Glossary

3DES
Reference: FIPS PUB 46-3
AES
Reference: http://csrc.nist.gov/CryptoToolkit/aes/
AIK Attestation
Identity Key: a special purpose signature key created by the TPM; an asymmetric key, the private portion of which is non-migratable and protected by the TPM. The public portion of an AIK is part of the AIK Credential, issued using either the Privacy CA or DAA protocol. An AIK can only be created by the TPM Owner or a delegate authorized by the TPM Owner. The AIK can be used for platform authentication, platform attestation and certification of keys.
AIK Credential
A credential issued by a Privacy CA that contains the public portion of an AIK key signed by a Privacy CA. The meaning and significance of the fields and the Privacy CA signature is a matter of policy. Typically it states that the public key is associated with a valid TPM.
Attestation
The process of vouching for the accuracy of information. External entities can attest to shielded locations, protected capabilities, and Roots of Trust. A platform can attest to its description of platform characteristics that affect the integrity (trustworthiness) of a platform. Both forms of attestation require reliable evidence of the attesting entity.
Attestation by the TPM
An operation that provides proof of data known to the TPM. This is done by digitally signing specific internal TPM data using an AIK. The acceptance and validity of both the integrity measurements and the AIK itself are determined by the Verifier. The AIK is obtained using either the Privacy CA or DAA protocol.
Attestation of the Platform
An operation that provides proof of a set of the platform's integrity measurements. This is done by digitally signing a set of PCRs using an AIK in the TPM.
Attestation to the Platform
An operation that provides proof that a platform can be trusted to report integrity measurements; performed using the set or subset of the credentials associated with the platform; used to create an AIK credential.
Authenticated Boot
A boot after which the platform's Root-of-Trust-for-Reporting (RTR) can report an accurate record of the way that the platform booted.
Authentication of the Platform
Provides proof of a claimed platform identity. The claimed identity may or may not be related to the user or any actions performed by the user. Platform Authentication is performed using any non-migratable key (e.g., an AIK). Since there are an unlimited number of non-migratable keys associated with the TPM there are an unlimited number of identities that can be authenticated.

Blob
Generally meaning encrypted data that is generated by a TPM (for use in Protected Storage, or for saving context outside the TPM)
CMK
Certified Migration Key: a key whose migration from a TPM requires an authorization token created with private keys. The corresponding public keys are incorporated in the CMK and referenced when a TPM produces a credential describing the CMK. If a CMK credential is signed by an AIK, an external entity has evidence that a particular key (1) is protected by a valid TPM and (2) requires permission from a specific authority before it can be copied.
CRTM
Core RTM: the instructions executed by the platform when it acts as the RTM (Root of Trust for Measurement)
Challenger
(Properly "Identity Challenger") An entity that requests and has the ability to interpret integrity metrics.
Conformance Credential
A credential that vouches for the conformance of the TPM and the TBB to the TCG specifications
DAA
Direct Anonymous Attestation: a protocol for vouching for an AIK using zero-knowledge-proof technology.
DAA Issuer
A known and recognized entity that interacts with the TPM to install a set of DAA-credentials in the TPM. The DAA issuer provides certification that the holder of such DAA-credentials meets some criteria defined by the Issuer. In many cases the Issuer will be the platform manufacturer, but other entities can become issuers.
Delegation
A process that allows the Owner to delegate a subset of the Owner's privileges (to perform specific TPM operations).
Denial-of-Service (attack)
An attack which has no affect on information except to prevent its use
DES
Reference: http://csrc.ncsl.nist.gov/cryptval/des.htm

Endorsement Key
EK; an RSA Key pair composed of a public key (EKpu) and private (EKpr). The EK is used to recognize a genuine TPM. The EK is used to decrypt information sent to a TPM in the Privacy CA and DAA protocols, and during the installation of an Owner in the TPM.
Endorsement Key Credential
A credential containing the EKpu that asserts that the holder of the EKpr is a TPM conforming to TCG specifications. Most TPMs are implemented in hardware, but this is not mandatory.

Integrity Challenge
A process used to send accurate integrity measurements and PCR values to a challenger.
Integrity Measurement (Metrics)
The process of obtaining metrics of platform characteristics that affect the integrity (trustworthiness) of a platform, and putting digests of those metrics in shielded locations (called Platform Configuration Registers: PCRs).
Integrity Logging
The storage of integrity metrics in a log for later use.
Integrity Reporting
The process of attesting to the contents of integrity storage.
Locality
A mechanism for supporting a privilege hierarchy in the platform
Migratable (key)
A key which is not bound to a specific TPM and with suitable authorization can be used outside a TPM or moved to another TPM.
Non-migratable (key)
A key which is bound to a single TPM; a key that is (statistically) unique to a single TPM but may be moved between TPMs using the maintenance process
Non-volatile (shielded location)
A shielded storage location whose contents are guaranteed to persist between uses by Protected Capabilities.
Operator
Anyone who has physical access to a platform
Owner
The entity responsible for the platform's security and privacy policies that is distinguished by knowledge of the Owner authorization data.
PCR
Platform Configuration Register: a shielded location containing a digest of integrity digests.
Platform
A platform is a collection of resources that provides a service.
Platform Credential
A credential, typically a digital certificate, attesting that a specific platform contains a unique TPM and TBB.
Protected Capabilities
The set of commands with exclusive permission to access shielded locations
Protection Profile
insert reference to Common Criteria
Privacy CA
An entity, typically a Trusted Third Party (TTP), that blinds a verifier to a platform's EK. An entity (typically well known and recognized) trusted by both the Owner and the Verifier, that will issue AIK Credentials. A Verifier may also adopt the role of a Privacy CA. In that case the roles are co-located but are logically distinct.
Root of Trust (component)
A component that must always behave in the expected manner, because its misbehavior cannot be detected. The complete set of Roots of Trust has at least the minimum set of functions to enable a description of the platform characteristics that affect the trustworthiness of the platform.
RSA
Reference: http://www.rsa.com
RTM
"Root of Trust for Measurement": a computing engine capable of making inherently reliable integrity measurements. Typically the normal platform computing engine, controlled by the CRTM. This is the root of the chain of transitive trust.
RTS
"Root of Trust for Storage": a computing engine capable of maintaining an accurate summary of values of integrity digests and the sequence of digests.
RTR
"Root of Trust for Reporting": a computing engine capable of reliably reporting information held by the RTS.
(Information) Security
The U.S. National Information Systems Security Glossary definition is: the protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats.
SHA-1
Reference: http://csrc.ncsl.nist.gov/cryptval/shs.html
Shielded Location
A place (memory, register, etc.) where it is safe to operate on sensitive data; data locations that can be accessed only by "protected capabilities".
SRK
Storage Root Key: the root key of a hierarchy of keys associated with a TPM's Protected Storage function; a non-migratable key generated within a TPM.
TBB
Trusted Building Block: the parts of the Root of Trust that do not have shielded locations or protected capabilities. Normally includes just the instructions for the RTM and the TPM initialization functions (reset, etc.). Typically platform-specific. One example of a TBB is the combination of the CRTM, connection of the CRTM storage to a motherboard, the connection of the TPM to a motherboard, and mechanisms for determining Physical Presence.
TPM Software Stack
An unofficial alias of the term TCG Software Stack. TCG specifications should not use the term TPM Software Stack when referring to the TSS
TSS
TCG Software Stack: untrusted software services that facilitate the use of the TPM and do not require the protections afforded to the TPM.
Transitive Trust
Also known as "Inductive Trust", in this process the Root of Trust gives a trustworthy description of a second group of functions. Based on this description, an interested entity can determine the trust it is to place in this second group of functions. If the interested entity determines that the trust level of the second group of functions is acceptable, the trust boundary is extended from the Root of Trust to include the second group of functions. In this case, the process can be iterated. The second group of functions can give a trustworthy description of the third group of functions, etc. Transitive trust is used to provide a trustworthy description of platform characteristics, and also to prove that non-migratable keys are non-migratable
Trust
Trust is the expectation that a device will behave in a particular manner for a specific purpose.
Trusted Computing Platform
A Trusted Computing Platform is a computing platform that can be trusted to report its properties
TPM
Trusted Platform Module: an implementation of the functions defined in the TCG Trusted Platform Module Specification; the set of Roots of Trust with shielded locations and protected capabilities. Normally includes just the RTS and the RTR.
User
An entity that is making use of the TPM capabilities
Validation Credential
A credential that states values of measurements that should be obtained when measuring a particular part of the platform when the part is functioning as expected.
Verifier
In the DAA model: the entity that interacts with the TPM using the DAA protocol to verify that the TPM has a valid set of DAA-credentials. The verifier may then produce an AIK credential, without reference to the platform EK.

In the "Trusted Third Party" model: the entity that requests, receives, and evaluates attestation information based on the EK. The TTP (Privacy CA) may then produce an AIK credential, after verifying the platform EK