“What are TCPA and Palladium?
TCPA stands for the Trusted Computing Platform Alliance (TCPA), an initiative led by Intel. Their website is here. [http://www.trustedcomputing.org/tcpaasp4/index.asp] Their stated goal is `a new computing platform for the next century that will provide for improved trust in the PC platform.’ Palladium appears to be a Microsoft version which will be rolled out in future versions of Windows, will build on TCPA hardware, and will add some extra features….
What does TCPA / Palladium do, in ordinary English?
Its obvious application is to embed digital rights management (DRM) technology in the PC. The less obvious implications include making it easier for application software vendors to lock in their users. …
TCPA provides for a monitoring component to be mounted in future PCs. The likely implementation in the first phase of TCPA is a `Fritz’ chip - a smartcard chip or dongle soldered to the motherboard.
When you boot up your PC, Fritz takes charge. He checks that the boot ROM is as expected, executes it, measures the state of the machine; then checks the first part of the operating system, loads and executes it, checks the state of the machine; and so on. The trust boundary, of hardware and software considered to be known and verified, is steadily expanded. A table is maintained of the hardware (audio card, video card etc) and the software (O/S, drivers, etc); if there are significant changes, the machine must be re-certified. The result is a PC booted into a known state with an approved combination of hardware and software. Control is then handed over to enforcement software in the operating system - this is presumably Palladium if your operating system in Windows.
Once the machine is in this state, Fritz can certify it to third parties: for example, he will do an authentication protocol with Disney to prove that his machine is a suitable recipient of `Snow White’. The Disney server then sends encrypted data, with a key that Fritz will use to unseal it. Fritz makes the key available only so long as the environment remains `trustworthy’. For this purpose, `trustworthy’ means that the media player application won’t make any unauthorised copies of content….
What else can TCPA and Palladium be used for?
TCPA can be used to implement much stronger access controls on confidential documents. For example, you might arrange that your soldiers can only create word processing documents marked at `confidential’ or above, and that only a TCPA PC with a certificate issued by your own armed forces can read such a document. This is called `mandatory access control’, and governments are keen on it. The Palladium announcement implies that the Microsoft product will support this. Once TCPA is widespread, corporations can do this too - and so, for that matter, can the Mafia. This can make life harder for spies, corporate whistleblowers, and FBI agents alike (though it is always possible that the FBI will get some kind of access to master keys). A whistleblower who emails a document to a journalist will achieve little, as the journalist’s Fritz chip won’t give him the key to decipher it.”
From a FAQ by Cambridge University’s Ross Anderson. More at http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html