Examples

This makes TPM devices suitable for compter-related keys; for example, to store private keys needed for the server side of HTTPS or SSH protocols. Or to store a private key that expresses a computer-bound license. In all these situations, the key belongs with the computer.

An USB token is primarily suited for personal keys. Think of client-side HTTPS certificates or client-side SSH keys for example. These keys can be carried from laptop to desktop and it can only be used with the owner's physical consent.

A common TPM misconception

An often-heard idea is to use TPM to protect a laptop. This is a bad idea!

The main problem with laptops is that they can be stolen. If the laptop contains secrets or otherwise sensitive information, these are lost and leaked. Among the good solutions for laptop theft is encryption of such sensitive information. The last thing you want in that case is that the key to decrypt the information is stolen along with the laptop!

A much better solution for the protection of sensitive information, or authentication credentials, on a laptop is to use an external key. While visiting someone, you can leave the laptop in another room but easily take the USB token with you. Just think of making a quick visit to the lavatory and it should be clear -- the laptop stays behind, but a token is quickly pulled out and taken along.