|
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices. TPM's technical specification was written by a computer industry consortium called Trusted Computing Group (TCG). International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009. TCG continues to revise the TPM specification. It published revision 116 of the version 1.2 of TPM specification on March 3, 2011,〔(【引用サイトリンク】title=Trusted Platform Module (TPM) Specifications )〕 while the draft revision 1.07 of the version 2.0 of TPM specification was published for public review on March 13, 2014 as a library specification that provides updates to the previously published main TPM specifications. Trusted Platform Module Library Specification Revision 01.16 was released in October 2014 as the latest TPM 2.0 release.〔(【引用サイトリンク】title=Trusted Platform Module Library )〕 ==Overview== Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator.〔(【引用サイトリンク】 url = http://arxiv.org/abs/1008.2223 )〕 It also includes capabilities such as remote attestation and sealed storage, as follows: * ''Remote attestation'' creates a nearly unforgeable hash key summary of the hardware and software configuration. The program hashing the configuration data determines the extent of the summary of the software. This allows a third party to verify that the software has not been changed. * ''Binding'' encrypts data using TPM bind key, a unique RSA key descended from a storage key. * ''Sealing'' encrypts data in a similar manner to binding, but in addition specifies a state in which TPM must be in order for the data to be decrypted (unsealed). Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution. However even where a TPM is used, a key would still be vulnerable while a software application that has obtained it from TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack. This problem is eliminated if key(s) used in TPM are not accessible on a bus or to external programs and all encryption/decryption is done in TPM. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Trusted Platform Module」の詳細全文を読む スポンサード リンク
|