Driven by the shift from physical to digital identities and the expansion of network based services, the deployment of identity management solutions is increasing. To support the reation, management and possible destruction of digital identities, various solutions exist and are widely promoted and used. The escalating need for identity management aises privacy and security concerns.

Trusted Computing, as a key technology to establish trust between entities, introduces concepts and architectures that can be used to address these concerns. By combining rusted computing technology with existing IDM solutions, new use cases can be supported. Especially the utilization of the Trusted Platform Module (TPM) as specified by the Trusted Computing Group plays a key role in the realization concept.

Most existing identity management solutions include the use of software based assertions, so called tickets, to manage identities. The goal of the presnted thesis is to develop a concept that allows an individual, either a user or a device, to access a service from a service provider with a chosen identity. The concept shall allow for pseudonymous access to he service provider. The individual therefore retrieves a ticket from an identity provider, making an assertion of the identity. The identity provider verifies the integrity of the system, and based on this assessment issues the ticket. This ticket can then be presented to  service provider to access the service. The service provider establishes a direct trust relationship with the identity provider, relying on the assertions that the identity provider makes. Thus, a chain of trust is generated, allowing the service provider to indirectly may trust in the individual. It is essential for the tickets to be bound to the TPM, and thus the hardware of the system. This increases the security of conventional systems by inhibiting attacks involving copies of issued tickets.

For further information please refer to the theis in the download section.