language-icon Old Web
English
Sign In

Trusted client

In computing, a trusted client is a device or program controlled by the user of a service, but with restrictions designed to prevent its use in ways not authorized by the provider of the service. That is, the client is a device that vendors trust and then sell to the consumers, whom they do not trust. Examples include video games played over a computer network or the Content Scramble System (CSS) in DVDs. In computing, a trusted client is a device or program controlled by the user of a service, but with restrictions designed to prevent its use in ways not authorized by the provider of the service. That is, the client is a device that vendors trust and then sell to the consumers, whom they do not trust. Examples include video games played over a computer network or the Content Scramble System (CSS) in DVDs. Trusted client software is considered fundamentally insecure: once the security is broken by one user, the break is trivially copyable and available to others. As computer security specialist Bruce Schneier states, 'Against the average user, anything works; there's no need for complex security software. Against the skilled attacker, on the other hand, nothing works.' Trusted client hardware is somewhat more secure, but not a complete solution. Trusted clients are attractive to business as a form of vendor lock-in: sell the trusted client at a loss and charge more than would be otherwise economically viable for the associated service. One early example was radio receivers that were subsidized by broadcasters, but restricted to receiving only their radio station. Modern examples include video recorders being forced by law to include Macrovision copy protection, the DVD region code system and region-coded video game consoles. Technically knowledgeable consumers and other manufacturers frequently bypass the limiting features of trusted clients — from the simple replacement of the fixed tuning capacitor in the early locked radios to the successful DeCSS cryptographic attack on CSS in 1999. Manufacturers have resorted to legal threats via the Digital Millennium Copyright Act and similar laws to prevent their circumvention, with varying degrees of success. However, the nature of the internet enables any crack that is discovered and published to be virtually impossible to remove. Trusted computing aims to create computer hardware which assists in the implementation of such restrictions in software, and attempts to make circumvention of these restrictions more difficult.

[ "Direct Anonymous Attestation", "Trusted Platform Module", "Trusted Network Connect", "Trusted timestamping" ]
Parent Topic
Child Topic
    No Parent Topic