Intel® Identity Protection Technology
Multi-faceted security to protect enterprises from being penetrated by stolen credentials and online user account access
Protecting your identity and business data requires strong authentication that's ideally rooted in hardware. Hardware-based authentication is widely regarded by security experts as a more effective approach than software-only authentication.
Intel® Identity Protection Technology (Intel® IPT) is a suite of authentication and online access technologies designed to offer web properties, users, and enterprises with stronger, hardware-based security embedded into Intel’s platforms for better ease of use, while offering a lower cost compared with traditional hardware or SMS authentication. Intel IPT includes a multifactor authentication framework to allow enterprises to easily manage different methods of authentication, two-factor authentication with dynamic one-time password (OTP) tokens, display protection PIN entry protection with protected transaction display (PTD), hardware protected certificates with public key infrastructure (PKI).
Intel IPT with multifactor authentication (MFA)
Intel IPT with MFA is a connected framework that provides the fundamental building blocks for an end-to-end, policy-based identity and access management solution that integrates well within an IT infrastructure. It will give IT more flexibility to specify the combination of hardened authentication factors used for various enterprise applications.
A firmware-based MFA engine in the client enforces policies delivered from IT. This framework allows stronger authentication than just between the user and the platform. It now authenticates the user, platform, and the network to each other.
Intel® IPT with MFA supports three use cases:
Intel IPT with one-time password (OTP)
Intel IPT strengthens network and website access with second factor authentication using OTP tokens. When a user visits a website that uses Intel IPT from an Intel IPT-enabled device, after user opt-in, the website can provision the embedded OTP token and bind it to that user’s account. The OTP token generates a single-use password that expires after just 30 seconds. Web properties of enterprises can use this OTP token in conjunction with a username and password to get strong two-factor authentication. Since this token is built right into the device hardware, it is much more convenient for users to use and cheaper for businesses to deploy and manage. It also doesn't incur per transaction charges like SMS, which can build up over large volume usage. Intel IPT with OTP is available on all PCs using 2nd generation or later Intel® Core™ processor and select Intel® Atom™ processor tablets and phones.
Intel IPT with public key infrastructure (PKI)
Intel IPT also includes PKI support built into the device hardware, where RSA key pairs and certificates are generated in the embedded security processor. This can help authenticate a user to the device via domain/OS login and the device to the network via VPN. Enterprises already using PKI can manage Intel IPT with PKI devices using Microsoft CryptoAPI*. Intel IPT with PKI provides enterprises with hardware-based security while saving on the additional cost of traditional smart cards and readers or special-order PCs. This technology is built into all 3rd generation or later Intel® vPro™ platforms.
Intel IPT with protected transaction display (PTD)
Intel IPT with PTD can display information to the user and receive input from the user using the embedded security processor. Information displayed (e.g., PIN pad, virtual keyboard, or CAPTCHA) using PTD is designed to only be visible to a user physically present in front of the device. Users can provide input by clicking the buttons on such a PIN pad, keyboard, or other widget. Therefore, in addition to protecting user inputs, meaningful user interaction with such information helps indicate user presence. Intel IPT with PTD is available on all PCs using 3rd generation or later Intel® Core™ processor and select Intel® Atom™ processor tablets.