NSM to present on the Super I/O chip with embedded TPM at Taipei next week http://www.apacidf.com/twn/Conference/Sponsorinfo/sponsor_sessions.htm

Excuse me if already posted.
Svenm

Nelz, The way I see it, the technology is going forward with or without Wave. But we've got eleven patents on file, six applied for, and a whole lot of IT and IP that makes us a player (and driver) in the space. The strength of the patents and the execution by Wave will determine its success, IMO. MSFT became what it is despite having no OS, then an inferior one (according to 2BStealthy at least). But Gates, Ballmer and Allen sure knew how to execute. Hopefully SKS and LA know a little about that, too!
JMHO,
Svenm

Unclevername, Thanks for that fantastic job! How you do dat? Did SKS run the changes by you for editing (lol)?
Svenm

Nelz, You wrote I think the implication here is that IBM will be in a position to compete with Wave with TC utilities that can cross PC brands. Just one more thing for me to worry about? tell me I AM wrong - please.

I disagree with the implication you are making, that's all. Just because IBM has a cross-platform utilities software solution for the sepecific purposes mentioned in the article doesn't imply to me that IBM will necessarily be competing with Wave in regard to the trusted computing utilities Wave is angling for.

On the other hand, IBM is just one of many companies that are potential competitors of Wave in a number of arenas. If and when Wave begins earning serious revenue wouldn't you expect competitors to show up? IBM, in my opinion, is one of the companies I would expect to be providing key transfer management and attestation for its own networks and probably for clients as well. But we've expected that all along, haven't we? Fortunately for Wave this market should be very large and have room for a number of "trust providors", if you will.

But I didn't see this article having anything to do with that possibility. You did, evidently. No big deal.

Svenm

Nelzoni-You are wrong. This is just a software solution for hard-drive partitioning to maintain a "reserve library" of a computer's software to speed up recovery in the event that the computer crashes. Think of it as an on board recovery CD. I don't think it has anything to do with trusted computing and is not, IMHO, in any way competitive with Wave.
Svenm

Eamonn, I'd like to add my voice to the chorus! Thanks for your work on this site. It's very helpful.
Svenm

Rachelise, Sentivision announced a TPM-equipped STB about a month ago during the CES in Las Vegas. I can't remember who posted the original PR but I posted a reply from their CTO in which he confirmed they were coming out with that feature but declined to name who would be providing their attestation services.
Svenm

Matt,
On a previous board on RB managed by Snackman we didn't have nearly the amount of extraneous posts that we're facing here. KeV, CPA, Bluefang, etc. are beginning to be so overwhelming that it is bothersome to try to scroll past all of it. All of their crap is worthless so there is no reason for it to be posted. I'm sure that we'll move this board elsewhere if Ihub can't accomodate a private arrangement.
Svenm

Zen, The shorts are pretty organized here, I believe, and active. Did you notice on my second communication received from the Sentivision CTO that he referred to the Investor Boards? Someone obviously tipped him off immediately that that communication had been up on this board. I never gave him any knowledge of that. I learned a lesson there. It won't happen again.
Svenm

Awk/Doma-Thanks Awk. That url print gets pretty tiny! Here is a response from the Sentivision CTO re: key management. You think he was tipped off on this discussion (lol)?

> Dear Mr. Rychter,
> Thank you for your prompt response. I do have a couple of additional
> questions. Are the endorsement keys for the Atmel TPM loaded at the time of
> manufacture and if so, who is acting as the Trusted Third Party to record
> the public endorsement keys at that time?
Thank you,
Svenm
Dear Svenm,

As soon as we decide to release that information, we will be sure to
post it to the investor discussion boards, and of course inform you.

best regards,
--Jan Rychter
CTO, Sentivision K.K.

This www.law.berkeley.edu/institutes/bolt/drm/slides/bl_slides.pdf is a slide show presentation by Brian La Macchia, Microsoft Security Software Architect. The date is unknown but probably pre-TCG name change. It contains some interesting information on the role of attestation and slide #14 in particular outlines differences between NGSCB attestation and TCPA attestation which reminds me of a previous MSFT referral to Direct Anonymous Attestation, which appears to be generated by the end user computer as opposed to a Trusted Third Party. The question I have for the board is whether NGSCB platforms will require a TTP form of attestation in addition to DAA? Anybody have a handle on this?
Thanks,
Svenm

Doma/Ramsey2, I have an email in to Rychter but on further consideration my understanding of this process would be more like this: Atmel would load the EK's in at the time of manufacture. I don't believe it is necessary for these to be registered with a TTP at that time (correct me if I am wrong on this). When the end user makes a choice for a Privacy CA I believe they will be prompted on a PC. I am not sure how this will apply to a STB but I think it will be a similar process. On the other hand, I believe Rychter is referring to the "customers deploying the service" (his words)when he says they will choose a TTP. Then, Sentivision can write the software determining that prompt (or order as the case may be). For example: suppose Hotel Chain ABC orders 5,000 Sentivision STB's to be installed using Wave as the TTP to act as Privacy CA. They would instruct Sentivision to incorporate that command into their STB software for startup when the end user (Hotel Chain ABC) takes possession. It will be Wave's mission, I believe, to demonstrate that they are a cost-effective method of privacy certification as opposed to (in the case of enterprises) the customer providing the service himself.
All this is conjecture on my part, of course, but it makes sense to me at this time, especially in relation to what Rychter wrote.
Svenm

Doma, I'll ask the CTO and let you know if I get an answer.
Svenm

Doma, Did you notice the response from the Sentivision CTO on post 26495 that I sent you yesterday?
Svenm

Doma, Boy, those Poles are efficient! Here's an answer after about an hour from their CTO:
Dear Sirs,
> Can you tell me who the trusted third party will be that will be
> providing identity certification for your set top boxes as advertised
> as the recent CES in Las Vegas? Also, which technology will you be
> employing for your smart card readers in your set top boxes? Thank
> you, Svenm

Dear Svenm,

Thank you for the interest in our products.

The choice of the certification authority belongs to the customer
deploying the service. Some of them will want to use third-party
services and some will just want to run their own CA without external
certification.

As to smart card readers, we used to offer an integrated reader in the
past, but stopped doing that, because of changing customer
requirements. It turns out that not all clients wanted smartcard readers
to be there, the readers posed a problem especially for the more
cost-consious customers.

In the current STB architecture we have provided internal RS-232 and USB
ports especially for this purpose. This allows a choice of a reader with
RS-232 interface, a reader with USB interface, or a simple connector for
USB smartcards (which are appropriate in some applications).

Having done a lot of work with smartcards and readers in the past, we
advise our clients to choose the smartcards, and allow us to pick,
integrate and write software for the reader.

I hope this answers your questions -- please let me know if there's
anything more you'd like to know.

best regards,
--Jan Rychter
CTO, Sentivision

It looks to me like they're expecting to use a Privacy CA, and even if we're not named, we are certainly in the running! I think this is really great news because it underlines that the TPM technology is getting moved into the consumer space much earlier than I had anticipated!
Svenm

Doma, I agree on the need for attestation for the STB market as well. I'm not sure how Sentivision can guarantee recognition of altered hardware/software in the STB without an attestation mechanism. Either they are promising more than they can deliver or they have an attestation mechanism in mind. Certainly worth following.
Svenm

Doma, I don't pretend to be an expert in this area, but there are a couple of things that make me question whether Wave is part of this. First, the info doesn't actually refer to a Privacy Certification Authority, per se. It actually refers to various Certification authorities which could mean the various entities that vouch for the TPM, the STB as a trusted platform, etc. These roles would be played by the respective manufacturers in all likelihood, in this case Sentivision and Atmel, e.g.
Having said that, the text (e.g. when it refers to the ability to detect non-acceptable hardware and software for secure content purposes and hence refuse transmission of content)certainly implicates the existence of a Privacy CA. If it isn't Wave, who would it be? If it is Wave, why isn't management touting this now? I can't see any reason for stealth at this point and it doesn't make a lot of sense for there to be an NDA in place when the device is being demoed at the CES.
If it's not Wave and this works as advertised, I'd say we have trouble. But I'm certainly interested in hearing other, more informed, opinions.
Svenm

Doma, Wildman: You're both right. Having reread that whitepaper I agree that Schoen's arguments in favor of "owner override" (what Becker calls "lying") essentially is a repudiation of the whole point of trusted computing. The point is that not all computer owners can be trusted. Hence the need for trusted computers, regardless of their owners. On the other hand, Schoen's arguments that attestation, without some form of control, potentially can be an anti-competive tool may have some merit. I'm sure that some smart people will come up with a solution, but I suspect that until the solution is at hand attestation will be a controversial area.
Doma, would you mind clarifying for me the difference between Privacy CA attestation and direct autonymous attestation?
JMHO,
Svenm

Wildman, When you finish reading Schoen's EFF paper it would be interesting to hear your thoughts. The solution proposed here is different than the "lie" solution which never made any sense to me, either. At least here there is a real problem posed. I'm not sure that the solution presented would work, but the problem of possible software use coercion (for lack of a better term) will need to be solved, I believe.
Svenm

AWK, Thanks for the article by Seth Schoen on the pros and cons of trusted computing. Actually, it's one of the few articles I've seen with a nuanced approach, especially on the con side. The questions it raises with respect to the absolute importance of attestation and what it could mean for anti-competitive effects on software use were quite interesting, I found. At least he suggests a solution that is plausible, but I suspect that that argument is going to mushroom before it goes away. Personally I don't see an easy solution although I'm sure there must be a way to prevent legalized software coercion. It does provide a good argument for a trusted third party that is absolutely unbeholden to any other third parties, I would say. A confirmation why an HP or MSFT would not be able to be the TTP. The question is how to guarantee the neutrality of that TTP. Any thoughts?
By the way, did you ever get a chance to take a look at Intel's digital set top box diagram?
Svenm

Go-Kite, Rachelelise, No offensive, but I think you're both a little off-base on your replies to KeV. As I see it, the company's customers have not been the retail customers who may have used (or use in the future) services such as I Shop Here, Charity Wave and so on. I don't think the major goal with those endeavors have been to generate revenue, but rather to demonstrate trusted ecommerce. The "customers" have been the management of the OEM's, the chip industry, the content providers, etc. In that respect the Wave "sales force" has been incredibly successful. These services and products including the E2100 have been absolutely necessary models in order to sway entire industries to the hardware security model. And given the existence and direction of the TCG I would say that Wave management has been eminently successful, even if there have been practically no revenues thus far to show for it. Playing a pivotal role in influencing an entire industry sector to make a major change is not a definition of failure in my book. Now, to translate that into meaningful revenue is the hurdle we'd all like to see overcome this year.
JMHO,
Svenm

Ramsey, Did you get a chance to have any discussions with Lark Allen re: any of the news coming out of the CES that may have been Wave related?
Svenm

Go-Kite, The conditional access system is specifically managed by a smart card arrangement for cable, per slide #'s 7 and 8 in the presentation. That would make sense for an Embassy-like application. Presumably the same would hold true for satellite.
Svenm

Weby,Very nice post! Especially for a guy just coming out of convalescence! That kind of clarity of thought must indicate that you're healing well! Congratulations and we're all happy for you. Nevertheless, I'm afraid the questions you're asking can't be answered right now and that explains a lot of apparent frustration. The answers to those questions are being kept in virtual vaults and none of us have access to the endorsement keys necessary to unlock them! I'm afraid we may be stuck with circumstantial evidence and insinuations until those keys are made public one-by-one!
Svenm

AWK, Happy Reading! I think it will be worth your while. I hope you do find something in there that would indicate that that E2100 or E2100-like firmware is a part of their solution. Look carefully at the White Paper section on authentication. That may be it although I'm concerned it may just be referring to a similar situation as the Direct Anonymous Attestation that MSFT alluded to in a PR about a month or so ago. I'm looking forward to your response. In any event, Otellini indicated that in February the world will get to see what they're proposing, so perhaps we'll get a peek then (IDF?).
The best,
Svenm

Awk (or other technologically interested and inclined), You may have seen the presentation, Protecting Premium Content on Media Centers: Resources and Recommendations http://www.intel.com/idf/us/fall2003/presentations/index.htm from the Fall IDF. It contains a reference to a White Paper (Content Protection in the Digital Home from the Intel Technology Journal in November, 2002. The url to that White Paper is: www.intel.com/technology/itj/2002/volume06issue04/art05_protection/vol6iss4_art05.pdf
(sorry but that url doesn't cut and paste)

It's about 10 pages of reading and it basically provides a diagram of the protection mechanisms that Intel is planning for the STB that Paul Otellini referred to in his keynote speech at the CES. I've read through it several times and have not been able to figure out where Wave technology fits into this, unfortunately. There are references to conditional access systems involving authentication, which I suppose could rest upon Wave's role as a Privacy CA providing key management and there is an exchange of keys involving a third party (?)in order to provide authentication, but it is by no means clear to me that this is the equivalent of attestation by a trusted third party.
However, it clearly diagrams a Celeron 133 mgHz processor acting as the STB CPU, and does reference a Media Co-Processor (not further defined). Unless the Media Co-Processor was supposed to be an E 2100 lookalike I don't think you are correct in assuming that STB's will incorporate E 2100 technology. Certainly I may be incorrect (and hope I am) with that statement. Do you care to take a look and give me your opinion?
Thanks,
Svenm

Awk, Agreed. Thanks for the clarification!
Svenm

Bdooley, It looks to me as if WebSphere, the Project Hudson group, and the Sony/Phillips consortium are all assembling their own digital content transmission systems in order to compete with MSFT's NGSCB and prevent it from having too much control over digital media. Thank Steve Jobs for demonstrating a viable business model. This looks like a good development from a Wavoid's perspective, and perhaps Barge is right. EMBASSY interoperability technology may come into its own quicker than I, at least, had hoped for.
Svenm

Guv, Sorry, it was there a little while ago. It was taken off the Intel Developer Forum site from September '03. If you check out that site you'll find several slide presentations on Digital Content Media security. Gotta' run.
Svenm

This presentation (http://www.intel.com/idf/us/fall2003/presentations/F03USDGHS84_OS.pdf) concerns the digital transmission content protection initiative by the 4C that Otellini of Intel referred to in his speech yesterday. One of the slides (sorry, not sure which and on my present dial-up from the depths of the Sierra Nevada forests it takes too long to look it up)diagrams the digital set top box and outlines the security processes involved in securing content. I can't find a referral to TPM's in the diagram and am not sure what, if any role, they would be playing in this content delivery system. On the other hand, a "media co-processor" (not of Intel manufacture)is in the diagram and perhaps that contains TPM type security. Any comments?
Svenm

Doma, Thanks for the link to that very powerful demo! I hadn't seen that before but that confirms to me what the near and intermediate term mission is for Wave. The demo certainly shows Wave acting as the Privacy CA and the Arbitrust Server providing those services. You wrote earlier that you weren't sure that
Wave intended to be the Privacy CA. Are you still ambivalent on that score?
Svenm

Doma, I may be naive but my assumption was that Wave was currently providing those services for Infineon TPM's, or at least would be in the near future. That said I have never seen direct confirmation of that. The fact that ETS is bundled with the Intel mobo doesn't, of course, ensure Wave's role as the proposed Privacy CA and that piece of information, as you indicate is MIA at present. Perhaps someone else (Awk?) can provide some info here?
Thanks for providing the employment info, though!
Svenm

Doma,
I believe Wave is aiming to be the Privacy CA for as many trusted computers as possible. I hope they need a lot of software engineers to accomplish the large volume of programming that that will likely entail. Do you think that Infineon will have one Privacy CA for all their TPM's? I don't. However, I hope that in as many PC's and other platforms as possible, when the end user turns on their computer/other platform and wishes to create an identity that there are instructions to click on to the Wave TAN or its licensed TAN to provide that Privacy Certification.
What are your thoughts?
Svenm

Wildman, Clearly ITunes success seems to have driven the consumer market forward for the legitimate sale of quality content so that competitors are launching products of their own. If this results in an acceleration of TPM deployment into the consumer space one would have to assume that Wave will benefit immensely as there still are no utility service competitors in sight!
Svenm

Interesting slide presentation (http://www.intel.com/idf/us/fall2003/presentations/F03USDGHS86_OS.pdf) on DTCP/IP (referred to today by Otellini at CES) at the IDF 9/03. As noted in this slide presentation DTCP/IP (Digital Transmission Content Protection/Internet Protocol) is available now in version 0.9 with 1.0 coming soon. This would seem to me to indicate that at least Intel, Toshiba, Matshushita (Panasonic), and Nokia are anticipating a quicker rollout of TPM's (assuming-granted, a big assumption-that DTCP will be based on TPM technology) to the consumer market than I, at least, had previously counted upon.
Svenm

Ramsey2, Thanks for the generous offer and I have a request if you have the time and inclination. I find the Project Hudson development very interesting. Although a longshot, if Wave's technology is involved our consumer killer app would be a done deal, IMO. Can you check with the principles (INTL, NOK, SSG, TOS, MC and Lark Allen) and see if Wave IP is involved here?
Thanks,
Svenm

Go-Kite,
Thanks.eom
Svenm

Billy the Kid,
Do you think you might be able to take a picture of that box with the Wave label and post it for all to see?
Svenm

Barge, I'm presently stuck on a dialup connection so I'll try to make this short and sweet. First, I do think we have a difference of opinion here. I think that GKS's post #24710 is a very good description of the primary revenue model that Wave is presently trying to capitalize on. With serious deployment it will prove to be very lucrative, in my opinion. I can't explain why Wave appears to be "given" this space, but I have to assume that SKS has swapped something to some very important players in order to have this first-mover advantage. When he states that Wave has dozens of NDA's I believe that some of these involve deals that assures Wave of this place at the table for the foreseeable future. If Wave executes well I'm not sure how easy it will be for other companies, regardless of their size, to move into that space. If that were the case we may never know what that leverage was. I only know that today SKS puts great emphasis on that area.
Having said that, I don't think that is a case of "either attestation or the use of the EMBASSY platform." I just think that the attestation role is far more visible and tangible for the time being. We don't know what amount (if any) of Wave IP will be used in either LeGrande or NGSCB technology. If it will be used it is obviously with the consent of Wave and presumably Wave will receive something in return. That may be support of Wave as the main Privacy Certifying Authority or it may be some other roles as well. I suppose that all depends on the strength of Wave's IP and its management's ability to leverage that strength. Presently I just don't think we have that information and therefore I discount those other business models until they become more apparent, which hopefully they will in the not-too-distant-future.
All JMHO,
Svenm

Barge, I'm presently stuck on a dialup connection so I'll try to make this short and sweet. First, I do think we have a difference of opinion here. I think that GKS's post #24710 is a very good description of the primary revenue model that Wave is presently trying to capitalize on. With serious deployment it will prove to be very lucrative, in my opinion. I can't explain why Wave appears to be "given" this space, but I have to assume that SKS has swapped something to some very important players in order to have this first-mover advantage. When he states that Wave has dozens of NDA's I believe that some of these involve deals that assures Wave of this place at the table for the foreseeable future. If Wave executes well I'm not sure how easy it will be for other companies, regardless of their size, to move into that space. If that were the case we may never know what that leverage was. I only know that today SKS puts great emphasis on that area.
Having said that, I don't think that is a case of "either attestation or the use of the EMBASSY platform." I just think that the attestation role is far more visible and tangible for the time being. We don't know what amount (if any) of Wave IP will be used in either LeGrande or NGSCB technology. If it will be used it is obviously with the consent of Wave and presumably Wave will receive something in return. That may be support of Wave as the main Privacy Certifying Authority or it may be some other roles as well. I suppose that all depends on the strength of Wave's IP and its management's ability to leverage that strength. Presently I just don't think we have that information and therefore I discount those other business models until they become more apparent, which hopefully they will in the not-too-distant-future.
All JMHO,
Svenm