The Trusted Computing Platform Alliance (TCPA) is a consortium that was formed in 1999. At the time, it included various important players from both the hardware and the software industry, such as HP, IBM, Microsoft and others. Unfortunately, the TCPA failed as an organization, due to its structure: any of its 200 members had the ability to postpone or prevent decisions through a right to veto. This made it rather difficult to come to consensus on various decisions.
For this reason, the done by the TCPA was transferred to a new consortium in April 2004, called the Trusted Computing Group (TCG.) In this organization, only a few companies, called "promoters," have the right to make decisions; currently, the promoters are AMD, Hewlett-Packard, IBM, Intel, Microsoft, Seagate, Sony, Sun and Verisign. The remaining nearly one hundred members are classified as "contributors" or "adopters;" they are involved in the work of drafting specifications or simply granted early access to the new drafts.
Among other things, a result of the TCPA/TCG efforts was the development of the Trusted Platform Module (TPM), probably more appropriately known as the "Fritz Chip". This name honors US senator Fritz Hollings, who became known for being a staunch supporter of digital rights management (DRM).
The TPM usually appears as a motherboard-mounted chip and is integrated in the boot process. When switching the computer on, its makes sure the state of the system is approved (trusted).
Objectives Of The Trusted Computing Group
One goal of the TCG is to create the "safe computer", in which the hardware, the software and the entire communication process are verified and secured. The term "communication" can be seen very generally, and applies to communication between different pieces of software. The following keywords summarize the TCG's objectives:
- Data security
Data can only be read by authorized users. Transmission security from and to the computer is to be ensured. Personal data must not be compromised (one of today's scenarios is identity theft, dubbed here as "phishing").
- Data safety
Hardware and software must handle data reliably.
- Data integrity
Software and data must not be changed without it being noticed (such as is done by viruses or worms).
- Data authenticity
The authenticity of a person (sender/receiver) or of a data service must be verifiable (through "assignment"). Each TPM chip is clearly identifiable, that is, it is clearly bound to a certain system.
Of course the possibilities of a trusted platform are not limited only to the computer - all modern form of communication could also be included. The TCG vision encompasses mobile telephones and PDAs, as well as input devices, storage devices/volumes and certificates. Security-related hardware such as fingerprint readers and iris scanners can also be vested with TPM extensions. The research and development effort required here has been delegated to sub groups of the TCG. One is the TNC (Trusted Network Connect); it deals with secured network connections.
A technical side issue that is often mixed up with the topic of trusted computing is DRM. Its task is to prevent content - usually movies and music, but also text such as PDF files - from being used or duplicated without the consent of the copyright owner.
Of course the technology of trusted computing offers the technical basis for these considerations. So far, nobody has taken the chance to enforce a stricter digital rights scenario. Maybe this is because Microsoft was heavily criticized for its Palladium platform. The latest efforts are being redone by Microsoft under the term "Next Generation Secure Computing Base" (NGSCB). At the end of the day this, however, is nothing more than something old being made to look new...