In this section, we describe the cryptographic authorization mechanisms in the TCPA specification and their usage. We also introduce the optional commands for caching a session.
The purpose of the authorization mechanism is to authenticate the owner of a TPM or to authorize the use of an instance of a TPM capability. The basic premise is to prove knowledge of a secret that is shared between the TPM and an authorized user. This shared secret is called the authorization data.
Choosing Authorization Values
Capabilities that manipulate user data associate a separate authorization value with each separate instance of user data. Other types of capability have just one authorization value. The only restriction ...