AP NEWS

TCG Announces Two New Open Source Credentialing Tools for Trusted Supply Chain

October 2, 2018

PORTLAND, Ore.--(BUSINESS WIRE)--Oct 2, 2018--Trusted Computing Group (@TrustedComputin) today announced the availability of two new open source tools for using the Trusted Platform Module (TPM) within a trusted supply chain, supporting TCG’s Platform Specification.

A recent Deloitte Touche Tohmatsu Limited survey* found that  85 percent of surveyed global supply chains had experienced at least one disruption in the past 12 months. These disruptions can disrupt business, result in production delays, incur significant fines and result in legal action.

The TPM can be used to cryptographically bind production lines and the devices they produce, including multi-vendor, multi-stage production. In this capacity, the TPM augments existing acceptance testing tools and validates the source of components and assembly – and can detect malicious component swaps.

TCG has published a specification for the trusted supply chain, defining how TPM credentials are used to verify supply chain entities in the manufacturing, assembly and delivery using the specific TPM on the device. The TPM manufacturer creates an endorsement key on the TPM and then separately creates a signed X.509 endorsement credential and installs it into the TPM to provide proof of the TPM’s source.

Any enterprise involved in the production, configuration or testing of a TPM-enabled device can create a platform credential which provides assertions about the device and used for any system component, such as motherboards, network cards, storage devices or other.

Two open source tools now are available supporting the TCG Platform Specification. Intel is offering an open source tool for creating platform certificates for manufacturers and assembly companies. The tool, available at GitHub Platform Certificate Validation Tool, requires PKI certificates, including those from third parties.

NSA Research, as part of NSA’s Technology Transfer program, released new software on September 6, 2018, allowing technology users to mitigate risks with today’s supply chain management. This software is intended to support the supply chain validation techniques prescribed by the Trusted Computing Group (TCG).

NSA’s Host Integrity (HI) Attestation Certificate Authority (ACA) is available on the NSA Cyber GitHub site. The ACA provides an “Acceptance Test” policy, used to prove a device was produced by the claimed manufacturer, and contains the agreed upon list of components. Host Integrity will initially support Centos-based Linux devices; however, the TCG’s supply chain validation process can work with any computerized device that includes a Trusted Platform Module (TPM) (1.2 or 2.0).

TCG further recommends that manufacturers review and update their policy and procurement processes; requiring TPMs with endorsement credentials and requiring platform certificates for motherboards and chassis. TCG plans to expand its work to additional components used in manufacture of various systems.

About TCG

TCG (@TrustedComputin) is a not-for-profit organization that develops, defines and promotes open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at  www.trustedcomputinggroup.org. The organization offers a number of resources for developers and designers at develop.trustedcomputinggroup.org. Follow TCG on  Twitter  and on  LinkedIn.

Brands and trademarks are the property of their respective owners.

* https://www2.deloitte.com/bb/en/pages/operations/articles/supply-chain-risk-ripple-effect.html

Tweet this: #TPM for #trustedsupplychain gets 2 new open source tools @Intel @NSA @TrustedComputin for cryptographic binding of production lines & assertions about the device & system components http://bit.ly/2QQYNdT

View source version on businesswire.com:https://www.businesswire.com/news/home/20181002005039/en/

CONTACT: PR Works, Inc.

Anne Price

+1-602-330-6495

anne@prworksonline.com

Twitter:@TrustedComputin

KEYWORD: UNITED STATES NORTH AMERICA OREGON

INDUSTRY KEYWORD: TECHNOLOGY SUPPLY CHAIN MANAGEMENT HARDWARE NETWORKS SOFTWARE TRANSPORT SECURITY SEMICONDUCTOR LOGISTICS/SUPPLY CHAIN MANAGEMENT RETAIL

SOURCE: Trusted Computing Group

Copyright Business Wire 2018.

PUB: 10/02/2018 12:00 PM/DISC: 10/02/2018 12:01 PM

http://www.businesswire.com/news/home/20181002005039/en

AP RADIO
Update hourly