How Dell Encryption Encrypts Cached Credentials

Affected Products:

• Dell Security Management Server
• Dell Data Protection | Enterprise Edition
• Dell Security Management Server Virtual
• Dell Data Protection | Virtual Edition
• Dell Encryption Enterprise External Media
• Dell Data Protection | External Media Edition
• Dell Endpoint Security Suite

Affected Versions:

• v8.0.0 and Later

Cached credentials are encrypted in Shield versions 8.x.x and later. The General Purpose Key (GPK) is generated on the Shield and escrowed to an 8.x.x or later Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition Server) or Dell Security Management Server Virtual (formerly Dell Data Protection | Virtual Edition).

Not Applicable

Encryption of Cached Credentials

The TPM is used for encryption given these conditions:

• TPM drivers must be installed.
• The Shield must be able to take ownership of the TPM.
• The computer must be Dell-branded.

Managed Shields must be activated against a Dell Security Management Server or Virtual Server v8.x or later for both TPM and DPAPI. Otherwise, cached credential encryption is not used, and the Shield uses system DPAPI, which is available on all operating system platforms. The only way that the TPM or DPAPI is not used if the Dell Security Management Server version is earlier than 8.x (Dell Security Management Server Virtual was not available before this timeframe).

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.