Click on a fingerprint. A screen will appear that says: " Do you want to delete this fingerprint? "
- Click Yes
- Continue this process until all fingerprints have been deleted.
See Also:

Steps to Delete Users Fingerprints Credentials
Meeting Maker crashes with the Embassy Suite installed. I see the following error: "Faulting application mm.exe, faulting module biolsp.dll, version 1.2.1.38, fault address 0x00004a12."
There is a known error running MeetingMaker with the EMBASSY Trust Suite. To resolve this issue you will have to install a patch. Download the Patch.
Does the Embassy Trust Suite Secure Login feature work with a Novell Client?
The Secure Login function of the Embassy Trust Suite has not been adapted to network login using a Novell Client. To use the Secure Login features, you will need to use the Windows GINA Login functionality.
After the installation of Internet Explorer 7.0 the user will receive an initialization error when attempting to access the Embassy Security Center management tool (also referred to as ESC). The error reports "Failed to Initialize" and ESC will fail to load and exits. Additional errors may include "The application could not launch. Please try again."
Embassy Security Center now works with Internet Explorer 7.

The following are IE7 compliant:
- Dell Enterprise ETS 2.3
- Dell Enterprise ETS 3.x
- Wave ETS 5.3
- Wave ETS 6.x
- Dell PBA 1.2 (A11)
- Dell PBA 2.x (A15)
If you are running Dell PBA software, you will need to go to the Dell Website and download the latest version.

If you have an Enterprise version that is not IE7 compliant you will need to purchase an upgrade.
I just upgraded my Internet Explorer from IE6 to IE7, and the Embassy Security Center will not load.
Embassy Security Center now works with Internet Explorer 7.

The following are IE7 compliant:
- Dell Enterprise ETS 2.3
- Dell Enterprise ETS 3.x
- Wave ETS 5.3
- Wave ETS 6.x
- Dell PBA 1.2 (A11)
- Dell PBA 2.x (A15)
If you are running Dell PBA software, you will need to go to the Dell Website and download the latest version.

If you have an Enterprise version that is not IE7 compliant you will need to purchase an upgrade.
What is the Trusted Stack Software (TSS)?
The TSS is a software specification that provides a standard API for accessing the functions of the TPM.

Please visit the Trusted Computing Group website for further information on TSS specifications.
- Trusted Computing Group TSS FAQ
- Trusted Computing Group TSS 1.2 Specs FAQ
Is EMBASSY® Trust Suite compatible with Vista?
EMBASSY Trust Suite and Vista Compatibility

Dell has released ETS "Lite" for Vista as version A14. This package includes Embassy Trust Suite, UPEK drivers, and the NTRU TSS. If your system shipped with a pre-installed copy of Embassy Trust Suite, you can obtain the Vista-compatible version from the Dell website.

*** NOTE: Please follow the upgrade instructions found HERE. ***

ETS Enterprise Security Dell Edition 3.x and Wave ETS 6.x fully support the Windows Vista OS.

Previous versions of these products do not support the Windows Vista OS.

Upgrading to a Vista-compatible version of ETS
- Dell customers should visit the Dell website for updates. (For more information on obtaining updates for your Dell computer, please see this page.)
- If you purchased ETS Enterprise through Envoy Data or Dell, you will need to purchase a new license.
What is the EMBASSY Security Center?
The EMBASSY Security Center (ESC) is a software application that will extensively help users manage and simplify use of the Trusted Platform Module (TPM) security chip.

At the same time, ESC supports Enterprise IT deployments by allowing to define, through Windows Security Policies, the specific features of ESC that users may modify and those which they may not modify.

Visit our product page for further information in the products/solutions we offer.
Why are some options greyed out in EMBASSY Security Center?
Users may notice that certain functions in ESC are ghosted (inactive).

This could be caused by one of the two following reasons.
- First, users may not yet have enabled a function of ESC for which other functions are used. A good example of this is on the "User Tab," where many of the functions will remain ghosted until the user performs initialization and enables the TCG Security Password Vault.
- You do not have the privilidges to use those functions (need to have administrative rights)
How do I tell if my TPM chip is working?
The Status tab in the EMBASSY Security Center provides information on the current status for the TPM-related components of the system. This tab provides information on the security hardware and software installed including:
- TPM Chip-enabled state
- TPM Owner initialization state
- TPM Information including: Manufacturer
- TPM Version
- TSS Vendor
- TSS Version information
- Wave Systems Software Information including:
  - EMBASSY Security Center Version
  - KTM Version
  - CSP Name
  - CSP Version
What is the Fingerprint Option?
Embassy Security Center gives users the option of using a fingerprint biometric for logging into their Windows account for gaining access to their TCG Security Password Vault.

ESC supports biometric devices that use the AuthenTec AES3500 and AES4000 fingerprint sensors and associated AuthenTec drivers. Check the specification information for fingerprint devices to ensure they are supported in ESC.

Users should note the following important items regarding fingerprint sensors:
1. Users must ensure that fingerprints are properly enrolled before enabling fingerprint authentication capabilities.
2. ESC supports a single fingerprint biometric device for each PC.
3. Switching back and forth between two different fingerprint devices is not recommended. Should it be necessary to change biometric devices on a particular PC, users must re-enroll fingers with the new device.
4. Occasionally, users may experience repeated "Sensor Lost Focus" messages when trying to perform a fingerprint scan. When this occurs, it is likely that the PC is not recognizing the fingerprint device. Users should simply disconnect and then reconnect the fingerprint device to have it recognized by the PC.
Note for Dell Preboot Manager: UPEK Swipe sensor is required for Dell Preboot Authentication (either built in or external)
What does the TPM Status?
The TPM Status tab in the EMBASSY Security Center provides information on the current status for the TPM, related components of the system. It provides information on the security hardware and software installed, including:
- TPM Chip enabled state
- TPM Owner initialization state
- TPM Information - including Manufacturer, TPM Version, TSS Vendor and TSS Version information
- Wave Systems Software Information - including EMBASSY Security Center Version, KTM Version, CSP Name and CSP Version
Taking ownership is the first step to enabling TPM security . Use the Owner tab within EMBASSY Security Center to establish ownership of this TPM. Ownership must be taken, in order for the security functions of EMBASSY Security Center and other security applications to function properly.

Taking ownership of a TPM is essentially enabling the TPM to function, thereby allowing users to leverage the security available with a TPM. TPMs must have ownership taken, in order to function with most software applications. Before ownership may be established, the TPM security chip must be enabled (check your PC manufacturer's documentation for instructions; this is typically done in BIOS).

During the process to establish ownership, the user will define the TPM Owner password. Once this password is defined , ownership is established and the TPM is ready for use. On certain systems, users may notice that the Establish ownership button is inactive (not selectable). If this is the case, ownership of the TPM has already been established and the TPM is ready for use.

Users should ensure that the TPM Owner Password is not lost. The TPM Owner Password is required for certain advanced functions of the TPM. If this password needs to be changed, the TPM Owner may simply select Change and be guided through the process .
What is Secure Windows Login?
Secure Windows Login allows users to use fingerprint authentication and leverage security aspects of the TPM during the Windows login process.

ESC Security Settings allow the specification of two factor authentication (Password and Fingerprint) if desired. On systems that have a fingerprint sensor, users can configure ESC to use any combination of Windows Password and fingerprint for both TCG Security Password Vault authentication and Windows Login and Windows Unlock authentication
What is the TCG Security Password Vault?
The TCG Security Password Vault is where ESC will store the individual TPM Key Passwords that it is managing for the current user. The Password Vault is secured by the TPM. Access to the Password Vault is only granted after a valid authentication is performed. Users may authenticate use of the Password Vault with their Windows Password and/or a fingerprint biometric.

The value of ESC's Password Vault becomes apparent once users begin using TPM-based applications regularly. Typically, each application will create at least one TPM Key, often more, and use them to protect various type of data. Each TPM Key requires the creation of another password. One can see this could quickly become difficult for users to manage.

The ESC Password Vault solves this problem for users without undermining security. ESC allows users to save individual TPM Key passwords to the Password Vault. When TPM Keys are needed by an application, ESC retrieves them from the Password Vault. Users gain access to the Password Vault by simply entering their Windows Password and/or their fingerprint.
How do I change the TPM Owner Password?
Change Password launches a simple change password dialog. The original TPM Owner Password must be entered before the new TPM Owner Password will take effect.

Users must ensure that the TPM Owner Password conforms to the password rules defined by PC Manufacturer. Consult the PC Manufacturer's documentation to determine the password rules for the PC.
What are TPM Security Policies?
ESC Security Policies define the specific security-related actions that are allowed or disallowed for the given PC or user on a PC.

ESC allows for policies to be set around password Vault enable/disable, types and frequency of authentication for Vault access, key archiving and more. ESC allows IT Administrators to define policies that are unchangeable by users. Should users find that they are not able to change certain ESC Security Policies, they should check with their IT department about gaining access.

Note: Only an Administrator may modify TPM Security Policies
How do TPMs compare with SmartCards or Biometrics?
They are complementary to the TPM, which is considered a fixed token that can be used to enhance user authentication, data, communications, and/or platform security.

A smartcard is a portable token traditionally used to provide more secure authentication for a specific user across multiple systems, while biometrics are providing that functionality in an increasing number of systems. Both technologies have a role in the design of more secure computing environments.
The status bar under User Initialization shows Vault Invalid. What does that mean?
If this option appears, the user's Password Vault has become unreadable.

Users must reinitialize and then add the individual key passwords to the Vault. Users that have Key Transfer Manager installed will be able to restore their TCG Security Password Vault from a key archive.
How do I activate EMBASSY Security Center?
Users should activate their EMBASSY Security Center as soon as the installation is complete.

Simply launch EMBASSY Security Center and follow the prompts. In order to complete the activation, users will need the product activation code that was delivered with the product. User will only have to activate the product once and in the case where EMBASSY Security Center is installed as part of the EMBASSY Trust Suite (ETS), this single activation will activate all of the ETS applications.

If users do not activate the product within 10 days, the pre-activation period ends and users must activate to continuing using the product.

Additional Support

If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.

Support Request Form