Proposed Palladium Architecture

Palladium will involve changes to the Windows operating system (OS) and a new cryptographic security chip built into Palladium PCs.

When a user chooses to boot a Palladium PC in secure mode, the system will load a piece of OS code called the Trusted Operating Root (middle). The TOR will create a virtual “vault” (dotted line), functioning like a memory manager for restricted portions of memory. Data and processes running in this restricted area can only be accessed if the TOR gives permission. The TOR also controls access to the security chip.

Trusted software, such as applications (top), will be able to “seal” sensitive data, such as a user’s bank account number, by making an API call to the TOR. At this point, the security chip gets involved, performing two functions. First, the security chip appends a one-way hash to the data (this hash identifies the TOR, and is created at boot and stored in a registry on the security chip). Second, it encrypts this data using a private key specific to the particular PC. (The security chip also performs additional safeguards to prevent other kinds of attacks.)