Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
REQUEST FOR INFO. FOR FEDERATED IDENTITY MANAGEMENT SOLUTION
http://www.fbo.gov/spg/DON/NAVSUP/FISCDETPHILA/N00140%2D06%2DQ%2DRFI/Synopsis.html
Document Type: Special Notice
Solicitation Number: N00140-06-Q-RFI
Posted Date: Sep 26, 2006
Original Response Date: Oct 06, 2006
Current Response Date: Oct 06, 2006
Original Archive Date: Oct 21, 2006
Current Archive Date: Oct 21, 2006
Classification Code: D -- Information technology services, including telecommunications services
Naics Code: 519190 -- All Other Information Services
Contracting Office Address
Department of the Navy, Naval Supply Systems Command, FISC NORFOLK DETACHMENT PHILADELPHIA, 700 Robbins Avenue, Building 2B, Philadelphia, PA, 19111-5083
Description
Request for Information for a Federated Identity Management Solution for US Joint Forces Command
1.0 SUBJECT
Request for Information (RFI) for a Federated Identity Management solution designed to provide authentication and authorization services for critical Government functions. Responses are due to this RFI by 4:00 PM on October 6, 2006. See section 8.0 for further information.
2.0 DESCRIPTION
US Joint Forces Command is seeking information from industry that will assist in the identification, development, and deployment of a Federated Identity Management (FIM) solution that satisfies the following capabilities:
Specifically, this RFI seeks the following information:
Conceptual technical architecture alternatives
? Technical feasibility alternatives assessments
? Approximate cost information (i.e., order of magnitude, ballpark estimates, etc.) for alternatives
? Development and deployment schedule estimates
? Ideas and suggestions that provide alternative approaches to designing, developing, acquiring, operating, and managing the FIM solution
3.0 REQUIREMENTS
This section enumerates the high-level functional requirements for the FIM. For purposes of responding to the RFI, requirements in the form of hypothetical locations to be served and associated traffic requirements for initial operational capability (IOC) will be made available to interested respondents through the government POC.
? The FIM solution will be deployed on the Secret Internet Protocol Router Network (SIPRNET) shared by government agencies and other authorized users only.
? There will be no interconnections or gateways to the Internet or other public or private networks. This applies to any network management, control, and maintenance functions as well.
? The solution will provide Single Sign-on Capability
1. Create single sign-on sessions with heterogeneous environments
a. To include one Microsoft .NET domain
2. Permit customized session times
3. Enforce user credentials
4. Leverage rules and role-based controls for applications
5. Support for SAML 1.1 and Liberty Alliance Phase II specifications
6. Support for Java Authorization and Authentication Service package
7. Employ the following authentication methods
a. X509 certificate-based authentication
b. Common Access Card authentication
c. Kerberos Authentication
? Provide a Central Directory Service
1. Perform Identity and Password, and Synchronization Management
2. Hold a central repository or virtual directory of LDAP entries
3. Provide a web based interface for Network Administrators
4. Provide a web interface for users to modify some attributes such as phone numbers
? Provide a Federated Service Capability
1. Perform SAML assertion exchange
2. Perform Single log-out within the trusted domain
3. Automate the federated identity information within a single domain (i.e. all of USJFCOM)
? The Vendor is expected to demonstrate these capabilities in the upcoming CWID demonstration of June 2007. CWID, the Coalition Warrior Interoperability Demonstration, is the Chairman of the Joint Chiefs of Staff annual event that enables U.S. Combatant Commands and the international community to investigate new and emerging technologies that can be moved into operational use within 6-12 months following the execution period. The demonstration builds a temporary global network over which cutting edge communications technologies interact to support scripted scenario. Technologies are evaluated for utility, interoperability with existing and new systems, and security.
? The FIM will support critical government functions and will be immune from malicious service and/or functional disruptions to which the shared public networks are vulnerable (i.e., so-called cyber attacks).
? FIM will provide the highest levels of reliability and availability including trunk and access diversity, and rapid failover in the event of server disruptions. This RFI does not specify a particular requirement for availability or reliability. Responses to this RFI will assist in establishing this requirement. In formulating responses, each respondent should describe the reliability and availability characteristics of each alternative included in their response.
? The solution will be secure (i.e., encrypted by the network using NSA approved encryption techniques), and will be suitable for carrying classified information. For purposes of this RFI respondents should assume encryption of payload data only. No encryption of routing or addressing information is contemplated at this time.
? This will be a turnkey solution offered and priced as a service to participating users. For purposes of this RFI, assume a single invoice with supporting detail presented monthly to GSA will be acceptable.
? All components and links must be located in the U.S.
? The FIM solution shall evolve to maintain technology and service currency with state of the art commercial services to the maximum extent practical.
? FIMS will be operated on a 24/7 basis by the contractor.
? FIMS will provide initial operational capabilities (IOC) within six months from contract award. For purposes of responding to the RFI, IOC is defined as full functionality of authentication services for the DoD Common Access Card. Within 12 months after award, remaining authentication modules involving Kerberos and X509 certificates will also be part of the solution.
Other requirements not directly related to physical network and services isolation will be addressed at a later date. Examples of such requirements include security policies and security management requirements, required active defense measures, security of network management and control technologies, network capacities, service level agreements, and other important considerations.
The purpose of this RFI is to gather information about those requirements enumerated above. To the extent simplifying assumptions are needed, respondents are encouraged to make and document such assumptions in their responses.
4.0 POSSIBLE NETWORK SOLUTION
The FIM software must meet the functional requirements specified above. The Government is open to alternative concepts for solutions that meet these requirements. The Government encourages creativity and outside the box thinking in responses to this RFI.
This RFI seeks information about a fully dedicated federated solution as well as other approaches that could meet the functional requirements with additional levels of sharing of personnel, equipment, and connectivity paths. In doing so, the Government seeks to understand the tradeoffs among risks, costs (initial and ongoing) and alternative technical architectures that incorporate increasing degrees of sharing.
Accordingly, respondents are encouraged to provide information about any alternatives that can be demonstrated to be immune from the kinds of disruptions described in section 3.0, above.
5.0 SAMPLE RESPONSE OUTLINE
Following is a suggested outline and suggested page counts for a response to this RFI. This outline is intended to minimize the effort of the respondent and structure the responses for ease of analysis by the government. Nevertheless, respondents are free to develop their response as they see fit.
Section 1 ? Conceptual Alternatives
Briefly describe two or more alternative architecture concepts for FIM, including the reliability and availability characteristics of the alternatives. Discuss the capability for the architecture to expand to meet video requirements, and to meet needs outside CONUS. (3-5 pages per alternative with one diagram per alternative identifying the brand/type of solution that would typically be deployed)
Section 2 ? Feasibility Assessment
Briefly describe the feasibility of each alternative and the design tradeoffs involved as matched against the functional requirements and risks of penetration. (1 page per alternative)
Section 3 ? Cost and Schedule Estimates
Provide cost estimates for each alternative for 5 and 10-year contract terms for non-recurring and annual recurring costs using the locations provided at the public information exchange meeting (one page table). Also, discuss cost drivers, cost tradeoffs, and schedule considerations (2-3 pages)
Section 4 ? Corporate Expertise
Briefly describe your company, your products and services, history, ownership, financial information, and other information you deem relevant. (No suggested page count)
In particular, please describe any projects you have been involved in that are similar in concept to what is described in this RFI, including management and operations approach, security requirements, security assurance processes, and any relevant lessons learned (1-2 pages per project).
Include any comments on the structure of the requirements for a formal RFP response.
Note ? please also describe any network capacity assets that you might be willing to dedicate for deploying FIM. Examples of such assets might include unsold or unsubscribed capacities, so-called dark fiber routes, assets designated for liquidation or that are financially under-performing, etc.
Section 5 ? Additional Materials
Please provide any other materials, suggestions, and discussion you deem appropriate.
6.0 INFORMATION EXCHANGE MEETINGS
Due to the time constraints for submission of CWID proposals, questions on further details will be handled through the government POC.
In addition, USJFCOM will consider meeting individually with interested potential respondents. If you are interested in requesting such a meeting, please respond to the contact provided in section 8.0, below.
7.0 DISCLAIMER
This RFI is issued solely for information and planning purposes only and does not constitute a solicitation. All information received in response to this RFI that is marked Proprietary will be handled accordingly. Responses to the RFI will not be returned. In accordance with FAR 15.202(e), responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Responders are solely responsible for all expenses associated with responding to this RFI.
8.0 CONTACT INFORMATION
Following is the Point of Contact (POC) for this RFI, including the public information exchange meeting:
Mr. James (Jim) Pasch
(757) 836-6437
James.pasch@jfcom.mil
Please submit responses via e-mail in Microsoft Office format by 4:00 PM on October 6, 2006, to the POC. You may also submit supplemental hardcopy materials such as brochures, etc. (5 copies each) to the POC.
Point of Contact
Vicki Morris, Contract Negotiator, Phone 215-697-9636, Fax 215-697-9569, Email vicki.morris@navy.mil - James Swizewski, Contracting Officer, Phone 215-697-9630, Fax 215-697-9569, Email james.swizewski@navy.mil
Place of Performance
Address: NORFOLK, VA
Postal Code: 23551
Country: UNITED STATES
Trusted Computing key part of Intel future
http://www.hexus.net/content/item.php?item=6814
Day Zero of the Intel Developer Forum - the warm up day, if you will - kicked off Monday with Abel Weinrib giving a presentation on the Corporate Technology Group, of which he is Vice President and Director...
Currently in the innovation pipeline are Intel's 'platforms for the future', in which the company has a vision of one tenth the power consumption and ten times the performance. There are several technologies being worked on for these future platforms, here are a couple of examples:
Trusted computing - Taking current technologies further and implementing new trust technologies to ensure computers are used by the right people and in the right ways. (Yes, we know it sounds nasty, but hang around for our story on Phil Wennblom's Day Zero presentation if you need some help sleeping tonight.)
TCG Interop presentations now available
(interesting to see joint Juniper/Wave demonstration)
https://www.trustedcomputinggroup.org/news/events
Message getting out on Dell security
(Wave needs to keep tweaking initialization)
http://www.pcauthority.com.au/review.aspx?CIaRID=3255
Elsewhere, Dell has caught up with Lenovo in terms of security, and the embedded TPM chip offers hardware encryption all the way from turning on the Latitude in the morning to accessing files in encrypted vaults. The fingerprint reader between the mouse buttons is a useful addition, and you can use it to unlock the Latitude before it even begins to boot. Setting up all the security options is a fiddly process, but it only needs doing once and offers a serious level of security for your data.
Fujitsu and Softex Deliver a Single Solution for Biometric Authentication and Password Management
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/09-25-2006/0004438740&...
Fujitsu Integrates Softex OmniPass Software into the Award Winning
PalmSecure(TM) Biometric Authentication Device for Dual-Layer Identity
Assurance
SUNNYVALE, Calif., Sept 25 /PRNewswire/ -- Fujitsu Computer Products of
America, Inc., one of the world's leading suppliers of innovative computer
products including hard disk drives, peripherals and biometric security
solutions, and Softex Incorporated, a market leader in biometric/smart card
enabled security software, today announced that the Fujitsu PalmSecure(TM)
biometric authentication device will be supported by Softex's OmniPass
software application for environments that require dual-layer identity
management and authentication for secure data access. With this powerful
combination, a complete high-security biometric solution is now available
for both client and enterprise level applications.
A leading provider of innovative security software products and
solutions for computing devices, Softex has shipped over five million units
of its OmniPass software worldwide. The OmniPass software easily integrates
with biometric devices to manage passwords and secure data in a world where
using only passwords for authentication is becoming less secure despite
more stringent rules such as 90 day expirations as well as length and
character requirements. Implementation of the software application allows
for secured login and encryption and decryption of files, all without
needing passwords.
With the integration of the OmniPass software alongside the high degree
of security of vein pattern recognition, the PalmSecure sensor will be
effectively positioned as a key component in the healthcare, government,
and financial industries where strict regulations demand the latest in data
protection and authentication.
"OmniPass is a powerful tool to help manage passwords and identities,"
said Joel Hagberg, vice president, marketing and business development,
Fujitsu Computer Products of America. "With OmniPass, the adoption of our
PalmSecure sensor is expected to grow beyond our already successful
international deployments to banks, universities, hospitals and private
residences."
The PalmSecure/OmniPass solution creates more secure environments by
requiring users to prove their identity using their palm vein pattern.
First, the users register their vein pattern against their access
credentials where identities can be tracked and mapped to their provisioned
applications. Subsequent scans are compared to the registered pattern and
when a match is made, access is granted.
"Passwords have inherent vulnerabilities when they aren't part of an
overall security strategy," said Gregg S. Philipson, vice president, sales,
Softex Incorporated. "For example, when a single password that is used for
multiple applications is discovered, several doors open at once. Shared
passwords can be compromised and long passwords can be difficult to
remember. As a result, managing isolated password-based security programs
that are not tied to an overall strategy are creating an increasing cost
burden with diminishing results."
The Fujitsu PalmSecure biometric authentication device offers a
contactless, hygienic and non-invasive means to authenticate identity by
leveraging each person's unique palm vein architecture. The sensor works by
capturing a near-infrared image of the palm vein pattern. The proprietary
algorithm takes this data, converts it into a digitized biometric template,
and then matches it against a pre-registered template.
Softex's OmniPass software is a PC client application that can be used
by consumers and enterprises to securely login to websites and applications
(SSO) as well as protect data on a PC. It can also be used to secure
e-mail, VPN and certificate private key access. The OmniPass software
supports multiple authentication devices and can be configured for
multifactor authentication using a variety of authentication devices
connected to the PC. The enterprise can implement a certain security
strategy today, for example biometrics or smart cards, but as an enterprise
grows and business requirements change, support for new devices, such as
Trusted Platform Module (TPM) chips or custom tokens, can be easily added.
The pairing of the PalmSecure sensor and the OmniPass software builds
on the existing relationship between the two companies. Softex also
supplies the software used for the fingerprint sensors in Fujitsu laptops
and tablet PCs.
The Fujitsu PalmSecure biometric device can be connected directly to
the USB port of a notebook PC, or embedded into desktop PC keyboards. The
new Fujitsu PalmSecure/OmniPass product offering will be available in the
fourth quarter of 2006.
New notebook w/TPM 1.2 (Compal)
http://biz.yahoo.com/prnews/060925/lnm010.html?.v=9
Compal Electronics and Fortemedia Launch World's First Notebook With Small Array Microphone (SAM(TM)) Technology
Monday September 25, 10:27 am ET
CUPERTINO, Calif., Sept. 25 /Xinhua-PRNewswire/ -- Fortemedia, a leader in voice processing technology, and Compal Electronics, a world leader in notebook original design manufacturing (ODM), announced the 1st production ready mainstream notebook integrating Fortemedia's patented Small Array Microphone(TM) (SAM) technology at the Intel Developer Forum 2006 (San Francisco, Taipei, Shanghai).
ADVERTISEMENT
Fortemedia's SAM module is integrated on the display lid of Compal's HGL30/31 notebook. Differing from broadside array microphone, SAM's unique cone shaped beam can effectively suppress ambient interferers and noises from typing, hard disk or optical drive spinning and notebook fan. SAM also provides uncompromised full duplex speakerphone performance. Its distinctive small form factor, low power consumption addresses the challenges faced in designing notebooks.
The new HGL30/31 series is a thin-and-light notebook with advanced features like 1.3M pixel camera, Fortemedia SAM module, VoIP desk phone integration, TPM 1.2 and fingerprint in a slim 5.3 lb package.
"Compal HGL30/31 series is the 1st notebook targeting popular VoIP applications for traveling professionals and consumers," said Andrew Chen, Vice President of Sales at Compal. "SAM from Fortemedia perfectly fulfills the mobile end user voice communication expectation. The effort we took to design new features into the HGL30/31 is a testament of Compal's goal in delivering the most advanced solutions to the ever changing PC and communications industries."
"Fortemedia's SAM dominates the automotive hands-free communication segment already," said Dr. Paul Huang, Chairman and CEO of Fortemedia. "We are excited to have this opportunity to work with market leaders such as Compal in delivering breakthrough technology such as SAM to notebook PCs. Notebook PC users will now experience superior voice quality for VoIP and video conferencing, more enjoyable internet gaming, and usable voice activated application offered only by SAM. "
About Compal Electronics
Established in 1984, Compal Electronics (2324.TW) is one of the world's largest notebook PC makers. While notebook PCs now make up majority of its total revenue, LCD monitors and LCD TVs are also part of Compal's product offering. Compal sells its notebooks primarily to Dell, HP, Toshiba, and Acer. In 2005, Compal shipped more then 9.8 million notebook PCs. The company is located in Taiwan and owns production facilities in China. The success of its mobile communications business was spun off and is now known as Compal Communications (8078.TW).
Zen - Thanks. Credit where it's due. He's the ideas man, I'm just a curious observer with a little money to put on the table. Cheers, Foam
It is illuminating to try to tease out all the threads that are being woven into the fabric of the emerging trusted network. It's sometimes a bit dizzying, to be quite frank! I agree, once the user has become accustomed to an interface that can deliver a certain modicum of reliability, then it is unlikely that it will be changed in any significant way. Right now, the groundwork is being laid down for a new more intelligent communications network and Wave seems to have placed itself quite nicely to get pulled right into the center of it all (I do think the govt. will be a significant factor in this respect). And here we sit watching it all happen - history in the making. Of course, you never can be sure where things will end up, but hopefully by now we have been well schooled in the art of reading probability. Regards, Foam
Rachel - Thanks for the follow up eom!
Certicom and Nokia
http://biz.yahoo.com/cnw/060919/certicom_security.html?.v=1
Certicom Cryptography to Further Secure the Mobile Workplace
Tuesday September 19, 8:00 pm ET
Support for U.S. government requirements and multiple platforms key considerations for Nokia in choosing Certicom for Intellisync Mobile Suite
MISSISSAUGA, ON, Sept. 19 /CNW/ - Certicom today announced that its cryptographic technology is being used by Nokia in a multi-year contract as the foundation for security in the Intellisync Mobile Suite as well as its instant messaging, unified messenger software and data and file synchronization products.
Certicom's technology adds another layer to the robust Nokia security portfolio, which protects the enterprise at every level, from the corporate network all the way to the application, whether in a traditional or mobile environment. Working with Certicom allows Nokia to bring its mobile solutions to market quickly with proven, standard-based security that supports a wide range of mobile platforms and meets the U.S. government FIPS 140-2 requirements.
Nokia licensed Certicom Security Builder(R) SSL(TM) for accurate and optimized standards-based implementations; Security Builder(R) Crypto(TM) as the core crypto provider; and Security Builder(R) GSE(TM) to meet U.S. government FIPS 140-2 security requirements. With Security Builder GSE, Nokia can easily add FIPS 140-2 validated cryptographic functions to its Intellisync product line, thereby meeting government standards.
"Nokia understands that enterprises simply cannot compromise on security, so every element of our Enterprise Solutions portfolio was developed with this in mind," said Tom Libretto, director, product marketing, Enterprise Solutions, Nokia. "Incorporating Certicom's technology at the application layer means that enterprises can be sure company information is protected from behind the firewall, out to the device and within the application itself."
"Customers using Intellisync Mobile Suite from Nokia, who include some of the largest companies in the world, depend on them for secure and reliable wireless communications. Certicom helps Nokia meet those expectations with our proven, standards-based security implementations," said Ian McKinnon, Certicom's president and CEO.
Nokia offers a complete portfolio of security solutions for the enterprise, including the Nokia IP Security appliance family that features integrated security, firewalls, IP VPN and SSL VPN. Nokia has incorporated enterprise-class security into its devices and now into its mobility solutions with Certicom.
Brian Berger at ITSummit 2006
http://itsummit2006.globalpresspr.com:8080/ITSummit/Home/Agenda/Schedule.html
Tuesday, November 14
8:15 - 8:45 am Keynote 3
8:45 - 9:15 am Break
9:15 - 9:45 am Briefing: Trusted Computing Group - Brian Berger, TCG Chairman, Board Member / Executive VP Wave Systems
This document a must-read!!
SKS discusses trusted computing with some heavies and they (the heavies) are starting to get it quite well. Esther Dyson of ICANN, Stewart Baker from the Department of Homeland Security and Stratton Sclavos, Ceo of Verisign, are all participants and quite aware of trusted computing and its potential.
http://www.release1-0.com/pcforum/transcript/2006/Security_and_Citizens.pdf
Wave at New York investment event
http://www.nyssa.org/Template.cfm?Section=calendar&template=/ContentManagement/ContentDisplay.cf...
Small Cap Innovators Conference
DATE Thursday, October 5, 2006
TIME 8:30 a.m.-5:10 p.m.
LOCATION NYSSA
1177 Avenue of the Americas, 2nd Floor
(between 45th and 46th Streets), NYC (Directions)
Photo ID required for access to the building.
CHAIRS Sherry Lombardi, The Answer Factory
Laurie Malen, The Answer Factory
Wave Systems Corp. (Nasdaq: WAVX)
Steven Sprague, CEO
Gerard T. Feeney, CFO
Wave is a provider of security software and services to the emerging Trusted Computing industry.
Ramsey - Aristotle said that the strength of democracy is that many heads can work together in a cumulative (and compounding) exercise of intelligence. I think that many of us here operate with that spirit in mind and the results are beneficial for all participants. Of course, he did say that democracy can also result in very dubious agendas gaining sway over the majority. We've also seen plenty of that, but quite frankly disregarding such attempts is the best way to make sure they gain no traction...
Wave and its products are definitely coming into the real world and I was heartened to hear yesterday that there has been a win with the govt. - this is very real leverage that they can take to prospective customers and gain other wins (and there will be an exponential growth from there). The growing buzz around TNC and federated identity is also encouraging and it's very nice to see Wave launching products into this swell, an effort that will bear much fruit I believe. More OEMs to be announced this autumn (as per Wildman's post on the other board)- it all looks pretty good from my vantage point. Regards, Foam
New Products on Wave's site
http://www.wavesys.com/products/enac.html
http://www.wavesys.com/products/eee.html
Juniper and Intel pushing TNC/VPro synergy at IDF
(Speakers include Karthik Krishnan of Juniper and Ned Smith of Intel (also participates in TCG).
Session Details
Session ID: VPTS004
Session Title: Digital Office Endpoint Access Control Vision and Strategy
Session Abstract: Intended Audience:
What you will get from this session:
• Overview of how EAC strategy encompasses both proprietary and standard based frameworks
• Understanding of enterprise EAC implementations that can bridge multiple vendors, protocols and standards
• How digital office platforms work with a variety of EAC implementations by supporting standardization of protocols useful to EAC and by building to elements common to multiple EAC frameworks
Track: Business Client PCs - Advanced Technologies (*Ts); Business Client PCs - Intel® vPro™ Technology
Primary Target Audience: Business Decision Makers; Developers; Technical Decision Makers & Influencers
Session Experience Level: Advanced - Assumes Mastery of the Fundamental Principles
Technology Topic: Intel® Advanced Technologies (*Ts); Security; Intel® vPro™ Technology
Duration: 50
Room: 2001
Speakers: Kevin Cline, Intel; Karthik Krishnan, Juniper; Ned Smith, Intel
Other IDF session with GD crew and TC
(Extension of the first session, but this whole Lagrande and TC thingy is getting some attention from the govt. sector)
Session ID: VPTS003
Session Title: Codename Lagrande Technology and the Technology Evaluation Platform
Session Abstract: Intended Audience: Codename Lagrande Technology Developers, VMM Developers, LT evaluators
What you will get from this session:
• Codename Lagrande Technology (LT) description
• Technology Evaluation Platform (TEP) description and rationale
• Platform hardware requirements for the TEP
• Platform software requirements for the TEP, includes BIOS, VMM, and applications
• TEP providers and availability
Track: Business Client PCs - Advanced Technologies (*Ts); Business Client PCs - Intel® vPro™ Technology
Primary Target Audience: Business Decision Makers; Developers; Technical Decision Makers & Influencers
Session Experience Level: Advanced - Assumes Mastery of the Fundamental Principles
Technology Topic: Intel® Advanced Technologies (*Ts); Security; Intel® vPro™ Technology
Duration: 50
Room: 2001
Speakers: David Grawrock, Intel; Patrick Kelley, GD; Chris LeBeau, GD; Mike Maschino, GD; David McLean, MPC; Paul Petersen, MPC; Jon Rolf, NSA; Chuck Roose, GD; Kerry Vano, Int
Some light on GD and trusted computing!!
(IMO, Wave is going to be involved in some layer of this architecture - no accident GD notebook has bundled ESC)
http://www28.cplan.com/cv125/sessions_catalog.jsp?ilc=125-6&ilg=english&isort=1&is=%3CIS...
Very interesting session from Intel IDF in late September by David Grawrock (of TCG fame) with some very interesting (and seemingly interested) participants (see bolds below)
Codename Lagrande Technology and Digital Office Platform Security
Session Abstract: Intended Audience: Developers, IT Administrators
What you will get from this session:
• Codename Lagrande Technology (LT) Description
• Why measurement of the Virtual Machine Monitor (VMM) is so important
• How LT and the VMM measurement fit into IT use models
• LT Roadmap and introduction to the Technology Evaluation Platform (TEP)
Track: Business Client PCs - Advanced Technologies (*Ts); Business Client PCs - Intel® vPro™ Technology
Primary Target Audience: Business Decision Makers; Developers; Technical Decision Makers & Influencers
Session Experience Level: Advanced - Assumes Mastery of the Fundamental Principles
Technology Topic: Intel® Advanced Technologies (*Ts); Security; Intel® vPro™ Technology; Intel® Virtualization Technology (VT)
Duration: 50
Room: 2001
Speakers: David Grawrock, Intel; Patrick Kelley, GD; Chris LeBeau, GD; Mike Maschino, GD; David McLean, MPC; Paul Petersen, MPC; Jon Rolf, NSA; Chuck Roose, GD; Kerry Vano, Intel
Juniper and Intel to present on TNC at IDF
http://www.juniper.net/company/events/world_events.html#200609000
September 26-28, 2006
Attend Intel Developer Forum for global access to technology, ideas, and people who will transform the future of technology and how the world uses it.
Speaker: Steve Hanna
Session: Co-presentation with Intel on TNC & Juniper's Use of TNC in their products
Date/Time: TBD
CTIA presentations available online (Mobile TCG)
https://www.trustedcomputinggroup.org/groups/mobile/CTIA_Final_Seminar_Presentation.pdf
Zen -
http://www.neisg.org/Directions/Default.htm
Microsoft Corporation
6th floor
201 Jones Road, Waltham, MA 02451
(781) 487-6400
Driving Directions
From Logan Airport:
Leave Logan Airport following the signs to the Ted Williams Tunnel and the Mass. Turnpike (Rt. 90) West. Take the Mass. Turnpike to Exit 15. At Exit 15, follow signs for I-95/128 North. Take 95/128 North to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
From North (I-93):
Take I-93 South to I-95/128 South. Take 95/128 South to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
From North (I-95 / Rt 128):
Take 95/128 North to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
From Route 2:
Take Route 2 to I-95/128 South. Take 95/128 South to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
From South (I-95):
Take 95/128 North to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
From West (Massachusetts Turnpike):
Follow the Turnpike (Route 90) East to Exit 14. After the toll follow signs to I-95/128. Take 95/128 North to Exit 26 (Route 20 East). Follow Rt. 20 East through first stoplight, and take next left turn onto Stow Street. At end of Stow Street, turn left onto Main Street (Rt. 117 West). Continue on Main Street, passing above Rt. 95/128, and then turn left onto Jones Road at the blinking yellow light. The Microsoft offices are in the Waltham Weston Corporate Center at the end of Jones Road.
Rachel -
http://www.neisg.org/Meetings/Default.htm
Thursday, September 21, 6:30 PM
"Laptop Encryption and the Trusted Computing Platform," by Wave Systems
Trusted computing promised the industry a secure future for enterprises and users. Gone would be the panic attacks over lost laptops containing customer data, credit card information or sensitive files. Users would be liberated from remembering multiple complex passwords that must be changed regularly. Files would be safely stored without the threat of unauthorized user access or hacking theft. Trusted network access control would authenticate machines, users and even a PC's health in milliseconds, before even allowing a PC onto secure networks.
The promises still sound futuristic, but the reality is here today, with nearly every major PC manufacturer shipping computers with the Trusted Platform Module (TPM) chip in mass volume. The TPM enhances the security of critical capabilities such as login, email, web access and data protection. The chip is placed in a PC and protects secrets by hardware that would otherwise be more vulnerable and only be protected by software.
Key topics will include:
> A practical roadmap to incremental deployment of TPM computers in the enterprise
> Benefits of turning on trusted computing: Leveraging TPM hardware for advanced data protection, network protection, identity protection and more
> Impact upon traditional/existing security strategies: What's enhanced and what's displaced?
> Managing trusted computers: From key management and recovery, to extending the trusted architecture to servers, storage and more.
Utimaco and key management
(Is Utimaco going to get into key management?)
http://www.eema.org/static/isse/programme_day2.htm
TPM enterprise key management requires centralised hardware-based security
Bernhard Weiss, Project Manager, Utimaco Safeware AG, Germany
TCG and grid computing
The initiative to bring TC to grid computing is called Daonity and is outlined in the following document (HP initiative)
http://www.ggf.org/GGF18/materials/391/ACM-Daonity.pdf
Thoughts on VPro
We have commented here on how Seagate's FDE will act as an incentive for OEMs to adopt a TC interface (i.e. ESC) that would give enterprises/govt. access to centralized server tools for trusted computing. And I think that this line of reasoning is quite correct. It seems to me that the management tools inherent in VPro (remote diagnostics/updates in a secure partition etc) will help drive the need for the same TC server tools if these operations are to be performed securely. VPro literature mentions platform identity and attestation of configuration, but they cannot happen without servers performing the attestation and managing keys that guarantee identity. VPro management solutions performed remotely can save companies a great deal of expense (as Intel has been touting), but they also by their very nature increase the need for iron-clad security. Without a very secure root of trust (i.e. TPM), these operations would be transacted on quick sand, so to speak, and the results would be catastrophic for any enterprise (there's a reason why the TPM is standard). Even the OEMs assembling their own VPro motherboards (such as HP) will inevitably come up against this question - what TPM software should they have in the box that will let their customers get the greatest possible benefits from VPro (i.e. a trusted server infrastructure). Either they will adopt the best and most far-reaching solution or lose the customer. There is a very good reason that Intel has had their eyes on Wave to make this whole thing happen. The next stage of trusted computing is upon us, as SKS remarked, and increasingly OEMs and enterprises will be looking for whoever can make virtual IT management happen without a hitch. Why? Because they can save a lot of money if they do. This latest Intel PR is very significant going forward imo. Yes, of course, it takes time for all of this to translate into real-world deployment, but not that much time this time (I hope)... REgards, Foam
Interesting recent DRM article to read on a slow day
(This from Intertrust has some bearing on the article below:
http://www.intertrust.com/main/overview/trustcomputing.html)
-Will DRM interoperability and trusted computing one day converge?
A long term consideration to be sure, but one that bears watching nonetheless. Regards, Foam
Coral Consortium Integrates Windows Media DRM
August 23, 2006
By Olin Sibert
http://www.drmwatch.com/standards/article.php/3627901
The Coral Consortium is making good on its promise of DRM interoperability by describing -- and demonstrating -- how Microsoft Windows Media DRM (WMDRM) can be supported in the Coral framework -- without any effort or alterations on Microsoft's part. In a 31-page white paper published last month, they lay out the details of technologies that service providers and device makers could adopt to use WMDRM and interoperate with other DRMs.
The goal of the Coral Consortium is to enable a world in which content consumers don't need to know or care what DRM is used to protect any content, but in which content providers and other parties have freedom to choose the DRM technology that is most appropriate for their businesses. Although demonstrations have not yet been made in any public setting, with this announcement, WMDRM now joins OMA as a DRM technology that can interoperate in the Coral universe.
From a consumer standpoint, the core of the interoperability approach is the Coral rights token: when a consumer obtains access to content (e.g., buys a song, uses a subscription), what really happens is that the consumer gets a rights token that the Coral technology creates and manages. To actually use the content (e.g., listen to the song), the consumer's rights token is translated into an appropriate DRM license managed by the underlying DRM technology that protects the content. A good deal of behind-the-scenes mechanism is involved for the content delivery mechanism, the content provider, and the consumer device in order to make this happen, but the end result is that the consumer gets to use the content without needing to be aware of any of it.
How does this help? Because the consumer's rights are represented by the Coral-managed rights token, it is possible to use that token to access the same content through a variety of different devices, content sources, and delivery mechanisms -- all of which may involve different DRMs. That's the optimal result for the consumer, but what's needed to make it happen?
Unlike some interoperability approaches, which attempt to unify technologies by adjusting them to fit a single model, the Coral approach is to interact with the native software interfaces of each DRM and provide an interoperability layer on top. This approach is more complex than the adjust-to-fit model, and it requires more processing and communication, but it has the substantial advantage that -- at least in theory -- it requires no changes in the underlying DRM or security technologies.
Bringing Interoperability to Market
Of course, delivering interoperable DRM in the marketplace is not just a matter of technology.
One obstacle is that consumers already have an appealing alternative to any DRM: unprotected content. With unprotected content, there is no need for agreements among providers about business model details and no need for a common interoperability technology. As consumer needs surface (for example, transferring videos from the web to portable players), technology can be created without constraints that fulfills that need. Such organic growth is not practical in a world of DRM-protected content, which means that technology suppliers must anticipate consumer desires and plan in advance to accommodate them.
Another obstacle is that for interoperability to make sense, business models must be, in some broad sense, compatible. If one DRM technology only supports a subscription business model, and another supports only supports a purchase business model, it is simply not meaningful for the two to interoperate.
The Coral Consortium is addressing this problem by promoting an industry consensus around broadly-compatible DRM business models and rules. Known as Ecosystem-A and described in another white paper, this home network interoperability model is intended as the basis for Coral's interoperable DRM brand. From a technical standpoint, the Coral technology supports multiple ecosystems, but in practice, in terms of providing a reasonable consumer experience, it is important to have a single ecosystem that encompasses an understandable and consistent set of DRM rules. Fortunately, the content industries seem to be converging on a common understanding of business rules, making it practical to establish a common ecosystem for DRM interoperability.
The common ecosystem is critical to allowing a sensible mapping of managed rights from different DRM technologies. If Coral can achieve broad industry convergence, then common rights (such as purchase, device transfer, subscriptions, etc.) can be mapped from disparate DRM technologies into the rights expressed by the Coral rights token, and made visible and understandable to the consumer. Although there will certainly be rights expressible in specific DRM systems and not others, those can also be expressed in Coral framework, simply with the proviso that they apply only to specific types of content -- and as that situation is the exception, not the norm, it should present no significant problems for consumers.
A third obstacle to interoperability is that it requires that software interfaces to specific DRM technologies be made available to developers. For DRMs like WMDRM that are explicitly designed for integration and delivered with a software development kit (SDK), this is not an issue, but for others, such as Apple's FairPlay, the software interfaces are closed, proprietary, and tightly controlled.
Interoperability can be achieved with the Coral approach only if the DRM has an SDK that exposes a full set of DRM functions, for both content and license generation as well as content use. A consume-only model (e.g., for integration with player devices) is not sufficient: the SDK must also provide full access for integration with content vending and distribution services.
Market Incentives
For the Coral interoperability technology to be a success, participants in all parts of the value chain have to see the benefits and use it.
For device manufacturers, it's not a big issue, because even devices that know nothing about Coral (e.g., "PlaysForSure" compliant devices that support WMDRM) can participate. Of course, some business rules (like subscriptions and expiration) require device capabilities that aren't present in all devices, but the mapping between Coral rights tokens and the individual licenses created for DRM systems can accommodate such restrictions. That accommodation comes at the cost of making DRM differences visible to the user, but in a way that is no worse than the restrictions that the device already had, and better than no interoperability at all.
For content providers, the primary impact is the encouragement -- but not requirement -- to adopt uniform schemes for identifying content, so that a right tokens can be unambiguously associated with different versions (and different DRM protections) for the same content. Yet this is merely a larger version of content identification problems that content providers have had all along and that have been addressed by a number of different standard identification schemes.
The Coral technology's biggest impact is in the space of content fulfillment, where licenses are actually distributed (usually with the content itself). For these parties, adopting the technology means adding significant mechanism to their license creation and distribution, because they must create and distribute both the Coral rights tokens and the technology-specific DRM-licenses. This is all behind-the-scenes mechanism, but there is a lot of it -- and there are also complex business relationships (e.g., revenue-sharing for different distribution channels) that have to be established.
For consumers, simple business models using the Coral technology will be essentially indistinguishable from proprietary DRMs. However, once the Coral ecosystem is populated, many interesting scenarios become practical.
For example, a consumer might purchase a song while listening on a DRM-enabled cellphone. This means that the consumer obtains a rights token, as well as a DRM license that the cellphone uses (e.g., for the OMA DRM that protects the song). When the consumer comes home, the cellphone can talk by BlueTooth to a Coral gateway, which automatically obtains the appropriate technology-specific DRM license for the consumer's home entertainment system (which might support WMDRM), and can download and store the song there. The Coral gateway might become involved again to obtain a license for playing on a portable media player. This exciting scenario is possible only if all the DRMs can interoperate, and that is what the Coral technology promises.
Delivering the Solution
Can Coral deliver? In this case, delivery means both technology and business relationships, and as usual, the relationships are the hard part.
The WMDRM integration is a promising start, because it shows that a DRM not designed for Coral can work in the Coral world without any changes. It is more sophisticated and complete than the earlier proof-of-concept demonstration with OMA DRM. However, the WMDRM demonstration is purely technical and does not address the business issues of broader interoperability. Even the technology aspect is strongly dependent on Microsoft's current business model for WMDRM, which has its roots in Microsoft's mission as a software company.
Today, WMDRM, which is distributed as an SDK, is specifically targeted toward establishing a large community of interoperable devices and services (the PlaysForSure initiative). The SDK nature of WMDRM is what enables Coral to define an integration strategy. Even without Coral, interoperability among WMDRM devices and services is straightforward, since Microsoft supplies the technology and the rules. However, recent revelations about Microsoft's forthcoming Zune device suggest that it may be departing from that business model. Will Microsoft close parts of its SDK, or engineer a Zune-specific distribution channel that cannot interoperate with existing PlaysForSure devices? If so, then the Coral interoperability story for WMDRM is no longer as straightforward, since it would require active adoption by the Zune player and its associated distribution system to succeed.
Most other popular and nascent DRMs all seem to be taking the SDK route, at least for now, although they have proprietary and license restrictions that can be more strict than WMDRM. For example, it seems entirely plausible that Coral could do a WMDRM-like integration with the Open Media Alliance's OMA DRM, RealNetworks' HelixDRM, and certainly the forthcoming Marlin DRM, which is being developed by a core group of companies that are also active in Coral.
The elephant in the room, of course, is the FairPlay DRM used by Apple's iTunes service and iPod players. FairPlay is a completely proprietary vertical stack that is available only to Apple, and Apple has been zealous about guarding its rights to that stack. The recent experience in France, where Apple may have left the French market entirely rather than supporting legally-mandated interoperability for iTunes, suggests that Apple will not easily give up. Although the FairPlay file format has, on occasion, been sucessfully reverse-engineered to support compatibility with other services (e.g., by RealNetworks), that was not complete interoperability and it has not proved to be a sound long-term basis for reliable interoperability.
Another more diffuse obstacle is the proprietary nature of the content distribution systems in special-purpose markets such as cellular telephone networks and pay television. These typically closed systems are operated and controlled by single parties. Unlike audio and video content companies that are embracing diverse and general-purpose distribution models using the Internet, the relatively closed cellphone and video channels are still learning about the benefits and demerits of owning the whole stack, and are not as strongly interested in interoperability. This is particularly true in the video world, where pay television and controlled access systems are by far the dominant distribution model for rights-protected video.
The problem with interoperability in general, and DRM is no exception, is that the benefits accrue primarily to the small players, not the dominant ones. Thus, the dominant players (e.g., Apple, the pay television companies, and -- potentially -- Microsoft) may see little incentive to adopt a technology that would allow their customers to take their business elsewhere. For the smaller services and device manufacturers, the Coral picture may be much more appealing, but even widespread adoption by 15% of the market probably doesn't count as success. Although interoperability may be appealing to consumers, it is not clear that consumers can have sufficient pull through the rest of the value chain to foster adoption.
The Coral Consortium has developed effective technology for interoperability, and has elucidated the business issues that must be addressed for interoperability to happen. However, it is hard to see the technology becoming widespread unless Apple, in particular, decides that interoperability is desirable.
Interesting Michael Dell interview
http://knowledge.wharton.upenn.edu/article.cfm?articleid=1543&CFID=4354917&CFTOKEN=26411143
...We also have great opportunities in services. Services is a vast new land for us in terms of growth and expansion. Today, we are concentrating on infrastructure services. If we were doing this interview in 5 or 10 years, I think that we would be talking about many other services as well. But today, [we are focusing on] infrastructure services in the form of migration, deployment and managed services, where we will manage the entire life cycle of the client environment for a large company or an institution [including] ... installation, training, asset management and, of course, maintenance. Dell is the largest provider of hardware maintenance services for computers in the United States. So services is a big area of growth for us also.
...Japan is an interesting kind of retrospective, because when we started in Japan in late 1992, the conventional wisdom was, "Well, this is really not going to work in Japan." If you fast forward to today, we are now number one in the desktop market in Japan and number two overall in the Japanese market. We have a very profitable and successful business, roughly a $3 billion business, and it continues to grow in a very steady fashion.
Tampa - Telecosm 2006
http://www.gildertech.com/public/Telecosm2006/Home.htm
The 10th Annual Gilder/Forbes Telecosm Conference
TELECOSM 2006: The Telecosm at Ten
October 4 - October 6, 2006
The Resort at Squaw Creek | Lake Tahoe, California
Hosted by Steve Forbes and George Gilder
Interesting appearance by SKS at Telecosm 2006
http://www.gildertech.com/public/Telecosm2006/Agenda.htm
Wednesday, October 4
7:15 pm -8:30 pm New Frontiers in Optics: Defense and Data Processing Technologies Capturing the Bad Guys
Speaker:
Terry Turpin, Senior Vice President, Chief Scientist, Director, Essex Corporation
Panelists:
John Day, Principal Scientist, Essex
Monte Hancock, Chief Cognitive Research Scientist, Essex
Fred Leonberger, Principal, EOvation Technologies LLC; Board of Directors, Agility, Alphion, and RF MicroDevices; Senior Advisor, MIT Center for Integrated Photonic Systems
Steven Sprague, President and Chief Executive Officer, Wave Systems
Moderator:
George Gilder, Chairman, Gilder Publishing, LLC;
Editor in Chief, Gilder Technology Report
Enderle on VPro
http://www.macnewsworld.com/story/apple-news/52777.html
Intel Secures the Desktop
Speaking of Intel, that firm made a strategic move in its battle with AMD (NYSE: AMD) to lock down the desktop and lock out competing vendors. vPro, which, surprisingly isn't a horrid name, seems to have a lot going for it. First, it has a solid foundation for the platform in the firm's best performing processor ever -- the Core 2 Duo. Built on top of this, is a new standardized chipset with networking, hardware-based virtualization and Active Management Technology. Still awake?
OK, let's cut through this. Basically it means the new desktop stuff is going to be faster, more secure and easier to manage. It also means that much of the management can be done before the operating system actually boots, which potentially provides enhanced protection for a variety of exposures, including the diabolical rootkits.
In addition, if a desktop is not behaving itself, for instance, if it has been turned into a Zombie machine, the admin can kick it off the network remotely. This means that you won't need a technician as often if you have a desktop machine.
There are three things to think about here. One is that this only applies to desktop computers and typically only low-level dweebs get desktop computers these days. If you have any stature at all you have a laptop. Doing something similar with laptops remains difficult until we can assure they can connect to wireless networks securely without booting the operating system. This is not a trivial task given that most external wireless networks are not secure.
The second thing to consider is AMD's response. This initiative is Intel-only right now, which means that the OEMs will have an AMD-based alternative out there shortly. Several may base their alternatives around Phoenix Technology's Trusted Core architecture, and it appears this comes very close to what vPro offers.
Finally, vPro and its AMD-based counterparts really won't provide their greatest benefits until Windows Vista -- or maybe Apple Leopard -- shows up next year. The combination is required for the greatest improvement, and is one, given the typical corporate sales cycle, most firms would choose to wait for. Still, vPro may be the best currently shipping product anticipating a Vista upgrade, and that does make it valuable for some this year
HP News
http://www.cbronline.com/article_news.asp?guid=CAD6B118-BFBF-4129-B0CB-814737DA8878
HP bundles management tools with all its PCs
6th September 2006
By Staff Writer
Hewlett-Packard Co announced it is freely bundling an enhanced version of its entry-level OpenView PC configuration management software with all its commercial desktops, laptops and workstations.
OpenView Client Configuration Manager 2.0 is as an entry-level PC management that is targeted at IT administrators at mid-sized firms and departments. The software helps administrators deploy and manage PCs, helping them to squeeze complexity and costs out of routine desktop PC management functions.
The software includes tools for inventory management, operating system deployment and migration, patch management, remote control and hardware configuration.
HP said the 2.0 version adds new management capabilities including for multi-vendor, Windows-based machines, alert monitoring, power management, software usage metering and support HP thin clients.
Integration with HP's ProtectTools software is also provided for remote initialization of Trusted Platform module chips.
HP also said that scalability has also been enhanced, allowing IT administrators to double the size of their managed PC deployments.
There is also a free add-on that supports Intel Corp's Active Management Technology, a remote management and diagnostics tool that is built into PCs running Intel's vPro technology. These capabilities can be surfaced directly in HP OpenView, even if the target PC is powered off.
To help drive down IT management costs, OpenView Configuration Management 2.0 also comes new pre-loaded software agents on all its desktop, laptop and workstation products. These agents reduce the time spent deploying software agents to target machines prior to management -- they take advantage of HP's free OpenView Client Configuration Manager Basic Edition to detect and manage HP hardware devices.
The pre-loaded software is available today. A separately licensed version of Open View Client Configuration Manager 2.0 is slated for general availability in October. The pricing for the Premium Edition is set at $75 per seat.
Update to Fixs website. Go to members area (top right) and August presentations are accessible. Regards, Foam
Upside - Whenever I see Cisco maneuvering to lock enterprises into their proprietary Intrustion Prevention System (thus the Meetinghouse acquisition? Are they trying to nip something in the bud or keep their options open? Probably both), I think of the following conference that sums up nicely the TCG initiative (Intrusion Prevention is a "moat approach"). My opinion is Cisco will try but will enventually concede and make its peace with the new security paradigm that preempts all manner (well almost all) of attack by hardening the edge, so to speak. Regards, Foam
http://www.3gsmworldcongress.com/page.cfm/action=Seminars/SeminarID=293
Agenda
Why the Traditional 'Moat Approach' To Security Fails & Why 'Trusted Platforms' Offer a Better Solution
Date/Time: 16 Feb 2006
14:30-14:45
Speaker: Janne Uusilehto
Chair, Mobile Phone Work Group
Trusted Computing Group & Head of Product Security Technologies, Nokia
TC conference sponsored by German Ministry of Economy and Technology.
https://www.is-its.org/index.php?option=com_content&task=view&id=70&lang=de
Interesting to see:
-SAP touting TPMs
-Deutsche Telecom on board
-Giesecke & Devrient plugging away.
(Also lots from HP and Microsoft)
Conference Agenda:
1. Konferenztag
09.00 Uhr Registrierung, Ausgabe der Konferenzunterlagen
09.30 Uhr Begrüßung und Eröffnung durch das BMWi
09.40 Uhr Trusted Computing in Europa
- Forschungsaspekte: Vertrauenswürdige Systeme auf Basis von Trusted Computing
- Status quo in Deutschland
- Herausforderungen durch die Umsetzung für Anwendungen
Prof. Dr. Ahmad-Reza Sadeghi, Horst Görtz Institut für IT-Sicherheit (HGI)
10.10 Uhr Trusted Computing
- Chance oder Risiko für die Behördenwelt?
- Trusted Computing im Aufgabenspektrum des BSI
- Aktivitäten und Programme im Bereich Trusted Computing
- Erwartungen des BSI an die Entwicklung von Trusted Computing
- Aspekte des Einsatzes von Trusted Computing in Behörden
Dr. Udo Helmbrecht, Präsident des BSI
10.40 Uhr Keynote durch Ingo Juraske, Vice-President Public Sector, Hewlett-Packard EMEA
Grundlagen zum Trusted Computing
11.20 Uhr Der neue TPM 1.2 Standard: Key Features und Aspekte zur Systemintegration
- Überlegungen bei der Integration eines TPM 1.2
- Compliance und Interoperability
- Marktentwicklung von Trusted Plattformen und deren Komponenten
Georg Rankl, Infineon, Vorsitzender der Compliance Work Group der TCG
12.00 Uhr Rechtliche Aspekte des Trusted Computing
- Remote Attestation, Sealed Storage, Wettbewerbspolitik
- Trusted Computing und Open Source Software
- Trusted Computing und das Urheberrecht
- Chancen und Risiken eines paternalistischen IT-Designs
Dr. jur. Stefan Bechtold, Max-Planck-Institut zur Erforschung von Gemeinschaftsgütern
Kosten und Nutzen
Vortrag in englischer Sprache
14.00 Uhr OpenTC: An Open Approach
- From Trusted to Trustworthy Computing
- Combining FOSS and TC Technology
- Technical Approach: Trusted Virtualization
- Protected Execution Environments
Dirk Kuhlmann, HP Laboratories Bristol
Vortrag in englischer Sprache
14.40 Uhr Deployment of Trusted Computing in Microsoft`s Products
Peter Biddle, Product Manager System Integrity, Microsoft
15.50 Uhr Trusted Computing und Datenschutz
- Die Datenschutzsicht bei TC-Szenarien
- Anforderungen an die Gestaltung und den Einsatz von TC
- Unterschiede Wirtschaft, Verwaltung und Endnutzer
- Stand der Diskussion in der Datenschutz-Community
Marit Hansen, Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
16.30 Uhr Podiumsdiskussion: Chancen und Risiken von Trusted Computing
Keynote durch Dr. Jaques Bus, INFOSOC der Europäischen Kommission (Vortrag in engl. Sprache), Leitung: Dr. Achim Leitner, Linux New Media AG
2. Konferenztag
9.30 Uhr Marktchance Trusted Computing
- Herausforderung auch für die Wirtschaftspolitik
- Industriepolitische Aspekte des Trusted Computing
- Chancen und Risiken für einzelne IKT-Bereiche
- Anforderungen an das Trusted Computing aus Sicht der Ordnungspolitik
Dr. Ulrich Sandl, Leiter des Referats für „Standardisierung und Urheberschutz in der ITK" des BMWi
Vortrag in englischer Sprache
10.00 Uhr The Future of Trusted Computing
- The state of trusted computing today
- What may be missing from the trusted computing toolbox
- The need for more research
David Grawrock, Intel (USA), DEG End to End Security Architect
Vortrag in englischer Sprache
11.00 Uhr Trusted Computing Activities in Japan
Member of Staff (IBM Tokyo Research Laboratory or METI)
11.40 Uhr Von innovativen Konzepten und existierenderInfrastruktur
- TPMs als Sicherheitstoken für Smart Card Systeme
- Anforderungen aus der Praxis
- Herausforderungen für die Hersteller
- Schrittweise Einführung von der Infrastruktur bis zur Applikation
- Bisherige Erfahrungen
Michael Hartmann, Corporate Security, SAP AG
12.20 Uhr Trusted Computing und Security
- Schwerpunkt für R&D im Telekommunikationsbereich
- Vertrauenswürdige Infrastrukturen mit flexiblen Securityankern
- SIM-basierte Authentifikationslösungen an IT-Systemen
- Netzzentrische Securitylösungen
- VoIP- und NGN-Security
Dr. Udo Bub, Vice President Innovation Development, Deutsche Telekom Laboratories
14.30 Uhr Trusted Computing bei der Kreditwirtschaft
- Gewinn durch Trusted Computing für die Kreditwirtschaft?
- Mögliche Anwendungsfelder
Dr. Waldemar Grudzien, Referent des Bundesverbandes Deutscher Banken e.V.
15.10 Uhr Interaktion TPM und Smart Cards
- Standardisierungs und Sicherheitsaspekte
- Sicherheitsaspekte SmartCards - TPMs (Level of Trust)
- Standardisierung Smart Cards für IAS Dienste
(Identifizierung , Authentisierung , Signatur) versus TPM
- Nutzung von TPMs als Sicherheitstoken für Smart Card Systeme
Dr. Gisela Meister und Dr. Florian Gawlas, Giesecke & Devrient GmbH
15.50 Uhr Sichere Produktentwicklung durch den Einsatz von Trusted Computing
- Digital Rights Management gewinnt an Bedeutung
- Wertsteigerung von Produkt- und Prozessdaten
- Rigide Schutzmechanismen widersprechen oft den Anforderungen der Globalisierung
- Skalierbare Sicherheitskonzepte sind erforderlich
- Bedarfssteigerung nach Know-How-Filtern und automatischem Security-Enforcement
- Zugriffskontrolle auf digitale Inhalte auf Basis von TC
Dr. Steven Vettermann, ProSTEP iViP e. V.
Re: Previous Post on TC in Cars
One of the event sponsors at the Berlin exhibition is Escrypt who has worked with STMicro on TPMs in automobiles.
See:
http://www.escrypt.com/escrypt_engl/NewsBilder/embeddedworld2006_de/3.html
http://www.escrypt.com/escrypt_engl/NewsBilder/embeddedworld2006_de/6.html
Seems trusted computing is beginning to span its wings quite wide.
TC in Cars (Nov. 2006 in Berlin)
http://www.escar.info/06/general.html
(See bolds below)
Information technology is the driving force behind innovations in the automotive industry, with perhaps 90% of all innovations in cars based on electronics and software. Up to 80 embedded processors can be found in a high-end car, and electronics and software will soon be the major single cost factor in car manufacturing. The situation is similar for commercial vehicles such as trucks. One crucial aspect of future IT applications in vehicles is the security of these systems. Whereas software safety is a relatively well established (if not necessarily well understood) field, the protection of automotive IT systems against manipulation has only very recently started to emerge. At the same time, security will be an enabling technology for many - perhaps for most - future automotive IT applications. IT security will both increase reliability and safety, and enable new business models. Now in its 4th year, escar has established itself as the premier forum for information, discussion and exchange of ideas in this innovative field. For the first time, there will be a tutorial covering the main topics of escar on the first day. As in previous years, the program will include invited talks and submitted papers in the following areas:
IT security for driver assistance, telematics, and new business models
IT security for other transport systems (rail, aerospace, etc.)
Security of vehicular communications
Identity theft, privacy and data protection issues in vehicular settings
Digital rights management and trusted computing in vehicles (e.g. for navigation, entertainment, ...)
Secure software downloads, and security for event data recorders (EDR) and tachographs
Car theft prevention through electronic means
Security issues in road pricing
Liberty Alliance and TCG in September 2006
http://www.sit.fraunhofer.de/_veranstaltungen/eprozesse/Programm_inhalt.php
http://www.projectliberty.org/about/events.php
Programm
Allgemeines - Programm - Anmeldung - zur Veranstaltung
9.00 Uhr Begrüßung und Einführung
Wolfgang Schneider, stellv. Institutsleiter, Fraunhofer-Institut SIT
Session 1 – Liberty Alliance
9.10 Uhr Liberty Technologie – Business Implikationen
Dr. Hellmuth Broda, European Chief Technology Officer, Sun Microsystems, Liberty Alliance
9.40 Uhr Liberty Technologie – Status Review (in english)
Fulup Ar Foll, Master Architect, Sun Microsystems, Liberty Alliance
10.10 - 10.20 Uhr Kaffeepause
Session 2 - Shibboleth
10.20 Uhr Aufbau der Authentifications- und Autorisations-Infrastruktur (AAI) im DFN
Ulrich Kähler, DFN-Verein
10.50 Uhr Integration von Informationsdiensten in einem föde rativen System
Hans-Adolf Ruppert, Leiter EDV-Dezernat, Universitätsbibliothek Freiburg
10.10 - 10.20 Uhr Kaffeepause
Session 3 - Identity Federation
11.30 Uhr Identity Federation
Detlef Eckert, Chief Security Advisor, Microsoft EMEA
12.00 Uhr Virtuelle Organisationen in Shibboleth und Geschäftsprozesse im Grid
Siegfried Makedanz, Alfred-Wegener-Institut
12.30 - 13.30 Uhr Mittagessen
Session 4 - Trusted Computing und Identity Management
13.30 Uhr Anwendungsszenarien für Trusted Identity
Dr. Andreas Schmidt, Fraunhofer-Institut SIT
14.00 Uhr Welche Rolle spielt die TCG für Identity Management?
Alexander Köhler, CEO, ICT Ltd.
14.30 - 14.45 Uhr Kaffeepause
Session 5 – Praxis
14.45 Uhr Web-Services Security
Thomas Obert, CSO, Microsoft Deutschland
15.15 Uhr Statusbericht Identity Management - wo liegen die Herausforderungen für die Zukunft?
Ein Bericht aus der Praxis
Robert Zehder, Bereichsleiter Product Infrastructure, Deutsche Telekom AG, T-Com
15.45 - 16.00 Uhr Kaffeepause
Session 6– Podiumsdiskussion
16.00 Uhr Zukunftsinvestition Identity Management –Nutzen und Probleme
Moderator: Dr. Hellmuth Broda, Sun Microsystems, Liberty Alliance
Teilnehmer: Andreas Kindt, Bereichsvorstand T-Com, Deutsche Telekom AG, Prof. Dr. Claudia Eckert, Institutsleiterin, Fraunhofer-Institut SIT, Detlef Eckert, Microsoft EMEA, Ulrich Kähler, DFN-Verein, Thomas Obert, CSO, Microsoft Deutschland, Alexander Köhler, CEO, ICT Ltd.
16.45 Uhr Schlußbemerkungen 16.45 Uhr
Prof. Dr. Helmut Reimer, Geschäftsführer TeleTrusT Deutschland
17.00 Uhr Ende der Veranstaltung
© 2006
Fraunhofer-Gesellschaft
Stolen laptops and the threat of lost information seem to be finally sinking in - nice find! Looks like the pace for TC is quickening. Regards, Foam
Snackman - Thanx and cheers to you for shouldering so much of the burden here and on the previous boards. The wild ride coming will have made it all worthwhile. Regards, Foam
Mobile TCG definitely gaining traction (CTIA Wireless)
Great news from yesterday's call and much better things on the way. Thanks to the constructive minds who have all contributed selflessly towards the understanding of everyone here. Regards, Foam
CTIA Wireless
September 12-14, 2006
The TCG will host a seminar session on Wednesday, September 13, 2006 , from 1pm -5pm, at the CTIA Wireless and Entertainment 2006 conference, at the Los Angeles Convention Center, Los Angeles, CA.
Attend the TCG Seminar Session, "Securing the Mobile Device: An Industry Perspective", to learn what the industry is doing to prevent the loss and theft of data and personal credentials. Experts from the leading phone manufacturers, including Nokia, as well as chip makers, service providers and industry organizations, will talk about a new way to build in security, based on open industry standards that are cost-efficient and effective. Get your questions answered about what devices and services can do to protect user data, carrier services, content and transactions.
Securing the Mobile Device: An Industry Perspective
1. Opening Remarks: Janne Uusilehto, Chairman of TCG Mobile Phone Work Group and Head of Nokia Product Security
2. "Mobilizing Security: An Industry Perspective": Iain Gillot, President, iGillott Research Inc.
3. "The TCG Mobile Device Security Specification": Lauri Tarkkala, representing Nokia and Vodafone, Mark Redman, Freescale Semiconductor Inc.
4. "Security Aspects When Mobilizing the Enterprise": Gary Singh, Sr. Director of Marketing, Aruba Networks
5. Panel Discussion- "Standardizing Mobile Security": Moderated by Iain Gillot, iGR Research, Liberty Alliance, Justin Taylor, Chief Strategist, Norvell, OMTP, Dr. Nicholas Allott, Chief Technology Officer 3GPP, Anand Palanigounder, Nortel, vice chair of 3GPP security work group