Trusted Computing

Trusted Computing based on hardware root of trust has been developed by industry to protect computing infrastructure and billions of end points.

TCG created the Trusted Platform Module cryptographic capability, which enforces specific behaviors and protects the system against unauthorized changes and attacks such as malware and root kits. As computing has expanded to different devices and infrastructure has evolved, so too has TCG extended the concept of trusted systems well beyond the computer-with-a-TPM to other devices, ranging from hard disk drives and mobile phones.

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can secure cloud computing and virtualized systems. Thousands of vendors offer a variety of Trusted Computing-based products, including hardware, applications, and services.

The result is that systems, networks, and applications are safer, less prone to viruses and malware and thus not only more reliable but also simpler to deploy and easier to manage.

Benefits

Systems based on Trusted Computing:

  • Protect critical data and systems agains a variety of attacks
  • Enable secure authentication and strong protection of unlimited certificates, keys, and passwords that otherwise are accessible
  • Establish strong machine identity and integrity
  • Help satisfy regulatory compliance with hardware-based security
  • Cost less to manage, removing need for expensive tokens and peripherals

Trusted Computing Technologies:

  • Provide more secure remote access through a combination of machine and user authentication
  • Protect against data leakage by confirmation of platform integrity prior to decryption
  • Provide hardware-based protection for encryption and authentication keys used by stored data files and communications (email, network access, etc)
  • Protect in hardware Personally Identifiable Information, such as user IDs and passwords
  • Protect passwords and credentials stored on drives

Standards Development

Security is built into an increasing number of general purpose ICT products, and security standards are fundamental to the integrity and sustainability of the global ICT infrastructure. The Trusted Computing Group (TCG) believes that open, interoperable, and internationally vetted standards are critical for the success of trusted computing, and that the multilateral approach to creating such standards is most effective.

TCG works within the international standards community, and has liaison and working group relationships with the Internet Engineering Task Force (IETF) and the JTC1 joint committee of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The Trusted Platform Module is defined by an ISO/IEC international standard*. The TCG Certification Program leverages established and recognized security evaluation standards. This program relies on certification by laboratories operating under the supervision of National Schemes ofCommon Criteria members.

In support of open security standards, TCG encourages all nations to adopt global best practices around standards development and adoption. An open process fully supports worldwide participation from industry, academia, and government with fair and transparent development and decision processes. Specifications must be fully transparent and available to all participants, both during development and for implementation. TCG supports the use of published, peer reviewed standards and cryptographic algorithms.

TCG only supports open standards that are developed through a transparent development process, have undergone rigorous open review, and are compatible with existing global standards. Closed standards hamper both existing and emerging markets, and are detrimental to the security of global ICT infrastructure, representing an obstacle to technology innovation and industry growth.

TCG recognizes international standards in the field of IT security as the most appropriate method to ensure efficacy, interoperability, adoption and user acceptance. TCG takes into consideration international market requirements through international membership and welcomes participation from industry, academia, and governments in a unified, worldwide Trusted Computing standards development process.

*The Trusted Computing Group Trusted Platform Module specification version 1.2 is published as ISO/IEC 11889 Parts 1-4.