Re: The TPM is dead, long live the TEE!

On 07/13/2014 12:33 AM, Anders Rundgren wrote:
> How come the competition didn't buy into the TPM?
> 
> TPMs are based on a "one-size-fits-all" security API philosophy.
> Since Intel relies on external vendors supplying TPM-components this
> (IMHO fairly unwieldy) API must also be standardized which makes the
> process updating TPMs extremely slow and costly.
> 
> TEEs OTOH can be fitted at any time with application-specific
> security APIs which both can be standardized or entirely proprietary.
> In fact, even third-parties can create new security APIs using
> GlobalPlatform's TEE!

Hey Anders,

Could you elaborate a bit more on how we could apply this approach to
the Web Payments initiative? The part that I don't understand is that if
you allow entirely proprietary APIs into the mix, how do you achieve
interoperability? Does it not matter at that level?

To bring this more in line w/ what we're doing. We hope that the payment
initiation mechanism that we end up standardizing is going to allow
Visa, Mastercard, PayPal, Bitcoin, Ripple, etc. to all be listed as
payment options by the merchant and selected freely by the customer
depending on which payment mechanism they want to use. Is this an
example of the approach that you're suggesting?

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: The Marathonic Dawn of Web Payments
http://manu.sporny.org/2014/dawn-of-web-payments/

Received on Wednesday, 23 July 2014 01:55:19 UTC