Fast, Easy Things To Do With the Trusted Platform Module (TPM)

by Brian Berger, Wave Systems Corp.

By now, most of us following computing security know about the Trusted Platform Module, or TPM. In fact, it's probably right there in that enterprise notebook or desktop PC and in many servers. But who is using this thing and why? Trusted Computing Group is working to help get more information and awareness around the TPM and how it can benefit all of us interested in protecting ourselves against cyber attacks.

 

It takes just 4 - yes 4 - easy steps to turn on your TPM and begin using it. Anyone with rudimentary PC skills should be able to do this. The steps are outlined below with more information in a short white paper we just published, available for download here. By the way, there are lots of other useful papers there too.

 

4 Steps to turn on your TPM:

  1. Turn on the TPM from the BIOS.
  2. Load available TPM utility software. Dell, HP, Lenovo and others include software applications for using the TPM in their business desktop and notebook products.
  3. Enable the TPM and take ownership. This is the password that is used for permission to other functions including generate keys.
  4. Use the TPM to generate Keys for a specific need such as fetching a virtual private network (VPN) Certificate using the Microsoft CA (Certificate Authority). To leverage the TPM, the Microsoft CA needs to be told which Cryptographic Service Provider (CSP) to use. Selecting advanced and then the CSP of choice will cause the Key pair to be generated using the TPM.

 

Everything you need is right there in your PC, most likely! Now that you have turned on the magic TPM, what can you do with it? Here are a few ideas:

  • Set password
  • Store digital credentials such as passwords in a hardware-based vault
  • Manage keys with the TPM
  • Augment smart cards, fingerprint readers and fobs for multi-factor authentication
  • Encrypt files and folders to control access
  • Establish state information to enable endpoint integrity
  • Hash state information prior to hard drive shutdown for endpoint integrity
  • Enable more secure VPN, remote and wireless access
  • Use in conjunction with Full Disk Encryption to restrict access to sensitive data

 

You probably can think of a few more. Ask your PC and applications provider today about what else you might be able to do to protect your enterprise and data with stuff you have on hand! And read what one large company is doing today to protect itself: http://www.trustedcomputinggroup.org/media_room.

Categories: Authentication

* Required Fields