An essential security capability that, by definition, must be trusted

Note 1 to entry: A TrustAnchor can provide provisions to protect the integrity and confidentiality of functions and related information that are required by an application.

Note 2 to entry: The security capability to achieve protection can be provided with an SecureElement. The SecureElement can provide functionality for, for example, secure generation and use of cryptographic key material, and tamper-protected storage of public key certificates.

Note 3 to entry: Data sets, for example, certificates starting a certification path, require additional protection against manipulation to be considered as trust anchor. This additional protection can be achieved by, for example, storage in a shielded location.

Note 4 to entry: A certificate protected against unauthorized tampering and which is accepted as termination of a certification path is an example for a TrustAnchor.

[SOURCE: ISO/IEC TS 30168]