Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Security pro tells how to crack cell-phone privacy
http://www.journalgazette.net/article/20091231/BIZ/312319959/-1/biz09
Guide to tapping cell calls is online
Author’s goal is for more security
Matt Moore
FRANKFURT – A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cell phone users secret.
Karsten Nohl, 28, told The Associated Press this week that the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites.
“The message is to have better security, not (that) we want to break you,” he said of the move. “The goal is better security. If we created more demand for more security, if any of the network operators could use this as a marketing feature … that would be the best possible outcome.”
GSM, the leading cell phone technology around the world, is used by several wireless carriers in the U.S., with the largest being AT&T Inc. and T-Mobile USA.
Verizon Wireless and Sprint Nextel Corp. use a different standard.
The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl’s rationale.
Claire Cranton, a spokeswoman for the London-based group, said that “this activity is highly illegal in the U.K. and would be a serious RIPA offense, as it probably is in most countries.”
RIPA, the Regulation of Investigatory Powers Act, is a British law governing the interception of user logs and e-mails of suspected criminals by security and intelligence agencies.
It has already been possible to intercept GSM calls, but equipment for doing so is generally available only to law enforcement.
Regular wiretapping of cellular calls is also possible, since they travel unencrypted over standard wiring after being picked up by a cell tower. As a result, terrorists or criminals may talk in code and use prepaid phones they then discard.
Even with Nohl’s exploit, expensive and sophisticated radio equipment placed close to the target is required for someone to decrypt calls.
Nohl’s effort undermines the 21-year-old algorithm, dubbed A5/1, used to ensure the privacy of phone calls made on GSM (global system for mobile communication) cell phone networks. The GSM Association has developed the A5/3 algorithm, which it says is being phased in to replace A5/1.
But Nohl, who holds a doctorate in computer engineering from the University of Virginia, said the transition has been too slow.
“In GSM, this flaw was pointed out 15 years ago, and 15 years seems long enough for the cypher to be replaced with something else,” he said. “No one uses a phone that is 15 years old. If they had taken steps, they could have replaced everything three times over.”
cliff
MaynardG, here's the MB diagram fyi:
http://support.dell.com/support/edocs/systems/435T/en/SM/techov.htm#wp1199732
cliff
barge, it's still a waiting game, but finally it seems like Wave is in the right place at the right time. One can now see where this is all headed without the benefit of owning Wave since the last millennium ...
From your link, this story was also a good read:
http://www.ctoedge.com/content/smartphones-and-road-compliance-hell
Interesting personal anecdote is that I have just transitioned my iPAQ 910 Windows-OS smartphone to a corporate account, and discovered in the process that corporate IT policy requires the device be encryption-enabled. Fortunately, the iPAQ offers this as an option for data-at-rest, but it's definitely advantage to RIM with their full-time ECC feature set.
Thanks for your contributions here, and best wishes for 2010.
cliff
OT: Lazaridis talks about the future at RIM:
Something else you can see happening and I'm sure you've read about it, is this whole idea of security, and I know I sound like a broken record in the industry, but the thing about security is that the industry has already been through this problem. They were there in the early days when they didn't think about security and they really got burned. So security has become their number one point and it's even more important than the colour of the device and how good the device is. If it isn't secure they aren't using it. Now we go to the consumer, the thing about the consumer is that they understand security, they just demand it once they get burned.
Where the technology's going, and we've seen it, with all the MasterCard releases that just came out, the Scotiabank release, we're starting to use these devices as credit cards. We're starting to use these things for transactions. We're starting to have them connected to a banking account. We're doing money transfers with these things. We've got our personal info on there. We've got our identity on them. We're storing personal, confidential information on these things like bank accounts and alarm codes and passwords. And governments are starting to look at these and say, 'think of how much money we could save and how well we could control things like passports and passport counterfeiting.' How about licenses for cars? For insurance?
We've anticipated a lot of the future limitations to existing consumer technologies that are going to be barriers to adoption to the kind of next generation services when it comes to e-commerce and personal identification and government relationships. I think that's something that's going to be really important and I know that the foundation we've built and perfected with BlackBerry over the past two decades is ready for that.
http://network.nationalpost.com/np/blogs/fpposted/archive/2009/12/29/fp-tech-desk-speaks-to-rim-co-ceo-mike-lazaridis.aspx
FP Tech Desk: RIM co-CEO Mike Lazaridis on the next decade of BlackBerry
Posted: December 29, 2009, 7:00 AM by Matt Hartley
Perhaps no device has changed the way we communicate over the past 10 years quite like the BlackBerry.
A decade ago, cellphones were still a novelty for many Canadians, while mobile e-mail devices were reserved for a select group of businessmen and politicians. Today, Research In Motion Ltd.'s BlackBerrys are available in more than 150 countries, the company's global user base is approaching 40 million and RIM has become an internationally recognized brand.
In a recent interview with the Financial Post's Matt Hartley, RIM's president, co-founder and co-chief executive officer Mike Lazaridis discusses BlackBerry's remarkable rise, the future of mobile communications and the challenges the industry will face in the coming decade.
Financial Post: Maybe we could just start off with what you notice to be some of the biggest changes since the first BlackBerrys rolled off the line about 10 years ago and how things are progressing today? What changes have you seen in the industry?
Mike Lazaridis: Something I was taught when I was a student is this whole idea of compare and contrast. It sounds like they're redundant, but they're very different. When we look at what people wanted to do, it was a very communications-centric environment. It was all about communications. What we did, was we discovered that we could use data to provide connection and communications within data environments. So whether it's a secure connection to your desktop for push email or a secure connection to another individual for some kind of email or messaging capability, that was the killer app. We turned email into instant messaging, that's what we did. We did it securely and we did it reliably. Ironically, that continues to differentiate us today.
The previous decade really has been the set up to where we went from feature phones that did voice and a bit of texting to the smart phone. I think the big surprise for the industry was how quickly the transition occurred once the industry started moving to smart phones. Now, based on our growth as a company, really it shouldn't have surprised anybody, and then yet, even with our stellar growth over the past decade, it still surprised everybody when the industry went from feature phones and this niche called the smart phone -- or push email or connected appliance, you name it, wireless data -- to all of a sudden smart phones are the hottest thing. Think about it. Three years ago it was still a niche. Today it is the hottest market in the world. In the technology world. In three years, no one thought that we were going to go through that kind of a transformational experience. Disruptive, transformational, you use whatever word you want to use, but no one thought that was going to happen again after the last PC revolution.
We've been doing this since the early '90s, so we've seen the transition ... What's different is you can do a hell of a lot more with these devices. You can do a lot more. There's literally no limits to what you can accomplish on these devices other than that you've got limited real estate on the screen, you have limited battery power and then the one thing that people are just starting to realize, and it's a bit of a shock, is you have limited capacity on the networks.
FP: Let's keep it there for a minute and talk about screen size and form factor and hardware for a moment. For a while there, there was a trend towards smaller devices, the smaller the better. Now there's a lot of talk about larger screen sizes and how big of a screen can a smart phone support. Now the big question is who is going to wade into tablet territory, not quite the size of a PC or a laptop, not quite the size of a smart phone. What trends are you seeing on the horizon?
ML: What's interesting to me at the moment is that we are approaching certain limitations to what I consider a pocket-able device. There's all kinds of limitations -- there's screen size, dimensions, weight, strength, battery life, ease of use, ergonomics, keyboards -- any way you slice it we are approaching physical limits to what we can achieve. Instead what happens is now we [ed: the industry] are looking at making devices bigger. Instead of approaching the limits of what is ergonomically ideal, let's change the rules. Will people walk around with a large tablet? That's the big story going forward. The big question mark is, is the market going to stay in the ideal space or is it going to either evolve or bifurcate to a larger screen? A larger device? The problem historically has been that no matter how you slice it, that's a laptop. Because if you think about it, a tablet is just a laptop without a keyboard or a hard drive. So it's kind of a neutered laptop. A netbook is just a stripped down, miniaturized laptop. What you have to ask yourself is, what can i do with a standalone tablet that I can't do with a laptop or netbook? Because I still can't put it in my pocket, so, does it matter if it's 2-3 mm thinner, does it matter if it doesn't have a keyboard, does it matter if it doesn't have a hard rive, does it matter if it's battery life is very short? I would argue all those things matter. So what you end up with is a compromise.
FP: Let's shift our attention a little bit towards software. The big story of the past 18 months to two years has been the rise in popularity of applications. As more people get smart phones, now they want to be able to do different things on them, and obviously there's an entire industry of software developers who are stepping up to create these new experiences for them.
ML: It's amazing. I can't believe how quickly applications are being written right now with the industry, and specifically for BlackBerry. We just announced themes on our App World at the developers conference in San Francisco, and themes have just all of a sudden become the most downloaded popular apps.
FP: It's amazing the popularity of some of these things, and the companies that are building them and what you can do with some of these applications. There are a couple of issues that arise with applications, and one of them is standardization between different platforms. Whether it's a BlackBerry platform, an iPhone platform or the Android Platform, it's almost like the PC environment where you have a couple of different platforms that people need to develop for. I'm curious if you see that standardization happening?
ML: Compare and contrast these two industries. How do you compare and contrast the PC industry and the developer base and the applications there with the smart phone and the connected appliance model that we see today, mobile computing environment? The reason I'm saying this is the applications and the complexity of writing an application for a sophisticated PC operating system with files and hard drives and high speed graphics and big screens and big keyboards and a mouse and internet connectivity and file sharing and printing and all these different things, those apps are a complicated thing to do, a big investment. And then porting it to a different operating system, there's a lot of work that needs to be done. That's limited the number of operating systems that have been able to be supported by the big name software houses.
Today you can write an app in a few days and publish it and the next day you could have millions of users downloading. This app doesn't have to be a lifetime's effort, it doesn't have to be something that's written by hundreds of developers over years and then tested to make sure that it works across all environments. This is a quick app that you write that uses a little bit of web programming and a few APIs, uses a little bit of temporary data ... it's not supposed to do much, it's more entertainment than a utility for creating content or creating documents or getting your work done or interacting with masses of data. These are little entertainment apps, so it's a very different world and the difference is that the ecologies, the ecosystems that are created around these smart phone platforms, they get so big at a point where they are a world unto themselves and you have to support them. So once you get your application running on one platform, if it's successful, the first thing you want to do is move it to the other platforms, because they have a large ecosystem around them. It's an instant market opportunity. It's sort of like you sell through one distributor and you want to sell through the other distributors. It's all about distribution. So what's happened is because the barrier to entry to write applications is so low on these devices, and because the customer expectations are also so low, this becomes a distribution priority more than which platform do I support? It's which distribution channel do I support and what will it take to get in there because each distribution channel has different barriers to entry, different agreements, different distribution, different transportation, and shipping and different point of sale requirements? It's very similar to shipping any kind of product into large stand alone ecosystems or customer bases.
FP: It seems that the way that many people are interacting with the mobile web, or the Web through a mobile device, is through applications and it seems to be creating a bit of a walled garden effect. I'm just curious how you see that evolution of the mobile experience. What kind of a role do you think the browser and mobile applications will play in how we access the Web on a mobile device going forward?
ML: That's a very insightful question. A lot of applications -- I'd argue upwards of 70 per cent -- are really just re-purposed Websites. So it's a combination of using some Web tools, creating a customized purpose-built web address and page and then a little bit of code that interacts with that page through the browser. I would argue that's what's really happening right now ...
What's interesting for me and what people are just starting to realize is that the explosive use of the Web and of applications that require a continuous connection to that Website or to that walled garden to be useful, or to entertain, or to provide value ... it puts a huge load on the networks. And this is really really important, because ultimately the economics of the carrier are going to drive where the industry goes and who the players are. Because if the industry doesn't make any money, if the carriers don't make any money, it's very difficult for them to support the products, the customers or the technology or the infrastructure. You're starting to see carriers now scratching their heads and saying wait a second, I can't support all these apps, because for one, the customer's not willing to pay for them, because of the all-you-can-eat flat billing that's out there, and at the same time, if you have a few customers consuming the majority of the network resources, that produces an unacceptable or a challenged experience for the rest of the customers, who are paying just as much.
As an industry we need to think of a way to conserve this precious resource just like we're trying to conserve other things today. We're trying to conserve energy, we're trying to conserve fuel consumption, we're trying to conserve waste. Believe it or not [wireless] spectrum is a physically limited resource. We only have so much electromagnetic spectrum left in the cellular usage class and we can only transmit a certain amount of power because there are safety requirements and you can only put in so many base stations because consumers start to complain when the number of cell towers outnumbers trees. We're getting to the point where we're starting to understand that data is not free. Data usage is not free on a cellular environment.
Something else you can see happening and I'm sure you've read about it, is this whole idea of security, and I know I sound like a broken record in the industry, but the thing about security is that the industry has already been through this problem. They were there in the early days when they didn't think about security and they really got burned. So security has become their number one point and it's even more important than the colour of the device and how good the device is. If it isn't secure they aren't using it. Now we go to the consumer, the thing about the consumer is that they understand security, they just demand it once they get burned.
Where the technology's going, and we've seen it, with all the MasterCard releases that just came out, the Scotiabank release, we're starting to use these devices as credit cards. We're starting to use these things for transactions. We're starting to have them connected to a banking account. We're doing money transfers with these things. We've got our personal info on there. We've got our identity on them. We're storing personal, confidential information on these things like bank accounts and alarm codes and passwords. And governments are starting to look at these and say, 'think of how much money we could save and how well we could control things like passports and passport counterfeiting.' How about licenses for cars? For insurance?
We've anticipated a lot of the future limitations to existing consumer technologies that are going to be barriers to adoption to the kind of next generation services when it comes to e-commerce and personal identification and government relationships. I think that's something that's going to be really important and I know that the foundation we've built and perfected with BlackBerry over the past two decades is ready for that.
cliff
OT - BMC Software, Salesforce.com Forge Strategic Alliance to Deliver Cloud-Based IT Service Management on the Force.com Platform
http://www.bmc.com/news/press-releases/2009/bmc-salesforce-to-deliver-cloud-based-it-management.html
SAN FRANCISCO, November 19, 2009 – BMC Software (NASDAQ: BMC) and salesforce.com (NYSE: CRM), the enterprise cloud computing company, today announced a strategic alliance to deliver BMC’s industry-leading IT management solutions on the Force.com platform. The initial joint offering addresses the overwhelming customer demand for critical service desk function and processes delivered via the cloud.
Standing together on stage at Dreamforce 2009, salesforce.com CEO Marc Benioff and BMC chairman and chief executive Bob Beauchamp discussed the new cloud-based service desk offering, designed for customers looking for strong IT-business integration and rapid time-to-value. Leveraging BMC’s industry-leading expertise, the core functionality of BMC Service Desk Express, and the trusted and scalable Force.com platform, BMC Service Desk Express on Force.com will deliver cloud-enabled service desk, self-service and inventory management capabilities.
“BMC’s new alliance with salesforce.com will make it easier than ever for customers to simplify and automate their IT and achieve a quick return on their investment,” said Beauchamp. “A strong, simplified and standardized service desk is critical to improving efficiency, increasing service levels and reducing costs.”
“The alliance between salesforce.com and BMC will accelerate IT management success with cloud computing,” said Benioff. “Customers can now leverage enterprise-class IT management completely in the cloud with Force.com and BMC Software.”
Availability
BMC Service Desk Express on Force.com is currently scheduled to be available in the second quarter of calendar year 2010.
BMC and salesforce.com intend to co-market and co-sell the solution.
Pricing details will be available when the product is generally available.
Additional Resources
• For additional information on BMC Service Desk Express on Force.com, visit www.bmc.com/ondemand.
• View more information on the Force.com platform at http://www.salesforce.com/platform/.
cliff
Weby,
As a group, it is surprising that we don't collaborate on a list of questions to be submitted on the calls. Not knocking the surveys, but if there was a forum to collect solid questions as opposed to speculation on earnings, we would all be more reliably informed.
I would be interested in hearing:
What collaborations are underway or contemplated with Perot Systems?
What can we expect in the Smartphone arena via ARM/TrustZone?
What is the timeframe for TPM.next?
Does the lack of ECC compatibility present an obstacle to the TCG in the short-term, or in particular markets?
Are there opportunities in the Smart-Grid industry for Wave. Assuming yes, are these on the horizon, or over the horizon?
Will Wave aggressively finance development in new markets, or conservatively manage the current scope of business?
cliff
Android taking steps toward being a business phone
http://www.totaltele.com/view.aspx?ID=450299&Page=0
By Roger Cheng, Dow Jones Newswires
Thursday 29 October 2009
Google adds business-friendly features as consumer devices cross over into business space.
Google Inc.'s Android software looks as if it's nearly ready to join the white collar ranks.
The mobile operating system has quickly proliferated into a number of new handsets over the past few months. The phones are largely targeted at consumers, but Google wants them ready for the business environment, a potentially lucrative market. And because consumers have started to bring personal phones to the office, devices that can straddle both worlds--such as the iPhone and Blackberrys--are seeing the most success.
Google and its handset partners have taken several steps toward that goal, including a software update with more business-friendly features, with plans for more to come. Also helping are high-profile devices such as Motorola Inc.'s Droid, which made its debut Wednesday.
Still, Android isn't as suited to enterprises as Research In Motion Ltd.'s Blackberry, industry analysts say; however, interest is mounting.
"More companies are asking about the use of Android," said Gartner analyst Ken Dulaney, noting increased interest in non-corporate devices."There's an increasing demand for individualism. It doesn't get more individual than a phone."
Google doesn't design products and services specifically for consumers or businesses, Chief Executive Eric Schmidt told information technology managers and chief information officers at a Gartner technology conference last week. Instead, it releases a product with the hope that it addresses all segments. While he was laying out the business case for applications such as Gmail and Google Docs, the same logic can be applied to Android.
In a recent study conducted by consulting firm Deloitte, Android was the overwhelming top choice for de facto operating system standard in five years. That's partly because its open structure makes it easier for developers to create programs.
"Inherently, Android is tailor-made for enterprise business of its open platform," said Jason MacKenzie, vice president of HTC Corp.'s North America operations.
While the first iteration of an Android device, HTC's G1, wasn't a business phone, recent handsets have sprinkled in more corporate flavors. Google says the latest software makes it easier for the device to connect to a corporate e-mail and calendar system, and that it will continue to add more features for IT managers to deploy enterprise devices. HTC says companies such as Oracle Corp. and Salesforce.com Inc. have inquired about creating programs.
"They need to see Android in our road map," said Willie Jow, vice president of mobility products for Sybase Inc., which creates software that lets different phones talk to the IT infrastructure and works with corporations, carriers and handset makers.
Still, critics believe that Google's roots remain with the consumer, making it tough for enterprises to truly embrace Android. Deloitte consultant Philip Asmundson said he doesn't see a large number of business programs coming for a few years, and that the enterprise focus would likely lag.
The device manufacturers themselves are cautiously approaching Android. While Motorola Co-Chief Executive Sanjay Jha said he expects more business-focused Android phones next year, other players have treaded more lightly in the area.
HTC's MacKenzie, for example, said security is still lacking for most Android phones, although it's an area that the company is looking to bulk up.
While Android phones may never stack up to Blackberrys in the corporate world, they may not have to. Apple Inc.'s iPhone paved the way for non-business phones to filter into companies. Rather than the standard Blackberry or Windows Mobile phone, IT managers have had to open up their systems employees carrying to newer, flashier phones.
"Corporate CIOs are getting less-standoffish" about supporting other devices, Jha told Dow Jones Newswires."We think of it as the consumerization of enterprise."
Jha said the Droid is his current work phone.
cliff
awk, thanks for bringing this to the board. I accessed the TPM.next powerpoint at:
http://www.trustedcomputinggroup.org/files/resource_files/0CD79678-1D09-3519-ADDAFD2ED5450D0A/Features%20Under%20Consideration%20for%20TPM%20next%20(FINAL).pdf
Slide 4 answers the question about ECC compatibility, and it's good to see that the TCG is moving to ensure coverage / interoperability with this important market segment. I also was interested to find that the 1.2 spec doesn't support AES, which is used for the OPAL-standard data storage devices as well as others.
RIM membership in the TCG would be a positive sign of progress. I expect this to happen as the government pushes for harmonized management of their smart-phone security investment.
cliff
Dell and Juniper Networks to Collaborate on Next-Generation Networking
http://finance.yahoo.com/news/Dell-and-Juniper-Networks-to-bw-2674324010.html?x=0&.v=1
Tuesday October 27, 2009
ROUND ROCK, Texas & SUNNYVALE, Calif.--(BUSINESS WIRE)--Dell (NASDAQ: DELL - News) and Juniper Networks, Inc. (NASDAQ: JNPR - News) today announced an agreement to offer networking solutions under Dell’s PowerConnect brand that enable customers to deploy a common network management platform and network operating system to help reduce operating expenses. In addition, the companies plan to work together on open, standards-based solutions for virtualized data centers and deliver technology solutions using Converged Enhanced Ethernet (CEE), also known as Data Center Bridging (DCB) and iSCSI to improve network economics.
As the notion of traditional, physical data center boundaries extend to virtual environments, customers must adapt to a variety of technological challenges including virtualization, security, bandwidth utilization and network management. By signing this original equipment manufacturer (OEM) agreement, Dell and Juniper intend to deliver a secure network infrastructure - from a customer’s traditional data center out to its branch offices, remote workers, customers and business partners - that can dynamically adjust to meet these challenges and provide orchestrated management of users, workloads and data – avoiding single-vendor lock-in.
Dell also plans to market, service and support Juniper’s high-performance networking solutions to its large enterprise, small and medium business customers and public organizations. The products Dell will deliver under its PowerConnect brand include the Juniper Networks MX Series services routers, EX Series Ethernet switches and SRX Series services gateways, all running JUNOS® Software. Dell expects to make these products available to customers via its direct and PartnerDirect channels.
“Networking is an important piece in providing customers with choices for how they optimize their data center operations to improve efficiency,” said Brad Anderson, senior vice president, Enterprise Product Group, Dell. “This agreement will help address many of our customer’s biggest challenges including a dramatic rise in security concerns, an increasingly dispersed workforce and challenges brought on with the advent of the virtualized data center.”
“Juniper and Dell are a formidable team, and together we can deliver significant value for enterprise customers around the world. This OEM agreement is another great step in our sustained and successful push into the enterprise market,” said Gerri Elliott, executive vice president, Strategic Alliances, Juniper Networks. “We have the only infrastructure that includes integrated security, routing and switching running on a single operating system. And that uniform approach is a great benefit to IT organizations, from the smallest to the largest, as they tackle the challenges of an increasingly decentralized landscape.”
Product Detail
•MX Series Routers - MX Series Ethernet Services Routers offer advanced routing capabilities, such as Multiprotocol Label Switching network virtualization, low-latency multicast, advanced quality of service (QoS), and high availability.
•EX Series Ethernet Switches - EX Series Ethernet Switches deliver the next-generation of switching technology for today’s – and tomorrow’s – networks. With the EX Series, businesses can deploy a cost-effective family of switches that delivers the high availability (HA), integrated security and operational excellence needed today, while providing a platform for supporting future requirements.
•SRX Series Services Gateways - For organizations supporting extranets, SRX Series Services Gateways can help lower the cost of delivering new capabilities while reducing risk, and satisfying end users. These services gateways integrate leading security, connectivity, and application delivery capabilities into a single platform for a safe, affordable, and consistent high-performance communications foundation.
•JUNOS Software - A core foundation of Juniper products since 1997, JUNOS Software delivers a reliable, high-performance platform to help automate network operations including routing, switching and security – with programming interfaces and a software developer kit to help unlock more value from the network.
cliff
OT: Smart Grid and TrustZone
http://finance.yahoo.com/news/Itron-Selects-Accent-Single-bw-1901848370.html?x=0&.v=1
Itron Selects Accent Single Chip Solution for Smart Metering Applications
Highly Integrated, Customized System-on-Chip Offering to Dramatically Reduce System BOM and Increase Performance Versus Standard Products
State-of-The-Art Design to Incorporate ARM® CortexTM-M3 Processor and complete ZigBeeTM PRO Functionality
< note: TrustZone is found in ARMv6KZ and later application profile architectures. The Cortex -M3 is based on ARMv7-M per http://en.wikipedia.org/wiki/ARM_architecture. >
Source: Accent S.p.A.
On 9:00 am EDT, Thursday October 15, 2009
MILAN & LIBERTY LAKE, Wash.--(BUSINESS WIRE)--Accent S.p.A., a leading fabless SoC provider offering highly differentiated platform-based System-on-Chip (SoC) solutions, and Itron (Nasdaq:ITRI - News), the industry leader in advanced metering technology, today announced Itron’s selection of Accent to supply a newly developed integrated circuit for its OpenWay® CENTRON® smart meter product line. The new design will integrate the latest ARM processor technology, a complete ZigBee wireless solution (RF, baseband and protocol stack), as well as an LCD driver and on-chip embedded flash memory to deliver best-in-class performance, highly reduced BOM and lowest system cost.
Powerful processing capability combined with broad range analogue, digital and RF hardware peripherals will enable a single processor core solution for communication, control as well as user application software, thus eliminating the need for multiple processors while significantly reducing power consumption. In order to meet the processing demands of the utility advanced metering infrastructure (AMI) industry, the product offering will utilize the Cortex-M3 CPU from ARM. The new device integrates a complete ZigBee PRO <see next link > solution, including an IEEE 802.15.4 RF transceiver, PHY, MAC and communication stack including Smart Energy profile focused on AMI applications. ZigBee PRO provides utility companies a global, open standard for implementing secure, easy-to-use home area networks while also enabling consumers to choose interoperable products for precise management of energy consumption. The IC will also incorporate embedded flash memory to provide a single chip solution with unprecedented integration. Working from Itron’s product and system requirements, Accent has completed the design of the IC and will provide all necessary software up to the customer’s application layer. Silicon will be available during 4Q09; Itron plans to start mass deployment of Accent’s IC from 2010.
“While looking to increase performance capabilities for our next generation products, we started by considering a number of standard solutions from different silicon providers,” said Simon Pontin, VP of AMI Development. “Accent has offered a unique system level solution allowing us to integrate 4 ICs into a single SoC, enabling a higher level of integration, while increasing system performance. Accent has undisputed capabilities and track record to offer complete single chip solutions on a complex technology mix including RFCMOS, mixed-signal and embedded processing while enabling a very short time to market. By relying on Accent to produce our IC, Itron can continue to focus on its core competency of delivering advanced meter and utility software solutions to the energy and water industries.”
“We are pleased to be working with a global leader such as Itron on a crucial component of their OpenWay CENTRON product lines,” said Federico Arcelli, CEO of Accent. “This strategic engagement further demonstrates Accent’s value proposition in delivering highly optimized solutions that can meet the needs of system equipment manufacturers and OEMs.”
About Accent
Founded in 1993, Accent is a leading fabless ASIC provider offering highly differentiated design and turnkey services for state-of-the-art SoC (System-on-Chip) silicon solutions. Accent’s unique design expertise and IP portfolio in mixed-signal and RF, together with its unrivaled system-level integration capabilities, enable cost effective and differentiated SoC solutions to OEMs, fabless and IDMs. Accent has a proven track record over the years with more than 300 ICs (Integrated Circuit) designs completed to date, with over 98% first-time-right production silicon, and with tens of millions of units delivered from Accent to market. For more information, please visit: www.accent-soc.com.
About Itron
Itron, Inc. is a leading technology provider to the global energy and water industries. Our company is the world's leading provider of intelligent metering, data collection and utility software solutions, with nearly 8,000 utilities worldwide relying on our technology to optimize the delivery and use of energy and water. Our products include electricity, gas, water and heat meters, data collection and communication systems, including automated meter reading (AMR) and advanced metering infrastructure (AMI); meter data management and related software applications; as well as project management, installation and consulting services. To know more, start here: www.itron.com.
http://www.embedded.com/design/205100696;jsessionid=YSYWF4JHQFJ2DQE1GHPSKHWATMY32JVN?pgno=2
Improved security: New options for more secure communications
Since the beginning, ZigBee has included integrated security functions leveraging AES128 encryption for protecting network communications. ZigBee PRO now provides significant enhancements to the security choices available for secure wireless networks.
ZigBee PRO offers two different security modes: "Standard" security and "High" Security. Standard security extends and is functionally compatible with the "Residential" security mode offered by the ZigBee Feature Set and the 2006 ZigBee specification.
In this mode, all network communications can be encrypted using the AES128 algorithm using a single network-wide "network key". Devices in the network may have the network key pre-configured, individually commissioned, or distributed by a centralized trust center.
The ZigBee PRO Standard Security mode further provides for the additional encryption of application-level communications between node pairs through the use of individual "link keys". While this is also optional in the ZigBee Feature Set as well the earlier 2006 ZigBee specification, it is expected to be more widely deployed going forward.
This allows specific node-to-node application level data to be protected from other nodes in the network. This is important for the collection of potentially sensitive private data or the validation of potentially disruptive commands.
The security enhancements in ZigBee PRO are also important to providing secure basic network operation. For example, certain types of ZigBee nodes can "sleep" (power down for a period of time to conserve power use), and hence miss a "change network key" message from the security Trust Center.
When a sleeping device wakes up, it will try to communicate with the network using its old network key, and will be unable to participate in the network. ZigBee PRO provides the ability for the newly awoken node to use a specific link key to encrypt a message that validates itself with the Trust Center and gets the new network key in a similarly encrypted message.
Otherwise, the validation message and network key would need to be sent "in the clear", potentially compromising the security of the overall network. These same mechanisms can be used to wirelessly commission (i.e. configure for use) individual devices securely, never requiring important data to be transmitted without some level of encrypted protection.
The High Security mode provided in ZigBee PRO adds some further protections for device authentication and key management and distribution, including the use of the SKKE. This mode also provides some additional protections against security replay attacks.
The additional security capabilities inherent in ZigBee PRO are critical as ZigBee is used in increasingly important applications. The control of critical systems infrastructure, whether in a commercial building, utility grid, industrial plant, or a home security system must not be compromised.
cliff
Snackman, strategically this is relevant to Wave.
For immediate relevance, I would have also highlighted the following passage (based on upon the id.wave.com developments, Sept 15th PR posted below).
This apart, Salesforce.com disclosed that Cisco Systems Inc. (NasdaqGS: CSCO - News) and Salesforce.com will be delivering a complete contact center in the cloud. The Customer Interaction Cloud, formed by Cisco and Salesforce.com will use the newly introduced service cloud 2 from Salesforce.com along with Cisco Unified Communications.
http://finance.yahoo.com/news/Wave-Releases-Beta-Version-of-iw-3960872375.html?x=0&.v=1
LEE, MA and LAS VEGAS, NV--(Marketwire - 09/15/09) - Digital ID World, Booth #11 -- Wave Systems Corp. (NASDAQ:WAVX - News) (www.wave.com) announced today the launch of id.wave.com, a new identity service that enables strong authentication and single sign-on to Web services and applications in the "cloud." The service is available in beta form and will be demonstrated to prospective partners and industry insiders at this week's Digital ID World Conference in Las Vegas, Sept. 15-16.
As Web-based applications and services increase in both number and importance, knowing who is on the other end of the cloud in a secure and private way is increasingly vital. Wave's online identity service is designed to allow users to create a single, secure, user-friendly identity that is accepted at many websites including Facebook, Google and salesforce.com using OpenID and SAML. The id.wave.com service takes full advantage of the Trusted Platform Module (TPM) security chip to secure users' authentication identities with keys held in the TPM.
cliff
More on the Dell "Latitude On" architecture:
From http://www.securecomputing.net.au/News/157053,dell-latitude-z-puts-security-front-and-centre.aspx we know that the "the Dell "Latitude On" architecture includes an "Infinity" system-on-a-chip based on the ARM architecture in addition to the Intel CULV processor."
It appears that the Infinity technology comes from Clearview Technology Inc of Quebec City, and is based on the ARM11 SOC CPU:
http://www.clearviewtechnology.com/company.html
So after all is said and done, it may well be that Dell again breaks this new ground with Wave in introducing ETS management features to ARM/TrustZone devices. The Latitude Z would otherwise present a dilemma to CIOs who invest in TPM-based security, while deploying PCs that would have network access via the unprotected Latitude On feature.
cliff
rwk, wouldn't that be great.
Does TrustZone work with ECC-ecryption? Slide 18 in the linked powerpoint suggests it does. Recall that RIM bought out Certicom a while back ...
http://www.trusted-logic.com/Presentations/Trusted%20Logic%20DevCon%202006Oct5.pdf
cliff
awk, perhaps this is worth a repost:
http://investorshub.advfn.com/boards/read_msg.aspx?message_id=38519863
cliff
SignOnLine - interesting that this old (date unknown) page from SignOnLine shows Admiral Robert Inman as an Advisory Council Member.
http://www.signonline.com/pages/management_printable.html
cliff
Taxi vader, nice find.
"Ultimately, everything will be done electronically. There is no question in my mind. The momentum is there. The acceptance is there.
Further, the use of mobile technology and PDAs has exploded, too. You’ll see us release functionality to allow you to do more on your phone where it makes sense."
**************************
"Wave eSignSystems is a great strategic business partners for us. We do all of our e-origination around that platform. I use their fabric and vault for storage around e-origination, which will allow me to offer my clients a vault for e-closings down the road."
cliff
Or Perot Systems Government Services, Inc, also on the list provided by weets ...
cliff
Latitude ON — Instant, Always ON™ Connection to Email, Web, Contacts and Calendar
http://ca.sys-con.com/node/1124224
Latitude ON — Instant, Always ON™ Connection to Email, Web, Contacts and Calendar
Latitude ON represents the convergence of laptop productivity with instant “on” convenience and multi-day battery life in idle mode.2 Available on the Latitude Z, E4200 and E4300, it includes a sub-processor and sub-operating system that delivers instant, interactive access to email, the Web, contacts, attachments and calendars. Latitude ON allows the user to stay connected and utilizes the laptop’s keyboard and display for enhanced usability. Other advanced features of Latitude ON that make it business friendly include:
Access to IMAP, POP, Novell Groupwise or Microsoft Exchange 2003 email
Citrix Receiver allows IT administrators to ensure remote secure access similar to a thin client
Strong password requirement meaning the user must include one uppercase, lowercase, number and special character
Supports virtual private network (VPN) functionality
Ability to read .doc, .xls, .ppt and .pdf documents
Dedicated Latitude ON button allows users to connect instantly
Latitude ON is available starting today around the world. It is a standard feature on the Latitude Z and a $199 optional upgrade on the Latitude E4200 and E4300.
cliff
awk, this is an interesting innovation, although no mention of TCG functionality:
"For fast starts, the Dell "Latitude On" architecture includes an "Infinity" system-on-a-chip based on the ARM architecture in addition to the Intel CULV processor."
Dell Australia Latitude product manager Jeff Morris said it gave users the benefits of a smart phone on the big screen with a full-sized keyboard.
Press the Infinity button from a cold state and in about a second the Z boots into a lightweight Linux OS with Dell customisations: Exchange 2003 client, Firefox web browser, Cisco VPN, Citrix Receiver desktop, contacts and calendar. The chip that is standard on the Z and a $249 option on other models has its own Wi-Fi B/G that bypasses the main wireless card."
http://www.securecomputing.net.au/News/157053,dell-latitude-z-puts-security-front-and-centre.aspx
cliff
awk, I've long believed that the first applications of Wave's hardened OpenID services to enterprises would be for enabling secure access to internal resources. For example, access to Human Resources data, to Purchasing and Contract data, and to sensitive corporate IP data.
So, Wave employee X who is working on a 6-month contract, has access to his personnel files, including contracts, assignment of IP rights, benefits, etc., but no access to Feeney's data. An internal search by employee X using Google as the search engine is informed by OpenID on the specific access privileges for employee X based on the TPM on his notebook.
fyi, if you go to http://www.wave.com/support/developer.asp and right-click on the magifying glass, you get a drop-down that incudes the option "Generate Custom Search". That pick item presents a dialog box with the header "Google Toolbar Custom Buton Generator".
Similarily, I fully expect that Wave is using SalesForce.com.
This is a consumer play in the sense that users are treated as clients. It will be perfected for intra-enterprise apps, and in parallel will be ready for the extra-enterprise market including Open Government whenever that market punches in.
cliff
With Perot, Dell Can Get a Chunk of IT's Hottest Market, Health Care
Dell Inc.'s purchase of Perot Systems will help it better compete for large federal e-health contracts when funding becomes available at the Oct. 1 start to the government's fiscal year.
Comments By Patrick Thibodeau
Mon, September 21, 2009 — Computerworld — There are a lot of reasons why Dell Inc. agreed to buy Perot Systems Corp. for $3.9 billion, but Congress' vote earlier this year to appropriate billions of dollars to spread the use of electronic medical records may be a key one.
Perot, which says that about half of its $2.8 billion in annual revenue is derived from health care projects, is in a good position to gain a significant chunk of the $36 billion the federal government is poised to spend on IT related health care projects. Even before today's announcment that Dell plans to buy Perot, the PC maker and IT services firm had agreements in place develop platforms dedicated to electronic health care applications.
During a conference call with reporters today, Michael Dell, CEO and chairman of Dell, called the move "the right acquisition" for his company, and that the two Texas-based firms share several similar characteristics. "Our products, services and structures are overwhelmingly complementary," Dell said.
Ross Perot, the chairman emeritus of Perot, added, "We saw this as a cultural match, and we saw what we could do together, and I think that made it a lot easier to jump on Michael's vision to build Dell."
Perot founded Electronic Data Systems (EDS) in 1962 and sold it to General Motors Corp. in 1984 for $2.5 billion. EDS was spun off in 1996 as an independent firm and remained that way until it was acquired last year by Hewlett-Packard Co. for $13.9 billion. Ross Perot founded Perot Systems in 1988.
Harry Greenspun, chief medical officer for Perot Systems' health care group, told investors garthered at an industry conference this month that there's tremendous opportunity for companies like Perot in the health care market. "Most hospitals, most physicians' offices are very immature in their adoption in their technology," he said, according to an archived recording on Perot's web site.
Dell hopes to complete the deal by year's end, just after the federal fiscal year starts on Oct. 1, which is when federal spending on electronic records is set to begin in earnest. The demand for help in implementing new health care IT projects should come quickly -- Under the law, health care providers have to start upgrading e-health systems by 2015 or face federal penalties.
Dell and Perot are already jointly offering what Greenspan called a "dumb box" without ports of disk drives. The Software-as-a-Service system delivers electronic records to virtual desktops that charge customers on a subscription basis. "This is a different way of delivering this service," said Greenspun.
The purchase of Perot Systems will also give Dell some credibility among large users as a service provider, said Peter Bendor-Samuel, CEO of Everest Group, an Dallas-based outsourcing consultancy. "It both significantly improves their delivery capability and tremendously improves their credibility," he said.
Bendor-Samuel said improved revenue from health care projects should be a strong side effect of the merger, but contended that Dell's primary interest is gaining access to a broader base of enterprise customers. "It's great to be a dominant player in the fastest growing segment of the economy, but I view that as a nice thing to have," he said.
Dane Anderson, an analyst at Gartner Inc., believes that the deal shows only that Dell is finally embarking on a services strategy. Dell's support operation has traditionally focused on providing services to meet the needs of existing users. It has not offered the broader consulting and integration services provided by IT services firms like Perot Systems, he added..
"Really, where the opportunity is in the nearest term is to bring more capabilities to the table for that Dell installed based of clients, he said.
Anderson said that he doesn't expect Dell to quickly gain new services contracts due to the acquisition of Perot. Enterprise aren't likely to exit existing contracts with other services providers.
cliff
Smartswipe ... can there really be a market for this at $99??One could use the PIM in ETS for a lot less.
http://news.cnet.com/8301-17938_105-10286827-1.html
Shop online safely with SmartSwipe
by Dong Ngo Font
One of the most dangerous things about shopping online is the fact that you have to enter your credit card information. This is when malicious software like Keylogger can steal your private data without you even knowing it.
Even if your computer is safe, entering all that info can be tedious. Luckily, there's now a way to eliminate the hassle of payment entry and ensure the safety of your computer, too.
The catch is, it costs $99.95.
The solution is SmartSwipe from NetSecure Technologies. SmartSwipe is a USB credit card reader that you connect to your computer via USB port. It allows you to actually swipe your credit card when an online retailer requires payment information, just the way you would at a store.
Apart from speeding up information entry, NetSecure claims SmartSwipe adds another layer of security to your online shopping. It does so by scrambling and encrypting the credit card data before transferring it to the computer. Traditional online security programs protect your sensitive information when it's on the way to the Internet, but not beforehand while it's sitting on your computer.
If the company's claims are true, it means that if you have SmartSwipe installed, your credit card data will be safe even if your computer is infected. This doesn't mean, however, that you can be negligent when online.
According to NetSecure, SmartSwipe features simple plug-and-play installation and is designed to work with nearly every major credit card and credit-debit card combination, including Visa, MasterCard, American Express, and Discover. The device works with Windows XP and Windows Vista, and Internet Explorer 6 or higher.
In case it doesn't work out for you, SmartSwipe comes with a 90-day, no-hassle, return policy. Now, hurry up and go make your last tedious online purchase that's potentially insecure. You won't ever have to again.
cliff
Ralphgoldberg, fyi I purchased this item for my wife's use from Dell about 8 weeks ago. It's a very nice package.
One thing that may still be the case ... I had to order the SED / Fingerprint Scanner / Wave configuration by direct contact with Dell Sales. The order could not be fulfilled using the online applet at that time, and the options were not free, i.e not as described by the online decription.
So I have 3 X Wave-equipped PC's in the household now (1 Gateway Professional notebook, 1 desktop with the Intel DQ45CB MB, and the Vostro 1520. Alas, no plans to upgrade to ERAS.
cliff
Black Hat: Smart Meter Worm Attack Planned
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=218700250
IOActive's Mike Davis intends to unleash a worm on a smart meter at the Black Hat security conference on Thursday.
By Thomas Claburn
InformationWeek
July 28, 2009 06:57 PM
The smart grid, the emerging power distribution infrastructure upgrade, may not be the bright idea its name suggests. In the rush to modernize the way electricity moves, security appears to be an afterthought.
At Black Hat on Thursday, Mike Davis, a senior security consultant with IOActive, plans to conduct a worm attack on a smart meter, a part of the smart grid that's being installed at consumers' homes around the country.
The worm, Davis claims, can copy itself from one smart meter to the next in a neighborhood, ultimately causing power outages and rendering the smart meter inoperable.
"Many of the security vulnerabilities we found are pretty frightening and most smart meters don't even use encryption or ask for authentication before carrying out sensitive functions like running software updates and severing customers from the power grid," said Davis in a statement.
IOActive president and CEO Joshua Pennell said much the same thing in March when he testified before the Committee of Homeland Security and the Department of Homeland Security.
"Based on our research and the ability to easily introduce serious threats, IOActive believes that the relative security immaturity of the smart grid and AMI markets warrants the adoption of proven industry best practices including the requirement of independent third-party security assessments of all smart grid technologies that are being proposed for deployment in the nation's critical infrastructure," he said.
Last year, a CIA analyst revealed that "cyberattacks have been used to disrupt power equipment in several regions outside the United States." Such attacks have been rare due to the complexity and obscurity of the SCADA systems that govern electrical infrastructure. With the smart grid transition, the technical barriers to an attack of this sort are likely to be lower, at least initially.
Google and Microsoft are both developing smart meter services that aim to provide greater insight into home energy usage. Google has its PowerMeter project, and Microsoft (NSDQ: MSFT) in June introduced Hohm.
Davis is scheduled to make his presentation on Thursday, July 30 from 4:45-6:00 P.M. in the Milano Ballroom at Ceasar's Palace in Las Vegas, where Black Hat is being held.
cliff
xxxxcslewis, nice ... and very good to see Wave partner Safenet so prominently positioned (page 23).
cliff
Snackman, the Mach4 line of SSD's includes optional AES encryption, other drives include ECC encryption, and STEC is a TCG member. Something to monitor ...
http://www.stec-inc.com/downloads/ssdoverview.pdf
cliff
Here's the May 12 2009 formal announcement from TDK (who do not appear on the member list of the TCG):
http://www.tdk.co.jp/teaah01/aah29800.htm
cliff
Doma and DD,
Not sure how this all fits, but TDK has also been sighted in the company of Lenovo with an FDE SSD:
http://investorshub.advfn.com/boards/read_msg.aspx?message_id=35753662
I also found this link interesting, especially the sentence that I've pasted below:
http://www.securitywatch.co.uk/2009/06/03/tdk%E2%80%99s-controversial-move-to-ssd/
Cordial’s public statements were issued in the wake of the recommendation by the National Institute of Standards and Technology of the US that firms should not use 1024bit RSA encryption after the start of 2010.
cliff
Donald Duck, Lenovo has always had its own TPM management solution. As with TPM's, this one only works with Lenova clients - "Our exclusive Hardware Password Manager (HPM) works with any FDE drive that is part of an Intel Centrino® 2-based ThinkPad." - so this is just more of the same.
cliff
dig, as problems go, that one would fall under the "step forward; good to have" category.
This is also the cost that is targeted (and normally more-than-adequately covered) by annual support revenues. For a large deployment, it's good business to capture Year 1 support coincident with the initial deployment agreement, and to break out maintenence separately.
Also worth noting that debt is a viable alternative for financing costs that are associated with guaranteed revenues.
cliff
barge, your Kaboom is not impossible ... iPhone is TrustZone-enabled (whoops if already posted).
http://www.engadget.com/2007/07/01/iphone-processor-found-620mhz-arm/
"From what we can tell, it looks like the iPhone's got a 620MHz ARM chip running under the hood. Specifics:
ARM1176JZF chip with TrustZone (enables trusted computing environment for media, apps, network, OS, etc. -- very bad for hackers)"
Any similar tea-leave-readings for the Google HTC Dream and Magic smartphones? The Google phones feature a Qualcomm 7201 processor, which is ARM11-based:
http://www.qctconnect.com/products/msm_7201.html
"Integrated ARM11™ applications processor and ARM9™ modem"
cliff
Chance To See ... products like Endpoint Enforcer are fundamental to securing data in transit.
Nice find.
cliff
Cloud computing a 'security nightmare' says Chambers
http://www.infoworld.com/d/cloud-computing/cloud-computing-security-nightmare-says-cisco-ceo-723
Cloud computing a 'security nightmare' says Chambers
By: Robert McMillan - Network World US (hs) (22 May 2009)
Cloud computing is hot, but the head of Cisco Systems sees trouble coming. At the RSA security conference, one speaker said it should be called 'swamp computing'
If anyone has the right to be excited about cloud computing, it’s John Chambers.
But Cisco Systems’ chairman and CEO concedes that the computing industry’s move to sell pay-as-you-go computing cycles available as a service on the Internet was also “a security nightmare.”
Speaking during a keynote address at last month's annual RSA security confab in San Francisco, Chambers said that cloud computing was inevitable, but that it would shake up the way that networks are secured.
“You’ll have no idea what’s in the corporate data center,” he said. “That is exciting to me as a network player. Boy am I going to sell a lot of stuff to tie that together.”
However, he added, “It is a security nightmare and it can’t be handled in traditional ways.”
Cloud computing was a hot topic at the conference. Big computing companies are eager to talk about it, but security experts see a lot of work ahead. “I think it’s really going to be a focal point of a lot of our work in the cyber security area,” said Ronald Rivest a MIT computer science professor and noted cryptographer, speaking during a conference panel.
“Cloud computing sounds so sweet and wonderful and safe ... we should just be aware of the terminology. If we go around for a week calling it swamp computing I think you might have the right mindset.”
Rivest added that he was optimistic about cloud computing’s future, but that it was going to take “a lot of hard work” to make it secure.
Show attendees haven’t exactly bought into the concept. “I’m not seeing a huge benefit in the cloud for us,” said Bruce Jones, chief information security officer of Kodak, speaking in an interview. One of the main problems is that Jones doesn’t want to give up control of sensitive data to a nebulous cloud-based computing architecture. For long-term computing projects, it’s probably cheaper to simply buy the hardware, he said, but he does think that cloud computing could work on a small scale at Kodak.
As data moves onto the cloud, Cisco’s security services will become even more important, and the company’s ability to dig in and inspect data moving on and off corporate networks will become even more critical, said Tom Gillis, vice president of marketing with Cisco’s security technology business unit, in an interview.
“The move to collaboration, whether it be video or the use of Web 2.0 technologies or mobile devices is really dissolving the corporate perimeter,” he said. “This notion of security as a line that you draw in the sand ... that notion is just gone.”
And it’s not going to come back. Chambers says that his company’s use of Web 2.0 technologies has mushroomed in the past year. In the first quarter of 2009 Chambers held 262 meetings, he said. 200 of them were virtual, using Cisco’s TelePresence system. “It’s got to be secure as we do this,” he said. “This is our lives.”
cliff
OT - barge, regarding Android (as well as Symbian and Windows Mobile):
http://edageek.com/2009/02/16/symbian-mobile-android/
Trusted Logic Announces Trusted User Interface for Mobile Payment
Posted by EDA Geek News Staff in Wireless on Monday, February 16, 2009
Trusted Logic, the leading provider of Trusted Execution Environments for embedded systems, has extended its Trusted Foundations[tm] Software with a Trusted User Interface capability needed for mobile payment. Trusted Foundations Software targets wireless devices that need to execute sensitive applications and control the access to critical device resources. It is compliant with the OMTP security requirements issued in 2008 by mobile network operators, and has been connected to the main mobile operating systems including Symbian OS[tm], Windows Mobile® and Android.
Trusted Foundations Software allows fast and flexible implementation of security features and provides a high-performance Trusted Execution Environment, that is separate from non sensitive applications and can connect securely to the (U)SIM card, the NFC controller and any other secure element. This environment now enables the development of secure drivers – such as a keyboard driver to be executed in the secure environment, allowing secure PIN code entry as required for banking transactions.
Trusted Logic also develops and sells jTOP®, the leading secure Java Card[tm] platform used in our (U)SIM products. Having reached Common Criteria EAL5+ assurance level, Trusted Logic’s products can host secure banking applications directly on the (U)SIM.
With Trusted Foundations Software allowing secure PIN code entry, a certified (U)SIM card to execute certified applications, and Trusted NFC, Trusted Logic now offers a unique end-to-end solution for rich and secure banking applications.
Trusted User Interface
With Trusted Foundations Software, the keyboard interface is implemented in such a way that PIN code entry is securely isolated from the device’s main operating system. The PIN code can be transferred to the (U)SIM card through a secure channel, or sent to a server for online verification. Secure passwords can also be securely stored on the device, thanks to the secure storage implemented in Trusted Foundations Software.
Trusted Foundations Software also provides other ways to secure the User Interface. At the Mobile World Congress next week, Trusted Logic will showcase PIN Code entry on a smartphone’s virtual keyboard. The virtual “randomized” keyboard is generated within Trusted Foundations Software, thanks to a web server’s secure service. It is associated with a personalized security indicator shown on the screen - which the end user can choose and change, to increase user confidence. This solution is also very interesting to configure sensitive properties on-device.
Trusted Foundations Software is already here
Trusted Foundations Software has gained strong acceptance and is commonly used to secure DRM on various platforms. The flexibility and performance of this environment, and its availability on several silicon vendors’ platforms and devices, position Trusted Foundations Software as a key element to secure the mobile payment applications to come.
Mr. Jean-Philippe Wary, Information Security Strategy Adviser at SFR, says: “With its Trusted Foundations Software, Trusted Logic meets the mobile e-transaction market’s expectations for terminal security. By providing a technology that enables secure communication between all the components needed to deploy value-added services - (U)SIM cards, keyboard, screen, NFC, other Secure Elements - Trusted Logic provides the last component that was missing for the emergence of new businesses: a trusted user interface. Trusted Foundations Software, coupled with a SIM card certified at the level required by the banking market (see Trusted Logic – SFR announcement made at Cartes 2008), enables the safe deployment of mobile services – right now, and with the highest level of security requirements.
Dominique Bolignano, CEO of Trusted Logic, comments: “Trusted Logic has been a pioneer in defining security requirements for the wireless industry. These requirements are now being implemented – with a strong boost from upcoming NFC deployments. The main target use case is mobile payment, but our technology supports any application. For years, we have been cooperating with silicon vendors and telecom operators. Trusted Foundations Software is the right product coming at the right time for them to deploy new applications. This is an outstanding step for our company.”
About Trusted Logic
With dual competence in security and open technology for embedded systems, Trusted Logic has been leading the development of secure software since its creation in 1999, focusing on two industries: smart cards & secure tokens and professional & consumer devices. Its subsidiary, Trusted Labs, offers security consulting and evaluation services.
cliff
rooster1, thanks for posting this, I think it's a very significant signpost on the TCG roadmap.
"TPM and BitLocker (collectively) would stop VBootkit from working. But TPM is not available on consumer PCs -- most of the them -- and BitLocker is available only in high-end Vista editions," Nitin Kumar wrote in an e-mail.
cliff
dig space, that would not surprise or distress me, especially in government, and I think such anecdotes are always useful for the unpopular task of managing expectations here.
Your reference to imaging and replication reminds me that it wasn't that long ago that large organizations and leading corporations were still standardizing on Token-Ring and OS2/Warp, when the technology trend was plainly towards Ethernet and NT. IBM was using all of their considerable powers of coercion to fight off the inevitable changeover, they had their blue-shirt orthodoxy advocates in place, and when it was finally over it had cost their customers a tidy sum as well as some competitive advantage.
That changeover did not happen all at once, but happen it did. And those who invested in the Ethernet paradigm did pretty well.
cliff
Weby, this will become a non-starter in any heterogeneous environment. ERAS will be the ticket.
"Self-encrypting drives provide a great defense against the growing problem of data breaches today, offering performance and security advantages over aftermarket software encryption solutions," said Lark Allen, executive vice president at Wave Systems. "Toshiba is at the forefront of the movement to bring an integrated, hardware-based solution to today's enterprise. Because Toshiba drives are based on the TCG's Opal Storage Specification, they're ideal for deploying across heterogeneous environments."
I recall that Lenovo was offering non-standard TDK SSD encrypting drives also, with no management capability. They would be under pressure to provide something to fill this gap.
cliff
New Wave, let's hope we get some visibility from RSA Conference '09.
http://finance.yahoo.com/news/Wave-Assembles-Leading-iw-14890190.html
...
What: Interactive Session for Developers: "The Next Authentication
Token"
Where: RSA Conference 2009 - Hall E, Orange Room 132, Moscone Center
North - Moscone Center - San Francisco, Calif.
When: Monday, April 20, 9 a.m.- 12:00 p.m. PDT
Who: George Kastrinakis, Director Product Management, Wave Systems
Corp.; Joseph A. McGinley, CISSP, CISM, PMP, Manager Global
Software Architecture, Diebold; David Corcoran, President,
TrustBearer Labs.
cliff
Interesting that Giesecke & Devrient (G&D) and TrustBearer Labs are collaborating on health care:
http://www.trustbearer.com/news/mt-sinai.php
Mt. Sinai Medical Center to Deploy 100,000 Giesecke & Devrient Patient Health Cards
DULLES, Va.--(BUSINESS WIRE)--Giesecke & Devrient (G&D), working with EXTENSION, Inc. and TrustBearer Labs, has developed a smart card-based solution that lets health care providers manage the security requirements outlined in the President’s economic stimulus bill. EXTENSION, Inc. has integrated the G&D Patient Health card and TrustBearer Access authentication software with EXTENSION™ software to create EXTENSION™ Health Connect. This solution has been deployed at Mount Sinai Medical Center in New York City with the issuance of the first G&D patient health cards on April 1.
EXTENSION™ Health Connect provides highly secure, fast and accurate patient identification and information exchange. It securely links data, patients, and healthcare providers together in order to reduce administrative costs and improve the patient experience. EXTENSION™ Health Connect uses G&D patient health cards to securely identify patients to hospital information systems. The card also holds a personal health record for each patient that can be securely accessed. “Accurate patient identification is a critical issue in healthcare especially as we expand the use of electronic medical records and health information exchanges. These new health cards will ensure that patients are securely and accurately linked with their personal medical information across multiple institutions and care providers, reducing administrative burdens, improving patient care and satisfaction,” said Paul Contino, Vice President of Information Technology at Mount Sinai Medical Center.
Health care organizations implementing electronic health records (EHR) need a way to securely identify patients and to safely access health information. EXTENSION™ Health Connect is the first to offer a smart card program which successfully meets these needs with an easy to implement, affordable, solution. G&D uses their significant health card experience to provide a key component of this solution.
Congress incorporated the Health Information Technology for Economic and Clinical Health (HITECH) Act into the President’s economic stimulus bill. The new law provides $19 billion to standardize and secure the creation, access, and sharing of electronic health information, a vital component of health care reform. The law also includes financial incentives for health care providers to use electronic health records (EHR). EXTENSION™ Health Connect with G&D patient health cards helps meet the information security goals of this law by providing a highly secure method for access and authentication to health information and EHR.
The new law provides stricter enforcement of security requirements than the Health Insurance Portability and Accountability Act (HIPAA). This will also help boost public confidence in how health records are used, disclosed, and protected. “The use of G&D patient health cards as part of EXTENSION™ Health Connect supports patient privacy and data security,” said David Corcoran, CEO of TrustBearer Labs. “The solution also streamlines operational processes to reduce health care administrative costs.”
cliff
wavedreamer - No clue how the Nortel saga will conclude, but regardless I don't think it will have any great impact on the trusted computing environment.
Just my opinion ...
cliff