Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Seagate at helm of sea change. Good stuff! Sorry if posted
Hard drive maker, distributor may hold keys to showbiz kingdom
By Paul Bond
March 22, 2007
As the digital delivery of Hollywood content goes mainstream, Seagate Technology might be in the sweet spot -- building and selling the hard drives that store music, movies, TV shows, user-generated content and anything else you can think of. Seagate CEO William Watkins recently spoke to The Hollywood Reporter West Coast business editor Paul Bond.
THR: You predict that in the future every TV sold will have a hard drive in it. Why?
Watkins: When people have the opportunity to record the whole season of 'The Sopranos' or whatever, that's what they'll do. They're enjoying their content the way they want to, without commercials. In the U.S., the cable and satellite companies subsidize the DVR in their boxes because once people have all their content stored on their DVR, they don't leave the service. This model is now rolling out in Europe and Asia. Soon, every TV in the world will have a hard drive either in it or near it.
THR: Are hard drives in TV sets the death of TiVo?
Watkins: The opportunity for TiVo is the new FCC rules that require the cable and satellite TV companies to sell you a card that gives you the option of choosing your own DVR.
Advertisement
THR: You make hard drives for the video iPod. Some on Wall Street are concerned that Apple will switch to Flash memory.
Watkins: It's not a big market for us. But if the Flash makers are willing to subsidize the iPod, Apple may go that way. The spot price for Flash is $5 a gigabyte, so if you want 60 gigabytes, someone must pay $300 for it. But you can buy a 60 gigabyte hard drive for just $55. What's important to us is that people are using content in their hand because it drives a phenomenal amount of storage at the enterprise level that's backed up, and at the desktop level, again backed up, and at the Internet. In order to deliver content electronically to your hand, it takes six storage systems replicating the same data, and Seagate will get five of those every time.
THR: Any thoughts on Apple TV?
Watkins: It's a 40 gigabyte hard drive that gets people to move from the physical distribution of content to electronic distribution. When that happens, we benefit.
THR: Won't people miss having a collection of DVDs and CDs on their shelves?
Watkins: Hey, we used to deliver content by Pony Express, then trains and airplanes. We've been changing the business models of content delivery forever. Every time you change the distribution model, you put tremendous pressure on the old model.
THR: Do car radios need a hard drive?
Watkins: There's a storage solution opportunity there. When you hear a song, push a button and download it for 99 cents.
THR: Hollywood has got a ton of content they're not using. What's preventing it from delivering it digitally and getting paid for it?
Watkins: That's the key -- getting paid for it. At Seagate, we're working on the right security on the hard drive so that it's not given away free. Content that's 10 years old that there's not a lot of demand for, it doesn't make sense for big DVD runs. But it becomes easy to sell a bunch, especially if the access through an Internet Web site is very cheap.
THR: So is the Netflix model in danger, where DVDs are mailed to subscribers?
Watkins: Netflix would look at us as a competitor because we want to remove physical distribution.
THR: What's your biggest growth opportunity.
Watkins: The consumer -- in the hand, at the home, at the TV, in gaming. Think about PlayStation and Xbox, they have hard drives but they also drive Internet gaming, then we sell storage to Yahoo!, Google, Microsoft.
THR: What amount of storage will the consumer need in a decade?
Watkins: If you add up all the storage in your house now, including your notebook, DVR, iPod and everything else, I bet you'd come up with a terabyte. The idea of a 5 terabyte home in five years wouldn't surprise me at all. I've got 6 terabytes of storage at my house, with home movies, music, pictures. Just stuff. Storage devices are like closets -- you put stuff in there that you never give up.
THR: What's the coolest, most disruptive change headed for media?
Watkins: The Internet. It was first about information, then it was a purchasing vehicle for the eBays and Amazons, now it's becoming a content distribution model that's phenomenally efficient globally.
THR: So my 70-year-old dad will download a movie from the Internet?
Watkins: If it's easy. But more important, my daughters are learning to do it, and that's the only way they'll ever think about it as they get older. My 17-year-old daughter was punished recently. We gave her a choice of losing her car or her iPod, and she pleaded with us to take her car.
THR: What's Hollywood not doing that it should be doing?
Watkins: My concern for Hollywood is that if they continue to drag their feet, other people will define their business models for them. Look what happened with music. The hardware guys broke down the CD into single songs, and they set the pricing. I come from a business where people tended to give away the hardware so they could sell services and software. But in the modern world, people seem to be giving away content in order to sell hardware. The point is, the people who own content are being slow to embrace this technology.
29Tango, true. I like the government slant. This points to continued broad deployment including non-TPMs and TPMs. Winning bidders will have to satisfy both.
GuardianEdge and Seagate Raise the Bar for Endpoint Data Protection
Monday March 19, 8:00 am ET
GuardianEdge Data Protection Framework to Seamlessly Manage the Seagate DriveTrust(TM) Technology Platform
SAN FRANCISCO, March 19 /PRNewswire/ -- GuardianEdge Technologies, Inc. today announced a strategic relationship with Seagate Technology® (NYSE: STX - News) designed to leverage the GuardianEdge Data Protection Platform for management of Seagate's encrypting notebook hard drive. This relationship was formed to address the growing need to protect against unauthorized access to laptop computer information and mitigate the risks posed by the potential loss or misuse of sensitive information.
ADVERTISEMENT
According to the non-profit consumer information and advocacy organization Privacy Rights Clearinghouse, more than 100 million consumer data records have been exposed through data breaches since January 2005. While organizations have begun to respond to this threat by incorporating stronger encryption and authentication security measures into their IT security postures, continued high profile data losses involving laptop computers have highlighted the need for more comprehensive and far-reaching solutions. The strategic relationship between Seagate and GuardianEdge combines strong hard disk security for laptops with enterprise management capabilities. This combination is designed to deliver a new level of laptop PC data protection -- providing the user registration and management, policy administration, client audit and reporting, instantaneous cryptographic erasure of the hard drive contents and key management and recovery services required by the range of enterprise users of Seagate DriveTrust Technology.
"The integration of GuardianEdge's security management capabilities with our DriveTrust Technology ensures that laptop computers with Seagate secure hard disk storage can be easily and centrally managed," said John Bedrick, Senior Director of IT Security -- New Market Development at Seagate Technology. "Ease of reporting for security management and regulatory compliance is crucial to organizations large and small. GuardianEdge is taking a leadership position in the management of disk drives with hardware- based encryption by managing the market's leading encrypting 2.5-inch hard drive: Seagate Momentus 5400 FDE.2. The combination of Seagate DriveTrust hard disk drives with GuardianEdge management capabilities provides a winning solution for our joint customers."
Seagate DriveTrust Technology is a powerful new security platform that combines strong, fully automated hardware-based security with a programming foundation that makes it easy to add security-based software applications for organization-wide encryption key management, multi-factor user authentication and other capabilities that help lock down digital information at rest.
The GuardianEdge Data Protection Platform is a unified management environment for hardware and software-based encryption solutions. Through seamless integration with Microsoft Active Directory®, GuardianEdge and Seagate provide network administrators with robust endpoint data protection capabilities that integrate into existing IT management operations -- making these solutions familiar and easy to deploy. By centralizing the management services required to support a full array of data protection controls, administrators are provided with the reliability, high performance and scale required to address the data protection needs of a dynamic, changing organization. A modular, services-oriented approach provides the extensibility needed to support organizations as they introduce encryption-ready hard disks into their computer hardware inventory.
"Enterprises are continuously evolving and the quantity and portability of their digital content continues to grow exponentially," said Alan Fudge, president and CEO of GuardianEdge Technologies, Inc. "We believe that powerful but easy management of multiple data protection offerings through a common framework is critical to the success of these organizations' endpoint data protection strategies. Our strategic relationship with Seagate demonstrates our commitment to this approach. We are not only providing data protection solutions, we are helping organizations to leverage their existing investments in trusted hardware."
About GuardianEdge Technologies, Inc.
GuardianEdge Technologies, Inc. is a market leader in endpoint data protection for the enterprise. More than two million users around the world depend on GuardianEdge solutions to safeguard sensitive and proprietary information, to ensure compliance with regulations for maintaining consumer privacy and to enable secure enterprise mobility. The company's endpoint data protection solutions have been deployed by leading organizations including Lockheed Martin Corporation, Deutsche Bank AG and Humana Inc., as well as numerous agencies in the U.S. departments of Veteran Affairs, Defense, State and Education. For additional information, please visit: http://www.guardianedge.com.
WidePoint CFO Jim McCubbin said, "In 2006 we realized a significant ramp in sales in the fourth quarter related to recent contract wins. While we expect this momentum to continue in the long term, we expect a high level of variability in the near term on a quarter to quarter basis as the HSPD-12 program migrates from the contract award phase in the first half of 2007 to a rollout and implementation phase that commences in the second half of 2007. This should be further bolstered by the ECA program as it continues to escalate in 2007 and beyond." McCubbin further stated, "We look forward to competing for the two million users that the Director of Identity Policy Management in the GSA's Office of Government Policy has recently estimated will be issued within the next 23 months."
I think we will get an 8-K tomorrow.
OT: Hitachi to Sell Business PCs Made by HP
Michael Hoffman (Blog) - March 14, 2007 12:06 AM
Hitachi will halt manufacturing PCs for corporate users, instead inking a deal for Hewlett-Packard
Hitachi has announced that it will begin selling PCs designed for businesses manufactured by Hewlett-Packard. The PCs will replace Flora, a Hitachi made computer line, according to company spokesman Masayuki Takeuchi.
Hitachi expects to begin offering the PCs to Japanese consumers around May. However, Prius, another Hitachi company line of PCs, will continue current production. The new PCs will still carry the Hitachi label, but will for all intents and purposes, be HP products.
Hitachi's annual sales average 140,000 consumer and personal PCs and 350,000 business PCs, Takeuchi said. HP already provides Hitachi with servers. Both companies previously indicated desires for deeper business connections, with Hitachi eventually exiting its PC market completely in favor of less conventional industries.
HP is working with Hitachi to provide certain levels of security authentication to HP. An official agreement should be signed later this month by both companies.
Hitachi has put more energy into other projects -- storage, phone displays, even a brain interface.
Repost: ASI Selects Seagate's Momentus 5400 FDE.2 HDDs for Secure Notebooks
IT News Online Staff
2007-03-14
Seagate Technology announced that Momentus 5400 FDE.2, its strongest encrypting 2.5-inch notebook PC hard drive with a suite of security capabilities, is shipping to ASI Computer Technologies for secure notebooks that will feature Wave Systems Corp.'s security management software to simplify enterprise deployments.
Seagate's Momentus 5400 FDE.2 (Full Disc Encryption) hard drive features perpendicular recording technology to deliver up to 160 GB of capacity, a fast SATA interface and hardware-based AES encryption, a government-grade security protocol used to encrypt all hard drive information transparently and automatically, preventing unauthorized access to data on lost or stolen laptops.
The encrypting hard drive also gives organizations an easy way to repurpose or retire laptops without compromising sensitive information and to comply with the growing number of data privacy laws calling for the protection of consumer information using government-grade encryption.
ASI, a channel provider of notebooks, will offer the drive in its new ASI C8015 whitebook system. For additional security, the ASI C8015, expected to be available as soon as April, will feature a biometric fingerprint reader for stronger user authentication. The notebook will target healthcare, legal, finance, government and other industries requiring strong protection of information.
"Computer security is a growing concern for all of our channel customers, though fear of stolen laptops is especially acute," said Kent Tibbils ASI senior director of Platform Technologies and Marketing. "And for good reason: the theft of intellectual property, customer information and other precious content stored on laptops can cost organizations dearly in legal remedies and customer retention, to say nothing of the considerable cost of restoring one's good name. Seagate's Momentus 5400 FDE.2 hard drive with the Wave Systems management software allows ASI to deliver notebooks with the strongest, easiest to deploy security available."
The ASI C8015 will feature Wave Systems Embassy Security Center's Trusted Drive Manager, software that simplifies setup and configuration of Momentus 5400 FDE.2 drives. Trusted Drive Manager also makes it easy for administrators and users to create and back up passwords, and for administrators to control hard drive policies and security settings. The software also leverages Seagate's DriveTrust Technology to allow administrators to instantly and easily erase all data cryptographically so the drive can be safely redeployed or discarded.
Seagate DriveTrust Technology is a new security platform that combines strong, fully automated hardware-based security with a programming foundation that makes it easy to add security-based software applications for organization-wide encryption key management, multi-factor user authentication and other capabilities that help lock down digital information at rest.
AXILL ADS
"The inherently secure hardware of the hard drive provides the ideal cryptographic environment where encryption keys and access control data are safeguarded from software attacks," said Lark Allen, executive vice president, Wave Systems. "In a major step forward for data protection, Wave's Trusted Drive Manager and Seagate DriveTrust Technology provide a new, highly secure pre-boot capability that authenticates users to their system, protecting data at rest from risks associated with loss of the notebook."
Seagate said Momentus 5400 FDE.2 provides an easy, cost-effective way to prevent unauthorized access to all notebook PC data, not just selected files or partitions, in case the system or disk drive is lost, stolen, retired or resold. The 5,400-RPM drive's hardware-based full disc encryption delivers significantly stronger protection against hacking and tampering than traditional encryption approaches by securely performing all cryptographic operations and key management within the drive.
Q1 Labs Integrates Identity Based Correlation into Trusted Computing Group’s TNC Architecture
QRadar 6.0 Communicates Post-Admission User Violations to Leading Network Access Control Solutions
WALTHAM, Mass.--(BUSINESS WIRE)--Q1 Labs, a leading network security management company, today announced that its QRadar 6.0 (please see announcement also issued today; Q1 Labs Launches QRadar 6.0 to Provide First End-to-End Identity-Driven Security Management Solution) network security management platform will add user identity based threat correlation into solutions, such as Juniper Networks’ Unified Access Control (UAC) solution, that implement Trusted Computing Group’s (TCG) Trusted Network Connect (TNC) standards. The combined solution will help enterprises to ensure compliance, defeat threats and protect their network investments.
Through this integration, Q1 Labs’ QRadar 6.0 will leverage the TNC open standards to communicate with the Juniper Networks UAC solution. The UAC solution offers a hardened policy management server that can push the UAC Agent to the endpoint (or gather information in agentless mode), to get user authentication, endpoint security state and device location. The UAC solution then combines that information with policy to provide per user, per session access enforced in the network. QRadar will provide user and machine based policy recommendations when it detects security incidents or anomalous network behavior occurring after trusted endpoints have been granted access to the network. With this post admission information, the Juniper Network UAC solution can then granularly quarantine an offending endpoint/user by controlling access to networks, resources and applications, only restoring access once the user returns to compliance. The information that QRadar leverages to signal Juniper Networks’ UAC solution about threats detected within the network includes logs and alerts from heterogeneous host, application and security devices, including Juniper Networks’ entire range of security technologies.
“Once trusted endpoints are granted access to a network, it becomes imperative to be able to monitor their ongoing activity and to communicate back to the gateway should anomalous or policy violating activity occur,” said Brendan Hannigan, chief operating officer, Q1 Labs. “QRadar is not only able to bind identity to the user’s IP address and to collect information for an alert, but it is able to forge links and implement actions back to access control gateways like Juniper Networks’ UAC solution where further action can be taken to help monitor and eliminate the breach in security.”
“QRadar brings an important new element to network access control - rapid response to network misbehavior,” said Steve Hanna, distinguished engineer at Juniper Networks and co-chair of the Trusted Computing Group’s Trusted Network Connect Work Group. “Customers will be able to quickly stop infections and other misbehavior, then trace them back to specific users and machines. Juniper Networks’ support for the open TNC standards allowed Q1 to quickly and easily integrate QRadar with our UAC solution. Customers will be able to enjoy the benefits of integrated products with lower costs and faster time-to-market than would have been required with a custom integration.”
About The Juniper Networks Unified Access Control Solution
As enterprise networks grow increasingly complex and mobile, with users including employees, guests, partners and contractors requiring access to critical business information, Juniper Networks' UAC 2.0 solution solves the problem of balancing access controls and threat mitigation. In many enterprises, network endpoints are often poorly managed, unmanaged, and in some cases, unmanageable. Business requirements demand that users and devices get access to resources and applications, but providing such access without sufficient controls opens the enterprise to a number of business and security risks and regulatory compliance challenges. By binding user identity, endpoint integrity and location information with access controls, UAC 2.0 allows for dynamic policy management that can be enforced in real-time throughout the network.
About TCG
The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications will enable more secure computing environments without compromising functional integrity, privacy, or individual rights. The primary goal is to help users protect their information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft. The Trusted Network Connect (TNC) specifications provide open standards for network access control with strong security. More information and the organization’s other specifications is available at the Trusted Computing Group’s website, www.trustedcomputinggroup.org.
About Q1 Labs
Commanding a unique position at the nexus of security and networking, Q1 Labs is redefining network security management. Q1 Labs’ flagship product, QRadar, integrates previously disparate network and security functions into one solution. This convergence ties the impact of security threats directly to specific business assets and services, reduces acquisition and operation costs and increases accuracy. Q1 Labs’ installed customer base ranges from government agencies and financial institutions to universities and healthcare providers. Please visit www.q1labs.com or call (781) 250-5800 for more information.
© 2006 Q1 Labs Inc. Q1 Labs, the Q1 logo, QRadar and the QRadar logo are trademarks or registered trademarks of Q1 Labs Inc. All other trademarks and service marks are the property of their respective owners. All rights reserved.
Seagate is the single greatest revenue deal Wave has ever done not only from a price point aspect but from a market need standpoint. Revenues will begin to accelerate quickly in the second half and will continue into the foreseeable future as FDE is expanded across Seagate's and, evetually, Hitachi's, product line-up.
Pickle
Thoughts, I will jump out and say we will get a PP within a week of the CC (this seems consistent), but the positive is that it will result in minimal dilution given the ramp up in share price. Seagate's relationship will prove as monumental as the DOD when we look back at critical developments leading to the widespread adaption of trusted computing. Killer apps is a neccessity and here is to hoping there are many others baking behind the scenes.
Pickle
Just back with the family from Jellystone in Waller, NASA, USS Texas, and Blue Bell with a great stock price to top it off. Looks like it is coming to the surface and it brings out all flavors which is fun to see.
Pickle
Savvy hackers take the hardware approach
By Dennis Fisher
07 Mar 2007 | SearchSecurity.com
Sophisticated hackers are finding ways to break into systems by exploiting security flaws in a computer's device drivers, physical memory and PCI cards. As SearchSecurity.com Executive Editor Dennis Fisher explains, while enterprise software vendors are good at plugging holes in their applications, the same security prowess is lacking for hardware.
CIOs and IT managers would do well to start asking their hardware vendors what they're doing about security.
Since the dawn of the computer age, if you wanted to attack a system, the path of least resistance has always been the software. It was true on mainframes, it was true on time-sharing systems like the VAX and the PDP, and it's been especially true in the PC era. Getting root on a Unix box or taking full control of a Windows machine is just a matter of having the patience to find a soft spot in the operating system or one of the applications and then moving up the stack from there.
Because there are so many applications out there with all manner of attractive vulnerabilities just waiting to be exploited, few hackers have spent much time in recent years messing around with hardware. Why bother learning about device drivers, RAM acquisition and hardware interrupts when you can cut and paste shell code you found on a mailing list and have root in 30 seconds? The oldest reason on Earth: money. If you can hide your code on a compromised machine in say, a bank or a classified government network, you might find a way to make some money from that.
About Behind The Firewall:
In his weekly column, Executive Editor Dennis Fisher sounds off on the latest issues affecting the information security community.
Recent columns:
RFID dispute: Vendors still hostile toward full disclosure
Data breach: If customers don't act, data will remain at risk
White House cybersecurity strategy running short on time
Just as attackers have concentrated their efforts on the OS and applications, so have security vendors, administrators and security specialists. Many security professionals, CIOs and CSOs are former network administrators who spent years learning the ins and outs of network design, protection and management. They can configure routers and switches in their sleep and know more tricks and tactics for locking down Windows NT, 2000 and XP than the developers who wrote the code do. Many of the attacks used these days fall into one of a handful of classes that are well-understood by both security vendors and security professionals, and they know how to defend against them. Buffer overruns and SQL injections still happen all the time, but at least they have known causes and remedies.
That is most definitely not the case with the kind of cutting-edge hardware-based attacks that the elite of the hacker world are working on at the moment. Take for example Joanna Rutkowska, a security researcher with COSEINC, and a rising star in the hacker world. She gave a standing-room-only presentation at the recent Black Hat DC entitled "Beyond The CPU: Defeating Hardware Based RAM Acquisition Tools" that had some of the other presenters at the conference shaking their heads in wonder. In her talk, Rutkowska demonstrated several techniques for tricking forensic tools into seeing a different image of the RAM on a compromised machine than the one that is actually in the PC's physical memory. The demonstration she performed worked on an AMD64-based system, but she said it could also work on other architectures.
The techniques Rutkowska showed off are significant for two main reasons. First, when they're in the process of analyzing a compromised machine or a PC that might have been used in a crime, forensic analysts typically use hardware-based methods to acquire the machine's RAM, usually via a PCI card or a Firewire bus. Rutkowska's methods neutralize this, meaning that an attacker would have a good chance of keeping his tracks hidden on the machine. And second, the number of people who understand the low-level architecture of processors—and could therefore detect and defeat attacks like Rutkowska's—is several orders of magnitude smaller than the number who know how to stop more common attacks like worms and buffer overruns.
She is not alone in finding novel ways to abuse hardware either. John Heasman, director of research at NGS Software, spent an hour and a half at the conference scaring the audience out of its wits with his descriptions of several techniques for using the memory space on PCI cards and other devices to load rootkits . Heasman has been at this particular task for some time now, and his work is in no way theoretical; these are working exploits. He's found methods for loading a rootkit onto a PCI device via the flashable ROM. And he's also developed an elegant way to subvert the NT kernel and set up fake stack pointers.
"At that point, it's game over. We're executing 32-bit code in ring zero," Heasman said. Not good.
Most of the major enterprise software vendors have gotten fairly good at closing the most common holes in their applications in the last few years. Microsoft has made it much more difficult for attackers to run arbitrary code on Windows machines, especially in Vista. And other vendors are now routinely use code-scanning tools to identify common coding errors that lead to security flaws.
That security awareness has not yet made its way into the hardware realm. Efforts such as the Trusted Computing Group's Trusted Platform Module can be useful in defeating some of the hardware-based attacks. But the chip makers, the PCI card manufacturers and the thousands of other companies that make the guts of today's PCs have yet to fully embrace security. And that's largely due to the fact that they've had no motivation to do so. If the attackers are busy picking apart Windows and Oracle apps, what can Intel or AMD do to help?
A lot, as it turns out. Both chip makers are busily adding security features to their processors in an effort to prevent some of these attacks and others, including emerging threats from virtualization technology. Security likely will become a major selling point for these companies as the attacks continue to develop and hardware-based security architectures mature. CIOs and IT managers would do well to start asking their hardware vendors what they're doing about security. And if the answer that comes back doesn't cut it, there's always another vendor waiting in the lobby who might have a better answer for you.
Follow-up Endpoint Security author: As CEO Mr. Kadrich is responsible for tracking current security trends and postulating on future security trends and technology that may impact or benefit our customers.
For the past 20 year Mark Kadrich has been a contributing member of the security community. His strengths are in systems level design, policy generation and risk management. Kadrich has been published numerous times and is an avid presenter.
ACCOMPLISHMENTS
* Mr. Kadrich was senior scientist with Sygate Technologies prior to the Symantec acquisition. In his new role as Senior Principle Software Engineer, Mr. Kadrich is responsible for developing corporate policies, understanding future security trends, managing government certification programs, and evangelizing on demand. Mr. Kadrich joined Sygate through the acquisition of a start-up company where he was a founding member.
* As CTO/CSO for LDT Systems, Mr. Kadrich assisted with the development and support of a web based system used to capture and track organ donor information.
* Mr. Kadrich was Director of Technical Services for Counterpane Internet Security. He was responsible for the generation of processes that supported and improved Counterpane's ability to deploy and support customer related security activities
* Kadrich was Director of Security, Conxion Corporation. As the Director of Security, his role was to plot the strategic course of Conxion's information security solutions.
* Prior to Conxion, he was a Principal Consultant for International Network Services (INS) where he created a methodology for performing security assessments and interfaced with industry executives in order to explain the benefits of a well-implemented security program.
* Kadrich is a CISSP, holds a BS Management Information Systems, University of Phoenix and degrees in Computer Engineering and Electrical Engineering, Memphis, 1979. Publications contributed to include TCP Unleashed, Publish Magazine, Planet IT, RSA, CSI, and The Black Hat Briefings.
Endpoint Security by Mark S. Kadrich CISSP
Publisher: Addison Wesley Professional
Pub Date: April 02, 2007
Print ISBN-10: 0-321-43695-4
Print ISBN-13: 978-0-321-43695-5
Pages: 384
Slots: 2.0
Start Reading
Table of Contents
Overview
A comprehensive, proven approach to securing all your network endpoints
Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough strategy to protecting all your endpoint devices, from desktops and notebooks to PDAs and cellphones.
Drawing on powerful process control techniques, Kadrich shows how to systematically prevent and eliminate network contamination and infestation, safeguard endpoints against today's newest threats, and prepare yourself for tomorrow's. As part of his end-to-end strategy, he shows how to utilize technical innovations ranging from network admission control to "trusted computing."
Unlike traditional "one-size-fits-all" solutions, Kadrich's approach reflects the unique features of every endpoint, from its applications to its environment. Kadrich presents specific, customized strategies for Windows PCs, notebooks, Unix/Linux workstations, Macintoshes, PDAs, smartphones, cellphones, embedded devices, and more. You'll learn how to:
· Recognize dangerous limitations in conventional endpoint security strategies
· Identify the best products, tools, and processes to secure your specific devices and infrastructure
· Configure new endpoints securely and reconfigure existing endpoints to optimize security
· Rapidly identify and remediate compromised endpoint devices
· Systematically defend against new endpoint-focused malware and viruses
· Improve security at the point of integration between endpoints and your network
Whether you're a security engineer, consultant, administrator, architect, manager, or CSO, this bookdelivers what you've been searching for: a comprehensive endpoint security strategy that works.
Front Matter
Preface
1 Defining Endpoints
2 Why Does Security Fail?
3 Something is Missing
4 Missing Link Discovered
5 Endpoint and Network Integration
6 Trustworthy Beginnings
7 Threat Vectors
8 Windows
9 Mac
10 Linux
11 Handhelds and PDA
12 Embedded Systems
13 Case Studies
GL Glossary
Index
Guess we know the PR for tomorrow.
Fujitsu Introduces the Enterprise-Class, Thin and Light LifeBook S2210 Notebook Powered by AMD Turion 64 X2 Dual-Core Mobile Technology
By: Marketwire .
Mar. 6, 2007 01:00 PM
SUNNYVALE, CA -- (MARKET WIRE) -- 03/06/07 -- Fujitsu Computer Systems Corporation today announced the LifeBook® S2210 notebook, a thin and light enterprise-class notebook, powered by AMD Turion(TM) 64 X2 dual-core mobile technology and designed to deliver outstanding performance and exceptional value to the enterprise.
The easy-to-carry, four-pound LifeBook S2210 notebook is the first enterprise-class notebook that participates in the "Better by Design" program. PCs with the Better by Design label feature superior technologies from wireless and graphics industry leaders to deliver the business value and better performance that enterprises demand. These superior technologies will allow enterprises to take advantage of the rich visual capabilities and features offered by Microsoft Windows Vista(TM).(1)
"Fujitsu, a long-time AMD customer, continues to deliver outstanding business value in computing products across the enterprise by combining exceptional performance, high reliability and innovative design," said Bahr Mahony, Director of Product Marketing, Mobile Division, AMD (NYSE: AMD). "The LifeBook S2210 notebook, one of the first thin and light enterprise-class notebooks incorporating AMD Turion 64 X2 dual-core mobile technology, is yet another example of Fujitsu ingenuity."
Available pre-installed with Windows® XP Professional, Windows Vista(TM) Business or even Windows Vista(TM) Home Basic, the LifeBook S2210 notebook accommodates a variety of user preferences. This flexibility also makes it a favorite of universities and other educational institutions.
"We have been a Fujitsu customer for over nine years. Over that time we have been continually impressed by the solid engineering and innovation behind Fujitsu notebooks," said Steve Gray, laptop distribution coordinator, Indiana Wesleyan University. "With its dual-core processor fueled performance, and light and durable design, the Fujitsu LifeBook S2210 notebook is no exception."
"High-performance AMD processors are used in Fujitsu products from enterprise level PRIMERGY® blade servers to LifeBook notebooks," said Paul Moore, senior director of mobile product marketing, Fujitsu Computer Systems. "The AMD Turion 64 X2 dual-core mobile technology and new enterprise-class features delivered in the LifeBook S2210 notebook reflect the Fujitsu commitment to providing performance and value to all levels of users and businesses."
Equipped with a bright and brilliant 13.3" Crystal View XGA display with ATI Radeon(TM) X1150 graphics, dual built-in stereo speakers and stereo microphones, the LifeBook S2210 notebook delivers an exceptional audio and visual experience.
The LifeBook S2210 notebook is enhanced with enterprise-level security and data protection features to prohibit unauthorized users from accessing sensitive data, changing the platform configurations, or signing onto a network. Data is secured with Smart Card support via the PC Card slot, embedded Trusted Platform Module (TPM) v1.2, hard disk drive lock and an optional built-in fingerprint sensor.
Data is also safeguarded with a spill-resistant keyboard and the Fujitsu Shock Sensor utility, an accelerometer-based hard disk drive protection system that retracts the hard drive head if a sudden movement or vibration is detected, reducing the possibility of data loss.
While compact, the LifeBook S2210 notebook offers flexibility with a modular bay that can be easily configured with a Dual-Layer Multi-Format DVD Writer, second hard drive, or a bay battery.
With both modem and Gigabit Ethernet built in, the LifeBook S2210 notebook offers superior connectivity to an office network or the Internet. For even greater flexibility, the available integrated Wi-Fi® certified Atheros Super AG® 802.11a/b/g wireless LAN delivers superior performance.
Price and Availability
The LifeBook S2210 notebook, with pricing starting at $1,299(2) for a base configuration, is available through the Fujitsu direct sales force, website, channel partners and select retail outlets(3). Users can choose from a recommended configuration, or they can customize their system using the Fujitsu Configure To Order (CTO) program. See http://www.computers.us.fujitsu.com/store/index.shtml for further information.
Service and Support
The Fujitsu LifeBook S2210 notebook is backed by a one or three-year International Limited Warranty for U.S. and Canadian customers. The International Limited Warranty(4) includes technical support, 24 hours a day, seven days a week(5), and unlimited online chat support. In addition, Fujitsu offers other warranty plans designed to meet the unique needs of mobile users. See http://us.fujitsu.com/computers for further information.
goepling, great find!!
OT: Semiconductor market looks solid
Sales increased 9.2 percent as the price of the maturing technology falls; forecast calls for continued growth.
March 5 2007: 8:34 AM EST
NEW YORK (Reuters) -- Worldwide sales of semiconductors rose in January on strength in consumer confidence, the Semiconductor Industry Association said Monday.
Sales increased 9.2 percent to $21.47 billion from a year earlier, but fell 1.2 percent from December levels.
"Purchasers of personal computers continue to reap large benefits from the steady decline in prices of semiconductors achieved through advances in technology," SIA President George Scalise said in a statement.
Desktop and laptop computer system prices fell more than 9 percent in 2006, according to the SIA, which forecast continued improvement in market conditions in the year ahead.
"Concerns about inventories in the previous quarter appear to have worked themselves out, and the forecast for unit growth in the range of 10 to 15 percent for 2007 appears to be realistic," Scalise said.
Sales of DRAMs led the industry both in total sales and in year-on-year growth in January, with $3.6 billion in sales and revenues jumping 72 percent compared with January 2006.
The introduction of the Microsoft (Charts) Vista operating system, which requires substantial additional memory, may have contributed to the increase in demand, the SIA said.
The news bodes well for computer makers such as Dell (Charts), Hewlett-Packard (Charts) and Levono.
Nokia forms a joint venture with German company to promote pay-by-phone technology.
Stephen Lawson, IDG News Service
Thursday, March 01, 2007 08:00 AM PST
Nokia Corp., one of the first handset makers outside Japan to turn a phone into a wallet, now wants to sell services that will make these kinds of devices useful.
But the Finnish mobile equipment giant isn't doing so directly. Instead, it has formed what it calls an independent third party, a joint venture with Germany's Giesecke & Devrient, which makes smart cards. The venture, Venyon Oy, based in Helsinki, was launched in December and is about to open a Singapore office to complement locations in Munich and Dallas, according to Chief Executive Officer Lauri Pesonen.
The mobile phone payments Venyon wants to facilitate are based on NFC (near-field communication), which uses an RFID (radio-frequency identification) chip and antenna to exchange information with a payment station from a range of a few centimeters. Typically it would involve tapping the phone against a subway turnstile, a vending machine, a payment device at a checkout stand, or another phone, Pesonen said.
Phones are perfect for payment because people carry them almost everywhere, Pesonen told journalists at an event in San Francisco on Wednesday. NFC is already available on some credit and debit cards, and NFC phones will get cheaper when they no longer need a separate smart card for the feature. Such phones should hit the market next year, he said.
Like 3G (third-generation) mobile data services, NFC first got off the ground in Japan with slightly different technology, in this case Sony Corp.'s FeliCa system. Now big names including Sony, Microsoft Corp., Hewlett-Packard Co., Visa International Service Association and MasterCard International Inc. are backing the technology through the NFC Forum and there are trials taking place in several places around the world. But outside Japan and South Korea, there are few phones equipped to use it.
Venyon isn't aiming at the hardware end of the problem but at the need for an infrastructure through which retailers and financial services companies can work with carriers and handset makers. Although standards bodies are working on specifications for this, Venyon is worried that the market will be in full swing by the time those standards are finished. If each set of partners develops its own technology, fragmentation would slow down adoption, Pesonen said.
Venyon is offering services to support mobile NFC applications that can be downloaded and managed over the air. For example, a service that lets the user prepay for subway rides would involve the transit operator, the mobile carrier, a financial institution and software that needs to be downloaded to the phone. Venyon would provide that service behind the scenes, Pesonen said.
Ovum Ltd. analyst Roger Entner thinks many people eventually will embrace payment by phone for its convenience. The practice might be even more popular in countries where consumers don't yet have credit cards, he added. But Entner is less worried than Venyon about fragmentation. The company wants to jump out ahead and grab market share, but more competitors means better ideas, he said.
"I have great trust in the market forces," Entner said.
NFC could well succeed but faces an uphill battle in the U.S., in the view of analyst Clay Ryder at Sageza Group Inc. Fewer U.S. consumers make small, daily payments on transit systems. Phone payments initially would appeal most to people in their early 20s, he said.
OT: Philips, Intel to Offer Medical Device
Wednesday February 28, 10:14 am ET
By Toby Sterling, Associated Press Writer
Philips, Intel to Introduce Wireless Device for Doctors, Nurses
AMSTERDAM, Netherlands (AP) -- Royal Philips Electronics NV and Intel Corp. plan to launch a wireless, handheld device to assist doctors and nurses in recording and storing patient information.
Philips, one of the world's largest makers of medical equipment, said the device, replete with touch screen and digital camera, had numerous uses. Among them: "to reduce medication errors, positively identify staff and patients, fill out charts, capture vital signs, write up reports and validate blood transfusions, as well as (provide) the ability to closely monitor the healing of wounds."
Medical professionals would use the devices to relay data to and from a patient's file on the spot. Perhaps most importantly, it will be "medical grade compliant," said Philips spokesman Ian Race. "It's easy to sterilize because it is sealed." That's key because in many wards, sanitation rules put many doctors' personal digital assistants off limits.
The product is due in the fourth quarter. A price has not yet been set.
It figures to have at least one key competitor: a $2,200 device announced just last week by Intel and Austin, Texas-based Motion Computing Inc. Intel spokeswoman Shannon Love said her company viewed health care as a "big opportunity," with a work force of 12 million people in the United States alone.
ootommy,
I do not have PM privelages. My email address is dillsforchrist@yahoo.com.
Thanks
Pickle
Excellent. Thanks! EOM
Awk,
I am looking for a desktop (XP is fine) or laptop that has a TPM that can be turned on. Have any suggestions? Looking for something below $1,000.
Pickle
OT:BitTorrent to Launch Movie, TV Downloads
Monday February 26, 7:55 am ET
By Gary Gentile, AP Business Writer
BitTorrent Inc. to Launch Legitimate Movie and TV Download Service
LOS ANGELES (AP) -- BitTorrent Inc., makers of a technology often used to trade pirated copies of Hollywood movies, is launching a Web site that will sell downloads of films and TV shows licensed from the studios.
The BitTorrent Entertainment Network was set to launch Monday with films from Warner Bros., Paramount Pictures, 20th Century Fox, Metro-Goldwyn-Mayer and Lionsgate and episodes of TV shows such as "24" and "Punk'd."
The service is squarely aimed at young men and boys who regularly use BitTorrent to trade pirated versions of the same films and who more often watch such files on their computer instead of on a big screen TV in the living room.
The San Francisco-based company is betting that at least one-third of the 135 million people who have downloaded the BitTorrent software will be willing to pay for high-quality legitimate content rather than take their chances with pirated fare.
"The vast majority of our audience just loves digital content," Ashwin Navin, president and co-founder of BitTorrent, told The Associated Press. "Now we have to program for that audience and create a better experience for that content so the audience converts to the service that makes the studios money."
To help wean users to paying for content, BitTorrent is featuring content and pricing that appeals to its target demographic -- males between the ages of 15 and 35.
TV episodes are $1.99 to download to own, which is typical for competitor sites such as Apple Inc.'s iTunes.
The new site will rent movies for a 24-hour viewing period for $3.99 for new titles and $2.99 for older films, but the site has decided not to sell films for now because the prices demanded by the studios were too high.
"We're really hammering the studios to say, 'Go easy on this audience,'" Navin said. "We need to give them a price that feels like a good value relative to what they were getting for free."
The service also will offer Japanese anime and high-definition video, which is popular with its users. Individuals will be able to publish their works to the site, which will compete for attention beside studio content.
The BitTorrent technology pioneered by Bram Cohen assembles digital movies and other computer files from separate bits of data downloaded from other computer users across the Internet. Its decentralized nature makes downloading more efficient, meaning that a full-length movie should download in about a half hour, about twice as fast as some other sites.
Navin said TV episodes should download in about one-third that time.
BitTorrent's decentralized structure also frustrated the entertainment industry's efforts to find and identify movie pirates.
In 2005, after the studios won a key legal decision against another pirate software company, Grokster, Cohen agreed to remove links to pirated files and start talks to license legitimate content.
Studios also got more comfortable with the idea of distributing content over peer-to-peer networks after they adopted strong digital rights management safeguards created by Microsoft Corp.
BitTorrent's content is protected by Windows Media DRM and will only play back using Windows Media Player.
Studios striking deals with peer-to-peer networks is a good first step toward allowing users to more freely distribute films and TV shows on the Internet, but it may take another five years or more for Hollywood to become completely comfortable with that, one analyst said.
"Their biggest concern is that an anonymous person passes it to an anonymous person," said Les Ottolenghi, chairman and president of Intent Mediaworks Inc., a company that helps content owners protect their works on peer-to-peer networks.
Ottolenghi recently chaired a task force that looked at digital watermarking, a technology that helps content owners track the route of its files as they make they way around the Internet.
"Their greatest hope is that someone at home passes it on to someone at home, from one device to the next, and that becomes a value to the consumer," he said.
BitTorrent Inc.: http://www.bittorrent.com
OT: Help! I need an affordable desktop computer that will be relevant several years from now. This is for personal use. I want a TPM because I do not want to be left out of the new secure world Wave is helping to create. Any suggestions would be very much appreciated.
Pickle
OT: Ahead of the Bell: Hard Disk Drives
Friday February 23, 7:39 am ET
Citigroup Stores Positive Impressions of Hard Disk Drive Makers, Posts Upgrades
NEW YORK (AP) -- A Citigroup analyst on Friday lifted ratings on two hard disk drive makers, citing improving fundamentals for the industry.
Analyst Paul Mansky in a client note said inventory levels and pricing for hard disk drives are improving.
He lifted ratings on computer memory and data storage maker Western Digital Corp. and on Xyratex Ltd., a British maker of computer storage systems, to "Buy" from "Hold."
In addition, Microsoft Corp.'s launch of its new Vista operating system could boost demand for PCs and data storage devices, noted Mansky.
The analyst raised his target price on Western Digital to $24.50 from $21, saying the company appears to be working down high inventory that concerned investors in the past.
Mansky raised his target price on Xyratex to $27 from $21, saying visibility and fundamentals have begun to improve from recent weakness.
He kept a "Buy" rating on San Jose, Calif.-based Komag Inc. -- with a $40 target price -- and a "Hold" rating on Scotts Valley, Calif.-based Seagate Technology. He said the company's operating margin improvements are reflected in share price.
Mansky lifted his target price on Seagate to $32 from $24.50.
DELL ETS Vista possibly March 2
http://www.dellcommunity.com/supportforums/board/message?board.id=vista&message.id=12060&que....
Provide a trusted platform for mobile electronic payment
A trusted smart phone and its applications in electronic payment
developerWorks
http://www-128.ibm.com/developerworks/library/wi-securepay/index.html?ca=drs-
Level: Introductory
Changying Zhou (czhou@nuvo.com), IT Security Consultant, NUVO Network Management
Chunru Zhang (zhangcr@hotmail.com), Senior Security Analyst, Blackwell Consulting Services
17 Oct 2006
With the growing intelligence and popularity of mobile phones and the trend of cellular networks convergence to IP-based networks, more and more mobile applications are emerging in the marketplace. This article analyzes the building blocks of the trusted smart phone and proposes a framework to provide a trusted platform for mobile electronic payment.
With the explosive growth of the use of mobile phones, the increasing computing power of cell phones, and the convergence of cellular networks to IP-based networks, e-Commerce is further extending its tentacles to the mobile network. Many service providers of cellular networks are offering the convenience of paying bills with mobile phones. Hence, there is a growing demand to make the mobile phone more trustworthy. Identity theft, virus, spyware, and other malicious code in the computer world emphasize the need for a trusted mobile phone.
With the Trusted Platform Module (TPM) technology, the Trusted Computing Group (TCG) offers a potential solution for the trust on e-Commerce including mobile phones (see Resources for more information). TPM provides root of trust, which is a secure chip consisting of cryptographic engine and protected storage. However, the mobile phone with TPM embedded is not equivalent to a trusted mobile phone.
As demonstrated in the DRM, Trusted Computing and Operating System Architecture paper (see Resources), the operating system (OS) of smart phones should also implement a reference monitor concept: mediate all accesses, be protected from tampering, and be verified as correct. Specifically, there is a requirement for trusted input/output subsystems. Built upon the TPM and trusted OS, a trusted phone should include identity system-supporting services for diverse applications such as electronic payment. The identity metasystem serves as a standard interface to different identification and authentication (I&A) mechanisms such as password, Kerberos, digital signature, and biometric. Microsoft® InfoCard is an example of identity metasystem implementation (see Resources for more information). By piecing these systems together, you can create a mobile payment framework and mobile payment applications.
The potential of smart phone
In comparison with other platforms upon which electronic payment is based, the proposed smart phone has many advantages, which might allow it to become a universal electronic payment vehicle in the future.
The smart phone can be designed to be more secure by embedding TPM to secure chip and storage, using tamper-proof mechanisms to secure the input and output, using securely crafted operating systems to insulate itself from tampering. This may be easily achieved because the smart phone is not an open system; the OS, especially the device drivers, cannot be modified by end users, and applications cannot be arbitrarily installed by end users.
A smart card has the advantages of ease of use, portability, and security, which are shared by the smart phone. However, the smart card doesn't provide trusted input and output, and it has to interface with a smart card reader that is connected to a PC. In this scenario, a compromised PC may allow a virus or Trojan horse to intercept the input/output flows: if the transaction requires the user to key in some sensitive data, it is at risk of being intercepted; the data shown in the computer monitor may not be the same as the data transmitted to the smart card, and so on. In contrast, the Input/Output subsystem of the smart phone can be made trustworthy by using tamper proof or tamper resistant mechanisms.
Building blocks of the trusted smart phone
Now that you know the potential of a smart phone to be fortified to enable secure online payment, and have seen its advantages over other platforms, we will examine the security requirements of a trusted smart phone even further.
Trusted Platform Module (TPM)
According to the TCG Specification Architecture Overview (see Resources), the root of trust lies in the Trusted Platform Module. The TPM is basically a secure microchip with added cryptographic capabilities and hardware-protected storage. A set of cryptographic functions are executed within the TPM hardware, such as:
* An RSA accelerator, which is used during digital signing and key wrapping
* A Hash algorithm engine, specifically the SHA-1 engine, which is used to compute hash values of small pieces of data (large pieces of data are hashed outside of the TPM for better performance)
* A random number generator for key generation
Hardware and software outside of the TPM have no direct access to the execution of these crypto functions within the TPM, except for the invocation of the services provided by the TPM through its well-defined interfaces.
Strengthened by the TPM, the smart phone is capable of integrity measurement and storage and reporting. The integrity measurement is aimed at key platform characteristics that affect the integrity and trustworthiness of a platform, such as the OS loader, OS and device drivers, and so on. The integrity metrics obtained in integrity measurement are kept in hardware-protected storage for future attestation that establishes the trust.
Specifically, trust of the smart phone is established through a chain of integrity measurements and execution transitions:
1. During start-up, the TPM measures the OS loader.
2. After the TPM attests that the OS loader is trusted, the execution is transferred to the OS loader.
3. The OS loader and TPM then measure the OS, including the device drivers.
4. After the OS is attested as trusted, the execution is transferred to the OS.
5. The OS can further attest applications running above it.
Trusted OS
The simple addition of TPM to the smart phone doesn't result in a trusted smart phone. Its OS should implement the reference monitor concept according to the DRM, Trusted Computing and Operating System Architecture paper.
The smart phone OS should not be bypassed. It mediates every access to system resources and data, determining whether the requested access would lead to a compromise of security. The smart phone OS may take advantage of the CPU, which implements the Multics Ring Architecture; only the OS is capable of running within ring 0 (the most privileged), and any application is only allowed to run within the unprivileged rings, which have no direct access to memory, input and output subsystem, and other system resources without the mediation of the OS.
The smart phone OS should be protected against tampering to ensure that attackers cannot subvert the enforcement of security policy -- it should especially require that running applications not tamper with the OS. The ring-based architecture of the CPU and memory segmentation of the Memory Management Unit (MMU) combined together are able to enforce effective domain separation and confinement. Moreover, to avoid a physical attack, the smart phone may employ tamper-proof or tamper-resistant physical security mechanisms.
The smart phone OS should be made small enough to validate its integrity. Fortunately, unlike the OS running on PC (that is, a general purposed operating system) the smart phone OS can be scaled down to a least common denominator; that is, memory management, process/thread management and scheduling, support for real-time service, networking, device drivers, and so on.
The OS and device drivers shall not be dynamically loadable. This avoids the pitfalls of the PC; the generally purposed operating system demands much more sophisticated ways to meet the requirements of non-bypassing and tamper-proof, and, therefore, makes the kernel code swell explosively. The use of the mobile phone justifies this requirement because the end user seldom needs to reconfigure the OS and device drivers. Meanwhile, installation of applications will fail if it does not pass the verification of digital signature or checksum.
Identity metasystem
Another merit of a smart phone is its versatility in supporting a variety of identification and authentication mechanisms. It can support passwords, Kerberos, LDAP, and digital signature with the support of underlying TPM and hardened OS. It can even employ biometric mechanisms (such as voice, iris, retina, fingerprint, and so on) by modifying its microphone system, screen, or embedded camera to be multipurposed.
Realizing the potential of the smart phone in identification and authentication application, it would be natural to turn the smart phone into a component of an identity metasystem according to the Vision for an Identity Metasystem paper (see Resources). For example, the phone may play an active role in the Microsoft® promoted "InfoCard". Connected to the computer using BlueTooth or USB, it may serve as an abstract layer of interfaces to diverse identity systems, providing interoperability among them, and enabling the creation of a consistent and common user interface. Its physical protection mechanisms against tampering and spoofing may especially be leveraged in the identity metasystem.
Other ways to enhance security
Except for the requirement of implementing the reference monitor concept, there is another requirement of making the smart phone trustworthy, that is, providing a trusted path for user input and output. The tamper-proof or tamper-resistant mechanisms may be implemented in the smart phone to protect against physically installing a bug between the keypad/screen and the secure chips in order to divulge sensitive information or tamper with the input/output data flow.
Another point to consider is that because of its size and mobility, the smart phone is vulnerable to theft. As a countermeasure, the smart phone can be strengthened by the inclusion of a self-destruction mechanism. When the smart phone is stolen, the owner may contact the service provider to invoke the self-destruction mechanism, which makes the handset useless anyone else. The anti-theft feature may be further facilitated by adding a global positioning system (GPS), which makes it possible for the cell phone tower to pinpoint the cell phone's location.
Electronic payment systems
Roughly speaking, electronic payment systems are those network services, such as the services over Internet, which involve an exchange of money for physical goods like books or electronic goods like music and video clips. A generic electronic payment system is illustrated in Figure 1.
Figure 1. A generic electronic payment system
A generic electronic payment system
A customer and a merchant should register with the payment service provider to participate in the electronic payment system. The payment gateway, run by the payment service provider, connects the public network to an inter-bank clearing network so that the customer is associated with its bank (referred to as issuer bank) and the merchant is associated with its bank (referred to as acquirer bank). When the customer purchases goods or services, he sends the payment instruction to the issuer bank and order information to the merchant. The merchant requests the payment gateway to authorize the payment. If the authorization goes successfully, the payment gateway finalizes the transaction over the inter-bank clearing network by informing the issuer bank to withdraw the specified amount of money from the customer's account and deposit it to the merchant's account at the acquirer bank. The gateway then acknowledges the merchant so that the latter can arrange the delivery of the goods or services to the customer.
The payment instruction (PI) may be sent from the customer to the merchant, and the merchant further relays it to the payment gateway; or the PI may be sent from the customer to the payment gateway directly. The transmission of PI may employ the following open network channels, to name a few:
* A TCP/IP channel (wired or wireless) over the Internet
* A WAP channel over the cellular network
* An SMS channel
Since the advent of the Internet, several electronic payment systems have been proposed and put into service. These include dedicated account-based systems such as PayPal, ISP involved payment systems, credit card-based systems, debit card-based systems, electronic cash systems, micro-payment systems, and so on. Before we draw a whole picture of the mobile payment framework with the support of the trusted smart phone, let's first take a look at different electronic payment systems.
PayPal
PayPal (see Resources) is an online payment service, provided by e-Bay, that allows individuals and businesses to transfer funds electronically. It requires the seller and buyer to have PayPal accounts and provide their bank account or credit account information that is associated with their PayPal accounts. Both the buyer and the seller deal with PayPal. PayPal, in turn, handles all transactions, deals with various banks and credit card companies, and pays the interchange charge. PayPal uses SSL/TLS to protect payment information in transit and heavily relies on user passwords for payment authentication.
Involved Payment System
The distribution of some kind of electronic products over communication networks (such as video-on-demand) leads to a payment system that involves Involved Payment System (ISP) (see Resources). Because the telecommunication network connects the consumer and content provider to the ISP, the ISP may act as an independent service provider for payment services. The ISP may identify the subscriber's identity and bill information, and then charge transactions to the subscriber's account held at the ISP. However, such payment systems are only applicable to limited electronic goods or services, therefore its application may not be widespread.
Credit card
Credit card-based electronic payment is currently one of the most popular eletronic payment systems on the Internet. It is similar to the traditional use of credit cards, except that it doesn't require the cardholder's signature: the customer sends his/her credit card information (that is, credit card number, expiration date, and so on) to the merchant. The merchant requests authorization from the acquirer bank. The acquirer bank communicates with the issuer bank over the inter-bank clearing network, asking for authorization. The issuer bank acknowledges the authorization request, and the acquirer bank notifies the merchant of the result. If successful, the merchant may deliver the goods or services to the customer. The issuer bank then sends the bill to the customer, which pays the charges to the bank by other means (for example, check or bank transfer). From the description of the generic credit card payment process, one security risk that is possible is the disclosure of the credit card number. After it's disclosed, the credit number can allow anyone to pay with the owner's credit card.
Various security measures have been taken to protect online credit card payments. SSL/TLS secures the communication channel between the customer and the merchant, preventing the payment information from being disclosed to eavesdroppers. This is the most popular way to make online payment secure. However, it still doesn't prevent the dishonest merchant from misusing the payment information. More importantly, there is no end-to-end trust relationship between the customer and the merchant, and it doesn't provide the non-repudiation of payment and delivery.
To strengthen the security of online credit card payments, Visa, MasterCard and other participants proposed a secure payment protocol called Secure Electronic Transactions (see Resources). SET makes use of various cryptographic mechanisms to secure the electronic transaction. Particularly, a public key cryptographic system plays a key role, and PKI is incorporated into SET to establish a certificate authority (CA) hierarchy upon which the trust relationship relies. CA signs the cardholder certificate, merchant certificate, and payment gateway certificate to vouch the authenticity. The payment process consists of the following main steps:
* Payment request - The customer prepares the payment instruction (PI), including credit card number and other private information, and encrypts it to make sure it is only readable to the payment gateway. The customer also prepares order information (OI) and encrypts it so that OI is only readable to the merchant. Finally, it generates a dual digital signature of the PI and OI (similar to the traditional signature), by which the customer can bind the PI and OI together and authorize the transaction. The customer sends all of the information to the merchant.
* Authorization - After receiving the payment request, the merchant retrieves the OI and prepares the authorization request message. It packages the authorization request, PI (received from the customer), dual digital signature of the PI and OI (received from the customer), and the hash of the OI without exposing the content of the OI, which is used for the Payment Gateway to verify the dual digital signature of the PI and OI. The merchant sends all of them to the payment gateway. After receiving the authorization request, the payment gateway extracts the PI, dual digital signature of the PI and OI, and other information. It then verifies the dual signature of the PI and OI, and makes an authorization request to the acquirer bank, which, upon receiving the request, follows the traditional way to settle the transaction (it is out of the scope of SET).
* Capture - The merchant requests the final settlement of the payment after successful authorization. This involves transferring of money from customer's account at the issuer bank to merchant's account at the acquirer bank.
The SET provides enhanced security: it not only provides non-reputable services, but more importantly, keeps the customer's private information (such as a credit card number) from the merchant's access.
Debit card
The debit card offers direct access to the customer's bank account in point-of-sale (POS) transactions. The merchant is equipped with a POS terminal, and the customer interacts with the PIN PAD by swiping the debit card and entering the PIN on the PIN PAD to make the payment. The PIN PAD and POS terminal are physically secured by tamper-proof or tamper-resistance mechanisms, and the PIN is encrypted before being transmitted to the issuer's bank server.
However, on a PC there is a concern for the debit card use over public communication channels. Because of the lack of proper security and authentication, banks consider the consumer's PC as an insecure device, compared to the POS terminal and PIN PAD at the physical store. In this scenario, the proposed trusted smart phone demonstrates its particular advantage as it can be directly participated in debit card payments, or indirectly adapted to be an intermediary device for reading the debit card.
Electronic money
Electronic money, or digital money, is the electronic representation of traditional money according to the Security Fundamentals for E-commerce paper (see Resources). Most electronic money systems employ blind digital signature technology to make the payment anonymous and secure on the Internet. The customer "mints" the digital money. His bank signs the issued digital money and subtracts the amount from the customer's bank account. The customer then stores the digital money in an e-wallet. Whenever the customer makes a purchase, he transfers the digital money from the e-wallet to the merchant, who further forwards it to the bank. The bank then verifies the validity of the electronic money, checks against double-spending, completes inter-bank clearing, and exchanges digital money from different banks. The electronic money is finally deposited into the merchant's account.
The electronic money systems not only take advantage of blind signature technology to implement anonymity and authenticity, but also use the trusted e-wallet to safeguard against forging, stealing of digital money, and double-spending. As described before, the proposed trusted smart phone may be an ideal choice for this kind of e-wallet.
Micro-payment
Micro-payment is designed to handle low and micro value payments. In a micro-payment system small charges are aggregated before they are settled with the payment systems to achieve cost-efficiency by cutting down the overhead involving in the payment (see "Electronic Payment Put in Context" in Resources for more information).
The micro-payment system may take the form of centralized account management, electronic tokens, and so on. The centralized account management system processes the transfer orders among accounts. The micro-payment accounts may be loaded in advance or charged afterwards. The electronic tokens simulate the physical coins. The exchange of such tokens realizes the payment function. The user needs to "buy" electronic tokens first, in a way as described in the electronic money section. The vendor collects the electronic tokens over time and exchanges them for real cash.
Either way, the proposed trusted smart phone may provide necessary cryptographic functions and secure storage capability to support micro-payment.
IOTP
The Internet Open Trading Protocol (IOTP) is not a separate payment system. Indeed, it is a common electronic payment framework that attempts to ensure interoperability among different payment systems. This means that any electronic payment system can be used within the framework. The specific parts of the protocol of the underlying payment system are contained in a set of payment schemes that supplements the IOTP specification.
A mobile electronic payment framework
Now that I've presented the security measures applied to fortify a smart phone, and introduced variant electronic payment systems, we will put the pieces together and propose a mobile electronic payment framework, as illustrated in Figure 2.
Figure 2. A mobile electronicpayment framework
A mobile electronicpayment framework
Following the generic electronic payment system, in such a mobile electronic payment framework the specifics of mobile payment involve the customer, merchant, payment gateway, issuer bank, and acquirer bank.
The customer is equipped with a secure smart phone. Such a secure smart phone serves as an e-wallet, and the mobile payment application is loaded into the smart phone as a trusted application. Before running the application, the OS verifies the integrity and trustworthiness of the mobile payment application with the aid of TPM; only when the verification succeeds, can the mobile payment application be invoked. The run-time security of the mobile payment application is further enforced by the OS, which implements the reference monitor concept.
The secure smart phone may choose one of the following payment channels:
* TCP/IP channel over the Internet
* A WAP channel over a cellular network, such as a GSM network
* Short-range radio channel (such as Bluetooth technology), connected to POS terminal or vending machine
There is a special security problem with gateways in the situation of mobile payment over the cellular network. The WAP- or IP-gateway in the GSM and GPRS/UMTS network connects the Internet to the mobile operator's internal network and then the air "interface". If the protection of payment information is reliant on the transport security, payment information that is securely sent over the mobile network is decrypted in these gateways before it is encrypted and securely sent over the public Internet to the relevant financial institution. Therefore, unauthorized persons may be able to obtain sensitive transaction information from the gateway. It is hard for financial institutions to supervise these gateway systems. Therefore, we encourage the security measures at the application level (such as SET) instead of the transport level (such as SSL/TLS, or WAP transport security protocol).
The merchant may choose to have their own Web site with an online payment feature or be equipped with POS terminals or vending machines (like the ones installed in a gas station). Big retailers may take advantage of RFID technology to facilitate the electronic payment.
The mobile payment framework may follow the IOTP and support variant electronic payment systems such as credit cards, debit cards, digital money, micro-payment, and so on. Following are three use case scenarios of the mobile payment framework.
Credit card
The customer surfs the Internet with his smart phone. He finds books he is interested in and puts them in the shopping cart. Finally, he clicks the pay button to invoke the payment process, which launches the underlying credit card mobile electronic payment system. The mobile payment application retrieves the credit card information in the e-wallet, applies the private key to digitally sign the payment instruction, pulls the merchant and payment gateway public key certificate to encrypt the order information and payment instruction. After finishing the preparation of the payment request message, the mobile payment application sends it out to the merchant. The merchant verifies the payment request, and forwards the payment instruction to payment gateway for payment authorization. Payment gateway validates the request of the authorization and tells the merchant of the result. The merchant sends the receipt to the customer if successful; otherwise, rejects he the transaction.
Debit card
The scheme in the previous section (Credit card) is also applicable to a debit card electronic payment system by replacing the credit card number with bank account information. Here's another scenario.
The customer goes shopping at a supermarket. He uses his smart phone to retrieve the product information of the merchandise he's interested in (for example, communicating with the RFID tag on the merchandise). Before he takes the goods out of the supermarket, he invokes the mobile payment application in his smart phone to make the payment. The smart phone contacts the POS terminal remotely (for example, using Bluetooth like short-range radio technology), prepares the payment instruction based on the product information stored in the smart phone and account information stored in the e-wallet, encrypts and digitally signs the payment information, and sends it to the POS terminal. The POS terminal forwards the payment information to the bank server, which settles the payment.
Digital money
The customer fills his e-wallet in the smart phone with digital coins beforehand. When he tries to park his car at a metered parking lot, he points his smart phone at the electronic meter, retrieves the rating list, makes a choice of the time he intends to park his car, and clicks the key to pay. Behind the scenes, the customer authorizes the electronic payment program installed in his smart phone to take digital coins from the e-wallet and transfer them into the electronic meter. Now the meter shows that he may be allowed to park his car for specified time.
Conclusion
The proliferation of the mobile communication and trend of mobile network's convergence to the IP network, inspire growing demands of mobile applications. Security and trust are among those enabling factors for the mobile applications (even for web services) to take off.
The paper outlines the security measures which are applied to smart phone to make it trustworthy. The secure smart phone acts as an e-wallet and serves as a key component for the electronic payment systems. In addition, it can also play an important role in identity management.
The paper also briefly examines variant electronic payment systems. Furthermore, it proposes a mobile payment framework, in which the secure smart phone acts as an e-wallet. Finally, it demonstrates several use case scenarios of the mobile payment framework.
Resources
Learn
* DRM, Trusted Computing and Operating System Architecture Jason F. Reid, William J. Caelli: In Australasian Information Security Workshop 2005, Newcastle, Australia: This paper emphasizes the need for trusted computing for robust DRM license enforcement.
* Electronic Payment Put in Context, 4 March 2002: This paper documents electronic payment by looking at bill payment, electronic commerce, and the use of electronic products such as content or electronic services.
* Vision for an Identity Metasystem, May 2005: Microsoft InfoCard is an example of identity metasystem implementation.
* How PayPal Works: PayPal is an online payment service, provided by e-Bay, that allows individuals and businesses to transfer funds electronically
* Secure Electronic Transaction Specification, May 1997: To strengthen the security of online credit card payments, Visa, MasterCard and other participants proposed a secure payment protocol called Secure Electronic Transactions.
* TCG Specification Architecture Overview, Revision 2.1, 28 April 2004: With the Trusted Platform Module (TPM) technology, the Trusted Computing Group (TCG) offers a potential solution for the trust on e-Commerce including mobile phones.
* Security Fundamentals for E-commerce, Artech House, 2001: This book give you a valuable security perspective.
* developerWorks Wireless technology zone: Specializing in wireless technology solutions.
Get products and technologies
* Wireless downloads: Find free downloads on the developerWorks Wireless zone.
About the authors
Zhou Changying is an IT security consultant of NUVO Network Management, specializing in Common Criteria evaluation and FIPS 140-2 validation.
Chunru Zhang is a CISSP- and ISSAP-certified senior security analyst at Blackwell Consulting Services. For the past four years he has been providing technical and strategic security consulting for financial and insurance sectors in the areas of PKI, identity management, security management, and vulnerability assessment. In his previous career, he architected and developed a few PKI and identity management products.
Nice! EOM
Renesas licenses ARM processor for low-cost mobile devices
Posted : 15 Feb 2007
• Renesas licenses ARM multiprocessor (2006-02-27)
ARM announced at this week's 3GSM World Congress that Renesas Technology Corp. has licensed the ARM1176JZF-S processor for the development of advanced mobile/consumer electronics applications.
According to the press release, ARM1176JZF-S will enable Renesas to deliver trusted technology to its customers for security, media acceleration and portability. In addition, it will improve the user experience for consumers using multimedia capabilities on devices including video streaming, music downloads and gaming. Renesas' new technology is said to answer OEM demand for technology that supports the next generation platform, which is poised to offer significantly higher bandwidth capabilities for dramatically faster downloads supported by a wide range of new services.
In addition, Renesas licensed the ARM PrimeCell Level-2 Cache Controller, which TrustZone technology, for a portable security solution compatible with different operating systems. Renesas will also be able to develop SoCs without encountering bus bottlenecks, as the ARM1176JZF-S processor and Level-2 Cache Controller are compliant with the ARM AMBA 3 AXI specification.
"For any new mobile devices to achieve mass adoption, it is imperative that consumers get cutting-edge capabilities coupled with a trusted security platform. ARM empowers its Partners and OEMs to be able to address these demands with confidence," said Takafumi Nishijima, president of ARM KK.
OT: ASUSTek Chooses Broadcom for its New PDA Products
February 15, 2007
Raju Shanbhag, TMCnet Contributing Editor
Broadcom (News - Alert) Corporation’s advanced Bluetooth silicon and software technology is finding customers fast.
During the 3GSM (News - Alert) World Congress, the company announced that ASUSTek Computer Inc. has chosen to use Broadcom’s Bluetooth technology in several new connected PDA products, including the recently launched P535 Triband(TM) PDA GPS and3G P735 PDA phones. Broadcom is a global leader in semiconductors for wired and wireless communications, and ASUSTek is one of the world’s leading total solution providers for computers, communications and consumer electronics products.
Specifically, ASUSTek has selected Broadcom’s single-chip BCM2045 Bluetooth transceiver and Broadcom Bluetooth for Windows PocketPC Phone Edition (BTW-PPC/PE) software to enhance the advanced features in its P535 and P735 PDA phones with GPS functionality. Broadcom’s BTW software is the most widely deployed Windows-based software in the world and its BCM2045 transceiver is a widely used Bluetooth chip in mobile phones.
Being a short range wireless technology, Bluetooth finds favor with many of the evolving technologies of the world such as Windows Mobile and PDA mobile computing devices. Broadcom caters to this market by providing advanced wireless features and functionalities that were previously available only in notebooks and desktop PCs. The BCM2045 transceiver is a well known single-chip Bluetooth solution and features Bluetooth Version 2.0 compliance and support for Bluetooth 2.1 features. Devices such as PDAs and wireless peripherals, mobile phones, notebook and desktop computers need BCM2045 transceiver to provide seamless wireless multimedia performance while streaming audio and video.
Among the Windows-based Bluetooth software, Broadcom BTW-PPC/PE software is very well known and it features advanced functionalities such as PowerPoint presentations and the ability to remotely control the Windows Media player. The software also enables notebook-class Bluetooth features on PDA and smartphone devices.
The ASUS P535 Triband PDA phones are known for their full wireless functionality and GPS. These phones aim to keep the user connected by offering Internet access, push email and off-site synchronization of contact information and calendar over wireless (802.11b+g) or mobile phoneGPRS networks. Add to this the features like the ability to view and edit office documents, you will know why P535 PDA phones have become an indispensable tool for those always on the move.
About Broadcom
Broadcom Corporation is a global leader in semiconductors for wired and wireless communications for the home, enterprise and mobile markets. Broadcom provides the industry’s broadest portfolio of state-of-the-art system-on-a-chip and software solutions to manufacturers of computing and networking equipment, digital entertainment and broadband access products, and mobile devices.
Broadcom is one of the world's largest fabless semiconductor companies with annual revenue of more than $2.5 billion. It is headquartered in Irvine, Calif., and has offices and research facilities in North America, Asia and Europe. Broadcom Class A shares trade on the NASDAQ National Market under the symbol BRCM.
About ASUS
ASUS is a technology-oriented company and it is a leading provider of 3C (computers, communications and consumer electronics) total solutions. In 2005, ASUS shipped 52 million motherboards which meant that one out of every 3 desktop PCs sold last year was powered by an ASUS motherboard.
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.
-----------
Raju Shanbhag is a contributing editor for TMCnet. To see more of his articles, please visit his columnist page.
OT: Cisco's Unified Security
By Eric Griffith
February 14, 2007
Cisco's Secure Wireless Solution is the latest move by the San Jose, California-based company to continue its push to unify wired and wireless, this time with a focus on security. It combines use of various items: a Network Admission Control (NAC) Appliance, ASA Firewall, Cisco Security Agent (CSA) software, IPS Software, Secure ACS server and Cisco Secure Services Client.
Chris Kozup, manager for mobility solutions at Cisco, says, "The industry has come a long way on the quality of security for wireless... what we haven't delivered is unification of the security in wireless and also in wired. Ultimately, customers want a common security framework and architecture for their enterprise network."
Kozup says the NAC Appliance enforces the "client/device posture" by checking to see that computers have the latest anti-virus, spyware and patch definitions installed. This requires a software applet to be running in the background on the hardware. Without the latest software, the hardware is quarantined until it is up to date.
"That has historically existed in the wired world," Kozup says. "Wireless is just transport. The integration we have allows for a wireless client to come in and let the controller handle the authentication direction with the appliance."
Other features of the Secure Wireless Solution include wired/wireless wireless intrusion detection (IDS) and intrusion prevention services (IPS), which now check the physical and application layers on both parts of the network before a rogue can get access. That can include the corporation's own users, who may have been traveling and used an untrusted network. "The IPS box will instruct the controller to send a 'client shun,' a disassociate request, so it can't get on the physical layer," says Kozup. Coupled with the location services Cisco now offers, "We can then find, through the console, where it is in the facility," he says.
Kozup says that protection for a network has three pillars: how you encrypt data in transit so it's not compromised, protecting the corporate back-end IT systems so the WLAN isn't just a backdoor entry route (handled with IDS/IPS), and also protecting data that's mobile. "Not data in transit, but data stored on a mobile device, not even necessarily in use," he says.
For that, the CSA handles the host protection as a personal client firewall that helps enforce the network's policies on how a user connects. "CSA lets us detect whether the device is connected to the wired network, and if it is, disable the wireless adapter," Kozup says. "You avoid being the bridge between wired and wireless." The software can also prevent any ad-hoc network sessions where a rogue user may try to force an association with your device.
Right now, the support is limited to Windows-based laptops and handhelds, plus Cisco's own products like the Unified Wireless IP Phone 7920. "We're on the train moving toward this grand unification nirvana," says Kozup. "We're very clear that our customers are seeing an increasing number of devices with different operating systems, and they need to apply the services across those as well. Stay tuned in terms of that broader ability to cover all different types of clients." One of the ways they'll handle that, probably, will be to work with silicon vendors to support Cisco Compatible Extensions (CCX), which could integrate the CSA.
Cisco bought out Meetinghouse last year and has integrated its 802.1X authentication supplicant, so it'll work across wired and wireless networks using the ACS server. "We deliver a unified authentication framework, irrespective of how it connects," says Kozup.
Finally, Kozup says the Secure Wireless Solution is designed from the ground up to handle regulatory requirements, specifically the headaches of keeping up with Sarbanes-Oxley, HIPAA and PCI. The latter is all about credit card security in retail, and has very strict wireless requirements, such as the need for quarterly wireless scans of a retailer's environment. Cisco did designs on this with Intermec (which builds handhelds for retailers), and tested with CyberTrust.
"You can't be compliant [with PCI] with just a secure box," says Kozup. "Securing corporate data is about the whole view, and validating all the parts together, so wired and wireless both meet the needs." He adds, "We're not just stringing parts together, but testing on the back end and validating that in our environment, and documenting it for the real world."
And STMicro's biggest customer is, NOKIA!
Trapeze Networks Joins Juniper Networks J-Partner Solutions Alliance Program
Companies Provide Secure Mobility to Enterprise Customers; Trapeze, Named
No. 1 in Wireless LAN security by ABI Research
PLEASANTON, Calif., Feb. 12 /PRNewswire/ -- Trapeze Networks(TM), the award-winning provider of Smart Mobile(TM) wireless solutions, today announced that it has joined the Juniper Networks J-Partner Solutions Alliance Program. Through the program, Trapeze will offer its Smart Mobile architecture strategy with the Juniper Networks Unified Access Control
(UAC) to provide customers a comprehensive solution for secure mobility. In addition, Trapeze also announced it has been recently named no. 1 in wireless LAN security by ABI Research.
Trapeze Networks joined the Juniper Networks J-Partner Solutions Alliance Program to provide Juniper Networks' customers the assurance that Trapeze products have been tested with Juniper solutions. The Juniper Networks UAC is an open-standards approach to network access control that includes support for 802.1X technologies and Trusted Network Connect (TNC) specifications. Together, Trapeze and Juniper Networks provide enterprise,
education, and healthcare customers a secure and proven solution to meet their wireless LAN, Voice over Wireless LAN (VoLAN), Mobility, and Location Services needs.
"Juniper welcomes Trapeze as part of our Solutions Alliance Program and we're pleased to have its support behind UAC," said Doug Erickson, director of Worldwide Alliance and Channel Development at Juniper Networks. "Trapeze is an innovator in wireless LAN technology and working together will greatly expand our customers' choices when it comes to mobility solutions."
"Juniper has long delivered best-in-class networking and security products to solve the industry's most difficult problems," said Jim Vogt, president and CEO at Trapeze Networks. "Trapeze is excited to collaborate with an industry leader and offer a unique wireless infrastructure that naturally complements Juniper Networks' solutions."
Trapeze Smart Mobile combines the highest security standards for authentication and encryption with industry-leading intrusion detection and prevention, delivering the most secure wireless solutions on the market.
Trapeze's identity-based networking assesses the user's identity to define and control access to resources, including virtual LAN (VLAN) or subnet assignment, quality of service/class of service and roaming across the network. Authorizations stay with users throughout the network, regardless of the underlying wired or wireless topology. This means workers can seamlessly roam within buildings and across campus while retaining consistent access to their assigned resources.
wavxmaster, you would be proud. I added more shares today. I look around and say, I need to diversify. And then I think, what other company has the potential of Wave and is aligned with industry leaders in a new exciting new market. Well, you know the rest of the story. Eggs are all in one basket and I watching it very closely......
Pickle
Microsoft Announces Breakthrough Technology Enabling Simple Access to Broad Set of Digital Content, Including Music, Games, Video, Ring Tones and Pictures
Monday February 12, 9:01 am ET
Microsoft PlayReady powers next-generation media experiences on mobile networks; mobile operators worldwide announcing support include Telefonica, O2, Verizon Wireless, Bouygues Telecom, and Cingular Wireless, now the new AT&T.
BARCELONA, Spain, Feb. 12 /PRNewswire-FirstCall/ -- Today at 3GSM World Congress 2007, Microsoft Corp. (Nasdaq: MSFT - News) announced Microsoft® PlayReady(TM) technology, a new multimedia content access technology optimized to meet the needs of mobile operators and handset manufacturers for digital entertainment and commerce. Supporting multiple content types, and flexible rights, Microsoft PlayReady enables operators to provide a range of new services tailored toward growing consumer interest in mobile digital media. Leading mobile operators worldwide, including Telefonica, O2, Verizon Wireless, Bouygues Telecom, and Cingular Wireless, now the new AT&T, are today indicating plans to implement Microsoft PlayReady technology. In addition, Microsoft is working with mobile industry software developer PacketVideo to showcase a fully operational demonstration of Microsoft PlayReady for the first time, at the Microsoft booth, No. 1D19 in Hall 1 at the 3GSM conference.
The result of extended dialogue with the mobile industry, Microsoft PlayReady technology enables a broad spectrum of business models such as subscription, rental, pay-per-view, preview and super-distribution, which can be applied to many digital content types and a wide range of audio and video formats. Content types supported include music, video, games, ring tones and images. Audio/video formats supported include Windows Media® Audio (WMA), AAC/AAC+/HE-AAC, Windows Media Video (WMV), and H.264. Microsoft PlayReady enhancements make it easier for consumers to move their content between their devices, giving them a new level of freedom with their digital content. This technology will be available in the first half of 2007 for handset and device implementation.
Wireless delivery of content to handsets continues to grow rapidly, underscoring the need for compatibility and interoperability. To address this requirement, Microsoft PlayReady has been designed to be fully backward compatible with Windows Media DRM 10, allowing devices that support Microsoft PlayReady to access content using Windows Media DRM. Microsoft will also provide an interoperability program so content may flow to qualifying DRM and content protection technologies.
"Our wireless partners worldwide asked for a single system to power a growing array of business models and consumer scenarios -- the result is Microsoft PlayReady," said Amir Majidimehr, corporate vice president of the Consumer Media Technology group at Microsoft. "With consumer demand for digital goods of all types growing exponentially, this technology delivers a foundation for the future and accelerates the transparent delivery of rich content to consumers."
Demand for mobile entertainment, with worldwide revenues of nearly $19 billion in 2006,(1) continues to grow across all sectors, including music services, ring tones, games and video. The flexibility of Microsoft PlayReady technology makes it attractive for leading mobile operators looking to deploy next-generation entertainment services, including Telefonica, O2, Verizon Wireless, Bouygues Telecom, and Cingular Wireless, now the new AT&T, which today are announcing their support for Microsoft PlayReady.
"Microsoft PlayReady technology will be a key enabler for next-generation mobile content services. The validation process we are conducting will allow us to pioneer new service scenarios that work on both the mobile phone and consumers' PCs," said Cayetano Lluch, general manager of Technology and Services at Telefonica. "Demand for mobile media content is growing exponentially, and Microsoft PlayReady will help us deliver a tailored digital entertainment experience for our customers."
"We believe Microsoft PlayReady technology will accelerate deployment this year of many services that carriers see as important for the next generation of wireless communications," said Jim Ryan, vice president of data services at Cingular Wireless, now the new AT&T. "Microsoft's digital media expertise and its balance between the needs of the carriers and the interest of consumers is a very positive step for the delivery of mobile entertainment."
"Microsoft PlayReady technology will help accelerate deployment of our entertainment services, which we see growing in importance for consumers this year," said Russ Shaw, director of Capability and Innovation at O2 UK. "Protecting content while keeping it easily accessible by consumers is a careful balance, and Microsoft's digital media expertise and experience is critical to making this a reality."
"We have thoroughly compared different DRM solutions that are offered in the market and decided to select Microsoft PlayReady technology for our next- generation mobile music services," said Benoit Louvet, director of New Products and Services, Bouygues Telecom. "Microsoft PlayReady uniquely enables us to support a multitude of business scenarios targeting both the mobile phone and the end user's PC."
"Working closely with Microsoft has provided us with an advantage in the marketplace over the years, and added significantly to our customers' experience in the multimedia world," said Jim Straight, Verizon Wireless vice president of data services. "Microsoft PlayReady technology will help us usher in a new era of mobile digital media in a seamless, flexible manner that our consumers demand."
Microsoft PlayReady technology will be available as a well-documented porting kit with source code, so it can be deployed on any mobile hardware or software platform, including low-end devices. Optimized implementations for several popular handset platforms will be available from PacketVideo in its software products for mobile phones.
"With the rapid growth of mobile content services, Microsoft PlayReady technology will quickly emerge as a mission-critical ingredient for new consumer applications because it combines greater flexibility for content and services with a rock-solid technology foundation," said James C. Brailean, Ph.D., chief operating officer of PacketVideo. "Microsoft PlayReady will have an immediate positive impact on the mobile entertainment market. PacketVideo is partnering closely with Microsoft to include optimized implementations in our industry-leading media client applications for popular handset platforms so that operators and manufacturers can get to market quickly and cost- effectively."
OT: Infineon sign MasterCard deal
Infineon Technologies AG has been providing contactless chips for one of the world's largest contactless payment programs initiated by MasterCard Worldwide.
50 minutes ago (evertiq)
Infineon supplies its contactless smartcard microcontrollers to many of the MasterCard PayPass deployments in 13 countries worldwide. Designed to make payment transactions more convenient than actual cash, magnetic-stripe cards or conventional chip-based cards, the future debit and credit cards will contain a chip featuring a contactless interface.
Currently, there are more than two billion debit, credit and other payment cards in circulation worldwide. In 2006, at least 400 million chip-based payment cards were expected to be issued on a worldwide basis with MasterCard and Visa programs alone accounting for about 17 million contactless chip cards. According to market research company Frost & Sullivan, the conventional contactless payment smart card market is expected to see a compound annual growth rate of 63 percent over the next five years.
"Serving as a preferred partner for many of today's major contactless payment systems demonstrates Infineon's strong commitment to providing best-in-class semiconductor products, helping to institute new payment applications and driving next-gene-ration contactless schemes," said Dr. Helmut Gassel, Vice President and General Manager of the Chip Card & Security ICs business unit at Infineon Technologies. "Our combined expertise in security and contactless technology enables us to be the volume supplier not only in payment, but also in other major contactless markets such as e-passport deployments in the US and other countries or public transport projects such as "T-Money" in Korea."
OT: Visa and SK Telecom announce mobile payments using USIM card and OTA technologies
Visa International and SK Telecom announced plans to launch what they expect to be the world’s first contactless payment application on a universal SIM (USIM) card which is personalized over-the-air (OTA). Visa and SK Telecom plan to implement this large-scale commercial service in South Korea in April 2007 with an OTA solution based on Visa’s recently announced mobile platform. The two rganizations also agreed to develop new business models and to seek business opportunities overseas by spreading the OTA-based USIM service. Overseas cooperation activities will include efforts to establish global standards for OTA personalization based on the platform being utilized in the Visa – SK Telecom program.
Visa’s mobile platform is a set of mobile services and enabling technologies that will allow banks and mobile operators to develop new mobile payment services for ndividual markets. A key component of that platform is the standardization of security requirements for OTA downloads of financial data to mobile devices. SK Telecom’s OTA service, provided by Cassis International, is designed to enable Visa Wave contactless payment applications and cardholder account data to be downloaded to consumers’ phones securely and reliably. Visa Wave contactless payment removes the need to swipe or insert a smart card into a payment reader. The customer simply waves the card or phone to make a purchase.
Visa and SK Telecom have collaborated on a series of programs toaccelerate the growth of the mobile payments business, having initiated the first mobile payments pilot program using EMV-based payment and infrared technology in 2002.
OT: Japan's Renesas to work with Nokia on software for cell phones - report
12/2/2007 02:12 London Time | story 0133
TOKYO (XFN-ASIA) - Renesas Technology Corp will collaborate with the world''s largest cellular phone manufacturer, Nokia Corp, on the development of platform software for handsets, the Nikkei reported, without identifying sources.
The Finnish firm will make its S60 platform software compatible with the Japanese semiconductor manufacturer''s SH-Mobile system chips, which are currently used by domestic manufacturers and South Korean-based LG Electronics Inc, according to the business daily.
Nokia, which buys chips mainly from US-based Texas Instruments Inc, has never used a Japanese chipmaker as a supplier of chips for platform software.
By clinching a supply contract with Nokia, Renesas aims to increase its SH-Mobile output to 50 mln units in fiscal 2008 from 20 mln in fiscal 2006, the Nikkei said.
mas
CeBIT 2007: Utimaco To Launch a New World of Data Security
SafeGuard Enterprise 5.0: Multi-Platform Data Security With Central Management
OBERURSEL, Germany, February 8 /PRNewswire/ -- Utimaco will be launching its SafeGuard Enterprise security suite at CeBIT 2007 (March 15th - 21st). With this new product generation from the Data Security Company organisations and companies can, for the first time, benefit from a fully integrated security suite that meets all current and future demands on data security. No matter where information is saved, or who it is being exchanged with, SafeGuard Enterprise secures data on mobile and fixed computing devices, on removable media, servers and in e-mails. The core of the brand new security suite is the central Management Center which for the first time enables companies to simply and effectively implement security guidelines across platforms to meet regulatory compliance requirements.
SafeGuard Enterprise 5.0 targets mid-sized to large corporations that need to store and process their data on different devices and platforms and secure their confidential information at all times. SafeGuard Enterprise is based on an open, modular architecture that enables companies to add security functions to their IT infrastructure using a single, auditable administration module. Additionally, SafeGuard Enterprise supports companies and authorities to reduce costs and risks: Different administrations and key management systems will be consolidated under a central management platform.
At CeBIT, Utimaco will be presenting SafeGuard Enterprise 5.0 to the public for the first time. Version 5.0 comprises the SafeGuard Management Center and the SafeGuard Device Encryption security module.
With the SafeGuard Management Center module companies can implement security guidelines centrally and administer them across the company, and across all platforms. The SafeGuard Device Encryption module transparently encrypts data on notebooks, PCs and removable media. In addition to supporting authentication hardware such as tokens its modern algorithms ensure maximum security. The SafeGuard Management Center module enables companies to protect all data in the network against misuse and unauthorized access.
Selected international test customers have evaluated the beta version of SafeGuard Enterprise 5.0 thoroughly over the last few months. "The users have confirmed their approval of the solution. We were given the best feedback for the ActiveDirectory integration and installation, and also for the Policy Management", said Olaf Siemens, Head of Software Development at Utimaco.
SafeGuard Enterprise 5.0 is available from Utimaco and certified partners after CeBIT. During CeBIT, interested trade fair visitors can get detailed information about the Security Suite from Utimaco in Hall 7 / Stand A 28.
Further modules rounding off Utimaco's new data security suite are added in later product versions:
SafeGuard File & Folder Encryption secures user data that is exchanged between working groups. In addition, it can be used to encrypt both local disk drives and network servers at file and directory level, and assign them individual access rights.
SafeGuard Configuration Protection offers central control over all fixed and mobile computing devices and protects against malware, inappropriate software use, and unauthorized configuration changes.
SafeGuard Data Exchange guarantees the secure exchange of confidential data with business partners and customers.
For more information about the portfolio of solutions, go to
http://www.utimaco.com/products
Further information:
Utimaco Safeware AG -
The Data Security Company.
http://www.utimaco.de
Rieke Bonisch
Tel: +49-(0)6171-88-12-10
E-Mail: rieke.boenisch@utimaco.de