Trusted Computing Group Announces Trusted Software Specification, Makes Framework for Trusted Storage Available

SAN JOSE, Calif.--(BUSINESS WIRE)--Feb. 13, 2006--

TCG Members Also Show First Demonstration of Trusted Network Connect Using the Trusted Platform Module

The Trusted Computing Group (TCG), whose open building blocks will result in the shipment of more than 50 million trusted systems in 2006(1), today announced it has released a software specification to enable the development of applications for systems using the Trusted Platform Module 1.2.

The group also announced a set of detailed use cases as a framework for trusted storage, with a trusted storage specification to enable products anticipated for release the first half of this year.

Also at the RSA Conference, in Booth 1411, TCG will demonstrate for the first time the Trusted Network Connect (TNC) endpoint integrity verification using the Trusted Platform Module (TPM). The TPM, which is embedded into a client PC, serves as a root of trust that is used by Trusted Network Connect components to verify the client platform against pre-set security policies and grant or deny network access based on compliance with those policies. Because the TPM is tamperproof, network administrators can be assured that the clients connecting are in the desired state and are authorized to connect.

TCG Trusted Software Stack

TCG has released the TCG Trusted Software Stack 1.2. The specification enables development of applications to access features of the TPM 1.2. These important security features include direct anonymous attestation, the ability to run and generate a new Attestation Identity Key, and many others. For more information on the TPM 1.2, see https://www.trustedcomputinggroup.org/groups/tpm/ TPM_1_2_Changes_final.pdf. (Due to its length, this URL may need to be copied/pasted into your Internet browser's address field. Remove the extra space if one exists.) A number of TCG members already support the TPM 1.2 with applications based on preliminary specifications and others are anticipated for release in the coming months. For more details on the software specification, go to https://www.trustedcomputinggroup.org/faq/TSS_1.2_FAQ.

Trusted Storage

TCG also is announcing a framework for trusted storage. TCG's planned specification, based on this initial framework, will help ensure that permanent storage devices such as hard disk drives, flash memory drives, optical drives and digital tape drives are trustworthy to prevent data misuse, theft or loss.

The newly available use cases document, available at https://www.trustedcomputinggroup.org/groups/storage/, outlines seven potential applications for trusted storage:

-- Enrollment and connection for a trusted relationship between the storage device and the host

-- Protected storage for storing sensitive data

-- Locking and encryption to mate a storage device and host and for encrypting stored data at rest

-- Logging, for forensic purposes

-- Cryptographic services supporting a variety of security functions

-- Authorizing storage device feature sets to host applications for trusted and exclusive use

-- Secure download of firmware

TCG has worked closely with storage industry standards bodies to ensure the appropriate commands are supported in SCSI and ATA interfaces and protocols.

Trusted Network Connect

TNC is an open, non-proprietary standard that enables the application and enforcement of security requirements for endpoints connecting to the corporate network. The TNC architecture helps IT organizations enforce corporate configuration requirements and to prevent and detect malware outbreaks, as well as the resulting security breaches and downtime in multivendor networks. More than 60 of TCG's members have contributed to the first TNC specifications, which have been available since mid-2005. Several companies now ship products to support the specifications, and others are planning to ship products this year.

About TCG

TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft.

More information and the organization's specifications are available at www.trustedcomputinggroup.org.

Brands and trademarks are the properties of their respective owners.

(1) Endpoint Technologies report 2005