copyrighted material, the vendor encrypts the data using your system’s public
key, which means that the data can only be used on your system.
This model applies to any kind of data: software, media files—it doesn’t
really matter. The data is secure because the trusted platform will ensure that
the user will be unable to access the decrypted information at any time. Of
course, preventing piracy is not the only application of trusted computing (in
fact, some developers of trusted computing platforms aren’t even mentioning
this application, probably in an effort to gain public support). Trusted com-
puting will allow you to encrypt all of your sensitive information and to only
make that information available to trusted software that comes from a trusted
vendor. This means that a virus or any kind of Trojan wouldn’t be able to steal
your information and send it somewhere else; the decryption key is safely
stored inside the cryptographic engine which is inaccessible to the malicious
program.
Trusted computing is a two-edged sword. On one hand, it makes computer
systems more secure because sensitive information is well protected. On the
other hand, it gives software vendors far more control of your system. Think
about file formats, for instance. Currently, it is impossible for software vendors
to create a closed file format that other vendors won’t be able to use. This
means that competing products can often read each other’s file format. All
they have to do is reverse the file format and write code that reads such files or
even creates them. With trusted computing, an application could encrypt all of
its files using a hidden key that is stored inside the application. Because no one
ever sees the application code in its unencrypted form, no one would be able
to find the key and decrypt the files created by that specific application. That
may be an advantage for software vendors, but it’s certainly a disadvantage
for end users.
What about content protection and digital rights management? A properly
implemented trusted platform will make most protection technologies far
more effective. That’s because trusted platforms attempt to address the biggest
weakness in every current copy protection scheme: the inability to hide
decrypted information while it is being used. Even current hardware-based
solutions for software copy protection such as dongles suffer from such prob-
lems nowadays because eventually decrypted code must be written to the
main system memory, where it is vulnerable.
Trusted platforms typically have a protected partition where programs can
run securely, with their code and data being inaccessible to other programs.
This can be implemented on several different levels such as having a trusted
CPU (Intel’s LeGrande Technologyis a good example of processors that enforce
memory access restrictions between processes), or having control of memory
accesses at some other level at the hardware. Operating system cooperation is
also a part of the equation, and when it comes to Windows, Microsoft has
already announced the Next-Generation Secure Computing Base (NGSCB),
Piracy and Copy Protection 323