With a TPM, one can be more certain that artifacts necessary to sign secure email messages have not been affected by software attacks. For example, if at boot time it is determined that a PC is not trustworthy because of unexpected changes in configuration, access to highly secure applications can be blocked until the issue is remedied (if a policy has been set up that requires such action). And mission critical applications requiring greater security, such as secure email or secure document management, can offer a greater level of protection when using a TPM. Processes that need to secure secrets, such as digital signing, can be made more secure with a TPM. TPM can store pre-run time configuration parameters, but it is other applications that determine and implement policies associated with this information. However, it is important to understand that TPM cannot control the software that is running on a PC. If the configuration of the platform has changed as a result of unauthorized activities, access to data and secrets can be denied and sealed off using these applications. These applications make it much harder to access information on computing devices without proper authorization (e.g., if the device was stolen). A variety of applications storing secrets on a TPM can be developed. The nature of hardware-based cryptography ensures that the information stored in hardware is better protected from external software attacks. Trusted modules can be used in computing devices other than PCs, such as mobile phones or network equipment.
0 kommentar(er)
