[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TPM unusable for DRM

From: Anton Tagunov
Subject: Re: TPM unusable for DRM
Date: Fri, 10 Nov 2006 18:57:41 +0300


Shap> 3. Local software can perform these operations, refusing to decrypt
Shap> content unless an acceptable endorsement is provided by the TPM.

Emmanuel> So my first question is : how does the local software has
Emmanuel> to proceed, in order to check that the endorsement key
Emmanuel> he got from the kernel was really provided by the TPM?

Emmanuel> My other question is : how does the software knows
Emmanuel> that this endorsement key is acceptable?

Do you think it could go like this:

Imagine company FCK sells DRM protected video.
To use their video you've got to pass though
'attest your computer' online procedure.

During this procedure your give FCK the following
data provided by your TPM
* public part of your TPM's current AIK (attestation key)
* your TPM's PUBEK (public part of it's endorsement key)
* current collection of PCR registers
* signature signing the above with PRIVEK (private part of EK)

FCK verifies that your PUBEK are PCR-s are valid and sends you
Golden Key To Decrypt Their Video = GK.

GK is bound to your PCR values and is encrypted with
public part of your TPM's current AIK.

Only your TPM can decrypt GK, because only it knows private part of AIK.
It shall allow this key to be used only if PCR-s match.


P.S. I've got only one resevation, got to look up into
docs - can private part of AIK be used to decrypt GK?
Is this allow by the doc?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]