Wave Systems Corp. (fka WAVXQ)

[Taxi vader]

State of South Dakota, Gateway Security Feature - Trusted Platform Module (TPM)

Hopefully Wave is in there w/ Gateway to sell Server Products.
http://www.state.sd.us/bit/FutureIT/hardware.html

Gateway Security Feature - Trusted Platform Module (TPM)

Published: June, 2005

Gateway is a member of the Trusted Computing Group (TCG), a group dedicated to creating more secure computers. The membership in TCG includes: Intel, HP, IBM, and Microsoft as well as Gateway and numerous other companies. The TCG came together when a number of computer-related businesses realized that computers essentially had no security and that using software as the only form of security was a risky proposition. In recent months, Gateway has introduced their high-end corporate computer, the E-6300, which has incorporated a new security product designed by the TCG. This security product is the Trusted Platform Module (TPM).

The TPM is a computer chip designed to help prevent hardware attacks, unauthorized access to data, and data theft. This chip has several functions. The first function is to offer protected storage. Protected storage is a number of memory locations that are isolated and protected from non-secure access. These storage locations protect sensitive information such as encryption keys, digital certificates, and digital signatures.

The other function is to serve as a device identifier. This allows users to conduct on-line transactions, both business- or information-related, and still protect their privacy and identification. Even if a person has a dozen transactions with a company, that company cannot even tie those transactions to the same anonymous person. This is done by both companies dealing with a third-party certification company. The TPM for the person would create a unique, one-time-only set of public and private keys identifying the person. The user sends these to the certification company. The business would then contact the certification company and obtain the public key, which unlocks the information from the individual that says, “yes, this person is who she says she is”. Thus, the person is authenticated without the business knowing her identity. The 3rd party certification company would know, but you have to trust someone. These certification companies’ businesses are built on trust. You would not go to a certification company if you felt you could not trust them.

Inside of a company or agency, network administrators can use the device identifier to offer even more specific access rights for users. The people would log onto the network and in the process they would identify themselves. The TPM units inside the computer would then identify themselves to the network by giving their unique serial number. The network security would then give the user their access rights based upon what device they are on as well as whom they are. An example of this would involve users who are salesmen. When they dial in from a remote site on their laptops, they would gain a slightly different group of access rights than if they logged in from their desktop computers. They would gain access to all of the network resources they need in this setup and only those network resources they need. The best part of this is that the users do everything the same regardless of what device they are using.

Another TPM feature is that it can defend itself against physical theft. If someone pries the TPM chip loose from its motherboard, it will automatically erase itself. That way, someone cannot gain access to the protected information by stealing the chip.

As secure and as advanced as this is, the TPM is only the first step in a path towards greater security. The next step along this path is the creation of operating systems that incorporate the necessary drivers and programming to make better use of the security offered by the TPM. After that, vendors need to design and create applications that make full use of the security offered by TPM and the TPM-enabling operating systems. Once that is the case, the security will be incorporated throughout the system. It would be in the hardware, in the system, and in the software. In this way, the vulnerabilities would be more and more limited, harder to find, and easier to fix. Security will never be foolproof, but it can - and will, get better. Trusted Platform Modules are the next step in that process.