Identity Credential Issuance with Trusted Computing

In a client-server environment that deals with multiple clients, there is a need to provide a mechanism on the server to manage the issuance of the client credentials for security authorization. Credentials created using a particular own platform identities and functions as an authentication credentials to authenticate the platform itself in a network communication. However, these credentials can easily be shared, copied and stolen. This will led to an anonymous service sharing and worst to come when the stolen credentials is using for phishing attacks to the original user. One solution to the problem is to use tamper-resistant hardware to which a credential is bound such that a credential can only be generated and used in connection with the hardware. For that, manufacturers have started to embed into computers a tamperresistant piece of hardware, called trusted platform modules (TPM), as specified by the Trusted Computing Group. This mechanism insures that credentials can only be issued with the TPM existence in the platform thus guarantees the platform origins. This paper describes the component involved in the credential issuance method by the server trusted computing domain. To implement our approach, a client server application is used as an interface through the secure communication channel in credential request. The server acts as a Trusted Third Party to verify authorized users in this environment. Keyword-Credential, Trusted Computing, Trusted Third Party