TCG Starts Trusted Platform Module Certification

Trusted Computing Group, an industry standards body formed to develop, define, and promote open
standards for trusted computing and security technologies, including
hardware building blocks and software interfaces, across multiple
platforms, peripherals, and devices, announced a certification program to ensure that implementations of its specifications are complete and consistent.

The program initially will focus on implementations of the Trusted Platform Module, or TPM, which is the core of the TCG’s security architecture for PCs and other computing devices. The TPM is used in millions of PCs, servers and embedded systems to secure passwords, digital keys and certificates used to protect data, email and networks.

TCG’s certification program is being established to demonstrate security and correctness of specification implementations. By participation in the certification program, manufacturers and developers of TCG-based products, such as PCs and laptops, give buyers an easily identifiable way to ensure consistency, interoperability and security of products.

“In addition to assuring compliance of the widely sold TPMs, which is important for PC vendors and application providers, the TCG Certification now also tests products according to a defined security level, thus providing users with trust in a secure implementation,” said Thomas Rosteck, vice president and general manager at Infineon Technologies and TCG director. “Assuring a certain security level is standard in other industries and the basis for many security sensitive applications. Evaluated by an independent security lab, the documented security level will allow for data transactions and data storage in PC-based applications that are better protected and therefore more secure without trade-offs in convenience and efficiency. Infineon plans to have its TPM certified according to the TCG certification program.”

The TPM certification program includes a security evaluation requirement, based on third-party security evaluation using the established international Common Criteria framework1 and a compliance testing requirements based on test suite tools developed by TCG.

The group expects to offer certification for products using Trusted Network Connect specifications later this year.

TCG and Members Demonstrate Trusted Enterprise and Push Adoption; Final Core Storage Specification Available

At RSA, TCG members were demonstrating a number of widely available products to secure clients, data and networks. These products, which are based on TCG specifications and provide users with interoperable solutions, include self-encrypting drives, services to enable strong authentication and data protection, and equipment and applications for protecting networks against infected or unauthorized users or clients.

TCG also announced it has formed two subgroups to help foster further adoption of self-encryption drives and network security based on the Trusted Network Connect framework.

The group also made available the final Storage Architecture Core Specification. The specification was previously introduced as a draft to the storage industry and has now been finalized. This specification provides details about how to implement and utilize trust and security services on storage devices.