ࡱ> Y Sbjbj(((( 5JBJB$UJ(J(++++++8",,\+la"-Rt0:0002hi:l<8```````$^cf6`9+ >12 > >`J(J(00O&aINININ >pJ(0+0`IN >`ININU]*%_0 ^SyA+}>2!^` > >``L > > >la > > > >6g > > > > > > > > > ': BitLocker Drive Encryption - Glossary May 16, 2006 Abstract This paper provides an authoritative definition of the words that are used in the Microsoft BitLocker"! Drive Encryption documentation. Its primary aim is to standardize the language of BitLocker documents to reduce confusion and offer assistance. This information applies for the Microsoft Windows Vista"! operating system. The current version of this paper is maintained on the Web at:  HYPERLINK "http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerGlossary.mspx" http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerGlossary.mspx Contents  TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc135211677" Glossary  PAGEREF _Toc135211677 \h 3  HYPERLINK \l "_Toc135211678" A  PAGEREF _Toc135211678 \h 3  HYPERLINK \l "_Toc135211679" B  PAGEREF _Toc135211679 \h 3  HYPERLINK \l "_Toc135211680" C  PAGEREF _Toc135211680 \h 4  HYPERLINK \l "_Toc135211681" D  PAGEREF _Toc135211681 \h 4  HYPERLINK \l "_Toc135211682" E  PAGEREF _Toc135211682 \h 5  HYPERLINK \l "_Toc135211683" F  PAGEREF _Toc135211683 \h 5  HYPERLINK \l "_Toc135211684" G  PAGEREF _Toc135211684 \h 5  HYPERLINK \l "_Toc135211685" H  PAGEREF _Toc135211685 \h 6  HYPERLINK \l "_Toc135211686" I  PAGEREF _Toc135211686 \h 6  HYPERLINK \l "_Toc135211687" K  PAGEREF _Toc135211687 \h 6  HYPERLINK \l "_Toc135211688" L  PAGEREF _Toc135211688 \h 6  HYPERLINK \l "_Toc135211689" M  PAGEREF _Toc135211689 \h 6  HYPERLINK \l "_Toc135211690" O  PAGEREF _Toc135211690 \h 7  HYPERLINK \l "_Toc135211691" P  PAGEREF _Toc135211691 \h 7  HYPERLINK \l "_Toc135211692" R  PAGEREF _Toc135211692 \h 8  HYPERLINK \l "_Toc135211693" S  PAGEREF _Toc135211693 \h 8  HYPERLINK \l "_Toc135211694" T  PAGEREF _Toc135211694 \h 9  HYPERLINK \l "_Toc135211695" U  PAGEREF _Toc135211695 \h 9  HYPERLINK \l "_Toc135211696" V  PAGEREF _Toc135211696 \h 9  Disclaimer This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred. 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Glossary A active partition See partition, primary. anti-hammering Software or hardware methods that increase the difficulty and cost of a brute-force attack on a PIN or password. In BitLocker, the TPM is used to prevent hammering. authentication method Identified by a GUID, a combination of one or more of the following elements: PIN, recovery password, recovery key external media key, and TPM. These elements are combined to protect the VMK. The authentication method GUID can be used to retrieve the elements that are used (assuming volume is unlocked because VMK is required), a label for the method (optional), and a date and time that the method was created. The elements inside a method form an AND condition (for example, external media key AND PIN). Multiple authentication methods provide an OR condition (a method for recovery, a method for normal boot). B BCD Boot Configuration Data binary large object (BLOB) In BitLocker, any cryptographically-protected piece of data. For example, the VMK is sealed to the TPM but the resulting BLOB that the TPM_Seal operation returns is actually stored on disk. Similarly, the VMK can be encrypted by a clear key, external key, or recovery password and stored on disk as a BLOB. The BLOB is the cryptographic keyhole into which the keys fit. It takes both the BLOB and the key to start decryption. BIOS boot order A list of all potential bootable devices and a certain ordering in which a boot is attempted on it. If the boot on the first device on the list does not yield a valid boot sector, the BIOS proceeds with the next device in the list. A valid boot sector is structureless, 512 bytes long, and marked with 0x55 0xAA as the last two bytes. After the BIOS has loaded this sector, it starts its execution with the first byte. For any BitLocker setup that involves the TPM, it is very important that the disk that contains the system volume is the first entry in this list and not the CDROM drive or anything else. Any change to the boot sector on a device before the system volume causes BitLocker to enter recovery mode. BitLocker Drive Encryption A Windows Vista feature that provides full-volume encryption. BitLocker disabled A mode in which the disk volume is encrypted, but the FVEK that is used to encrypt the operating system volume is freely available by using a clear key to access the VMK. Although encryption is involved, security is effectively disabled. This mode is used to upgrade system hardware or perform other actions that could trigger recovery mode. BitLocker enabled (or on) A mode in which data on the volume is encrypted as it is written and decrypted as it is read. When the computer starts, one of the following conditions is required to decrypt the VMK and access the volume: Successful validation of critical early boot components by the TPM. Successful validation of critical early boot components by the TPM (in conjunction with a startup key or PIN, if configured) Input of a recovery password Insertion of a USB flash drive that contains a recovery key. BitLocker off A mode in which protection is off on a disk volume, the disk volume is not encrypted, and BitLocker protection is not in effect. This is a disk volume with a standard clear text file format. BLOB binary large object Boot Configuration Data (BCD) The parameters that affect boot-time operations and contain information on the environment that existed in the system when BitLocker was first turned on. This data is used as a benchmark the next time the system is started. boot partition See partition. boot sector The first 512 bytes of sector 0 of a partition, disk, or floppy drive. If the sector size of this partition or device is bigger than 512 bytes, the remaining space is unused and is called slack space. C clear key The key that is stored in the clear on the disk volume. This key is used to freely access the VMK, and in turn, the FVEK when BitLocker protection is disabled but the disk volume remains encrypted. See BitLocker disabled. D data at rest Data that is not protected by the operating system. For example, a hibernation file with current user documents might not be directly protected by the operating system. decrypt To take encrypted data and make it accessible to anyone. A decrypted volume is not cryptographically secured. This is different from the disabled mode because the data on a decrypted volume is accessible without any keys. diffusion The property of a cryptographic algorithm to ensure that a change in a few input bits leads to potential changes in many of the output bits. Diffusion is an option in BitLocker and is on by default. disabled mode A mode in which a key is stored in the clear on the disk and is used to encrypt the VMK, which is used to encrypt the FVEK. Although encryption is involved, security is effectively disabled. drive sanitation Forced recovery of a BitLocker-protected volume by removing all the key BLOBs that could have decrypted the disk, except the recovery BLOBs. This prevents anyone from accessing the data unless that person has a recovery key or password. E EFS Encrypting File System encrypt To cryptographically secure data so that users without a key cannot access it. Encrypting File System (EFS) A Windows feature that provides the option to store files or folders in an encrypted form. EFS is typically used for data files, such as Microsoft Word documents or Microsoft Excel spreadsheets. external key A file that contains information to access cryptographically locked data, which is stored away from the system, such as on a USB flash drive. Both a startup key and a recovery key can be stored on a USB flash drive. A copy of the external key is stored encrypted on disk by the VMK and can be retrieved by an administrator after Windows has loaded. external key file A file that contains the external key and is stored on an external media device. The name and contents of the file are internal to Microsoft and may change from version to version. F full-volume encryption (FVE) A BitLocker-encrypted state of the volume. Also called BDE. These terms are deprecated in the documentation, but may still appear in some interface elements. full-volume encryption key (FVEK) The algorithm-specific key that is used to encrypt (and optionally, diffuse) data on disk sectors. Currently this key can be either 128 bits or 256 bits advanced encryption standard (AES). The default encryption algorithm that BitLocker uses is AES 128 bit with diffuser. FVE full-volume encryption FVEK full-volume encryption key G global system key (SYSKEY) A Windows key that is used to derive other keys to secure global system secrets. The system secrets refer to any user or system data that is private or hidden for security purposes. globally unique identifier (GUID) A string that is created by the system and used by BitLocker to uniquely identify system components, including key protectors. GUID globally unique identifier H hammering A brute force attack in which an unauthorized user guesses at a PIN or password many times. hibernate A power-saving mode that allows a quicker resumption of operation than by fully turning the computer off and then back on. When hibernation mode is activated, all current applications that are running in memory are saved to disk and the computer is turned off. After a user presses a button or clicks the mouse to resume full operation, the applications are read from disk and appear in the same state as before. hibernation file A file that stores the current status of each open program and file. BitLocker encrypts the hibernation file and blocks unauthorized access to the contents of the hibernation file. I integrity checking A task that the TPM performs by confirming that the SHA-1 computed hash of each system component that executes during boot matches the values that are stored in PCRs at the time BitLocker was turned on. If the state of early boot components is different from the static root of trust measurement (SRTM), BitLocker boots to recovery mode until the authorized user enters the recovery password. K key protector A method for accessing the VMK. Examples of key protectors are PIN, external key, recovery password, and recovery key. L logical drive A subsection of a hard drive that is defined by software. The boot sector of each logical drive contains only a partition table, no code. Only the first two entries in this partition table are used; the other two are empty. The first entry holds the definitions for the logical drive in the following sectors. The first sector to which this entry points contains the specific boot sector of the file system that was used in this logical drive. The second entry in the logical drive partition table holds the parameters for the subsequent logical drive. Thus, all logical drives in the extended partition are daisy chained together. The second entry of the last logical drive is also empty. Logical drives cannot be used for booting because the boot sectors of logical drives have no code. M MAC Message Authentication Check Code Master Boot Record (MBR) A record that may be located in the boot sector of a disk drive. It allows the disk to be partitioned. It contains the partition table and code that parses this table during the boot process. The MBR is also referred to as partition 0 on a disk. A disk does not need an MBR. The NTFS boot sector, for example, can be written directly into the boot sector of a disk. Such a disk is always handled as a whole and cannot be partitioned. MBR Master Boot Record O operating system volume A volume that contains an operating system (for example, Windows Vista) that can be loaded by a boot manager. The operating system volume must be a simple volume and contain all operating system files. A given system can have multiple operating system volumes. The operating system on this volume can be started only if it has an entry in the BCD. The operating system volume may be encrypted with BitLocker. owner password A password that is set on the TPM. An owner password is required to change the state of the TPM, for enabling or disabling. For more information on TPM management, see the  HYPERLINK "http://www.microsoft.com/technet/windowsvista/library/29201194-5e2b-46d0-9c77-d17c25c56af3.mspx" Windows Vista Beta 2 Trusted Platform Module Services Step by Step Guide. P partition A sequence of contiguous sectors on a physical disk that holds a file system. The start sector and length are specified in a partition table. partition, extended A partition that does not directly contain a file system. It allows the definitions of multiple logical drives within the sectors that are assigned to the extended partition. The extended partition does not have a boot sector; instead, sector 0 of an extended partition has the definition of the first logical drive. partition, primary A contiguous number of sectors on a disk that are defined in the partition table in the MBR. The system can be booted from this partition. The first sector of this partition contains the specific boot sector of the file system that is used in this partition. partition table A table in the MBR that contains up to four start sectors and the length of the primary partitions on this disk. Each of the entries has an active flag that is associated with it. This flag marks the active partition on this disk. Only one of the four flags should be set. The boot sector of the first active primary partition is loaded by the MBR code and continues the boot process. PCR platform configuration register personal identification number (PIN) A user-specified secret value that must be entered each time the computer starts (or resumes from hibernation). You can choose to add PIN protection to a TPM-based configuration. The PIN can have 4 to 20 digits and internally is stored as a 256-bit hash of the entered Unicode characters. This value never appears back to the user in any form or for any reason. The PIN is used to provide another factor of protection in conjunction with TPM authentication. PIN personal identification number platform configuration register (PCR) A register of a TPM. This register is sufficiently large to contain a hash (currently only SHA-1). A register can normally only be extended, which means that its content is a running hash of all values that are loaded to it. To learn when these registers are reset, refer to the TCG specification document. R recovery password A numerical password that consists of 48 digits divided into 8 groups. Each group of 6 digits is reduced to modulo 11 (a numerical calculation) before being compressed into corresponding 16 bits of passphrase data. A copy of the passphrase data is stored on disk encrypted by the VMK and thus an administrator can retrieve the recovery password after Windows has loaded. The recovery password must be entered by using the function keys on the keyboard. recovery password file A BitLocker file that uses the naming convention: .bek (including the feature unique .fve file extension), which contains the recovery key that is required to unseal the volume. recovery password key A key that is used for recovering data that is encrypted on a BitLocker volume. This key is cryptographically equivalent to a startup key. If available, the recovery key decrypts the VMK, which in turn decrypts the FVEK. The recovery key is stored on a USB flash drive. To use the recovery key, a user inserts the USB flash drive and then reboots the computer. S seal A process by which data is encrypted and MACd by the TPM and cryptographically paired with a set of  HYPERLINK "http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossary" \o "Click here to create this topic" PCRs, which creates a cryptographic BLOB. secure decommissioning See drive sanitation. secure mode, recovery mode, locked mode A mode in which BitLocker has secured the computer, either because the system components have changed or because it needs an authentication key. In this circumstance, the user enters the recovery password and investigates why BitLocker triggered recovery mode. SHA-1 A cryptographically-strong hash algorithm. startup key A key that is stored on a USB flash drive that must be inserted each time the computer starts. The startup key is used to provide another factor of protection in conjunction with TPM authentication. This is stored by the computer as an external key. A startup key is required to use BitLocker on a non-TPM computer. SYSKEY global system key system (active) volume The first volume that is accessed when a computer starts up. This volume contains the hardware-specific files that are required to load Windows and includes the computers boot manager (for loading multiple operating systems). Generally, the system volume can be, but is not required to be, the same volume as the operating system volume. However, for BitLocker to function, the system volume must differ from the operating system volume and also must not be encrypted. This is the partition that initiates the hardware system startup process. In Windows Vista, this partition contains the active boot manager. Any given computer should have only one system volume. T TCG Trusted Computing Group TPM Trusted Platform Module Trusted Computing Group (TCG) The organization that sets standards for TPM use and interface ( HYPERLINK "https://www.trustedcomputinggroup.org/home" https://www.trustedcomputinggroup.org/home). Trusted Platform Module (TPM) Security hardware that provides a hardware-based root of trust and can be leveraged to provide a variety of cryptographic services, such as early-boot component checking. BitLocker uses a TPM v1.2 with a TCG-compatible BIOS for integrity checking of the early boot components capabilities to validate the integrity of critical early boot components and provide a transparent startup experience. U unseal The process that TPM uses to decrypt data in a sealed BLOB to reveal the original secret. This BLOB can be unsealed only when the  HYPERLINK "http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossary" \o "Click here to create this topic" PCRs in the TPM are identical to the  HYPERLINK "http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossary" \o "Click here to create this topic" PCRs in the BLOB. If any of the PCR values are different, the TPM refuses to unseal the data and instead returns an error. V validation information (internally) A list of 256-bit hashes of code modules, encrypted by the VMK and used in conjunction with code-integrity authentication. VMK volume master key volume master key (VMK) An advanced encryption standard (AES) 256-bit key that is used to encrypt the FVEK. There is only one VMK per disk. volume An area of storage on a hard disk. A volume is formatted by using a file system, such as NTFS, and has a drive letter assigned to it. The volume manager in Windows organizes one or more partitions into a volume. The rest of the system does not deal with partitions directly. The simplest case is where a single partition is mapped to a volume. This is a simple volume. More complex cases are striped or mirrored raid volumes or multiple concatenated partitions that form one volume. A volume may contain partitions from multiple disks on the system. For BitLocker, the system volume and the operating system volume must be simple volumes. Data volumes may be of a more complex type.      STYLEREF Title \* MERGEFORMAT BitLocker Drive Encryption - Glossary -  PAGE 10  STYLEREF Version \* MERGEFORMAT May 16, 200648JLVXd| 6 l  ! " q r | } ļִ֑֑{t{`{'jh*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.jh*7h"}*0J.Ujh*7h"zmUhE!Whz?0J.jhz?Uhz?jhz?Uh*7hu8\ h*7hI+hL h*7hu8 h*7h"zmh*7hu85CJ8aJ8h;5CJ8aJ8h*7hu85CJ8\aJ8$Lj|l  s | $ h 4xDT d!gdu8$-       ! " # $ % & B C D E F G H b c d ǴǫǫǴǫnǫ`jh*7h{9DU'jh*7h{9D>*B*Uphjh*7h{9DU'j h*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Uh*7h"_Mjh*7h{9DUjh*7h"}*Uh*7h"}*%d e f g h i j Ꞑ|njvh*7h{9DU'jh*7h{9D>*B*Uphj|h*7h{9DUh*7h"}*'jh*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Ujh*7h"}*Uh*7h"_M(./0123456RSTUVWXrstuvwxyzͲޗՐ|nޗՐZ'jh*7h{9D>*B*Uphjjh*7h{9DU'jh*7h{9D>*B*Uph h*7h"}*$h*7h"}*CJOJPJQJ^JaJh*7h"_Mjph*7h{9DUjh*7h"}*Uh*7h"}*h*7h"}*0J.jh*7h"}*0J.U'jh*7h{9D>*B*Uph# !"#$>?@ǴǫǫǴǫnǫ`jX h*7h{9DU'j h*7h{9D>*B*Uphj^ h*7h{9DU'jh*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Uh*7h"_Mjdh*7h{9DUjh*7h"}*Uh*7h"}*%@ABCDEFbcdefghꞐ|njL h*7h{9DU'j h*7h{9D>*B*UphjR h*7h{9DUh*7h"}*'j h*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Ujh*7h"}*Uh*7h"_M(    ./01234NOPQRSTUVrstuvͲޗՐ|nޗՐZ'jh*7h{9D>*B*Uphj@h*7h{9DU'j h*7h{9D>*B*Uph h*7h"}*$h*7h"}*CJOJPJQJ^JaJh*7h"_MjF h*7h{9DUjh*7h"}*Uh*7h"}*h*7h"}*0J.jh*7h"}*0J.U'j h*7h{9D>*B*Uph#vwxǴǫǫǴǫnǫ`j.h*7h{9DU'jh*7h{9D>*B*Uphj4h*7h{9DU'jh*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Uh*7h"_Mj:h*7h{9DUjh*7h"}*Uh*7h"}*% !">?@ABCD^_`abcdefꞐ|nj"h*7h{9DU'jh*7h{9D>*B*Uphj(h*7h{9DUh*7h"}*'jh*7h{9D>*B*Uph h*7h"}*h*7h"}*0J.$h*7h"}*CJOJPJQJ^JaJjh*7h"}*0J.Ujh*7h"}*Uh*7h"_M(:CEFLMZ[eflno"#12Ͳޗ~w~pwpwg^g^wpwWwWwW h*7hhLh*7hu80J:h*7hS0J: h*7hS h*7hu8 h*7hI+ h*7h"zmjh*7h"zmU$h*7h"}*CJOJPJQJ^JaJh*7h"_Mjh*7h{9DUjh*7h"}*Uh*7h"}*h*7h"}*0J.jh*7h"}*0J.U'jh*7h{9D>*B*Uph" AB./9CEVn}(gdI+'gdI+gdI+gdu8%$$!}"87!`"{""""$<$ %N%%%%&3&&&gdRO($gdRO(gd 'gd (gdROgdI+'gdI+(gdI+<Egn %(X Y !!7!8!d!z!!!<"="""""""""##Z#[#`#a#c#d#$$$$,$-$8$9$<$h*7hu86h*7h 0J)5 h*7hI+ h*7h h*7hS h*7hRO h*7hhL h*7hu8M<$L$$$$$ % %L%O%%%%%%%%%%%%%%%& &&&&& &!&/&0&3&5&:&C&&&&&'' ' ' ( (((((&((()(-(.(h(i(((()))) )))))))))))h*7hRO6h*7hu86 h*7hI+h*7hu80J:h*7hRO0J: h*7h h*7hu8 h*7hROL& ')' ((((4(() ))))**++X,f,%-6-#.%.).A.I..'gdOgdI+'gdI+(gd 'gd (gdI+)))))))**(+-+1+2+++++++X,Y,a,b,e,f,w,%-&-+-,--...#.%.A.B.>/H/Z/d/x/y///////////0000"0#0*0-0506090G00000000001g1k111h*7hu80JE\h*7hO0JE\ h*7h h*7hO h*7hu8 h*7hRO h*7hI+O..x//00111f22333333344H5M5h5j5t5(gdh'gdh(gd 'gd 'gdOgdI+(gdO(gdI+'gdI+1111f2!3=3A3B3333333333333334H5M5N5V5W5]5^5g5h5j5k55555666666777)7w7x7777777=8?8@8I8J8R8_8}8888P9U9Y9Z9`9 h*7h$o h*7hXh*7hO56 h*7hh h*7hI+h3ubh3ubh3ubPJ h*7h h*7hu8 h*7hOHt555w77=8?8R8999b:d:r:=====>z?~????(gdh'gdh($gd"_M'gdX(gdXgdI+'gdI+(gdI+`9a9h9i9n9o9y999999999999999999/:0:8:9:=:>:F:G:T:U:]:^:`:b:d:e:l:m:::::;;;; <<<<<<x======B?E?z????????@@@-@5@:@]@m@ h*7hh h*7hI+h*7hu80J)5h*7hX0J)5 h*7h$o h*7hu8 h*7hXOm@u@@@@@@@@@@ AADAEAJAKA^AfAvAAABmBnBoBBBBBBBTCUC_C`ChCjCtCyCCCCCIDJDKDLDRDSDDDDDDDDDE4EEEEEEEEEEE F FcFkF h*7hh h*7hI+h*7hu80J.h*7hX0J.jh*7hxtUjh*7hXU h*7hX h*7hu8I?DASABBBTChCDDEEMGQGqGGaIeIIIJJJfLLL(gd2_'gd2_(gdh'gdhgdI+'gdI+(gdI+kFFFFFGGMGqGHHHaIII6J7JvJJJJJJJJJJJK KKK\K^KL6LLLLMMMMMMMMMMMMNN&N'NNN O O OOvOwO'P(P,P-P/P5P¸jh*7hu8Uh*7hu80JE\h*7hxt0JE\h*7hI+0JE\ h*7hxt h*7hI+ h*7h2_ h*7hh h*7hX h*7hu8DLMM~N O OOSPjPPPQQQQ'S.S@SWS.UUUUUVV'gd"_Mgdu8gdI+(gdI+(gdxt'gdI+(gdh5P:P*B*phjh*7hxtU h*7h"_M h*7hxt h*7hu8h*7hu80JE\h*7hI+0JE\?V,VJVVWXXX.[0[T[[[[[q\x\\$_&_'_(_)_*_,_-_($gd"_M'gdq'gdI+gdI+(gdI+'gdxt(gd"_M\\\ \!\"\/\7\q\r\]] ] ]^^^$_%_*_+_0_1_6_7_<_?_@_a_b_______________56789QRSȿȿȿȽЪПh"zm h3Zh*7$jh*7B* CJU^JaJphUh3ubmHnHujh*7Uh*7h "jh "U h*7hXh3ub h*7hu8 h*7hq h3ubh3ub4-_._/_0_2_3_4_5_6_8_9_:_;_<_=_>_?__________457$a$ 2006 Microsoft Corporation. All rights reserved.  789:;<=>?@ABCDEFGHIJKLMNOPQRS(gdI+3 0&P1h/ =!e "e #$% DyK yK http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerGlossary.mspx}DyK _Toc135211677}DyK _Toc135211677}DyK _Toc135211678}DyK _Toc135211678}DyK _Toc135211679}DyK _Toc135211679}DyK _Toc135211680}DyK _Toc135211680}DyK _Toc135211681}DyK _Toc135211681}DyK _Toc135211682}DyK _Toc135211682}DyK _Toc135211683}DyK _Toc135211683}DyK _Toc135211684}DyK _Toc135211684}DyK _Toc135211685}DyK _Toc135211685}DyK _Toc135211686}DyK _Toc135211686}DyK _Toc135211687}DyK _Toc135211687}DyK _Toc135211688}DyK _Toc135211688}DyK _Toc135211689}DyK _Toc135211689}DyK _Toc135211690}DyK _Toc135211690}DyK _Toc135211691}DyK _Toc135211691}DyK _Toc135211692}DyK _Toc135211692}DyK _Toc135211693}DyK _Toc135211693}DyK _Toc135211694}DyK _Toc135211694}DyK _Toc135211695}DyK _Toc135211695}DyK _Toc135211696}DyK _Toc1352116961DyK yK http://www.microsoft.com/technet/windowsvista/library/29201194-5e2b-46d0-9c77-d17c25c56af3.mspx Dd/ vF  C "A flagbO }SVKD<l+ B n# }SVKD<lPNG  IHDR*rB?sRGBPLTEu-Ք>%Ef=8ǏgDvdyzBIX8\#ϯӬgg!լ(hHGfD$ηַͤ,*'(ڳ'?+878Ü/ߧ@VjKKM8R4(E'Ͱ2n8??!RSUZZ])Sr.00R'CGQd_8̭vOkO8&D{q6U,Gb4Fnp!΍ёZq},bce،@Gs;qsusuxx{ꦉ#ەCBDmnq4jkm*ByCЮyz}2Gi1䗀3܁w#+qC͹;doHD'ږemkEOGo1tVp4ؔ dfh]|}~FFHF]-١ch0nq]^`<<=XY[TUW`ac423vwz%pzo_2z{:ƫ8PPR@?A@\[d]/x`ؔTсྛ $#k²j%"#.+,wops I`.g%K)O?ꄆ辝$>zϵX"GIDAThC TTUAJA!APP -5MMQB-B(\JL$L4R@D%6+Ni$W 3ΑL9{ N|7UF#W l }7I 0ۥώqM%|]2|縡e,q-1SzV0?h^Px[sk3|`ݫw ]崩p,m@?8>M| Q N,p͆2ٺqC:ͼ(e4TE`bbZGld886[\9F:jlqe[>~k毜G1pta8*`{fdaNR|'#7gGz5㈳'f5ܹ)0;%3rjjo1X.ߧϣ.C6~<2^<9J=I̥鼃늂9:߸lp]3Ǽ!é5arC'e+#ž9vHք͆\^f|=@uH~}ݘm{mjƅQɄ)D$qMP^ayώ6߼׫_^L/KL1R˻_kBw0ɽ>[}oj<_.TFp~y[(`u0GzyD9eGOu>5̝7l2RqCHw^,L=I}&ֈTB`f<ζɈQ=4ةⳲ҄sM8q#Tb%A`1W""Vկl@%LJ- t4knMcDAr%jT0LmNuթG6}ձv]^ᠶ $)U&,;ƜATtOEJVAz6IuGLjBq)c O[ oL {>5ë▤(C)7!O!B@,0@MWf;4 wA[uK0 `sٝ0!q[Eoea;a<7rL3C$P=pAI̬VDi丸QGk:LiPΞi^2}X +n}^^ƌV2I/\0r+Pp쁖*ӄ+Ş(%3_I8n m! c=&߰tLsœkxDM ">&B(Zݔ5ӦP|'ܨ9't"-Hg%&xN|ieH>yçXVmHI1PqKDiNFV&@M0!5Dgms܎& >to_! ifJѓa %: a T͆*( 3, H4t2YLϑ\q9H}_m+7QxC-%zEZPB+WEx),5C7%-{43!CߵkWXX wHY{WV>=̯-9J2W{*NC4ol3~=Zu1#CAa/70de2YIM*!\P<'LAbQ 8X%swR/ e}fQ(?D@\QXbf &$>DfKk_iRn>B@M +:c%K(%^ h2婃BjRإCuF4&//8OnN\]Y:{*疒t JƱ8R+ *QܼH^arPkBt y'N|vp2J˭n:QRvZ=C{+aghwF]睽,-1IENDB`ZI 2 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV_HmH nH sH tH H`H Normal OJPJQJ^J_HmH sH tH `  Heading 1,h1!$<&d@&P25CJKH OJPJQJ\^J_HaJ mH sH tH ` etP"Heading 2,h2,Level 2 Topic Heading$<@&15CJOJPJQJ\]^J_HaJmH sH tH p p  Heading 3,h3$(@&.5CJOJPJQJ\^J_HaJmH sH tH d d  Heading 4,h4 $@&&5OJPJQJ\^J_HmH sH tH BAB  Heading 5,h5@& B*ph3u8Q8  Heading 6,h6@&DA`D Default Paragraph FontViV  Table Normal :V 44 la (k (No List :B@: : Body TextxPJ^JLL u8Body Text CharOJQJ_HmH sH tH && SmallCJr`"r Header$$ !&dPa$'5CJOJPJQJ_HaJmH sH tH D @!2D Footer$&dPa$5t t Comment Text,ed-DM (5B*CJOJQJ_HmH phsH tH HC@RH Body Text IndenthP^hLRbL Body Text Indent 2P^NOrN tg Bullet List P^`>Oq> RO Bullet List 2  ^>`^ Title /CJ0KHOJPJQJ\^J_HaJ0mH sH tH LL  Subtitle2 P56CJOJQJaJvZ vBPlain Text,Code h^h4B*CJOJPJQJ^J_HmHnHphsH tH utO t  Note Heading$($dN'5CJOJPJQJ^J_HmH sH tH ff Procedure!$$x&dP5B* CJOJQJph8/8 Listhx^h`N@NTOC 2,TOC level 2  ^F@FTOC 3,TOC level 3 ^V@VTOC 1,TOC level 1 ! CJmHnHu# Table row cell$:V!0>jg jj4 "f$4$#CJOJQJ56CJOJQJ^O2^ Table Body,tp"# xx^x`CJaJFO12F Table Head$$$ & F5CJ@O@ Disclaimertext%CJaJ@@ FigCap &5@ CJaJ<O< )DT,Term1 '$^5:Or: DL,Def1($hP^h`O` 'I+DT Char,Term1 Char#5OJPJQJ^J_HmH sH tH :/: Superscript H*OJQJ6/6 Subscript H*OJQJJJ Plain Text Embedded CJOJQJdOdVersion+-$$d&dNPCJmHnHu6U`6 Hyperlink >*B*phBrB Body Text Link /$$Pzz  Table Grid7:V-00x CJOJQJB'B Comment ReferenceCJaJdjABd Comment Subject2-DM B*CJOJQJ\phfH2H  Balloon Text3CJOJQJ^JaJ8^B8  Normal (Web)4aJ(Q( Red B*ph>> Note end 6dxCJaJ>r> Alert Text7 B* phPrP List - New Paragraph8hP^h`/b`  Note body9&dP OJPJQJ^J_HmH sH tH (O( Italic6N/N Text,t ;dxOJPJQJ_HmH sH tH pp Bulleted List 1,1bl1$< & F hh^h` B*phv/v Bulleted List 2,bl2= <^`OJQJ_HmH sH tH HH  Text Indent>hd<^h^J>)>  Page Number5CJOJQJN1N SD List Number@ hhx^h`TT Text in List 2,t2Ad<<^T"T Text in List 1,t1Bhd<<^hd/d Le,listend (LE)Cd$CJOJPJQJ_HaJmH sH tH TRAT Editor note%5CJOJQJ\phq *W@Q* Strong5\$a$ Bold5TrT > Bullet List 3G ^ B*phFVF XFollowedHyperlink >*B* phPK![Content_Types].xmlj0Eжr(΢Iw},-j4 wP-t#bΙ{UTU^hd}㨫)*1P' ^W0)T9<l#$yi};~@(Hu* Dנz/0ǰ $ X3aZ,D0j~3߶b~i>3\`?/[G\!-Rk.sԻ..a濭?PK!֧6 _rels/.relsj0 }Q%v/C/}(h"O = C?hv=Ʌ%[xp{۵_Pѣ<1H0ORBdJE4b$q_6LR7`0̞O,En7Lib/SeеPK!kytheme/theme/themeManager.xml M @}w7c(EbˮCAǠҟ7՛K Y, e.|,H,lxɴIsQ}#Ր ֵ+!,^$j=GW)E+& 8PK! ˣVtheme/theme/theme1.xmlYMoE#F{oc'GuرHF[xw;jf7q7J\ʯ AxgfnHFPA}Hϼ3z~/TqcAV.C, i]H}b舅WϿ):zOG= rfm$,zg>">ϫ> s^|gO^|=o<.G4&$hk9Egl$ Z*Uo0˲%n*=a$Vhގb9rQm4 iAN)f^㽈8f2((}B*K .Du1 ɈjZLڢ1eV3ۉMr"+00~Dxp\%rcV *#3q} !a"e՜[-$}cU}b)ݯys^Dn^ ;IT~ D1 ϐ;8> n1iQ T\U; Qc[G@/~\QYo+oT [$qqзs74%P徣\?O'Yv@z`7fCPƆj i6։`z9)k.ANa]PfCR.`g+ekת` tڛd"S$#,Gr&IyC)Q+hkko,I*k.ޛd)EtkG%㵛M8x88K,!_ [6E6۹cnƽjȖyK&krzQJ +VV5+ njdB|ULvaD>fTʧa1= ץ TՄah:KYo ΎcF8[ݢy'[ `Viq We?sE'pS p+0PJ#l w@],d_a|jHPXT$Z2wzvY,d*`Lcr@Hs`K d4`p}:hMN靏mfpa?7bU|-:_,Y+@Ya)hgm&sUxY,{ Q =H _&:{~hȌBP֗Z< 3#f'|཮?^o:xc;[nFI~11?l{{M2%MH%a:4`5PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 +_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-! ˣVtheme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK]  $V        $V u{ d @v<$)1`9m@kF5PU\S023456789:=>@BDEGIJL}&.t5?LV-_7S1;<?ACFHKMO!q|!"$DGcefh/124TWsuvx #?ABDdg  03OQRTtw @C_abd7n88vE'F,FLLL(OOOPPP$VX X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕X%̕̕XXXXX=cgnq{ ! X( !,"$zd@%0(  B S  ?$VM _Hlt135542523 Copyright _Toc135211677 _Toc135211678 _Toc116101749 _Toc116101937 _Toc116102125 _Toc116102313 _Toc116102500 _Toc116101752 _Toc116101940 _Toc116102128 _Toc116102316 _Toc116102503 _Toc116101754 _Toc116101942 _Toc116102130 _Toc116102318 _Toc116102505 _Toc116101756 _Toc116101944 _Toc116102132 _Toc116102320 _Toc116102507 _Toc116101757 _Toc116101945 _Toc116102133 _Toc116102321 _Toc116102508 _Toc116101759 _Toc116101947 _Toc116102135 _Toc116102323 _Toc116102510 _Toc116101762 _Toc116101950 _Toc116102138 _Toc116102326 _Toc116102513 _Toc116101763 _Toc116101951 _Toc116102139 _Toc116102327 _Toc116102514 _Toc116101764 _Toc116101952 _Toc116102140 _Toc116102328 _Toc116102515 _Toc116101766 _Toc116101954 _Toc116102142 _Toc116102330 _Toc116102517 _Toc135211679 _Toc135211680 _Toc135211681 _Toc135211682 _Toc135211683 _Toc135211684 _Toc135211685 _Toc135211686 _Toc135211687 _Toc135211688 _Toc135211689 _Toc135211690 _Hlt135210643 _Hlt135210644 _Toc135211691 _Toc135211692 _Toc135211693 _Toc135211694 _Toc79998891 _Toc106791239 _Toc108473592 _Toc135211695 _Toc135211696P:CEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE#$')h+=./b035888@ EKLLLN.Q%V@  !"#$%&'()*+,-./0123456789:;<=>?@AB@C@DEFGJKLHIQ-BDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE$$')i+>./c035888@ EKN/QQQQ%V k)t)$U$U)U)U*U*U/U0U5U6U;U>I>I>h>h>>>>>????@@@@@@@@@@AABBLBLBCCCCCCCCDD&D&DiDiDDDEE E E E EZ_6Dn ""}*I+ (.HJ12i\2*7u8:'<z?%@{9DSDHHK"_MROetP~aSso[3ub~eg'gtghm"zm$oP*ttt:!vw|{hul 6)hEYX8;B|C0LSIfX!xOXthLRgqxtm>O=dmn83[@$U&U@!R!R!R!R4U$Vxx x@x8@UnknownG* Times New Roman5Symbol3. * ArialG5  hMS Mincho-3 fg?= * Courier New5. *aTahoma;WingdingsA BCambria Math"1 hұұK& oH + oH +!e 4dTT 2qR?I+6!xxbC:\Documents and Settings\v-gheib.REDMOND\Application Data\Microsoft\Templates\whdc_whitepaper.dot$BitLocker Drive Encryption: Glossary(       Oh+'0 (4 T ` l x(BitLocker Drive Encryption: Glossarywhdc_whitepaper.dot1Microsoft Office Word@@Zlv@ҟyA@ҟyA  oH՜.+,D՜.+,    (08@ H y +T %BitLocker Drive Encryption: Glossary Title0 @  # _PID_LINKBASE _PID_HLINKS_AdHocReviewCycleID_PreviousAdHocReviewCycleID_ReviewingToolsShownOnceAA( I~http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossaryy2I~http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossaryy2!'+https://www.trustedcomputinggroup.org/homey2I~http://wiki/wikiedit.aspx?topic=Microsoft.Projects.Cornerstone.PCRs&return=Microsoft.Projects.Cornerstone.CornerstoneGlossaryy2{=~`http://www.microsoft.com/technet/windowsvista/library/29201194-5e2b-46d0-9c77-d17c25c56af3.mspxy23wy2_Toc1352116963qy2_Toc1352116953ky2_Toc1352116943ey2_Toc1352116933_y2_Toc1352116923Yy2_Toc1352116913Sy2_Toc1352116903My2_Toc1352116893Gy2_Toc1352116883Ay2_Toc1352116873;y2_Toc13521168635y2_Toc1352116853/y2_Toc1352116843)y2_Toc1352116833#y2_Toc1352116823y2_Toc1352116813y2_Toc1352116803y2_Toc1352116793 y2_Toc1352116783y2_Toc135211677m$Phttp://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerGlossary.mspxy2E=dg  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPRSTUVWXYZ[\]^_`acdefghijklmnopqrstuvwxyz{|}~Root Entry FZyAData Q!1Tableb^gWordDocument 5SummaryInformation(DocumentSummaryInformation8MsoDataStoreP=yA ^SyARU1U2QWFG==2P=yA ^SyAItem  PropertiesUCompObj y   F'Microsoft Office Word 97-2003 Document MSWordDocWord.Document.89q