[cap-talk] network level designation and authorization, meta

Jed at Webstart donnelley1 at webstart.com
Fri Jun 23 15:06:55 EDT 2006


At 08:45 AM 6/22/2006, Karp, Alan H wrote:
>Jed wrote:
> >
> > For me what comes to mind is a hardware facility (could be on chip
> > or sort of an "accelerator" on the bus) that stores a private key and
> > performs the required cryptographic transformations safely outside of
> > memory.  However, there still seems to be a difficulty
> > getting the private
> > key information into such a transformation engine and storing and
> > retrieving such private keys.  I don't know how to do that safely.
>
>The TPM, https://www.trustedcomputinggroup.org/home, is just such a
>device.  I've never studied the protocols, but some smart people have.
>It ships with systems from many vendors, including HP,
>http://h20331.www2.hp.com/Hpsub/cache/292199-0-0-225-121.html.

I think I should by now at least mention that I appreciate the above
reference.  I've started to dig into it, but it looks like it will take me
some time (e.g. not before this weekend now), so I thought I should
at least acknowledge the value to me of the reference.

I'm quite interested to see what such a device provides and
whether one might be able to leverage such technology to
effectively protect capabilities as "data" in memory (disk, etc.),
along with the perhaps wider issue of protection of private
keys.  That later is where I'm initially focusing my attention.

--Jed http://www.webstart.com/jed/ 




More information about the cap-talk mailing list