NanoTAP architecture
The NanoTAP architecture allows applications to leverage functionality offered by a hardware or software root of trust (e.g., TPM, Virtual TPM, ARM® Trusted Execution Environment - TEE, Intel® Software Guard Extensions - SGX), at a level of abstraction that is functional and easier to work with (i.e., agnostic to the underlying hardware platform). The benefits include:
Abstraction of functionality common to the various security modules and vendors, such that the details of the implementation are transparent to the end user.
Ability to create plug-ins (SMPs) for additional security modules in a manner that works with applications that program to the NanoTAP API’s.
Abstraction of Trust so application changes are minimal if the underlying “Trust Provider” is replaced by another functionally equivalent solution.
Option to build a client-server model to communicate with remote modules or incorporate in containerized environments. In this model, NanoTAP APIs are invoked securely over the network.
This figure depicts a high-level architecture overview of NanoTAP.
Simplified NanoTAP architecture without remote support.