A trusted platform module (TPM) is a type of secure cryptoprocessor, which is a specialized chip used to carry out cryptographic operations like the storing of encryption keys to secure information which is usually used by the host system to authenticate hardware. The information stored does not always have to be encryption keys; it may also include passwords and certificates.
The specifications for the chips, which also go by the same name, were developed by the Trusted Computing Group (TCG). These chips are more commonly called TPM chips or TPM Security Devices, and as these chips are specially made for a specific purpose they can be considered as application specific integrate circuits (ASIC) to an extent.
The assurance for a safe computing environment as promised by the TPM is implemented using two necessary steps: authentication and attestation. Authentication ensures that a platform can meet the expectations and prove that it is what it claims to be. On the other hand, attestation is a process which supports the claim of a platform of being trustworthy enough by ensuring that there are no signs of security breaches in the system. The hardware nature of the TPM ensures that information is better protected from outside sources.
Different software applications that store security entities on a TPM can be developed. These applications are useful to make information much harder to access when improper authorization is used. For example, newer laptops now have a built-in fingerprint scanner which ensures that only the owner and some other trusted users can access the laptop. The fingerprint data are stored in a TPM to prevent outside access and manipulation. TPM can even completely block access to data and other applications when it senses that certain platform configurations were changed as a result of unauthorized access. However, TPM does not and cannot control running software on a computer, it simply stores and sends information regarding security entities and the apparent state of security of the system. It is up to the related software or hardware to act upon the recommendations of the TPM.
0 Comments