Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Nortel Locks Down Network Security with 'Identity-Aware' Technology
http://finance.yahoo.com/news/Nortel-Locks-Down-Network-iw-14877657.html
Nortel is delivering new solutions to integrate 'Identity-Aware' network security with unified communications technology, enabling enterprises to increase productivity, lower operating expenses and give them new competitive advantages by providing secure access to the right resources from anywhere and at any time.
The company is introducing Nortel's Identity Engines(1) portfolio to integrate identity-aware networking that delivers a new level of network security. Identity-aware networking determines who a user is, when they are accessing the network, what device they are using and where they are connecting from to determine the appropriate level of network access. Unlike most enterprise networks that do not identify the users and cannot distinguish among employees, guests, executives and consultants for example, the Identity Engines portfolio provides valuable identity information about everyone on the network, giving network managers more visibility and control over user traffic.
"Identity-aware networking is an emerging network access control driver that will continue to increase in importance," said Lawrence Orans, research director, Gartner. "This capability provides greater visibility and control over user behavior on the network, allowing enterprises to better monitor user traffic and enforce access to critical resources."
"Nortel is charging forward, delivering new, industry-leading unified communications solutions that not only increase the tempo of the enterprise, but ensure that private data remains private," said Joel Hackney, president, Enterprise Solutions, Nortel. "With the Identity Engines portfolio, we are able to secure the use of the enterprise network, making sure that only those authorized are able to access it, regardless of location or device. By the same token, authenticated users are able to access only those resources that they are authorized to access. This portfolio will increase the level of security in our unified communications offering to ensure that the right information reaches the right decision makers at the right time."
The Identity Engines portfolio provides a comprehensive Secure Guest Networking Solution, which simplifies guest management services by allowing non-technical staff to set up short-term accounts with access to only certain portions of the network. These accounts expire after a specified time period and are automatically removed from directories, increasing the level of security and reducing administration tasks.
Not only does the Identity Engines portfolio offer greater security through network-based identity management, but it also increases efficiency by providing centralized policy decision throughout the entire enterprise. It works across network silos, removing the need to create and manage hundreds of user groups and deploy multiple servers, leading to simplified management and lower costs.
"The Nortel Identity Engines technology provides customers with advanced policy capabilities with unique industry-leading features like identity routing and virtual attribute mapping," said Joel Snyder, an industry NAC expert and partner at Opus One. "Its identity-based granular policies and ability to span user group directories puts it several steps ahead of other vendors."
Because the solution is based on industry standards, the Nortel Identity Engines portfolio integrates with enterprises' current network infrastructures (regardless of vendor) to provide the centralized policy decision, authentication and authorization needed to enforce role-based Network Access Control (NAC) for wired, wireless, and VPN networks. To further demonstrate its commitment to industry standards and customer choice, Nortel also joined the OpenSEA alliance to provide the market with a standards-based, cross-platform, open-source 802.1X client, offering an alternative to the proprietary technologies by competitors.
The technology foundation for these open, standards-based solutions came from Nortel's recent purchase of the Identity Engines' IP assets. The Nortel Identity Engines Portfolio is centered on the Identity Engines Ignition Server(1), which acts as a powerful policy engine and directory service integrator to deliver network identity management across the network.
The Identity Engines portfolio augments the existing Nortel NAC offering by adding identity-aware networking, centralized policy decision over LAN, WLAN and VPN, strong 802.1X-based transport and analytics and reporting. Nortel is enhancing the Identity Engines offering by adding support for virtualization platforms and will offer the product as a VMware virtual appliance, which increases flexibility and reduces total cost of ownership.
In addition to the new portfolio, Nortel will continue to offer its Secure Network Access Switch series of products as NAC appliances focused on delivering health-checking capabilities for LAN environments over Layer 3 transport.
http://www.nortel.com/products/01/identity_engines/nn124048.pdf
Standards-based — Based on the IEEE 802.1X standard, the Ignition Posture works with all current networking equipment. The Ignition Posture implements aspects of the Trusted Network Connect (TNC) architecture from the Trusted Computing Group (TCG).
cliff
DD
http://www.acer.com.au/acer/product.do;jsessionid=0A69BA5958B87496BBD216B20ADAE361.public_a_14a?kcond4e.c2att92=876&LanguageISOCtxParam=en&link=ln32e&CountryISOCtxParam=AU&inu7e.current.c2att92=876&rcond10e.c2att1=92&rcond21e.c2att1=92&kcond5e.c2att92=876&inu3e.current.c2att92=876&acond23=AU&sp=page5e&rcond11e.att21k=1&ctx1g.c2att92=876&kcond7e.c2att101=47088&rcond16e.c2att92=876&ctx2.c2att1=92&rcond22e.att21k=1&ctx1.att21k=1&rcond9e.c2att92=876&CRC=2375158307
https://www.euroele.com/specsheetpage.aspx?Format=Y&PartNumber=PS.S6GE1.U01&manf_name=Acer&spec=a
- click on Extended specifications (use this link to view extended specifications)
http://www.systemat.com/is-bin/INTERSHOP.enfinity/eCS/Store/en_BE/-/EUR/DisplayProductInformation-Start;sid=SvYAtKQE7vD1eO3GSgvSSQzEjsu9UqEP_xs=?ProductID=guPAqP3SDSMAAAEf8fN9524j&Registered=no
cliff
awk, you write ... "It is more like a TPM on steroids than it is like Embassy."
I like this analogy, because it addresses the need for TPM functionality in a marketing-oriented fashion, and it's a good indication of how far ahead Wave was relative to the market (and likely still is; the market still lags Wave). Today's market requires only a few features, and relatively simple TPM products are adequate. As demand for TPM functionality expands, it can be met by embedding more fixed feature-sets.
Also, it is the giants Dell / Broadcom who are leading this "market-making" push, not tiny Wave who own so much of the IP.
At some point, this model will become unmanageable, and then you can anticipate its displacement by an Embassy 2100-like application. Wave is already positioned for this.
With Intel and Broadcom both innovating the TPM product-architecture, it will be interesting to see where all these features end up.
cliff
Seagate is doing some assertive viral marketing, appears to be aimed at Enterprise (capital E, as in large-scale server tech), but growing awareness can only help Wave / Dell and the end-point market.
http://www.itdialogue.com/
cliff
Regarding Gateway EMEA re-launch, the Gateway UK website now has pages on the NO20 and NO50 notebooks, e/w with TPM 1.2 and fingerprint scanner.
http://uk.gateway.com/products/notebooks/officeseries.html
No Wave mention, but ETS is bundled with the new desktop line, so it would seem straight-forward:
http://uk.gateway.com/products/desktops/towerseries.html
cliff
rooster1 - mea culpa, for not reading the full text of your post, and its relevance to the Seagate SED management.
cliff
Donald Duck, Wave has a significant holistic technology relationship with Dell. I agree with your assessment of WinMagic's product positioning, but I think Wave has successfully established barriers to entry with Dell from an OEM perspective.
I'm with you on the Safenet offering ... it would be good to get a status on this.
I feel that WinMagic has hit the marketing bullseye with their statement "This provides organizations with the flexibility to deploy any combination of hardware and software-based encryption - or transition between the two - with full transparency for end users and a consistent management interface for administrators."
WinMagic only does data encryption, so has to be supplemented for end-point functions, i.e. authentication, with a 3rd-party product. Per http://www.winmagic.com/partners/technology_partners, they have a number of technology partners, including Safenet (go figure ...).
cliff
Weby, here is a MUCH more revealing description of the WinMagic SecureDoc offering, see link for full PR ...
http://www.marketwatch.com/news/story/winmagic-raises-bar-enterprise-encryption/story.aspx?guid=%7BE718A184-21EB-4624-92E9-89EC3F2E65A0%7D&dist=msr_3
SecureDoc also supports and manages hardware-encrypted disk drives such as the Seagate(R) Momentus(R) FDE and BlackArmor(TM) drives, as well as the upcoming TCG "Opal" specification drives from other leading drive manufacturers. This provides organizations with the flexibility to deploy any combination of hardware and software-based encryption - or transition between the two - with full transparency for end users and a consistent management interface for administrators.
cliff
Here's consumer app for TPM ready and waiting:
http://blogs.zdnet.com/security/?p=2905
March 17th, 2009
A password vault is as mandatory as anti-virus
Posted by Adam O'Donnell @ 11:51 pm
We all need to get out of the mindset that our primary e-mail address combined with a single universal password are our credentials for the world.
Admit it. You have one password. You may even have half a dozen variations on your childhood cat’s name, but it is still the same basic password, and you use it to log into American Express, Netflix, Bank of America, GMail, Comcast, MySpace, Fark, Twitter, Virgin America, EBay, New York Times, and even the message forum where you talk about your obsessive collecting of late 19th century yak bridles.
You think to yourself, hey, what’s the big deal, right? Having the same password in one location won’t affect the security of the other location. If someone compromises your Netflix account, for example, the worst that can happen is they realize you favor tripe like The Notebook and National Treasure rather than quality cinema like Blade Runner and Rocky. It isn’t like they can pull your credit card information from the site and use it elsewhere, and besides, it isn’t like anyone who grabbed your password would be able to figure out all the other websites you visit.
You are forgetting that when you use the same username, an e-mail address, and the same password on numerous websites, you are relying upon the strength of the security of the weakest website you authenticate against to guarantee the secrecy of our login credentials. In other words, if you use the same username and password at 50 odd websites, you are relying upon the laziest system administrator of all 50 systems to keep their web app from being hacked to prevent your credentials from leaking out. Again, big deal, right?
Let’s say someone compromises yakbridletrader.com as part of compromising everyone that is still running PHPNuke. They dump the usernames and passwords online for all to see and share. Someone notices that your e-mail address, yakguy@gmail.com, is in the tuple, and gets the bright idea to go to GMail and try your yakbridletrader.com password. From there they go and figure out what bank backs your credit card, and well… you get the idea.
Having a strong and diverse password everywhere is mandatory now. It is as mandatory as running anti-virus on a PC and having a working set of backups. Like backups and anti-virus, if you don’t have a strong and diverse password that is different on every website you visit, you have no right to complain if you get compromised because someone took down the one-stop yak shop. It is your own damned fault.
So I, like many of you, have the short-term memory of a goldfish that was deprived of oxygen at birth, and I use a password vault to remember all my authentication tokens. There are several available, ranging from the low low cost of free to maybe $70 or so. Firefox has one built in, Symantec’s Norton products have their password manager, and there is an application for the Mac called 1Password, of which I am a huge fan. I don’t care which one you use, just use one.
But Adam, you say, if I use a password vault and I want to log in from a computer at the library / someone steals my computer / my desktop is rootkitted and it sniffs the form completion, then the password vault is ineffective. Well, first of all, don’t log in from computers you don’t control. They are probably already compromised. Second of all, most of these things have a master password, so you can get your machine stolen and you are in okay shape as long as you have a backup. Finally, if your machine is rootkitted and they grab the form completion, well, you are screwed anyways, and you learned your lesson for not running good AV.
We have learned to make backups and anti-virus products standard tools for keeping the data and systems in our possession safe. Now we need to add password management tools to this list to keep our remote data safe, or at least limit the damage in the event of a compromise.
cliff
titlewave - I think the debate on sales strategies has been interesting, but at least for me, has run its course.
Lost in the partisan discussions is the universal concept of market segmentation, which recognises that one size does not fit all. Most sales organization are segmented into verticals to address the requirements of the market: so, you organize for consumer, small- and medium-sized business, enterprise, government, OEM, etc. Each vertical has its own set of common characteristics and demands its own strategy, and each major customer within the enterprise-and-larger verticals gets its own cutomized strategy.
It's very basic stuff, and I think it's very unlikely that Wave does not understand it.
There's no arguing the track record on the retail sales is disappointing, but as Weby says, hindsight is 20/20, and we're all hall of fame armchair quarterbacks.
cliff
Ramsey2 - just to clarify, by big brother I'm referring to an SI partner with lots of business collateral with the customer. A simple reason for this is that the services costs for large projects greatly outweigh the hardware and software costs, usually by a factor in the range of 3:1, but sometimes by as much as 10:1.
I do agree that a lead from a Dell rep can or often does place Wave in, or ultimately leads to, an audience with senior management, and in modest scenarios, that can carry the day.
Mega deployments are a different case. In my experience, the sales cycle can easily exceed a year, and testing and certification usually follows being either short listed or selected ... what proceeds this is basically a parade of demonstrations, even if they are tailored to a customer's specification.
I recall very clearly my CIO coming in to a meeting / demo with an emergent British product company that despite having had no prior sales in North America had won the selection process for application software at the core of a 3-year $100M program. The CIO was courteous to the British company's reps, who he was meeting for the first time. But he spoke business only with the integrator, literally asking if they were prepared to bet their reputation and future business opportunities on the efficacy of the application software. They replied yes, which was the answer he required, and he was satisfied.
To be clear, the CIO did not address the business question to the application vendor, nor even to me, the program prime, but to the SI.
Two years later, after unacceptable delays and cost over-runs, the SI was gone from the company, but the application software is still in and humming.
Deploying security solutions may be less complex and cost-intensive than was the case with that particular project - apples and oranges - but for a 350,000 seat program, scope more than makes up for the lack of complexity, and yes, it better be right. Much better to outsource the potential rolling of heads.
Large enterprises are famously risk-averse, and with good reason in the case of IT. Here's a current reminder, and a couple of famous cases in point from Wikipedia:
http://www.australianit.news.com.au/story/0,24897,25096128-5013040,00.html
http://en.wikipedia.org/wiki/Death_march_(software_development)
"Among the most infamous death march projects are the Denver Airport baggage handling system and WARSIM, a U.S. Army wargame. The latter project was originally called WARSIM 2000 at its inception in the early 1990s. A decade after its original scheduled delivery date, WARSIM has yet to support a single Army training exercise, but is still being funded, largely to vindicate those who conceived of the system and defended it over the lifetime of its development."
cliff
telstarjohn - we are getting close to a violent agreement, but I would contend that Wave is differentiated from its competition by its technology. That is, Wave is pitching the same value propostion to the CEO as its software-based competitors.
The CEO doesn't understand or care aout the technology, and will direct his CIO to take the lowest-cost, lowest-risk solution that meets the requirements of the enterprise.
BTW, my background is also telecom ... corporate IT solutions, actually. I can state unequivically that nothing of significance was implemented without the involvement of a very substantial "big brother".
cliff
awk, I was going through the Dell flyer that came with the morning paper today, and took notice of the continued glaring absence of TPM's on the consumer products.
I take this to mean that consumer applications are still on the distant horizon ... TPM's on consumer MBs from Dell will surely mark the sea-change that we're waiting for.
cliff
telstarjohn - I agree that tranformation has to be driven top-down, but this does not mean selling technology directly to the CEO. No credible enterprise will adopt a new technology into their infrastructure without having IT's full endorsement ... that is why you see pilots and trials ad nauseum. It is why large organizations have CIO's and IT departments - their purvue is the selection, integration and deployment, and support of IT solutions.
What does facilitate the sales process for a new technology is the endorsement of large and credible IT consultancies and SI's - EDS as an example. These organization have the contacts, and the management, technical and financial resources needed to sustain the sales initiative and to guarantee implementation. The caveat is that to get these partners on-side requires the partner's recognition of the new solution's legitimacy and value, and a business model that enables them to make more money servicing the new solution than they can make with their legacy solutions, which will have to be abandoned (sometimes with contractual implications), i.e. it's not just a disruptive technology, it's a disruptive business model.
I see this as a significant gap for Wave at this time ... Dell is a great platform partner, but their services arm does not even rank in top 100 government integrators (courtesy of Ramsey's earlier post on top government integrators), let alone the top 10:
1 Northrop Grumman
2 Lockheed Martin
3 General Dynamics (Advanced Information Systems)
4 BAE Systems Technology Solutions & Services
5 Science Applications International Corp. (SAIC)
6 Boeing
7 IBM Global Services
8 Computer Science Corp. (CSC)
9 L-3 Titan Group (Government Services)
10 EDS
Adoption curves for new paradigms are torturously long - that's the fact. Wave is focused on the supply channel, correctly IMO.
cliff
helpfulbacteria - the motives of some posters are abundantly transparent ...
I actually think that SKS deserves some credit for managing through the continued Trusted Computing famine. It is especially significant that he was able to conceive and finance the development of the FDE support products, especially so with this market segment finding much more ready acceptance compared to the TPM-related products; 90% market share for FDE is not too shabby ...
It now seems that the extent to which FDE facilitates an after-market for TPM management will define whether, how soon and how substantially Wave will succeed in Trusted Computing writ large. But the OEM royalties and FDE licensing are probably sufficient to propel Wave to modest profitably.
cliff
More reasons to eliminate typing in passwords ...
http://www.itworld.com/security/64193/researchers-find-ways-sniff-keystrokes-thin-air
Researchers find ways to sniff keystrokes from thin air
by Robert McMillan
March 12, 2009
That PC keyboard you're using may be giving away your passwords. Researchers say they've discovered new ways to read what you're typing by aiming special wireless or laser equipment at the keyboard or by simply plugging into a nearby electrical socket.
Two separate research teams, from the Ecole Polytechnique Federale de Lausanne and security consultancy Inverse Path have taken a close look at the electromagnetic radiation that is generated every time a computer keyboard is tapped. It turns out that this keystroke radiation is actually pretty easy to capture and decode -- if you're a computer hacker-type, that is.
The Ecole Polytechnique team did its work over the air. Using an oscilloscope and an inexpensive wireless antenna, the team was able to pick up keystrokes from virtually any keyboard, including laptops. "We discovered four different ways to recover the keystroke of a keyboard," said Matin Vuagnoux, a Ph.D. student at the university. With the keyboard's cabling and nearby power wires acting as antennas for these electromagnetic signals, the researchers were able to read keystrokes with 95 percent accuracy over a distance of up to 20 meters (22 yards), in ideal conditions.
Laptops were the hardest to read, because the cable between the keyboard and the PC is so short, making for a tiny antenna. The researchers found a way to sniff USB keyboards, but older PS/2 keyboards, which have ground wires that connect right into the electric grid, were the best.
Even encrypted wireless keyboards are not safe from this attack. That's because they use a special algorithm to check which key is pressed, and when that algorithm is run, the keyboard gives off a distinctive electromagnetic signal, which can be picked up via wireless.
Vuagnoux and co-researcher Sylvain Pasini were able to pick up the signals using an antenna, an oscilloscope, an analog-digital converter and a PC, running some custom code they've created. Total cost: about US$5,000.
Spies have long known about the risk of data leaking via electromagnetic radiation for about 50 years now. After the U.S. National Security Agency found strange surveillance equipment in a U.S. Department of State communications room in 1962, the agency began looking into ways that radiation from communications equipment could be tapped. Some of this research, known as Tempest, has now been declassified, but public work in this area didn't kick off until the mid-1980s.
The idea of someone sniffing out keystrokes with a wireless antenna may seem ripped from the pages of a spy thriller, but criminals have already used sneaky techniques such as wireless video cameras placed near automated teller machines and Wi-Fi sniffers to steal credit-card numbers and passwords.
"If you are a company using highly confidential data, you have to know that the keyboard is a problem," Vuagnoux said.
If pulling keystrokes out of thin air isn't bad enough, another team has found a way to get the same kind of information out of a power socket. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
Their work only applies to older, PS/2 keyboards, but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data.
Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. They will also show how they've been able to read keystrokes by pointing a laser microphone at reflective surfaces on a laptop, such as the screen. Using the laser's very precise measurements of the vibrations on the screen's surface caused by typing, they can figure out what is being typed.
Previously researchers had shown how the sound of keystrokes could be analyzed to figure out what is being typed, but using the laser microphone to pick up mechanical vibrations rather than sound makes this technique much more effective, Barisani said. "We extend the range because with the laser microphone, you can be hundreds of meters away," he said.
The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon.
cliff
rwk, go-kite makes a valid point about Wave partnering with Safenet to compete for these opportunities. However, I also see that collaboration as Safenet's sortie into the services and applications arena that is opening up for HW-based FDE. After all, ERAS figures prominently as a common management platform for both HW and SW applications in the Safenet/Wave offering.
I did a search for Trusted Platform Module at the GuardianEdge website, and got back 0 hits. I had similar results when I researched the recent Ironkey announcement on Enterprise Management for their secure USB drives. So those solutions will need to be patched together with some other management tools ... probably a customized version of Active Directory, or maybe Infineon's vaporware product, with some Tivoli thrown in ... to satisfy the eventual key-related management requirements. And there will be calls to the Help Desk, so I'll need more Remedy seats.
I also thought that the scope of "up to" 350,000 seats suggested quite a different question. Consider an IT Director under pressure to rapidly deploy data encryption and hardened security to a base of 350,000 (or maybe it's 350,000 comprised of 3 different products, or some other combination thereof), and your department head and his boss and his boss's boss have been swarmed for a couple of years by the HP/EDS cabal, and the sales execs are promising what sales execs promise ... so maybe you decide to go for Sweetheart Deal #1 to mitigate the pressure, and you negotiate terms for deployment and support on a utility basis to manage the costs and downside risks (all those calls to the Help Desk, and they turned down your request for more support staff).
HP/EDS cuts their platform margins to subsidize the GuardianEdge stuff, thinking they'll make it back in services ... maybe even sub-contract out the mundane stuff. The deal gets made, backs are slapped, the pressure is off, your boss gets promoted.
But since you know your stuff, scan the government's own IT periodicals, and actually read the Dell proposal, you know that HW-based FDE has just gone mainstream, you know that your base turns over about every 3 years, and that TPMs are being mandated, and that HW FDE will probably be bundled with the TPM-enabled replacement seats in the not-too-distant future.
You think "Procurement looks like a great place to work," knowing that the whole thing will be getting revisited in about 15 months, and you start working on your own career transition plan.
I think the services vendors are going to be thumping SW encryption very hard to lock in deals over the next few quarters as the industry transitions the shift from SW to HW security paradigms, and there could be a lot of big announcements. The mopping up won't be quite so well publicized.
cliff
Chance To See - I was prompted by the Bio-key discussion to review some PRs that came out of Bioscrypt a few years ago, who made some fairly impressive claims in the biometrics / TPM arena.
FWIW, Bioscrypt was bought by L-1 Identity Solutions in January. I did a search for TPM on the L-1 web site, and received 0 hits.
My point is that the Bio-key patent may be significant, or not.
Here's a representative PR on the Bioscrypt narrative:
http://www.prnewswire.co.uk/cgi/news/release?id=153129
Bioscrypt Delivers Enterprise Management Solution for HP Credential Manager for ProtectTools
TORONTO, Canada, September 8 /PRNewswire/ --
- Bioscrypt Collaborates with HP to Sell and Support Authentication Solutions
Bioscrypt Inc. (TSX: BYT), a leading provider of identity verification technology, today announced VeriSoft Access Manager is available through HP for enterprise management of the HP Credential Manager solution.
A breach in data security can have a direct impact on the health of any business. As such, organisations are increasingly looking at ways to improve and strengthen the method by which they protect information. Bioscrypt, in working with HP, has developed a solution to help ensure protection of client data and devices and that users themselves do not become points of vulnerability to the entire IT infrastructure.
The proactive solution combines Bioscrypt's VeriSoft Access Manager Server with HP Credential Manager for ProtectTools to deliver functionality including secured single sign-on and Multifactor authentication with a centralised client configuration management. The Bioscrypt VeriSoft Access Manager is a robust and highly integrated backend server for the HP Credential Manager client solution. VeriSoft Access Manager allows organisations to use Credential Manager to centralise password replacement, consolidate user identities and secure vital company information. VeriSoft Access Manager also provides the ability to converge a user's credentials from multiple Credential Manager clients into a single enterprise directory so network, application and web based logon information is always accessible regardless of which client a user logs in on.
"In working with HP to bring forward our solution for Credential Manager, we are confident we have developed an industry-leading product for multi- factor authentication and credential management. The solution helps meet the security requirements of today's IT departments and is extensible and therefore able to grow to handle new threats. As new requirements emerge, the tools and components to meet them will easily integrate into the product," said Robert L. Williams, President and CEO, Bioscrypt. "We look forward to building our relationship with HP as we jointly promote and sell this new offering."
HP Credential Manager for ProtectTools increases network security by providing a secured password solution, which offers pre-boot multifactor authentication and single sign-on security and is provided on embedded security platforms to add an extra level of security protection. It is an HP branded Bioscrypt offering presently available on business PCs, workstations and notebooks configured with TPM and select other notebooks.
"HP is committed to providing customers industry leading security capabilities designed to help protect against unauthorised access to PCs, networks, and business-critical data so they can focus on business operations," said Manny Novoa, security strategist, Personal Systems Group, HP. "In working with Bioscrypt, we are providing our enterprise customers another robust ProtectTools solution that strengthens user authentication, protects and manages multiple user credentials, and defends against increasingly sophisticated threats with built-in -- not bolted-on -- solutions."
About Bioscrypt Inc.
Bioscrypt Inc. is a leading provider of identity verification technology. The Company's solutions combine the convenience of touch with the high security of fingerprint-based biometrics for simple and secure access to facilities, equipment and information. Using the "bioscrypt on board(TM)" brand, the Company offers packaged products, OEM components and software licensing to leading security solution manufacturers and integrators worldwide for physical, wireless and network security applications. Among the many leading edge companies and partners using Bioscrypt technology are the US Army, NASA, American Express, the New York Police Department, Kronos, NATO, Continental Airlines, Intel, Atmel, HID Corporation, Honeywell and Northern Computers. Bioscrypt's patented technology is interoperable with leading fingerprint sensors and is both platform and operating system independent. Bioscrypt is traded on the Toronto Stock Exchange under the symbol BYT. For more information, visit the Bioscrypt Web site at www.bioscrypt.com.
Forward-looking (safe harbour) statement
Statements made in this news release that relate to future plans, events or performances are forward-looking statements. Any statement containing words such as "believes", "plans", "expects" or "intends" and other statements which are not historical facts contained in this release are forward-looking, and these statements involve risks and uncertainties and are based on current expectations. Consequently, actual results could differ materially from the expectations expressed in these forward-looking statements.
Bioscrypt Inc., Bioscrypt, are trademarks of Bioscrypt Inc. All other trademarks or registered trademarks referenced herein are properties of their respective owners.
Distributed by PR Newswire on behalf of Bioscrypt Inc
cliff
EDIT awk, nice find!
These devices will obviously come down in price, but if the TDK costs are representative, they will initially be restricted to very specialized applications:
http://www.engadget.com/2008/06/02/tdk-announces-64gb-1-8-inch-hs1-micro-sata-drives-we-scream-in/
Things are looking up in the SSD race: TDK has just announced what they are calling the smallest Micro SATA SSD drives. The HS1 series will measure just 1.8 inches with 16, 32, and 64GB capacities and will use single-level cell NAND flash memory. Read / write speeds are spinner-like 100MBps and 50MBps respectively and are expected to be energy efficient at 20mA. Security wise, we're looking at 128-bit AES encryption with 7-bit error correction. They won't come cheap, though: prices are expected to run $900, $1,500, and $2,000 for the three capacities.
FWIW, TDK does not appear to be a TCG member ... that seems rather incongruous for a Lenovo supplier.
cliff
Ramsey2, TDK and Lenovo apparently have something going with SSD FDE as well.
http://hwzone.co.il/view-image/reviews-files/x300_preview/DSC_0015.jpg
I was unable to find any links to Wave, but we obviously have a link to Lenovo, and are said to be working with all of the drive manufacturers.
cliff
Foam, good presentation, thanks. I had not heard of EMSCB (Slide 64).
Barge will be very interested in Slide 36.
cliff
helpfulbacteria - you are so right-on!!
In the interest of clarity, I also want to initiate discussion on Wave's place in the "enterprise storage" market. That is, Wave is not a player.
This is not a new development; I do not recall Wave ever making any claims to the enterprise-class storage space, and these 2 markets seem to be coexisting separately and peacefully. It's unfortunate that the word "enterprise" has multiple usages, and this I think is the reason for the confusion.
This situation has been a subject of non-debate, oft-times alluded to by many posters, and never properly commented on (that I'm aware of), and as such I think has grown to become something of an elephant in the room.
So, to put my stake in the ground:
o Wave has FDE management products that address client-device security requirements. These client devices are primarily PC's; standards are covered off by the TCG OPAL specification.
o IBM / LSI / Seagate (and possibly others) have FDE management products that address Data Center server storage-device security. These devices are not PC's, but instead feature high-availibity-archtecture deployments with redundant disk-arrays. These standards are covered off by the TCG Enterprise Security Subsystem Class specification.
There are subjects that I would like to understand better with respect to these domains, eg. key management is often mentioned, and intuitively it would be an attractive extension to ERAS if it were able to manage both clients and servers.
Should Wave pursue the enterprise-class space? There may be some technocratic logic that would support this over time, but I don't relish taking on IBM on their turf, and I think we have plenty of potential business along with the attendant costs as things exist now. Far better to wait for a hardware partner to take us into that space. Plus, I would not be anxious to arouse IBM into taking a corresponding interest in the client-side market.
cliff
Foam, not sure why there have been no replies to this, it's a must read given recent discussions, and should get a sticky.
cliff
rwk, agreed. It certainly validates that security solutions are highly valued, and that bodes well for the longs in this community. Not sure how to take RIM owning a powerful security solution like ECC, though.
cliff
OT - UPDATE 1-RIM returns with doubled offer for Certicom
Tue Feb 3, 2009 12:18pm EST
http://www.reuters.com/article/marketsNews/idCAN0351934820090203?rpc=44
TORONTO, Feb 3 (Reuters) - BlackBerry maker Research In Motion (RIM.TO)(RIMM.O) returned with a second offer for electronic security company Certicom Corp (CIC.TO) on Tuesday, doubling its bid to C$3 a share.
The new offer is also about 43 percent higher than a bid of C$2.10 a share Certicom had received from Internet security provider VeriSign Inc (VRSN.O).
Certicom has about 43.7 million shares outstanding, according to Reuters data. This would value the new RIM bid at C$131.1 million ($106.6 million). Certicom said its independent directors are reviewing the RIM bid with its financial and legal advisers.
A big draw of the BlackBerry smartphone for RIM's huge base of business users is its ability to send wireless e-mail and messages securely. Certicom's technology could help RIM further bolster electronic security features on its handsets.
Late last month, Waterloo, Ontario-based RIM dropped its C$1.50 a share offer for Certicom after the target company got a court injunction blocking the bid. Certicom alleged RIM had violated non-disclosure agreements by using confidential information for its hostile bid.
Certicom's board plans to tell its shareholders what it thinks of the latest RIM offer no later than Thursday, the company said.
Certicom shares were halted on the Toronto Stock Exchange. They last changed hands at C$2.40 each.
cliff
xxxxcslewis - great article, thanks. This really makes the case for Trusted Computing in the consumer space.
cliff
Symantec's Thompson Commerce Secretary?
http://www.crn.com/government/212903168
The Channel Wire
January 28, 2009
Symantec's Thompson Commerce Secretary?
Multiple news sources on Wednesday suggested John Thompson, Symantec CEO and chairman, is President Obama's top choice for Secretary of Commerce.
According to Reuters, a number of senior Democratic sources confirmed the choice late Tuesday and early Wednesday, although neither the White House nor Symantec have confirmed Thompson as the lead contender.
"To the best of my knowledge no decisions have been made about a commerce secretary," said White House spokesman Robert Gibbs in a press briefing on Tuesday. "I believe his name has been out there as among the candidates that the administration has thought about, but according to the latest thinking that I had, no decision on that had been made."
The appointment would make Thompson the government's business policy and industry issues chief. According to reports in the San Jose Mercury News and CBS News, Thompson is currently being vetted by the Obama team and an official announcement could be days away.
Symantec did not respond Wednesday to Channelweb.com requests for comment.
Thompson announced in November 2008 that he would be retiring from the CEO spot at Symantec this April after a decade at the security giant's helm. His successor is Symantec COO Enrique Salem, and Thompson will remain chairman of Symantec's board.
Thompson is a noted Obama champion who threw his support behind the president early in the campaign, and has also served in various public sector capacities over the years. Back in 2002, former President George W. Bush appointed Thompson to the National Infrastructure Advisory Committee, and Thompson has also chaired the Silicon Valley Blue Ribbon Task Force on Aviation Security and Technology.
Secretary of Commerce is one of the last major Cabinet positions yet to be filled by President Obama. Obama's original appointee, New Mexico Gov. Bill Richardson, withdrew after being named the subject of a federal probe over improper business dealings in his home state.
In the past few months, Thompson's name has been bandied about among top choices for another Cabinet job, that of Obama's first-ever national CTO. Thompson told news sources at the time of his November announcement that he had "no interest in a Cabinet post" and "no interest in a political appointment, I just want to see change in the White House."
The top choices for Obama's CTO position are said to be Padmasree Warrior, CTO of Cisco Systems, and Vivek Kundra, CTO of Washington D.C.
cliff
barge, I do not dispute that the TCG-based MTM could be put into production, NOW. However, I expect that availability will be announced by silicon manufacturers well before appearing at the end of the value chain. I allow that there could be exceptions to this, most probably from handset manufacturers who do their own design and fabrication, and less probably from Dell.
Regarding the software retrofit of existing chips, I think that if changes to, say, TrustZone to make it compliant with the TCG spec can be made now, then that's where I would expect to see the first announcements. But this doesn't imply much in the way of barriers to entry in the smartphone marketplace.
Now take a look at product cycles (example: http://www.symbian.com/japan/news/pr/2007/pr20079433.html ) Here's a case where Symbian announced support for a TrustZone enabled ARM processor in October 2007, but the first associated smartphones aren't expected until 2010. Granted there are a number of earlier ARM processors that support TrustZone, but trying to find evidence of implementations is an exercise in frustration.
Then there is the value proposition. TCG benefits are all about scope and scale, about being able to achieve seamless interoperability between products from different suppliers, and about having management systems that simplify managing the devices and features. Non-TCG-compliant proprietary hardware is technically capable of providing excellent security for discrete applications; the TCG-based differentiation doesn't really come about until a critical mass of end points is reached.
cliff
barge, apologies if this sounds pedantic, but the TCG-secured mobile phones won't have TPM's. The hardware security is provided by an MTM, which as far as the world knows has not yet been fabbed.
There are non-TCG compliant alternatives to the TCG's 1.0 MTM, eg. ARM TrustZone. Also, the Sectera Edge would seem to have some impressive security features, but with a base price of $2650, not an attractive path for Dell to follow. (BTW, I haven't had any luck in finding what processor powers this device).
No question, it would be quite a coup if the industry's first TCG-compliant Smartphone were to be uncloaked out of absolute secrecy by a company that has no products or presence in the market at this time. But hey, at least they have nothing to cannibalize.
Also remember that there are no TCG standards for Flash or SS memory, and neither have we heard about any ready-for-primetime management solution; let's face it, management systems for mobile phones are very different from management systems for PCs. I think that those are gaps that Dell would want filled before dropping a product like this into the market.
cliff
barge, I think that if was that close to market, we would have heard that the Dell Trusted Mobile Phone was on the short list for displacing the Obama Blackberry.
cliff
barge, I'm just mindful that TPM 1.0 was published in February 2001, and our trip to Vegas is still on the horizon.
Non-TCG-standard solutions (ARM TrustZone, Discretix CryptoCell, maybe others) are available now for use by Smartphone handset manufacturers. It will get interesting when there are TCG-based MTM product announcements, and we should see a shorter ramp than for TPM.
cliff
barge, interesting to see both Dell and Acer moving ahead. Based on the TCG's Mobile Phone Work Group schedule, it's early in the game, but definitely part of the roadmap going forward.
With VeriSign's recent puchase of Certicom, I expect them to be a player in this space.
There's some good substance on this subject here:
http://www.leavcom.com/ieee_dec05.htm
Will Proposed Standard Make Mobile Phones More Secure?
Smart phones are becoming increasingly popular. Offering Internet connectivity, they function like minicomputers and can download a growing variety of applications and files, store personal information such as credit card numbers, and even conduct financial transactions.
But as smart phones become more sophisticated, they are also becoming targets for hackers and virus writers. "Because of increasing e-commerce capabilities, there is more value migrating to these devices," explained Roger Kay, president of Endpoint Technologies Associates, a market analysis firm.
With that in mind, the Trusted Computing Group (www.trustedcomputinggroup.org), an organization with more than 100 members—including component vendors, software developers, and network and infrastructure companies such as Intel, Motorola, Nokia, Samsung, VeriSign, and Vodafone—is working on a set of specifications and building blocks for mobile-phone security.
The TCG system would integrate data security into smart phones' core operations, rather than implementing it via add-on applications.
The TCG's Mobile Phone Work Group has published 11 use cases that, along with a set of technical requirements, will guide the specification work, slated for completion next year.
The proposed standard would protect user data and transactions, as well as enable intellectual-property (IP) protection, a feature the entertainment industry wants before making popular content available for mobile devices.
Nonetheless, the technology faces several potential hurdles.
For example, Seth Schoen, staff technologist for the Electronic Frontier Foundation (EFF), a digital-rights group, said manufacturers might find integrating TCG circuitry into a phone or making the technology work with the device's software a significant engineering challenge.
In addition, he said, consumers may not like usage restrictions imposed by the technology's IP protection.
DRIVING FORCES
The smart-phone market is growing rapidly. Market research firm IDC predicts that by 2008, vendors will sell more than 130 million of the devices, representing 15 percent of all mobile phones.
Market research firm Canalys said global smart-phone shipments through the first half of this year were more than 12 million, 105 percent more than during the first six months of 2004. Last year, said the ARC Group, a market analysis firm and consultancy, smart phones accounted for only 3 percent of global handset sales.
As smart phones have improved their data handling capabilities, customers are increasingly using them to conduct online and, via digital wallets, in-person purchases, as well as to store corporate, financial, and other important information.
Thus, as smart phones become like portable PCs, hackers are targeting them more for attacks.
Until now, security has not been a primary focus for phone makers because the devices were used mainly for voice communications and messaging, explained Mikko Hypponen, director of antivirus research for security vendor F-Secure.
Vulnerabilities
About 90 viruses, worms, and Trojan horses currently target smart phones. Hypponen said the malware can destroy or corrupt data on a device or make the information inaccessible; make applications inoperable; or even send out messages without users' knowledge, for which providers can bill them.
Malware can spread itself from device to device via a phone's Bluetooth short-range connectivity capabilities, executables attached to multimedia messages, and infected removable memory cards.
Mobile devices can also pick up malware by synchronizing with an infected PC or downloading infected files from the Internet via a mobile network.
Information theft is also a concern. The most common way people steal data on a device is by taking the device itself, noted Ed Moyle, founding partner of the Security Curve market research firm.
Several utilities let attackers intercept material sent wirelessly from devices via Bluetooth, explained Marcus Sachs, a computer scientist at SRI International, a contract research institute, and deputy director of the US Department of Homeland Security's Cyber Security R&D Center.
And in the future, malware will be able to steal information and send it to hackers, noted Aaron Davidson, president of antivirus vendor SimWorks.
Current mobile-phone security
Current mobile-phone security includes service providers' network-based malware defenses and malware protection on individual handsets, said Todd Thiemann, director of device security marketing for antivirus company Trend Micro.
Additional approaches protect against data theft and other problems. For example, noted Moyle, screen locks prevent thieves from accessing information from stolen devices, cryptographic software keeps unauthorized users from reading data on a phone, and PC-based products don't allow the migration of critical material to a handset.
Devices are also increasingly including authorization capabilities, said F-Secure's Hypponen.
Many prior security approaches for smart phones have been based on companies' proprietary approaches, noted Janne Uusilehto, who chairs the TCG's Mobile Phone Work Group and is head of Nokia's Product Security Technologies Team.
However, proprietary software won't always work between devices on different platforms.
WHAT TCG DOES
The TCG's smart-phone specification calls for hardware to support features similar to those of the Trusted Platform Module (TPM) chip used in PCs and servers.
The TCG said it won't divulge details of the technology behind its smart-phone system until it finalizes the initial specification next year. However, information about the TPM chip for PCs, servers, and laptops, described in the "Inside the Trusted Platform Module" sidebar, offers some ideas.
The TCG will have to adapt TPM technology because mobile phones are much smaller than PCs and already full of circuitry and thus don't have enough empty space for another chip.
"It might be necessary to adapt the functionality of the TPM by integrating it within some other chip that's already in a mobile phone," explained the EFF's Schoen. "There would then be a logical TPM functionality but no separate TPM chip."
Integrating the circuitry with existing silicon would also minimize the TPM technology's added cost, said Endpoint's Kay.
Schoen noted that it would be more difficult to upgrade the TCG's hardwired hardware-based security system than a software-based one. But hardware-based security is harder to modify and break than its pure-software counterpart, Security Curve's Moyle added.
However, Trend Micro's Thiemann said, a hardware approach would limit a company's flexibility in choosing phones if the device it prefers to use doesn't support TCG specifications.
Meanwhile, Moyle noted, the TCG's open approach will enable standardization and interoperability. And providing a technology foundation for companies to build on will enable them to bring products to market faster, said the TCG's Uusilehto.
TCG smart-phone use cases
The TCG's 11 use cases for its smart-phone security system indicate the system will enable:
mechanisms to ensure that no one has tampered with a device's hardware and software;
device authentication to protect and store owner-identity-related information and thus to determine whether a thief or other unauthorized person is trying to operate a phone;
IP protection to restrict use of third-party content;
the safe download of updates, patches and other software;
secure channels between different parts of the phone—such as a subscriber identity module and the processes that use the SIM's data—to prevent keystroke logging or other types of tampering by malware;
the secure download and subsequent management of digital tickets, which represent proof that a user has the right to access and use network-based services or resources;
the secure execution of payments made via a mobile phone;
the ability to determine that software downloaded for use on a phone is safe and to remove or at least not execute unsafe software; and
ways to prevent unauthorized parties from accessing or viewing information stored on a device.
IP protection
The TCG specification would include IP protection that would keep users from playing, copying, and transferring content such as music, video, games, and software in ways that violate terms set by the company providing the material.
Proponents say that IP protection could encourage content owners to make video, audio, games, software, and other material available for use on smart phones. This could lead to new services for customers and generate revenue for content owners and cellular service providers.
Opponents contend this excessively limits the way individuals can use the content they buy and the devices they own.
Device control
Cellular service providers and handset vendors could use TCG technology to get more control over devices. For example, said the EFF's Schoen, the technology could let service providers keep ring-tone or application vendors from selling material for use on a smart phone unless they pay carriers a fee.
"This is just one example of a business model that involves restricting how customers can use phones and charging customers for things that don't actually have a cost to the carrier," said Schoen.
POTENTIAL PROBLEMS
Integrating TCG circuitry into a phone or making the technology work with the handset's software could be a significant engineering challenge because most devices have limited memory, power, and processing resources, noted SRI's Sachs. "Any time you add cryptography or other security features, you increase storage requirements and the load on the processor," he explained.
Meanwhile, Schoen said, customers may be angry about the IP and application-download restrictions that TPMs enable. Mobile phone users, he explained, expect a lot of freedom with their devices.
"The specification will help cell phone companies decide who can publish software or media for your phone and even whether you can load documents on your phone, he said.
With IP protection, noted Security Curve's Moyle, "the goal is to prevent piracy, but consumers often find it to be inconvenient."
The TCG's Uusilehto said the Mobile Phone Work Group will likely approve the smart-phone specification in the first half of 2006. The group would then make the document public, and manufacturers could begin adopting the technology.
TCG adoption may be slow, based on companies' lack of urgency in embracing TPM technology in PCs, servers, and laptops, noted Trend Micro's Thiemann.
Endpoint's Kay predicted widespread adoption won't begin in earnest for 12 to 18 months after the introduction of the specification because e-commerce, a major driver for the technology's adoption, won't migrate to phones as quickly as it did to PCs.
According to Schoen, adoption may occur even more slowly due to consumer concern about the usage restrictions the technology will enable. He said, "They will force more restrictions on consumers, rather than offer them more control and flexibility."
Added SRI's Sachs, "If there are devices that don't have the restricting software but work just as well, then consumers won't buy the ones with TCG inside."
Inside the Trusted Platform Module
The technology behind the Trusted Computing Group's (TCG's) secure platform for smart phones will be based on the Trust Platform Module, designed for use in PCs, servers, and laptops.
The TPM is a motherboard-mounted cryptographic processor with a unique digital signature. It provides the basic building blocks for higher-level security functions such as authorization, access control, and file encryption and decryption.
The TPM chip—which protects motherboard traffic and communications between the CPU and a network—stores public encryption keys, digital certificates, passwords, and other credentials.
"In essence, the system cryptographically seals off the parts of a computer that deal with data and applications and gives decryption keys only to outside programs that the TPM chip deems trustworthy," said Janne Uusilehto, who chairs the TCG's Mobile Phone Work Group and is head of Nokia's Product Security Technologies Team.
The system doesn't decide whether code is safe. Instead, it identifies users; their computing systems, based on their TPM chip's unique identifying digital signature; and the applications or data they want to run. Trusted agents then consult directory services to determine whether the users are authorized to run the applications or data on the protected system.
The TPM concept was developed by the Trusted Computing Platform Alliance, the TCG's predecessor. According to the TCG, computer makers such as Dell, Hewlett-Packard, and IBM have shipped more than 17 million TPM clients.
Neal Leavitt is president of Leavitt Communications (www.leavcom.com), a Fallbrook, California-based international marketing communications company with affiliate offices in Brazil, France, Germany, Hong Kong, India, and the UK. He writes frequently on technology topics and can be reached at neal@leavcom.com.
cliff
Smart Grid Article ... and a reminder that the smart grid end points need to be authenticated.
A Better Grid: Will It Juice Stocks?
http://www.smartmoney.com/Investing/Stocks/A-Better-Grid-Will-It-Juice-Stocks/?afl=yahoo
IN 1849, TENS OF THOUSANDS OF EASTERNERS joined a gold rush to California, lured to the new territory by the discovery the previous year of 23-karat flakes in the river by Sutter's Mill. Now, 160 years later, on the opposite coast there is a "Grid Rush."
Lobbyists for electrical utilities, their suppliers, and their consultants are descending on Washington in droves to pan for a share of the $11 billion that President Barack Obama initially wants to spend to help modernize our aging electrical-transmission system -- a web of 250,000 miles of power lines connecting millions of homes and businesses to 9,200 electric plants.
About $4.5 billion of that lucre would help utilities convert the low-voltage part of the system into a so-called smart-grid, introducing digital-age efficiencies into the system, reducing waste and negating the need for expensive and polluting new power plants. Similar upgrades are under way in world capitals from Brussels to Beijing as governments struggle to reduce greenhouse emissions and their dependence on Middle East oil.
The other $6.5 million is for repairing and maintaining existing wiring. A study by the Brattle Group estimates utilities will have to spend more that $1.5 trillion between 2010 and 2030 merely to maintain the level of today's service.
Obama's proposal might just be the start of years of big expenditures, because he was a big supporter of the smart-grid concept on the campaign trail and because, frankly, $4.5 billion is a drop in the bucket.
Some smart-grid proponents recommend spending $10 billion every year for at least five years, which they say would save utilities and business billions and create about a quarter of a million new jobs. That kind of money could lead to such things as electric meters that talk back to the utilities, allowing them to bill you without hiring a meter reader, and time-of-day pricing that allows you to reduce your bill by, say, running the dishwasher after midnight.
The real question here is whether the money in the stimulus is a one-time boost, or a down payment on a longer-term commitment. Investors thinking of snapping up grid-related stocks, such as the ones shown in the table above, should give some serious thought to the question.
The conventional wisdom is that Congress and Obama won't short-circuit the project. "I think there is a consensus that we need a stronger, smarter electrical-transmission system," says Peter Fox-Penner of the Brattle Group.
Proponents argue smart-grid spending will pay for itself over time and help reduce greenhouse emissions. The Department of Energy claims that a 5% improvement in grid efficiency would be the same as permanently eliminating harmful emissions from 53 million cars.
Other boosters claim smart-grid technology could reduce our overall energy usage by 15%, negating the need for about $100 billion of new power plants and transmission lines. But that is a claim without convincing evidence, extrapolated from the results at one small demonstration program.
This isn't to say there is no there there. Suedeen Kelly, a member of the Federal Energy regulatory Commission, says new digital capacitors being installed on lines in New York state at a cost of $80 million will reduce energy costs by $60 million per year. That represents a rather quick payback.
Investors clearly have taken an upbeat view of all this. The stocks of companies flogging smart-grid products and services have held up better than many other sectors. And the companies themselves are hardly discouraging the optimism.
F. Michael Valocchi, global energy and utility industry leader for the Global Business Services group of IBM (IBM: 91.66, +0.06, +0.06%) , claims that the smart grid is one of the fastest-growing business categories at his company. IBM gives utilities end-to-end support in upgrading their transmission systems, helping them set standards, develop software, and order the right components. Valocchi says he is now working with seven utilities around the globe.
Dozens of corporations are trying to move into the space, as evidenced by members of Gridwise.org. They range from giants like Lockheed Martin (LMT: 82.48, -0.04, -0.04%) to Microsoft (MSFT: 17.66, +0.03, +0.17%) to money-losing startups betting on a big surge in demand.
Stephen Sanders, a managing partner at securities firm Stevens Inc., says companies already making money in the sector should benefit from the proposed stimulus in 2010. He favors Itron (ITRI: 62.42, +2.41, +4.01%), a leader in advanced metering, because a 2007 acquisition gave it global reach. Sixty-five percent of its business is now outside North America.
Itron borrowed heavily to make the purchase, but Sanders says its cash flow is adequate to meet its debt obligation. He sees earnings per share rising to $3.85 in 2009 from $3.40 this year. His price target: about $70, up from the low $60s now.
Sanders also likes Esco Technologies (ESE: 35.74, +0.51, +1.44%), an engineering company that provides two-way communications gear between all sorts of utilities and their meters. Both Itron and Esco are investment-banking customers of Sanders.
The grid, which dates back to the early 1960s, is often described as the world's largest interconnected machine. Without it, electricity generated in one part of the country couldn't flow to other parts. Pleasures that we take for granted -- like flipping on a light at home or driving on illuminated streets in the night or sending an e-mail -- would be hit-or-miss occurrences if there were no grid to instantly provide extra juice when utilities close to home couldn't meet demand.
But the grid is far from a well-oiled machine. A sudden surge in demand from one region can cause overloads that result in blackouts. Earthquakes can disrupt flows to some states for long periods. There are about 12,500 electric substations serving the entire system, and if 500 of them were down at any one time, the system would experience a 60% drop in customer connectivity.
Smart-grid boosters say it is a prerequisite for bringing electricity generated by wind, solar and other intermittent, renewable sources to market and for allowing the mass production of plug-in electric cars.
Still, it remains unclear just how much of a jolt Obama's first stimulus will send through the grid. That is why we would wait until next budget season before connecting our investment dollars heavily to it. Investors could be in for a big shock unless the federal dollars start begin to flow more freely.
cliff
(edit) weets, for those who think Wave doesn't provide significant differentiation for Dell, here's this morning's box score:
Michael Dell - 1
Mark Hurd / HP - 0
cliff
Obama Will Get His Blackberry
http://marcambinder.theatlantic.com/archives/2009/01/obama_will_get_his_blackberry.php
21 Jan 2009 11:50 am
President Barack Obama is going to get his blackberry.
On Monday, a government agency that the Obama administration -- but that is probably the National Security Agency -- added to a standard blackberry a super-encryption package.... and Obama WILL be able to use it ... still for routine and personal messages.
It's not clear whether he yet has the device.
With few exceptions, government Blackberries aren't designed for encryption that protects messages above the "SECRET" status, so it's not clear whether Obama is getting something new and special. The exception: the Sectera Edge from General Dynamics, which allows for TOP SECRET voice conversations.
Perhaps the NSA and US telecommunications companies have created a special, more secure digital pathway for Obama's messages to travel on, one that would resist the inevitable penetration attempts by foreign governments.
A General Dynamics spokesperson declined to comment; the NSA did not respond to an e-mail seeking comment, neither did two Obama spokespeople.
The messages, like other White House communications, will kept from the public for the duration of his presidency, if not longer.
Obama and other officials won't be able to use Instant Messaging in the White House.
Earlier in the transition, there was a plan to give select officials access to a Blackberry owned by the Democratic National Committee; the devices would be able to be used for political communication but would be subject to different disclosure rules.
http://news.zdnet.com/2100-9595_22-262060.html
Obama's new BlackBerry: The NSA's secure PDA?
By Declan McCullagh CNET News.com
Posted on ZDNet News: Jan 13, 2009 11:52:21 AM
Bill Clinton sent only two e-mail messages as president and has yet to pick up the habit. George W. Bush ceased using e-mail in January 2001 but has said he's looking forward to e-mailing "my buddies" after leaving Washington, D.C.
Barack Obama, though, is a serious e-mail addict. "I'm still clinging to my BlackBerry," he said in a recent interview with CNBC. "They're going to pry it out of my hands."
One reason to curb presidential BlackBerrying is the possibility of eavesdropping by hackers and other digital snoops. While Research In Motion offers encryption, the U.S. government has stricter requirements for communications security.
"Without more details I would have to say that putting sensitive or classified information on a BlackBerry is a risky proposition," said Greg Shipley, chief technology officer at Neohapsis, a governance, risk, and compliance consultancy.
Fortunately for an enthusiastic e-mailer-in-chief, some handheld devices have been officially blessed as secure enough to handle even classified documents, e-mail, and Web browsing.
The Sectera Edge (Credit: General Dynamics)
One is General Dynamics' Sectera Edge, a combination phone-PDA that's been certified by the National Security Agency as being acceptable for Top Secret voice communications and Secret e-mail and Web sites. Through three separate interchangeable modules, it works with Wi-Fi, GSM, or CDMA networks, and is dust-proof, waterproof, and rugged enough to survive repeated 4-foot drops onto concrete. Physically, it's a chunkier second cousin to the Palm Treo 750, though with an additional LCD display below the keyboard.
The price is $3,350 with a two-year warranty, a princely sum that's reflected in the Pentagon-worthy price tags for accessories: a simple adapter for a lighter plug costs $100. (Never again should you complain about how much your civilian analogue costs.)
The Sectera runs a mobile version of Microsoft Windows, including versions of Word, Excel, PowerPoint, and Windows Media Player. The NSA claims that the installed versions of Internet Explorer, WordPad, and Windows Messenger are good enough for data that's classified at a level of Secret. Presumably the federal spooks have found a way to protect IE from the numerous security flaws that continue to plague the Internet's most popular browser.
The NSA declined to comment on Monday.
L-3 Communications' Guardian, still in development, is similar, but sports a chunkier antenna and a slightly less conventional keyboard shaped like a V. It, too, runs Windows, boasts a stylus and QWERTY keyboard, supports desktop synchronization, and can be used on secure data plans with AT&T, Sprint, T-Mobile, and, internationally, Worldcell. Files stored locally are encrypted.
Both PDA-phones owe their existence to a Defense Department project called SME-PED, meaning Secure Mobile Environment Portable Electronic Device. Because the SME-PED was explicitly designed to act as a classified-information-friendly replacement for a BlackBerry, it should be an easy switch for a President Obama.
That's assuming he still feels like e-mailing after Inauguration Day. Even though President Bush enjoys the same access to NSA-certified handhelds, he has never resumed his daily e-mail habit from the days when he went by the humble moniker of G94B@aol.com. (On January 17, 2001, Bush sent out this sad farewell: "Since I do not want my private conversations looked at by those out to embarrass, the only course of action is not to correspond in cyberspace. This saddens me. I have enjoyed conversing with each of you.")
At the time, Karen Hughes, one of Bush's closest aides, said that the president chose to abandon e-mail because of public records laws. That includes the Freedom of Information Act, or FOIA, and the Presidential Records Act of 1978.
Obama may find the convenience of wireless e-mail a pleasure difficult to give up. News reports during the presidential campaign described how he relied on his BlackBerry to bypass aides, which was even satirized by the Onion.
He checked e-mail during his daughter's football games, e-chatted with actress Scarlett Johansson, and before the New Hampshire primary told CNET News that the BlackBerry was his favorite gadget. On the other hand, Republican VP candidate Sarah Palin's e-mail breach is still within recent memory, as are the Bush White House's legal troubles stemming from the use of Republican National Committee e-mail systems.
"It's not just the flow of information," Obama said in the recent interview. "I mean, I can get somebody to print out clips for me, and I can read newspapers. What it has to do with is having mechanisms where you are interacting with people who are outside of the White House in a meaningful way. And I've got to look for every opportunity to do that--ways that aren't scripted, ways that aren't controlled, ways where, you know, people aren't just complimenting you or standing up when you enter into a room, ways of staying grounded."
Federal law does explicitly exempt from disclosure any "personal records" that do not relate to the president's official function. Those include electronic records that are "of a purely private or non-public character" and don't relate to official duties; the law lists diaries, journals, notes, and presidential campaign materials as examples. Similarly, FOIA prevents files from being released if the disclosure would significantly jeopardize "personal privacy."
In other words, Obama could choose to keep e-mailing judiciously, and trust his lawyers and the law to fend off overly nosy journalists and historians.
Wireless devices: What price convenience?
One thing that security experts can agree on is that despite RIM's efforts, a BlackBerry probably isn't up to the security standards for a leader of the free (or even unfree) world.
BlackBerrys can become infected with viruses that install spyware or turn the microphone on and record conversations, malware can be inadvertently downloaded, e-mail and text messages can be intercepted, and, of course, they can be lost or stolen, said Dan Hoffman, chief technology officer of SMobile Systems, which sells antivirus software for the devices.
The National Vulnerability Database, which is sponsored by the Department of Homeland Security's National Cyber Security Division, lists 14 vulnerabilities for BlackBerrys. Those include ways that a malicious attacker can install malware, and perhaps crash the device through a so-called denial of service attack.
It's not like snoopy computer utilities are difficult to find. Flexispy.com sells spyware that can be installed by someone with physical possession of a phone for 15 minutes. The creators boast that their software, once installed, can "bug a room or person" and "catch cheating husbands."
The U.S. government uses special ciphers for secret information and they use different data networks from the public data networks, said Phil Dunkelberger, chief executive of encryption provider PGP Corp. "Unless you're using point-to-point encryption technology...or the mail itself is encrypted, you would have exposure to people administering the network." And, on a related note, we know that Obama's cell phone records through Verizon were improperly accessed last year.
There's also the risk of someone tracking the coordinates of a BlackBerry through the device's built-in GPS or the carrier's ability to triangulate on the signal--something that police, for instance, claim they should be able to do without a search warrant or evidence of criminal activity. Bush White House aides say that security concerns prompted them to disable the GPS feature on their BlackBerrys.
James Atkinson, president of Granite Island Group, an engineering firm that helps the government protect classified networks and equipment, pointed this out as a possible security vulnerability. "You can identify where a person is without gaining access to the cell phone network just by the timing of the signals, Atkinson said. "You can identify who is sitting in which seat in a conference room from a couple thousand feet away."
Then again, it's not like the president of the United States and his entourage travel incognito that often.
If nothing else works, Obama can always turn to Bush for some tips. Not his immediate predecessor, but former President George H.W. Bush, a late-in-life convert to the joys of e-mail. Bush the Elder has been quoted as saying: "I'm what you might call a black belt wireless e-mailer."
cliff
Tsunami07, thanks. A very good question for someone to put to Wave at the next oportunity would concern their involvement in the "attested metering" arena.
To add to your post:
http://seclab.cs.uiuc.edu/pubs/LeMayGGG07.ppt#256,1,Unified
cliff
Taxi vader, nice find!
Slide 58 speaks loud and clear on cross-platform interoperability:
- Whole Disk Encryption (hardware based on Dell Latitude, HP, Lenovo)
- Wave Embassy suite is the software front end to where the real work is done — hardware-based encryption
- Used in conjunction with TPM chip
Looking forward to another Case Study to come based on this.
Also, this is a great opportunity to upsell the Wave/ERAS/Safenet combo to consolidate the non-Wave mish-mash.
cliff
ramspower, thank you for the clarification ... I think it warrants a Sticky Note.
cliff
MIB, posted by ootommy ... this will help:
http://www.bloomberg.com/apps/news?pid=20601087&sid=a8.DFAbZLUyE&refer=home
U.S. Stocks Advance as Technology Shares Rise; GM, Energy Fall
By Whitney Kisling
Dec. 12 (Bloomberg) -- U.S. stocks advanced as speculation the government will boost spending on technology overshadowed concern a bailout of carmakers won’t bring the nation out of a recession, spurring a 3.3 percent rebound by the Standard & Poor’s 500 Index from the day’s low.
Intel Corp. and Micron Technology Inc. rose more than 5.2 percent after Nancy Pelosi said the House is likely to act next month on an economic-stimulus measure that would boost computer expenditures. General Growth Properties Inc. surged 25 percent, leading a real-estate rally, after refinancing debt to stave off bankruptcy. General Motors Corp. and energy stocks fell.
The S&P 500 increased 0.7 percent to 879.73 after falling as much as 2.6 percent. The index swung between gains and losses at least 30 times and jumped more than 1 percent in the final four minutes of trading. The Dow Jones Industrial Average climbed 64.59 points, or 0.8 percent, to 8,629.68. The VIX, a measure of how much investors are paying for protection from stock declines, slipped 2.7 percent to 54.28, the lowest since Nov. 4.
“The market is hovering, waiting for some kind of catalyst to get it going,” said Thomas Nyheim, a Greenville, Delaware- based fund manager for Christiana Bank & Trust Co., which oversees $4 billion. “We can see valuations are attractive, but I think the next real catalyst will be a major stimulus package and that’s not until the first quarter of next year.”
The Senate’s rejection last night of $14 billion in emergency loans to GM and Chrysler LLC spurred a global rout in equities that sent Europe’s Dow Jones Stoxx 600 Index down 2.7 percent and the MSCI Asia Pacific Index to a 4.2 percent slide.
Rebound, Resume Slide
GM and Ford Motor Co. rebounded, driving the U.S. stock market higher, after the White House said it might finance an industry rescue with funds set aside for banks. GM later resumed its slide. Technology shares gained the most among 10 industries in the S&P 500 after Pelosi said the House will act next month on as much as $600 billion in spending to fund improvements in broadband internet technology and making environmentally friendly improvements to the nation’s electric-power grid.
Intel, the world’s biggest computer chipmaker, added 5.3 percent to $14.75. Micron, the largest U.S. memory-chip maker, rose 12 percent to $2.07. They helped drive technology companies in the S&P 500 to a 2.4 percent advance.
cliff
Weby, there is a second whitepaper that is a useful companion piece to JKIRK57's find:
http://communities.intel.com/docs/DOC-1391
This whitepaper does cover off the TPM-enabled Bitlocker FDE. Issued Feb 2008, it pre-dates the Safenet deal.
cliff