Frequently Asked Questions
Click on the question to show the answer. Expand All Answers
How does a Trusted Platform provide incremental revenue opportunities to developers, SIs and VARs?
TCG provides increased security and trust through the use of Trusted Platforms. The Trusted Platform provides four significant functions:
- Cryptographic functions
- Protected storage
- Platform integrity metrics
- Platform authentication
Developers, SIs and VARs can upgrade existing applications or write new applications that take advantage of the enhanced security provided by the Trusted Platform Module or TPM. Wave Systems makes development easy and abstracts the differences between hardware and lower-level software by providing the TCG-Enabled CSP (Cryptographic Service Provider).
When would an application developer use the TCG-Enabled CSP?
Following are a few scenarios in which an application developer would use the TCG-Enabled CSP:
- To write a secure TCG-compliant application that performs encryption by the TPM hardware without requiring knowledge of the TSS layer (the software that directly interfaces with the TPM)
- To create a unique application for hardware-based security to run on a Trusted Platform (a system with a TPM)
- To upgrade an existing application from using software cryptographic functions to use the TPM when available – maximizing the security of the application
- To write an application to MSCAPI (Microsoft’s Cryptographic API)
Are TCG-Enabled applications safer than standard applications?
Because hardware-based keys are more tamper-resistant, and thus more secure, than software-based keys, TCG-enabled applications bring an enhanced level of security to existing and emerging applications not available on non-TCG platforms. These enhanced capabilities provide incremental revenue opportunities for application providers interested in offering enhanced security services.
How does the TCG-Enabled CSP work?
The TCG-Enabled CSP is a TCG-enhanced MSCAPI CSP module that provides asymmetric key functionality on the Trusted Platform Module (TPM). By using Wave’s TCG-Enabled CSP, application developers can now utilize the security of a TPM when writing an application that uses MSCAPI. The TCG-Enabled CSP leverages the resident Microsoft OS on the platform, the TCG Software Stack (TSS) and the TPM for the generation of cryptography algorithms. The TCG-Enabled CSP uses the enhanced security provided by the TPM module, irrespective of vendor-specific requirements regarding the hardware or the TSS provider.
What does the Wave Systems TCG-Enabled CSP provide?
The Wave TCG-Enabled CSP enables applications to utilize functionality available on TCG-compliant platforms directly through MSCAPI, without requiring user knowledge of any TCG Software Stack (TSS) layer.
What are the different selections for the Wave Systems TCG-Enabled CSP?
The Wave TCG-Enabled CSPis the ‘standard’ Wave CSP used for generating TPM keys and related functions unless one of the below apply. The Wave TCG-Enabled CSP also must be used if a use case for VPN authentication requires a user to login to the VPN prior to logging into Windows.
The Wave TCG-Enabled Strong Authentication CSP is very similar to the “Wave TCG Enabled CSP” with the following exceptions:
- TPM keys created with this CSP are always password protected
- This CSP will never store the individual TPM key password in the Wave Password Vault
- This CSP must be used for password protected keys with Microsoft VPN
- This CSP must be used for Wave’s TPM PKI logon
The Wave TCG Enabled SChannel CSP uses the “Microsoft RSA SChannel Cryptographic Provider” as a pass-through CSP so that it can work with SSL based applications (for locating the private key in the SSL connection).
Once I’ve developed my application using the TCG-Enabled CSP, how do I distribute?
Please contact Wave Systems for further details.
If you need additional information, please submit a Support Request Form. Customer Service will contact you within one business day with a response to your inquiry. To ensure quality customer service, please include your email address and a detailed description of the issue/inquiry.