Trusted Computing Group

The specifications published are related to integrity management of trusted platforms. These specifications can be best understood in the following groupings by function:

        Integrity Management Architecture: This document provides the architecture for the management of integrity in systems.

• Integrity Management Architecture (v1.0)

        Measurement agent: This specification defines the trusted software capable of measuring, verifying and reporting                         software.

• PTS Interface specification (v1.0)

        Integrity Schema specifications: These specifications define the XML-based schemas for reporting and verification of                     software.

• Core Integrity Schema (v1.0)
• Integrity Report Schema (v1.0)
• Reference Manifest Schema (v1.0)
• Security Qualities Schema (v1.0 and V1.1)
•  Simple Objects Schema (v1.0)
• Verification Results Schema (v1.0)

        Certificate formats: This specification defines the profiles of TPM-related certificates based on the X.509 standard.

• Credentials Profile (v1.1)

The set of specifications consists of the Integrity Management Architecture, the interface specification for a measurement agent called the Platform Trust Service (or PTS), and a common XML-based data format for capturing and reporting integrity information about a system.

The Integrity Management Architecture provides the common framework for defining, collecting and reporting information pertaining to the integrity of the software and configuration of a system. Such information includes the components (software and hardware) constituting the platform, the elements that participated in its booting-up and the software that establishes the computing environment in the platform.

The Platform Trust Service (PTS) interface specification defines the API to a measurement agent that performs the collection, measurement and reporting of the integrity information on the platform. The PTS interface specification has been written to be platform independent, meaning that it is applicable to the various types of platforms or devices (e.g. PC client, server, mobile phones, etc).

In order for the integrity information to be meaningful and verifiable by external entities (e.g. other devices), a common XML-based data format for representing this information has been defined in the Integrity Schema specifications. The Integrity Schema itself can be understood as consisting of three major pieces derived from a single XML schema. These are the data formats for collecting and reporting integrity information, the format for representing reference measurement of known values, and the format for the verification results from evaluating a report.

The TCG uses the term "integrity management" to mean the broad aspects around the measuring, reporting and verifying of the state of a given computer system, including the infrastructure support (e.g. architectures, protocols, data formats, etc) to accomplish these tasks.

There are numerous aspects of a trusted platform that can be subject to measurements and quantification. These include the register values inside the TPM hardware, files on the system, in-memory images and others. Which aspect of a trusted platform to be measured is largely dependent on the use case of the measurement (e.g. verified boot, network access control, etc).

These specifications allow users to have confidence in the security mechanisms in their system. This stems from the fact that the integrity of these mechanisms can be verified (locally or remotely) as being free from alteration by malicious code.

These specifications are directly relevant to the TPM in PCs today and represent the next phase of infrastructure support for the operations of the platforms containing the TPM.

The TPM represents the trust anchor within the platform for the truthful reporting of the state of the platform. This feature is called "attestation" of the platform and represents a core value proposition of trustworthy computing. With the PTS specification, not only can the TPM be used to protect sensitive information, it can also be used to produce irrefutable reports (in a standardized format) regarding the TPM and the platform as a whole.

This set of IWG specifications can be implemented without the presence of a TPM. The value of these IWG specifications is dramatically increased when the root of trust (of the platform deploying them) is based in hardware.

In the context of the TNC specifications, the Platform Trust Service (PTS) interface specification provides an agent that can be employed (called by) the TNC Client to perform measurements of the components of the TNC Client device, as well as other client components. Furthermore, the set of IWG Integrity Schema specifications provides a standardized format for TNC implementers and vendors to report on the integrity status of a target device (e.g. TNC client). This standardized format promotes greater interoperability across TNC vendors.

The current set of infrastructure specifications represents a second phase of specifications, with the first phase infrastructure specifications published in 2005. The first phase specifications focused on the operational infrastructure required for a single system (containing to a TPM) to function, allowing applications to make use of the basic features of the TPM. These specifications focused on key management, backup of keying material, certificate issuance and management, and others.

In the current (second phase) specifications the focus is on the infrastructure support required for one platform to attest its state to another platform, which is a core value proposition of trustworthy computing. Thus, the current set of specifications includes a common architecture for understanding attestation using a TPM, as well as an interface to a measurement agent (the PTS) that can measure state, issue a report and verify attestations. The PTS builds on these previous first phase infrastructure specifications, and make use of a number of crucial functionalities provided by these specifications.

One of the core value propositions of trusted computing is that of providing attestation to the integrity of a given system. Thus, in addition to user authentication, a broad use case would be that of reporting the integrity status of the system (as measured and reported by the PTS) as part of access control to resources. There are numerous specific use cases for platform attestation. These include network access control (as exemplified by TNC), remote management and control of systems, security and integrity of financial transactions, verified boot of platforms, and others.

Consistent with the vision and practices of the TCG and its specifications, the infrastructure specifications have been designed to preserve the privacy of users. Similar to the TPM case, users must specifically choose to opt-in to deploy the PTS and other infrastructure functions. The PTS itself can be deployed without the TPM. The PTS vendors can implement administrative interfaces that allow control over the information that may be reported by the PTS, thereby ensuring user privacy. Finally, the PTS can be configured to perform only local verifications and thus privacy sensitive data can remain local to the platform. The PTS configuration should be driven by IT policies that will ensure that privacy sensitive values are not disclosed.

The PTS specification has been written to be agnostic across platforms (PC-Client, Server, Mobile, etc), and across operating systems and applications. The need for an agent to measure and report the integrity state of devices covering the entire software stack is a fundamental need of all devices. For vendors implementing the PTS, it is important to note that each implementation may be dependent on the hardware architecture and operating system upon which the PTS is implemented. For application developers that make use of the PTS, the same interface will be available independent of the operating system and underlying hardware platform.

The TCG, as the trusted computing security authority, has developed the Mobile Trusted Module specification to enable mobile phone information security assurance and the potential application benefits associated with that assurance. TCG security assurance directly translates into trust in a platform's capability to protect its information and functional assets, and to attest to those protections.

TCG has always had the mission of providing specifications for any device that touches the network. While its initial work has been in PC clients, the network and servers, it is logical for TCG to apply its expertise and Trusted Computing concepts to mobile devices. From the perspective of users and vendors, mobile phones are becoming increasingly sophisticated and are being used for basic computing tasks, Internet connectivity, network access to corporate data, and mobile commerce and banking services. Smartphones also are being used as storage for personal, confidential information. All these new phenomena require increased trust and security functionality.
The TCG Mobile Phone Work Group has completed the world's first open security standard for Mobile Trusted Platforms, using the Mobile Trusted Module (MTM), whose specification was published already in September 2006.

The specifications are now complete and available. The Mobile Phone Work Group released the Reference Architecture specification and the Mobile Trusted Module specification in June 2007. A draft version of the MTM specification, called "Commands and Structures", was released previously in September 2006. Like all TCG specifications, the specification is available on the organization's website, free of charge. While we can't forecast specific product plans, generally products follow specifications by several quarters or so, depending on product development cycles.

TCG's definition of trust as it applies to trusted computing is "hardware and software behaves as expected". With regard to mobile devices, this implies that the operating system, platform, and application level functionalities, as well as SIM, USIM, UICC cards etc, interact in a secure, trusted manner. The Mobile Trusted Module is designed to complement existing mobile phone security components. The Reference Architecture specification describes a platform that uses the MTM to provide enhanced platform security. While existing standards address subscriber information security from a network carrier perspective, the TCG specifications enable trust in the mobile phone equipment itself from the more interoperable and privacy sensitive TCG trust perspective.

Because the specification addresses both information and functional asset integrity, both functional users such as consumers, professional users, enterprises, industry and governments as well as content providers and information owners benefit from the assured protections enabled by this specification. As defined in the Mobile Trusted Module use cases (published in 2005) a variety of practical applications match with current needs from both end-users' perspective and enterprises' viewpoint. Practical implementation of the use cases enable enterprises and other parties to develop more sophisticated services and expand their business field.

The specification provides the core framework, commands and control specifications needed to provide a TCG based security building block solution in mobile phones. This will allow mobile chip, software, and handset companies to begin to design the MTM functions into their products.

Vendors need to provide software and hardware that provides standard TCG roots of trust, such as the root of trust for measurement, an additional root of trust to verify software before loading it, and (optionally) an additional root of trust for instantiating other roots of trust. Vendors also need to provide software that can take advantage of the functions provided by TCG technology. This may include adaptation and further development of operating systems. These functions are described in the Reference Architecture component that forms the second half of TCG's Mobile specifications. The Reference Architecture was published in June 2007.

Standardization has proven to be a highly successful path to foster interoperability across computing and communications. Effective standards allow different manufacturers to streamline R&D, to take advantage of the combined expertise of the industry, to cut costs and to increase adoption by users and other participants in the economic ecosystem. By embedding standardized security into mobile devices, the various providers of hardware and services can ensure security and interoperability while adding value through their devices or applications.

As there are numerous different implementations across various handset OEMs, it is not possible to know how TCG's Mobile specifications might impact their current designs. However, the open standards for security functions included in the Mobile Trusted Module specification are in many cases similar to current functions implemented by each vendor and the specification is deliberately formulated to be abstract and implementation neutral. Participation of various organizations in the specification design process and continuous cross-industrial collaboration has supported the aim of developing an implementation neutral specification. The benefit of the specification is that it would provide a common description of the functions that need to be provided to meet platform security objectives and of the security properties and capabilities of those functions.

In the mobile phone environment, there are different requirements about what the user can and cannot do, and these are different from PCs. One example could be the subscriber information that is used for billing the phone usage - a user should not be able to change that.

The published use cases and Mobile Trusted Module specification have been designed to address mobile phones. These could include smartphones with PDA functions.