Once upon a time life was simple and TPMs had one primary task and
that was maintaining the integrity of the computing platform and in
some case attest this to external parties that you connect with.
However, in the mobile world platform integrity hasn't really failed
as it has in PCs. In addition, "strong authentication to services" is
actually the thing (maybe in par with media encryption) that users
of mobile phones ask for. Unfortunately there is as far as I can see
almost no work going on in the "Trusted Computing community"
supporting this application.
To not get stuck, I have taken the liberty of defining some kind of
"TPM" that is streamlined for authentication to services, by combining
traditional smart cards with TPM fundamentals (attestations) and
then to that add a KEYPROV on steroids.
Executive level doc:
http://webpki.org/papers/keygen2/secure-key-store.pdf
Preliminary API:
http://webpki.org/papers/keygen2/sks-api-arch.pdf
GUI/Protocol demo/verifier:
http://keycenter.webpki.org
Prototype hardware:
http://mbed.org
Sincerely
Anders
There is essentially zero competition in this space since everybody
else seems occupied solving short-term issues.
|
