Implementing Trusted Terminals with a and SITDRM

The SITDRM Enterprise system [N. Sheppard, R. Safavi-Naini “Protecting Privacy with the MPEG-21 IPMP Framework”. International Workshop on Privacy Enhancing Technologies 2006, pp. 152–171] protects private customer data by allowing customers to provide policies in the form of a machine-readable license. When employees of an organization want to use customers' data, they must be forced to abide by the licences provided. Some sort of hardened terminal must be used to ensure that not only the hardware and software will cooperate, but that the user of the terminal will too. We use the Trusted Computing Group's specifications for a trusted platform upon which to build a data user terminal that can be proved to implement correct license-enforcing behavior. A Trusted Platform Module (TPM) and a TPM-using operating system are all that may be required to construct a verifiably secure terminal.