You are here: Resources > FIDIS Deliverables > HighTechID > D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management > 

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Legal aspects in TC in general  Title:
 Types of Identity Management


Trusted Computing, Identity and Identity Management

Trusted Computing for Identity Management

Trusted computing technologies aim at affording secure platforms which behave in a consistent way and which are able to prove their own integrity for both their owners and third parties. TC-based platforms provide elementary security functionalities based on which operating systems and applications can operate securely and consistently, turning down any attempts for tampering with them. Hence, a TC-based platform’s secure operation is not only trusted by the platform’s owner, but also by other parties interacting directly or indirectly with this platform. The root of trust for such platforms lies in the TPM chip (cf. 4.1). 

Among other properties, a TPM chip can store a number of keys and credentials. Some of those are non-migratable i.e. can never leave the TPM unencrypted, and are therefore bound to a specific TPM on a specific platform. Binding and Sealing are two of the functionalities provided by a TC platform which make use of the secure storage of keys and credentials within the embedded TPM. On the other hand, a TPM-based platform has its well preserved unique digital identity which can distinguish it from other platforms. The platform’s unique digital identity can be derived from the corresponding Platform Credential or Endorsement Key. 

Hence, from a conceptual point of view, correlation between a specific platform’s identity and its owner’s or user’s identity seems possible. With TPMs able to store more than one certificate or key, users’ identities, platforms identities and their corresponding transactions can all be bound or correlated to each other in several ways. 

While Identity Management (IdM) exists in different forms, it focuses on the establishment, description and destruction of subjects’ or objects’ identities, by associating attributes to each identity. IdM systems make use of those established identities and corresponding attributes to provide ground for services such as authentication, authorization, behaviour analysis, personalized services, roles and pseudonyms management which are all identity dependents. Therefore, with TC platforms able to associate hardware identity to users identities, TC seems to have big influence, positive but also negative, on the capabilities of IdM systems and hence on the efficiency of the services they provide. 

In the following sections, we try to envision how TC can affect some aspects of IdM, and how it can open doors or give ground for a new perspective of IdM and IdM systems. 


Legal aspects in TC in general  fidis-wp3-del3.9_Study_on_the_Impact_of_Trusted_Computing_on_Identity_and_Identity_Management_v1.1.sxw  Types of Identity Management
23 / 38