Intel® vPro™ technology enables development of a trusted computing environment that provides extra protection and security – even for the most sensitive kinds of data, such as military secrets, financial transactions, and gaming code. These additional protections are provided specifically by Intel® Trusted Execution Technology (Intel® TXT) which is a part of the Intel vPro technologies. Intel® TXT is a set of capabilities integrated into the Intel® processor, chipset, and platform-level components, allowing critical applications to run in a virtualized, protected environment. When coupled with an enabled software stack, Intel TXT helps to protect the confidentiality and integrity of data in the face of increasingly hostile security environments.

• Read the technology brief to learn more

  File type/Size:  PDF 202KB

Usage scenarios

Sensitive information forms the basis of top-secret military communications, medical records, gaming systems, and retail transactions. Whether connected to a common network, or in an isolated environment, this data becomes vulnerable to malware attack. Intel vPro technologies provide software enabled, hardware based defenses to the platform. The following usage scenarios demonstrate how Intel vPro technology can be used to strengthen system security and protect sensitive data:

Military

Challenge: Perhaps the world's most sensitive data is used by the military and must be protected from unauthorized access. Furthermore, multiple access-levels often lead to overly complex and bulky systems replete with duplicative storage and devices.

Solution: Using tiered access—a virtualized environment built upon Intel vPro technologies—a single tactical-force system can be shared by multiple users. In this model, all data resides in isolated partitions, each with its own security policy. This helps to consolidate several systems into one, all the while helping to prevent unauthorized access, and reduce network complexity.

Medical

File type/Size:  PDF 649KB

Challenge: Home health monitoring and diagnostic machines are becoming part of a dispersed medical network used by administrative and medical personnel at all levels. The patient data collected by these systems and distributed over the common network is both highly sensitive and vulnerable to theft.

Solution: Using protected partitions and tiered access levels, sensitive medical applications and patient data can still be shared among health care providers and authorized personnel, but kept hidden from others.

Retail

Challenge: ATM machines and retail POS terminals are responsible for handling sensitive customer data which can include bank account, credit card numbers, and other personal information. Should such data be obtained by thieves, it could be used for large-scale transaction fraud and/or identity theft.

Solution: An Intel vPro technology-enabled system building upon Intel TXT can boot into a trusted environment. This ensures that only the software stack—from BIOS all the way to the application layer—that is intended to run on a system is executing on the system. This prevents any altered software stack, which could contain malware, from executing on the system. Further, through attestation and supporting applications, it is possible to verify that the intended stack has launched on the system.

Gaming

Challenge: Both networked and isolated slot machines located in casinos, airports, and other gaming venues are prime targets for hackers who attempt to steal money by altering the system’s behavior. Further, regulatory bodies must audit these systems, and the software running on these systems, to ensure adherence to regulations.

Solution: A gaming system implementing Intel vPro technology, specifically Intel TXT, can boot into a known, trusted environment through a measured launch. The trusted boot process ensures that only an intended software stack runs on a given system. This prevents any altered software from running on the system. By utilizing attestation implemented in a supporting software stack, it is possible to provide a means of verifying the software launched on a system. Attestation makes it possible to streamline system auditing required by regulatory bodies.

Video

• Intel Trusted Execution Technology video
  Ensuring platform integrity - Enables verification of the platform configuration at boot. Requires special memory on the processor, trusted platform module, and a defined security policy.

Documentations

• Creating a Secure Computing Environment

  File type/Size:  PDF 202KB

  
  Intel Trusted Execution Technology integrates new security capabilities into the platform.

• Technology overview: Intel Trusted Execution Technology

  File type/Size:  PDF 83KB

  
  Intel Trusted Execution Technology capabilities help the security community to evaluate and innovate new platform-level solutions.

• Intel Trusted Execution Technology Software Development Guide

  File type/Size:  PDF 816KB

  
  Intel's technology for safer computing, Intel Trusted Execution Technology, defines platform-level enhancements that provide the building blocks for creating trusted platforms.

Resources

• Intel® Embedded Design Center
• 15 billion intelligent, connected devices Intel® architecture is driving the embedded Internet
• Intel Trusted Execution Technology