I don't have the time this morning to listen to this.

Preview Windows XP SP2:

http://zdnet.com.com/1606-2-5222071.html?tag=editpick

OT: AMD Launches New Athlon Chips

http://story.news.yahoo.com/news?tmpl=story&u=/nf/20040601/bs_nf/24305

Tue Jun 1, 4:10 PM ET Add Business - NewsFactor to My Yahoo!


Jay Wrolstad , www.newsfactor.com

AMD (NYSE: AMD - news) has launched four new 64-bit Athlon processors, delivering higher performance and increased security features to desktop PCs and boosting the company's position as a provider of next-generation chips.



The Athlon 64 3800+, 3700+ and 3500+ products -- touted as faster iterations of the Athlon 64 processors -- are joined by the Athlon FX-53, designed for the company's FX high-performance architecture. They take advantage of AMD's latest 939-pin package.


Virus Protection


The new chips support AMD's existing Athlon platform and will enable manufacturers to migrate to the 939 package that will serve as the base for unification among PC manufacturers, says John Morris, manager of desktop product marketing at AMD.


The new Athlon chips offer built-in enhanced virus protection with support for Microsoft's (Nasdaq: MSFT - news) forthcoming Service Pack 2 in Windows XP (news - web sites), Morris told NewsFactor. "It's an extra layer of protection for the 64-bit architecture," he said.


Other features include a speed boost to 2.2 GHz, and AMD's Cool'n'Quiet technology to reduce noise associated with PC operation, said Morris. Like other AMD64 processors, the new Athlons have the Direct Connect architecture, which uses a front-side bus to eliminate the bottlenecks inherent in older technologies.


The Future Is 64-Bit Computing


Among those who have given the nod to the 64-bit Athlon chips are HP (NYSE: HPQ - news), which will offer a Compaq X Gaming PC, including the technology later this summer.


The 64-bit architecture represents the wave of the future, Morris said, pointing out that Microsoft says its next-generation operating system will be based on the technology. "Most manufacturers are moving in this direction, because everyone is looking to re-invigorate the computing industry," he said.


The new AMD Athlon 64 FX-53 processor and AMD Athlon 64 processors 3800+, 3700+ and 3500+ are available now worldwide. The AMD Athlon 64 FX-53 processor is priced at US$799 in quantity. Models 3800+, 3700+ and 3500+ are priced at $720, $710 and $500, respectively.


AMD also announced a partnership with Broadcom (Nasdaq: BRCM - news) in which AMD will support Broadcom's development of server chipsets based on the Opteron 64-bit X86 architecture.

Foam...thanks for the DD! e/

zen 88

Fujitsu is another...like Toshiba though, not a major PC OEM.

Let's hope at least one of the majors goes with the NSM Super I/O...then Wave is onboard.

Let's also hope that Wave is pushing hard to bundle with BRCM as it appears the BRCM TPM-integrated ethernet chip is possible competition for the NSM chip.

Weby

Clearly, TPM platforms can harden conventional security software (off the shelf solutions) dramatically. It's taking some time to get the word out to IT managers though.

I believe Trusted Computing stands to multiply Verisign's digital certificate volume exponentially. PKI has never really taken off.

I am guessing that Verisign and Wave are not envisioning themselves as competitors in the digital certificate business.

Lark Allen response re: TPM interface to ISA Server 2004
----------------------------------------------------
May 27, 2004

To: Lark Allen/WAVE/US@WAVE_DOMAIN

Subject: MSFT ISA Server 2004

Lark,

The MSFT/HP announcement has TCG implications I
suppose, but as I understand it, the HP ProtectTools
suite referenced below is the broad product line and
does not specifically include it's client-side TPM
subset, HP ProtectTools Embedded Security.

My question is:

Does ISA Server 2004 support an interface with client
TPMs?

Steven mentioned the the recent CC that certain MSFT
server architectures support TPMs in the clients.

TIA



Lark Allen@WAVE_DOMAIN
05/27/2004 09:10 PM

Microsoft uses digital certificates as a standard approach for access
to VPNs,
and in their identity management applications. They use standard APIs
for
applications based on MS -CAPI (CryptoAPI). The testing we have done
with TPM
based platforms uses a Wave developed MS-CAPI interface that supports
TPMs for
the storage and authentication of certificates using the TPM. There's
nothing
I can see about the MS announcement that changes any of this so as far
as we can
see, the integration of TPM based clients with the MS ISA should still
be
straight forward. It allows enterprises to move from software based
security
in the client machines to hardware based security using TPMs. At the
same
time, the platforms themselves can be authenticated to determine that
they are
using hardware for security and that the platform itself is
trustworthy.

Thanks,
Lark

-------------------------------------------------
Technology leaders announce security solution built on
Microsoft ISA Server 2004 and unveil the HP
ProtectTools Suite for Microsoft products for
information security

At the Microsoft(R) Tech-Ed 2004 conference here, HP
(NYSE:HPQ) (Nasdaq:HPQ) and Microsoft Corporation
(Nasdaq:MSFT) today expanded their longstanding
relationship by announcing an agreement to market and
produce a hardware security solution built on
technology from the two companies. The HP ProLiant
DL320 Firewall/VPN/Cache Server running Microsoft
Internet Security &
Acceleration Server (ISA) 2004 addresses network and
perimeter security.

In addition, the companies announced the availability
of the HP ProtectTools Suite for Microsoft software,
which adds to the security functionality provided by
standard Microsoft products -- such as Microsoft
Exchange Server, Outlook(R) and Windows
Mobile(TM). HP's global security practice provides a
comprehensive range of information security services
that enable enterprise
customers to make faster, more confident business
decisions.

The Microsoft ISA Server 2004, part of the Windows
Server System(TM), is an advanced application layer
firewall, VPN and Web cache software solution that
enables customers to easily enhance existing IT
investments by improving network security and
performance. The HP ProLiant DL320 server running
Microsoft ISA Server 2004 is an integrated hardware
security solution designed
to help customers protect applications against new and
emerging threats. The HP ProLiant DL320 running
Microsoft ISA Server 2004 will be one of the first
security solutions running ISA Server 2004 that
delivers the flexibility of VPN, cache and firewall
capabilities.

"Businesses must remain securely operational in the
face of ever-increasing security threats -- this means
protecting highly sensitive business information,
privacy and business continuity," said Rick
Fricchione, vice president, enterprise Microsoft
services, HP. "Microsoft and HP are once again
collaborating to bring together the best people,
processes and technology to
help companies innovate, adapt and unleash new
business value and enhance enterprise-wide security."

HP ProLiant DL320 running Microsoft ISA Server 2004
provides customers with an easy-to-use and -manage
hardware security solution that can be quickly
deployed to help protect key business applications,
such as Microsoft Exchange Server, Outlook Web Access,
Internet Information Services and SharePoint(R)
Portal Server. In addition, ISA Server 2004
integration with Windows(R) Active Directory(R)
services enables administrators to use the solution to
apply group- and user-level policy and authentication
across a broad range of scenarios, including firewall
policy, VPN authentication and outbound Web proxy and
access control.

This ease of use makes the solution an ideal way to
improve the security of Windows Server(TM) 2003
networks. HP ProLiant DL320 running Microsoft ISA
Server 2004 also offers many options to add
third-party plug-ins, providing the opportunity to
further enhance network security and performance.

"Customers have told us that they need a broad range
of flexible solutions to help protect their
business-critical applications. Offering ISA Server
2004 through both software and hardware provides
customers with multiple options for addressing their
particular IT security requirements," said Mike Nash,
corporate vice president, Security Business and
Technology Unit, Microsoft.
"Today's announcement between Microsoft and HP
furthers our mutual commitment to make IT environments
more secure."

Pricing and availability

Expected to be available in the third quarter of 2004,
beginning at an estimated street price of $3,000,(1)
the HP ProLiant DL320 Firewall/VPN/Cache Server
running Microsoft ISA Server 2004 is expected to offer
one of the most affordable and full-featured security
solutions on the market.

More information about the HP ProLiant DL320 server is
available at
http://h18004.www1.hp.com/products/servers/proliantdl320/index.html
More information about Microsoft ISA Server 2004 is
available at
www.microsoft.com/isaserver/.

Close collaboration leads to innovation

For more than 20 years, HP and Microsoft have
collaborated on the research and development of
products and services that address the business needs
of customers. In addition to the new appliance, the
companies also are announcing the HP ProtectTools
Suite for Microsoft products, which helps address
customers' security requirements for e-mail, strong
user authentication, import and export of data from
multiple sources, terminal server access to
resources, and data security for mobile devices.

The suite includes:

-- HP ProtectTools Authentication Services: Mitigates
security
risks with strong user authentication systems.

-- HP ProtectTools Device Manager: Offers advanced
tools for
managing and auditing the import and export of data
from
multiple devices based on user privileges.

-- HP ProtectTools Role-based Access: Provides users
with
security enhanced terminal server access to diverse
role-based
facilities from a single desktop.

-- HP ProtectTools Email Release Manager: Provides
vital security
enhancements for Microsoft Exchange and Outlook
clients,
including facilities to electronically sign, encrypt
and audit
mail messages.

-- HP ProtectTools Windows Mobile: Toughens Windows
Mobile
security with features including password generation,
memory
erase, device locking and event logging.

In combination with the new products announced today,
HP offers a wide range of services to help enterprise
customers define security policies and procedures that
are automated and adaptable enough to provide
reliable, timely protection. Working together,
Microsoft and HP have jointly developed security
solutions that help address the needs of customers:

-- Security Patch Management -- a full lifecycle of
patch
management capabilities from initial assessment
through design
and implementation

-- Host Hardening -- identifies enterprise application
and
service vulnerabilities, assists in creating a
hardened
system, and works with customer staff to design and
develop a
security management process based on potential system
risks
and threats.

-- Secure Enterprise E-mail solutions with Microsoft
Exchange --
helps secure and harden enterprise e-mail with
solutions that
include inbound mail screening, outbound mail
certification,
authentication and data protection, and e-mail storage
and
retrieval.

Complete information about HP and Microsoft security
solutions is available online at
www.hp.com/go/security/microsoft.

h_b_g

From the CC:

But really today Microsoft’s Enterprise Server fully supports the trusted platform chips, the TPM chips, as part of the platform today. If you have an enterprise or a company that has deployed a Microsoft Windows advanced server, either Windows 2000 or 2003, all of the infrastructure to take advantage of the TPM chips in client machines exist within those servers today. And, we've built some of the software that connects those two parts together, the client machine to the server. It really is only software that’s primarily deployed on the client and very simple changes that are made to the server, but it enables any enterprise, and of course there are thousands of enterprises out there that have deployed the Microsoft infrastructure, to take advantage of Trusted Computing today.

Can you say for sure that the MSFT ISA Server 2004 is not client-side TPM-supportive? That is not only over my head, but even if I knew the technology I might lack the TCG-specific info re: if this server architecture could inteface with TPM-enabled clients, to make that call.

Doma

I would say an OEM "deploying" from Wave's perspective actually means bundling ETS. To me, deploying would be when the buyer buys the product...then that product deploys.

Toshiba (not a major PC OEM) probably uses NSM so Wave would already be bundled.

Hopefully somewhere among other OEMs SKS is referring to is a major PC like IBM, HP or Dell.

I really hope by a "couple of OEMs" he is not simply referring to upgrading the Intel and NSM bundlings to v3.1 ETS.

From the TCG Solutions Catalog:

https://www.trustedcomputinggroup.org/downloads/TCG_Solutions_Catalog.pdf

HP ProtectTools Embedded Security is definitely a subset of the HP ProtectTools suite, albeit IMO a very important one as TPMs are certainly gaining traction in the marketplace.

It's clear to me that yesterday's HP/MSFT announcement is not specifically TPMs (merely HP servers running MSFT security software for an "enhanced software solution") although as awk correctly points out HP ProtectTools has TCG overtones.


Copyright© 2003 Trusted Computing Group - Other names and brands are properties of their respective owners.
3
OEM Branded Solutions
Hewlett-Packard Company – http//www.hp.com/go/security
HP ProtectTools* Embedded Security is designed to the new Trusted Computing
Group standard; the HP ProtectTools Embedded Security solution integrates an
optional security chip enabling enhanced security for the enterprise. The solution
Includes software that allows the embedded security chip to be used with
many existing applications for features such as protected digital e-mail
signatures, digital certificate-based VPN and protected 802.1x network
authentication. The embedded security chip also provides enhanced local
file and folder encryption using the Microsoft* Encrypted File System*
(EFS) or the innovative Personal Secure Drive* feature.
HP ProtectTools Embedded Security has also been certified under the RSA*
Secured Partner program as being compatible with the RSA SecurID*
two-factor authentication solution. Using the embedded security chip
with RSA SecurID software token can be lower cost and less complex
implementation approach for many customers when compared with the
hardware security token alternative.
HP ProtectTools Embedded Security compliments an already broad range of
security technologies from HP including Smart Card readers, the HP
ProtectTools Smart Card Security Manager and host of standard security
features built into many HP business desktop and notebooks PCs.

LD

MSFT seeks to implement a secure OS (NGSCB) which requires v1.2 TPM. Until that OS becomes a reality, TPM platforms will run on current MSFT operating systems, PC and server.

MSFT is an operating systems provider and as a TCG founding member must basically be supportive of any TPM implementation that is designed to run on a MSFT OS (Windows).

So far MSFT security software has not used TPM's
Please correct me if I am wrong.

Windows OS accomodates TPMs. Hopefully MSFT does not become a Wave competitor by developing interoperable TPM software. IMO that won't happen near-term but could become a bigger issue with NGSCB.

LD

The way MSFT sets up internet security will be built to accomodate TPMs...that is for sure! The only thing that changes that is if TPMs flop which seems highly unlikely since they will basically be free.

I must say I have to side with hbg on this issue.

The HP/MSFT PR does not mention TPMs or the Embedded Security "division" of HP ProtectTools.

I am not sure why this matters as long as MSFT server OS supports TPMs and MSFT Windows on PCs support TPMs. After all MSFT is not a hardware company. MSFT may not ever have a lot to say about TPMs...do they have a choice but to support TPMs if PC OEMs decide to deploy them across their platforms?

hbg

I believe you are correct on this. The HP/MSFT PR yesterday was referencing the HP ProtectTools software suite and not specifically the ProtectTools Embedded Security, which you are correct is the TPM-enabled ProtectTools...the regular ProtectTools stuff is not TPM.

See here for the only two current HP ISV solutions (RSA and Wave) designed to work with ProtectTools Embedded Security-enabled PCs:

http://h18004.www1.hp.com/products/security/partners.html

I think the key right now with respect to MSFT and TCG is that the correct MSFT servers support TPMs per SKS's comments in the recent CC.

helpfulbac...very nice! Thanks. e/

Thanks awk! e/

Thanks hbg. e/

hbg

So, appaently you can put stuff onto a chipset that would not interfere with the CPU?

As you can tell I really don't know my stuff.

Thanks for the link.

so awk

The chipset and the CPU are one and the same?

I struggle here because I am actually not very computer-knowledgable.

greg s refers to the CPU and chipset as two different things...but apparently they are intertwined.

I understand your point about integrating the TPM on peripherals and about the LT and SEM secure execution environments and v1.2 (I already knew all of that but thanks) I just thought there was a difference between the chipset and the CPU itself.

Btw, I am more than happy to forget about putting the TPM on the chipset!...the subject truly is superflous to the immediate deployment of TPMs. I would love to know however what Intel has up their sleeve to reduce TPM cost...Super I/Os are an obvious choice.

TIA

Wildman

greg s was also alluding to the possibility that Intel would integrate a TPM into their chipset, much like NSM is doing with their Super I/O, itself already a chipset component.

I agree with you that whatever Intel can do to lower their cost of implementing a TPM, the faster the deployment.

I am really curious whether Intel will utilize NSM's Super I/O and if an Intel chipset with an NSM TPM Super I/O would have relevance to certain major PC OEMs that employ an Intel chipset. Actually I am on shaky ground with chipsets...if a platform uses an Intel CPU does that include the chipset as well?

One area that was lacking in the CC was Super I/Os and what might the timeline be. I think this may be critical to really accelerating TPM deployment. Certainly Infineon and Atmel are seeking to integrate their TPMs as well on Super I/Os but it's likely that NSM will be the first to market.

c m

I would guess that the first killer TC app for the consumer will be secure log-in. A log-in that not only is secure but would auto log the user into any place they choose to go, and further would allow them to purchase any product or service online without having to input the credit card info.

Regards,

R2

LD

Yes, SKS did mention that he expects a company like MSFT to develop some of their own TPM functionality but he surmised that it might be limited to MSFT functionality and not all platforms. Granted, Windows is a pretty ubiquitous platform but I can see his point...the overall market will require the type of anonymous interoperability that Wave as a TC infrastructure tools provider will offer.

greg s

I presume you realize that even if Intel is able to integrate their own TPM into their hardware architecture, "subsume" as you prefer to call it, that will not preclude Wave from providing the TC infrastructure tools to Intel end users. As I implied in a post to you yesterday, there is no reason to believe, no matter how Intel integrates the TPM, that they will not continue to promote Wave's basic TPM software features.

It's my opinion also that as the Wave trust server services revenue model engages that revenue from bundling of basic ETS functionality by OEMs will become less important to Wave. As SKS mentioned in the CC, Wave can already see pressure coming to lower bundling fees as volume increases. I could look to a point in the future where the cost of bundling Wave will become practically transparent to the OEMs.

Have to run...will respond later.e/

greg s

I see your point about Intel integrating a TPM on their own. You seem to have agreed that it would still however be a TCG-compliant TPM...that was my point.

I happen to think that no matter how Intel does their TPM, Wave will be onboard. I see no reason why Intel should abandon Wave.

greg s

...Intel's future plans for TPM functionality and implementation other that to state that I believe the functionality would become integrated (subsumed) into the Intel chipset or even the processor...

I am not sure how the TCG device of choice, a TPM, would get "subsumed", as you put it, and not be a TPM...TCG specifications require a "TPM", not some hybrid. Clearly, TPM integration into a Super I/O for example is one solution to saving cost, but it's still a TPM.

If you work for Intel, I am at a loss to understand why you can't sleuth more info. I know it's a huge company but still, there must be way for you to get answers.

I thought one of the more interesting points raised during the CC was TCG members themselves, including Wave, implementing TPM networks. Now that Wave's KTM is available it seems all the more logical that TPM networks will become a reality, although I suppose that ACM will be another Wave server-based application that will really tip the scales, making server-based TPM identity authentication possible enabling greater networkability.

We already knew in advance of the CC that Wave was talking with a couple of TCG companies re: their TPM networks...what could be a more logical choice than a gorillla like HP using KTM for example and the potential revenue for Wave? I have e-mailed TCG on this subject to see if there is an awareness that TCG companies themselves implementing TPMs could amount to setting a good example in the marketplace.

Also, I wonder how many more months (or weeks) until Wave enables their network with KTM?

P.S. I forget, is ACM waiting for TPM v1.2 or just final development from Wave?

TIA

An Intel thought...

Unless I missed, there was no Super I/O question asked during the CC. We already know actually that Wave can't comment on the deployment schedule specifically as Super I/Os are other companies' products.

Could it be that Intel is waiting for Super I/Os also?

If so, Super I/Os will cause a dramatic ramp up in their TPM motherboards.

TPM-integrated Super I/Os will be the huge volume driver!

I recommend the Brian Berger/John Callahan interview...costs a couple of digital tokens, but is well worth the price.

I guess somebody needs to explain again to greg s, as if it hasn't already been beaten into the ground ad nauseam, the shares on the shelf, and the fact that Wave can always do another shelf when and if they empty the current one.

awk

What ITPG? I know I should know...but!

It's cool (whoops bad word to use today) that ETS is fully used (including KTM) in the plan, but a shame that Wave is not linked at the bottom along with everybody else!

Today's CC...

Probably we get direct questions re: KTM

1. The timeline mentioned in the KTM PR:

Key Transfer Manager - expected to be shipping to select PC OEMs in the first half of 2004 - is designed to work with all Trusted Computing Group-compliant secure hardware Trusted Platform Modules.

http://www.wave.com/news/press_archive/04/040224_RSA.html

Did we ever determine if that meant bundling?

2. An idea as to the number of customers Wave has that are actually beta testing KTM and some description of them...large enterprises...small/medium? I hope he would be willing to release the exact number of firms that are actually using the product.

Weby

Wave is a SOFTWARE COMPANY. At best a firmware company.

I agree, except I would like to add to that, ENABLER.

Since Wave essentially pioneered the hardware/software concept that is finally enabling Trusted Computing, and has some fundamental IP that may be broadly licensed (that remains to be seen) and is such a fundamental player in establishing TCG protocols, I feel they have been earning the title of enabler. Exactly whether that translates into financial success for the company is in it's final stages of unfolding.

The hardware vision for Longhorn, Minasi predicted, will include two levels of computers. He said that the technology will be able to view items based on attributes and is, in reality, a relational database. Longhorn will also have "sealed storage" with all data encrypted, Minasi said. "Your hard disk is now the "vault" and only trusted apps can see the data."

IMO, this is LT and SEM architecture.

They may not ending up calling it NGSCB, but clearly MSFT intends to develop the secure Windows O/S. They have to do it!

Hadn't been thru the website for awhile...there are some changes:

The old whitepapers are no longer available. These are the only ones now available:

http://www.wave.com/alliances/whitepapers.html

There used to be an Embassy "TPM" whitepaper in addition to the eTMS (e-Transaction Management Suite). eTMS for Wave's purposes evolved into ETS (Embassy Trust Suite) for TPMs, but it's interesting that so little is now available relating to Embassy Trust System (E2100)...this is all I could find:

http://www.wave.com/products/trust_system.html

There used to be a pretty comprehensive explanation of Embassy including trustlets, the middleware, developer kits etc. This was btw, the "original ETS" (Embassy Trust System). Hopefully the Embassy hardware IP is still highly relevant however, even though little about it is posted on the website.

I am beginning to wonder if management has concluded in light of the really solid position the company has within the TCG and working relationships with many if not all of the most important TCG players, that there is really no point to giving away too much technical info on the website in consideration of future competitors. This is consistent with the explanation Wave gave me as to why the KTM link is for the PR and not a detailed technical explanation of the technology...John Callahan actually called me early one morning on that after my repeated inquiries.

Doma

I would guess IBM, due to the volume of the IBM deployment going forward and the collaboration with Wave on promoting the value of networked TPMs. Thing is though, Lark once told me that IBM does not generally bundle stuff. I assume by shipping KTM to OEMs you mean so that they would then bundle it with their PCs giving their users an opportunity to activate. I remember the KTM news release stated that KTM would be shipping to certain select OEMs by a certain time.

Weby

Great post!

On competition... remember that Airplanes were the thing that competed with railroads. Wave's competition will be in some better security standard than PKI. Could happen at any time, but TTT and Wave has a place in the new paradigm until a better one down the road that makes TPMs and current encryption paradigms obsolete.

Whatever better that comes along, I think that is way in the future. Hard to imagine any security scheme to improve on the software world that does not involve encryting keys in hardware, or otherwise using hardware!

And consider, any alternate paradigm to TCG would have to have industry-wide support in a hardware adoption initiative...that's been a huge stumbling block to Wave all along.

trustcousa

BRCM's gigabit ethernet controller TPM-intergrated product uses Infineon TPM software. HP's TPM products also employ some Infineon TPM software (HP currently uses Infineon TPMs).

Problem with Infineon TPM software is that it is not interoperable across all TPM platforms...only Infineon's. Wave's ETS portfolio is interoperable...works on all TPMs. This becomes very important when TPM platforms seek to network with eachother, or simply want to transfer keys and do backup across machines with different TPMs.

P.S. Doma re: Dell

Of course the ETS points are moot if NSM supplies Dell, because ETS would be bundled with NSM. The user would then have access to Wave and KTM. The task of winning over users to subscribe to KTM would remain.

Doma re: Dell shipping KTM

Of course if Dell shipped KTM with it's machines, that would include the free ETS stuff also (Document Manager etc.) that comes with the Intel mobo and NSM SafeKeeper. It would then be up to the user to subscribe to Wave to activate KTM.

Doma

I know little about Dell, but it's my understanding that they basically (or completely) do not develop their own software. In fact Michael Dell was recently asked about Dell's plan to become more of a software developer in a recent CNBC appearance...I don't recall his response.

You would think if Dell was smart about TPM adoption, like they have a reputation for being smart about most everything else they do, that they would bundle Wave since Wave has the best TPM solutions...that would be good for Dell's TPM users.