Infrastructures for Trusted Computing Smart Cards – Intelligent Readers The Role of Trusted Peripherals Industry Leader in Trusted Systems and Services Lark M. Allen Wave Systems Corp. [email protected]
Infrastructures for Trusted Computing
Smart Cards – Intelligent ReadersThe Role of Trusted Peripherals
Industry Leader in Trusted Systems and Services
Lark M. AllenWave Systems [email protected]
The Evolving Digital Infrastructure
Processing (PC)Time
Connectivity (Internet)
Access (WWW)
Trust/SecurityTrust/SecurityTrust/SecurityWeb ServicesWeb ServicesWeb Services
Trusted Computing Initiatives
MicrosoftNGSCB) Palladium
SmartCards
IntelLaGrande
CellPhones
Set TopBoxes
GamingPlatforms TCPA
FinRead
Trust Infrastructures – Open, Shared
! Open, Programmable and Interoperable TrustRequired for Internet Devices
!! OpenOpen, ProgrammableProgrammable and Interoperable TrustInteroperable TrustRequired for Internet Devices
USER
Cards / Tokens/Authentication
" Smart Cards" Biometrics" SecureID" Passwords" PINs" Passport/Liberty" X509 Cert Auth." Registration Auth.
User Devices
" Cell Phones" Trusted Readers" FINREAD/GTI" PDAs" Wireless Devices" Merchant
Terminals" Access Devices
Platforms /Peripherals /
Consumer Electronics" PC" Set Top Box" Cable Modems" Keyboards/Input" Storage Devices" Output-TV/Prntrs" Graphics Cards" Receivers, Players" DTLA
Applications /Services /Software
" OS / Boot" Applications" Certified Applets" Digital Signatures" Firmware " Web Agents" Authenticode" CDSA
Data / DRM /Media Streams
" DRMs" 5C / DTCP" MHCP/DVI" Conditional Access" SDMI" Watermarking" DeCSS
�Incredibly secure and trustworthy computer systems exist today, but they are largely independent, single-purpose systems that are meticulously engineered and then isolated.�
Craig MundieSVP, CTOMicrosoft
Trust and the Platform
Trusted Hardware
PC Hardware
BIOS Firmware
Operating System
System Services
Applications
User Services # Security at any layer can be defeated by accessing the next lower layer
# Trusted Computing requires security hardware as the foundation for platform security
# Plus security enablement features in each layer
User
KernelPrograms
CD-RDVD-R
Trusted Computing – Platform Design
VideoCapture
MainMemory
NIC
Network
SIC
KeyboardGraphicsCard
Motherboard
# Trusted Peripherals# Secure Channels
T
T
T
TT
# Trusted
Systems Design – End to End Solutions
# Untrusted
T
T
T
TT
# Trusted
UU
#Trusted devices or components can communicate securely over untrusted networks
#Trusted devices or components can communicate securely over untrusted networks
# Untrusted devices cause the result to become untrusted
# Untrusted devices cause the result to become untrusted
Trusted Peripherals - FinRead
" FinancialTransactions
EmbeddedTrustedClient
Processor
Secure Display
Secure Input
Secure� Processing� Storage� Java
Strong Cryptography
" EU Finance Industry Spec
" Java Support-Finlets
" Multi-factor Authentication
" Keyboards, smart card readers, cell phones
Authentication: Role of Trusted Peripherals■ Extending the trust boundary creates a strong
foundation for trusted interactions■ Extending the trust boundary creates a strong
foundation for trusted interactions
INTERNET(VPN)
INTERNET(VPN)
PHYSICALWORLD
DIGITALWORLD
IDENTITY CREDENTIALS /PASSWORDS
ServerTrusted
Trusted
AUTHENTICATION
PC Client
TrustedUntrusted Trusted
Trusted Systems Eco System
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TCPA EMBASSY LeGrande Palladium
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TrustInfrastructure
Trusted Platforms, Tokens and Peripherals
Trusted Services and Applications
- EMBASSY - TCPA - Palladium
PC MotherboardsKeyboardsSmart Card
Readers
Platform SecurityContent ProtectionUser AuthenticationDigital SignaturesAccess Control Premium ServicesDist. Transactions
Life Cycle Management# Trusted Applications# Trusted Hardware
TCPA EMBASSY LeGrande Palladium
Evolution of Trust Infrastructures
!Closed!Centralized!Dedicated!Isolated!Unmanaged!Static
!Open!Distributed!Shared Multi-party!Interconnected!Managed!Dynamic
Why Open, Multi-Party Trust?Va
lue
of T
rust
ed S
ervi
ces
TCPA/TPM TrustedPeripheral
Palladium
W/O TrustInfrastructure
With TrustInfrastructure
Trust Infrastructure Functions" Life Cycle Management of Trust
" Hardware" Software / OS / Applications
" Dynamic Services Mgmt." Source of Trust
StrongAuthentication
ContentProtection Services
Delivery
E-CommercePrivacy
Protection
PlatformSecurity(TCPA)
SecureVPNs &
Peer-Peer
Digital Signatureand eSign
DistributedTransactions
Applications
Trusted Operating System
Trusted Hardware Components
Trust Infrastructure
Key Management
Trusted Web Services
Summary
"Trusted Identity requires trusted tokens and trusted peripherals
"Cards provide portability, rights, credentials"Readers provide expanded storage, processing, and secure I/O
"Trusted Computing initiatives are driving a new generation of open trust infrastructures"End result: development and delivery of families of robust trusted Webservices