When All Platforms Are Trusted Platforms

This section aims to emphasize how Trusted Platform technology is appropriate for all computing platforms. After a brief discussion of laptops, PDAs, and servers, it introduces how an IT infrastructure where all platforms are Trusted Platforms would deliver the full vision of trusted platform technology.

It is very likely that different types of Trusted Platform—and not just Trusted PCs—would form part of a future global computing infrastructure.

Different Types of Trusted Platforms

As discussed already, the generic TCPA specification applies to a wide range of computing platforms including servers, appliances, and cell phones. In particular, the identity creation and usage, reporting mechanisms, etc., can be applied in an analogous way to different types of platforms, although the details for the integrity measurement have not yet been considered for these types of platforms.

Potentially, there can be different types of Trusted Platforms, for which different types of services would be more appropriate. The following are some examples.

PC

A PC would be connected to the network 24 hours a day. It could be connected either to the home network, the Internet, or the intranet in the office. The short-, middle-, and long-term functionalities of Trusted Platforms are targeted at PC deployment. The first target environment would most likely be a corporate one, with provision for protection of sensitive data, identification of corporate platforms, and verification of corporate system configurations.

Server

A server is likely to be running in a corporate environment 24 hours a day. A trusted server could have the benefits of protection of sensitive data, greater trustworthiness for those wishing to use the server, and an enhanced relationship with individual client platforms (for example, with better authentication, verification of their configurations, remote management services, etc.). While the initial focus of TCPA has been on the PC/client, the potential for such technology when applied to servers is huge. Because servers are generally the hubs of business-critical servers, the need for such enhanced security mechanisms is probably greater than for the PC.

Laptop

A laptop could be standalone, with the potential of being connected to one or more intranets and possibly also to the Internet. Even in the standalone case, a trusted laptop platform would provide better built-in protection of data on the platform, which would be particularly useful due to the pervasive risk of theft of the laptop.

For connected laptops, a secure dial-in service could be provided, by which the physical platform identity would be checked and there would be the possibility to check that this was in the approved corporate (or governmental) software configuration. This would help prevent software hackers from dialing in to a company from unauthorized hardware running hacking software and penetrating the company's intranet.

PDAs

Personal digital assistants (PDAs) are small, lightweight, portable PCs with restricted functionality. They were traditionally standalone but are increasingly being connected to intranets and the Internet. To enable PDAs to become the ultimate personal portal to a connected environment, they must be able to connect to a corporate network and to the Internet. There is no difference today between a corporate PDA and a home-user PDA.

Ubiquitous Trusted Computers

Trusted Platforms could become fundamental to a global computing infrastructure for the following reasons:

• As already considered, a low-cost approach is necessary for ubiquity and this is what TPs provide. Furthermore, ubiquity and standardization are necessary for a global infrastructure.

• Total security is impossible or not necessarily practical over a wide range of situations. Instead, it is necessary to solve a less serious problem, which is that of providing technology to enhance trust so that users will use services without fear of consequences.

• Trusted Platform technology can be applied to mobile and changing environments. The TCPA specification brings new functionality to client platforms such as PCs, mobile phones, and PDAs. The potential of TCPA will be released in phases, because some features require more supporting software and infrastructure than others.

• Companies improve their performance by stronger collaboration with their customers, suppliers, or partners. This requires dynamic IT relationships between organizations. Sharing data and IT resources in this way is dangerous, yet it is likely that future trusted interactions will increasingly need to be established “on the fly” with a high level of assurance that the risk involved is limited. Such a vision requires platforms with built-in security capabilities; a critical foundation of those security capabilities are the Trusted Platform functionalities of data protection, platform integrity, and platform identity, which are discussed in Chapter 3.

• Finally, the long-term benefits of Trusted Platforms discussed above involve a distributed infrastructure.