Abstract: In distributed environment, digital data can be easily distributed and various kinds of security requirements emerge after the data distribution. However, traditional access control solutions suffer from difficulties both in the access rights authorization and the usage policy enforcement, especially under the heterogeneous, distributed network environments. In this paper, a new architecture called TUC (trusted usage control) is proposed against the information security requirements under distributed environment based on usage control model and trusted computing technology. TUC is presented to achieve usage control based upon the hardware trust root TPM. In this way, confidentiality, integrity and controllability of the data are assured not only in distribution, transmission, storage but also in usage control. It is necessary to design TUC as a general access solution by binding policies to the usage-controlled digital content. So TUC isn't limited to the specific application environment. Moreover, TUC is a negotiable solution because of the key and policy negotiation in our design. In this way, both the user's and the owner's requirements are taken into consideration. The design and implementation of TUC is then detailed in this paper. Test results show that the performance of TUC is acceptable for access control in distributed environment.