Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Whitewash,
Thanks for the reply and I understand you're not speaking for Barge. I think we're on the same wavelength here and certainly applet development may and hopefully will be an additional important source of revenue. As will software services a la SOL, for that matter. I'm not so sure that attestation will easily be taken away from Wave as a dominant provider if the TPM rollout is anywhere near as quick as people like Grawrock (he is the chair of the technology committe of the TCG and the chief security architect for Intel) project. We don't know what deals SKS has made with the gorillas to give Wave an advantage in that arena but its present positioning encourages me to think that they are in place and may discourage serious competition for some time to come. I'm hoping that there is much more under the surface than many optimistic Wavoids even imagine.
JMHO,
Svenm
Barge,
OK, I'll rise to the bait. I don't understand what it is you're trying to say with your incessant posts about interoperability vs. go-kite's revenue models. I suggest you carefully reread his very clear and to the point post # 24493. Having done that, I would like to know what it is you don't agree with in that post. Specifically, I would like to know how you expect EMBASSY firmware to generate revenues in other forms than that that GKS references in that very succinct and clear post. I personally (FWIW) think that EMBASSY firmware is very much a part of a strategic Wave goal, but I'm not sure it will generate a majority of the revenues Wave may enjoy. Lark Allen has repeatedly defined a major part of the Wave mission as the "care and feeding of trusted computing". I believe he is referring, among other things, to Wave's role as the Privacy Certifying Authority (i.e. providing Utility Services) when he says this. What we don't know is how NDA's and applied-for patents may protect Wave's position in this role. If there is considerable protection, and if Wave is able to perform satisfactorily, and if people like David Grawrock who predict 200 million TPM units deployed by the end of 2005 are correct, the revenues from utility services alone would make Wave a 10 billion $ company. One thing is certain, trusted computing is not a stationary target. There will be many changes and a bet on Wave must be a bet on management's ability to respond to and take advantage of these changes. I don't believe anything is preordained in this drama.
JMHO,
Svenm
Go Kite, Thanks for the info on Toshiba. I had heard (and posted) earlier that Toshiba had an agreement to use NSM's chips. It was heartening to see this validation. My source (informally from a Wave employee) indicated that there were actually two Japanese OEM's that had signed agreements. Besides Toshiba I believe the other was Hitachi, though I am not 100% sure. Might your NSM contact be able to provide any info on another agreement?
Svenm
Barge,
Did Murdoch purchase Nagravision from Kudelski? Last I heard it was owned by the Kudelski group.
Svenm
Kitesurf-Excellent post and summary of what we know to date. It took real talent to take all those separate bits of knowledge and clarify what the Wave business plan is really beginning to look like! Thanks!
Svenm
Yaya, That's a very busy hotel. You'll need a reservation for sure! (Sorry Snacks, couldn't pass on that.)
Svenm
Kevin5/Ramsey: Thanks Kevin for the confirmation. The reason I questioned it was because I came across a presentation by Nancy Sumrall at from the Fall IDF in which there was a list of TCG working committees. There is a technology committee headed by a well-known figure from HP, I believe (I'm blanking on the name) and Grawrock heads the TPM committee. The infrastructure committee was not mentioned and concerned me a little. That was why I brought it up.
Svenm
Ramsey2, Nice answer to a difficult question. One question: I've often seen the Chairmanship of the TCG Infrastructure Committee as being held by a Wave rep but I don't recall having seen any documentation of it. I have seen a list of TCG committees that did not include an infrastructure committee and none of the Chairs were from Wave. Do you (or anybody else) have any hard evidence of that chairmanship or is this something that is just a rumor?
Thanks,
Svenm
Barge, The discussion Ramsey and I had was strictly in reference to a slide presentation by Brian Berger that I assume you didn't look at. It contained 37 slides, of which 2 referenced very obliquely, NGSCB (slides # 4 and 11). Neither of those slides made any reference to the NGSCB OS. Most of the slides had to do with the Embassy Trust Suite and were a demo of what a brand new user could expect to be doing in regard to identity, AIK's, and then the use of Smart Safe, Smart Signature, etc.
By not including the NGSCB OS as part of that discussion, the answer to your question is "No, you can't assume that I don't think that Wave IP is a part of the NGSCB OS."
Svenm
Barge, I'll let Ramsey speak for himself (see mess. # 21662). I couched my reply to Ramsey with the word "hope" as I thought he probably was referring to the "attestation space" which I referred to as part of the Brian Berger slide presentation to which Ramsey replied. There have been a lot of referrals over the months re: SKS's now famous (in Wavoid circles, at least) quote "we own the space", which, if my memory serves me correctly, was the FINREAD space. I have not seem him reference any other "space" in such a fashion but I do hope that Wave owns the "attestation" space (which I think will be worth a heck of a lot more than the FINREAD space, which may get pretty small in the face of the recent Casse de Epargne/Master Card (sp?) announcement regarding TPM technology).
Svenm
Ramsey2, Let's hope that Wave owns that space. I enjoyed those demos as well. I found that pdf just by "google fishing," so I don't imagine it is very confidential information at this point.
Svenm
This may have been posted before. I just don't recall seeing it previously but it is an interesting slide presentation by Brian Berger on the practical nuts and bolts of ETS--how it will look and act on a computer screen. Including the process of acquiring the attestation identity key. If you haven't seen it it's at: www.krowne.de/silicon_trust/presentations/WAVE.pdf
My apologies if it's already been posted .
Svenm
Ramsey2, I think we are both reading this the same way. and if it is in fact Wave's role to be providing the attestation service to the NGSCB system it is a very exciting development--even if we have all hoped for this development for a long time. Re: your question about TPM (SSC)programability in the future I'm not sure. My understanding is that TPM's, as they are now configured, were developed to be as simple (cheap) as possible so that they could be deployed en masse without significant cost, thereby allowing trusted computing to proceed albeit without extensive benefit to the users. This meant, of course, that they were not to be programmable. Once there is a critical mass of TPM's deployed and simple applications (sealed storage, password management, digital signatures) are seen to be beneficial, my understanding is that a programmable (more expensive) solution will become desirable and seen to have value enough to warrant its inclusion in the hardware. If that means a more programmable TPM or "nexus" or something else I'm not sure. Perhaps someone else (AWK, Wildman? e.g.) can shed more light on the expected development in that sphere.
Svenm
AWK, Thanks for the msft article on NGSCB. Very interesting. One of my favorite parts was the following:
Cryptographic Attestation
Attestation is the process by which a piece of code digitally signs and attests to a piece of data, helping to confirm to the recipient that the data was constructed by a cryptographically identifiable software stack. When used in conjunction with a certification and licensing infrastructure, this mechanism allows the user to reveal selected characteristics of the operating environment to external requestors and to prove to remote service providers that the hardware and software stack is legitimate. By authenticating themselves to remote entities, trusted applications can create, verify, and maintain a security perimeter that does not require trusted administrators or authorities. Attestation provides a stronger security foundation for many tasks that could potentially pose security risks.
Clearly NGSCB is going to be using a Privacy CA. I've looked at Wave's patents and haven't seen anything that jumped out at me and showed that Wave has proprietary IP as a Privacy CA. Yet at this time they are running unopposed as providing this service. Am I missing something? Do you know of any patented IP that strengthens Wave's hold on this space or it purely a first mover advantage at this time?
TIA,
Svenm
Nice job, AWK! Glad to see that Things Are Good again.
Svenm
Unclever,
Here's a response I received yesterday from SKS in reply to a query about the cashflow breakeven point: Steven Sprague@WAVE_DOMAIN
11/21/2003 09:57 PM
I have responded to a bunch of these EMails I was stating the obvious what would
your opinion be if we did 10 million in revenue in a quarter but spent 11 to
drive the potential of 50 million in 2 quarters good Idea or bad.
All I was stating was what every company knows and does and every investor knows
and does. I am really supprised that this has been so badly twisted.
We are after all the first mover in a market that has taken 150 million to bring
into existence, and a market that has the potential to touch every PC.
steven
I thought you might find it interesting. Maybe Rachelelise is right. Maybe she reminded him that a penny below "breakeven" is not cash flow positive and he just wanted to remind everybody of that. The important thing in his answer, I believe, is his insistence on the revenues. Hopefully those #'s are based on firm estimates that he is, in turn, being given.
Svenm
24601 & Rachelelise,
We had a short discussion re: revenues and price predictions a few weeks ago. At the time there was some confusion concerning recurring vs. one-time revenues in the models you were proposing. I proposed that there was a recurring model available based on ongoing services that may not have been taken into account in your models which I otherwise find quite interesting. Reviewing the CC I'm sure you both noted the following, but I'll repost it here nevertheless. You may wish to eventually rework your models with this info from SKS: "The understanding of what ultimately the business model will be on that, how that business model that we've articulated to them ultimately gets adopted and how it is scaled, I think we'll begin to have better picture on over the course of the next four to six months. And ultimately that drives a much larger scale of revenue. We make $.50 or a dollar per platform for bundled software, we believe we can make 20 or $30 a year off of the services relationship with an end user desktop. So obviously, what percentage of the market takes and needs those kinds services, how we protect that kind of economic and revenue stream, is going to be very important to the company. One of our next major goals is to really establish that less as theory and more as fact. And I think we're well on the path to do that. And we're going to do that hand-in-hand with our major customers who are helping us take and promote these products to market."
Say, $20-30/year in the enterprise arena and who knows what eventually for the consumer and the figures change dramatically. The advantage of the cumulative effect of deployment on revenue would be quite remarkable, indeed!
Svenm
Unclevername, I just finished reading the CC transcript and for an audio-challenged individual like myself what a terrific, unselfish service it is to have you publish these transcripts!
Thanks a bunch,
Svenm
Doma,
You write: "Unless Verisign has developed & put in place an
Attestation server at Infineon's TPM manufacturing
plant,it's Wave's.....that is Wave is the Trusted
Third Party recording the public endorsement keys
of the TPM's". Could you please reference where you read about the attestation server at Infineon's TPM manufacturing plant? I must have missed that one.
My understanding: 1)was that the platform would be shipped with the endorsement keys in place; 2)Upon taking possession the new owner would initiate the process of creating an identity. This would involve sending the endorsement certificate to the Privacy CA, the trusted third party that would then create (after having been satisfied by numerous certificates involving that platform) the identity and manage it in the future.
I only belabor this point because I would expect the customer to have some choice in who the Privacy CA was. If the manufacturer is recording the public endorsement keys with Wave, I'm not sure it gives the customer much choice as to who their Privacy CA is. This may be a moot point when noone else has the technology to be the Privacy CA, but in the future I would not expect that to be the case.
Svenm
Kitesurf,
Good question and I have to pass to Doma on that one since I only picked that up from his post #17454.
Svenm
AWK, That was as clean a post as I've seen in a long time. If you're right (and I, for one, think the evidence points overwhelmingly in that direction), things are definitely good!
Svenm
Ramsey, Doma: The question of who these "service providers" is has been puzzling to me as well. SKS refers to space for a dozen "service providers" and England's article refers to the need for a third party identifier providing attestation. I think Steven may be referring to the category of "service providers" which include a whole slew of agents that coordinate all the digital certificates necessary for trusted computing. That would include the endorsement certificate, various validation certificates (which vouch for one or more parts of the platform certifying the values of integrity measurements of these parts, conformance certificates ("attestation" that a TPM design in a class of platform meets TCG spec's), platform entity certificates, and probably other certificates that have yet to be revealed or developed. All these certificates would have to delivered to the Privacy-CA which would provide the identity and corresponding certificates for the Trusted Platform. My understanding is that Wave is aiming for this last area (Privacy CA) as its "bread and butter" business in the world of TPM trusted computing. I doubt that SKS expects or wants a dozen competitors in this space. The news that Infineon is providing the endorsement key to Wave at the time of manufacture would be an indication that at least Infineon (and hopefully the entire TCG) is expecting to rely primarily on one Privacy CA (Wave). This is all still a little murky to me and MSFT is obviously trying to make this even murkier by their indiscriminate use of the term "remote and local attestation" for example. I think it will be very important to keep one's eye on the ball here in order to be clear on what Wave is actually trying to accomplish in the world of TPM trusted computing. Interoperable, field-programmable trusted computing will be a another story, clearly!
JMHO,
Svenm
Ramsey,
By reading the PR only the ClearTrust status vis a vis TCG spec's is a guessing game, I suppose. I don't think it is valid, however, to assume that unless a software product is displayed in the TCG catalog it shouldn't be considered as "TCG compatible." I used the example of RSA cryptography technology in my previous post to support that point. It's not a big deal, but I tend to look at the TCG catalog as more of a display of products that have been developed specifically for Trusted Platform use, while in fact I think that many products that have been used in other scenarios will be adapted and adopted for use with Trusted Platforms. Those products may not necessarily be seen in the TCG catalog, I would think.
JMHO,
Svenm
Ramsey,
I agree that Cleartrust software does not seem to be a competitor to Wave's technology. I'm not sure what you mean by TCG software. Do you think that there is an exclusive on TCG software as presented in the TCG catalog? I don't think so but I don't claim expertise, either. My understanding, however, is thgat RSA provides asymmetric key generation and asymmetric encryption/decryption capabilities for a TPM. Isn't that "TPM software" in some basic sense? I think the important point here is that whatever Cleartrust software actually is, it doesn't seem to be a new competitor to Wave's positioning as attestation and key migration enabler for TPM's.
Svenm
Zoomer, Wave lists RSA as a member of Wave's Trust Alliance on their corporation website. They reference various forms of RSA initiatives including Clear Trust. I would assume that Wave management does not currently consider RSA a "wolf at the door", since they themselves have already opened the door and allowed the wolf in without it even being disguised as grandma! The only "news" here seems to be RSA's agreement with MSFT, using their existing technology.
Svenm
Dreamer,
I suggest you get a copy of HP's "Trusted Computing Platforms", edited by Siani Pearson of their Trusted e-Services Lab. It is basically an executive summary of TPM technology written for people in your very situation. As far as benefits are concerned they are broken down into short, intermediate and long term:
1) Short term benefits are primarily "Protected Storage" Functions which will protect the confidentiality of data on hard disks in a way that is fundamentally more secure than pure software solutions.
2) Intermediate benefits will "probably involve the measurement of integrity metrics relating to the software environment on the platform (the PC, for example), for use by the platform. "Customers will then be able to protect their sensitive dta against hacker scripts by automatically preventing access to data if unauthorized programs are executed."
3) Long-term benefits involve the reporting of integrity metrics relating to the software environment on the platform, for use by third parties. This requires additional PKI support, whether restricted to a corporation or extended across organizational boundaries. This allows a remote party to verify the software environment in a TCPA platform before sending data to that platform. This increased confidence in the software state promotes higher levels of trust when interacting with that party.
"Trusted Platforms can help create better consumer confidence in several ways, including the following:
*Enhanced security using hardware
*Feedback about trust to the user
*A technological foundation for privacy
*Trustworthy digital signature"
All of this is pretty much verbatim from HP's TCP book. Basically, it is laying the groundwork for the development of trust in a computing platform which will become more and more nuanced over time. But even the immediate benefits for a large corporation as you describe will be far greater than PGP.
Svenm
Wildman,
Thanks for the info. Of course, if we go back to Rachelelise and 24601's valuation equations that could mean a lower activation rate than what I had suggested, but on the other hand a faster rate of deployment. I like either of those two scenarios!
Svenm
Ramsey2,
Thanks for the input and the answers to those three questions are crucial, I think. Maybe you can help me here: What service does Verisign provide that Wave would not be able to do as Privacy CA? I believe Verisign is in the digital certificate business. Would they provide some sort of repository/issuing of the myriad of digital certificates that will need to be issued during the identity creation (and possibly attestation as well) process?
Thanks,
Svenm
Rachelise,
I found your and John's share formulas to be interesting, but perhaps a bit too conservative. I don't think it is too optimistic to expect a 50% (at least) activation rate in the enterprise sphere at this time. I say this based upon the information that Ramsey has contributed with his newly published brochures (thanks Unclever as well!).
I'm not sure if everyone understands the implications of the information found in those brochures, although it has been apparent for quite a while: In the near term Wave is the only Privacy CA available which means that all identity attestation and key transfer management for any client with a TPM must be done by Wave! As I understand it (and someone please correct me if I am wrong) these are the most basic of the necessary services to perform trusted computing. There is no point in paying an extra $5 for a Trusted Platform unless one desires that function. I don't think it is unreasonable, given that circumstance, to assume a higher activation rate in the near term. Of course, when this information becomes more widely kown, one could begin to question the assumption of a PE of 20 as well...Remember that 50M share traded day based upon one piece of news with Intel?
JMHO,
Svenm
24601,
Good question, and I am certainly not qualified to answer it. I have been assuming a subscription cost on the basis that Wave will be providing an ongoing service (Identity, Attestation and Key Management) and will seek to receive compensation as long as they have those responsibilities. But, you are right, that is not a given. Perhaps someone else knows?
Svenm
Ramsey2 and others,
Outstanding work! The fog is beginning to lift on how this will be playing out for Wave, I would say. Or, as RandomOne used to write (before turning Toto into Howard Dean), Toto is beginning to pull back the curtain!
Question for whoever can answer it: Is there any way that a customer can use Wave's Attestation Credential Manager and Key Transfer Manager without signing up for at least $39.99 worth of services/year? I'm thinking particularly about Doma's recent posts re: ETS services bundled in Intel Mobos with only single digit revenue to Wave to pay for that.
Cheers,
Svenm
Ramsey,
Thanks for the "teaser." I'm looking forward to the full report tomorrow. Would you mind emailing the brochure to: rmedak@cox.net ?
Thanks,
Svenm
Thanks Ramsey, You've gotta' like these lines:
"The much-touted direction of leading software companies to increase the trust level of their offerings will be difficult without the support of a hardware element like SafeKeeper."
Svenm
Barge, Thank God I never faced you while on the high school debating team! Thanks for the excellent, cogent response!
And Awk, thanks for the same!
Svenm
Barge,
I understand your reasons for your disagreement and I hope the future for Wave is close to what you are projecting. But two things: 1) Besides a Cuban TAN, I fully expect a North Korean closed TAN as well, even in the post EMBASSY world and 2)Who knows? We may well see TAN's appear during the TPM rollout that lacks interoperability. Would some companies or institutions choose to have their own TAN in that situation? I don't know.
But I do think you missed my point. I think it will be in Wave's interest to have some form of competition. Very few people (outside of Bill and Steve & their shareholders) are happy with the O/S monopolistic situation. I suspect that Wave eventually would want to have a 95# weakling in the ring as well, just to be able to say "after all, we're not a monopoly!"
All the best,
Svenm
Texastree, Agreed. Only I hope and expect our management to do the buying out, not be bought out!
Svenm
Barge, Actually, I don't think I completely agree with your conclusion. I do think that Wave has first user advantage and I do think that is an enormous advantage at this point. However, individual user groups may have that their own TAN's which if they were to remain in their own domain would obviously be limited and not robustly compete with the interoperabiity of the Embassy TAN. Other versions of interoperable TAN's may appear in the future. To use an analogy, MSFT has competing O/S's. In fact, when Apple was threatened with bankruptcy MSFT gave them financial support. It was healthy from an anti-Sherman Act point of view to have a viable competitor. I hope that Wave's first mover advantage in this space eventually puts them in a similar situation, but I don't think it would (in the long run) necessarily be healthy for Wave, nor do I think it is SKS's goal, to be the only TAN provider.
JMVHO,
Svenm
Barge,
Thanks. SKS has previously made the point that he feels there is room for many (I believe he used the # 12) Private CA's. I hope that he expects to have the lion's share of the business, however. The point remains, however, that each TP must have its identity vouched for by one (and only one) Privacy CA.
I doubt that Verisign is angling for this busines, but hey, who knows? Anyone?
Svenm
Ramsey2 and Barge,
Perhaps the problem in understanding this issue is the definition of the world "attestation" in this context. As SKS uses it in the CC cited by Barge, "attestation" refers to the Privacy-CA's attestation of the endorsement key and the platform. Only one Privacy-CA can provide this "attestation" which is the vouching for the identity of the TP and as I understand it, is the basic business that Wave is trying to build in regards to the TPM. However, other certification authorities (actually an infinite #) may act as "trust points within the PKI and attest that a given secret really does belong to an entity with a particular name" (taken from Siani Pearson's "trusted computing platform" book). This may be the type of "attestation" that Verisign is providing as mentioned by the TCB. Hopefully Ramsey2's sleuthing will shed more light on this pretty important issue.
Svenm
Kevin5 and Gowave,
I don't have any hard numbers but using the figures that have been given in their local (Jacksonville, Fl) business paper and using some very rough fudge factors it would appear that MortgageFlex has a market share of the loan origination business of about 15% which would be about 1,000,000 loans in 2003.
My question is, does anyone have any idea what kind of agreement Wave may have as part of the EMortgage Alliance and with DocuTech? And, does anyone have any idea how this will be turned into revenue and how much in the medium term future? It's the old chicken and the egg again: without deployment Wave's technology is pretty meaningless. With deployment there is virtually no limit. However, the mortgage business is an obvious place for trusted computing to provide immediate significant benefits and perhaps some of the initial trusted pc's will be heading in their direction? A functioning Wave TAN with Wave providing attestation as the TTP Certifying Authority in that industry would be a fine example to point to for future sales!
Svenm