Copyright © 2003-2008 Intertrust Technologies Corp. All rights reserved.

Trusted Computing - What is It?

Early on in its history, Intertrust inventors recognized that traditional computing security models were not feasible in an environment characterized by the widespread availability of high-density digital media; low cost, "always on" connectivity; and a highly distributed computing environment. As a result, Intertrust began thinking of ways in which to support traditional and future commercial relationships in a digital world.

In the off-line world, commercial relationships are based on the understanding that parties respect the terms and conditions they agree upon mutually for a given transaction. This is the basis of trust. This is also the foundation of Intertrust's vision for a connected, digital world in which trusted entities automate the interaction that occurs between individuals and businesses in traditional commercial relationships.

The need to provide trusted transactions in electronic commerce was a key driver in the creation of trusted computing. Trusted computing technologies allow rightsholders to express policies and have those policies negotiated and enforced in any execution environment. An example is a technology that allows your computer to run "foreign" code after it has digitally verified that the code is certified as compliant to a trusted third party's specification. Conversely, a trusted computing technology also allows you to extend control of your code beyond your computing environment, by setting usage rights or policies that are enforced in any foreign environment.

Trusted computing can take many forms, including creating a chain of authorizations among parties. Digital Rights Management, or DRM, is the application of specific trusted computing technologies to policy objectives that relate to copyright management and digital content.

Why Don't Traditional Security Models Work?

Like most technology in the computer industry, computer security models came largely from the defense industry. Traditional security models were:

1. Extremely hierarchical;
2. Centralized systems in which administrators governed policies and properties; and
3. Focused on keeping "the enemy" out.

While the traditional security model works well in homogenous environments (e.g., military installations), it is not well adapted to distributed computing environments where disparate entities need to interact digitally as peers (e.g., the Internet).

Moreover, much of the logic that guided traditional security models is not applicable to the Internet age. For example:

The principal threat to data is not external. Most data theft is carried out by those on the inside of an organization. As a result, locked doors and security guards are inadequate in preventing the majority of attacks on data. Mechanisms for authenticating individuals and setting authorization policies directly target data protection from internal threats.

Policies do not remain static and unchanged throughout the lifecycle of a digital object. Static, “one size fits all,” policies do not exploit the Internet's ability to create multi-tier distribution networks and e-commerce value chains. Whether policies govern the distribution of entertainment content (i.e., a song or movie), or e-commerce (i.e., a set of business instructions associated with a purchase order), they need to be dynamic and allow for flexible business models. Authorization technology allows stakeholders to offer the same content to different audiences with various options.

Objects and policies do not remain within a single, “closed” network or domain. Most networks today communicate outside their domain. An example is the home media gateway that typically includes consumer electronics, mobile, and PC technologies. Another example is web services, where objects use the Internet to interoperate across different operating environments. Policies that are securely managed across networks allow stakeholders to create a trusted environment even where there is interaction and data portability between the different platforms.

It is for these and numerous other reasons that trusted computing technologies are as important inside organizations as outside them, and as relevant to the entertainment and media industry as they are to the pharmaceutical industry. Trusted computing technologies are an essential component of every PC, cell phone, set-top box, and PDA.