Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
TPM on Intel embedded platform
http://www.dailytech.com/article.aspx?newsid=5979
Intel will release its new "Tolapai" system-on-chip by the end of 2007 for embedded markets
Intel expects to penetrate the industrial and embedded computing markets with its Tolapai integrated system-on-chip. Tolapai will be a system-on-chip design that integrates the CPU, north bridge and south bridge functionality into a processor. According to documentation leaked earlier this Intel expects to ready Tolapai by the end of 2007 to take on VIA’s C7 CoreFusion and AMD’s Geode platforms.
Tolapai will feature a cut-down Pentium M-derived processor core with 256KB of L2-cache. Intel will offer Tolapai in three clock-speeds – 600 MHz, 1066 MHz and 1200 MHz. Power consumption will vary from 13-22-watts depending on clock speed. Tolapai supports a maximum of 2GB of DDR2-400/533/667/800 memory in dual-channel configurations.
Intel will manufacturer Tolapai on a 65-nanometer fabrication process. It will feature 1,088-ball FCBGA packaging that measures in at 1.092-mm.
Unlike the Pentium M and Core architecture processors, Tolapai’s CPU-core will have hardware accelerated security encryption and decryption functions like VIA’s C7 and C3 Nehemiah-core processors. Supported hardware security encryption methods include: AES, 3DES, RC4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, HMAC, ESA and DSA.
Tolapai will not have integrated graphics according to slides featured on HKEPC. Nevertheless, four PCIe lanes will be available for PCIe graphics cards. Four additional PCIe lanes will also be available on Tolapai for up to four PCIe x1 slots.
With a proper PHY, Tolapai-based boards can have up to three Gigabit Ethernet controllers. Integrated Gigabit controllers feature hardware accelerated network packet processing.
On the south bridge I/O side-of-things, Tolapai supports all legacy Super I/O connections. This includes floppy, parallel, serial and PS/2 ports. The integrated UART controller provides support for up to two RS232 9-pin serial ports while other legacy functionality is provided via LPC bus. The Intel Tolapai reference motherboard provides a third UART controller and support for a Trusted Platform Module in addition to the usual floppy and parallel ports.
Intel will also implemented support for up to two CAN-bus ports for automotive applications. Other notable supported features include two SMBus/I2C, two USB 1.1/2.0, two SATA 3.0Gbps, sync serial port and local expansion bus. Mezzanine connectors are also available for the expansion bus interfaces.
Intel is already providing reference boards to customers. The current Tolapai system-on-chip reference board features support for two DDR2 DIMM’s, one physical PCIe x8 slot with four lanes, four PCIe x1 ports, three RJ45 Ethernet connectors, TPM support and a standard ATX power connector. Three Mezzanine connectors are available for TDM and exp buses. Support for super I/O is optional on the Tolapai reference board.
CREDANT Augments Data Security Features of Windows Vista with Additional Data- Protection, Compliance and Reporting Capabilities
RSA Conference 2007
Gartner Wireless & Mobile Summit
February 05, 2007 08:00 AM Eastern Time
SAN FRANCISCO & DALLAS--(BUSINESS WIRE)--CREDANT® Technologies® today announced the industry’s most comprehensive data protection solution, combining security features built into Windows Vista, such as Windows BitLocker Drive Encryption, with CREDANT’s intelligent, policy-based data security management. The solution complements Windows BitLocker Drive Encryption with policy-based intelligent enablement, compliance, auditing and reporting capabilities from CREDANT. CREDANT is demonstrating an early implementation of this joint solution at the RSA Conference and Gartner Wireless and Mobile Summit this week.
“We believe CREDANT has the first data security solution that can take advantage of Microsoft’s BitLocker technology to enhance overall data protection while providing centralized management across Windows Vista, legacy Windows and Windows Mobile platforms. This is a clear advantage for organizations migrating to Windows Vista, allowing them to secure the entire enterprise with a single, consistent solution that protects portable and mobile data assets,” said Bob Heard, founder and CEO of CREDANT Technologies. “We are working closely with Microsoft to ensure that together we offer the strongest data security and the best return on existing and future investments.”
Building on Windows BitLocker
Whereas data security solutions based on legacy full-disk encryption technologies would typically replace Windows BitLocker to protect data-at-rest, CREDANT Mobile Guardian® (CMG) uniquely adds value to the Windows BitLocker full-volume solution through user context data encryption - encrypting an individual user’s data with policies that protect against the insider threat of a breach. CREDANT’s centralized management; auditing and compliance enforcement adds further value to Windows Vista data security.
Smooth Migration to Windows Vista
CREDANT enables organizations to easily transition to Windows Vista based on a schedule that meets their timeframe without having to worry about managing disparate security products. CMG reduces complexity by providing common security management and enforcement not just for Vista, but for all portable and mobile platforms, including legacy Windows, Windows Mobile and removable media.
“CREDANT is adding value by using the core data-at-rest protection capability provided by the Windows BitLocker Drive Encryption in Windows Vista and then adding user-oriented layers of data security,” said Russell Humphries, product manager for Windows Vista Security at Microsoft Corp. “The overall solution benefits from centralized management and compliance enforcement for a comprehensive data security solution. CREDANT’s ability to provide a consistent data security management solution across all Windows platforms and to integrate support for Windows BitLocker makes moving to Windows Vista much easier for some organizations.”
Two-Step Lock Down
Windows BitLocker encrypts the Windows Vista operating system, securing against outside threats, such as thieves or unauthorized users attempting to access a stolen or unattended laptop. “This is analogous to locking the front door to your home,” said Heard. “Our solution adds security layers to Windows Vista by uniquely encrypting individual user’s data any where that it is stored on the device, protecting it from internal threats. This prevents even authorized users from accessing unauthorized data – analogous to creating a ‘panic room’ within your house -- and enhances the data security in Windows Vista.
CREDANT Mobile Guardian, allows an administrator to control access to users’ encrypted data, so that outsourced IT technicians who service a computer can complete maintenance without having access to the sensitive data inside. CMG also enables co-workers who use the same computer to have unique or common access to encrypted data. CMG further protects data written to external storage devices, including USB drives, with enforced policy-based encryption.
Furthermore, CMG’s encryption, audit and compliance features help enterprises not only secure confidential data, but also prove that they have protected sensitive information – a great advantage to users of Windows Vista and other versions of Windows. Data security compliance has become mission critical as organizations are increasingly mandated to show how they are protecting sensitive data that, if breached, could compromise their customers. CREDANT’s centralized management enables organizations to provide enterprise-wide audits that meet compliance requirements.
CREDANT Technologies Teams with Intel to Tighten Data Security using Intel® vPro™ Technology
RSA Conference 2007
Gartner Wireless & Mobile Summit
February 05, 2007 08:00 AM Eastern Time
SAN FRANCISCO & DALLAS--(BUSINESS WIRE)--CREDANT Technologies®, the market leader in mobile data protection solutions, is teaming with Intel Corporation to bolster data security using Intel® vPro™ technology. This data security solution will also be supported on Intel’s next generation notebook platforms. CREDANT’s solution takes advantage of hardware-based capabilities of Intel vPro technology to enable an enhanced security solution that adds a new level of defense for hard drives, protecting against data-at-rest vulnerabilities.
“By teaming with Intel, we will be able to deliver the industry’s most comprehensive data security solution,” said Bob Heard, founder and CEO of CREDANT. “Leveraging Intel’s vPro technology, we believe that data at rest is no longer data at risk. The key hardware-based features offered by vPro will allow us to offer a data security solution with enhanced centralized security management, enforcement and reporting, which means that organizations can dramatically reduce the risk of a data breach and meet compliance requirements for data at rest.”
“Enhanced security is a key area of focus for Intel vPro technology,” said Gregory Bryant, vice president and general manager of Intel’s Digital Office Platform Division. “The CREDANT solution is a model example of how third-party software can capitalize on the hardware-based capabilities of Intel vPro technology to improve security and provide new business solutions. Intel vPro technology has enabled CREDANT to take a holistic approach to data security and compliance, helping to enhance protection of confidential data at rest and prevent identity theft.”
Intel vPro Technology
Intel vPro technology allows CREDANT to tightly integrate its software with hardware based capabilities to deliver enhanced data security. In addition to the new product that will be available later this year, CREDANT is adding these capabilities to CREDANT Mobile Guardian Enterprise Edition. This will allow current CREDANT customers to take advantage of these capabilities as they introduce Intel vPro technology into the organization.
“We are already seeing rapid adoption of our data security software to prevent costly data breaches and identity theft. We believe that enabling data-at-rest protection for PC’s based on Intel vPro Technology will further accelerate that adoption by simplifying how organizations implement the solution,” said Heard.
Seems like the view from inside the inner sanctum is looking pretty good with regards to TCG and indeed Wave.
-Alexander Koehler quits Utimaco and is now the Wave/Dell rep. in Germany.
-Thomas Hardjono quits SignaCert and now seems to be with Wave
-Rob Enderle is touting Wave's very advanced solutions.
-And now even Roger Kay looks what he sees coming down the pipeline from the TCG. We know that Wave/Nokia have talked in the past and that Nokia/FranceTelecom seem to be moving on MTM. Some very positive indications looking ahead. Let's see how it all plays out! Regards, Foam
And this Nokia, FranceTelecom collaboration
(A good candidate for TC security)
http://www.sda-asia.com/sda/news/psecom,id,12578,srn,4,nodeid,4,_language,Singapore.html
Friday, 8 December 2006
Nokia and France Telecom Sign Integration Hosting Contract
Nokia and France Telecom have signed a contract that will see Nokia integrate a customised remote content service and related platforms into the operator's network.
The service, developed with France Telecom according to its broad market and customer understanding, will enable France Telecom's Orange mobile customers to remotely access their personal photos, videos and music stored on their PC at home, as well as to watch, view and listen to them from anywhere on their Orange mobile device. The service marks the first convergent application implemented by Nokia to France Telecom, Nokia officials said.
'Mon PC à distance' users need to download client software from Orange's web site to their PCs at home. No specific client is needed on their mobile devices. Indeed, any mobile device having standard browsing and multimedia capabilities is compatible with 'my remote PC' service, Nokia claimed.
"Mon PC à distance" was first launched on November 16, in France, from where the solution can be rolled out into other France Telecom affiliates internationally. Nokia will provide France Telecom with consulting and integration, as well as hosting and maintenance services.
Nokia and France Telecom go back a long way, in September 2006, the two companies backed a new set of security standards designed to lock down mobiles called the Mobile Security Specification. It is billed as the basis for a new generation of secure phones and mobile devices that will be harder to tamper with and more secure.
The specification has been years in development, said Janne Usilehto, head of Nokia product security and the chairman of the working group developing this technology.
How it Works
In general terms, the specification calls on hardware vendors to store protected information in a secure area of the phones called the Mobile Terminal Module (MTM). Similar to the Trusted Platform Module used in PCs, the MTM could be used to ensure that the phone's operating system, applications and data have not been tampered with.
In order to ensure that the phones on their network can’t be used if they are stolen , network operators could also use this type of trusted module, said Mark Redman, a principal engineer with Freescale Semiconductor Inc. who is familiar with the specification. "That is probably one of the biggest concerns that the cell phone operators have at this stage," he said.
Though some companies may be early adopters of the Mobile Security Specification, it could take years before mobile phone users reap any benefits, said Roger Kay, an analyst with Endpoint Technologies Associates who serves as on the TCG's advisory council. "What typically will happen is that there may be some early adopters who start adhering to the specification before it's fully accepted," he said, adding that "just because [the Trusted Computing Group standard] promulgates, it doesn't mean that it's going to be adopted."
Even after years of development, there is still debate about whether trusted modules are the right approach for the PC industry, he said. "The most interesting, most advanced features are going to take years, because everybody has to agree to adhere to the new standard."
France Telecom and TC
They're looking for a researcher in TC to work with an internal team (see bolds) already set up presumably to implement TC for security and mobile payments.
http://www.abg.asso.fr/offre_voir.php?offre=51894&nature=&mz=1
Le centre France Télécom Recherche et Développement recherche un candidat
pour un post-doctorat à Caen(à commencer dès que possible).
Le candidat aura pour mission principale l'étude des technologies "trusted computing" et l'apport de celles-ci dans les applications de type transactions électroniques sécurisées, concernant concrètement par exemple : le paiement, le contrôle de copie des contenus, etc
Au sein d'une équipe projet déjà constituée, le candidat devra :
• Comprendre et acquérir une bonne compétence sur les problématiques, les technologies et les standards du "trusted computing", notamment développées dans le cadre du TCG (trusted computing group). • Les appliquer dans des domaines très concrets, analyser l'apport de ces technologies, imaginer et décrire des mises en œuvre innovantes dans les domaines paiement et protection de contenus, sur des plateformes fixes (PC) ou mobiles.
• Suivre et le cas échéant participer aux réunions internationales du groupe de travail Mobile de TCG pour y défendre les points de vue de FT,
• Contribuer aux résultats de l'équipe en participant à des projets collaboratifs sur ce thème, soit dans un cadre interne FT, soit régional (pôle de compétitivité TES) et national (projets ANRT) ou Européen (Médéa, IST).
Ce poste requiert des compétences informatiques en : cryptographie, architecture de services sécurisés, ainsi qu'une connaissance minimum des OS et des outils de développement sur PC les plus usités. Le candidat devra faire preuve d'autonomie et des qualités humaines nécessaires pour le travail en équipe. Une bonne maîtrise de l'anglais est indispensable.
ATG-D-620 (Good Wave reference)
http://laptopmag.com/Review/Dell-Latitude-ATG-D620.htm
The security-conscious will appreciate the Wave Embassy Trust suite, Computrace anti-theft solution, TPM, and an optional fingerprint reader. The system comes with a three-year limited warranty with next-business-day on-site service. Bundled software includes CyberLink PowerDVD, Roxio Digital Media, and a free 30-day trial of Norton Internet Security
New Nokia TCG document (2007)
http://www.byte.com/documents/s=10114/byt1167425351382/
Establishing Mobile Security
By Janne Uusilehto
January 1, 2007
(Establishing Mobile Security : Page 1 of 1 )
An industry-wide open standard for mobile phone security promises to enable mobile phone information security assurance. Developed by the Trusted Computing Group's(TCG) Mobile Phone Work Group (MPWG), the Mobile Trusted Module (MTM) specification goal is to establish trust in a platform's ability to protect its information and functional assets, and to validate that protection capability.
Members of the Mobile Phone Work Group contributed a considerable amount of effort to develop the specification, based on a very clear vision of future mobile communications. They view the specification as an enabler to the growth of third party service providers and the means to significantly influence the market place. The ultimate benefits to consumers are improved protection from theft and malicious attacks as they send, receive, store and handle sensitive data. Mobile equipment suppliers and network providers now have a critical tool to build trust.
Aside from a little cosmetic fine tuning, the Mobile Trusted Module (MTM) specification is essentially 99 percent final, based on the 0.9 version published in September 2006. As a result, every company in the mobile technology community should start considering how to proceed to take advantage of the MTM specification and to implement improved security in their next-generation products.
Establishing Trust
While the Mobile Trusted Module is very new, it has its basis in the well-established efforts of the (TCG). TCG members develop and promote open, vendor-neutral, industry-standard specifications for trusted computing building blocks and software interfaces across multiple platforms, peripherals and devices. Member companies include handset makers, service provides, silicon suppliers, and others.
Targeting more secure computing environments without compromising functional integrity, privacy, or individual rights, TCG's primary goal is to help users protect information assets such as data, passwords and keys from external software attacks and physical theft. To achieve this, TCG's Trusted Platform Module (TPM) specification, versions 1.1b and 1.2, provide the foundation of trust for the efforts of the other TCG work groups. The TPM specification has been widely implemented in integrated circuits (ICs) that have been installed in some 50 million personal computers, and is now shipped in virtually every enterprise PC. With the Mobile Trusted Module (MTM) specification, the Mobile Phone Work Group has extended the TCG specifications to support mobile phones.
Meet the MTM
For mobile devices, establishing trust requires that the operating system, platform, and application level functionalities, as well as other aspects such as a subscriber identity module (SIM), universal subscriber identity module (USIM) and universal integrated circuit card (UICC) cards interact in a secure manner. While the specification focuses on cell phones, other communication products such as PDAs with communication capability can benefit from it. The specification provides protection for both functional users and information owners.
The MTM specification is actually a set of functionality requirements that can be embedded into different form factors and integrated at different levels in mobile platforms, depending on the system and the system designer's need for flexibility in the hardware.
While the specification outlines standards for the API level and the format, the implementation of the mobile architecture is not specified in order to give designers more leeway. Adaptability in the design has been an essential consideration in the development of the specification because TCG primarily wants to ensure interoperability and security between various mobile devices. Implementation depends on how the baseband is created and the nature of the system's hardware. The specification focuses on the application program interface (API) functionality, the interface that provides different services from different structures. The term Mobile Trusted Module (MTM) refers to two types of modules:
* Mobile Remote-Owner Trusted Module (MRTM)
* Mobile Local-Owner Trusted Module (MLTM)
The difference between the two levels is that the MRTM must support Mobile-specific commands defined in the MTM specification as well as a subset of the TPM v1.2 commands. In contrast, a MLTM does not have to support any additional commands beyond a subset of TPM v1.2. In typical applications, phone makers and network service providers use an MRTM and the user uses an MLTM. Figure 1 shows the relationship of the various aspects with the MRTM as its core.
Figure 1: One potential implementation scenario for the MTM spec but certainly not the only one. [Source: Nokia].
To establish a new level of security, several other new terms had to be defined. These terms include Roots-of-Trust for the areas of measurement (RTM), reporting (RTR), storage (RTS), and verification (RTV). Suppliers need to provide software and hardware that provides an RTM and an additional Root-of-Trust to verify software before loading it. Suppliers also have the option of providing an additional Root-of-Trust to verify other Roots-of-Trust. To take advantage of the functions provided by TCG technology, operating systems may require adaptation and further development.
Since the specification focuses primarily on the interface, most of the technical areas address software. This includes software instructions such as error-return codes, counters, how to certify reference integrity metrics (RIM) and verification keys, among others. The specification identifies the differences in a TPM V1.2, as well as the subset of TPM V1.2 commands required for a MTM.
An important aspect of the specification is the security features that certification offers. In many respects, similar secure functionality already exists in some products and there are different implementations across various handsets. However, the specification provides the possibility for interoperability between different silicon vendors and manufacturers when security compliance is established.
To conceptualize elements of the specification, a TPM is represented as a set of trusted engines that manipulate data. In addition, each engine must provide evidence that it can be trusted to report its current state and provide evidence about the current state. Using this approach, designers can implement platforms with one or more processors, where a processor supports one or more engines. Figure 2 shows the common security building block functions. Each of the engines addresses specific functions of device, cellular, applications, and user services.
Figure 2: The generalized mobile platform concept showing the interrelation of different trusted services. [Source: TCG].
The solid rectangles in each block indicate an interface and the solid arrows between blocks indicate dependency, where the arrow points away from the dependent element. In this example of a possible (but not required) implementation, the device engine provides basic platform resources that include a user interface, debug connector, a radio transmitter and receiver, random number generator, international mobile equipment identity (IMEI), and a SIM interface. The device engine provides services to an engine that, in turn, provides cellular services. Each engine has access to a trusted services block that measures code modules and stores measurements in the MTM, a protected area of the phone.
Implementation: Get Involved Now
A reference architecture for mobile phones is being finalized and should be available early in 2007. Once the reference architecture has been published, it is open to all companies to implement it, whether they are members of TCG or not (TCG makes all specifications available to the public). Prior to this being available, stakeholders should understand the MTM specification and its implications to their business. Figure 3 shows the benefits to various stakeholders, including consumers who will ultimately provide the driving force for implementing trusted mobile communications.
Figure 3: Benefits to various groups from the MTM specification. These stakeholders should all experience improvements from an industry-wide approach to security. [Source: Nokia].
Mobile product companies need to review their own hierarchy and develop their approach to implementing the security defined by the MTM, by adding to or modifying their design. Depending on their platform, they need to determine the suppliers that have an impact on their implementation. If handset suppliers use a ready-made original design manufacturer (ODM) device, which provides the complete platform, they have a different approach than if they assemble units from custom-defined ICs and develop their own software. In any case, the first thing that they need to find out is what their silicon suppliers are doing to respond to the accelerating pace of MTM progress.
Silicon vendors are creating the lowest level of services defined in the specification. As a result, as a first step, silicon vendors must incorporate the specification either as discrete silicon chips, chipsets, or system-on-a-chip. Then handset vendors can use the new chips to formulate their systems. Between the silicon vendors and the operating system, a software stack or layer may be required.
Contacting TCG members is a good place to start in accessing the changes that will be required. But this does not restrict other non-member companies from using the open specification. Those supplier companies that have followed the development effort are in a position to inform customers of the next steps in their participation by understanding and utilizing the published specification and other support documentation on the TCG website. Members, including silicon suppliers, are listed in the TCG website with their status of promoter, contributor or adopter.
Eleven different use-case scenarios were published a year ago to familiarize stakeholders with actual application security enhancements in areas such as platform integrity, device authentication, SIMLock/device personalization, secure software download, mobile ticketing and payment, user data protection and privacy, and more. These use cases are very helpful to understand the goals, user benefits, relevance to different types of mobile devices, preexisting conditions, success or failed end conditions and roles of various entities as well as the life cycle, variations and threats.
Since the use cases were published, MPWG members have been contacted by non-members interested in the next publication in order to obtain a better understanding and to evaluate and form their use strategy. Those companies that have existing contacts or a cooperative effort with MPWG members should discuss their approach with them. The idea of the open standard is that companies can follow their existing business model to implement the MTM specification.
Janne Uusilehto (janne.uusilehto@nokia.com) is chairman of TCG's Mobile Phone Work Group and head of product security at Nokia. He is also a member of several Nokia internal security related management boards. Before joining Nokia some years ago, he worked on security in the financial services industry.
Page 1 of 1
Need for TPMs in automobiles (Escrypt)
http://www.privacy-security.ch/2006/Download/pdf/SPS_2006_Christof_Paar_(Slides).pdf
Escrypt still pushing embedded TPM
http://www.elektroniknet.de/index.php?id=2712#16485
Embedded world Conference 2007
February 13th - 15th, 2007,
Messezentrum Nuremberg, Germany
Workshop 3: Embedded Security & Cryptography
Trusted Hardware Applications for Embedded Security
Dr. André Weimerskirch, escrypt
16:00-16:30
Case study: Secure software download
Dr. Thomas Wollinger, escrypt
New Wave White Paper
(Very nicely written for the general public in the enterprise environment. Starting to get the message across in a simple and easily digestible format)
http://www.wave.com/about/whitepapers.html
Don't Let Wireless LAN Security be
the Weakest Link in Your IT Infrastructure
NSA at Storage Visions (not sure if posted)
http://www.storagevisions.com/2007/Book2007/David%20Kreft.pdf
David Kreft, Engineering Leader, Information Assurance Directorate, National Security Agency
Title: Encrypting Hard Drives - New Opportunity to Protect Data at Rest
Abstract: The recent introduction of encrypting hard drives, along with efforts by industry and organizations such as the Trusted Computing Group (TCG) to a create a seamless security architecture, herald the start of a new era in computer security. The potential for new products and services which improve privacy for individual users and help governments protect information critical to national security are unprecedented. The presenter will briefly discuss the need for collaboration among industry, academia and government entities to ensure products provide robust security and appropriate protection for end users.
Biography: Dave has served in a variety of technical and leadership positions during his twenty five years with the National Security Agency. He is presently an Engineering Leader in the Agency’s Information Assurance Directorate and is spearheading efforts to team with industry and integrate robust security features into commercial data storage devices. Dave received his BS degree in electrical engineering from the University of Maryland in 1982 and performed graduate work in Materials Science while conducting research on magnetic semiconductors for NSA. His contributions to national security, outstanding productivity, and innovative technical solutions have been recognized by the Director of NSA, the Secretary of Defense, and the Director of Central Intelligence.
Veterans Affairs CIO: We're more secure
The breach was a 'real eye-opener,' and 'we're encrypting everything in sight,' says Robert Howard
Grant Gross
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=laptops&...
December 11, 2006 (IDG News Service) -- WASHINGTON -- The U.S. Department of Veterans Affairs is "pretty confident" the agency will not have another large data breach like the one in May that could have exposed the personal records of 26.5 million military veterans and family members, the agency's CIO said today.
The VA has taken several steps to improve its security since the breach, said Robert Howard, who was appointed the VA's assistant secretary for information and technology just days before a VA laptop and hard drive were stolen from an employee's home.
"There really is an increased awareness throughout the VA," Howard said. "We still have a lot of work to do in that area, but we've clearly improved the awareness of folks with respect to treating information the same way they'd want their information treated."
Howard, speaking before the American Council for Technology and Industry Advisory Council in Washington, also talked about the VA's IT reorganization, which started in March and was accelerated by the data breach. The VA is moving to centralize its IT staff instead of having divisions within the agency control their own IT functions, addressing a longtime criticism from Congress and government auditors.
A major cybersecurity concern is employees "not thinking" about risks, and the VA is working to educate workers, Howard said. "What leaps right out at you is employee carelessness," he said. "We've all been there."
Howard, a former major general in the U.S. Army and a former vice president at defense and transportation technology vendor Cubic Corp., called the changes to the VA's IT organization "very dramatic." Along with the reorganization, Howard now has authority over the VA's entire IT organization, he said.
"No more excuses," he said. "We've got everything we need. We've got the organization, we've got the authority, we've got the money."
Among Howard's goals are standardization and interoperability of IT systems within the VA, as well as a strengthened focus on security, Howard said. The ultimate goal is to use IT to better serve VA customers, he added.
Part of the reorganization is focused on creating the "gold standard" for data security, Howard said. He was appointed to his position May 1, and the breach happened May 5. The VA announced the breach May 22.
"I didn't find out about [the breach] until the 16th of May," he said. "That tells you something about our process."
Police recovered the laptop and hard drive in late June, and computer forensics experts determined the personal data had not been accessed. But the VA has made several changes, including encryption on laptops not directly used for medical procedures, Howard said. The breach "was a real eye-opener, for government and probably for industry as well," he said. "We're encrypting everything in sight."
Howard said he believes VA should improve the annual grade it receives in IT security given by the House of Representatives Committee on Government Reform. The agency has received a failing grade in four of the past five years.
When a reporter noted the agency's score had not been very high in recent years, Howard responded, "It is now."
But Howard said he expected the agency's grade wouldn't be perfect either. "This stuff's not going to happen overnight," he said.
Mobile phone security attacks on the rise
Mobile security products to be worth $5bn by 2011
http://www.whatpc.co.uk/vnunet/news/2170690/mobile-phone-security-attacks
Will Head, vnunet.com 11 Dec 2006
ADVERTISEMENT
The number of security attacks against mobile phones is increasingly dramatically, according to new data from Juniper Research.
The analyst firm has identified a raft of risks that can affect mobile users, including viruses and malware.
These dangers, combined with ever-tightening corporate governance rules and the increasing use of mobiles to store critical data, will prompt mobile users to install security products on 247 million mobile phones, nearly eight per cent of the total, by 2011.
Juniper's latest report also forecasts that mobile phone theft will continue to rise, despite initiatives by mobile operators and police forces. The analyst firm expects that nearly four per cent of mobile phones will be stolen annually by 2011.
Revenues from mobile security products, including antivirus, virtual private networks, data and file encryption and mobile identity management applications, are expected to generate almost $5bn worth of revenue by 2011.
The biggest mobile security market will be in the secure mobile content sector, where antivirus, anti-spam, anti-spyware and content filtering will make up 40 per cent of the total market, according to the report.
Revenue from mobile data and file encryption products is expected to outstrip the PC market by 2011.
"Initially driven by the data-hungry mobile business user who has seen the benefits of data services such as email, predominantly on BlackBerry devices, we will see mobile security products go mainstream by late 2008 or early 2009 resulting in a doubling of revenues from 2008 to 2010," said Juniper analyst Alan Goode, author of the report.
Snackman - Surprised noone has picked up on your very interesting article regarding remote access of the PC via a Nokia handset. The current software enabling this feature is the following from a very interesting company (Orb Networks): http://www.orb.com/nokia_first_to_add_orb_mycasting_service_premiers_on_nokia_n80_internet_edition
I find it interesting that there is some mention at the end of your article of mobile "trusted computing" and the MTM. Also, interesting that SKS has frequently mentioned that Wave's role in the mobile space would be to provide some "hooks" into a trusted architecture facilitating a secure exchange between the phone and the PC (and ultimately every other endpoint for that matter). This kind of remote access of the PC is an obvious application in need of "trusted computing" especially at the corporate level but one could argue just as much at the private level. Imagine the nightmare scenarios of people using this venue to access your every secret on your home computer or computer at the office. There is more and more remote control of the PC and other devices (such as VPro remote diagnostics) and the need for solid security increases exponentially as these applications deploy in the real world. Regards, Foam
Interesting TPM comments from industry panelists
http://javacard.vetilles.com/2006/09/22/e-smart-plenary-session/
e-Smart plenary session
e-Smart, day 2. This panel discussion was very promising, especially because of its host, Bertrand Ducastel, who recently left the smart card industry to return to Schlumberger’s petroleum services.
The panelists were:
DBo: Dominique Bolignano, CEO, Trusted Logic
JF: Jerry Fishenden, Nat’l Technology Officer, Microsoft UK
CG: Christian Goire, Gemalto, and President, Java Card Forum
DBa: Dan Balaban, Card Technology Magazine
JPT: Jean-Paul Thomasson, Head of SC Cooperative R&D Projects, ST Microelectronics
Q4: Which will secure PCs: TPM or smart card?
DBa: TPM, because MS supports it, and because readers simply didn’t work.
CG: Depends on the asset. For a PC as asset, the answer is smart card.
JF: TPM, because it secures the PC, but the smart card will help
DBo: TPM, because it secures the PC, and the card takes care of the user.
JPT: TPM, because the deployment is so powerful.
Public: TPM
EV: TPM, the smart card can deal with the user and/or the outside connections.
Thanks to both of you: Regards, Foam
TC deployment opportunity at Bell Canada
(Good awareness from the following speaker of trusted computing benefits for enterprise-wide identity and access management)
Kevin L. Reeks
Director, Identity & Access Services
Bell Security Solutions Inc.
kevin.reeks@bell.ca
http://enterprise.bell.ca/en/resources/uploads/misc/Cornerstone.ppt.
Good Intel Presentation -TC, Trusted Execution, Virtualization and Secure Storage. Yet another strong push for trusted computing will be coming from Intel in 2007.
http://www.intel-seminar.jp/2006/common/images/S2.pdf
Interesting little blurb on ST TPM
http://www.st.com/stonline/press/news/back2005/b985m.htm
...ST was the first supplier to start volume production in early 2005 of a TCG 1.2-compliant device with partner software completing the solution. A valid follow-up TPM component has been introduced in 2006, which conforms again to the latest TPM specification and provides, in particular, support for Direct Anonymous Attestation (DAA) and secure Field Upgrade capability.
Interesting govt. event Oct-2006 about IT Trust
(With TCG president, Mark Schiller of HP, in attendance)
http://www.comsoc.org/~cqr/TrustParadigm-2006.html
The Trust Paradigm:
Implementing Trusted Methods in Information Technology Management and Security
Program Chair:
Mr. Richard C. Schaeffer, Information Assurance Director, NSA
Dell Trusted Computing Document-Nov.2006
(Brian Berger described as TCG Director and Chairman of Marketing)
http://www.dell.com/downloads/ global/power/ps4q06-20070160-tcg.pdf
Fujitsu bears watching
Interesting that they replaced Infineon on the TCG Board and are planning to go ahead with Momentus FDE - Also Wave listed in their Solutions Catalogue.
Interesting talks they are giving at IBM TC event:
Trusted Web Service *
Zhexuan Song, Sung Lee, Ryusuke Masuoka (Fujitsu Laboratories of America, US)
A Mobile Trusted Platform Module (mTPM) Architecture *
Jesus Molina, Houcheng Lee, Sung Lee, Zhexuan Song (Fujitsu Laboratories of America, US)
http://www.trl.ibm.com/projects/watc/program.htm
New TCG events
(From TCG site)
RSA 2007 - San Francisco
February 6 - 9, 2007
The Trusted Computing Group will be hosting interactive hands-on workshop on Monday, February 6, 2006 at the Moscone Center. This workshop will be staffed by experts who will teach you to use existing and new tools to secure your clients, servers and networks. Learn how to activate the widely-available Trusted Platform Module shipped in most PCs today, and how to set it up so mission-critical data and email are protected and how passwords, keys and certificates can be managed. Learn more about Trusted Storage and how it can be deployed to protect important information whether in drives, tapes, flash memory or USB memory devices. Finally, learn more about protecting the network as users try to log in.
The TCG will also be hosting a reception that evening. More details will be available soon.
For more information and to register to attend, visit http://www.rsaconference.com/2007/US/
Data Protection Summit - Hilton Irving
March 13 - 15, 2007
The Trusted Computing Group is sponsoring the Data Protection Summit taking place at the Hilton Irvine/Orange County Airport Hotel in Irvine, CA. Bob Thibadeau, Seagate, will be speaking at the event.
For more information and to register visit http://www.ilmsummit.com/
Interop 2007 - Las VegasData
May 21 - 24, 2007
The Trusted Computing Group is Sponsoring the NAC Day taking place May 21, 2007 at the Mandalay Bay Conference Center. The NAC day will be filled with presentations and updates from key NAC providers. TCG will also be exhibiting in the Security Zone, Booth #211.
For more information and to register, visit http://www.interop.com/lasvegas/
Brian Berger at RSA 2007
(Lots on Federated Identity but not so much on TC)
https://cm.rsaconference.com/US07/catalog/controller/catalog
Session Code: IAM-403
Session Title: Trusted Computing - Not So Futuristic Anymore
Length: 50 Minutes
Technical Level: Intermediate
Abstract: Trusted computing promises a secure future. Gone will be the panic attacks over lost laptops containing sensitive information. Users will be liberated from remembering multiple complex passwords that must be changed regularly. Files will be safely stored without the threat of unauthorized user access or hacking theft. The promises still sound futuristic, but the reality is here today.
Speaker: Brian Berger
EVP for Wave Systems and Marketing Chair for the TCG
Wave Systems/TCG
DETAILED DESCRIPTION:
Trusted computing promises the industry a secure future for enterprises and users. Gone will be the panic attacks over lost laptops containing customer data, credit card information or sensitive files. Users will be liberated from remembering multiple complex passwords that must be changed regularly. Files will be safely stored without the threat of unauthorized user access or hacking theft. Trusted network access control will authenticate machines, users and even a PC’s health in milliseconds, before even allowing a PC onto secure networks.
The promises still sound futuristic, but the reality is here today—with nearly every major PC manufacturer shipping computers with the Trusted Platform Module (TPM) chip in mass volume (30 million saturated the market in 2005, on pace to exceed analyst predictions of 60 million more in 2006).
This presentation will discuss practical implementation of trusted computing to leverage the growing purchases of TPM-equipped computers. Key topics will include:
• A practical roadmap to incremental deployment of TPM computers in the enterprise
• Benefits of utilizing trusted computing: Leveraging TPM hardware for advanced data protection, network protection, identity protection and more
• The impact on traditional/existing security strategies: What’s enhanced, and what’s displaced?
• Managing trusted computers: From key management and recovery, to extending the trusted architecture to servers, storage and more
STMicro - Plugging TPM at Cartes
(Coming next week - maybe some more visibility coming)
http://www.st.com/stonline/company/expo/cartes2006/index.htm
Location Paris-Nord Villepinte Exhibition Centre, Paris, France
Hall/Booth 3 E 014 (125 m²).
Date November 7-9, 2006
Opening Hours Exhibition: 09:30 - 18:30 daily; Conference: 08:30 - 17:30 daily
Theme Semiconductor Solutions for Trusted Services
ST Focus Innovative semiconductor Solutions & Products / World-Class Technology / Partnering with the Industry
Show Description CARTES and its 18,000 professional high power decision-making visitors is, by far, the No. 1 professional event in the world of high powered smart card and ID card technologies.
Products Presented ST19NR66 - new e-passport device / ST19NP18-TPM is Microsoft Vista compliant / CD21 solution for transport and citizen cards based on ST19WR contactless secure IC / VotinBox, an evoting solution developed by France Telecom R&D on ST19
Embassy pricing from ORC
(about a third of the way down)
http://www.orc.com/orc-main.jsp?tag=3&sub=gsait/pricing.html
M. Sprague - Short interview
http://www.juxtaviews.com/2006/10/11/tvtonic-interview/
More on mobile TC
(When will they come knocking?)
1) http://www.technewsworld.com/story/PlGyAi6CV6tOOA/Software-Shift-in-the-Mobile-Device-Market.xhtml
Software Shift in the Mobile Device Market
"Nokia and Vodafone are also proposing security enhancements and development of a framework for uploading and managing software components sent to mobile devices."
2) Two jobs at Qualcomm related to trusted computing (one posted as recently as the 3rd of Oct., the other in September)
-(search on HotJobs under "trusted computing" and they'll come up a the bottom of the page.
Regards, Foam
Pressures on mobile sector for increased security growing
(Interesting bit on VOIP)
http://www.technewsworld.com/story/JpleN6k2Gwql8a/Report-Cell-Phone-Worms-VoIP-Fraud-to-Grow-in-07.x...
Report: Cell Phone Worms, VoIP Fraud to Grow in '07
By John P. Mello Jr.
TechNewsWorld
10/03/06 8:45 AM PT
"The challenge with cell phones is that there isn't a ubiquitous operating system," Gregg Mastoras, a senior security analyst with Sophos told TechNewsWorld. "We're not talking about computers where Microsoft owns 95 percent of the world. Cell phones have plenty of different operating systems, and for that reason, they're much harder to attack on a large scale."
Cell phone worms and VoIP fraud are among the top 10 security threats to watch next year, according to a panel of experts assembled by the SANS Institute.
The panel's findings were released Sunday at the SANS Network Security 2006 conference in Las Vegas.
Cell phone worms will infect at least 100,000 phones in 2007, jumping from phone to phone over wireless data networks, the experts noted.
"Cell phones are becoming more powerful, with full-featured operating systems and readily available software development environments," they said. "That makes them fertile territory for attackers fueled by cell phone adware profitability."
Hackers Looking for Value
Malware aimed at mobile phones has been seen in the past, but it has not been considered a serious problem. That will change, contends SANS Director of Research Alan Paller.
"No one could figure out why writing a cell phone worm would be useful," he told TechNewsWorld, "but it turns out that it is extremely useful, because people are now doing their e-mail on their cell phones.
"So a worm in a cell phone can be a way to do phishing exercises, for example, to steal people's passwords and user names," he continued. "It can also be a way to launch denial-of-service attacks."
Hard to Attack
However, cell phone malware may be years away from becoming a problem.
"The challenge with cell phones is that there isn't a ubiquitous operating system," Gregg Mastoras, a senior security analyst with Sophos , told TechNewsWorld.
"We're not talking about computers where Microsoft (Nasdaq: MSFT) owns 95 percent of the world," he continued. "Cell phones have plenty of different operating systems, and for that reason, they're much harder to attack on a large scale."
To date, only 100 cell phones that have been attacked have become infected, he estimated.
Not Where the Money Is
"Attacks happen because people want to go where the money is," Mastoras asserted. "I'm not sure that cell phones are where the money is right now."
There aren't a lot of mobile malware varients appearing on a weekly basis, added David Marcus, security research and communications manager for McAfee Avert Labs.
"But, prevalence will grow as more and more people use their phones for data and confidential information," he told TechNewsWorld.
Stealing Dial Tone
Another trend to watch next year is compromising Voice over IP (VoIP) phone systems.
Hackers have begun penetrating VoIP servers and selling dial tone as if they were a phone company, noted Paller. "The hackers collect the money from the people that use it, while the company operating the servers gets the bill," he said.
"A lot of medium-sized companies are putting in Voice over IP," he observed. "They are doing it without any sense of security, so they're easy pickings."
Lag in Niceties
As they do with any new technology, vendors are concentrating on getting VoIP onto the market with the desired features, asserted Robert Richardson, director of the Computer Security Institute.
"The protocols for setting up telephone calls were designed without very much attention to security threats," he maintained.
One thing that traditional telephony systems have is a really good call accounting system, he added. A company with a traditional switch can pull up a report that will show anomalies in usage.
"On the VoIP side, those kinds of niceties have lagged," Richardson said.
In addition to cell phone viruses and VoIP attacks, other trends SANS recommends watching next year include the following:
Laptop encryption will be made mandatory at many government agencies and other organizations that store confidential data.
Targeted attacks will be more prevalent, in particular on government agencies.
Congress and state governments will pass more legislation governing the protection of customer information.
Spyware will continue to be a huge and growing issue.
Zero-day vulnerabilities will result in major outbreaks resulting in many thousands of PCs being infected worldwide.
The majority of bots will be bundled with rootkits.
Network Access Control will become common and will grow in sophistication.
Theft of PDA smartphones will grow significantly.
RFID, supply chain and TC
Interesting bit showing how pervasive trusted computing can become in all manner of automated systems. There are some mistakes here about trusted computing, but the document gives us a glimpse into the future and the critical role played by TC (the sky is the limit, really) - note how early deployment is being pushed by the military and govt.
http://www.applieddata.net/Case/Savi_Case_Study.doc
Savi has customers with very special security requirements, for example the U.S. Department of Defense. For these customers, Savi employs high security standards for their wireless networks - FIPS 140. Security as mandated by this standard is related to the overall “Trusted Computing Platform Alliance” and upcoming initiatives like Intel’s Palladium. Someday most of us will have this type of security, but Savi needed it now, and needed it in a compact, Windows CE powered platform
Savi puts in big, highly exposed networks. These are not simple radial nets around 802.11 access points. Savi has their own 433 Mhz protocol between their tags and their data collectors. Then, the data collectors use unlicensed spectrum to communicate back to a host server. However, when the distance is great, a repeater with store/forward capability is required to reach that server. This repeater is where ARM technology supported the effort.
Savi needed a low-cost, single board solution with the power to manage a heavily encrypted, store-forward communication protocol. Further, this system had to be able to run 24x7 outdoors in any environment, with a wide range of temperatures ranging from blazing desert to frozen arctic. Savi found the technology they wanted in a Graphics Client Plus from Applied Data Systems, powered by a Intel RISC /ARM processor. The Graphics Client Plus has both low power demand and third party certified mil-spec temperature and shock and vibration certification. This would allow the repeater to be mounted outside in a Artcic airfield or a equitorical seaport.. The only extension the Graphics Client Plus needed was support for a FIPS140 compliant encryption algorithm.
Savi selected a secure encryption systems, proven in many DOD applications. The selected system encrypts only data, but everything except the destination IP. Further, it changes the key with each packet, to make a virtually unbreakable transmission. Savi selected Windows CE for the operating system, and Applied Data worked with Savi and the encryption supplier to provide a seamless application interface. The Savi applications read and write to a normal CE OS API, but the underlying code encrypts/decrypts before it is sent.
Summary
Now, this system is in the field, mounted on poles and unobtrusively monitoring the status of shipping containers in the worlds’ ports, and keeping us a little bit safer. A few years ago, RFID was described as a “technology in search of applications.” It is apparent that it has now become integral for supply chain management in defense, security and commercial applications. From the concept of tracking active toddlers, Savi Technology has evolved its product line and customer applications to tracking the most sensitive materials through multiple locations worldwide.
More on mobile TC
http://www.ttpcom.com/en/downloads/ARM_Whitepaper_System_Solutions_for_a_Baseband_SOC.pdf
SecurityNetwork operators are driving to maximize revenue by providing mobile services such as on-demand media content, software downloads and m-commerce. To do this, security technology is required to protect the copyright of downloaded software and media (Digital Rights Management), prevent software viruses, and create a trusted platform for sensitive user data. CBEmacro 3G therefore incorporates TrustZone®, ARM’s trusted computing technology. TrustZone provides integral hardware and software support for security critical applications, maximizing the CBEmacro 3G based handset’s potential ARM1176applications ARM1156 baseband TTPCom CBEmacro
Average Revenue Per User (ARPU) when integrated with a TrustZone enabled applications processor and TrustZone software. TrustZone enabled AXI bus architecture of CBEmacro with baseband, applications core and a TrustZone Memory Adapter (BP141)TrustZone enables the applications processor to communicate with the baseband system via a secure kernel. However, untrusted user code executed on the application processor (e.g. a downloaded game) can be restricted from accessing secure memory. In this manner both the baseband MCU operation and the trusted OS on the applications core are protected from unauthorized access by user code. Furthermore, should the system designer wish, it is also possible to deploy secure applications to the device in the field (e.g. allowing operators to deploy DRM agents to users that purchase the service). Flexibility of content is therefore maintained without compromising the integrity of the system.
TC getting attention from the UN
(It's clearly becoming a very conspicuous reality)
Some pros and cons are looked at. The discussion is clearly maturing as people recognize that the technology can be used in both good and bad ways and that we ought to try to define proper usage models in an open and intelligent way.
http://www.intgovforum.org/Substantive_1st_IGF/An%20Introduction%20To%20Trusted%20Computing.doc
Excellent presentation on mobile TC and the need Mobile Network Operators will have for TC in mobile devices if they want to optimize their current business models. The situation GoKite just mentioned in his last post is a good case in point. Who wants to sit around waiting for/during those interminable service calls that often result in a dead end, when the technology exists for trusted remediation in the background (even when the device is off)? And that's just one example! People are starting to see the real potential behind TC and as real use models start showing up, it's going to explode out of the starting gates (looking more and more like 2007).
http://www.math.uni-frankfurt.de/~aschmidt/docs/06-07-05_ISSA06_TC_mobile.pdf
Geoffrey Strongin on TC and DRM in NOV. 2006
(Snackman and Rosie thanks for the kind words)
Regards, Foam
http://www.cs.utsa.edu/~shxu/stc06/
A workshop held in conjuction with the
13th ACM Conference on Computer and Communications Security (ACM CCS'06)
Friday Nov. 3, 2006, Johnson Center, George Mason University, Fairfax, Virginia, USA
Invited Talk II: The Role of Trusted Computing in Internet Scale DRM
by Geoffrey Strongin (AMD)
Abstract. The XRI Data Interchange (XDI) protocols and schemas provide a foundation for internet scale exchange of data between parties based on mutually agreed upon policies. Local enforcement of the policy and the preservation of the persistent binding between the data and policy imply a local policy enforcement system. This talk explores the relationship between trusted computing, remote attestation and local policy enforcement capabilities in an Internet scale environment.
BIO. Geoffrey Strongin is an AMD Fellow, and serves as AMD’s chief platform security architect. In this role he contributes to the definition of security features incorporated into AMD’s processors and supporting platforms. A long-time supporter of Trusted Computing, Mr. Strongin was a founding board member of the Trusted Computing Group. Mr. Strongin also serves as co-chair of the OASIS XDI Technical Committee, and is Member of the Board of Trustees of XDI.ORG, a non-profit public-trust organization responsible for overseeing and administering XDI-based global services. Mr. Strongin’s outside interests include the intersection of technology, public policy and law. An award winning designer with over 30 patents, Mr. Strongin holds a BSEE degree from Arizona State University.
TC job at AMD
As Security Technologist, this person will
help to specify and guide AMD's platform security technologies. This will include working with product management to help identify, prioritize and validate the technical feasibility of product requirements, as well as coordinating product technology roadmaps.
This work will encompass products and technologies developed by AMD, as well as products provided by AMD partners.
Will work with engineering and industry standards bodies to develop technology specifications that provide the blueprint for AMD and partner products, and work with product management to create pre-concept definitions that will result in technology prototypes.
Will guide partner development efforts through AMD's ISV/IHV teams to prioritize and optimize on AMD technology and ensure that partner engineers are kept abreast of new and enhanced AMD technology such that timely support for these features is readily available in the partner products.
QUALIFICATIONS:
- Bachelors or Masters Degree
- 10 years high tech technical product management or engineering experience preferred.
- Detailed knowledge of platform level security technologies required. For example:
-AMD Virtualization (Pacifica) and AMD's Presidio technology - SKINIT instruction, Device Exclusion Vector (DEV), Enhanced Virus Protection (EVP), etc.
-Trusted Computing Group (TCG) - Trusted Platform Module (TPM)
-Cryptography including asymmetric and symmetric cryptographic functions, one-way functions and system and network standards using those functions - Public Key Infrastructure (PKI), S/MIME, Pretty Good Privacy (PGP), etc., and related products & implementations (e.g. OpenPGP, etc.)
Secure Japan -Govt. document referencing TPMs
(Page 38 - "In FY 2006, the competent agency will perform research and development toward realization of a safe computing environment through the use of PCs equipped with a Trusted Platform Module (TPM), which has such security functions as processing, protection of secret keys, and verification of the validity of the platform." - All of this under the aegis of the Ministry of Economy, Trade and Industry of Japan, looks very promising for NTT Data going into 2007)
http://www.nisc.go.jp/eng/pdf/sj2006_eng.pdf
Intel and Apple working together on future secret technologies http://www.informationweek.com/news/showArticle.jhtml?articleID=193100299&pgno=2&queryText= future technologies
CRN: Intel shared the stage at IDF with Apple. How will Intel's relationship with Apple evolve in 2007, or is the cooperation mostly finished?
GELSINGER: It's far from done. Let's take it in phases. First was the honeymoon, where we won Apple as a customer. The second phase was execution and getting products done and, third, we just finished that. The MacBook Pro was the last product. We just finished the birthing. We've just gotten that done, but a number of projects are under way with Apple on next-generation technologies -- but I can't detail those. Apple is very secretive, even to us. It's the nature of the company.
Intel on Content Protection
(a bit wishy-washy but interesting that the theme is getting increased attention and discussion from Intel - what with Lagrande looming on the horizon)
http://www.hexus.net/content/item.php?item=6822
MP3s are great, aren't they? Well, they are when they actually are mp3s and they're not some other format wrapped up in all sorts of dicey DRM, whereby you can't be sure whether the 'rights holder' might decide to stop letting you use the file you thought you owned.
Technology innovation has many forces acting upon it. When the MP3 format was invented, nobody really knew just how big an impact it would have and just how much piracy would come as a result of it. Then came what some would call an overreaction. The best way to deal with content protection is just one of the forces acting on technology. There are standards, regulations and policy too. Intel's Phil Wennblom explained on Monday where the company stands within this tricky territory.
Intel: We don't want no innovation stifling!
Let's continue with the content protection thread for a moment, then. In Wennblom's presentation is a snipped from a New York Times article, published July 2002, in which it says "The entertainment industry's campaign to rally Congressional support for new copyright enforcement is yielding results" and goes on to say that some technology execs and consumer advocates weren't too happy. The entertainment industry is still bolshy about protecting its content. Some executives jump through hoops, while others sit on the same side of the fence as the consumer advocates.
Intel's stance? Some copyright enforcement methods are a threat to innovation. "Legislature should focus on unacceptable uses of technology", read's Wennblom's slideshow, while it "should not define technology requirements." So, if you spell out how technology shouldn't be used, there's still scope for innovation, but if you start defining requirements, the 'innovators' are bound by those requirements and can't... well... innovate.
Still, to keep everyone happy, Intel needs a responsible technical policy. They're moving from the old ways of policy following technology, to the opposite, where technology follows policy, but the laws and regulations are such that there's a "favourable environment for innovation".
Intel wants to embrace global standards (presumably standards it has a hand in creating), but doesn't want to see regulations with specifications that stunt innovation.
One area in which standards are extremely important is communication. The electromagnetic spectrum is seemingly a limited resource, but Intel poses the question of whether this limit is artificially imposed by certain standards and regulations.
With wireless communications ever growing, Intel's policy position is to have flexible licenses, technology neutrality and to enable new technology and uses of the radio spectrum, but without causing interference (duh).
DRM?
Intel wants content protection that respects the rights of copyright holders, but gives users the flexibility that consumers would expect to have. They hit the nail on the head with the notion that markets, not mandates, dictate customer satisfaction.
So Intel's technical policy, as depicted today, looks a very smile and nod affair. Agreeable stuff, but how exactly will the balances between consumer experience and rights protection be struck? Guess we'll have to wait and see.
Interesting:VPro capabilities coming to ViiV platform
http://www.hexus.net/content/item.php?item=6887
Intel's Active Management Technology could be making its way into the home, it was revealed at IDF on Thursday.
Brendan Traw of the Digital Home Group gave a technology insight presentation, during part of which he covered how the management technology found in vPro could be a key component in future Viiv platforms.
One of the biggest problems for service providers, PC retailers and e-tailers and in fact anyone selling product to consumers, is support. There are now so many variables that it's hard to troubleshoot issues without the consumer returning the product, or the seller sending somebody out to fix it.
Traw explained how the manageability engine in IAMT could be used to solve this problem, particularly as the amount of technology within the home increases.
The mysterious 'Don' then came onto the stage to give a demo of how management technology could be applied to the Viiv platform. The first example was in creating policies that protect a computer in much the same was as a corporate PC would be protected from viruses and security breaches.
Don emulated the cunning of his son by attempting to disable the NetNanny (Internet filter) service on the machine. Management technology picked up on this and severed the system's Internet connection until NetNanny was up and running again. The same principal would apply if a hacker or virus attempted to disable security software.
In the second and more exciting demo, the home PC was intentionally blue screened (that must be a first...). A second computer, say one at a service provider's support center, was shown to be able to connect to the PC, even in this crashed state. The home machine's disk was mounted on the 'remote' support PC and a diagnostic OS booted, with terminal access provided to the support PC so that text-mode display of the home PC was available to the 'support staff'. The diagnostic OS identified the problem (corrupt boot sector in this case), fixed it and rebooted the PC back into Windows.
The ability to repair a computer remotely, even when it can't boot, is without a doubt a potentially very cost effective support approach for a great deal of companies. Obviously there are security concerns, but it was said that the connection must be initiated by the faulty machine, so support staff won't be able to snoop on PCs at will.
Once again we're seeing technology from one Intel platform making its way into others. Perhaps we won't be ringing India for support in a couple of years... we'll be having them remotely repair our PCs for us.