Can TPM be used to authenticate the computer to a remote server? Is there any recommended reading material for that topic? How can I use TPM to protect my application from being cloned to another PC?
Asked
Active
Viewed 298 times
1 Answers
2
Can TPM be used to authenticate the computer to a remote server?
Yes it is possible - but not trivial, to do so and, we already told you that.
Quoted from your question here
A TPM is about the only way to go about what the poster is asking for and, even then, it's a long shot. Assuming the users of these computers don't have the equivalent of "superuser" access and the computers are using full disk encryption with a boot-loader that allows the TPM to insure "trust" in the OS then the post has a chance. Even then, you're banking on a lot of "moving parts" working in a bug-free fashion to keep this trust up.
Roughly summed up, use a vpn connection, but instead of giving the users access to the key or username and password, a static key per machine is saved in the machines TPM keystore. This will effectively authenticate the computer.
To your second question:
How can I use TPM to protect my application from being cloned to another pc ?
Full Disk Encryption. In easy terms, you encrypt the harddrive with a key and this key is getting stored in the TPM keystore. Since it is stored on the hardware, the key to decrypt the harddrive can't be cloned.
Still users would be able to clone the harddrive - they just won't be able to decrypt it anywhere else than the original PC.
