Trusted Platform Module (TPM)
By Stephen Bucaro
One of the best ways to keep your data secure is to encrypt it. Encryption involves
the use of an encryption key, basically a huge number, that is used in a mathematical
operation (called a cipher) performed on the original data. The encrypted result
(called ciphertext) is unreadable to anyone who does not have the key used to encrypt it.
The problem with encryption is that the encryption key is vulnerable during the
encrypting and decrypting stages of the operation. The TPM is an embedded security chip,
usually installed on the motherboard, that stores encryption keys in a protected EEPROM.
When the TPM stores encryption keys, it encrypts them so that they can be decrypted
only by the TPM.
Because the TPM uses its own internal firmware and logic circuits for processing
instructions, it is not exposed to operating system vulnerabilities.
TPM uses two classes of encryption keys: migratable and non-migratable. Migratable
keys protect data that can be moved to another computer. If the user wants data
restricted to a single computer, they can use a non-migratable encryption key.
TPM is initially disabled on a new PC. The user can enable TPM in the system's BIOS.
In the BIOS screen select "Trusted Platform Module" and then select "Enable". Once
TPM is enabled in the BIOS, a TPM management application should be setup, and the
first task performed with this software should be to backup the encryption keys.
TPM Security Management Software
Several vendors provide TPM security management software. Wave Systems provides the
Embassy Trust Suite, Dell provides the Control Point Security Manager, and Intel
provides Active Management Technology.
These software provide such features as; list system devices and display their
current security status, allow administrators to set login and document security,
encrypt disks, and setup devices such as fingerprint readers and smart card controllers.
More information can be found in the Microsoft Technet article:
Windows Trusted Platform Module Management Step-by-Step Guide
More Windows Administration Information:
• Four Tips to Safe Web Browsing
• Turn On Your Browser's Phishing Filter
• DriveLock Hard Drive Protection
• No Software on the Market Removes All Spyware
• Keep Your Firefox Browsing Private
• What's a Root Kit and How Hackers Are Getting Into Your Computer With It
• How to Remove Virus Without Internet Access
• Set Windows Defender to Scan Core Operating System Files
• Tips to Protect Windows Vista Operating System
• Has Malware Turned Off Your PC's User Account Control?