Trusted client |
In Computing, a trusted client is a device or program controlled by the user of a service, but with restrictions designed to prevent its use in ways not authorised by the provider of the service. Examples include video games played over a computer network or the content-scrambling system (CSS) to enforce regions in DVDs.
Trusted client software is considered fundamentally insecure: once the security is broken by one user, the break is trivially copyable and available to others. (As Bruce Schneier states, Against the average user, anything works; there s no need for complex security software. Against the skilled attacker, on the other hand, nothing works. ) Trusted client hardware is somewhat less insecure, but not a complete solution (Grand, 2000).
Trusted clients are attractive to business as a form of .
Technically knowledgeable consumers and other manufacturers frequently bypass the limiting features of trusted clients — from the simple replacement of the fixed tuning potentiometer in the early locked radios to the successful DeCSS cryptographic attack on CSS in 1999. Manufacturers have resorted to legal threats via the Digital Millennium Copyright Act and similar laws to prevent their circumvention, with varying degrees of success.
Trusted computing aims to create computer hardware which assists in the implementation of such restrictions in computer software, and attempts to make circumvention of these restrictions more difficult.
=See also=
*Dongle
=References=
*Bruce Schneier: [http://www.schneier.com/essay-063.html The Fallacy of Trusted Client Software], Information Security Magazine , August 2000|
|