Larry's notes

[TREND1]

Wave Receives Nasdaq Global Market Notice of Listing Non-Compliance
Tuesday April 29, 6:31 pm ET


LEE, Mass.--(BUSINESS WIRE)--Wave Systems Corp. (NASDAQ: WAVX; www.wave.com) announced that it received a notice today from the Listing Qualifications division of The Nasdaq Stock Market indicating that the Company’s common stock is subject to potential delisting from The Nasdaq Global Market because the market value of the Company’s common stock was below $50 million for 10 consecutive business days, and, therefore, did not meet the requirement set forth in Nasdaq Marketplace Rule 4450(b)(1)(A) (the “Rule”). The notice further stated that the Company is not in compliance with an alternative test, Nasdaq Marketplace Rule 4450(b)(1)(B), which requires total assets and total revenue of $50 million each for the most recently completed fiscal year or two of the last three most recently completed fiscal years.
ADVERTISEMENT


In accordance with Nasdaq Marketplace Rule 4450(e)(4), Wave will be provided a period of 30 calendar days, or until May 29, 2008, to regain compliance with the Rule. If at anytime before May 29, 2008, the market value of Wave’s common stock is $50 million or more for a minimum of 10 consecutive business days (or such longer period of time as the Nasdaq staff may require in some circumstances), the Company will achieve compliance with the Rule.

If Wave has not regained compliance with the Rule by May 29, 2008, the Nasdaq staff will issue a letter notifying the Company that its common stock will be delisted. At that time, the Company may appeal the determination to delist its common stock to a Listings Qualifications Panel. Alternatively, if the Company cannot meet the requirements for continued listing on The Nasdaq Global Market, it may apply to transfer to The Nasdaq Capital Market.

Wave Systems plans to exercise diligent efforts to maintain the listing of its common stock on The Nasdaq Global Market, but there is no assurance that it will be successful in doing so. If the Company does not resolve the listing deficiency, the Company may apply for listing on The Nasdaq Capital Market.

[mundo]

Today's global 24 X 7 environment dictates that a diverse, growing number of users, both local and remote, require access to vital applications and resources for your enterprise to remain competitive. First and foremost, you must recognize that your enterprise's resources and applications not only drive your business today, but that they are becoming your business. Your organization is faced with the conundrum of allowing users anywhere, anytime network access over a variety of devices and access methods. Your users also require the proper authority to access your enterprise's key resources and applications while ensuring that they - and your network - remain secure and protected.

What we are talking about is secure, controlled network access for whoever your users are – office-based or mobile employees, teleworkers, contractors, agents, guests, etc. – from wherever your users may be – remote over a variety of networks and network types or local on your LAN, and by whatever means and devices needed to access your network.

The Pervasive Network Access Voyage White Paper
A whitepaper by Jon Oltsik from the Enterprise Strategy Group (May 2007)
Download

Business managers see "high touch" benefits to network access and why not? Lots of organizations have increased revenue, lowered cost, bolster productivity, and improved communications by opening network doors to guests, contractors, suppliers, business partners and customers. This access comes with a price however. The more endpoints and users that access the network the more dangerous the network neighborhood becomes. It's hard enough monitoring employee for behavior and endpoints, now IT is forced to do the same thing for outsiders with their own network devices. Somehow large organizations must strike a balance between network access and security for internal and external users as soon as possible.

Learn more about Remote Access Control >

Learn more about LAN Access Control >



http://www.juniper.net/solutions/information_technology_topics/controlling_access/index.html

[mundo]

Today's global 24 X 7 environment dictates that a diverse, growing number of users, both local and remote, require access to vital applications and resources for your enterprise to remain competitive. First and foremost, you must recognize that your enterprise's resources and applications not only drive your business today, but that they are becoming your business. Your organization is faced with the conundrum of allowing users anywhere, anytime network access over a variety of devices and access methods. Your users also require the proper authority to access your enterprise's key resources and applications while ensuring that they - and your network - remain secure and protected.

What we are talking about is secure, controlled network access for whoever your users are – office-based or mobile employees, teleworkers, contractors, agents, guests, etc. – from wherever your users may be – remote over a variety of networks and network types or local on your LAN, and by whatever means and devices needed to access your network.

The Pervasive Network Access Voyage White Paper
A whitepaper by Jon Oltsik from the Enterprise Strategy Group (May 2007)
Download

Business managers see "high touch" benefits to network access and why not? Lots of organizations have increased revenue, lowered cost, bolster productivity, and improved communications by opening network doors to guests, contractors, suppliers, business partners and customers. This access comes with a price however. The more endpoints and users that access the network the more dangerous the network neighborhood becomes. It's hard enough monitoring employee for behavior and endpoints, now IT is forced to do the same thing for outsiders with their own network devices. Somehow large organizations must strike a balance between network access and security for internal and external users as soon as possible.

Learn more about Remote Access Control >

Learn more about LAN Access Control >



http://www.juniper.net/solutions/information_technology_topics/controlling_access/index.html

[crazylarry]

With A Routers Market out perform, I guess WAVX is one of the fortunate 25%...CL

[TREND1]

Larry's notes on WAVX is closed again.

[TREND1]

WAVX_WEEKLY
.

[TREND1]

Blue Sky Law

A popular name for state statutes providing for the regulation and supervision of securities offerings and sales, to protect citizen-investors from investing in fraudulent companies. Most blue sky laws require the registration of new issues of securities with a state agency that reviews selling documents for accuracy and completeness. Blue sky laws also often regulate securities brokers and sales- people.

Almost all states have adopted blue sky laws, regulating the sale of securities—investments in bonds, mutual funds, limited partnerships, and so forth. These laws acquired their name as early as 1917, when the Supreme Court issued a decision on "speculative schemes which have no more basis than so many feet of ‘blue sky' " (Hall v. Geiger-Jones Co., 242 U.S. 539, 37 S. Ct. 217, 61 L. Ed. 480).

Blue sky laws place requirements on corporations and securities dealerships that offer investments for sale to the public in a particular state. These laws are in many cases adopted from the Uniform Securities Act, and are usually enforced primarily by the state's attorney general's office. The federal Securities and Exchange Commission (SEC) enforces federal laws that concern foreign and interstate transactions.

State blue sky laws require corporations to register securities before selling them so that regulators can check their marketing information for accuracy. National on-line computer networks that became widely available in the mid-1990s posed new problems for states trying to enforce these requirements. Texas, Ohio, and New Jersey were among states that by 1995 had begun prosecuting some of the thousands of dealers who were offering unregistered investment opportunities to small investors on computer bulletin boards.

State laws usually require corporations to file financial information, and can deny corporations the privilege of doing business if their profile or history is risky. State investigators can determine whether a corporation's financial structure allows it to sell certain securities.

The laws also spell out the qualifications of brokers, dealers, salespeople, investment advisers, and others who work in the securities business. They require dealers to identify the type of investments they are planning to sell and where.

Among the activities blue sky laws seek to prevent are hard-sell tactics. Telephone "stock-peddling" techniques that are high-pressure and misleading can result in the suspension of a broker's license. A 1992 survey by Louis Harris and Associates indicated that more than one-third of all U.S. citizens had received a phone call about investing, and five percent had made a purchase. Many states now require that brokerages and corporations selling on the public market also provide a printed prospectus that describes the risks of investing.

What happens when blue sky laws do not work? States often provide an avenue for victims of illegally sold securities to try to recover their money, sometimes in addition to criminal prosecution. Investors can charge misrepresentation or lack of suitability and can demand restitution from the broker in arbitration. Class action suits can also be filed against a fraudulent brokerage or corporation.

[TREND1]

First jakes-dad and now this wavoid is craking(g)
.................................................
Posted by: micro59
In reply to: None Date:6/18/2006 2:35:02 PM
Post #of 123886

Thanks to all for your thoughts and inputs.

My only remaining "obstacle" in my head is what Weby brought up.
Existing stockholders (investors) and what they believe versus "prospective new investors".
It doesn't make a pile of beans difference what we believe because we have already spent our wad and made our bets. That's why we are the stockholders of record.

What IS important is what do peopole on the sidelines with cash to invest think. How is this company perceived as an investment opportunity?

Heck, it's no secret that the investing has been knowcking our doors down much less are the broad prospective customers even aware of Trusted Computing much less Wave System's role in it.

Yes, it is a matter of time and education and market and circumstances.
But, just to be a contrarian, WHAT IF things go as they have for the past eleven years, always a year late and 5 million short AFTER the reverse split?

Death spiral? No, just a staight line drop into the grave.
Somehow, I just don't see this as being a good thing for the long time shareholders.
As Weby pints out all too well, unless we get some stright talk, (and please keep the baloney off the sandwich)from the leadership (SKS) about real revenues and real significant portending deals that are really going to occur SOON, (not woulda or coulda orperhaps or might or maybe) I see no reason to support this reverse split.
What I see is my shareholder value being chopped and us left holding the bag.

My apologies for sounding glum, but I really think the time for excuses is over and the time for real honest communication is at hand, and should have been at hand a lot sooner.
No sense in me repeating my opinions about BONUSES when a company has to consider reverse splits.

Anyway, I will be voting NO whether it does any good or not because enough is enough. Some truthfulness in disclosure to the shareholders would be refreshing in my opinion.

I'll go away and play happily at other places where the companies are making money and I don;t have to be concerned about reverse splits and enormous bonuses for losing money hand over fist. What a way to get rewarded while the people who have funded you get the shaft while you get the cash. Doesn't quite seem right now does it?

the best to all and good luck to everyone.
I hope you are not in too deep.

micro...

[TREND1]

The Wavoids deserve...
by: HamhockHowie 06/17/06 04:25 pm
Msg: 108944 of 108950

to lose every cent. They willingly abandoned normal investing precautions. They chose to look the other way when management put itself over shareholders time and time again. They made excuses for failure after failure. They tolerated excuses. They believed people who demonstrated they were not worthy of trust. They submitted to a rigidly controlled forum. So, blue, it may indeed be sad, but it's very much deserved.

[TREND1]

an answer/overview
by: bleufang 06/17/06 03:47 pm
Msg: 108942 of 108949

MBarr: I don't think they had any options. I think they tried to BS the NAZ about future prospects and the NAZ said, "Let's look at the books." Case closed.

The fact is, by doing the RS, Wave will at first (v short term) be in compliance, but as the share price drops precipitously as the folks realize the jig is up, Wave will in short order fall below the min. cap--so they will be soon be deficient in both price and min. cap.--if they even make it to July 24th--which I think is doubtful.

RSs work only when the current shareprice is a temporary, short-term situation--which will be corrected by immediate future events.

Wave obviously has nothing else in the bag. They have been touting their "connections" to the gorillas in what was really a penny giveaway so they can say they are "in" Dell, etc. But the revenue formula was such that Wave went deeper in the hole with the more gorillas who carried their stuff.

Wave's only chance was to sell the expensive upgrades by the thousands, and that just was not happening. It was either premature, subpar stuff, piss-poor salesmanship, or some combo of all of these.

The net result is that what Wavoids were told was progress, was a desperate bid to create an illusion of progress, while the final looting took place.

The RS, IMO, is simply an effort to forestall the inevitable bankruptcy and perhaps to loot a little more on the way out the door. The Naz, may in fact have given Wave until July 24th to be in compliance.

Why didn't they do another financing PIPE? IMO, I think Wave was in such a delicate and fragile financial position, as a result of the cumulative previous dilutions and the delisting issue--one more (at a huge discount because of the risk) would have caused the share price to plummet.

If Steven had done the honorable thing Friday and held a news conference and told shareholders the truth, instead of letting this out at twilight Friday, as he slunk off to the horse farm, he might have had a chance at staunching the bleeding.

He might even had been persuasive enought to get the hard-core to hold on a little longer. But then, he would have left himself liable for all kinds of legal challenges, if he did anything but tell the unvarnished, ugly truth.

IMO, reality and past sins have caught up to Wave. The long years of excessive salaries & bonuses; the squandering of a million a year on office leases across the US and in France when there were clearly no sales; the in-your-face nepotism; the continued funding of the all but defunct WXP, the putrid lease deal with Michael, the failure to achieve the much-touted "ramping up;" the abandonment of Wave by all legitimate analysts and financial media; the years of outright deceptive projections and predictions, coupled with zero results--all of that, and more (SEC inv. & shareholder suits) weighed down a stock that was borne aloft by deception and delusion.

The wonder is, it stayed as a going concern as long as it did.

There is going to be a great deal of anger and I would predict even more lawsuits. There were outright lies involved. Remember SKS saying he had contracts in hand...it was BS--that is more than mere corporate puffery.

I'm no lawyer, but I believe I could make the case for fraud and intent to deceive on that count alone. The rest of the Wave story is going to be incredibly ugly, IMO.

I apologize to all I encouraged to buy Wave shares. I have spent the past five years or more doing penance and trying to sound the alarm. I wonder if all those who have been so wrong for so long will own up? I doubt it.

Best wishes to you in a sad, sad time.

Bluefang

[TREND1]

the wretched truth about reverse splits
by: honesty_wave (43/M/Boston, MA) 06/17/06 08:21 am
Msg: 108905 of 108912

http://moneycentral.msn.com/content/P32972.asp

Special note should be taken of the following quote taken from the article.

"As many as 75% of all stocks wind up trading lower after a reverse split."

------------------------

reverse splits are never good news.

[TREND1]

Interesting if true:
.........................
To do it while on the capital market it has something to do with blue sky and they would have to get approval from all the States to do a PP
........................
Posted by: Snackman
In reply to: None Date:6/17/2006 12:21:05 AM
Post #of 123575

In order for Wave to raise enough capital to do business until sufficient revenues are there for breakeven, they need to raise funds. I believe they need one more placement. Wave needs to remain on the National Market in order to do a funding like they did last time, with no discount. To do it while on the capital market it has something to do with blue sky and they would have to get approval from all the States to do a PP if they are on the Capital market and not the National market.

There are two requirements of compliance to be listed on the National market. They have to have a capitulation of 50 million dollars and they have to trade over $1.00. Therefore, I can not see a 1:3 or a 1:4 reverse split, if it comes to that. A 1:3 and a 1:4 would put the capitalization under 50 million dollars and Wave would not be in compliance

Let me make this very clear. This is a plan that NASDAQ required. They said to Wave, give us a plan. They plan is a reverse stock split. That does not mean there will ever be a reverse stock split, it is only a plan.

If the stock were to go up over $1.00 between now and July 24th, and Wave is in compliance, a reverse stock split will not happen.

Everyone must look at this for the long term and short term.

We probably will get hit on Monday and Tuesday, unless something else comes out to negate today’s release, it could happen. The price Monday will be physiological. Why do I say that? Because folks, NOTHING HAS CHANGED. Wave is doing business. They are shipping with Dell and Gateway. There is money in the pipeline. If there wasn’t, there would not have been any revenues last quarter and no revenues in this quarter.

In the short term we will probably get hit for a period of time until something comes out to change that. In the long run it will keep us on the National market, and it will keep the funding open to us. It is also very important that customers that are dealing with Wave, are dealing with a company on the National market, this is very very important.

So, I will vote my shares to approve the plan. I am not voting for a reverse stock split, I am voting for a plan to keep Wave on the National market. If that plan has to be implemented, so be it. NOTHING HAS CHANGED. Wave is going forward with all the companies that they have been made public. Revenues will be flowing from these companies.

We will see where the support is on Monday. This may be the end of some of the small players, running for cover. And guess who will be buying their shares at the lows? The houses and the institutions will be the buyers, and many of the small investors will be gone.

The Govt is well aware now, of lost and stolen computers. If the Govt mandates all computers are to have encrypted data, Wave and Seagate are sitting in the cat bird’s seat, and I believe this will happen. They would be foolish not to endorse this.

I will say this one more time: it is imperative Wave remains on the National market. I have listed the reasons above.

[TREND1]

How long does the Appeals process take?
Generally, the process takes two to three months from the time the notice of appeal is received from the company to the time that the NLHRC issues its decision.

[TREND1]

Nasdaq Appeals Process

Frequently Asked Questions

Appeals Process
After the company has attended a hearing and has received an unfavorable decision, it may wish to appeal to the NASDAQ Listing and Hearings Review Council ("NLHRC"). The NLHRC may also decide to review the Panel's decision on its own accord. This section pertains to questions regarding the appeals process.

Applicable Rules: Marketplace Rule 4800 series.

What does the company have to do in order to appeal a Panel decision?
The Hearing Panel's decision letter will outline the steps necessary to file an appeal. The decision letter will also include a fee payment form. The company must file written notification of its appeal with the NLHRC through the General Counsel's Office of Appeals and Review within 15 calendar days from the date of the Panel's decision. A facsimile request to (301) 978-8471 suffices for this purpose. The company must also submit the $4,000 appeal fee and the payment form within 15 calendar days from the date of the Panel's decision. The fee must be sent in the form of a check to:

Regular Mail
The Nasdaq Stock Market, Inc.
P.O. Box 7777-W0435
Philadelphia, PA 19175-0435 -or- Courier/Overnight
The Nasdaq Stock Market, Inc.
W0435
c/o Mellon Bank, Room 3490
701 Market Street
Philadelphia, PA 19106


The company must also send a photocopy of the check via facsimile and/or mail to the General Counsel's Office of Appeals and Review within 15 calendar days from the date of the Panel's decision. The company may also wire the appeal fee to:

Bank Name: PNC Bank
Bank Address: Washington, DC
ABA Number: 031000053
Account Name: The Nasdaq Stock Market, Inc.
Account Number: 5300401669
SWIFT Number: PNCCUS33
Reference: Hearing Docket Number, Company Name, and Company Symbol


How are the deadlines computed in the delisting letters and in any subsequent dates set by Hearings Department or Appeals?
The company must file written notification of its appeal with the NLHRC through the General Counsel's Office of Appeals and Review within 15 calendar days from the date of the Panel's decision. In accordance with Marketplace Rule 4885, the "clock" does not begin until the day after the letter date and the deadline date is included in the calculation. However, if the deadline date should fall on a Saturday, Sunday, federal holiday or NASDAQ holiday, then the deadline date will be moved to the next business day. In computing all subsequent deadlines, the same principle applies.

What happens when an appeal is requested?
Upon receipt of the notification of appeal and the fee, the request will be placed in the earliest available NLHRC docket. The company will be provided with a confirmation and instructions regarding the appeals process. A copy of the confirmation letter is forwarded to the Listing Qualifications Department requesting that it provide the NLHRC with an update of the company's compliance with the listing standards. This update is also provided to the company, along with a list of those documents comprising the record on review.

In addition, the company may submit any additional information that it wishes the NLHRC to consider on unbound, single-sided 8 ½" x 11" paper by a date stipulated in the confirmation letter. The NHLRC then reviews the Panel's decision on the basis of this information. The NLHRC may also consider the existence and content of public filings and press releases issued by the company and the company's non-compliance with any NASDAQ listing requirements.

What is the NLHRC's level of review when it considers a matter?
The NLHRC conducts a de novo review of the Panel's decision. It considers information available subsequent to the Panel's decision, including new deficiencies and the cure of prior deficiencies. It will also consider all information provided by the company prior to the date stipulated by the NLHRC in its letter confirming the receipt of the request for review. The NLHRC may also consider public filings or press releases of the company.

Is the company entitled to an oral hearing before the NLHRC?
No. According to the procedures for review by the NLHRC, included in the NASDAQ Marketplace Rules, Rule 4840(f) states: "the NLHRC will consider the written record and, at its discretion, hold additional hearings [emphasis added]." It should be noted that the NLHRC has never requested an oral hearing.

How long does the Appeals process take?
Generally, the process takes two to three months from the time the notice of appeal is received from the company to the time that the NLHRC issues its decision. The NLHRC generally meets once a month. However, a decision is not considered final until the NASD Board declines to call the matter for review. Accordingly, this may add another one to two months to the time period prior to when the company can appeal the decision to the SEC. The company must exhausted all of its remedies within NASDAQ before it can file an appeal with the SEC.

Is a Listing Council decision public?
Yes. NASDAQ is required to file the NLHRC decisions with the SEC when they become final. The SEC makes the decisions available to the public. In addition, NASDAQ may publish summaries of decisions in a manner that removes information that would allow identification of the company.

Does an appeal postpone the delisting of the company's securities?
No. A request by the company for review of a Panel decision by the NHLRC will not operate as a stay of the Panel decision. In addition, a "call for review" of a Panel decision by the NLHRC does not operate as a stay of the Panel decision, unless the call for review specifies to the contrary. In some circumstances, the NHLRC may, on its own initiative, determine to stay the delisting.

What is the "Call for Review" process?
The NLHRC reviews all Panel decisions and any member of the NLHRC may request that the full NHLRC review a Panel decision, regardless of whether the company appeals the decision. The NLHRC must call the decision for review within 45 calendar days of the Panel's decision. A call for review is solely at the NLHRC's discretion. Once the NLHRC calls the decision for review, the process is similar to the appeals process. The NLHRC's call for review determination is made without regard to whether the company appeals the Panel decision. However, if the NHLRC subsequently withdraws its call for review, the NLHRC will no longer consider the matter unless the company has filed an appeal within the requisite time period.

[TREND1]

Note: WAVX_WEEKLY is charted on a semilog scale, so the chart will "NOT" change
no matter what the share holders vote to do.

[TREND1]

WAVX_WEEKLY
Both Major and Minor Trends are down.
.

[TREND1]

More on BitLocker does not need WAVX.
On less you want more then you really need.IMHO.
................................
Posted by: SheldonLevine
In reply to: awk who wrote msg# 123408 Date:6/15/2006 3:58:15 PM
Post #of 123442

awk, re: BitLocker/AD/KTM

1. I suppose that depends on how you define "key management". BitLocker can use AD to escrow SRKs, but that is only one key for disaster recovery. So if one accepts a definition of "key management" that includes keys other than the SRK, one could easily argue that your statement is correct.

2. Yes, that is correct. Although, KTM/KMS does not use AD as a data store for keys (as BitLocker does) - it uses AD for policy management and user authentication.

>>>
Active Directory — Embassy Key Management Server uses Active Directory for user authentication and policy management. Access control and authentication is achieved by role-based authentication and is integrated with Active Directory user authentication.
...
Policy-Driven — Embassy Key Management Server is policy-driven and designed to work with trusted platforms and enterprises having different security policies. The policy editor allows an administrator to set policies. Policies are administered through Active Directory and the server policies override client settings.
<<<
http://www.wave.com/products/ekms.html

Regards

SL

[TREND1]

More on BitLocker does not need WAVX.
.......................................
SheldonLevine is the best. IMHO.
.....................................
Posted by: SheldonLevine
In reply to: Ramsey2 who wrote msg# 123406 Date:6/15/2006 11:28:30 AM
Post #of 123409

Ramsey, re: BitLocker keys

Absolutely. Wave's key management solution is more extensive and more robust than the current Microsoft offering. I would not be surprised to see enterprises implementing KTM Client/Key Management Server in conjunction with their Vista/BitLocker rollouts.

However, it is certainly not a requirement since AD will store SRKs...at least there is some basic key escrow built in.

Regards

SL

[TREND1]

WAVX not required to use Vista's BitLocker.
...............................................
Posted by: SheldonLevine
In reply to: mjan112 who wrote msg# 123395 Date:6/15/2006 9:31:52 AM
Post #of 123402

Mjan, re: BitLocker

No, Wave's key management software would not be required. BitLocker is integrated with Active Directory to the extent that SRKs (System Recovery Keys) can be saved in Active Directory per user.

More detailed information here:
http://www.investorshub.com/boards/read_msg.asp?message_id=11455865

Regards

SL

[TREND1]

Vista can use either TPM or USB stick
.............................................
Comment:
Vista can be used on older computer which may not have a TPM.
.........................................
Posted by: goepling
In reply to: None Date:6/15/2006 7:57:02 AM
Post #of 123394

Microsoft: Vista Most Secure OS Ever

http://www.betanews.com/article/Microsoft_Vista_Most_Secure_OS_Ever/1150366131

excerpt: ...On the hardware level, Microsoft has implemented BitLocker full disk encryption. Using a TPM chip located on the motherboard or USB stick, BitLocker literally encrypts data while it is being written to the disk.

[TREND1]

Item (1) is 99% of the game. IMHO.
.............................................
Posted by: Snackman
In reply to: None Date:6/14/2006 12:01:12 PM
Post #of 123339

Many of us have said that the street does not know about Wave yet. That is a fact. How does the street learn about Wave?

(1)They learn by seeing revenues.

(2)They also learn by attending Rodman & Renshaw Security, Biodefense & Connectivity Investor Conference in New York, Monday, June 19th

It's called EDUCATION. Investors have to be educated on what TPMs are, and where Wave fits into this picture.

Everyone of these presentations educates those that attend. Many of you degrade these presentations, and those of you that do, are blind to the fact that this is one way of EDUCATING investors toward Wave.

Wave is the leader in Trusted Computing, make no mistake about that.

[TREND1]

****76 consecutive quarters of consecutive losses.
THIS HAS TO BE A RECORD !!!!
....................................................
by: bleufang
Long-Term Sentiment: Strong Sell 06/13/06 11:17 pm
Msg: 108699 of 108699

Mandy: Never claimed I could outsmart fence posts. However, most Wavoids who believe in the Wave success story might be smart not to bring up the subject of intelligence, except over on i-Sub.

Nearly 19 years without even a modest success. We are about to celebrate 76 consecutive quarters of consecutive losses. Predictions 100; delivery 0. Spragues 76, shareholders 0. But you'll tell me it will happen next quarter.

Bluefang

Not claiming to be bright, but my record is 100% better than yours.

[TREND1]

Must study this.
Since 2003
...................
Posted by: mundo
In reply to: None Date:6/13/2006 8:56:27 PM
Post #of 123304

Decru unveils Lifetime Key Management 3.0 Appliance
Wednesday 7 of June 2006
The LKM Appliance extends Decru's proven capabilities for secure, automated, enterprise-class management of storage encryption keys and adds integration capabilities for third-party encryption products.

Continuing disclosures of privacy breaches are driving requirements for enterprise-wide encryption and key management. The Decru Lifetime Key Management system, which has been shipping since mid-2003, is a storage key management system. Decru DataFort storage security appliances and LKM already support many storage security deployments, including financial services and Global 1000 customers. The LKM Appliance extends this position by providing centralized key management for heterogeneous third-party software and hardware encryption devices.

The Decru Lifetime Key Management system uses Decru DataFort secure hardware to protect and manage encryption keys throughout their entire lifecycle, including key generation, replication, archiving, recovery, sharing, and deletion. The Decru Storage Encryption Processor (SEP) has received FIPS 140-2 Level 3 certification, and is used today in highly sensitive military and Global 1000 enterprise environments. The new LKM Appliance incorporates Decru SEP into a dedicated key management appliance, enabling a broader range of functionality for centralized management and policy enforcement.

The LKM Appliance provides a wide range of benefits:

Mature platform: The Decru key management platform has been proven in demanding real-world deployments, supporting large clusters of encryption devices across multiple distributed data centers.
Scalability: Each appliance can securely store more than 10 million encryption keys, and an LKM fabric consisting of clustered appliances can scale to support over a thousand encryption devices.
Secure management: The LKM Appliance is also designed for FIPS 140-2 Level 3 physical security. Administrative access is secured by two-factor authentication, role-based access controls, and smart card quorum requirements for sensitive operations.
Automation: The LKM Appliance securely automates key management functions including key generation, replication, archiving, recovery, and sharing. The LKM Appliance and DataFort appliances automatically and securely propagate encryption keys to configured systems and utilize features such as key translation and trustee key sharing to enable secure information sharing across groups or companies. Decru CryptoShred secure deletion enables sophisticated lifecycle management of encryption keys, including policy-based key expiration.
Heterogeneous support: The LKM Appliance provides centralized key management across all DataFort appliances, enabling enterprise-wide support for NAS, DAS, iSCSI, FC SAN, and tape storage environments. The LKM Appliance can also be deployed to support new and existing Decru DataFort appliances.
Open and standards-based: The Decru OpenKey partner program and APIs enable unified support for heterogeneous encryption systems, simplifying the deployment of encryption across multiple environments.
Secure key generation: Many encryption systems lack the ability to generate strong, random encryption keys, significantly reducing the overall level of security. Decru DataFort and the LKM Appliance use a hardware-based true random-number generator to create strong, high-entropy keys.

Decru Lifetime Key Management 2.5 software is available immediately. The Decru Lifetime Key Management Appliance is planned for availability in Q3 2006.

Decru has also announced that Symantec and Quantum have joined as charter members of the Decru OpenKey partner program, which provides a framework for development of standards-based multiparty encryption solutions.

Responding to customer demand for greater security, many storage and data management vendors have announced plans to incorporate encryption and security features into their products. For large enterprises, however, the prospect of operating proprietary key management systems for every system and vendor presents substantial challenges.

To address these challenges, Decru has also announced new application programming interfaces (APIs) for the Decru Lifetime Key Management 3.0 appliance to enable centralized, standards-based key management services for multiple third-party encryption systems across the enterprise. The Decru OpenKey program provides partners with the standards-based APIs, developer kits, reference implementations, and technical support to facilitate development of interoperable encryption and key management solutions. The OpenKey program builds upon Decru's unique role as an independent security vendor to facilitate development and standards cooperation among competing data management vendors.

Emerging storage security standards provide a starting point for development of interoperable encryption systems, but standards provide only a starting point. Successful integration and support of these systems requires a great deal of sustained vendor cooperation. Decru is one of the first storage security vendors to combine open key management with a full line of storage security solutions, enabling unified security across enterprise NAS, DAS, IP SAN, FC SAN, disk-based data protection, and tape environments.

The ultimate goal of the Decru OpenKey program is to help enterprise customers simplify the daunting security requirements for heterogeneous data management environments. By enabling centralized, secure key management for data encryption at multiple layers  including content management, applications, fabric, and storage devices  Decru has expanded the value it can offer enterprise customers.

To further complement this vendor initiative and ensure interoperability at mutual customer sites, the NetBackup support of the Decru DataFort appliance is in process and planned by Q3 CY2006.

Decru has been heavily involved in industry standards development efforts in the area of storage security. Decru's participation on standards committees includes:

IEEE P1619: Decru co-authored the emerging P1619 storage security standard, and implemented many of the critical data-at-rest security features three years ago.
ANSI T10: Decru has contributed proposals for enhancing key security and authentication.
TCG: Decru is as a Contributor Member of the Trusted Computing Group, and participates in multiple committees.

More information is available at: www.decru.com

http://72.14.207.104/search?q=cache:Srd93LNtfPQJ:snseurope.com/snslink/news/news-full.php%3Fnewsid%3....

[TREND1]

Re: Wavoid chorus sings out loud
by: bleufang 06/12/06 09:56 pm
Msg: 108622 of 108627

John: May I quote the learned Wavxmaster: "Free speech, take it to Yahoo. There they can enjoy themselves with their equals! Will this board be diminished without them, perhaps, but it is diminished more with them."

And as you well know, the 1st Amendment, (followed by relevant commentary.)

CONGRESS SHALL MAKE NO LAW RESPECTING AN ESTABLISHMENT OF RELIGION, OR PROHIBITING THE FREE EXERCISE THEREOF; OR ABRIDGING THE FREEDOM OF SPEECH, OR OF THE PRESS; OR THE RIGHT OF THE PEOPLE PEACEABLY TO ASSEMBLE, AND TO PETITION THE GOVERNMENT FOR A REDRESS OF GRIEVANCES.
The Bill of Rights to the U.S. Constitution was ratified on December 15, 1791

"Censorship reflects a society's lack of confidence in itself. It is a hallmark of an authoritarian regime . . . ." Supreme Court Justice Potter Stewart, dissenting Ginzberg v. United States, 383 U.S. 463 (1966)

Best wishes--Bluefang

[TREND1]

Posted by: helpfulbacteria
In reply to: None Date:6/12/2006 7:48:57 PM
Post #of 123208

Re: the latest fraudulent rumor...

As some know, there's been discussion of a Wave/McAfee incompatibility and the notion that identiPHI might be in a position to take Dell business from Wave. In one variation of the story, even a reference to Phoenix got thrown in for good measure.

This rumor has been crawling around the edges here... It's the lastest "hack" aimed at undercutting investor confidence.

I decided to lob an e-mail into a Wave executive to see what they had to say about these matters. Here's the response in its entirety:

"Wave's support site has a list of the current outstanding issues and fixes for ETS and Dell machines. Shipping our product in the volumes that Dell does did encounter a few problems initiallly, as you might expect, but as far as I know we have been very responsive in getting the fixes to Dell and things have progressed well. While Identiphi and Softex both have some of the applications that Wave has in ETS, neither one have the range of TPM support and applications, including the multifactor preboot support that Wave has implemented for Dell platforms. Phoenix? they almost never appear on the TPM playing field as far as I know."

My Comments:

** Is anyone (other than bashers) REALLY surprised that software requires patches? Giant application development organizations and tiny ones... REGULARLY create stuff that needs to be refined at a later time. This is NOTHING new.

** We now know (thanks to Doma) that the McAfee issue is in the words of McAfee their "defect" not Wave's. There has been a curious silence ever since that FACT and LINK showed up.

Best Regards,

c m

[TREND1]

Again ! No WAVX needed for Seagate Hard Drive.
Just a simple password:
If the drive really needs WAVX,
then there will be a big jump in revenue,
due to the WAVX upgrade required.
................................
Which way are you going to bet ?
..................................................
Posted by: mundo
In reply to: None Date:6/12/2006 4:13:21 PM
Post #of 123197

Seagate’s New Hard Disk Drive Encrypts Data.
Seagate Momentus FDE Locks the Data

Category: Storage

by Anton Shilov

[ 06/07/2006 | 11:57 PM ]


The leading hard disk drive (HDD) manufacturer Seagate Technology has introduced its new hard disk drive for mobile computers that can automatically encrypt the data stored on it. Even though modern laptops can provide pretty advanced access protection mechanisms, for those, who want to get unauthorized access to something they are not supposed to see, there many possibilities. Momentus 5400.2 FDE eliminates one of them.

Seagate said that lost or stolen notebook personal computers (PCs) can cost companies millions of dollars in compromised trade secrets and intellectual property and threaten consumers with the high cost of identify theft. Still, according to the Ponemon Institute’s 2005 National Encryption Survey, the primary reasons organizations cited for not encrypting sensitive or confidential information were concerns about system performance (69%), complexity (44%) and cost (25%).

Momentus 5400.2 FDE performs all cryptographic operations and key management within the drive. For users, only a password is needed to self-authenticate for full drive access, which greatly simplifies the ownership of a computer featuring the technology. The new hard drive carries a special chip that performs 128-bit AES encryption at the speed, which matches the bandwidth of HDD’s interface, e.g. Serial ATA 150Mb/s. Given that the chip is specially tailored for encryption operations, it provides higher energy efficiency compared to software-based approaches, which require the power of the central processing unit.

Momentus 5400.2 FDE can be used with third-party management software to give organizations an easy way to set up and configure the Momentus 5400 FDE drive and automate protection and management of passwords and encryption keys.

Momentus FDE 5400.2 with 5400rpm spindle speed and 8MB cache, will be available in the first half of 2007 in 60GB, 80GB and 160GB capacities for Serial ATA-150 interface. Average seek time is declared to be 12.5ms, inline with current-generation mobile hard drives.


http://www.xbitlabs.com/news/storage/display/20060607235730.html

[cosmoworld7]

OK. eom

[TREND1]

You wrote
what is the purpose of this board, why not just post on the Wave board? tia.


Comments:
(1) You must be joking? Right ?
(2) Many of this posts would be deleted on WAVX board.
(3) Even my WAVX WEEKLY chart was recently deleted.
(4) Also Snackman got Matt to change the name of this board.
It used to mention WAVX, but that was deleted in the name.
(5) Could add more, but that is enough for now.

[cosmoworld7]

what is the purpose of this board, why not just post on the Wave board? tia.

[TREND1]

Posted by: Jay Signor
In reply to: None Date:6/10/2006 11:33:56 AM
Post #of 123117


Enclosed is the first HSPD-12 RFP of many. Please enjoy the read; no mention of TPM.

http://fs1.fbo.gov/EPSData/DOL/Synopses/9191/DOL069RP20209/RFP-DOL069RP20209v1-3lAWRENCE.doc

[TREND1]

Posted by: Jay Signor
In reply to: None Date:6/10/2006 11:09:22 AM
Post #of 123117

Wave & Identiphi positioned on Dell Federal Solutions:

http://www.dell4fed.com/solution_detail.php?si=71&cn=4

If you look at these new Piv2 & HSPD-12 RFP's they do not request TPM only user authentication and this is bad news because Dell positions Identiphi as it's user authentication suite.

I also noticed two Enterprise SKU's for Identiphi on Dell. Apollo and DR Horton:

http://search.dell.com/results.aspx?c=us&l=en&s=hea&cat=prod&cs=RC968571&k=ident....

Wave: Nothing in the Enterprise SKU's: http://search.dell.com/results.aspx?c=US&l=en&cs=rc968571&cat=snp&Pageb4Search=searc....

[TREND1]

Posted by: Jay Signor
In reply to: MaynardG who wrote msg# 123090 Date:6/9/2006 10:35:44 PM
Post #of 123091

Hello Maynard,

I don't mean to be disrespectful because I've seen how quickly someone gets booted from this board, but I feel I need to be honest, and reap the consequences but the truth will set you free.

I know too much about Wave and really want them to succeed with Dell but because I don’t want Identiphi or Softex to knock Wave out of Dell.

Here is what I know, my room mate works for Dell S&P and told me a week ago that the Wave/MacAfee or Norton problem was so bad that they stopped shipping Wave for a few weeks. They made a quick fix by adding a one sheet to every system shipped. Dell is still being inundated with support calls.

To answer your question he said Phoenix Technologies offers both TPM & Virtual TPM support. My fear is both Identiphi and Softex both offer Phoenix TPM support in there product.

The worst of all this is Identiphi has a good relationship with Dell and Softex with Lenovo. IdentiPhi has won numerous Enterprise deals with Dell while Softex with Passlogix are winning deals with Lenovo and IBM.

We’ve won Papa Johns with Dell.

Gulp.

[TREND1]

Posted by: Vacationhouse
In reply to: None Date:6/9/2006 9:24:15 PM
Post #of 123089

OT:Intel reveals R&D plans


PC Advisor
http://www.pcadvisor.co.uk/news/index.cfm?newsid=6355

June 10, 2006

Intel reveals R&D plans
Energy efficiency and performance are key
Linda Leung

Intel recently showed off a range of advanced-stage research projects to the press and potential partners at its fourth annual Research at Intel Day held at its facility in Santa Clara. The projects spanned mobile technology, enterprise computing, large-scale computing platforms and "people-centred" computing and are being developed under Intel's current mantra of "driving energy efficiency and performance."


In his keynote session that opened that day, Justin Rattner, Intel CTO, said: "It takes a good four years to develop a new generation of microprocessor, and another 3 or 4 years preceding that for research and getting the ideas. What you will see today is work that has been going on for the last few years." Intel did not announce which of the projects would make their way into the market.

Rattner said one of Intel's goal is to achieve 10 times improvement in the energy efficiency and performance of its processors over the next three to four years. In communications, he said the major theme for Intel researchers is WiMAX and ultrawideband, adding that the two technologies will be "fully deployed in the platform over the coming year." In enterprise computing, Rattner said Intel is "going after the maintenance portion of the pie," with research focused on virtualization, data center performance and security.

Among the enterprise computing research being demonstrated Wednesday, were:

The adaptive firewall

Intel's traffic-adaptive filtering technology has been in development for two years. It sits on any node on the network and learns about traffic patterns to introduce shortcuts to frequently travelled paths. In their demonstration, Intel researchers showed a video streaming application going from a server to a client via a router with a firewall. The researchers launched a denial-of-service attack against the router but the video traffic was unaffected because the filtering technology had placed shortcuts in the frequently travelled paths between the server and the client, and the attacker to firewall, which reduced the number of memory accesses in the classification process and increased the throughput of the firewall. The researchers said they plan to make available the technology as open source by year-end.

Trusted platforms with virtualization

This research puts Trusted Platform Modules (TPM) into the virtualized computing environment. TPMs, based on specification developed by The Trusted Computing Group, are microcontrollers used to store and authenticate passwords, digital certificates and encryption keys. In its research, Intel puts software-based Virtual TPMs (VTPM) in front of each virtual machine client to attest their status to the authentication server, which decides to allow or deny the virtual machine's access to the whatever server it wants to connect to based on their status as reported by the VTPM. The technology has been in development for almost two years.

Dynamic thermal management of the data centre

Developed in conjunction with Arizona State University, this research enables job scheduler software to take into account the temperature of servers or server blades before deciding which data centre component should do the job. The result should be an online thermal control framework that monitors and manages data centre thermal performance from a holistic viewpoint. The researchers say the challenge for the project is to make the system reactive so that it knows when servers are starting to fail because of heat issues. They say it could be another two years before this project could be presented to Intel as a potential product.

Corroboration catches stealthy worms

Slow worms are hard to catch, say Intel researchers, particularly if they try to hide in background traffic. In distributed detection inference, a node would raise an alarm if something odd is happening and reports this to another node. However, the node may be reporting a false positive. But if a few other nodes do the same thing -- raise alarms and report to another node -- the message would eventually reach a trusted node, which would decide on what action to take. Intel researchers describe this as nodes "gossiping" for the good of the network and said that most of the time, the network is able to tell that a worm is attacking when there is a low-level of infection. Researchers say the challenge is to put this distributed detection inference technology onto the node's hardware rather than software, which would put it at risk of being taken over by the worm.

All-wireless mesh

Intel researchers say the all-wireless mesh moves all network capabilities to the edge, enabling all nodes on the network to communicate with and through each other using wireless technologies and mesh networking. Intel said the technology could promote the formation of ad-hoc groups that could share different information between each other wirelessly. The research uses distributed virtualization based on PlanetLab, an experimental network built by academic and commercial researchers across the world that rides over the public Internet.

[TREND1]

Good email from WAVX CEO
............................
Posted by: zen 88
In reply to: None Date:6/8/2006 12:22:43 PM
Post #of 123025

Response from SKS re: 'third party

solutions':


Hello Steven,

Can you please tell me if all three of the following references are to Wave software? Thanks.

from Seagate:

Momentus 5400.2 FDE can be used with third-party management software to give organizations an easy way to set up and configure the Momentus 5400 FDE drive and automate protection and management of passwords and encryption keys. Seagate's encrypting notebook drive also offers these benefits:

from Dell:

CASE STUDY

Restaurant Group Puts Security on Its Menu
Before they could leverage new efficiencies from an upgraded IT infrastructure, Papa Gino's Holdings Corporation needed a unified corporate IT security solution. Relying on Dell hardware, seamlessly integrated with a third-party software solution, this restaurant operator found that Dell delivers.

from Intel:

PC's with Intel vPro technology now provide integrated support for TPM 1.2 through a discrete third-party solution. Windows Vista Bitlocker can use TPM 1.2 to provide enhanced protection for data and to assure early boot component integrity.

I'm assuming the answer is yes, based on my knowledge of what's happening, but wondering why they just don't say "Wave Embassy Trust Suite" (or something similar), if it's a direct reference.

Thank you, and good luck as always.

SKS:

All three of them refer to wave but in the case of Seagate thay have other software providers who have said they are building support we are the only company doing TPM integration, Papa Gino’s is our stuff and Intel is a standard hardware platform that has a TPM so in theory any TPM software would work. Intel motherboards have chosen us.


steven

I'm always amazed how available the CEO is to answer our questions, and clarify things.

[TREND1]

Re: New Intel Chip I guess I was wrong?
by: 5par 06/08/06 11:05 am
Msg: 108352 of 108353

<<<Symantec and Intel Collaborate to Change Security Computing Model Isolating Endpoint Security from Main Operating System Increases Enterprise IT Confidence

CUPERTINO, Calif. – April 24, 2006 – Symantec Corp. (NASDAQ: SYMC) today announced it is working with Intel Corp. to build security solutions for the new Intel® vPro™ technology that will allow IT managers to effectively manage security threats outside the main PC operating system (OS). In this isolated virtual environment embedded within Intel vPro technology, Symantec's security solutions will be more tamper resistant and always on, monitoring and protecting the desktop.>>>


AND...

<<<With TrustedCore SP2, Phoenix continues its industry leadership in providing aplatform for ensuring that PCs, notebooks, embedded systems, servers, andembedded servers meet current and emerging security standards and requirements.Phoenix TrustedCore SP2 supports the Trusted Platform Module (TPM 1.2) specification and is the first firmware to fully implement key industry standards required for Microsoft Windows Vista. TrustedCore SP2 support of the TPM 1.2 specification helps ensure that malicious code cannot invade a device early in its boot process.

Phoenix Technologies Ltd. (Nasdaq:PTEC - News) is a global market leader in device-defining software that assures endpoint confidence, from the start. The company first established dominant industry leadership 26 years ago with BIOS software, currently has over one billion products deployed and continues to ship in over 100 million new systems each year.>>>


AND...pick any of 100 MAJOR security software companies that will add this functionality WHEN NEEDED!
......................................................
TIME WILL TELL !!!

[TREND1]

mbarr thanks for the post
by: fritinancy (53/M/London, UK) 06/08/06 10:02 am
Msg: 108348 of 108352

http://www.intel.com/vpro/pdfs/vista_solutions_brief.pdf


nice information


The phrase "discrete third-party solution" signals that there might be a few sources of software.

There is still a great deal of fuzz surrounding the area.

What Vista compatibility will mean, and how that relates to the TPM are yet to be demonstrated.

What appears significant at this point is that Microsoft will not be requiring a user to purchase additional software to use the TPM.

Which leaves us all still uninformed about what enhancements will be Vista compatible and what companies will be certified as such.

Same old story. Everybody is waiting for Microsoft.

[TREND1]

New Intel Chip -Vista -No WAVX
by: mbarr350 06/08/06 09:39 am
Msg: 108346 of 108352

PCs with Intel vPro technology now provide integrated support for
TPM 1.2, through a discrete third-party solution. Windows Vista
BitLocker* can use TPM 1.2 to provide enhanced protection for data
and to assure early-boot component integrity. This helps protect
data from theft or unauthorized viewing, by encrypting the entire
Windows volume. With TPM support built into the PC and secure
boot-up in Windows Vista, IT administrators can be more confident
that sensitive information on these PCs is more secure.

[TREND1]

This shows new dual-core computers have TPM
.............................................
Posted by: Snackman
In reply to: None Date:6/8/2006 10:16:08 AM
Post #of 123010

http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=188702395

HP Rolls Out First Dual-Core 64-Bit Notebook

By Jeffrey Schwartz, VARBusiness
VARBusiness, 4:50 PM EDT Tue. Jun. 06, 2006

Capping the launch of a new lineup of mobile PCs during the past month, Hewlett-Packard today became the first vendor to launch a notebook PC with a dual-core 64-bit processor. The company also launched a high-end docking station with built-in networked attached storage (NAS) to support its line of notebooks.

The new Compaq nx6325 is the first notebook to support AMD's Turion 64 X2 processors, launched last month and also marking the first dual-core 64-bit processors. Granted, while many applications will show performance improvements with dual-core processors, the benefits of having a 64-bit processor, no less two, are limited today. But that is expected to change once Microsoft's Windows Vista starts shipping.

HP is targeting the Compaq nx6325 at small and midsize businesses, many of which are expected to use the system for business and personal purposes, says Carol Hess-Nickels, director of commercial notebook marketing.

"We tend to see SMB customers migrate to newer technologies first," Hess-Nickels says.

The system is also available with a single-core AMD Semperon processor. Like several other new models, the nx6325 comes with a biometric finger scanner, a TPM embedded security chip and choice of a 15-inch BrightView or XGA display. (Those who run video will prefer the former, while customers using the machines primarily in offices will find XGA displays offer less glare).

The nx6325 will ship by the end of this month. HP hasn't disclosed pricing on the dual-core notebook, but the Semperon-based system starts at $1,049.

Meanwhile, the new 3-in-1 NAS Docking Station comes with a 160-GB SATA drive, which can be configured to automatically back up whatever is on the notebook drive onto the drive. By configuring it as NAS, any data on the drive can be shared and accessed via a VPN or network connection.

Two of the six USB ports are networked, meaning any peripheral on those ports can be shared or accessed remotely--from scanners to printers and even additional USB hard drives.

The docking station, to ship by the end of this month, is priced at $399. For expandability, it has an extra bay and PCI Express port. It will support all of HP's new commercial notebooks with the exception of its ultraportable systems.

[TREND1]

Posted by: SheldonLevine
In reply to: wavxmaster who wrote msg# 122770 Date:6/8/2006 12:47:46 AM
Post #of 122997

wavxmaster, re: BitLocker

Two seperate pieces, formerly known as "Secure Startup" and "Full Volume Encryption" are now referred to as "BitLocker".

From 6 months ago, regarding partition requirements and key management utilities:
http://www.investorshub.com/boards/replies.asp?msg=8707516
From 8 months ago, same as above:
http://www.investorshub.com/boards/read_msg.asp?message_id=8023355
From 9 months ago, regarding Secure Startup/TPM:
http://www.investorshub.com/boards/read_msg.asp?message_id=7727853

I don't think that BitLocker TPM support is new...
Apologies in advance if I'm not following your line of reasoning.

Regards

SL

[TREND1]

Posted by: SheldonLevine
In reply to: x-point who wrote msg# 122969 Date:6/8/2006 12:04:48 AM
Post #of 122997

x-point, 24601, re: thoughts

x-point, very nice.

To further clarify, however, the TPM does actually implement some encryption functionality - not just the TSS.

See 2.2.2, 2.2.2.1, and 2.2.2.3
https://www.trustedcomputinggroup.org/specs/TPM/tpmwg-mainrev62_Part1_Design_Principles.pdf
tinyURL: http://tinyurl.com/rqctw

>>>
2.2.2 Cryptographic Co-Processor
Start of informative comment:
The cryptographic co-processor, Figure 2:a C1, implements cryptographic operations within the TPM. The TPM employs conventional cryptographic operations in conventional ways. Those operations include the following:
Asymmetric key generation (RSA)
Asymmetric encryption/decryption (RSA)
Hashing (SHA-1)
Random number generation (RNG)
The TPM uses these capabilities to perform generation of random data, generation of asymmetric keys,
signing and confidentiality of stored data.
The TPM may symmetric encryption for internal TPM use but does not expose any symmetric algorithm functions to general users of the TPM.
The TPM may implement additional asymmetric algorithms. TPM devices that implement different algorithms may have different algorithms perform the signing and wrapping.
End of informative comment.

1. The TPM MAY implement other asymmetric algorithms such as DSA or elliptic curve.
a. These algorithms may be in use for wrapping, signatures and other operations. There is no guarantee
that these keys can migrate to other TPM devices or that other TPM devices will accept signatures from these additional algorithms.
2. All Storage keys MUST be of strength equivalent to a 2048 bits RSA key or greater. The TPM SHALL NOT load a Storage key whose strength less than that of a 2048 bits RSA key.
3. All AIK MUST be of strength equivalent to a 2048 bits RSA key, or greater.

2.2.2.1 RSA Engine
Start of informative comment:
The RSA asymmetric algorithm is used for digital signatures and for encryption.
For RSA keys the PKCS #1 standard provides the implementation details for digital signature, encryption and data formats.
There is no requirement concerning how the RSA algorithm is to be implemented. TPM manufacturers may use Chinese Remainder Theorem (CRT) implementations or any other method. Designers should review P1363 for guidance on RSA implementations.
End of informative comment.

1. The TPM MUST support RSA.
2. The TPM MUST use the RSA algorithm for encryption and digital signatures.

...

2.2.2.3 Symmetric Encryption Engine
Start of informative comment:
The TPM uses symmetric encryption to encrypt authentication information, provide confidentiality in
transport sessions and provide internal encryption of blobs stored off of the TPM.
For authentication and transport sessions the mechanism is a Vernam one-time-pad with XOR. The pad being
generated from the nonces generated for the session use. Authentication information comes is 20 bytes the
same size as the nonces hence a direct XOR is possible.
For transport sessions the size of data is larger than the nonces so there needs to be a mechanism to expand
the entropy to the size of the data. The mechanism to expand the entropy is the MGF1 function from PKCS#1.
This function provides a known mechanism that does not lower the entropy of the nonces.
Internal protection of information can use any symmetric algorithm that the TPM designer feels provides the
proper level of protection.
The TPM does not expose any of the symmetric operations for general message encryption.
End of informative comment.
<<<

Nice work tonight.

Regards

SL

[TREND1]

Posted by: x-point
In reply to: 24601 who wrote msg# 122779 Date:6/7/2006 4:58:04 PM
Post #of 122970

24601.....Thoughts


While I understand and agree with the point that you were making regarding TPMs being adjunctive to, and not supplanting encryption tools or second-factor solutions like smartcards, biometric readers, etc., there is some clarification called for. I suspect that you already know most of this but let me go over it for the sake of anyone that doesn't.

It is incorrect to say that a TPM is not an encryption device and that it does not perform encryption and decryption. The TPM only comes with one key pair, the Endorsement Keys. However it uses other keys, that are generated within the TPM (utilizing the random number generator), for various purposes including signing, hash functions, data storage, authentication, certification of other keys, and various attestations including identity. All of these cryptographic functions use asymetric keys with the RSA algorithm, utilizing keys up to 2048 bits (v1.1 spec). The RSA key pairs utilize the public key for encryption and the private key for decryption.

While the RSA keys could theoretically be used for encrypting large amounts of data, they aren't used for a number of reasons. In the TPM environment there is very little processing power relative to the platform CPU, and the larger keys require greater processing, so it would be very slow. As I read it, symmetric key operations are inherently faster than asymmetric ones as well. Also there is the issue of export restriction that the TPM spec needed to take into account when using large keys. So while the TCG spec requires supporting DES/3DES and AES in addition to RSA, there is no requirement that a TPM must support a symmetric encryption algorithm, although a TPM may implement a symmetric algorithm. However a TSS must provide the symmetric encryption process.(ref: p.292-294 Tusted Computing Platforms. Pearson, et al.)

So, as far as I understand this anyway, bulk encryption, in the TCG model, is performed on the main platform by the CPU utilizing a symmetric key that was generated by the TPM, under the supervision of the TSS, that in turn is responsible for conforming with the encryption key length restrictions in the country where the platform is operating.

Example: Under the current state of the art, sans LaGrande, as on my Dell GX620, when I use ETS for file encryption the TPM generates a large symmetric key that is exported to the main platform to encrypt the file using, I believe, the AES (Advanced Encryption Standard) algorithm provided by the TSS. My suspicion, but I don't know this as fact, is that the TSS checks to see in what country I have registered my XP Pro, in order to see if limits need to be placed on this symmetric key size. The TPM then takes the symmetric key and encrypts it in turn with a RSA storage key, (and perhaps seals it to a platform configuration although I don't think that is the case just yet), associates it with a secret (eg. password, fingerprint) and stores it away as a protected object in a secure vault on the main hard drive, unless I specify otherwise. The encryption process is caried out in the open because the secure execution space that LaGrande/SEM will provide isn't here yet. So this is more secure than current s/w only encryption where the key is stored in the open, but not as secure as it will be once a strong process isolation environment is available in a couple of months.

So you are correct in that TPM's enhance the utility and effectiveness of encryption tools and second-factor solutions like smartcards, biometric readers, USB-dongles, or SecureID-fobs. TPM' can add a hardened layer of security to the above. Even greater security will be effected once the remaining building blocks for Trusted Computing are made available to the market in August.

The arrival of Trusted Computing will also provide the opportunity to bring a number of new products to market for Wave IMO. Once the building blocks are in place - TPM, sealed storage, secure I/O, and protected execution - then the business of building the (alea's) trust matrix can really gains speed.

[TREND1]

NSA CERTIFIED!!!!
by: 5par 06/07/06 02:29 pm
Msg: 108267 of 108271

WINMAGIC TO DEVELOP FIRST FULL-DISK ENCRYPTION SOFTWARE TO FULLY INTEGRATE WITH INFINEON’S TRUSTED MODULE PLATFORM (TPM) SECURITY CHIP


Integrating WinMagic’s SecureDoc Full-Disk Encryption With Infineon’s TPM Chip Makes It Simple To Protect All Data On Desktops And Easily-Stolen Laptops


March 13, 2006) WinMagic Inc., the innovative leader in full-disk encryption, today announced at CeBIT (Hall 7, Booth A20) that its SecureDoc solution will be the first full-disk encryption software to fully integrate with the Trusted Platform Module (TPM) authentication and secure data storage chip from leading TPM security chip provider, Infineon Technologies – making it simpler and more cost effective to combine the benefits of full-disk encryption with positive user authentication and secure key storage within a complete security solution.

The Trusted Computing Group (TCG), founded by an alliance of high-profile computer companies, including Microsoft, Intel, IBM, Sun, and Hewlett Packard, standardized and specified the TPM chip as the main trust and security component for the next generation of secure computers and other platforms. Already installed in over 20 million desktops, laptops, and hand held devices worldwide, the innovative TPM chip essentially acts as a trusted key store, which can be used for secure authentication and code integrity. With the TPM chip activated, a user can be positively authenticated to their computer during logon with a simple Personal Identification Number (PIN), and can also take advantage of improved security features, such as the ability to limit the number of log-in attempts, which were previously only available by purchasing a multi-factor authentication device.

“Today’s organizations understand that it is impossible to guarantee the security of internal, partner, and customer data without encrypting the entire hard drive on both desktops and easily-stolen mobile devices – which the FBI estimates are responsible for half of all network breaches,” said Thi Nguyen-Huu, President & CEO, WinMagic. “Already recognized as the only full-disk encryption provider to integrate with all major smart cards, tokens, biometric devices, and PKI authentication technologies at pre-boot, WinMagic will now be able to provide organizations with a simple and cost-effective method of seamlessly integrating full-disk encryption with the next-generation security of Infineon’s TPM chip.”

Utilizing Public Key Cryptographic Standards PKCS-11 from the ground up, SecureDoc’s extreme adaptability enables an easy and reliable interface with Infineon’s TPM chip for key handling. The SecureDoc line has earned an impressive list of validations, including NIST Cryptographic Module Validation and FIPS 140-1 Level 2, and is scheduled to obtain the Common Criteria Evaluation Assurance Level 4 (EAL-4) certification.

[TREND1]

Re: Yawn.... some big announcement huh?
by: zbh9393 06/07/06 01:29 pm
Msg: 108264 of 108265

Mike,

It gets better.

Dutton had been including $3.65 million in 2006 revenue for Seagate. Since the drives don't ship until first half of '07, Wave will likely book nothing for '06 and, perhaps, one-half of this for 2007 (who really knows?). Looks like Dutton will have to revise their estimates for rev/expense/breakeven for WAVX.

I bet Soetebier wishes he had never heard of this company.

z

[TREND1]

By the way
Seagate 5400 drive just does not need WAVX.
IT IS THAT SIMPLE !

[TREND1]

This post made me laugh(g)
How true ! How true !
Ha! Ha! Ha!
...........................
Back to the Future: Wave, early days
by: bleufang 06/07/06 11:37 am
Msg: 108246 of 108248

How many PRs like this one have the Wavoids seen?

Wave "supports" so many products, the mgt should be required to wear Supp-Hose. Of course the companies supported by Wave, never return the favor for Wave with any revenue.

It's hard to imagine that even the much-duped Wavoid Nation is going to fall for this one--but I'm sure they will--they always do.

After months of waiting, swallowing the Kool-aid and the voluminous hype about SeaGate--this is the re-cycled pay-off? Hilarious.

Between Wave "Supports" and "Salutes," the mighty Lee PR machine has been kept busy. But the Wave bean counters are like the Maytag repairmen. Lonely, depressed, waiting for the phone to ring with a bean or two to count.

I can't wait to see how those heavy hitters of Wavoid Nation "support" this momentous PR.

Undoubtedly Loafernet will have a few meaningless links. Awk will reach into his bag of techno-babble and pull out some scientific phrases that will justify this howler.

Doma will use acronymns and profanity in equal measure to tell us how we are missing the boat and how he is laughing his ass off at us for not understanding how this PR is a critical cog.

Weby will spin a sweet but irrelevant analogy out of Kool-aid crystals and say this is one more step in the long march to the sea and its importance should not be overlooked.

NEWS FLASH--THIS JUST IN, EXCERPT FROM ACTUAL WEBY POST: "I'll just wait for the next little bump.... most likely from the east. It too will also not have any revenue attached and will be seen as meaningless and redundant." [I did not make that up.]

And Snackboots will give some veiled references for which he can not be held liable--this is only the first shoe to drop. [Unfortunately, Wave has had a remarkable succession of one-legged PR folks]

Snackie will also note this wonderful and magical SeaGate Support occurence came in June--and we all know who the sixth month belongs to. Wavoids look knowingly to one another and slyly smile, because the outside world doesn't get it. The stealth strategy is still fooling the best and brightest on Wall St.

Jake'd Dad will tell the world he bought 2K more shares at this bargain price. Dutchbj will let other Wavoids know, now that this SeaGate announcement is in, he is going to go with British Racing Green for the exterior of his new personal Learjet.

Helpful Bacteria has already posted this, so no reason to try to satirize it. Honestly, this is what he said this morning: "Those that do not see the depth of the Seagate/Wave relationship are, by definition, delusional. "

Wow! Now that is a stunner. We critics are delusional, because we are looking for revenue PRs and we don't understand the significance of Wave "supporting" SeaGate!

CPA will try to point out the folly of it all, but his posts will be sucked out of the ether as quick as they appear. Whoops, it already happened for real! Tell me Wave is not hard on a lampoonist.

And so, another day in the wacky, wonderful world of Wavoid Nation begins.

Bluefang, trusted supplier of Wave lampoon-tang

[TREND1]

WAVX_WEEKLY
Both Major and Minor trends remain DOWN
.

[TREND1]

Posted by: Ispro
In reply to: 24601 who wrote msg# 122779 Date: 6/6/2006 12:38:22 PM
Post #

24601....encryption and TPMs are two complete different things. SECURE encryption needs passphrase storage through TPMs.

Bitlocker via USB...SW based encryption, weak, slow, risky
Bitlocker via TPM...SW based with HW storage, slow, secure
Seagate FDE via SW...weak, fast
Seagate FDE via TPM...secure, fast.
Secure blue is like Seagate with HW encryption. You HAVE TO store key in a non volatile memory.
SB encrypts data in volatile memory (CPU to RAM), Seagate FDE encrypts data to HDDs (both are needed).

What would you use?LOL

BR

ISPRO

[TREND1]

Posted by: 24601
In reply to: None Date:6/6/2006 12:15:29 PM
Post #of 122795

Two issues I've been mulling over. Please bear in mind that I have no technical expertise.

Some people write or imply that other solutions -- like encryption, generally -- displace the TCG’s TPM-based approach.
A trusted platform module is not an encryption device.
It does not perform encryption and decryption.
It generates and stores cryptographic keys.
It does not supplant encryption tools or second-factor solutions like smartcards, biometric readers, USB-dongles, or SecureID-fobs.
It enhances their utility and effectiveness.

Some people write or imply that other security architectures -- like SecureBlue -- displace the TCG’s TPM-based approach.
SecureBlue is meant to be built into a microprocessor.
That won't be a good place to secure cryptographic keys.
Cryptographic keys must be secured.
They can be secured in silicon.
That requires non-volatile memory.
A trusted platform module with non-volatile storage can be a very inexpensive part.
A main processor with non-volatile storage can require a very expensive manufacturing process.
Because every trusted platform module must have a unique key, for it reside on a main processor would require a secure manufacturing line.
Uniquely keyed processors call to mind the serial-numbering of Pentium III chips.
And export-control issues abound for encryption devices.
So SecureBlue is unlikely to subsume the role served by TPMs.

Thoughts?

Best wishes,
John

[TREND1]

Posted by: rooster1
In reply to: None Date:6/6/2006 11:13:09 AM
Post #of 122771

"The BitLocker Drive Encryption utility is also ready to roll in beta 2 (and is one of those programs that generates a UAC alert), but keep in mind it will only be available in Vista Ultimate and Enterprise Editions.

The OS intuitively walks you through preparing a drive to be encrypted. It needs at least two partitions, both formatted in NTFS. You then turn on BitLocker and a wizard helps you set up your drive encryption. BitLocker can also work with the Trusted Platform Module 1.2 on many of today’s PCs as an added measure of security. For non-TPM systems, BitLocker can run in a mode that requires a security key on a USB key drive in order to boot. "

http://www.gcn.com/print/25_14/40921-1.html

[TREND1]

Posted by: SheldonLevine
In reply to: rachelelise who wrote msg# 122749 Date:6/6/2006 10:34:11 AM
Post #of 122771

rachel, et.al., re: BitLocker

Microsoft allows SRK's (System Recovery Keys) to be stored in Active Directory; SRK's are also allowed to be saved to a USB device, a file, or printed out on paper. The SRK can be used to decrypt the drive and/or continue normal operations using BitLocker functionality.

Microsoft DOES NOT address the backup of individual keys generated by the TPM, nor does it allow for key migration or roaming. Wave's products can backup, migrate, and enable roaming for any key used by the TPM. In addition, key data is never exposed as it is (can be) in Microsoft's implementation. The functionality of Wave's key management products is extensive compared to the very limited functionality currently offered by Microsoft.

You wrote: "The intriguing question will be whether Seagate's FDE product will be viewed as so superior that it garners lots of sales and Bitlocker becomes the lower quality but cheap alternative."

That is exactly what I expect to happen. When the details are examined closely, the entire BitLocker system appears to be a rudimentary implementation at best.

Here is the best article I have seen to date regarding the technical details of BitLocker.
http://www.microsoft.com/technet/windowsvista/security/bittech.mspx

Apologies in advance for not offering anything more concrete but I am pressed for time.

Regards

SL