An Introduction to the Trusted Platform Module and Mobile Trusted Module

  • Raja Naeem AkramEmail author
  • Konstantinos Markantonakis
  • Keith Mayes


The trusted platform module (TPM) is a tamper-resistant component that provides roots of trust in secure computing and remote attestation frameworks. In this chapter, we briefly discuss the TPM architecture, operations and services. The discussion is then extended to the mobile trusted module (MTM)—to contrast and compare different approaches to implement a trusted platform architecture. This illustrates the vital role the ecosystem of a computing platform plays in the architectural design decisions regarding the root of trust in a trusted platforms.


Trusted Computing TPM MTM Mobile phones  Tablets 



The authors want to thank the reviewers for their constructive comments which were helpful to improve this chapter.


  1. 1.
    TPM Main: Part 1 Design Principles, Online, Trusted Computing Group (TCG) Specification 1.2, Rev. 116, March 2011.Google Scholar
  2. 2.
    ISO/IEC 11889–1: Information Technology - Trusted Platform Module - Part 1: Overview, Online, International Organization for Standardization (ISO) Standard 11 889–1, May 2009.Google Scholar
  3. 3.
    Standard Specifications for Public Key Cryptography, Online, Institute for Electrical and Electronics Engineers (IEEE) Standard 1363–2000, January 2000.Google Scholar
  4. 4.
    H. Krawczyk, M. Bellare, and R. Canetti, HMAC: Keyed-Hashing for Message Authentication, Online, Network Working Group Requst for Comments 2104, February 1997.Google Scholar
  5. 5.
    FIPS 180–2: Secure Hash Standard (SHS), National Institute of Standards and Technology (NIST) Std., 2002.Google Scholar
  6. 6.
    TPM Main: Part 3 Commands, Online, Trusted Computing Group (TCG) Specification 1.2, Rev. 116, March 2011.Google Scholar
  7. 7.
    ISO/IEC 11889–2: Information technology - Trusted Platform Module - Part 2: Design principles, International Organization for Standardization (ISO) Std., May 2009.Google Scholar
  8. 8.
    E. Brickell, J. Camenisch, L. Chen, “Direct anonymous attestation”, in Proceedings of the 11th ACM conference on Computer and communications security, ser. CCS ’04. New York, NY, USA: ACM, 2004, pp. 132–145. [Online]. Available:
  9. 9.
    “Intel Trusted Execution Technology (Intel TXT)”, Intel Corporation, Software Development Guide 315168–008, March 2011. [Online]. Available:
  10. 10.
    TCG Mobile Trusted Module Specification, Online, Trusted Computing Group (TCG) Specification 1.0, Rev. 6, June 2008.Google Scholar
  11. 11.
    P. Wilson, A. Frey, T. Mihm, D. Kershaw, and T. Alves, “Implementing Embedded Security on Dual-Virtual-CPU Systems”, IEEE Design and Test of Computers, vol. 24, pp. 582–591, 2007.Google Scholar
  12. 12.
    , “ARM Security Technology: Building a Secure System using TrustZone Technology”, ARM, White Paper PRD29-GENC-009492C, 2009.Google Scholar
  13. 13.
    —, “M-Shield Mobile Security Technology: Making Wireless Secure”, Texas Instruments, Whilte Paper, February 2008.Google Scholar
  14. 14.
    GlobalPlatform Device Technology: Device Application Security Management - Concepts and Description Document Specification, Online, GlobalPlatform Specification, April 2008.Google Scholar
  15. 15.
    , “GlobalPlatform Device: GPD/STIP Specification Overview”, GlobalPlatform, Specification Version 2.3, August 2007.Google Scholar
  16. 16.
    GlobalPlatform: GlobalPlatform Card Specification, Version 2.2,, GlobalPlatform Std., March 2006.Google Scholar
  17. 17.
    F. C. Bormann, L. Manteau, A. Linke, J. C. Pailles, and J. D. van, “Concept for Trusted Personal Devices in a Mobile and Networked Environment”, in 15th IST Mobile & Wireless Communications Summit, June 2006.Google Scholar
  18. 18.
    R. N. Akram, K. Markantonakis, and K. Mayes, “A Paradigm Shift in Smart Card Ownership Model”, in Proceedings of the 2010 International Conference on Computational Science and Its Applications (ICCSA 2010), B. O. Apduhan, O. Gervasi, A. Iglesias, D. Taniar, and M. Gavrilova, Eds. Fukuoka, Japan: IEEE Computer Society, March 2010, pp. 191–200.Google Scholar
  19. 19.
    —, “User Centric Security Model for Tamper-Resistant Devices”, in 8th IEEE International Conference on e-Business Engineering (ICEBE 2011), J. Li and J.-Y. Chung, Eds. Beijing, China: IEEE Computer Science, October 2011.Google Scholar
  20. 20.
    Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model, Part 2: Security Functional Requirements, Part 3: Security Assurance Requirements, Common Criteria Std. Version 3.1, August 2006.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Raja Naeem Akram
    • 1
    Email author
  • Konstantinos Markantonakis
    • 2
  • Keith Mayes
    • 2
  1. 1.Department of Computer ScienceUniversity of WaikatoHamiltonNew Zealand
  2. 2.Information Security Group, Smart Card Centre, Royal HollowayUniversity of LondonLondonUK

Personalised recommendations