Index
A
abstraction, 144. See also TCS
access
data to specific PCs, locking, 198-199
DMA, 246
FAT, 185
group hard disks, 194-196
localities, 75
administration
devices, 231-240
DRM, 200
functions, 279-288
PKCS#11, 161
TCS, 146-152
TSS, 94
VPN endpoints, 208-210
administrators, TPM commands, 293
adware, 7
AES (Advanced Encryption Standard), 19, 182
algorithms
hash, 88-89
SHA-1, 15
SHA1, 97-99
symmetric, 181-193
AMD Secure Virtual Machine, 72-74
analysis, security, 26-28
APIs (application programming interfaces), 3
PKCS#11, 157-163
TSS functionality, 77
applications
clients, 9
encryption, 182
helper programs, 193
migration, 169-178
PKCS#11, 157-169
TCS, 144-145
TSS, 77
validation data structure, 101-102
backup/maintenance, 231-235
Storage Root Key, 34
TSS, 77-79
assignment of key certificates, 235-237
asymmetric keys, 19-22
Atmel 1.1b TPM, 47
attacks
BORE, 260
changing threats of, 4-8
cost of, 3-4
hammering, 41
shoulder surfing, 244
types of, 26
attestation, 144
Attestation Identity Key, 111
auditing functions, 273-274
authentication
biometrics, 218-220
COTS, 225
credit cards, 211-213
DAA, 260-269
HIPAA compliance, 222-225
hoteling, 214-216
IP telephony, 226
IPSec, 226-227
multiple users, 213-214
network switches, 228-230
PKI, 216-218
service meters, 227-228
smart cards, 220-221
trusted endpoints, 221-222
virtual dongles, 221
authorities
DAA, 260-269
delegation of, 210-211
authorization, 20-22
delegation, 253-259
locality, 269
OSAP, 20
policy objects, 82-85
TPM objects, 81-82
trusted display, 246-247
trusted path, 243-246
avoiding exposure, 41
B
basic key structure, 31
behavior of PCRs, 269-270
binding
data, 127-132
keys, 36
section, 151
biometrics, 218-220
BIOS
boot sequences, 14-18
TPM, 59-62
blob migration, 232
blocks, CBC, 184
booting
loaders, 16
sequences, 14-18
trusted boot, 69-76
bootstrap loaders, 60
BORE (Break Once Run Everywhere) attacks, 260
broadband eavesdropping, 8
buffer overflow, 5
C
C, TSS functions, 323-331
CA (Certificate Authority), 194
callback functions, 99-100
cards
NICs, 226-227
smart. See smart cards
categories of attacks, 4-8
CBC (Cipher Block Chaining), 184
certificates
DAA, 260-269
key assignment of, 235-237
checking TPM configuration, 67
Cipher Block Chaining (CBC), 184
classification of keys, 35-36
clearing TPM, 63
client applications, security, 9
CMKs (Certified Migratable Keys), 92, 249-253
codes
HMAC, 185
TCS, 145
TSS return, 93-94
commands
MigrateMigrationBlob, 232
Tcsi_EnumRegisteredKeys, 285
TPM_CreateWrapKey, 66
TPM_EvictKey, 66
TPM_GetCapability, 64
TPM_LoadKey, 66
TPM_PcrRead, 65
TPM_ReadPubek, 65
TPM_Reset, 64
TPM_Seal, 67
TPM_Sign, 67
TPM_TakeOwnership, 66-67
TPM_Unseal, 67
TPM_ChangeAuthOwner, 39
Tsci_Admin_TSS_MaxTimePerLocality, 282
Tsci_Admin_TSS_SessionPerLocality, 281
Tspi_Context_CloseSignTransport, 278
Tspi_Context_GetRegisteredKeyBy-PublicInfo, 286-287
Tspi_Context_GetRegisteredKeyByUUID, 287
Tspi_Context_GetRegisteredKeyBy UUID2, 287-288
Tspi_Context_RegisterKey, 283
Tspi_Context_SetTransEncryptionKey, 278
Tspi_Context_UnregisterKey, 284
Tspi_DecodeBER_TssBlob, 289
Tspi_EncodeDER_TssBlob, 288-289
Tspi_GetRegisteredKeyByUUID, 285-286
Tspi_Key_CMKConvertMigration, 252-253
Tspi_Key_CMKCreateBlob, 250-251
Tspi_Key_MigrateKey, 251
Tspi_NV_DefineSpace, 271
Tspi_NV_ReadValue, 272
Tspi_NV_ReleaseSpace, 271-272
Tspi_NV_WriteValue, 272
Tspi_TPM_CheckMaintenancePolicy, 282
Tspi_TPM_CMKApproveMA, 252
Tspi_TPM_CMKSetRestrictions, 250
Tspi_TPM_CreateMaintenanceArchive, 236
Tspi_TPM_CreateRevocableEndorsement-Key, 279-280
Tspi_TPM_CreateTicket, 252
Tspi_TPM_DAA_ARDecrypt, 268-269
Tspi_TPM_DAA_IssueInit, 266
Tspi_TPM_DAA_IssuerKeyVerification, 265
Tspi_TPM_DAA_IssueSetup, 265-266
Tspi_TPM_DAA_JoinCreateDaaPubKey, 263
Tspi_TPM_DAA_JoinInit, 262-263
Tspi_TPM_DAA_JoinStoreCredential, 264
Tspi_TPM_DAA_RevokeSetup, 268
Tspi_TPM_DAA_Sign, 264
Tspi_TPM_DAA_VerifyInit, 267
Tspi_TPM_DAA_VerifySignature, 267
Tspi_TPM_Delegate_AddFamily, 255
Tspi_TPM_Delegate_CacheOwner-Delegation, 257
Tspi_TPM_Delegate_CreateDelegation, 257
Tspi_TPM_Delegate_GetFamily, 256
Tspi_TPM_Delegate_InvalidateFamily, 256
Tspi_TPM_Delegate_ReadTables, 259-260
Tspi_TPM_Delegate_UpdateVerification-Count, 258
Tspi_TPM_Delegate_VerifyDelegation, 259
Tspi_TPM_GetAuditDigest, 274
Tspi_TPM_KeyControlOwner, 284-285
Tspi_TPM_KillMaintenanceFeature, 237
Tspi_TPM_ReadCurrentCounter, 275
Tspi_TPM_ReadCurrentTicks, 276
Tspi_TPM_RevokeEndorsementKey, 280-281
Tspi_TPM_SetOrdinalAuditStatus, 273
Tspi_TPM_TickStampBlob, 276-277
TSS, 303-312
communication
through BIOS, 59-62
through TDDL, 62-66
TPM_TakeOwnership command, 66-67
comparing keys, 34-35
compliance, HIPAA, 222-225
composite objects, PCE, 89-90
configuration
biometrics, 218-220
callback functions, 99-100
features not included, 25
identities, 23
internal random number generation, 24-25
multiple user environments, 23-24
passwords, 83
PCRs. See PCRs
PKCS#11, 162-169
PKI, 216-218
smart cards, 220-221
signatures, 22-23
storage, 18-22
symmetric keys, 127-135
TPM, 67
trusted endpoints, 221-222
WSDL, 146-152
connection version, 81
content protection, 200-201
context objects, 80-81, 324, 331
convenience functions, 279-289
cost of attacks, 3-4
counters
monotonic, 275
tick, 276-277
CreateSecureMigratableKeyBlob function, 322
credit card endpoints, 211-213
cryptography, 157
administration, 161
design, 162
migration, 169-178
openCryptoki design, 162-169
overview of, 158
RSA key restrictions, 159-160
tokens, 158-159
cybercrime, cost of, 3-4
D
DAA (Direct Anonymous Authentication), 92, 260-269
daisy chains, 33
data binding, 127-132
Data Integrity Register (DIR), 91
data sealing, 132-135
DecryptFile function, 321
DecryptFileLoad function, 322
decryption, 193
delegation, 253-254
of authority, 210-211
commands, 255-260
family objects, 92
without allowing migration, 211
Delegation Table object, 328, 331
design. See also configuration
platforms, 14-18
TPM, 9-10
TSS
configuring callback functions, 99-100
memory management, 94
overview of, 77-79
persistent key storage, 95-97
portable data, 94-95
return codes, 93-94
signing/verifying data, 97-99
TSP, 79-92
Tspi, 79
validation data structure, 101-102
devices
administration, 231
assignment of key certificates, 235-237
backup/maintenance, 231-235
key recovery, 239-240
time reporting, 237-238
tools, 240
drivers, 59-66, 332. See also drivers
TCG 1.1b specification, 47-50
TPM 1.2 specification, 50-58
virtual dongles, 221
Digital Rights Management (DRM), 200
digital signature security, 40-41
DIR (Data Integrity Register), 91
Direct Anonymous Authentication. See DAA
direct memory access (DMA), 246
disks, hard, 191-196
DMA (direct memory access), 246
dongles, virtual, 221
drivers
commands, 332
TCG 1.1b specification, 47-50
TPM 1.2 specification, 50-58
TPM
communication through BIOS, 59-62
communication through TDDL, 62-66
DRM (Digital Rights Management), 200
dynamic root of trust measurements, 71-72
E
EK (endorsement key), 29
electrical usage service meters, 227-228
electronic eavesdropping, 8
element types, 148
phishing, 7
secure time reporting, 237-238
sniffing, 8
enabling TPM, 63
EncryptFile function, 321
encryption
CBC, 184
data objects, 87
files, 136-138
backup facilities, 196-198
for group access/hard disks, 194-196
sending, 183-191
for storage on hard disks, 191-193
I/O, 193
software, 182
endorsement key (EK), 29, 216-218
Endorsement objects, 330
endpoints
credit cards, 211-213
trusted, 221-222
VPNs, 208-210
environments
multiple users, 23-24
platforms, 14-18
errors, parsing, 5
Ethernets, 228-230
exposure, avoiding, 41
F
FAT (file access table), 185
fax security, 202
features not included, 25
file access table (FAT), 185
files
data specific to, locking, 198-199
encryption. See encryption
finite resources, 142-143
flags, 237
flash storage, 91
formatting
keys, 103-107
passwords, 83
symmetric keys, 127-138
WSDL, 146-152
free seating, 213. See also hoteling
functionality
APIs, 77
PCRs, 269-270
functions
administration, 279
Tcsi_EnumRegisteredKeys command, 285
Tsci_Admin_TSS_MaxTimePer-Locality command, 282
Tsci_Admin_TSS_SessionPerLocality command, 281
Tspi_Context_GetRegisteredKeyBy-PublicInfo command, 286-287
Tspi_Context_GetRegisteredKeyBy-UUID command, 287
Tspi_Context_GetRegisteredKeyBy-UUID2 command, 287-288
Tspi_Context_RegisterKey command, 283
Tspi_Context_UnregisterKey command, 284
Tspi_DecodeBER_TssBlob command, 289
Tspi_EncodeDER_TssBlob command, 288-289
Tspi_GetRegisteredKeyByUUID command, 285-286
Tspi_TPM_CheckMaintenancePolicy command, 282
Tspi_TPM_CreateRevocable-EndorsementKey command, 279-280
Tspi_TPM_KeyControlOwner command, 284-285
Tspi_TPM_RevokeEndorsementKey command, 280-281
auditing, 273
Tspi_TPM_GetAuditDigest command, 274
Tspi_TPM_SetOrdinalAuditStatus command, 273
callback, 99-100
CreateSecureMigratableKeyBlob, 322
DecryptFile, 321
DecryptFileLoad, 322
EncryptFile, 321
files, 136-138
grouping, 154-155
keys, 35-36
libraries, 321-322
LoadSecureMigratableKeyBlob, 322
MyFunc_CreateAIK( ), 111
MyFunc_CreateKeyHierarchy( ), 116
MyFunc_CreatePubKey( ), 104
MyFunc_CreateTPMKey( ), 107
MyFunc_GetRandom( ), 116
MyFunc_WrapKey( ), 108
prototypes, 150-151
Tcsi_GetCapability( ), 149
Tcsi_OpenContext( ), 149
TSS, 323-331
TSS_buildbuff( ), 65
G–H
generating
CMKs, 249-253
internal RNG, 24-25
migratable keys, 34-35
random numbers, 183
groups
DAA, 260-269
delegation, 253-260
functions, 154-155
grub, 59
gSOAP tool, 152-154
hackers, 4-8
handoff procedures, 39
hard disks, 191-196
hardware, 243-247
hashed message authentication code (HMAC), 185, 243
headers, 147
helper programs, 193
hierarchies, keys, 103
HIPAA (Health Insurance Portability and Accountability Act), 181, 222-225
HMAC (hashed message authentication code), 185, 243
I
I/O encryption/decryption keys, 193
IBM libtpm package, 62
identification (secure)
biometrics, 218-220
COTS, 225
credit card endpoints, 211-213
delegation, 210-211
HIPAA compliance, 222-225
hoteling, 214-216
IP telephony, 226
IPSec, 226-227
login password storage, 208
multiple users, 213
network switches, 228-230
PKI, 216-218
service meters, 227-228
smart cards, 220-221
trusted endpoints, 221-222
virtual dongles, 221
VPN endpoints, 208-210
Identity Key objects, 330
indexes, 89-90
infrastructure, PKI, 207
integrity, platforms, 37-40
interfaces
NICs, 226-227
PKCS#11, 157
administration, 161
design, 162
migration, 169-178
openCryptoki design, 162-169
overview of, 158
RSA key restrictions, 159-160
tokens, 158-159
TCS, 145
TDDL, 45-46
TCG 1.1b specification, 47-50
TPM 1.2 specification, 50-58
Tspi, 79
internal random number generator (RNG), 24-25
Internet security, printing, 202
intranet security, printing, 201
IPSec, 226-227
IP telephony, 226
isolation of users, 23-24
J–K
kernels, 15
keyboards, 244-246
keys
architecture, 232
asymmetric, 19-22
Attestation Identity Key, 111
basic structure, 31
certificates, 235-237
content protection, 200-201
context objects, 80-81
EK, 29
endorsement, 216-218
group hard disk storage, 194-196
hierarchies, 103
I/O encryption/decryption, 193
identities, 23
IPSec, 226-227
leaf, 32
multiple user environments, 23-24
PKCS#11, 157-169
PKI, 207
Public, 183-191
recovery, 239-240
secure migration storage, 203-205
signing/verifying data, 97-99
storage, 95-97
TCS, 143
types of, 35-36
known public keys, sending files with, 190-191
L–M
Lagrande Technology (LT), 72
leaf keys, 32
libraries
functions, 321-322
TSP, 80-81
libtpm package (IBM), 62
linking to symmetric algorithms, 181-193
loading keys, 143
LoadSecureMigratableKeyBlob function, 322
local requests, 141
local service provider, TCS, 144-145
locking data to specific PCs, 198-199
login, password storage, 208
LT (Lagrande Technology), 72
MA (Migration Authority), 249
maintenance, 231-235
platform integrity, 39-40
SRK, 29-33
malicious programs. See adware; spyware; viruses
management. See administration
mask generation function 1(MGF1), 183
MaskedSymmetricKey, 186
measurements
dynamic root of trust, 71-72
platforms, 14-18
memory
DMA, 246
management, 94
messages
HMAC, 185
secure time reporting, 237-238
TCS, 150
meters, secure identification for, 227-228
MGF1 (mask generation function 1), 183
MigrateMigrationBlob command, 232
migration
authorization data, 239
blobs, 232
CMKs, 249-253
delegation, 210-211
PKCS#11, 169-178
SRK, 33
storage security, 203-205
Migration Authority (MA), 249
Migration Selection Authority (MSA), 249
migrationBlob, 204
military security solutions, COTS, 225
misconfigured programs, 7
models, usage, 21
modes, secret, 82-84
monotonic counters, 275
Monte Carlo routine, 25
MSA (Migration Selection Authority), 249
multiple signatures, privacy and, 41
multiple users
environments, isolation of users, 23-24
on single systems, 213
MyFunc_CreateAIK( ) function, 111
MyFunc_CreateKey Hierarchy( ), 116
MyFunc_CreatePubKey( ) function, 104
MyFunc_CreateTPMKey( ) function, 107
MyFunc_GetRandom( ) function, 116
MyFunc_WrapKey( ) function, 108
N
National Security Agency (NSA), 182
natural gas usage service meters, 227-228
networks
switches, 228-230
NICs (network interface cards), 226-227
non-migratable keys, 34-35
non-volatile data objects, 91
nonce, 17
numbers
generating, 183
internal RNG, 24-25
NVRAM, 270
commands, 271-272
non-volatile data objects, 91
O
OAEP (Optimal Asymmetric Encryption Padding), 128, 183, 239-240
Object Identifier (OID), 97
Object Independent Authorization Protocol (OIAP), 66
Object Specific Authorization Protocol (OSAP), 20, 66
objects
storage, 18-20
TSP, 79
context, 80-81
DAA, 92
delegation family, 92
encrypted data, 87
hash, 88-89
keys, 85-87
migratable data, 92
non-volatile data, 91
PCR composite, 89-90
policy, 82-85
TPM, 81-82
Tspi, 79
TSS functions, 323-331
offloading keys, TCS, 143
OIAP (Object Independent Authorization Protocol), 66
OID (Object Identifier), 97
openCryptoki, 162-169
optimal asymmetric encryption padding. See OAEP
OSAP (Object Specific Authorization Protocol), 20, 66
out parameters, 149-150
ownership, 66-67
P
Pacifica, 72
packages, IBM libtpm, 62
parsing errors, 5
PCRs (Platform Configuration Registers), 10, 37-39
behavior, 269-270
boot sequences, 15
composite objects, 89-90
passphrases, 193
standard meaning of, 60
TCS, 143
TPM commands, 295
trusted boot with static root of trust, 69-71
trusted display, 247
PCs (personal computers), 13
data specific to, locking, 198-199
hoteling, 214-216
sharing, 213
virtual dongles, 221
persistent key storage, TSS, 95-97
personal computers. See PCs
pharming, 7
phishing, 7
PKCS#11 (Public Key Cryptography Standard number 11), 157
administration, 161
design, 162
migration, 169-178
openCryptoki design, 162-169
overview of, 158
RSA key restrictions, 159-160
tokens, 158-159
PKI (Public Key Infrastructure), 207, 216-218, 236
Platform Configuration Registers. See PCRs
platforms
integrity, 37-40
reporting, 14-18
TSS, 94-95
Policy objects, 81-85
portable data, TSS, 94-95
portable security tokens, 15
ports, virtual dongles, 221
power management, 295
printing, 201-202
privacy
biometrics, 219
signatures, 41
TCS, 154-155
PRNGs (pseudo random number generators), 24
proof of locality, 75-76
IP, 226
IPSec, 226-227
OIAP, 66
SET, 212
SOAP, 277
Verified by VISA, 212
prototypes, 150-151
Pubek (public endorsement key), 65
Public Key Cryptography Standard number 11. See PKCS#11
Public Key Infrastructure. See PKI
public keys
control of, 35
files, 183-191
Q–R
queries, nonce, 17
quote operations, 89-90
random numbers, generating, 24-25, 183
recording boot sequences, 14-18
references, TSS commands, 303-313
registers, 91. See also PCRs
remote identification, 221-222
Remote Procedure Calls. See RPCs
remote requests, 141
reports
platforms, 14-18
time, 237-238
requests, TCS, 146-155
resources, managing, 142-143
restrictions, RSA keys, 159-160
return codes, TSS, 93-94
rights, DRM, 200
Rijndael keys, 190
RNG (random number generator), internal, 24-25
RPCs (Remote Procedure calls), 146
RSA keys, types of, 158-159
S
Sarbanes-Oxley Act, 181
scalability, 71
Schell, Roger, 9
secret mode, 82-84
secrets, types of, 84
sections, 151-154
secure boot, 17
Secure Electronic Transaction (SET) protocol, 212
Secure Hash Algorithm 1 (SHA-1), 15
secure identification
biometrics, 218-220
COTS, 225
credit card endpoints, 211-213
delegation, 210-211
HIPAA compliance, 222-225
hoteling, 214-216
IP telephony, 226
IPSec, 226-227
login password storage, 208
multiple users, 213
network switches, 228-230
PKI, 216-218
service meters, 227-228
smart cards, 220-221
trusted endpoints, 221-222
virtual dongles, 221
VPN endpoints, 208-210
Secure Virtual Machine, 72-74
security
applications, 9
backup/maintenance, 231-235
changing threats to, 4-8
content protection, 200-201
data to specific PCs, locking, 198-199
faxes, 202
hardware, 243-247
identities, 23
keys, 235
migration, 203-205
printing, 201-202
SRK, 29-33
TCS, 142
time reporting, 237-238
tokens, 15
TPM, 9-10
sending files, 183-191
sequences, boot, 14-18
service meters, secure identification, 227-228
service providers
TCS, 144-145
Tspi, 79
service section, 151-154
sessions, 277-278
SET (Secure Electronic Transaction) protocol, 212
SHA-1 (Secure Hash Algorithm 1), 15, 88-89, 97-99
Shamir, Adi, 41
sharing PCs, 213
shoulder surfing attack, 244
signing data, 97-99
sniffing email, 8
SOAP, 277
social engineering, 7-8
software. See applications
special keyboards, 244-246
spyware, 7
SRK (Storage Root Key), 23, 29-33, 296-298
stacks
secure migration storage, 203-205
TCS, 144
TSS, 77
static root of trust, trusted boot with, 69-71
status, platforms, 14-18
storage
backup facilities, 196-198
content protection, 200-201
data to specific PCs, 198-199
delegation of authority, 210-211
design, 18-22
flash, 91
group hard disks, 194-196
keys, 36
data sealing, 132-135
TSS persistent, 95-97
login password, 208
migration, 203-205
security, 181-193
Storage Root Key (SRK), 23, 29-33
stubs, gSOAP, 154
symmetric algorithms, 181-193
T
tables
delegation, 253-260
FAT, 185
TCB (trusted computing base), 71
TCG 1.1b specification, 47-50
TCG core service (TCS), 77
TCG device driver library (TDDL), 77
TCG service provider interface. See Tspi
TCG service provider. See TSP
TCG_HashLogExtendEvent, 60
TCG_PassThroughToTPM, 60
TCG_StatusCheck, 60
TCS (TSS Core Service), 141
binding section, 151
function prototypes, 150-151
gSOAP tool, 152-154
implementing, 145-152
in/out parameters, 149-150
messages, 150
overview of, 141-145
privacy, 154-155
service section, 151-154
Tcsi_EnumRegisteredKeys command, 285
Tcsi_GetCapability( ) function, 149
Tcsi_OpenContext( ) function, 149
TDDL (TCG device driver library), 45-46, 77
communication through, 62-66
TCG 1.1b specification, 47-50
TPM 1.2 specification, 50-58
telephony, IP, 226
Thompson, Michael, 9
threats, 4-8
tick counters, 276-277
tickets, 250
time of measurement, 71
time reporting, 237-238
tools
gSOAP, 152-154
TPM, 240
TPM (Trusted Platform Module), 3
administration, 231-240
applying, 9-10
Atmel 1.1b, 47
BIOS, 59-62
clearing, 63
configuring, 67
device drivers, 45-58
enabling, 63
functions, 321-322
hardware, 243-247
keys
creating hierarchies, 103
objects, 85-87
types of, 35-36
platform integrity, 37-40
smart cards, 220-221
SRK, 32
symmetric keys, 127-138
TDDL, 63-67
TDL, 62
trusted endpoints, 221-222
TPM 1.2 specification, 50-58
TPM_AuthorizeMigrationKey command, 194
TPM_ChangeAuthOwner command, 39
TPM_CreateMigrationBlob command, 194
TPM_CreateWrapKey command, 66, 194
TPM_EvictKey command, 66
TPM_GetCapability command, 64
TPM_LoadKey command, 66
TPM_PcrRead command, 65
TPM_Quote command, 199
TPM_ReadPubek command, 65
TPM_Reset command, 64
TPM_Sign command, 67
TPM_TakeOwnership command, 66-67
TPM_Unseal command, 67
tracking, 253-260
transactions, 212. See also credit cards
transport sessions, 277-278
troubleshooting SRK, 29-33
trusted computing base (TCB), 71
Trusted Computing Group Software Stack. See TSS
trusted endpoints, 221-222
trusted path, 243-247
Trusted Platform Module. See TPM
Tsci_Admin_TSS_MaxTimePerLocality command, 282
Tsci_Admin_TSS_SessionPerLocality command, 281
TSP (TCG service provider), 77, 79
context objects, 80-81
DAA objects, 92
delegation family objects, 92
encrypted data objects, 87
hash objects, 88-89
key objects, 85-87
migratable data objects, 92
non-volatile data objects, 91
PCR composite objects, 89-90
policy objects, 82-85
TPM objects, 81-82
Tspi (TCG service provider interface), 79
Tspi_Context_CloseSignTransport command, 278
Tspi_Context_GetRegisteredKeyBy-PublicInfo command, 286-287
Tspi_Context_GetRegisteredKeyByUUID command, 287
Tspi_Context_GetRegisteredKeyByUUID2 command, 287-288
Tspi_Context_RegisterKey command, 283
Tspi_Context_SetTransEncryptionKey command, 278
Tspi_Context_UnregisterKey command, 284
Tspi_Data_Bind_Bind command, 195
Tspi_Data_Unbind command, 195
Tspi_DecodeBER_TssBlob command, 289
Tspi_EncodeDER_TssBlob command, 288-289
Tspi_GetRegisteredKeyByUUID command, 285-286
Tspi_Key_CMKConvertMigration command, 252-253
Tspi_Key_CMKCreateBlob command, 250-251
Tspi_Key_MigrateKey command, 251
Tspi_Key_TPM_CMKApproveMA command, 252
Tspi_NV_DefineSpace command, 271
Tspi_NV_ReadValue command, 272
Tspi_NV_ReleaseSpace command, 271-272
Tspi_NV_WriteValue command, 272
Tspi_TPM_CheckMaintenancePolicy command, 282
Tspi_TPM_CMKSetRestrictions command, 250
Tspi_TPM_CreateMaintenanceArchive command, 236
Tspi_TPM_CreateRevocableEndorsement Key command, 279-280
Tspi_TPM_CreateTicket command, 252
Tspi_TPM_DAA_ARDecrypt command, 268-269
Tspi_TPM_DAA_IssueInit command, 266
Tspi_TPM_DAA_IssuerKeyVerification command, 265
Tspi_TPM_DAA_IssueSetup command, 265-266
Tspi_TPM_DAA_JoinCreateDaaPubKey command, 263
Tspi_TPM_DAA_JoinInit command, 262-263
Tspi_TPM_DAA_JoinStoreCredential command, 264
Tspi_TPM_DAA_RevokeSetup command, 268
Tspi_TPM_DAA_Sign command, 264
Tspi_TPM_DAA_VerifyInit command, 267
Tspi_TPM_DAA_VerifySignature command, 267
Tspi_TPM_Delegate_AddFamily command, 255
Tspi_TPM_Delegate_CacheOwnerDelegation command, 257
Tspi_TPM_Delegate_CreateDelegation command, 257
Tspi_TPM_Delegate_GetFamily command, 256
Tspi_TPM_Delegate_InvalidateFamily command, 256
Tspi_TPM_Delegate_ReadTables command, 259-260
Tspi_TPM_Delegate_UpdateVerification-Count command, 258
Tspi_TPM_Delegate_VerifyDelegation command, 259
Tspi_TPM_GetAuditDigest command, 274
Tspi_TPM_GetRandom command, 195
Tspi_TPM_KeyControlOwner command, 284-285
Tspi_TPM_KillMaintenanceFeature command, 237
Tspi_TPM_ReadCurrentCounter command, 275
Tspi_TPM_ReadCurrentTicks command, 276
Tspi_TPM_RevokeEndorsementKey command, 280-281
Tspi_TPM_SetOrdinalAuditStatus command, 273
Tspi_TPM_TickStampBlob command, 276-277
TSS (Trusted Computing Group Software Stack), 77
commands, 303-313
functions, 323-331
PKCS#11. See PKCS#11
TSS Core Service. See TCS
TSS_buildbuff( ) function, 65
TSS_Data_Bind command, 195
TSS_Data_Unbind command, 195
TSS_TPMSTATUS_MAINTENANCEUSED flag, 237
types element, 148
U–V
upgrading, 231
usage models, 21
users
isolation of, 23-24
multiple, 213
utility functions, keys, 104, 107
utilization, TCS, 145-152
validation data structure, TSS, 101-102
Verified by VISA protocol, 212
verifying data, 97-99
virtual dongles, 221
virtual private networks. See VPNs
viruses, 7
VOIP (voice over IP), 207
VPNs (virtual private networks), 208-210, 226-227
vulnerable programs, 5-6
W–Z
water usage service meters, 227-228
writing
code, 145
TPM device drivers, 45-58
WSDL (Web Services Description Language), 145-152