8/14/2019 Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip

1/2

Print

Share

Add to Briefcase

Trusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) SummaryTrusted Platform Module (TPM) Summary

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely

store artifacts used to authenticate the platform (your PC or laptop).

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used toauthenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or

encryption keys. A TPM can also e used to store platform measurements that help ensure that the platformremains trustworthy. Authentication (ensurin! that the platform can pro"e that it is what it claims to e) andattestation (a process helpin! to pro"e that a platform is trustworthy and has not een reached) arenecessary steps to ensure safer computin! in all en"ironments.

Trusted modules can e used in computin! de"ices other than PCs, such as moile phones or networke#uipment.

Picture $% Components of a TPMPicture $% Components of a TPMPicture $% Components of a TPMPicture $% Components of a TPM

The nature of hardware&ased crypto!raphy ensures that the information stored in hardware is etter

protected from e'ternal software attacks. A "ariety of applications storin! secrets on a TPM can e

de"eloped. These applications make it much harder to access information on computin! de"ices without

proper authoriation (e.!., if the de"ice was stolen). f the confi!uration of the platform has chan!ed as a

result of unauthoried acti"ities, access to data and secrets can e denied and sealed off usin! these

applications.

*owe"er, it is important to understand that TPM cannot control the software that is runnin! on a PC. TPM canstore pre&run time confi!uration parameters, ut it is other applications that determine and implement

policies associated with this information.

Processes that need to secure secrets, such as di!ital si!nin!, can e made more secure with a TPM. And

mission critical applications re#uirin! !reater security, such as secure email or secure document

mana!ement, can offer a !reater le"el of protection when usin! a TPM. +or e'ample, if at oot time it is

determined that a PC is not trustworthy ecause of une'pected chan!es in confi!uration, access to hi!hly

secure applications can e locked until the issue is remedied (if a policy has een set up that re#uires such

action). ith a TPM, one can e more certain that artifacts necessary to si!n secure email messa!es ha"e not

een affected y software attacks. And, with the use of remote attestation, other platforms in the trusted

network can make a determination, to which e'tent they can trust information from another PC. Attestationor any other TPM functions do not transmit personal information of the user of the platform.

These capailities can impro"e security in many areas of computin!, includin! e&commerce, citien&

to&!o"ernment applications, online ankin!, confidential !o"ernment communications and many other

ted Computing Group - Trusted Platform Module (TPM) Summary http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...

2 5/28/2013 9:27 AM

8/14/2019 Trusted Computing Group - Trusted Platform Module (TPM) Summary Viiiiiiip

2/2

*ome -e!al otices Contact /s Pri"acy Policy

0 12$3 Trusted Computin! 4roup. All 5i!hts 5eser"ed.

fields where !reater security is re#uired. *ardware&ased security can impro"e protection for 6P, wireless

networks, file encryption (as in Microsoft7s Bit-ocker) and password8P8credentials7 mana!ement. TPM

specification is 9S&a!nostic, and software stacks e'ist for se"eral 9peratin! Systems.

TPMs (current "ersion is $.1) use the followin! crypto!raphic al!orithms% 5SA, S*A$, and *MAC.

The Trusted Computin! 4roup (TC4) is an international de facto standards ody of appro'imately $12

companies en!a!ed in creatin! specifications that define PC TPMs, trusted modules for other de"ices,

trusted infrastructure re#uirements, APs and protocols necessary to operate a trusted en"ironment. After

specifications are completed, they are released to the technolo!y community and can e downloaded from

the TC4 e Site.

ithout standard security procedures and shared specifications, it is not possile for components of the

trusted en"ironment to interoperate, and trusted computin! applications cannot e implemented to work on

all platforms. A proprietary solution cannot ensure !loal interoperaility and is not capale of pro"idin! a

comparale le"el of assurance due to more limited access to crypto!raphic and security e'pertise and

reduced a"ailaility for a ri!orous re"iew process. +rom the point of "iew of crypto!raphy, for

interoperaility with the other elements of the platform, other platforms, and infrastructure, it is necessary

for trusted modules to e ale to use the same crypto!raphic al!orithms, Althou!h standard pulishedal!orithms may ha"e weaknesses, these al!orithms are thorou!hly tested and are !radually replaced or

impro"ed when "ulnerailities are disco"ered. This is not true in the case of proprietary al!orithms.

Accordin! to market research reports, o"er $22 million randed PCs and laptops with TPMs were sold in

122:. Ser"er produces are e!innin! to ship, and a "ariety of applications ased on TPM, such as secure

email or file encryption, ha"e een implemented usin! TC4 specifications. Trusted etwork Connect (TC)

products that use TC4 principles to enhance the security of communications are shippin!, too. ;raft

specifications for stora!e (for hard dri"es) and moile trusted modules (for moile telephones) ha"e een

released.

hite Paper A"ailale for ;ownload% Trusted Platfrom Module (TPM) Summary

ted Computing Group - Trusted Platform Module (TPM) Summary http://www.trustedcomputinggroup.org/resources/trusted_platform_mod...

2 5/28/2013 9:27 AM