SmartCARDs vs. TPM solutions,
I have received an email asking for an explanation as to how Smartcard solutions are different from TPM solutions (whether they are competitive). I thought it should be posted on the board.
SmartCARDs do not create a secure execution space
SmartCARDs do not create secure input
SmartCARDs are typically only two-level authentication
SmartCARDs only authenticate the user
TPMs authenticate the PLATFORM
TPMs authenticate the applications (software)
TPMs create a secure PLATFORM for which applications can execute
TPMs add additional security protocols
TPMs harden security information for all applications
TPMs essentially create was is referred to as a secure APN (Application Private Network) inside the PC. The difference between an APN and a VPN is that a VPN will close off an entire network of PCs to only allow certain users access. A secure APN will keep those PCs open to whoever wishes to access them, but will only give them access to certain applications, memory or processing power.
As a global example, in a VPN, if you decide you wish to allow NASA to use your computer to search for Extra-Terrestrial life, you could give them access to your computer and "trust" them to not mess with it (install viruses, trackers, etc.). But, they basically have a back door entrance to your PC and every computer on the network. So esentially you're not being smart by doing this since all private and sensitive data would be exposed. With a secure APN, your PC can be used for this application, but only that application would run in the secure execution "safe" inside your PC and be able to use your processor and any processors in the network, but not read any sensitive data or memory, or execute and install virus programs. This enables "distributed" computing, where a company with 1000 PCs under their roof can run applications much faster for research and development because they can use the processing power of any PC that is not currently executing applications, making their computer programs execute much more efficiently.
Essentially, SmartCARDs are very limited in what they do, and they are inflexible in cost and deployment. If you want more security from your SmartCARD, the card costs more and the price to replace cards for banks, etc etc becomes prohibitive. So to keep the cost cheaper, the functionality is minimalized. But, remember, the smartCARD does not enable the platform to be secure no matter how expensive the chip is that is glued to it. They are not competitive, more complimentary. Though the smartcard could delay TPM deployment, it doesn't appear to be the case anymore as secure platforms are 100% necessary to enable higher-end applications such as secure banking, brokerage, 401k, etc.
