TCG releases specification for "trusted servers"

Portland (OR) - Continuing its effort to build an environment for a "trusted" computing environment, the Trusted Computing Group (TCG) today released a "trusted server" spec that complements the group's network and client security framework.

The latest specification targets explicitly servers and, according to the TCG, aims to defend such computers against attacks that try to extract data and interfere with applications and financial transactions. Similar to the client spec, the trusted server also carries a "Trusted Platform Module" (TPM), a chip that can store critical data such as digital keys, certificates and passwords.

According to the TCG, trusted server applications can include asset management, configuration management, data migration and back-up, document management, financial transactions, management of endpoint integrity and network access control, as well as user and platform configuration. A scenario where the TPM can play an essential role is the verification of systems before transactions are performed and access to critical data is granted.

The specifications issued by the TCG usually are non-proprietary and can be implemented in any platforms. Supported architectures for the trusted server spec are x86, Intel Itanium, MIPS and Sparc processors. A statement by the TCG did not list Apple as supported platform, but a spokesperson said that it would be "certainly" possible to integrate a TPM in Apple-based systems.

Clients such as notebooks have been available with TPM's for some time now and the TCG claims that more than 15 million devices with such a chip have been shipped to date. The Trusted Network Connect (TNC) architecture, unveiled by the group last May, acts as connecting feature between trusted clients and servers. According o the TCG, that future network structures will be able to evaluate clients trying to connect to a network against security policies and either allow or deny access. For example, clients not meeting pre-determined policies, such as those for patch levels, anti-virus software or operating system configuration, can be automatically quarantined.

Related stories: