[I]t would make the most sense for device manufacturers and software designers to separate the iPhone’s payment function from other apps using a Trusted Platform Module (TPM) that can be used to securely store information using cryptographic keys.

The first half of the sentence is good, but the bit about the TPM doesn’t really make sense to me. Of course, rather than a TPM a Mobile Trusted Module (MTM) would be more appropriate, but neither is a magic bullet that will securely store information. They can securely protect encryption keys and use these keys to encrypt and decrypt data securely, but they do do not provide general purpose secure storage. Instead, GlobalPlatform (there are other initiatives, of course) is specifying a complete trusted execution environment that will allow payment functions to be separated off as Mr Nigriny desires:

Using a trusted computing platform type of chip makes the most sense since you know that your other apps won’t bleed over into the trusted payment method.

It’s good that people independent of the Trusted Computing Group are bringing up these sorts of issues, but there still needs to be a lot of education.

Hardware-based trusted computing platforms are intended to overcome many of the problems of trust that are prominent in computing systems. In this paper, a result of the Software Engineering Institute’s Independent Research and Development Project "Trusted Computing in Extreme Adversarial Environments: Using Trusted Hardware as a Foundation for Cyber Security," we discuss the capabilities and limitations of the Trusted Platform Module (TPM). We describe credential storage, device identity, chains of trust, and other techniques for extending hardware-based trust to higher levels of software-based infrastructure. We then examine the character of trust and identify strategies for increasing trust. We show why acceptance of TPM-based trust has been limited to date and suggest that broader acceptance will require more focus on traditional trust issues and on end-to-end services.

It is available for download for free from the university’s Software Engineering Institute.

Security should be integrated into future networks from the beginning, not as an extension. Secure identities and authentication schemes are an important step to fulfil this quest. In this article, we argue that home networks are a natural trust anchor for such schemes. We describe our concept of home networks as a universal point of reference for authentication, trust and access control, and show that our scheme can be applied to any next generation network. As home networks are no safe place, we apply Trusted Computing technology to prevent the abuse of identities, i.e., identity theft.

The full paper is available for download.

it encrypts all data automatically; and it uses a piece of encryption hardware called a trusted computing module to digitally sign components of the operating system and check them for tampering.

Trusted Platform Module, please! Also, the TPM does not sign OS components, nor does it check them for tampering. I’m looking forward to hearing more about the device, but I do worry that Google are taking a very long time to produce Chrome OS, especially compared to Android, and I am yet to see a clear reason why I should pick Chrome OS over Android.

"The Open Identity Exchange provides a critical business and legal framework to enable the ecosystem of Internet identity to prosper," said Drummond Reed, Executive Director of the Information Card Foundation. "By brokering the certification of trust to a defined specification, an identity provider such as id.wave.com can, with a user’s permission, automatically log him or her into the many sites that participate in that framework."

The unique selling point of Wave’s solution is the use of a Trusted Platform Module to enable a specific machine to be tied to an account, and the TPM can take care of keeping all local credentials safely encrypted.

Currently Wave are accredited to the lowest Level 1 of the specification, but they’ll be continuing to work to get a higher level of certification.

Currently the scary boot screen says "This copy of Chrome OS is untrusted. Press SPACE to begin recovery." Sumit pointed out that we don’t promise treacherous^H^H^H^H^H^H^H^H^H^H^Htrusted boot using the TPM, so we should just say "unverified" instead.

Well, it made me smile at least!

Kiljan [Boudewijn Kiljan, solution architect for global information technology, infrastructure portfolio, at PwC]says estimates are that TPM is less than half the cost of going with a smartcard-based PKI device and a third of going with a USB PCI device.

I believe that USB PCI device should read USB PKI device. That’s quite a considerable saving.

In the envisioned identity ecosystem individuals, organizations, services, and devices would be able to trust each other because authoritative sources establish and authenticate their digital identities.

At the consumer end, the trusted identity may be held in smart cards, USB drives, mobile devices, software certificates or Trusted Platform Modules. (The article uses the phrase "trusted computing module", which when capitalised is actually the Chinese version of a TPM, but let’s ignore that!)

It’s an interesting article and well worth reading, as is a related post on the official White House blog.

Tracking tasks to take TPM ownership during OOBE.

OOBE is most likely Out Of Box Experience, how the user interacts with the device when they first turn it on. On current PCs, taking ownership of a TPM requires explicit user actions for privacy and other reasons, so it will be interesting to see how Google approach this issue. I know also that the taking ownership issue is a hot topic for a number of people in the Trusted Computing world, so it would also be good to get Google on board with the Trusted Computing Group.

The issues in themselves aren’t terribly interesting, but I’m getting quite curious to see exactly what’s going to come out at the end of the day!