Wave Systems Corp. (fka WAVXQ)

[Weby]

This is a very small section of a very complicated document explaining TPMs in MSFt Vista and Longhorn Server to come.

I'm posting this section because 1. The document is primarily about local control of machines and doesn't get to group installations -- and issues of enterprise key management, and DRM until late in the chapter. Following the section posted, around page 62 of the pdf. There is an enlightening discussion on encryption and what is bugging NIST (I'm assuming this argument over the nature of "unbreakable" encryption is part of the Dartt-NIST conflict over certification for Seagate. ) In the shortest sense, The document indicates to me that...Wave remains the leader in utilization of TPM keys, but the topic gets more complex all the time. It should be noted that this book, like all books, is dated. With the Seagate development Wave has moved away from the OS and moved the use of the TPM to pre-boot changing the nature of the conflict between Wave and MSFT. Lots of new stuff to understand, integrate and argue about. It is worthy of note however that the author acknowledges Wave's role first in the Third Party Applications section. Read on:

May1Sept's Link

http://www.syngress.com/book_catalog/431_Vista/sample.pdf

Third-Party Applications
Some third-party applications that rely on the TPM have already begun to emerge. Probably the best example of this is Wave Embassy Suites.This software package was originally developed to take advantage of version 1.1 TPM chips, but it now supports
version 1.2 chips as well.This is a very popular application that OEMs are deploying with devices they sell that include biometric hardware.The TPM will be utilized by applications such as this which enable strong biometric authentication measures by securing the biometric data that the application relies upon. Just as the TPM assists BitLocker Drive Encryption by sealing the VMK, the TPM can seal the user’s biometric data that the application is using. Another important application for TPM-enabled devices that will emerge will be remote access solutions. Given the strong device authentication possible with the TPM, you can be sure that remote access will appeal to a segment of the software market that turns toward implementing TPM support. In this way, you can think of the user needing an RSA SecureID or smart card to authenticate to the remote
access solution, and the device he or she is connecting from will also need to present its credentials using the TPM.This can help network administrators eliminate remote security breaches due solely to compromised user authentication tokens such as passwords, RSA SecureIDs, or smart cards. Now the attacker will also need to have the user’s laptop as well.
This is really only the tip of the iceberg as far as TPM-based applications go, however. Some implementations we are likely to see are as follows:
■ Users are provided with the ability to wrap the cryptographic keys they use for secure connections over the Internet, such as logging into their bank accounts via a Web browser and using secure e-mail applications.
■ Web servers can use the TPM’s sealing functionality to provide assurance to connecting nodes that they are trustworthy, including assurance that the
server-side software and settings are the same as when the node connected previously, when the trust relationship was established.
■ DRM will likely emerge as a popular way to use the TPM. Media applications such as iTunes can use the TPM’s sealing functions to lock down access to media if tampering takes place.
www.syngress.com