A Windows PC used to have a really horrendous security hole. The password needed to access a password-protected PC was held in clear text. It wasn't encrypted. Now, because Microsoft and PC manufacturers are members of the TCG, the Trusted Computing Group, its passwords can be stored in an encrypted state inside a special chip, the trusted platform module or TPM.

This module cannot be accessed by users, or hackers, and its contents cannot be read. Toshiba notebooks and other desktop systems using the TPM now come with a range of extra supplier software that can be used to enable the user to provide an encrypted environment such that were the PC lost or stolen then its secured contents cannot be read. The sensitive data is safe.

The idea is to hold identity management data in encrypted form and have it validated by special hardware and software. This can only be done by spcial hardware as software alone can be cracked.

With the TPM, files that are encrypted using a key will have the key stored in the TPM. When a user wants to decrypt or encrypt information he or she has to enter the key. Windows sends it to the TPM which validates it and, if valid, lets the user carry out the required operation.

If the computer is stolen then the encrypted file can be accessed but its contents are nonsense because the key needed to decrypt it cn't be obtained.

Dell, HP, IBM, Toshiba, and Fujitsu, Gateway and Acer have annouced products that have the TPM security hardware inside them. Various softare houses, such as Wave, build software applications that run on these systems to do things such as bulk encryption, single sign-on, and TPM management.

Every PC made should have TPM facilities by 2008/2009.

Trusted Computing Group
The Trusted Computing Group is, like the SNIA, a group of volunteers from vendors who produce specifications and requirements for trusted computers and intelligent devices. The group is sectioned into workgroups for different aspects of building a trusted computer environment. There are more than 100 members of the TCG. Informatio about members, specifications and products can be gleaned from the TCG web site.

The TPM facilities require users to do something. Security requires an active user. Like a householder who leaves windows open, a PC user who leaves Windows open is inviting break-in and theft.

The user has to do something to secure the device. But the user doesn't have to buy anything. The TPM hardware and allied software are, or will be, delivered with the notebook computer, PC, or Seagate FDE (full drive encryption) Momentus drive.

With the Momentus a user can set up an encrypted secure vault that just cannot be read by anyone unless they have the correct key. It is likely that other drive vendors will follow suit.

There are procedures and tools to use to migrate a trusted environment from one device to another or to backup keys.

Access control
TCG technology can be added to network end-points so that they can be validated before being allowed to access network facilities. We might expect TPMs to appear in, for example, mobile phones and external drives. The whole idea is a natural for storage devices such as notebook and PC drives, both internal and external.

It's not clear yet how this trusted environment idea will develop. But we might envisage tape drives employing the technology. Even USB drives might use it. Secure storage is a hot topic. Suppliers can email [email protected] to find out how to join the TCG. We'd encourage them to do so.