Trusted Platform Module FAQs

Q. What is a Trusted Platform Module?
A. A Trusted Platform Module (TPM) is a microcontroller located on the motherboard of a PC that stores passwords, digital certificates and cryptographic keys. In addition to storage, the chip can securely generate or limit the use of keys for signing and verification, as well as encryption and decryption.

Capabilities of the TPM include remote attestation, which creates an unalterable summary of the hardware, boot and host operating system configuration to enable a third party to verify software has not been tampered with. Other capabilities include sealing encrypted data so that it can only be decrypted in the same state.

Because information stored within the security chip is protected by hardware, it is made more secure from external software attacks and physical theft. Critical applications such as e-mail, authentication to the network and web access are thereby more secure. TPMs can also be used to authenticate a PC as each chip is unique to the PC on which it is housed.

All TPM chips must conform to the industry specifications that the Trusted Computing Group developed to enable open development.

Q. Who manufactures Trusted Platform Modules?
A. Manufacturers include Atmel, Broadcom, Infineon, STMicroelectronics, Winbond and Sinosun.

Q. Does Wave manufacture Trusted Platform Modules?
A. No. Wave provides the client and server software to enable enterprises to harness the numerous capabilities of the TPM chip. Wave has licensing agreements with several manufacturers of TPMs, motherboards and PCs to bundle versions of its flagship EMBASSY Trust Suite software on these devices. Wave’s EMBASSY software is compatible with all the leading TPM chips on the market today.

Q. Which OEMs offer systems with Trusted Platform Modules?
A. Desktop and notebook PCs with TPMs are available from Dell, Gateway, Lenovo, HP, Intel, Toshiba, Fujitsu and others. Wave software is included on versions of systems from Intel, Dell and Gateway.

Q. How do I know if I have a Trusted Platform Module?
A. To verify that your computer has a TPM, you can go into the BIOS and check using instructions from your PC manufacturer. You can also go to the PC manufacturer’s website and search for the product in question to find out if the TPM is built into the motherboard.

Q. How many TPM chips have been deployed?
A. Industry analysts estimate that in excess of 50 million PCs bearing a TPM chip had been deployed globally throughout 2006. An additional 100 million TPM-enabled PCs are projected to ship during 2007, with further acceleration in shipments anticipated for 2008.

Q. What applications benefit from systems with TPMs?
A. TPMs offer improved security for data encryption, network access control, Virtual Private Network (VPN) and Private Key Infrastructure (PKI) authentication, as well as wireless network authentication.

Q. Will the TPM send my private information to third parties without my knowledge?
A. No. The TPM is meant to protect passwords, encryption keys, certificates and other sensitive data such as biometric information, maintaining privacy for each individual user who is enabled to use the TPM on that system. Any time the TPM is accessed by a software request, you should be prompted for your user access password that you created during initialization so that you will know when an application is interacting with the TPM. There is no inherent functionality in the TPM to periodically send information to a third party, such as a government agency or your company’s IT department.

Q. What should be done to address the management and recovery of enterprise PCs equipped with TPMs?
A. With the proliferation of PCs containing Trusted Platform Modules, the management and recovery of these platforms could prove to be a formidable challenge if not addressed. Enterprises may need to access former employees’ encrypted data or keys secured within the TPM for disaster recovery purposes. Wave’s EMBASSY server products, including EMBASSY Key Management Server and EMBASSY Remote Administration Server, enable the archival and recovery of TPM keys and address the remote management capability for TPM systems.

Q. Where can I learn more about Trusted Platform Modules?
A. The Trusted Computing Group’s website, www.trustedcomputinggroup.org, is an excellent resource. Wave is a founding member of the industry consortium and is represented on the group’s board of directors.

Trusted Computing Links