Trusted Computing Group

At a recent meeting, I looked around the room to see that almost every participant in the large room had a smartphone of some type. Quite a few were pecking away on the newest tablet devices. Curious, I asked several what they were doing with their smartphones or tablets. The answers ranged from online banking (!) to corporate email to online commerce, as well as surfing the Web.  This scenario is by no means unusual and with the continued evolution of processors, memory and other components and the "everywhere" availability of WiFi, it's obvious that mobile devices will play a huge role in both enterpise and personal transactions.

Naturally, then, the topic of security comes up. To date, smartphones have been remarkably free of the many hacks, virues, malware and attacks that have plagued the PC world and now are moving into other computing devices - note the hack of a major manufacturer's gaming network. Yet these smartphones and their users' information represent a very rich and attractive target. The target grows larger as an ever-increasing number of apps give users the power to purchase or sell stocks, communicate with their pharmacists or doctors, pay bills and perform virtually any task imaginable. And users are becoming more interested and able to use social tools, such as Facebook and many others, on the go on their tablets and smartphones.

Trusted Computing Group has long recognized that mobile devices as part of the enterprise can benefit from the concepts of hardware-based security and trust. Several years ago, we published a specification for the Mobile Trusted Module, or MTM. That spec was investigated in a number of companies and some prototypes created. Now that the smartphone environment has evolved, TCG is, in parallel, evolving the spec and working toward an MTM 2.0.

How would an MTM be used and how? This week, TCG published updated use cases for the MTM. These add to existing use cases published for the MTM 1.0. Two additions to the new use cases are consideration for e-health applications and support for strong mobile enterprise authentication.  As noted in the use cases, "...Mobile devices with MTMs based on TCG specifications, a trusted execution environment (TEE), MTM application programming interface (API), and attestation capability, can facilitate secure mobile healthcare data and transactions. The user's health credentials are secured in the MTM, are securely processed in a TEE, and communications to health services are attested."

The second new use case focuses on strong authentication in enterprise environments, where smartphones - whether personal or corporate assets - are used increasingly. The MTM can enable such authentication, replacing tokens. 

The mobile group is working now on the future MTM specification and invites interested stakeholders, including mobile equipment vendors, silicon providers, OS and BIOS vendors, app providers and others to participate.

More information is at http://www.trustedcomputinggroup.org/join_now or e-mail mailto:admin@trustedcomputinggroup.org