The program initially will focus on implementations of the Trusted Platform Module, or TPM, which is the core of the TCG's security architecture for PCs and other computing devices. The TPM is used in millions of PCs, servers and embedded systems to secure passwords, digital keys and certificates used to protect data, email and networks.
TCG's certification program is being established to demonstrate security and correctness of specification implementations. By participation in the certification program, manufacturers and developers of TCG-based products, such as PCs and laptops, give buyers an easily identifiable way to ensure consistency, interoperability and security of products.
"In addition to assuring compliance of the widely sold TPMs, which is important for PC vendors and application providers, the TCG Certification now also tests products according to a defined security level, thus providing users with trust in a secure implementation," said Thomas Rosteck, vice president and general manager at Infineon Technologies and TCG director. "Assuring a certain security level is standard in other industries and the basis for many security sensitive applications. Evaluated by an independent security lab, the documented security level will allow for data transactions and data storage in PC-based applications that are better protected and therefore more secure without trade-offs in convenience and efficiency. Infineon plans to have its TPM certified according to the TCG certification program."
The TPM certification program includes a security evaluation requirement, based on third-party security evaluation using the established international Common Criteria framework1 and a compliance testing requirements based on test suite tools developed by TCG.
Products that are certified will be identified on the TCG website on a Certified Products list at http://www.trustedcomputinggroup.org/certification.
The group expects to offer certification for products using Trusted Network Connect specifications later this year.
TCG and Members Demonstrate Trusted Enterprise and Push Adoption; Final Core Storage Specification Available
Here at RSA, Booth #2133, TCG members are demonstrating a number of widely available products to secure clients, data and networks. These products, which are based on TCG specifications and provide users with interoperable solutions, include self-encrypting drives, services to enable strong authentication and data protection, and equipment and applications for protecting networks against infected or unauthorized users or clients.
Also this week, TCG announced it has formed two subgroups to help foster further adoption of self-encryption drives and network security based on the Trusted Network Connect framework.
The group also made available the final Storage Architecture Core Specification. The specification was previously introduced as a draft to the storage industry and has now been finalized. This specification provides details about how to implement and utilize trust and security services on storage devices. To review the specification or get more information, go to https://www.trustedcomputinggroup.org.
TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. More information and the organization's specifications are available at www.trustedcomputinggroup.org.