A Trusted Platform Module (TPM) is a specialized chip on an endpoint device
that stores RSA encryption keys specific to the host system for hardware authentication.
Each TPM chip contains an RSA key pair called the Endorsement Key (EK). The pair is maintained
inside the chip and cannot be accessed by software. The Storage Root Key (SRK) is created when a
user or administrator takes ownership of the system. This key pair is generated by the TPM based on
the Endorsement Key and an owner-specified password.
A second key, called an Attestation Identity Key (AIK) protects the device against unauthorized
firmware and software modification by hashing critical sections of firmware and software before
they are executed. When the system attempts to connect to the network, the hashes are sent to a
server that verifies that they match expected values. If any of the hashed components has been
modified since last started, the match will fail, and the system can not gain entry to the
network.
TPM chips can be used with any major operating system
and work best in conjunction with other security technologies such as firewalls, antivirus software,
smart cards and biometric
verification.
The term TPM is sometimes used in reference to the set of specifications applicable to TPM
chips.
- Blogger Comment
- Facebook Comment
Subscribe to:
Post Comments
(
Atom
)
0 comments:
Post a Comment