Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Doma, I agree as far as very large enterprises are concerned and the consumer space. Smaller (make your own definition) enterprises may be a target as well I would think. I happen to think this is an important area for Wave, however, as the recurrent revenue from attestation is a potentially very large number. I have no idea what the costs would be to provide that kind of service on a large scale basis, however. Do you?
Svenm
Doma, Do you mean that you doubt that Wave desires to be the Privacy CA? That is to say, that you don't think they intend to be a Trusted Third Party providing attestation?
Svenm
Doma, I'm sure you know this, but the endorsement key is embedded in the TPM,signed by the manufacturer and published in the form of a digital certificate (according to the Siani Pearson edited HP book on trusted computing platforms). That key should not be migratable as it is bound to a specific TPM.
Svenm
Awk, Agreed, but if the Trusted Third Party is not needed I would think that the price of the Wave tech may be less than the $39.95 for ETS 4.0. Just conjecture, of course.
Nice reply to Weby's question. Certainly more complete than I could have answered!
Cheers,
Svenm
Weby, If and when TPM containing Entertainment PC's are deployed en masse and premium content becomes available to the digital consumer, it would seem to me that the Wave package (somewhere north of $20) will be a bargain to the consumer just by eliminating the time and gas costs to travel to the local movie theater (to use the simplest of all possible comparisons). My understanding (ICBW) is that attestation will be an integral part of that technology. With Direct Anonymous Attestation Wave tech may not be necessary, I believe. However, hopefully Wave will have a significant share of the Trusted Third Party Attestation which hopefully will be demanded by content providers determined to eliminate all piracy.
Svenm
Guv, Feeney's proven his lack of ability (I'm being kind) many times over. He doesn't have any redeeming qualities that I'm aware of. That's not the case, IMO, of the rest of management. I don't know why they keep him on board, but there's probably a dark reason that we're not aware of. Of course, tomorrow could prove us wrong, but I doubt it.
Svenm
Wildman, If you go to the url posted by VH and look at the pdf document concerning Hardware architecture it appears that the special requirements of mobile devices related to power, among others, are such that they (at least Intel, IBM and NTTDoCoMo) felt that a separate organization was needed. However, the underlying tech is clearly TPM as outlined in the whitepaper. Both Level 2 and 3 devices would clearly be candidates for Wave tech to varying degrees, IMHO and non-tech opinion.
Svenm
Foam!
That is the "find of the week!" I've been waiting for that one since STM announced their TPM production. The hockey stick curve potentially just got a whole lot steeper!
Svenm
Zen,
Why would the market be impressed? That 340K deferred isn't even a footnote on the last page of any source the market would look at. Only a handful (maybe a little exaggeration here)of people other than Wavoids realize the positive implications of that $340K in deferred revenue. I tend to agree with Vader, with an obvious caveat: Either management was counting on #1, in which case they've made another financing error (hopefully one more nail in Feeney's coffin) or #'s 2 or 3 will come to pass.
JMHO,
Svenm
Wildman,
Nice summary and thanks for asking some relevant questions.
Svenm
Unclever,
Thanks so much! Great job as usual!
Svenm
HJ,
Thanx. I missed that post.
Svenm
OT (?):
(Underlines mine). Svenm
Sunday, October 17, 2004
Linux wants to earn your trust
Secure version of operating system seeks to compete with Unix
BY Michael Hardy
Published on Oct. 18, 2004 Printing? Use this version.
Email this to a friend.
RELATED LINKS
"Spies work on info sharing" [FCW.com, Sept. 30, 2004]
"National Semi expands TCG lineup" [FCW.com, Sept. 24, 2004]
Trusted Systems information
Trusted Computer Solutions (TCS) Inc. officials are developing Trusted Linux, a highly secure version of Linux that will rival Unix in environments in which security is the highest priority. The operating system will provide a platform for TCS applications.
Defense and intelligence agencies, banks and other financial firms, which all insist on tight security, are the company's main customers, said Ed Hammersla, TCS' chief operating officer.
The concept of trusted computer systems started in the Defense Department during the 1980s. The term refers to systems that have met particular specifications and certifications. Some evaluation criteria that DOD officials established have since been eclipsed by the Common Criteria Evaluation and Validation Scheme, an international set of security standards for technology products, but much of the original work and the concept itself remain vital.
TCS officials expect Trusted Linux to be certified under Common Criteria at Evaluation Assurance Level 4, Hammersla said. The EAL scale runs from 1 to 7, and 7 is the highest score.
TCS officials plan to begin beta testing Trusted Linux this fall, Hammersla said. The operating system will form the foundation of a trusted computing base, a system of software, hardware and firmware that enforces a unified security policy.[u/]
"This is a huge improvement over manual and unaudited methods of sharing information or, [in the] worst case, not sharing information at all," he said.
The only other commercially available trusted operating system is Sun Microsystems Inc.'s Solaris version of Unix, he said. "That dictates, then, that if someone wants to use our [trusted] applications, they can only do so if they're on the Sun platform," Hammersla said.
TCS customers began asking for a Linux alternative about two years ago, he said. After TCS officials determined that other Linux distributors were not likely to produce a trusted version, they decided to tackle the job.
To ensure that the system qualifies as trusted, TCS officials sought input from the relevant accrediting bodies early in the development process, Hammersla said.
"We have taken the time and the care to go talk to the various accrediting bodies, to let them know what we're doing and to verify their requirements," he said. "Although I wouldn't say government agencies have had an active role in the actual development, they've been participatory in their desire" for a trusted operating system.
The company based the system on a version of Linux, called SELinux, which National Security Agency officials had already developed, he said. TCS' development team has been enhancing SELinux to make it meet Common Criteria EAL 4 requirements.
Once the operating system is available, it will take a place alongside other versions, such as Red Hat Inc. Linux and SuSE Inc. Linux, as a retail product, he said. "Whether we do that directly or through partners is to be determined," he added.
Tony Stanco, associate director of the Cyber Security Policy Research Institute at the George Washington University, said that the operating system is both the first line of defense against malicious code or hackers and also the source of most vulnerabilities.
Companies are "all trying to get a more secure system around what they're trying to do," he said. "The operating system is one of the big vulnerabilities [on] the whole. It's like the first level. Once you get that secure, where people can't compromise that, you can build some secure applications on top of that."
Trojan horse programs and viruses usually can't penetrate trusted systems, Stanco said. When they do, they usually are not able to affect software, rendering them impotent.
Linux is generally considered more secure than Microsoft Corp.'s Windows operating system, but it still has vulnerabilities, Stanco said.
Retired Army Lt. Gen. Keith Kellogg, who serves as an adviser to TCS, said information sharing is increasingly critical in government, and a trusted Linux system will be an important tool to have.
"The requirement to have secure information, the government knew the importance behind it," said Kellogg, former director of command, control, communications and computers for the chairman of the Joint Chiefs of Staff.
"They put out guidelines and regulations to do it, but so few came to the party that there was always a waiver policy," he said. "One of the reasons [companies] didn't do it was because it costs money. To get yourself certified costs about a million dollars a pop to get just one certification. A lot of corporations didn't see the value proposition. If there was [a] waiver so you didn't need to do it, they didn't see a reason."
Waivers are harder to come by now, and vendors are more likely to be held to the requirements, Kellogg said.
Microsoft officials, however, are not likely to adopt the trusted label, said Quazi Zaman, technology specialist manager for platforms at Microsoft's federal division. They consider the need for trusted systems to be a niche market, he said.
"Microsoft has been focused on solving customer problems," he said. "We have picked up the bigger headaches rather than unique headaches. If it's a unique situation, we will let third-party vendors develop [something]. If we see that it's widespread and they want a trusted version of the OS, then yeah, we will look at it and come out with a trusted version of the OS. But that's speculation. We're not seeing that."
Creating a trusted version means company officials also would have to modify all the applications that run on the operating system to maintain the security continuity, Zaman said.
Microsoft officials have been taking security seriously, however, and are increasing security levels in their products, he said.
To take a familiar example, Windows XP users have to hit the control-alt-delete key combination and enter a password to boot up and log in to their computers, he said. In earlier versions of Windows, "that was an afterthought," he said. "You could work around any password log-on."
***
Ensuring security
The Trusted Linux operating system that Trusted Computer Solutions Inc. officials are developing will be rated at Evaluation Assurance Level (EAL) 4 on the Common Criteria evaluation. EAL 4 is a midlevel rank on a scale of 1 to 7. It means that the developer uses positive security engineering based on good commercial practices, which do not require substantial specialized knowledge. According to National Institute of Standards and Technology officials, "EAL 4 is the highest level at which it is likely to be economically feasible to retrofit an existing product line."
Specifically, EAL 4 includes:
Partial configuration management automation.
Modification detection.
Administrator and user guidance documents.
Well-defined development tools.
Independent vulnerability analysis.
Barge,
Actually, I did bring that project to the board's attention. I also brought it to the attention of Wave management who returned my email with a "Thank you for letting us know." I haven't followed it up since then. It would be interesting to know whether or not any progress has taken place.
Svenm
Snacks, See Post #54944. Doma partially addressed this question.
Svenm
Barge,
Thanks for the laugh! That's a great way to start the day! You're too much!
Sympathetically,
Svenm
Barge,
If I hadn't been disappointed so many times by dashed raised hopes in relation to Wave I would be jumping up and down right alongside with you on the Digital Media Centers. Do you remember Peanuts and the beginning of football season? Every time Charlie tried to kick the first kickoff ball Lucy would pull that ball away and he would land on his noggin. Well, I just think of SKS as Lucy and I'm Charlie Brown. The difference between you and me is that you're ready to go for it again right away. I have to nurse my wounds for a while before I'm ready to take another shot at it.
Hopefully one of these days SKS will hold that ball and you'll kick it out of the end zone!
Cheers,
Svenm
Orda,
Thanks for your schematization! Excellent job! Looking forward to the pricing addition.
Svenm
Foam, Do you remember the Finread initiative involving the Proton E-Purse? Here is an old PR from 2001 discussing Wave's involvement (bolds mine):
News Release
Wednesday 11 July 2001, 12:30 GMT Wednesday 11 July 2001
TECHNOLOGY
BUSINESS
Wave Systems
CPS Europe to integrate Wave's EMBASSY technology into products targeting FINREAD secure e-commerce terminal specifications
Securealink, a Wave partner, announces order to supply EMBASSY chips toCPS Europe for FINREAD secure E-commerce initiative
Wave's EMBASSY Personal E-commerce Technology teamed with CPS atEU-sponsored FINREAD demonstration
Brussels, Belgium - CPS Europe, a designer and producer of consumer security and telecommunication products, and Wave Systems (Nasdaq: WAVX - http://www.wave.com) today announced that Wave's EMBASSY Personal E-commerce Technology is planned to be integrated by CPS Europe into FINREAD-compliant smart card readers manufactured by the Netherlands-based company. In a related development, silicon partner Securealink has announced that they have received an order from CPS to deliver EMBASSY chips in support of the FINREAD project.
The companies will today jointly participate in a FINREAD-related technology demonstration, open to industry and the media, sponsored by a program of the European Commission. At this demonstration an EMBASSY Personal E-commerce Terminal runs a Proton E-Purse application and a Cartes Bancaires BO' E-Payment application.
"Wave's EMBASSY technology allows us to bring a FINREAD-compliant E-commerce device to market in the fourth quarter of this year," said Herman Struiwigh, CPS Europe CEO. "Our customers will be able to deploy a terminal that has all the innovation and design features that they expect from CPS Europe. Our integration of EMBASSY technology provides our customers with the ability to add functionality and services and revenue streams beyond FINREAD specifications in a single device in the consumer's home. It is a perfect fit in CPS' range of secure smart card products. This range includes PocketID offline smart card readers and FinSafe™ secure smart card readers."
FINREAD (Financial Transactional IC Card Reader), a consortium created in the framework of a European Commission Information Society (IST) Program, and led by Groupement des Cartes Bancaires (France), along with SIZ (Germany), Banksys (Belgium), Interpay (The Netherlands), Europay, VISA and Ingenico (France), establishes standards and specifications for smart card readers and advanced E-commerce terminals used in home banking, shopping and other e-commerce services to insure the manufacture and rapid deployment of interoperable, secure smart card terminals for European Union countries. FINREAD compliant terminals will first be deployed in Europe and then globally.
Observers estimate the market for readers with new increased security specifications required by financial institutions could exceed 80 million units in Europe alone. "Our agreement with CPS Europe is an important step in establishing EMBASSY as the leading solution in support of a very large FINREAD market opportunity," said Steven Sprague, Wave Systems president and CEO. "As a silicon partner for Wave Systems, Securealink is pleased to announce that we have received an order from CPS to deliver EMBASSY chips in support of the FINREAD project," said Henk Pruim, Pijnenburg Securealink, Inc.'s president and CEO. "The integrated circuits that are available today are our first entry in the secure consumer payment space and digital rights management."
Securealink, is a leading worldwide innovator of "Security Solutions in Silicon TM" with offices in Vught, The Netherlands and Los Gatos, California. Securealink provides secure high-performance cryptographic and privacy ICs supporting commonly-used protocols. The company's secure chips are easily integrated into VPN and SSL appliances and devices, as well as secure smart-card readers and other secure access devices.
"Wave continues to move aggressively to make EMBASSY personal E-commerce technology the 'must have' solution for manufacturers for what we expect to be a fast growing market in Europe for consumer devices meeting the requirements of leading banking, financial and smart card issuing institutions," said Bruno Leconte, vice president, European Operations, Wave Systems.
FINREAD specifications require terminals designed to address a high level of security for PIN entry and display of sensitive information. Those specifications guarantee a level of online security that is among the highest in the world, enabling all forms of secure financial services transactions, including secure electronic transactions (SET) protocol transactions. The most demanding FINREAD specifications require interoperability features, future adaptability in the field, and a method to securely certify software applications to upgrade the device, disqualifying most if not all fixed function solutions in the market today.
The CPS-Wave Systems agreement combines CPS Europe's ability to cost efficiently manufacture leading-edge technology consumer products for rapidly growing markets in smart card, security and the Internet technology sectors, with Wave's EMBASSY technology, the leading solution to meet the strenuous FINREAD specifications. EMBASSY is hardware based and meets FINREAD's Level 5 security requirement. The open, programmable secure environment of EMBASSY makes it the only single chip solution capable of the interoperability features and in the field adaptability required by FINREAD. EMBASSY is supported by back office capabilities to handle different currencies and payment schemes as well as a Trust Assurance Network to certify software changes or upgrades to the device. Secure certification and the handling of multiple payment schemes are further requirements of FINREAD.
About CPS Europe
Established in 1993, CPS Europe designs and produces leading edge consumer security and telecommunication products including smart card telephones, smart card readers and Internet screen phones. The company integrates telephony, Internet, home banking and smart card support to create unique product solutions. CPS Europe products provide excellent opportunities for service providers to give e-commerce qualitative as well as quantitative impetus. The company markets ingenious products with an outstanding price/performance advantage that distinguish themselves from the competition through applied design and the resulting cost price. For more information visit: www.cps-europe.nl CPS Europe is part of Pijnenburg Beheer, a holding that includes Hagenuk GmbH, Pijnenburg Heating Controls, Pijnenburg Securealink, CPS Broadcast Products and CPS Asia within the group.
About Wave Systems
Wave Systems, with partners and allies, envisions a worldwide network of users based on trusted electronic relationships. Trust @ the Edge defines a new architectural model for the Internet, which embeds trust and security in every user device. Wave Systems, Lee, MA, is developing, deploying, and licensing its EMBASSY Trusted Client technology for the mass adoption of this revolutionary model. Wave is integrating industry standard functions from a wide range of partners that enable reliable, secure digital exchange and commerce. Wave Systems and third parties are building the services that will take advantage of this open model. For more information, visit http://www.wave.com.
Distributed by PR Newswire on behalf of Wave Systems
--------------------------------------------------------------------------------
Contact details for all releases are only available to the media via PR Newswire for Journalists.
--------------------------------------------------------------------------------
PR Newswire Europe Ltd.
Ludgate House
Your find may indicate that that FINREAD work may still bear some fruit.
Svenm
Guv, Personally, I think the privacy fanatics have already lost the battle. I doubt any concessions are necessary to those groups. I tend to think the main factors re: the attestation question (DAA vs. TTP attestation) are costs vs. degree of security and ease of use, plain and simple. Attestation will be an important part of trusted computing. It's just a question of which type with which clients in which kinds of content exchange.
Svenm
Foam, I appreciate your input and agree with most of the impressions you had as well. Although Wave may be able to grab the role of "issuer" I wouldn't be surprised if the TPM manufacturer took this role instead. In any event, I agree that it is very unlikely that DAA will replace TTP attestation in the enterprise space. So little is known at this time of the consumer applications that I think it is difficult to make an informed assessment of how widespread one or the other will be in that role. It could be that in the consumer space, using downloaded premier movies as an example, that the consumer client uses DAA whereas the content provider chooses to use TTP. I'm sure this issue will become clearer in the not-too-distant future.
Svenm
Foam, Your view of DAA is similar to how I first thought of it as well. Now I'm just not sure how it will play out. I've seen references about TTP attestation vs. DAA to that effect (i.e. the degree of security afforded by each). However, when reading the HP Bristol Lab's whitepaper on DAA I couldn't find that kind of differentiation, and indeed, that whitepaper questions whether TTP attestation might not be inferior to DAA from the point of security. Since it is dated June 2004 I began to wonder if indeed DAA might be able to replace TTP attestation altogether. Doma mentioned someone from HP said that both forms would be available and both would be used (perhaps for different levels of security).
The long and the short of it is that I don't know for sure and I was hoping someone had a better handle on this technology might come forward with an explanation. So far I haven't heard such an explanation so I wouldn't count on any revenues from attestation for the time being. Since it's only a portion of the Wave business plan it's not a "make it or break it" technology for Wave in any event.
Svenm
Correction on the last post next to last line: Certifying PA should read Privacy CA.
Svenm
Go-Kite, My understanding is that the term "verifier" is reserved for the host that is verifying the credentials of a remote TPM that is requesting to interact with that host. The "verifier" is not a third party; it is one of two parties directly involved in the interaction. On the other hand, DAA does require a third party "issuer," (see TPM Main Part/Design Principles, Specification Version 1.2, 31.1 TPM-DAA-JOIN, pg. 129 which may be found at the TCG.org website). I have not been able to find the definition of "issuer" but you seem to be quite sure of the tech here, which I readily admit that I am not so sure of. Perhaps you could provide me, and anyone else who may be interested, with the definition of "issuer" in this context?
By the way, this isn't merely an esoteric exercise. I assume that the "issuer" will charge for this service. If the "issuer" is the TPM manufacturer then any revenues from this service will probably flow to that entity. If the "issuer" is a Certifying PA (Wave e.g.)then they will receive those revenues.
Do you happen to know who the "issuer" is?
Svenm
Go-Kite, I wasn't questioning the viability of trusted computing. But DAA is attestation without the need for a trusted third party and hence is a possible loss of revenue to a company having that as a major part of its business plan. That's why I'm trying to shine a little light on that variable in the future revenue equation. I think Doma's posts # 63375 and 63376 provide good perspectives on other important variables in that same equation. The arrival of DAA may have changed the terms of the equation to some extent. That doesn't mean that Wave doesn't have a viable business plan. It just means that it may be changed (again).
Svenm
Weby, Guv, Whitewash: Thanks all for the input. Occasionally it's interesting just to see what sort of visions each of us have. I suppose Guv and I are pretty much on the same page on the vision thing at this point in time. I won't waste cyberspace with any further conjectures. To paraphrase Weby: Time Will Tell!
Svenm
Barge, You write: "WAVE is a Platform/Interoperable/OS play, and only secondarily a services/application play."
Could you please tell me what you that concretely means to you? Being a "platform/interoperable/OS" play doesn't mean much to me unless it translates into revenues. My understanding is that Wave has a great deal of IP, some of which is being licensed by companies such as Intel and NSM for a relatively small fee. Wave management has repeatedly made clear that the business plan provides for the majority of profits to come from the licensing, on a per seat basis, of premium software which includes/will include key management. Trusted third party attestation, I believe, is a key component of that key management. Enterprises may pay their $20 a seat for KTM alone, but I don't think a large percentage of individual consumers will pony up for just KTM, or for security alone (I understand that many people may not agree with those assumptions). SKS stated in a previous CC that Wave did not intend to "levy a tax on trusted computing" and that Wave would earn their fees by providing a service. I took this to mean, at least in the case of consumers, that TTP attestation would be the chief means of Wave to realize value for their services. If valuable content can be downloaded safely with direct anonymous attestation, instead of TTP attestation, is there not the risk that this market segment would elude Wave's grasp? And if that is the case, what can Wave do to realize revenues in that space instead (without "taxing the trusted computing arena")?
I believe ESC software may still be necessary for the consumer segment as it will be necessary for TPM management and the consumer will need to pay something for that software, but I hardly think it will command the same kind of fees that AIK management would.
I hope this isn't kicking a dead horse, but up until DAA I was pretty confident that Wave had a workable business plan that translated into a very nice revenue stream. It wasn't the Petermeter, but it still worked out to a lot of $'s. If we lose attestation in the computer arena our revenue base will shrink further, IMHO.
I'd look forward to anybody's thoughts/alternatives on this issue.
Svenm
Doma,
Thanks for the info (and your ongoing awesome contributions!). That makes perfect sense, of course. I hadn't thought in terms of both forms of authentication being used by the same user for different applications.
Svenm
Sorry Jeff, didn't mean to repeat myself but I didn't see that the first message went through.
Svenm
Whitewash, I don't think so. The whole thrust of the whitepaper from Zurich that AWK is referring to is to substitute 3rd party attestation with DAA. The authors feel that would be a superior form of attestation than that involving a 3rd party, trusted or otherwise.
Svenm
Whitewash, I don't think DAA does require a TTP. The whole thrust of the whitepaper from Zurich that AWK refers to is to substitute 3rd party attestation with DAA. The authors feel that DAA would provide a superior form of attestation than that involving a 3rd party.
Svenm
Barge, Sorry, I answered your previous post before reading this one. Further research after the post you brought up made clear to me that DAA may (not clear if it will) be able to replace 3rd party attestation with a trustworthy amount of security. All this based on a rigorous, complex mathematical model that is probably still being worked on and apparently not fully understood by many of the trusted computing gurus. I'm no mathematician and gave up trying to understand the guts of how it worked after a page or two of equations that were beyond any of my college calculus courses. But I will say this, the source (who prefers to remain anonymous) that gave me the info is quite knowledgeable and reliable and is a fellow long.
Svenm
Barge, Unfortunately, you are wrong about DAA (Direct Anonymous Attestation). Although I don't pretend to fully understand this technology, DAA is, as I understand it, basically a very complex mathematical method to provide attestation of a TPM identity without the use of a Privacy CA (Wave's role with 3rd party attestation). While not quite as secure as a Privacy CA type of attestation, DAA would be a cheaper, and almost as secure, alternative. Whether or not it will prevail as an alternative to Wave's role as a Privacy CA is, I believe, still up in the air. Of course, this doesn't replace the other roles that Wave has to play in the Trusted Computing Infrastructure.
JMHO, Svenm
Ramsey, I may have missed it, but do we know the terms (approximately) of the licensing agreement with ST Micro for the ESC and CSP?
Svenm
Rosie, Way to go! That is one excellent piece of news and definitely deserved cap's!
Svenm
Doma, So is the Embassy Trust Suite!
Svenm
Wave is hiring: I wonder if they hired their lawyer and if he/she is busy writing a few contracts?
Svenm
--------------------------------------------------------------------------------
Engineering - Software
--------------------------------------------------------------------------------
Senior Software Engineer- Cupertino, CA
Analyze, develop, and implement web-based multi-tier server framework, which will provide licensing services, back-end and software maintained services for Wave Embassy security applications. Develop products and systems for large-scale, configurable, commercial software. Coordinate testing to ensure successful implementation. Analysis and problem solving skills, knowledge of business processes and production environment support needs. Knowledge of PKI, X.509 and TCG a plus. Required skills: object oriented design, SQL database design and management, C/C++, COM+, SOAP, ADO, MS SQL Server, Web Servers, MS .Net Framework,
Requires Masters or the equivalent* in Computer Science, Computer Applications or the foreign academic equivalent plus three years experience in the job offered or the related occupation of Software Engineer, Systems Analyst, Programmer Analyst, or Systems Architect. *(Bachelors degree in Computer Science, Computer Applications or the foreign academic equivalent degree and five years of progressive experience will substitute for Masters degree in Computer Science or Computer Engineering and three years of such experience).
--------------------------------------------------------------------------------
Senior Quality Assurance Engineer - Cupertino, CA
Responsible for designing, coding, testing and implementing software technology for an advanced online purchasing system that empowers users to secure, distribute and sell digital information. Develop testing strategies and lead testing efforts of software projects; actively participate in the review of software development documents; implement and execute test plans to ensure software product quality; analyze and document detected defects and other test results; and assist the QA Manager to recruit and mentor junior QA engineers. Contribute as part of team with the goal of providing the best technology for our companys online sales and distribution.
Requires Bachelors degree in Computer Science, Electronics or the equivalent* and 2 years experience in the job offered or a related position in software engineering, software QA engineering, programming or software consulting .*(in lieu of bachelors degree plus 2 years related experience will accept 4 years of experience in software engineering, software QA engineering, programming or software consulting).
--------------------------------------------------------------------------------
Software Engineer - Cupertino, CA
Designs and programs multi-tier software for the company's EMBASSY Trust Assurance Server Applications. Develops software using object-oriented techniques, cryptography, and web-based applications and services. Designs and implements business logic by using C++ and ATL COM components. Develops service-to-service communication using XML, SOAP, WSDL, and UDDI technologies. Develops certificate revocation list generation component and certificate status checking, using CRL and OCSP mechanisms. Responsible for comprehensive server performance measurement and data analysis. Provides ongoing technical problem solving assistance and support for customer service, product line management, and field application engineering.
Requires MS in Computer Science, Engineering, Materials Science or the foreign equivalent degree plus 2 years experience in the job offered or a related position in software engineering.
--------------------------------------------------------------------------------
Software Engineer - Cupertino, CA
Responsible for designing, coding, testing and implementing advanced embedded secure electronic commerce systems, which enable users to secure, distribute and sell digital information. Key member of team developing various core modules such as cryptographic libraries, application developer toolkits, embedded operating systems and debuggers using the languages (C/C++/ARM Assembly) and tools (Microsoft Visual Studio, ARM SDT, CVS, NuMega DriverStudio). Designs, implements and analyzes cryptographic algorithms. Develop software applications for smart cards and other secure tokens. Software design using advanced object-oriented techniques, languages (UML) and tools (Rational Rose, Artisan Real Time Studio).
Requires BS in Computer Science, Engineering, Electronics and Communications or the foreign equivalent degree plus 1 year experience in the job offered or a related position in software engineering or software development engineering.
Copyright © 2004 Wave Systems Corp. All rights reserved
Gov,
I had similar concerns re: DAA when Microsoft first surfaced the idea about a year ago in one of their PR's. Unfortunately I can't direct you to the research I did and I can't find any old emails to Wave or others in which the topic was discussed, but the upshot of my research was that while DAA provides better than present security on the PC, it by no means can replace a trusted third party attestation for web services or even for truly reliable security and of course, provides no KTM services. Basically DAA from the user's computer tells a communicating computer that the user's computer has a functioning TPM on board. It is not nearly as rigorous a form of security. All in all, I was satisfied at the time that Wave has nothing to fear from DAA.
Svenm
Barge, "Down Boy!" or I'm going to call Nurse Ratchett to give you your shot!
Svenm
Weby, AMEN! Not that AWK's (and many others too numerous to name) marvelous DD and dot-connecting and Barge's cheerleading aren't appreciated. But your reasoned, patient and balanced approach brings a little sanity to the board that is very much appreciated by yours truly!
Svenm