Our Benefits
Take advantage of the benefits Trusted Computing technologies and membership can bring to you.
Read MoreQuick Links
FAQs
Trusted Network Connect
What relationship does Trusted Network Connect have to the Trusted Platform Module (TPM) and other TCG efforts?
TNC is an excellent application for the TPM in that it helps establish a link to a decision point where integrity reports may be evaluated. Use of the TPM by TNC is optional, but for platforms with a TPM, the convenient reporting infrastructure enables the TPM reports to be factored into network access control decisions. A system with the TPM can protect sensitive data such as encryption keys and collected measurements. The TPM safely stores those measurements in a protected location until ready for reporting. It can protect the measurements from man-in-the-middle attacks that might occur anytime thereafter. Products based on TNC architecture can operate in today's environments with and without TPMs, but if present, there is greater assurance that TNC integrity reports originated from the expected platform.
When will Trusted Network Connect solutions be available?
Companies currently providing compatible products include Extreme Networks, HP ProCurve, Juniper Networks, Q1 Labs, StillSecure, Wave Systems, General Dynamics and others.
How will Trusted Network Connect compare with other efforts in this area?
The TNC architecture is differentiated from Cisco Network Admission Control (C-NAC) and Microsoft Network Access Protection (NAP) by the following key attributes and benefits:
- Supports multi-vendor interoperability
- Leverages existing standards
- Empowers enterprises with choice
Does the Trusted Network Connect architecture use any existing industry standards?
Trusted Network Connect architecture uses existing industry standards, such as EAP, TLS, the 802.1x specification and others.
What access methods are supported by the TNC architecture?
The architecture supports all commonly used enterprise access methods such as VPN-based or dialup remote access; wireless networks; 802.1x infrastructures; and traditional LAN technologies.
How will users know that products are interoperable? Is there any certification or compliance program planned?
TCG is evaluating a compliance program.
Do the Infrastructure specifications work with the TNC specifications that do not require TPMs?
This set of IWG specifications can be implemented without the presence of a TPM. The value of these IWG specifications is dramatically increased when the root of trust (of the platform deploying them) is based in hardware.
In the context of the TNC specifications, the Platform Trust Service (PTS) interface specification provides an agent that can be employed (called by) the TNC Client to perform measurements of the components of the TNC Client device, as well as other client components. Furthermore, the set of IWG Integrity Schema specifications provides a standardized format for TNC implementers and vendors to report on the integrity status of a target device (e.g. TNC client). This standardized format promotes greater interoperability across TNC vendors.
Trusted Platform Module
What is TCG’s position on the reported TPM hack at the Black Hat Conference in January 2010?
TPM's are designed to resist software attacks and some hardware attacks, not those that require detailed expertise, highly sophisticated equipment, and long periods of time.
What was the philosophy behind the design of the TPM specification?
The TPM specification and strategy is and was intended to deliver a security product that could be manufactured and deployed at very high volume, and provide a high commercial grade of protection. The actual level of protection necessary to defend against hardware attacks is a continual race between manufacturers and attackers, and will evolve over time.
What is TCG’s position in regards to the comments about Infineon’s TPM?
Only Infineon can respond to questions about their design implementations of security protection.
How does a TCG-enabled system protect against malicious and unknown use of its functions by an unauthorized user?
The TPM capabilities that deal with sensitive or private information require the presentation of authorization data. Authorization data adds a layer of protection to sensitive or private information.
What is a Trusted Platform Module (TPM)?
The TPM is a microcontroller that stores keys, passwords and digital certificates. It typically is affixed to the motherboard of a PC. It potentially can be used in any computing device that requires these functions. The nature of this silicon ensures that the information stored there is made more secure from external software attack and physical theft. Security processes, such as digital signature and key exchange, are protected through the secure TCG subsystem. Access to data and secrets in a platform could be denied if the boot sequence is not as expected. Critical applications and capabilities such as secure email, secure web access and local protection of data are thereby made much more secure. TPM capabilities also can be integrated into other components in a system.
Who provides these TPMs?
TPMs currently are provided by Atmel, Broadcom Corporation, Infineon Technologies AG, STMicroelectronics, and Nuvoton Technology in discrete and integrated forms.
What about smaller devices that might not have the real estate or cost structure to support a separate piece of silicon for TPM functions?
TCG and its work groups are evaluating this issue and may end up offering vendors options in providing the functionality of the TPM for various devices. Vendors also can package the TPM or provide I/O suitable for systems other than PCs - the TCG specification is flexible in this regard. For example, some vendors already offer TPM functionality integrated into other chips.
What applications and services will benefit from systems with TPMs?
Systems with TPMs offer improved, hardware-based security in numerous applications, such as file and folder encryption, local password management, S-MIME e-mail, VPN and PKI authentication and wireless authentication for 802.1x and LEAP.
Are systems with TPMs available?
Desktop, notebook and tablet PCs with TPMs are available from Dell, Fujitsu, Gateway, HP, Intel, Lenovo, Toshiba and others - virtually all enterprise systems now include the TPM. Trusted servers also have started shipping.
What are the plans for TCG conformance?
A certification and compliance program is in review. TCG will define programs that best fit market needs and specifications.
Do the TPM specifications require a certain cryptographic algorithm (DES, AES, etc.)?
Yes. They require RSA SHA-1 and HMAC. AES is not required in v1.1 of the specification, but may be required in future versions. The use of symmetric encryption is not required in the TPM. TCG will continue to evaluate developments in cryptography.
How do TPMs compare with smart cards or biometrics?
They are complementary to the TPM, which is considered a fixed token that can be used to enhance user authentication, data, communications, and/or platform security. A smart card is a portable token traditionally used to provide more secure authentication for a specific user across multiple systems, while biometrics are providing that functionality in an increasing number of systems. Both technologies can have a role in the design of more secure computing environments.
What role does Trusted Computing and the TPM play in authentication?
The TPM provides secure storage and key generation capabilities, similar to other hardware authentication devices, so it can be used to create and/or store both user and platform identity credentials for use in authentication. The TPM can also protect and authenticate user passwords, thereby providing an effective solution of integrating strong, multifactor authentication directly into the computing platform. With the addition of complementary technologies such as smart cards, tokens and biometrics, the TPM enables true machine and user authentication.