Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management
 |
Title: EXISTING USES CASES AND FUTURE SCENARIOS |
 |
Existing Uses Cases and Future Scenarios
DRM
Digital Rights/Restrictions Management (DRM) refers to several concepts to restrict arbitrary use of data and to limit it to accordance with a certain defined policy [136]. TPMs provide functionality that can be used by implementations of DRM systems.
Since DRM technologies are considered by many as the most prominent use case of TC technologies, we shortly describe in the following the main types of DRM
The following types of DRM and how TPMs can be of use will be outlined: DRM in companies or administration, DRM for personal files, DRM for media files, and DRM for software products.
DRM in companies or administration
In companies (or administration), customer data can be protected using DRM. As one example, EPAL [137] (Enterprise Privacy Authorization Language) offers a mechanism to tag data with a policy that defines what processing is allowed or interdicted. Provided that the company’s system enforces such policies, this results in a higher level of privacy protection. For an effective enforcement, Trusted Platforms could be valuable.
Using TC, a company’s IT department can also detect when a PC’s configuration got changed. A PC detected as compromised could then be excluded from company network communication until system administration had a closer look at it. This would protect the data from attackers within a company.
Apart from protecting customers’ privacy, this could also help against other sensitive company information leaking to unwanted targets. Using the cryptographic support of a TPM, even in case a file leaked outside a company, it would still be protected against unauthorised reading. Incidents such as an employee selling customer data to spammers [138], would become more unlikely.
Critics argue that freedom of press [139] would be affected, as it would also be nearly impossible to discover misbehaviour of a company or administration through leaked information.
In case the whole infrastructure of Trusted Platforms of a country would be controlled by its government like within a company, independent information from the Internet could be made unavailable by defining a policy that allowed only content to be opened that has already been tagged by a certain government authority.
Currently, Trusted Platforms has become common. The TCG industry consortium is pushing it into the market. The Article 29 Data Protection Working Party of the EU in its Working Document concludes, that “the use of TPM […] is likely to become a de facto standard, a necessary feature to participate in the information society. This could have consequences not only in the field of data protection, but also regarding other human rights aspects such as the freedom of speech.” [128]
| |
   |
|
| 19 / 38 |
