"The integrity of the system is protected from tampering and counterfeiting through a sophisticated encryption technology that prevents software emulators (such as driver) to initiate a secure transaction with a program, a hardware device or a remote system. This will be achieved by a pair of RSA keys to 2048 bits that uniquely identifies each TPM.
This key pair, known Endorsement Key ( "Key approval"), is different for each chip and is generated in the production of the chip. In some cases, but not always, is revocable (and therefore changeable) only with a password provided by the manufacturer.
The TPM is designed in such a way that there are no features to extract directly that key, and the same hardware device (as specified) recognize that he has been tampered with. Upon the establishment of a secure transaction, the TPM involved must sign a random number to verify their identity and their adherence to the TCG specifications. This may, for example, prevent counterfeiting dell'IMEI a phone stolen.
The credentials of Approval, Compliance and Platform can generate, at the request of the owner, a Attestation Identity Key (AIK, "key certificate of identity") unique to be a Certification Authority This feature will extend until the creation of a true and its public key infrastructure (PKI) hardware and identification of each unique device meets the specifications TCG. "