Computers have evolved to tools for many applications and services. In today's world a trustworthy computing environment becomes more and more a desire. Comprehensive trust, security, and privacy functions are required to establish multi-party trust between devices, upon which content providers, application and service providers, consumers, enterprises and financial institutions, and particularly users can rely.
For that, a trusted platform module (TPM) has been established. The role of the module is to offer protected storage, platform authentication, protected cryptographic processes and attestable state capabilities to provide a level of trust for the computing platform. The foundation of this trust is the certification by a recognized authority that the platform can be trusted for an intended purpose. A so-called trusted computing group (TCG) will further develop and promote open industry standard specifications for trusted computing hardware building blocks and software interfaces across multiple platforms, including PC's, servers, PDA's, and digital phones. This will enable more secure data storage, online business practices, and online commerce transactions while protecting privacy and individual rights. Users will have more secure local data storage and a lower risk of identity theft from both external software attack and physical theft.
To realize the functionality of attestable states, an issuer issues a certificate to the trusted platform module, hereafter also abbreviated as TPM, as to allow the TPM to later prove that it is a genuine TPM and therefore a verifying party can have confidence stated attested by the TPM. To allow the TPM to prove it is genuine without that the verifying party can identify the TPM, a so-called direct anonymous attestation (DAA) protocol has been specified by the trusted computing group. The protocol allows the TPM to convince a verifying party that it obtained attestation by an issuer without revealing its identity.
Further, the TCG specified a protocol to provide attestation (with a certificate) to a platform's TPM such that the platform can later prove to any party that it preserved attestation without that the verifying party can identify the platform or link this proof of attestation with other proofs of attestation that the platform provided.
In many cases, complete anonymity is not appropriate, as it can be misused. Thus, a balance between privacy requirements of honest users and requirements of law enforcement should be found. This leads inevitably to a compromise that should be acceptable.
The attestation procedure however does not allow retrieving the identity of a TPM.
From the above it follows that there is still a need in the art for an improved protocol and system which allow a revocation of anonymity within an anonymous system.