Identifying a Platform
The root-of-trust in a platform needs to be able to prove that it exists, and needs to prove that it supplied the evidence about the software state of a platform. The obvious way to do this is to give a separate cryptographic identity to each root-of-trust, so the root-of-trust can sign data. To provide the highest levels of privacy, however, we need some way to identify a root-of-trust while preventing that identification from being used to correlate actions of a Trusted Platform (unless such correlation is actually desired). The TCPA's solution to this conundrum is to enable a platform to have an arbitrary number of uncorrelated so-called "attestation identities," each of which can prove that it identifies a genuine Trusted Platform. The process of generating an attestation identity is too complex to describe here, but involves the platform's owner making a Trusted Platform generate a new cryptographic identity, submit a certification request to a Certification Authority (CA) along with information about a particular Trusted Platform, and request that the CA create a certificate for that identity which can be revealed only in that particular Trusted Platform. (Only the platform's owner can trigger this process.) The properties of the CA determine the correlation properties of the attestation identities. If the CA retains information, it can correlate transactions involving different identities. If the CA doesn't retain information, no one other than the owner of the identities can correlate transactions involving different identities. (Or, at least, no one can use a Trusted Computing Platform identity to correlate transactions involving different identities.) Critically, however, the same identity always identifies the same platform.
Any and all identities can completely hide the true identity of the owner of a platform, if the owner wishes. But presumably the platform owner will create some identities that will (directly or indirectly) be meaningful. This is because, as mentioned before, the level of remote trust in a platform ultimately depends on a willingness by the remote party to believe that the owner of the platform can be trusted not to physically interfere with the root-of-trust in the platform. This requires a meaningful identity.