544:
the user computer may be supplied (Ekpubkey) to the TTP (v1.1b), it is not clear what data will be supplied to the “verifier” under v1.2. The static information will uniquely identify the endorser of the platform, model, details of the TPM, and that the platform (PC) complies with the TCG specifications . The dynamic information is described as software running on the computer. If a program like
Windows is registered in the user's name this in turn will uniquely identify the user. Another dimension of privacy infringing capabilities might also be introduced with this new technology; how often you use your programs might be possible information provided to the TTP. In an exceptional, however practical situation, where a user purchases a pornographic movie on the Internet, the purchaser nowadays, must accept the fact that he has to provide credit card details to the provider, thereby possibly risking being identified. With the new technology a purchaser might also risk someone finding out that he (or she) has watched this pornographic movie 1000 times. This adds a new dimension to the possible privacy infringement. The extent of data that will be supplied to the TTP/Verifiers is at present not exactly known, only when the technology is implemented and used will we be able to assess the exact nature and volume of the data that is transmitted.
225:
users who keep a song on their computer that has not been licensed to be listened will not be able to play it. Currently, a user can locate the song, listen to it, and send it to someone else, play it in the software of their choice, or back it up (and in some cases, use circumvention software to decrypt it). Alternatively, the user may use software to modify the operating system's DRM routines to have it leak the song data once, say, a temporary license was acquired. Using sealed storage, the song is securely encrypted using a key bound to the trusted platform module so that only the unmodified and untampered music player on his or her computer can play it. In this DRM architecture, this might also prevent people from listening to the song after buying a new computer, or upgrading parts of their current one, except after explicit permission of the vendor of the song.
445:
band: the band's record company could come up with rules for how the band's music can be used. For example, they might want the user to play the file only three times a day without paying additional money. Also, they could use remote attestation to only send their music to a music player that enforces their rules: sealed storage would prevent the user from opening the file with another player that did not enforce the restrictions. Memory curtaining would prevent the user from making an unrestricted copy of the file while it is playing, and secure output would prevent capturing what is sent to the sound system.
426:). For example, a law firm that wants to change from Office to OpenOffice right now merely has to install the software, train the staff and convert their existing files. In five years' time, once they have received TC-protected documents from perhaps a thousand different clients, they would have to get permission (in the form of signed digital certificates) from each of these clients in order to migrate their files to a new platform. The law firm won't in practice want to do this, so they will be much more tightly locked in, which will enable Microsoft to hike its prices.
312:
computer. Remote attestation could be used to authorize play only by music players that enforce the record company's rules. The music would be played from curtained memory, which would prevent the user from making an unrestricted copy of the file while it is playing, and secure I/O would prevent capturing what is being sent to the sound system. Circumventing such a system would require either manipulation of the computer's hardware, capturing the analogue (and thus degraded) signal using a recording device or a microphone, or breaking the security of the system.
610:. In some proposed encryption-decryption chips, a private/public key is permanently embedded into the hardware when it is manufactured, and hardware manufacturers would have the opportunity to record the key without leaving evidence of doing so. With this key it would be possible to have access to data encrypted with it, and to authenticate as it. It is trivial for a manufacturer to give a copy of this key to the government or the software manufacturers, as the platform must go through steps so that it works with authenticated software.
507:
them to trust other computers, because their owners could waive rules or restrictions on their own computers. Under this scenario, once data is sent to someone else's computer, whether it be a diary, a DRM music file, or a joint project, that other person controls what security, if any, their computer will enforce on their copy of those data. This has the potential to undermine the applications of trusted computing to enforce DRM, control cheating in online games and attest to remote computations for
491:
purchased music or video media, have found their ability to watch or listen to it suddenly stop due to vendor policy or cessation of service, or server inaccessibility, at times with no compensation. Alternatively in some cases the vendor refuses to provide services in future which leaves purchased material only usable on the present -and increasingly obsolete- hardware (so long as it lasts) but not on any hardware that may be purchased in future.
241:
encrypted I/O prevents the user from recording it as it is transmitted to the audio subsystem, memory locking prevents it from being dumped to regular disk files as it is being worked on, sealed storage curtails unauthorized access to it when saved to the hard drive, and remote attestation prevents unauthorized software from accessing the song even when it is used on other computers. To preserve the privacy of attestation responders,
392:, are open and are available for anyone to review. However, the final implementations by commercial vendors will not necessarily be subjected to the same review process. In addition, the world of cryptography can often move quickly, and that hardware implementations of algorithms might create an inadvertent obsolescence. Trusting networked computers to controlling authorities rather than to individuals may create
644:
234:
generate a certificate stating what software is currently running. The computer can then present this certificate to a remote party to show that unaltered software is currently executing. Numerous remote attestation schemes have been proposed for various computer architectures, including Intel, RISC-V, and ARM.
315:
New business models for use of software (services) over
Internet may be boosted by the technology. By strengthening the DRM system, one could base a business model on renting programs for a specific time periods or "pay as you go" models. For instance, one could download a music file which could only
195:
protocol) in order to ensure its compliance of the TCG standard and to prove its identity; this makes it impossible for a software TPM emulator with an untrusted endorsement key (for example, a self-generated one) to start a secure transaction with a trusted entity. The TPM should be designed to make
629:
It is also critical that one be able to trust that the hardware manufacturers and software developers properly implement trusted computing standards. Incorrect implementation could be hidden from users, and thus could undermine the integrity of the whole system without users being aware of the flaw.
543:
The kind of data that must be supplied to the TTP in order to get the trusted status is at present not entirely clear, but the TCG itself admits that "attestation is an important TPM function with significant privacy implications". It is, however, clear that both static and dynamic information about
499:
Some opponents of
Trusted Computing advocate "owner override": allowing an owner who is confirmed to be physically present to allow the computer to bypass restrictions and use the secure I/O path. Such an override would allow remote attestation to a user's specification, e.g., to create certificates
490:
A service that requires external validation or permission - such as a music file or game that requires connection with the vendor to confirm permission to play or use - is vulnerable to that service being withdrawn or no longer updated. A number of incidents have already occurred where users, having
416:
software suppliers can make it much harder for you to switch to their competitors' products. At a simple level, Word could encrypt all your documents using keys that only
Microsoft products have access to; this would mean that you could only read them using Microsoft products, not with any competing
340:
system are returning the results of the computations they claim to be instead of forging them. This would allow large scale simulations to be run (say a climate simulation) without expensive redundant computations to guarantee malicious hosts are not undermining the results to achieve the conclusion
233:
Remote attestation allows changes to the user's computer to be detected by authorized parties. For example, software companies can identify unauthorized changes to software, including users modifying their software to circumvent commercial digital rights restrictions. It works by having the hardware
506:
members have refused to implement owner override. Proponents of trusted computing believe that owner override defeats the trust in other computers since remote attestation can be forged by the owner. Owner override offers the security and enforcement benefits to a machine owner, but does not allow
407:
TC can support remote censorship In general, digital objects created using TC systems remain under the control of their creators, rather than under the control of the person who owns the machine on which they happen to be stored So someone who writes a paper that a court decides is defamatory can
581:
software architecture, evoking comments such as "Few pieces of vaporware have evoked a higher level of fear and uncertainty than
Microsoft's Palladium", "Palladium is a plot to take over cyberspace", and "Palladium will keep us from running any software not personally approved by Bill Gates". The
444:
One of the early motivations behind trusted computing was a desire by media and software corporations for stricter DRM technology to prevent users from freely sharing and using potentially copyrighted or private files without explicit permission. An example could be downloading a music file from a
224:
Sealed storage protects private information by binding it to platform configuration information including the software and hardware being used. This means the data can be released only to a particular combination of software and hardware. Sealed storage can be used for DRM enforcing. For example,
190:
This key is used to allow the execution of secure transactions: every
Trusted Platform Module (TPM) is required to be able to sign a random number (in order to allow the owner to show that he has a genuine trusted computer), using a particular protocol created by the Trusted Computing Group (the
311:
Trusted
Computing would allow companies to create a digital rights management (DRM) system which would be very hard to circumvent, though not impossible. An example is downloading a music file. Sealed storage could be used to prevent the user from opening the file with an unauthorized player or
240:
To take the song example again, the user's music player software could send the song to other machines, but only if they could attest that they were running an authorized copy of the music player software. Combined with the other technologies, this provides a more restricted path for the music:
535:
The TPM specification offers features and suggested implementations that are meant to address the anonymity requirement. By using a third-party
Privacy Certification Authority (PCA), the information that identifies the computer could be held by a trusted third party. Additionally, the use of
523:
Such a capability is contingent on the reasonable chance that the user at some time provides user-identifying information, whether voluntarily, indirectly, or simply through inference of many seemingly benign pieces of data. (e.g. search records, as shown through simple study of the AOL search
186:
public and private key pair that is created randomly on the chip at manufacture time and cannot be changed. The private key never leaves the chip, while the public key is used for attestation and for encryption of sensitive data sent to the chip, as occurs during the TPM_TakeOwnership command.
357:
criticize that trust in the underlying companies is not deserved and that the technology puts too much power and control into the hands of those who design systems and software. They also state that it may cause consumers to lose anonymity in their online interactions, as well as mandating
519:
Because a
Trusted Computing equipped computer is able to uniquely attest to its own identity, it will be possible for vendors and others who possess the ability to use the attestation feature to zero in on the identity of the user of TC-enabled software with a high degree of certainty.
617:
has to trust the company that made the chip, the company that designed the chip, the companies allowed to make software for the chip, and the ability and interest of those companies not to compromise the whole process. A security breach breaking that chain of trust happened to a
434:
The fundamental issue is that whoever controls the TC infrastructure will acquire a huge amount of power. Having this single point of control is like making everyone use the same bank, or the same accountant, or the same lawyer. There are many ways in which this power could be
408:
be compelled to censor it — and the software company that wrote the word processor could be ordered to do the deletion if she refuses. Given such possibilities, we can expect TC to be used to suppress everything from pornography to writings that criticize political leaders.
377:, have spoken out against Trusted Computing, believing it will provide computer manufacturers and software authors with increased control to impose restrictions on what users are able to do with their computers. There are concerns that Trusted Computing would have an
531:
Critics point out that this could have a chilling effect on political free speech, the ability of journalists to use anonymous sources, whistle blowing, political blogging and other areas where the public needs protection from retaliation through anonymity.
527:
While proponents of TC point out that online purchases and credit transactions could potentially be more secure as a result of the remote attestation capability, this may cause the computer user to lose expectations of anonymity when using the
Internet.
328:. Some players modify their game copy in order to gain unfair advantages in the game; remote attestation, secure I/O and memory curtaining could be used to determine that all players connected to a server were running an unmodified copy of the software.
388:, which is the ultimate hardware system where the core 'root' of trust in the platform has to reside. If not implemented correctly, it presents a security risk to overall platform integrity and protected data. The specifications, as published by the
251:(PoS) have been proposed to be used for malware detection, by determining whether the L1 cache of a processor is empty (e.g., has enough space to evaluate the PoSpace routine without cache misses) or contains a routine that resisted being evicted.
524:
records leak). One common way that information can be obtained and linked is when a user registers a computer just after purchase. Another common way is when a user provides identifying information to the website of an affiliate of the vendor.
556:
in order to allow interoperability between different trusted software stacks. However, since at least mid-2006, there have been interoperability problems between the TrouSerS trusted software stack (released as open source software by
481:
of owned media, and making a copy of owned material for personal use on other owned devices or systems. The steps implicit in trusted computing have the practical effect of preventing users exercising these legal rights.
500:
that say Internet Explorer is running, even if a different browser is used. Instead of preventing software change, remote attestation would indicate when the software has been changed without owner's permission.
237:
Remote attestation is usually combined with public-key encryption so that the information sent can only be read by the programs that requested the attestation, and not by an eavesdropper.
709:'s "crypto herd" announced their intention of providing support for TC—in particular support for the Trusted Platform Module. There is also a TCG-compliant software stack for Linux named
422:
The most important benefit for Microsoft is that TC will dramatically increase the costs of switching away from Microsoft products (such as Office) to rival products (such as
658:
573:
People have voiced concerns that trusted computing could be used to keep or discourage users from running software created by companies outside of a small industry group.
465:
The law in many countries allows users certain rights over data whose copyright they do not own (including text, images, and other media), often under headings such as
154:
Trusted Computing encompasses six key technology concepts, of which all are required for a fully Trusted system, that is, a system compliant to the TCG specifications:
705:
has included trusted computing support since version 2.6.13, and there are several projects to implement trusted computing for Linux. In January 2005, members of
565:'s stack. Another problem is that the technical specifications are still changing, so it is unclear which is the standard implementation of the trusted stack.
453:
A user who wanted to switch to a competing program might find that it would be impossible for that new program to read old data, as the information would be "
1300:
813:
713:, released under an open source license. There are several open-source projects that facilitate the use of confidential computing technology, including
718:
1687:
1164:
1570:
606:, creation of keys can be done on the local computer and the creator has complete control over who has access to it, and consequentially their own
457:" to the old program. It could also make it impossible for the user to read or modify their data except as specifically permitted by the software.
1271:
1255:
2293:
1641:
540:(DAA), introduced in TPM v1.2, allows a client to perform attestation while not revealing any personally identifiable or machine information.
384:
There is concern amongst critics that it will not always be possible to examine the hardware components on which Trusted Computing relies, the
1437:
582:
concerns about trusted computing being used to shut out competition exist within a broader framework of consumers being concerned about using
1854:
1539:
64:
TC is controversial as the hardware is not only secured for its owner, but also against its owner, leading opponents of the technology like
358:
technologies Trusted Computing opponents say are unnecessary. They suggest Trusted Computing as a possible enabler for future versions of
2194:
1734:
834:
83:, the Enterprise Strategy Group and Endpoint Technologies Associates state that the technology will make computers safer, less prone to
1486:
664:
316:
be played a certain number of times before it becomes unusable, or the music file could be used only within a certain time period.
1461:
1665:
1078:
212:
techniques to provide full isolation of sensitive areas of memory—for example, locations containing cryptographic keys. Even the
245:
has been proposed as a solution, which uses a group signature scheme to prevent revealing the identity of individual signers.
2046:
1522:
873:
818:
1152:
TPMs from various semiconductor vendors are included on enterprise desktop and notebook systems from Dell and other vendors
698:
support. In accordance with the TCG specifications, the user must enable the Trusted Platform Module before it can be used.
2168:
552:
Trusted Computing requests that all software and hardware vendors will follow the technical specifications released by the
49:. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by
2029:
143:
1713:"Ubisoft Offers Free Goodies as Compensation f - Video Game News, Videos and File Downloads for PC and Console Games at"
1514:
Autonomic and Trusted Computing: 4th International Conference, ATC 2007, Hong Kong, China, July 11-13, 2007, Proceedings
1114:"'Trusted Computing' Frequently Asked Questions: TC / TCG / LaGrande / NGSCB / Longhorn / Palladium / TCPA Version 1.1"
2237:
1371:
103:
over that which is currently available. Opponents often state that this technology will be used primarily to enforce
1786:
1912:
755:
1404:
Mobile Malware: Why the Traditional AV Paradigm is Doomed, and How to Use Physics to Detect Undesirable Routines
1049:
626:, which in 2010 was infiltrated by US and British spies, resulting in compromised security of cellphone calls.
370:
350:
80:
758:(SEV) processors, there is hardware available for runtime memory encryption and remote attestation features.
1020:
976:
Cryptography and Competition Policy - Issues with 'Trusted Computing', in Economics of Information Security
537:
242:
192:
1241:
Strategic goal n. 3, 'deliver a joint netcentric information that enables warfighter decision superiority'
1176:
91:, and thus more reliable from an end-user perspective. They also state that Trusted Computing will allow
1712:
2288:
587:
378:
287:
2120:
1585:
1252:
613:
Therefore, to trust anything that is authenticated by or encrypted by a TPM or a Trusted computer, an
1972:
1133:
1050:"Trusted Enterprise Security: How the Trusted Computing Group (TCG) Will Advance Enterprise Security"
839:
748:
216:
does not have full access to curtained memory. The exact implementation details are vendor specific.
104:
2096:
797:
359:
354:
325:
1546:
1021:"The Trusted Computing Platform Emerges as Industry's First Comprehensive Approach to IT Security"
998:
829:
824:
691:
654:
603:
553:
503:
389:
385:
139:
38:
1998:
2283:
752:
295:
291:
46:
20:
1512:
782:
Mobile T6 secure operating system simulates the TPM functionality in mobile devices using the
290:. Other known applications with runtime encryption and the use of secure enclaves include the
2278:
741:
24:
999:"F. Stajano, "Security for whom? The shifting security assumptions of pervasive computing",
1910:"IEEE P1363: Standard Specifications For Public-Key Cryptography", Retrieved March 9, 2009.
1855:
E.W. Felten, "Understanding trusted computing: will its benefits outweigh its drawbacks?",
766:
670:
591:
8:
1928:
Garfinkel, Tal; Pfaff, Ben; Chow, Jim; Rosenblum, Mendel; Boneh, Dan (October 19, 2003).
737:
260:
1941:
1892:
1377:
1332:
393:
96:
1222:
1564:
1518:
1367:
1353:
869:
729:
209:
197:
100:
50:
1381:
1188:
Windows Vista provides a set of services for applications that use TPM technologies.
946:
920:
107:
policies (imposed restrictions to the owner) and not to increase computer security.
1933:
1884:
1359:
1109:
980:
583:
400:
213:
127:
69:
2144:
2050:
1945:
1896:
1613:
1462:"Scaling secure enclave environments with Signal and Azure confidential computing"
2033:
1916:
1259:
863:
733:
728:
Some limited form of trusted computing can be implemented on current versions of
607:
562:
470:
363:
183:
119:
1872:
1832:
1609:
1433:
1113:
508:
474:
454:
423:
374:
337:
248:
84:
72:
to deride it as "treacherous computing", and certain scholarly articles to use
58:
42:
2022:
1327:
Shepherd, Carlton; Markantonakis, Konstantinos; Jaloyan, Georges-Axel (2021).
2272:
783:
690:
Since 2004, most major manufacturers have shipped systems that have included
271:
65:
1363:
1079:"How to Implement Trusted Computing: A Guide to Tighter Enterprise Security"
984:
57:. Enforcing this behavior is achieved by loading the hardware with a unique
1762:
1302:
Intel Software Guard Extensions: EPID Provisioning and Attestation Services
1275:
793:
762:
706:
702:
73:
1937:
974:
973:
Anderson, Ross (November 15, 2004). Camp, L. Jean; Lewis, Stephen (eds.).
744:
have virtual machines with trusted computing features available. With the
590:. Trusted Computing is seen as harmful or problematic to independent and
1758:
1688:"Google selleth then taketh away, proving the need for DRM circumvention"
1201:
772:
1999:"The Great SIM Heist: How Spies Stole the Keys to the Encryption Castle"
1959:
1929:
1888:
331:
2261:
1909:
1417:
477:, production of evidence in court, quoting or other small-scale usage,
283:
2097:"Azure Confidential Computing – Protect Data-In-Use | Microsoft Azure"
1537:
2025:
COSPA Knowledge Base: Comparison, selection, & suitability of OSS
1329:
LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices
1229:
1172:
714:
673:
by removing items or incorporating them into the text of the article.
574:
279:
275:
135:
131:
92:
889:
2071:
1438:"AES-CBC + Elephant: A Disk Encryption Algorithm for Windows Vista"
1337:
801:
710:
619:
614:
485:
466:
54:
789:
722:
623:
88:
45:
and has a specialized meaning that is distinct from the field of
16:
Technology developed and promoted by the Trusted Computing Group
1930:"Terra: a virtual machine-based platform for trusted computing"
721:, as well as Enarx, which originates from security research at
478:
336:
Trusted Computing could be used to guarantee participants in a
1355:
C-FLAT: Control-Flow Attestation for Embedded Systems Software
1134:"Enhancing IT Security with Trusted Computing Group standards"
547:
61:
that is inaccessible to the rest of the system and the owner.
2217:
745:
578:
111:
1326:
473:. Depending on jurisdiction, these may cover issues such as
134:
include Trusted Computing in their products if enabled. The
1973:"Deploying TLS 1.3: the great, the good and the bad (33c3)"
1927:
1873:"Does Trusted Computing Remedy Computer Security Problems?"
695:
586:
of products to obscure prices of products and to engage in
123:
1833:"1.7 - I've taken ownership of my TPM under another OS..."
1735:"Major League Baseball's DRM change strikes out with fans"
196:
the extraction of this key by hardware analysis hard, but
1932:. Association for Computing Machinery. pp. 193–206.
776:
732:
with third-party software. Major cloud providers such as
577:
has received a great deal of bad press surrounding their
558:
115:
835:
Unified Extensible Firmware Interface § Secure Boot
460:
142:(TPM). As of July 3, 2007, so does virtually the entire
1642:"DRM sucks redux: Microsoft to nuke MSN Music DRM keys"
1540:"Innovations for Grid Security From Trusted Computing"
1517:. Springer Science & Business Media. p. 124.
319:
1538:
Mao, Wenbo Jin, Hai and Martin, Andrew (2005-06-07).
1487:"Confidential Computing soll Patientendaten schĂĽtzen"
568:
332:
Verification of remote computation for grid computing
138:
requires that every new PC it purchases comes with a
2023:
Seth Schoen, "Trusted Computing: Promise and Risk",
403:, University of Cambridge, has great concerns that:
286:
make use of a Trusted Platform Module to facilitate
2169:"Cryptography and privacy: protecting private data"
2016:
1165:"Trusted Platform Module Services in Windows Vista"
1395:
448:
2270:
1810:TPM version 1.2 specifications changes, 16.04.04
1787:"A Face Is Exposed for AOL Searcher No. 4417749"
1401:
890:"What is the Confidential Computing Consortium?"
796:that depend on features like Secure Boot, TIMA,
633:
486:Users vulnerable to vendor withdrawal of service
37:) is a technology developed and promoted by the
1608:
1432:
298:service ("E-Rezept") by the German government.
1958:These are the functions of the private key in
1270:
1108:
944:
861:
439:
2044:
1818:
1816:
1331:. IEEE Security and Privacy Workshops. IEEE.
979:. Vol. 12. Springer US. pp. 35–52.
1870:
1757:
1569:: CS1 maint: multiple names: authors list (
914:
912:
910:
306:
2186:
1104:
1102:
1100:
1098:
968:
966:
548:TCG specification interoperability problems
494:
2038:
1813:
857:
855:
324:Trusted Computing could be used to combat
1635:
1633:
1484:
1426:
1336:
907:
1732:
1602:
1510:
1402:Jakobsson, Markus; Stewart, Guy (2013).
1095:
972:
963:
430:Anderson summarizes the case by saying:
301:
1298:
852:
164:Memory curtaining / protected execution
2271:
1710:
1685:
1630:
1586:"Trusted Computing comes under attack"
1583:
1202:"U.S. Army requires trusted computing"
1047:
769:) includes a Trusted Platform Module.
254:
41:. The term is taken from the field of
2294:Microsoft Windows security technology
2192:
2064:
1639:
1351:
1199:
819:Next-Generation Secure Computing Base
814:Glossary of legal terms in technology
775:vCage software can be used to attest
461:Users unable to exercise legal rights
265:
228:
79:Trusted Computing proponents such as
2218:"T6: TrustZone Based Trusted Kernel"
1970:
1822:TPM v1.2 specification changes, 2004
1485:Mutzbauer, Julia (2 February 2021).
1169:Windows Hardware Development Central
918:
637:
514:
203:
2121:"What is AWS Nitro Enclaves? - AWS"
1076:
1018:
320:Preventing cheating in online games
144:United States Department of Defense
13:
1877:IEEE Security and Privacy Magazine
1358:. CCS '16. ACM. pp. 743–754.
1084:. Endpoint Technologies Associates
882:
569:Shutting out of competing products
182:The endorsement key is a 2048-bit
177:
76:when referring to the technology.
14:
2305:
2253:
1001:Lecture notes in computer science
894:Confidential Computing Consortium
219:
208:Memory curtaining extends common
118:, hardware manufacturers such as
2045:Tony McFadden (March 26, 2006).
1948:– via ACM Digital Library.
1711:Fister, Mister (26 March 2010).
1030:. International Data Corporation
717:, EdgelessDB and MarbleRun from
642:
2262:Trusted Computing Group website
2230:
2210:
2161:
2137:
2113:
2089:
1991:
1964:
1952:
1921:
1903:
1871:Oppliger, R.; Rytz, R. (2005).
1864:
1848:
1825:
1804:
1779:
1751:
1726:
1704:
1679:
1666:"Yahoo! DRM servers going away"
1658:
1577:
1531:
1504:
1478:
1454:
1410:
1345:
1320:
1292:
1264:
1253:encryption of unclassified data
1246:
1215:
1193:
1157:
1126:
951:Society for Computers & Law
792:Smartphones come equipped with
756:Secure Encrypted Virtualization
449:Users unable to modify software
369:Some security experts, such as
149:
1070:
1041:
1012:
991:
938:
921:"Can You Trust Your Computer?"
351:Electronic Frontier Foundation
81:International Data Corporation
1:
2195:"Product Brief: Classmate PC"
1763:"Give TCPA an Owner Override"
1733:Bangeman, Eric (2007-11-07).
1584:Marson, Ingrid (2006-01-27).
1003:, vol. 2609, pp. 16-27, 2003"
945:scl-paullauria (2017-01-23).
846:
821:(formerly known as Palladium)
634:Hardware and software support
200:is not a strong requirement.
1857:Security & Privacy, IEEE
1640:Cheng, Jacqui (2008-04-22).
1200:Lemos, Robert (2006-07-28).
1175:. 2005-04-25. Archived from
1048:Oltsik, Jon (January 2006).
1019:Rau, Shane (February 2006).
538:direct anonymous attestation
344:
243:Direct Anonymous Attestation
193:direct anonymous attestation
7:
1491:www.healthcare-computing.de
1466:Microsoft Customers Stories
1223:"Army CIO/G-6 500-day plan"
1143:. November 2006. p. 14
1059:. Enterprise Strategy Group
806:
10:
2310:
2193:Intel (December 6, 2006).
1859:, Vol. 1, No. 3, pp. 60-62
1686:Fisher, Ken (2007-08-13).
1668:. Fudzilla.com. 2008-07-29
1423:Retrieved January 8, 2018.
1421:Cryptology ePrint Archive.
987:– via Springer Link.
947:"Trust me, I'm a computer"
588:anti-competitive practices
412:He goes on to state that:
288:BitLocker Drive Encryption
258:
18:
1915:December 1, 2014, at the
1418:Secure Remote Attestation
840:Web Environment Integrity
440:Digital rights management
381:effect on the IT market.
307:Digital rights management
173:Trusted Third Party (TTP)
105:digital rights management
2145:"Confidential Computing"
2076:Gentoo Weekly Newsletter
1614:"Palladium and the TCPA"
779:servers with TPM chips.
749:Software Guard Extension
692:Trusted Platform Modules
597:
495:Users unable to override
360:mandatory access control
355:Free Software Foundation
326:cheating in online games
19:Not to be confused with
1364:10.1145/2976749.2978358
1299:Johnson, Simon (2016).
985:10.1007/1-4020-8090-5_3
862:Chris Mitchell (2005).
830:Trusted Platform Module
825:Trusted Network Connect
604:public-key cryptography
554:Trusted Computing Group
504:Trusted Computing Group
390:Trusted Computing Group
386:Trusted Platform Module
270:The Microsoft products
161:Secure input and output
140:Trusted Platform Module
39:Trusted Computing Group
1618:Crypto-Gram Newsletter
1352:Abera, Tigist (2016).
1276:"Take Control of TCPA"
1077:Kay, Roger L. (2006).
437:
428:
419:
410:
47:confidential computing
21:Trusted computing base
1938:10.1145/945445.945464
765:(a competitor to the
742:Google Cloud Platform
594:software developers.
432:
420:
414:
405:
302:Possible applications
25:Trustworthy computing
1141:Dell Power Solutions
767:One Laptop Per Child
2125:docs.aws.amazon.com
2101:azure.microsoft.com
2027:, April 11th, 2006.
1889:10.1109/MSP.2005.40
1443:. Microsoft TechNet
1028:IDC Executive Brief
919:Stallman, Richard.
602:In the widely used
394:digital imprimaturs
261:Trusted third party
255:Trusted third party
110:Chip manufacturers
2238:"Samsung Newsroom"
2078:. January 31, 2005
2032:2009-03-19 at the
1791:The New York Times
1258:2007-09-27 at the
694:, with associated
671:clean up the lists
266:Known applications
229:Remote attestation
170:Remote attestation
130:providers such as
99:to offer improved
2289:Trusted computing
2053:on April 26, 2007
1960:the RSA algorithm
1524:978-3-540-73546-5
1511:Bin Xiao (2007).
1416:Markus Jakobsson
875:978-0-86341-525-8
865:Trusted Computing
730:Microsoft Windows
688:
687:
608:security policies
515:Loss of anonymity
210:memory protection
204:Memory curtaining
198:tamper resistance
101:computer security
51:computer hardware
31:Trusted Computing
2301:
2265:
2264:
2248:
2247:
2245:
2244:
2234:
2228:
2227:
2225:
2224:
2214:
2208:
2207:
2205:
2204:
2199:
2190:
2184:
2183:
2181:
2180:
2173:www.ericsson.com
2165:
2159:
2158:
2156:
2155:
2141:
2135:
2134:
2132:
2131:
2117:
2111:
2110:
2108:
2107:
2093:
2087:
2086:
2084:
2083:
2072:"Trusted Gentoo"
2068:
2062:
2061:
2059:
2058:
2049:. Archived from
2042:
2036:
2020:
2014:
2013:
2011:
2010:
1995:
1989:
1988:
1986:
1984:
1971:Sullivan, Nick.
1968:
1962:
1956:
1950:
1949:
1925:
1919:
1907:
1901:
1900:
1868:
1862:
1852:
1846:
1845:
1843:
1842:
1829:
1823:
1820:
1811:
1808:
1802:
1801:
1799:
1798:
1783:
1777:
1776:
1774:
1773:
1755:
1749:
1748:
1746:
1745:
1730:
1724:
1723:
1721:
1720:
1708:
1702:
1701:
1699:
1698:
1683:
1677:
1676:
1674:
1673:
1662:
1656:
1655:
1653:
1652:
1637:
1628:
1627:
1625:
1624:
1606:
1600:
1599:
1597:
1596:
1581:
1575:
1574:
1568:
1560:
1558:
1557:
1551:
1545:. Archived from
1544:
1535:
1529:
1528:
1508:
1502:
1501:
1499:
1498:
1482:
1476:
1475:
1473:
1472:
1458:
1452:
1451:
1449:
1448:
1442:
1430:
1424:
1414:
1408:
1407:
1406:. Black Hat USA.
1399:
1393:
1392:
1390:
1388:
1349:
1343:
1342:
1340:
1324:
1318:
1317:
1315:
1313:
1307:
1296:
1290:
1289:
1287:
1286:
1268:
1262:
1250:
1244:
1243:
1238:
1237:
1227:
1219:
1213:
1212:
1210:
1209:
1204:. Security Focus
1197:
1191:
1190:
1185:
1184:
1161:
1155:
1154:
1149:
1148:
1138:
1130:
1124:
1123:
1121:
1120:
1106:
1093:
1092:
1090:
1089:
1083:
1074:
1068:
1067:
1065:
1064:
1054:
1045:
1039:
1038:
1036:
1035:
1025:
1016:
1010:
1009:
1007:
995:
989:
988:
970:
961:
960:
958:
957:
942:
936:
935:
933:
931:
916:
905:
904:
902:
900:
886:
880:
879:
859:
800:, TrustZone and
719:Edgeless Systems
683:
680:
674:
646:
645:
638:
417:word processor.
379:anti-competitive
292:Signal messenger
214:operating system
128:operating system
70:Richard Stallman
2309:
2308:
2304:
2303:
2302:
2300:
2299:
2298:
2269:
2268:
2260:
2259:
2256:
2251:
2242:
2240:
2236:
2235:
2231:
2222:
2220:
2216:
2215:
2211:
2202:
2200:
2197:
2191:
2187:
2178:
2176:
2167:
2166:
2162:
2153:
2151:
2143:
2142:
2138:
2129:
2127:
2119:
2118:
2114:
2105:
2103:
2095:
2094:
2090:
2081:
2079:
2070:
2069:
2065:
2056:
2054:
2043:
2039:
2034:Wayback Machine
2021:
2017:
2008:
2006:
1997:
1996:
1992:
1982:
1980:
1969:
1965:
1957:
1953:
1926:
1922:
1917:Wayback Machine
1908:
1904:
1869:
1865:
1853:
1849:
1840:
1838:
1831:
1830:
1826:
1821:
1814:
1809:
1805:
1796:
1794:
1785:
1784:
1780:
1771:
1769:
1756:
1752:
1743:
1741:
1731:
1727:
1718:
1716:
1715:. Shacknews.com
1709:
1705:
1696:
1694:
1684:
1680:
1671:
1669:
1664:
1663:
1659:
1650:
1648:
1638:
1631:
1622:
1620:
1610:Schneier, Bruce
1607:
1603:
1594:
1592:
1582:
1578:
1562:
1561:
1555:
1553:
1549:
1542:
1536:
1532:
1525:
1509:
1505:
1496:
1494:
1483:
1479:
1470:
1468:
1460:
1459:
1455:
1446:
1444:
1440:
1436:(August 2006).
1434:Ferguson, Niels
1431:
1427:
1415:
1411:
1400:
1396:
1386:
1384:
1374:
1350:
1346:
1325:
1321:
1311:
1309:
1305:
1297:
1293:
1284:
1282:
1269:
1265:
1260:Wayback Machine
1251:
1247:
1235:
1233:
1225:
1221:
1220:
1216:
1207:
1205:
1198:
1194:
1182:
1180:
1163:
1162:
1158:
1146:
1144:
1136:
1132:
1131:
1127:
1118:
1116:
1112:(August 2003).
1107:
1096:
1087:
1085:
1081:
1075:
1071:
1062:
1060:
1052:
1046:
1042:
1033:
1031:
1023:
1017:
1013:
1005:
997:
996:
992:
971:
964:
955:
953:
943:
939:
929:
927:
917:
908:
898:
896:
888:
887:
883:
876:
860:
853:
849:
844:
809:
734:Microsoft Azure
684:
678:
675:
668:
647:
643:
636:
600:
571:
563:Hewlett-Packard
550:
517:
497:
488:
471:public interest
463:
451:
442:
364:copy protection
347:
334:
322:
309:
304:
268:
263:
257:
231:
222:
206:
180:
178:Endorsement key
158:Endorsement key
152:
43:trusted systems
28:
17:
12:
11:
5:
2307:
2297:
2296:
2291:
2286:
2281:
2267:
2266:
2255:
2254:External links
2252:
2250:
2249:
2229:
2209:
2185:
2160:
2136:
2112:
2088:
2063:
2037:
2015:
1990:
1963:
1951:
1920:
1902:
1863:
1847:
1824:
1812:
1803:
1778:
1761:(2003-12-01).
1750:
1725:
1703:
1678:
1657:
1629:
1612:(2002-08-15).
1601:
1576:
1530:
1523:
1503:
1477:
1453:
1425:
1409:
1394:
1372:
1344:
1319:
1291:
1274:(2003-08-01).
1272:Safford, David
1263:
1245:
1232:. October 2006
1214:
1192:
1156:
1125:
1110:Anderson, Ross
1094:
1069:
1040:
1011:
990:
962:
937:
906:
881:
874:
850:
848:
845:
843:
842:
837:
832:
827:
822:
816:
810:
808:
805:
686:
685:
665:embedded lists
659:indiscriminate
650:
648:
641:
635:
632:
599:
596:
570:
567:
549:
546:
516:
513:
509:grid computing
496:
493:
487:
484:
475:whistleblowing
462:
459:
450:
447:
441:
438:
399:Cryptographer
375:Bruce Schneier
346:
343:
338:grid computing
333:
330:
321:
318:
308:
305:
303:
300:
296:e-prescription
267:
264:
259:Main article:
256:
253:
249:Proof of space
230:
227:
221:
220:Sealed storage
218:
205:
202:
179:
176:
175:
174:
171:
168:
167:Sealed storage
165:
162:
159:
151:
148:
59:encryption key
15:
9:
6:
4:
3:
2:
2306:
2295:
2292:
2290:
2287:
2285:
2284:Copyright law
2282:
2280:
2277:
2276:
2274:
2263:
2258:
2257:
2239:
2233:
2219:
2213:
2196:
2189:
2174:
2170:
2164:
2150:
2146:
2140:
2126:
2122:
2116:
2102:
2098:
2092:
2077:
2073:
2067:
2052:
2048:
2041:
2035:
2031:
2028:
2026:
2019:
2004:
2003:firstlook.org
2000:
1994:
1978:
1974:
1967:
1961:
1955:
1947:
1943:
1939:
1935:
1931:
1924:
1918:
1914:
1911:
1906:
1898:
1894:
1890:
1886:
1882:
1878:
1874:
1867:
1860:
1858:
1851:
1837:
1834:
1828:
1819:
1817:
1807:
1792:
1788:
1782:
1768:
1767:Linux Journal
1764:
1760:
1754:
1740:
1736:
1729:
1714:
1707:
1693:
1689:
1682:
1667:
1661:
1647:
1643:
1636:
1634:
1619:
1615:
1611:
1605:
1591:
1587:
1580:
1572:
1566:
1552:on 2006-08-22
1548:
1541:
1534:
1526:
1520:
1516:
1515:
1507:
1492:
1488:
1481:
1467:
1463:
1457:
1439:
1435:
1429:
1422:
1419:
1413:
1405:
1398:
1383:
1379:
1375:
1373:9781450341394
1369:
1365:
1361:
1357:
1356:
1348:
1339:
1334:
1330:
1323:
1304:
1303:
1295:
1281:
1280:Linux Journal
1277:
1273:
1267:
1261:
1257:
1254:
1249:
1242:
1231:
1224:
1218:
1203:
1196:
1189:
1179:on 2007-05-15
1178:
1174:
1170:
1166:
1160:
1153:
1142:
1135:
1129:
1115:
1111:
1105:
1103:
1101:
1099:
1080:
1073:
1058:
1051:
1044:
1029:
1022:
1015:
1004:
1002:
994:
986:
982:
978:
977:
969:
967:
952:
948:
941:
926:
922:
915:
913:
911:
895:
891:
885:
877:
871:
867:
866:
858:
856:
851:
841:
838:
836:
833:
831:
828:
826:
823:
820:
817:
815:
812:
811:
804:
803:
799:
795:
791:
787:
785:
784:ARM TrustZone
780:
778:
774:
770:
768:
764:
759:
757:
754:
750:
747:
743:
739:
735:
731:
726:
724:
720:
716:
712:
708:
704:
699:
697:
693:
682:
672:
666:
662:
660:
656:
651:This section
649:
640:
639:
631:
627:
625:
622:manufacturer
621:
616:
611:
609:
605:
595:
593:
589:
585:
580:
576:
566:
564:
560:
555:
545:
541:
539:
533:
529:
525:
521:
512:
510:
505:
501:
492:
483:
480:
476:
472:
468:
458:
456:
446:
436:
431:
427:
425:
418:
413:
409:
404:
402:
401:Ross Anderson
397:
395:
391:
387:
382:
380:
376:
372:
367:
365:
361:
356:
352:
342:
339:
329:
327:
317:
313:
299:
297:
293:
289:
285:
281:
277:
273:
272:Windows Vista
262:
252:
250:
246:
244:
238:
235:
226:
217:
215:
211:
201:
199:
194:
188:
185:
172:
169:
166:
163:
160:
157:
156:
155:
147:
145:
141:
137:
133:
129:
125:
121:
117:
113:
108:
106:
102:
98:
94:
90:
86:
82:
77:
75:
71:
67:
66:free software
62:
60:
56:
52:
48:
44:
40:
36:
32:
26:
22:
2279:Cryptography
2241:. Retrieved
2232:
2221:. Retrieved
2212:
2201:. Retrieved
2188:
2177:. Retrieved
2175:. 2021-07-08
2172:
2163:
2152:. Retrieved
2149:Google Cloud
2148:
2139:
2128:. Retrieved
2124:
2115:
2104:. Retrieved
2100:
2091:
2080:. Retrieved
2075:
2066:
2055:. Retrieved
2051:the original
2047:"TPM Matrix"
2040:
2024:
2018:
2007:. Retrieved
2005:. 2015-02-19
2002:
1993:
1981:. Retrieved
1977:media.ccc.de
1976:
1966:
1954:
1923:
1905:
1883:(2): 16–19.
1880:
1876:
1866:
1856:
1850:
1839:. Retrieved
1836:TrouSerS FAQ
1835:
1827:
1806:
1795:. Retrieved
1793:. 2006-08-09
1790:
1781:
1770:. Retrieved
1766:
1759:Schoen, Seth
1753:
1742:. Retrieved
1739:Ars Technica
1738:
1728:
1717:. Retrieved
1706:
1695:. Retrieved
1692:Ars Technica
1691:
1681:
1670:. Retrieved
1660:
1649:. Retrieved
1646:Ars Technica
1645:
1621:. Retrieved
1617:
1604:
1593:. Retrieved
1589:
1579:
1554:. Retrieved
1547:the original
1533:
1513:
1506:
1495:. Retrieved
1490:
1480:
1469:. Retrieved
1465:
1456:
1445:. Retrieved
1428:
1420:
1412:
1403:
1397:
1385:. Retrieved
1354:
1347:
1328:
1322:
1310:. Retrieved
1301:
1294:
1283:. Retrieved
1279:
1266:
1248:
1240:
1234:. Retrieved
1217:
1206:. Retrieved
1195:
1187:
1181:. Retrieved
1177:the original
1168:
1159:
1151:
1145:. Retrieved
1140:
1128:
1117:. Retrieved
1086:. Retrieved
1072:
1061:. Retrieved
1056:
1043:
1032:. Retrieved
1027:
1014:
1000:
993:
975:
954:. Retrieved
950:
940:
928:. Retrieved
924:
897:. Retrieved
893:
884:
864:
794:Samsung Knox
788:
786:technology.
781:
771:
763:Classmate PC
760:
727:
707:Gentoo Linux
703:Linux kernel
700:
689:
676:
669:Please help
653:may contain
652:
628:
612:
601:
572:
551:
542:
534:
530:
526:
522:
518:
502:
498:
489:
464:
452:
443:
433:
429:
421:
415:
411:
406:
398:
383:
368:
348:
335:
323:
314:
310:
269:
247:
239:
236:
232:
223:
207:
189:
181:
153:
150:Key concepts
109:
78:
74:scare quotes
63:
34:
30:
29:
1493:(in German)
1057:White Paper
773:PrivateCore
661:information
592:open source
366:, and DRM.
341:they want.
2273:Categories
2243:2018-03-07
2223:2015-01-12
2203:2007-01-13
2179:2022-02-09
2154:2022-02-09
2130:2022-02-09
2106:2022-02-09
2082:2006-05-05
2057:2006-05-05
2009:2015-02-27
1841:2007-02-07
1797:2013-05-10
1772:2007-02-07
1744:2014-05-31
1719:2014-05-31
1697:2014-05-31
1672:2014-05-31
1651:2014-05-31
1623:2007-02-07
1595:2021-09-12
1556:2007-02-07
1497:2022-02-09
1471:2022-02-09
1447:2007-02-07
1338:2102.08804
1285:2007-02-07
1236:2007-02-07
1208:2007-02-07
1183:2007-02-07
1147:2006-02-07
1119:2007-02-07
1088:2007-02-07
1063:2007-02-07
1034:2007-02-07
956:2024-04-03
847:References
761:The Intel
751:(SGX) and
655:unverified
424:OpenOffice
284:Windows RT
1979:. YouTube
1230:U.S. Army
1173:Microsoft
930:12 August
679:July 2014
579:Palladium
575:Microsoft
455:locked in
345:Criticism
280:Windows 8
276:Windows 7
136:U.S. Army
132:Microsoft
93:computers
68:activist
2030:Archived
1913:Archived
1565:cite web
1382:14663076
1256:Archived
807:See also
802:SE Linux
711:TrouSerS
620:SIM card
615:end user
584:bundling
467:fair use
371:Alan Cox
353:and the
294:and the
55:software
1983:30 July
1308:. Intel
925:gnu.org
868:. IET.
790:Samsung
723:Red Hat
624:Gemalto
479:backups
435:abused.
97:servers
89:malware
85:viruses
1946:156799
1944:
1897:688158
1895:
1521:
1387:14 May
1380:
1370:
1312:14 May
899:20 May
872:
561:) and
126:, and
2198:(PDF)
1942:S2CID
1893:S2CID
1590:ZDNet
1550:(PDF)
1543:(PDF)
1441:(PDF)
1378:S2CID
1333:arXiv
1306:(PDF)
1226:(PDF)
1137:(PDF)
1082:(PDF)
1053:(PDF)
1024:(PDF)
1006:(PDF)
746:Intel
598:Trust
112:Intel
1985:2018
1571:link
1519:ISBN
1389:2021
1368:ISBN
1314:2021
932:2013
901:2022
870:ISBN
740:and
701:The
696:BIOS
373:and
349:The
282:and
124:Dell
122:and
114:and
95:and
87:and
53:and
1934:doi
1885:doi
1360:doi
981:doi
798:MDM
777:x86
753:AMD
738:AWS
715:EGo
663:in
657:or
559:IBM
469:or
184:RSA
116:AMD
23:or
2275::
2171:.
2147:.
2123:.
2099:.
2074:.
2001:.
1975:.
1940:.
1891:.
1879:.
1875:.
1815:^
1789:.
1765:.
1737:.
1690:.
1644:.
1632:^
1616:.
1588:.
1567:}}
1563:{{
1489:.
1464:.
1376:.
1366:.
1278:.
1239:.
1228:.
1186:.
1171:.
1167:.
1150:.
1139:.
1097:^
1055:.
1026:.
965:^
949:.
923:.
909:^
892:.
854:^
736:,
725:.
511:.
396:.
362:,
278:,
274:,
146:.
120:HP
35:TC
2246:.
2226:.
2206:.
2182:.
2157:.
2133:.
2109:.
2085:.
2060:.
2012:.
1987:.
1936::
1899:.
1887::
1881:3
1861:,
1844:.
1800:.
1775:.
1747:.
1722:.
1700:.
1675:.
1654:.
1626:.
1598:.
1573:)
1559:.
1527:.
1500:.
1474:.
1450:.
1391:.
1362::
1341:.
1335::
1316:.
1288:.
1211:.
1122:.
1091:.
1066:.
1037:.
1008:.
983::
959:.
934:.
903:.
878:.
681:)
677:(
667:.
33:(
27:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.