TPM specification is OS-agnostic, and software stacks exist for several Operating Systems. Hardware-based security can improve protection for VPN, wireless networks, file encryption (as in Microsoft’s BitLocker) and password/PIN/credentials’ management. These capabilities can improve security in many areas of computing, including e-commerce, citizen-to-government applications, online banking, confidential government communications and many other fields where greater security is required. Attestation or any other TPM functions do not transmit personal information of the user of the platform.
And, with the use of remote attestation, other platforms in the trusted network can make a determination, to which extent they can trust information from another PC. With a TPM, one can be more certain that artifacts necessary to sign secure email messages have not been affected by software attacks.
For example, if at boot time it is determined that a PC is not trustworthy because of unexpected changes in configuration, access to highly secure applications can be blocked until the issue is remedied (if a policy has been set up that requires such action). And mission critical applications requiring greater security, such as secure email or secure document management, can offer a greater level of protection when using a TPM. Processes that need to secure secrets, such as digital signing, can be made more secure with a TPM. TPM can store pre-run time configuration parameters, but it is other applications that determine and implement policies associated with this information. However, it is important to understand that TPM cannot control the software that is running on a PC. If the configuration of the platform has changed as a result of unauthorized activities, access to data and secrets can be denied and sealed off using these applications. These applications make it much harder to access information on computing devices without proper authorization (e.g., if the device was stolen). A variety of applications storing secrets on a TPM can be developed. The nature of hardware-based cryptography ensures that the information stored in hardware is better protected from external software attacks. Trusted modules can be used in computing devices other than PCs, such as mobile phones or network equipment.
0 kommentar(er)
