Controllability: Each owner should have effective choice and control over the use and operation of the TCG-enabled capabilities that belong to them their participation must be opt-in. Portability of data: Deployment should support established principles and practices of data ownership. Furthermore, implementations and deployments of TCG specifications should not introduce any new interoperability obstacles that are not for the purpose of security. Interoperability: Implementations and deployments of TCG specifications should facilitate interoperability. This includes, but is not limited to, the OECD Guidelines, the Fair Information Practices, and the European Union Data Protection Directive (95/46/EC). Privacy: TCG-enabled components should be designed and implemented with privacy in mind and adhere to the letter and spirit of all relevant guidelines, laws, and regulations. The reporting mechanism should be fully under the owner’s control. Security: TCG-enabled components should achieve controlled access to designated critical secured data and should reliably measure and report the system’s security properties. The principles that TCG believes underlie the effective, useful, and acceptable design, implementation, and use of TCG technologies are the following: In May, the Trusted Computing Group published a best practices document: “ Design, Implementation, and Usage Principles for TPM-Based Platforms.” Written for users and implementers of TCG technology, the document tries to draw a line between good uses and bad uses of this technology. I wrote about it back when Microsoft called it Palladium.) (Ross Anderson has an excellent FAQ on the topic. The same system that ensures that all the patches you download are legitimate might also prevent you from, well, doing pretty much anything. The same system that protects spyware from accessing your data files might also stop you from copying audio and video files. 
The same system that prevents worms and viruses from running on your computer might also stop you from using any legitimate software that your hardware or operating system vendor simply doesn’t like. This sounds great, but it’s a double-edged sword.
Applications can run securely on the computer, can communicate with other applications and their owners securely, and can be sure that no untrusted applications have access to their data or code. The basic idea is that you build a computer from the ground up securely, with a core hardware “root of trust” called a Trusted Platform Module (TPM). They have a lot of members, although the board of directors consists of Microsoft, Sony, AMD, Intel, IBM, SUN, HP, and two smaller companies who are voted on in a rotating basis. The Trusted Computing Group (TCG) is an industry consortium that is trying to build more secure computers.
0 kommentar(er)
