Q: What is a Trusted Platform Module (TPM) and what can I use it for? What security services can a TPM provide?
A: A Trusted Platform Module (TPM) is a specialized security hardware module that is integrated with a computer’s motherboard. It can provide tamper-proof security services to the computer and its users. These security services include protected storage for cryptographic keys and data, platform-integrity verification, and strong device and user authentication. The TPM is built according to the specifications of the Trusted Computing Group or the TCG (http://www.trustedcomputing.org). The TCG evolved from what was once the Trusted Computing Platform Alliance (TCPA). TCG is an industry consortium that defines the specifications for trusted computing platforms and networking architectures. The five founders of TCPA/TCG were IBM, Intel, Microsoft, HP, and Compaq.
A TPM is sometimes referred to as an embedded smart card. Although it has important smart card similarities, it also has important differences. Both host microprocessors that provide cryptographic and data protection services. A TPM, however, is bound to a computer platform. A smart card can roam between different computers, provided the computers are equipped with a smart card reader. A TPM is better suited to protect access to sensitive information stored on a computer system.
TPMs are a critical technology to look at it in the identity and access management (IDM) space: They can provide strong identity data protection services and strong user and device authentication. The Windows platform might play an important role in the widespread adoption of TPM: Microsoft plans to make TPM-enabled security features available in the Longhorn OS code base. Today’s leading PC vendors (Dell, HP, and IBM) all sell computers with a TPM option. They also provide special software that you can use to provide TPM-based security services to Windows users. For example, the HP TPM-based software solution is called Embedded Security for HP ProtectTools; the IBM solution is called ThinkVantage Technologies. For a good overview of computer hardware that currently includes a TPM chip and applications supporting TPM functionality, look at the TPM matrix available at the following URL: http://www.tonymcfadden.net/tpmvendors.html.