CAN/CSA-ISO/IEC 11889-1:16
Current
The latest, up-to-date edition.
Information technology Trusted Platform Module Library Part 1: Architecture (Adopted ISO/IEC 11889-1:2015, second edition, 2015-12-15)
Hardcopy , PDF
English
01-01-2016
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and Abbreviated Terms
5 Conventions
6 ISO/IEC 11889 Organization
7 Compliance
8 Changes from Previous Versions
9 Trusted Platforms
10 TPM Protections
11 TPM Architecture
12 TPM Operational States
13 TPM Control Domains
14 Primary Seeds
15 TPM Handles
16 Names
17 PCR Operations
18 TPM Command/Response Structure
19 Authorizations and Acknowledgments
20 Audit Session
21 Session-based encryption
22 Protected Storage
23 Protected Storage Hierarchy
24 Credential Protection
25 Object Attributes
26 Object Structure Elements
27 Object Creation
28 Object Loading
29 Object Creation in Reference Implementation
30 Context Management
31 Attestation
32 Cryptographic Support Functions
33 Locality
34 Hardware Core Root of Trust Measurement (H-CRTM)
Event Sequence
35 Command Audit
36 Timing Components
37 NV Memory
38 Multi-Tasking
39 Errors and Response Codes
40 General Purpose I/O
41 Minimums
Annex A (normative) - RSA
Annex B (normative) - ECC
Annex C (normative) - Support for SMx Family of Algorithms
Annex D (informative) - Key Generation
Annex E (informative) - Policy Examples
Annex F (informative) - Acknowledgements and contributors
Bibliography
Specifies the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general.
DocumentType |
Standard
|
ISBN |
978-1-4883-0493-4
|
Pages |
0
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 11889-1" throughout. At the time of publication, ISO/IEC 11889-1:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This part of ISO/IEC 11889 defines the architectural elements of the Trusted Platform Module (TPM), a device which enables trust in computing platforms in general. Some TPM concepts are explained adequately in the context of the TPM itself. Other TPM concepts are explained in the context of how a TPM helps establish trust in a computing platform. When describing how a TPM helps establish trust in a computing platform, this part of ISO/IEC 11889 provides some guidance for platform requirements. However, the scope of ISO/IEC 11889 is limited to TPM requirements. This part of ISO/IEC 11889 illustrates TPM security and privacy techniques in the context of a platform through the use of cryptography. It includes definitions of how different cryptographic techniques are implemented by a TPM. The scope of ISO/IEC 11889 does not include cryptographic analysis or guidance about the applicability of different algorithms for specific uses cases. TPM requirements in this part of ISO/IEC 11889 are general, covering concepts like integrity protection, isolation and confidentially. Defining a specific strength of function or assurance level is out of scope for ISO/IEC 11889. This approach limits the guarantees provided by ISO/IEC 11889 itself, but it does allow the TPM architectural elements defined to be adapted to meet diverse implementation and platform specific needs.
Standards | Relationship |
ISO/IEC 11889-1:2015 | Identical |
ISO/IEC 15946-1:2016 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 1: General |
ISO/IEC 14888-3:2016 | Information technology — Security techniques — Digital signatures with appendix — Part 3: Discrete logarithm based mechanisms |
ISO/IEC 11889-2:2015 | Information technology — Trusted Platform Module Library — Part 2: Structures |
ISO/IEC 11889-3:2015 | Information technology — Trusted Platform Module Library — Part 3: Commands |
ISO/IEC 18033-3:2010 | Information technology Security techniques Encryption algorithms Part 3: Block ciphers |
FIPS PUB 140-2 : 0 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
ISO/IEC 10118-3:2004 | Information technology Security techniques Hash-functions Part 3: Dedicated hash-functions |
ISO/IEC 15946-5:2017 | Information technology Security techniques Cryptographic techniques based on elliptic curves Part 5: Elliptic curve generation |
ISO/IEC 9797-2:2011 | Information technology Security techniques Message Authentication Codes (MACs) Part 2: Mechanisms using a dedicated hash-function |
ISO/IEC 10116:2017 | Information technology — Security techniques — Modes of operation for an n-bit block cipher |
IEEE 1363.3-2013 | IEEE Standard for Identity-Based Cryptographic Techniques using Pairings |
ISO/IEC 11889-4:2015 | Information technology — Trusted Platform Module Library — Part 4: Supporting Routines |
ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.