You are here: Resources > FIDIS Deliverables > HighTechID > D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management > 

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Application Areas  Title:
 DRM for personal files


Existing Uses Cases and Future Scenarios


Digital Rights/Restrictions Management (DRM) refers to several concepts to restrict arbitrary use of data and to limit it to accordance with a certain defined policy [136]. TPMs provide functionality that can be used by implementations of DRM systems.  

Since DRM technologies are considered by many as the most prominent use case of TC technologies, we shortly describe in the following the main types of DRM 

The following types of DRM and how TPMs can be of use will be outlined: DRM in companies or administration, DRM for personal files, DRM for media files, and DRM for software products. 

DRM in companies or administration

In companies (or administration), customer data can be protected using DRM. As one example, EPAL [137] (Enterprise Privacy Authorization Language) offers a mechanism to tag data with a policy that defines what processing is allowed or interdicted. Provided that the company’s system enforces such policies, this results in a higher level of privacy protection. For an effective enforcement, Trusted Platforms could be valuable. 

Using TC, a company’s IT department can also detect when a PC’s configuration got changed. A PC detected as compromised could then be excluded from company network communication until system administration had a closer look at it. This would protect the data from attackers within a company. 

Apart from protecting customers’ privacy, this could also help against other sensitive company information leaking to unwanted targets. Using the cryptographic support of a TPM, even in case a file leaked outside a company, it would still be protected against unauthorised reading. Incidents such as an employee selling customer data to spammers [138], would become more unlikely. 

Critics argue that freedom of press [139] would be affected, as it would also be nearly impossible to discover misbehaviour of a company or administration through leaked information.

In case the whole infrastructure of Trusted Platforms of a country would be controlled by its government like within a company, independent information from the Internet could be made unavailable by defining a policy that allowed only content to be opened that has already been tagged by a certain government authority.  

Currently, Trusted Platforms has become common. The TCG industry consortium is pushing it into the market. The Article 29 Data Protection Working Party of the EU in its Working Document concludes, that “the use of TPM […] is likely to become a de facto standard, a necessary feature to participate in the information society. This could have consequences not only in the field of data protection, but also regarding other human rights aspects such as the freedom of speech.”  [128]


Application Areas  fidis-wp3-del3.9_Study_on_the_Impact_of_Trusted_Computing_on_Identity_and_Identity_Management_v1.1.sxw  DRM for personal files
19 / 38