You are here: Resources > FIDIS Deliverables > HighTechID > D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management > 

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Trusted Computing beyond the TCG Specifications  Title:
 Supporting Technologies: Virtualization


Operating Systems Support and Secure Platforms

Microsoft Next Generation Secure Computing Base (NGSCB)

Microsoft Corporation ( is an Initial Promoter Member of the TCG. Microsoft planned to integrate in their latest operating system, Windows Vista, (formerly known as Longhorn) security features based on a new software architecture named Next Generation Secure Computing Base (NGSCB) [77]. It would provide native support for TCG 1.2 compliant TPM hardware including TPM management features and TPM based file and folder encryption. Older TPM versions will only be supported through third party TSS implementations.

Originally, Windows Vista was designed in a way to contain a security kernel, named Nexus, which aims at providing a secure computing base that runs in parallel to the regular Windows environment. This enables the execution of traditional Windows software and Nexus security enhanced software. Nexus would provide features such as strong process isolation, sealed storage which enables applications to lock information so that it can only be accessed by themselves and a secure path to and from the user by providing secure channels from the keyboard or mouse to the Nexus enhanced application and from the Nexus enhanced application to the screen. It also offers attestation that provides assurance to third parties that a piece of data has been created and signed by a secure application. In order to provide these features, Microsoft’s NGSCB extended the features defined in the TCG Specifications including changes to secure booting, hardware like memory controllers and CPUs to enable strong process isolation and changes to input and output devices that enable a secure path from and to the user.

However, in May 2004, Microsoft decided to reconsider the security features of NGSCB, and Windows Vista was release without most of them. The security features are expected to available in the next years. However, Vista still includes the “BitLocker” which makes use of TPM to provide secure boot and hard disk encryption. In the same context, Microsoft’sSingularity Project” is an ongoing attempt at providing isolated processes for security and reliability [142].


Trusted Computing beyond the TCG Specifications  fidis-wp3-del3.9_Study_on_the_Impact_of_Trusted_Computing_on_Identity_and_Identity_Management_v1.1.sxw  Supporting Technologies: Virtualization
13 / 38