Wave Systems Corp. (fka WAVXQ)

[Genz2]

What the heck is trusted computing, anyway?

Viewing this article seems like: Whoa wait a minute!

https://blog.rivetz.com/what-the-heck-is-trusted-computing-anyway-2d063cf520cd

The idea behind trusted computing is that you can trust that your computer is your computer and is doing the things that you want it to do?—?and nothing more.

Pretty simple in theory. Less simple in practice.

Trusted computing got its official start in the late 1990s as an effort to get consumers to trust their personal computers. As the internet rose to prominence, people needed to have faith in these devices and the internet’s tubes to store and transmit your personally identifying information, credit card numbers, and other important data.

I personally recall expressing surprise that a friend would buy something online at the time?—?until he responded, “You ever buy anything over the phone? You trusted the person at the other end of the line, who was probably being paid minimum wage, didn’t you?” Huh. Now that you mention it …

The secure enclaves inside the processor chips inside desktops and laptops came out of the Trusted Computing Platform Alliance’s (TCPA’s) specifications for what actually would constitute a Trusted Computing Platform. In 2003, the TCPA was succeeded by the Trusted Computing Group, which exists to this day. (Related: When TCG was formed, Rivetz CEO Steven Sprague was CEO of Wave Systems, one of the organization’s earliest members.)

Open-source legend Richard Stallman saw this as a threat, however, dubbing trusted computing “treacherous computing” because he saw within it the ability to restrict access to certain types of content. By 2015, he altered his rhetoric a bit:

“At present, ‘Trusted Platform Modules’ are not being used for DRM at all, and there are reasons to think that it will not be feasible to use them for DRM. Ironically, this means that the only current uses of the ‘Trusted Platform Modules’ are the innocent secondary uses?—?for instance, to verify that no one has surreptitiously changed the system in a computer.

Therefore, we conclude that the ‘Trusted Platform Modules’ available for PCs are not dangerous, and there is no reason not to include one in a computer or support it in system software.”

Of course, those “innocent secondary uses” were the actual primary uses for the TPM.

So, since 2004, most devices shipped by the major manufacturers have included a Trusted Platform Module. The thing is, the user has to turn it on in order for it to be used. Most people don’t even know it exists, and even if they did, most wouldn’t know how to enable and use it.

That’s all very well and nice, this trip into the history books. But what does this mean, now?

One of the biggest problems in truly securing our devices is that security layers have historically been an impediment to getting people to actually use security. I mean, two-factor authentication apps have been around for years now, and how many people actually use them? And how many use them when not required by their employer?

Having to take extra steps to sign into an account or platform is annoying. It takes extra time?—?those precious few seconds.

That’s why the concept of trusted computing is so powerful?—?it has the potential to enable you to trust your device and know that it recognises you as you.

Trusted computing got a bump in interest this week when Intel announced its new Intel Security Essentials at the RSA security conference in San Francisco. The capabilities will help protect the trusted enclaves that are the root of trusted computing.

Intel’s announcement will make it easier for Rivetz to implement its trusted computing solutions in PCs, laptops and other devices with Intel processors.

“This standard set of capabilities will accelerate trusted computing as customers build solutions rooted in hardware-based protections,” Intel said in a press release. “Further, these capabilities, directly integrated into Intel silicon, are designed to improve the security posture of computing, lower the cost of deploying security solutions and minimize the impact of security on performance.”

Until now, the trusted computing technologies really haven’t focused on the average user. While Intel was really looking at its customers?—?the device manufacturers?—?when it announced this, it will be easier to bring this level of security to the average consumer.

As Steven told Tai Zen last fall, “in the past, these technologies have only been sold to the CISO, hoping they are going to deploy them inside a large enterprise.”

end of the article is at the link