article

Chain of trust is a security architecture where each component of hardware and software is validated from the bottom up. It is intended to insure that only trusted software and hardware can be used while still remaining flexible.

Introduction

A chain of trust is designed to allow multiple users to create and use software on the system, which would be more difficult if all the keys were stored directly in hardware. It starts with hardware that will only boot from software that is digitally signed. The signing authority will only sign boot programs that enforce security, such as only running programs that are themselves signed.

Only requiring the boot program to be signed is preferable for several reasons. First, boot programs stored on disk can be larger and more complicated than embedded software stored directly in hardware. Also, software is much easier to update than hardware, since it is easier to distribute.

This process results in a chain of trust. The hardware determines that the first (bootstrap) program is trusted, and runs it. The first program determines that the second is trusted, and runs it.

Applications

One application of this mechanism is the Trusted Computing Group's vision based on the Trusted Platform Module. Although its proponents (including Microsoft) claim many benefits from this trust, most are convinced that the primary application is Digital Rights Management.

Digital rights management | Computer security models

 

This article is licensed under the GNU Free Documentation License. It uses material from the "Chain of trust".

Home Pageartsbusinesscomputersgameshealthhospitalshomekids & teensnewsphysiciansrecreationreferenceregionalscienceshoppingsocietysportsworld