Trusted path, trusted shell, and Secure Attention Key

The operating system provides the trusted path to prevent unauthorized programs from reading data from a user terminal. This path is used when a secure communication path with the system is required, such as when you are changing passwords or logging in to the system.

The operating system also provides the trusted shell (tsh), which runs only trusted programs that have been tested and verified as secure. TCP/IP supports both of these features, along with the secure attention key (SAK), which establishes the environment necessary for secure communication between you and the system. The local SAK is available whenever you are using TCP/IP. A remote SAK is available through the telnet command.

The local SAK has the same function in telnet that it has in other operating system application programs: it ends the telnet process and all other processes associated with the terminal in which telnet was running. Inside the telnet program, however, you can send a request for a trusted path to the remote system using the telnet send sak command (while in telnet command mode). You can also define a single key to initiate the SAK request using the telnet set sak command.

For more information about the Trusted Computing Base, see Trusted Computing Base.