Cryptographic co-processors perform several functions, such as generating encryption keys, storing secrets, encrypting data, decrypting data, signing data, and verifying signatures and providing ‘accumulators’ to store and extend measurements. Such processors are becoming increasingly important for computer security.
In order to provide trust in computing, the Trusted Computing Group (TCG) developed a Trusted Platform Module (TPM) providing specifications for a secure cryptographic processor that can perform the previously mentioned operations in a cost effective and industry standard manner. TPM provides various functions, such as secure generation of cryptographic keys, remote attestation, secure storage of keys, binding, and a hardware random number generator. In general it is used to form an inexpensive basis to root the trust and security of the software environment on the platform.
In a previous application, applicants described a method of binding a removable TPM to a specific platform where the TPM would, among other functions, enter an “Attack Mode” if it was determined that the TPM had been moved from the platform to which it was bound. In the current application, the applicants describe an alternate functionality of a TPM, In this embodiment the TPM does not distinguish when the TPM has been tampered with, which would place it in Attack Mode as under previous embodiments, but it is still able to protect encrypted data stored on the platform.