Concern over the security and authenticity of transactions through and over computer systems has become a growing concern as the use of computer systems has proliferated. That concern has given rise to the Trusted Computing Platform Alliance, also know as the TCPA. The Design Philosophies statement of the TCPA states that the purpose of the activity is to encourage the use of computer platforms for critical purposes by improving the basis on which a computing environment may be trusted.
The TCPA has developed a specification in addition to the Design Philosophy statement, and included in their materials a glossary of terminology used in their discussions. Certain terms appearing hereinafter may be found in that glossary as well as having meaning apart from the glossary definitions offered by the TCPA. While it is intended that the glossary definitions will be helpful, it is to be recognized at the outset of the discussion which follows that those definitions are deemed illustrative only and not fully binding on the terminology used. The choice of TCPA defined terms is made only for convenience and as an aid to understanding, avoiding restriction to those definitions as the meaning of the terminology is expected to expand as the technology becomes into wider use.
A Trusted Platform is a platform that can be trusted by local users and by remote entities. TCPA uses a behavioral definition of trust: an entity can be trusted if it always behaves in the expected manner for the intended purpose. The basis for trusting a platform, or computer system, is a declaration by a known authority that a platform with a given identity can be trusted to measure and report the way it is operating.
One possibility for a trusted platform is the authentication by a user of a file or document generated at the platform or system and passed, supplied or delivered to another platform or system. Such transfer of a file or document may be by any of the known channels or forms of communicating data. When a user desires to give assurance that the data being transferred has been originated by that user, a process of authentication is initiated. That is, some “signature” or authenticating data is supplied which gives the appropriate assurance to a recipient as to the “trustability” of the origin of the data.
As will be understood, it is of importance that such signature be maintained as trustworthy. For that purpose, various forms of attack on the trusted capabilities for such a signature should be anticipated. The present invention deals with one such form of attack.
It is somewhat conventional for protection of authentication capabilities to be achieved by use of passwords or passphrases. Computer system users are likely familiar with such capabilities as power-on, hard drive and network passwords, as well as passwords for access to secured internet sites. An authenticating signature capability is similarly protected.
However, attacks may become focused on necessary transition points in the use of computer systems. For example, a user may wish to create a file or document while the system is in a insecure state, and then later provide that file or document in a trusted form. In order to arrive at the trusted form, the user must reach and apply the TCPA functions which establish the trustworthiness of the system, and then supply the signature. The transition from the insecure to the trusted states may present a conceivable avenue of attack for a person wishing to subvert the trusted nature of the system. For example, a “spoofing” program may be executed which would cause the user to believe that the system is in trusted stated while it is in fact in an insecure state. Such operation may expose the system to capture of passwords or passphrases for nefarious purposes, or to the inadvertent and unknowing attachment of the signature to files or documents which the user would never intend to so authenticate.