At the Trusted Cyber Collaboration Workshop, experts from Infineon, Wave Systems, HP, Wave Systems and Asguard Networks addressed a number of trending security issues and the role of trust in helping solve them.
John Fitzgerald of Wave Systems addressed a commonly asked question for TCG: how to use the TPM. In this case, the TPM acts as a virtual smart card. Why use the TPM for this application?
Fitzgerald notes that passwords are easy to break and complex to manage, as well as expensive. Poor passwords are a leading factor for breaches. Multi-factor authentication is stronger, but there are many choices and expensive and complex to manage as well. In fact, costs can be up to $150 per user, according to Gartner.
The TPM is included in enterprise PCs and can be turned into an inexpensive and more easily managed smart card. It’s tied to the platform and can’t be lost. Its hardware root of trust offers strong authentication and allows only known users and known devices to access enterprise systems and data. TPMs in systems with Windows 7, 8 and 8.1 can be used as virtual smart cards.
Learn more about using TPMs as smart cards here and more about TPMs in general here, https://trustedcomputinggroup.org/?e=category.solutionDetail&urlpath=authentication&resource_category_id=8#nav_jump.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.