Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Greasing the skids?
Congress passes DHS spending bill
http://www.fcw.com/fcw/articles/2004/1011/web-dhs-10-11-04.asp
As expected, the Senate approved a conference report today by voice vote authorizing $32 billion in discretionary spending for the Homeland Security Department for fiscal 2005, which began Oct. 1.
The Senate's action follows a House-Senate Appropriations Conference Committee's Oct. 9 approval of the conference report. The spending amount is about $896 million more than what President Bush had proposed and an increase of about $2.8 billion above fiscal 2004. The bill will now be sent to the president.
Representatives overwhelmingly passed their appropriations bill in June, while Senate lawmakers passed their measure in mid-September by 93 to 0.
Although the conference report was not yet available to the public, the House and Senate appropriations committees provided highlights. They include:
Nearly $607 million for departmental management and operations, including $275 million for the chief information officer's office.
About $894 million for the Information Analysis and Infrastructure Protection Directorate, including $67.4 million for cybersecurity and $35 million for the Homeland Security Operations Center.
The research-oriented Science and Technology Directorate would receive $1.1 billion, including $558 million to develop radiological, nuclear, chemical, biological and high explosives countermeasures; $76 million for rapid development and prototyping of technologies; $61 million for research, development and testing of measures to protect civilian aircraft from shoulder-fired missiles; and $65 million for bio-surveillance activities.
More than $5 billion for the Transportation Security Administration, including $180 million for buying explosives-detection systems, $54 million for research and development of the next generation of such systems, and $12 million for rail security.
About $7.4 billion for the Coast Guard, including $724 million for the Deepwater modernization program.
Nearly $4 billion for first responder grants, including $1.1 billion in basic state grants, $885 million for the Urban Area Security Initiative, $715 million in grants for firefighters, $400 million in grants to local law enforcement agencies for terrorism prevention, $150 million in port security grants, and $150 million in rail and transit security grants.
About $6.35 billion to U.S. Customs and Border Protection, including $450 million for automation modernization, $80 million for radiation portal monitors and other detection technology, and $64 million for sensor and surveillance technology.
In addition, the U.S. Visitor and Immigrant Status Indicator Technology initiative will receive $340 million.
zen, I really HOPE i'm wrong
however, I think what we'll see is deferred revenue from Q2 carried over, plus a month's worth of revenue from June. $40,000 plus $20,000, unless we bagged an elephant.
I enjoy your thoughts, too. Thanks for your continued posting!
OT: U.S. Government Gears Up For Rapid Move To Smart Cards
Facing a presidential order to have all U.S. federal agencies issuing a standard ID card by February 2006, government officials have set an aggressive timetable for developing standards for the smart card credential. Officials have not even had time since President George Bush’s Aug. 27 order to count the number of government workers and employees of companies working for the government that will require the new ID. But William C. Barker, a program manager at the National Institute of Standards and Technology, estimates that 7 million individuals will carry the smart card IDs. NIST is responsible for developing the standards, and it is wasting no time, since the presidential order says there must be agreement on a standard by Feb. 27, 2005. Speaking Monday at Thomson Media’s CTST Public ID conference in Tysons Corner, Va., near Washington, Barker said there will be a meeting of government officials on Wednesday to discuss technology and policy alternatives, and a meeting with industry vendors the following day. By Nov. 8, he says, there will be a public draft of the standard available for 45 days of public comment. The standard is expected to draw on the experience U.S. agencies have gained with smart cards, especially the Department of Defense, which has issued 5.8 million smart card IDs in the last four years. But Barker says questions still remain over whether to include a contactless interface on the new smart card ID and about which biometrics to use to identify cardholders.
Hi zen
I hope you're right, but I think $200,000 is waaayyyyy optimistic. I'm thinking more like $60,000 to $70,000, unless unannounced they've booked a large enterprise or gov't deal.
It's anybody's guess, but time will soon tell.
RWK: perhaps you missed this:
Lee, MA – December 18, 2003 – Wave Systems Corp. (NASDAQ: WAVX – www.wave.com), today reported that the Securities and Exchange Commission has commenced a formal investigationinto certain matters relating to Wave. The SEC's investigative order, received by Wave on December 17, 2003, relates to certain public statements made by Wave during and around August 2003, as well as certain trading in Wave's securities during such time. The SEC has not concluded that there has been any wrongdoing, and Wave is cooperating fully with the SEC on this matter.
OT: iPass Acquires Safe3w
10.05.04
REDWOOD SHORES, Calif. -- As part of its Policy Orchestration initiative, iPass Inc. (NASDAQ: IPAS - message board) announced today the acquisition of Safe3w, a privately-held Woodbury, NY company that has developed an innovative patented dynamic device "fingerprinting" technology. When integrated into the iPass connectivity platform, this technology will help ensure that only trusted computers - those devices that are identified and known to the IT department, and protected against identity theft, intrusion, viruses and worms - have access to corporate networks.
iPass will be working to quickly integrate Safe3w technology into its connectivity platform. In the near future, iPass intends to offer new service capabilities to help companies better enforce security on both company-owned remote and mobile computers as well as employee home PCs - every time they touch the Internet.
Along with the recently announced iPass Policy Orchestration initiative, this acquisition of Safe3w extends iPass' leadership from secure global corporate access into the protection of endpoints across Internet connections. Because iPass systems touch every user connection request, iPass services can control the connection state, placing iPass in position to protect workers' computers in accordance with their company's IT policies.
According to the analyst firm IDC, about two-thirds of U.S. employees will be mobile workers by the year 2006. This explosion in the number of mobile workers dramatically increases the need for technologies that protect corporate networks and the remote computers that access them. Because data and resources stored on remote computers are also increasing in value, the danger associated with not keeping these devices secure and up-to-date has reached a critical level.
Safe3w has developed a unique software-based approach that complements iPass' own technology and service roadmap. Integrating the Safe3w technology together with the iPass connectivity platform will allow iPass to deepen computer and network protection by layering device identification and authentication onto the connection process. This new capability will extend endpoint security in a unique and compelling way, allowing access control of mobile users to be based on a combination of three dimensions: Who they are; where they are; and now which device they are using.
"The increased productivity of always-on connectivity and enterprise mobility come with inherent security risks," said Ken Denman, CEO of iPass. "The iPass Policy Orchestration initiative is being built to address the remote access security risks facing the enterprise by unifying the operation of multiple security services into a single mobility solution. The innovative technology from Safe3w fits naturally into iPass' service strategy and should contribute substantial value to customers through integration with our leading solutions."
iPass Inc.
Eamonshute, another TPM!
Fujitsu tablet gets modular
By Rick Broida
ZDNet News October 7, 2004, 7:53 AM PT
Fujitsu Computer Systems on Tuesday introduced its second-generation convertible tablet PC, the LifeBook T4000, featuring an integrated modular bay that can accommodate various options.
The new tablet is available with an Intel Pentium M 725 or 745 processor, up to 2GB of RAM, a 40GB or 80GB hard drive, and an improved 12.1-inch XGA display that Fujitsu said delivers a 180-degree viewing angle. Other standard features include a modem and Ethernet adapter, Intel PRO/Wireless 2200BG 802.11b/g, two USB 2.0 ports, and Type II and Secure Digital slots. For users who need to perform a lot of dictation, the tablet offers dual microphones with noise-cancellation technology.
The T4000's modular bay is compatible with several optional components, including a DVD-ROM drive, DVD/CD-RW combo drive, multi-format DVD burner, and second battery. With the latter, the tablet can run for up to 8.5 hours, Fujitsu claimed. Other options for the tablet include a Bluetooth radio and a port replicator.
The T4000's security features consist of a Kensington lock slot, dedicated SmartCard slot, and Trusted Platform Module (TPM) -- the latter an embedded security system designed to protect data from unauthorized users.
Fujitsu's standard warranty covers the tablet for one year and includes 24/7 technical support. Optional service plans are available that extend the warranty period, add on-site service, and/or cover screen damage. The T4000 is scheduled to ship on October 21. Pricing will start at $2,019; recommended and custom configurations are available.
Trusted Computing Group Announces Business Community Day at Munich Systems 2004
PORTLAND, Ore. --(Business Wire)-- Oct. 7, 2004 -- Trusted Computing Group Members to Demonstrate Trusted Computing Solutions and Applications for Security, Stand No. 113
The Trusted Computing Group (TCG), whose specifications have been developed to help vendors build products that protect critical data and information, will hold a Business Community Day educational session at the upcoming Systems 2004, Oct. 18-22, New Munich Trade Fair Centre, Munich, Germany.
The TCG Business Community Day will be held on Thursday, Oct. 21, 9:30-15:15 in Hall B4, Room B41. The TCG Business Community Day will be a one-day tutorial and education seminar for developers and IT managers interested in learning more about the TCG and the application of Trusted Computing in the enterprise. Seminar topics include a TCG organization overview, a Trusted Computing technology update, a review of security trends and the European market, security product examples, and a discussion of future applications of Trusted Computing.
This is no charge to attend, but TCG requests pre-registration. To register to attend, please visit the TCG Business Community Day registration page at https://www.trustedcomputinggroup.org/events/tcg_bcd_102104/tcg_bcd_ 102104. (Due to the length of this URL, it may be necessary to copy and paste this hyperlink into your Internet browser's URL address field.) Please note that attendees must be registered for the Systems 2004 conference; registration information is available at http://www.systems-world.de/id/18656. Lunch and refreshments will be provided.
Trusted Computing Group member companies including Infineon, Utimaco, and Wave Systems will host demonstrations of Trusted Computing solutions and applications at the TCG stand (No. 113) at the Systems Conference. TCG members also will present a 15-minute Trusted Computing overview Wednesday, Oct. 20, 14:00 in the Red Forum.
About TCG
TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft.
More information and the organization's specifications are available at the Trusted Computing Group's Web site, www.trustedcomputinggroup.org.
House Passes Bill Imposing Prison Time Over `Spyware'
WASHINGTON (AP)--The U.S. House on Thursday passed the second bill in three
days that would outlaw "spyware," irritating software that quietly monitors
the activities of Internet users.
It would add penalties of up to five years in prison for people convicted of
installing such programs without a computer user's permission.
The bill, known as the "Internet Spyware Prevention Act," passed 415-0. It
would give the Justice Department $10 million to crack down on companies and
others that secretly install spyware and those who attempt to trick victims
into disclosing personal details and financial information in e-mail scams
popularly known as "phishing."
The bill's sponsor, Rep. Bob Goodlatte, R-Va., said such problems were
growing and serious. Offenders under his bill would be sentenced for up to
five years for secretly installing spyware to break into someone's computer
and commiting another federal crime.
Anyone caught installing spyware to change a computer's security settings or
steal a victim's personal information - such as an e-mail address, telephone
number or bank account number - could be sentenced up to two years in prison.
Rep. Zoe Lofgren, D-Calif., said spyware was "quickly becoming one of the
biggest threats to consumers on the Internet." She cited estimates that up to
90% of computers contain some forms of spyware. Lofgren said her daughter was
recently victimized by electronic thieves in a phishing scam, persuading her
in a forged e-mail to disclose personal information.
"Her thumb hit the send button and she thought, 'Oh, my goodness, what have
I done!' We had to call and cancel all the credit cards and the like," Lofgren
said. "This is something that preys upon people."
The House on Tuesday voted 399-1 to pass the "Spy Act," sponsored by Rep.
Mary Bono, R-Calif., which would add hefty civil penalties over the use of
spyware.
Lawmakers were widely expected to combine both proposals for a final vote by
year's end.
The House bill passed Wednesday is H.R. 4661. The related bill approved
Tuesday is H.R. 2929.
Any discussion of this TPM?
I probably missed it
http://www3.gartner.com/DisplayDocument?doc_cd=124280
IBM's ThinkPad Fingerprint Scanner Is Worth a Look
6 October 2004
Martin Reynolds
IBM's fingerprint scanner for its ThinkPad laptop line combines biometric identification with industry-standard security technology. The combination could be effective for widespread enterprise use.
On 4 October 2004, IBM introduced a fingerprint scanner built into the latest model ThinkPad laptop computer, the ThinkPad T42. The scanner is located on the wrist rest, below the arrow keys, and the user swipes a finger across a small, horizontally oriented sensor to log on.
Analysis
The ThinkPad's fingerprint scanner works with IBM's Embedded Security Subsystem, which stores a list of authorized users on a security chip within the scanner. IBM's security system is a form of Trusted Platform Module (TPM), an industry standard.
Fingerprint readers have appeared in notebooks before. However, IBM’s combination of a fingerprint reader and a TPM is effective. The TPM authenticates the machine and provides secure storage for keys, while the fingerprint reader authenticates the user. If implemented properly, these authentication technologies provide the necessary hardware foundation for security by protecting machine access, local storage, networking and passwords. A password vault application enables strong passwords for Web applications, because the user can use his or her fingerprint, as well as a personal identification number, to release complex passwords from the password vault to the Web site. This combination can also secure boot access and lock out access to the hard drive until the TPM validates the correct fingerprint. The TPM can then unlock the hard drive with a strong key, rather than a simple password.
Recommendations for enterprise PC buyers: Evaluate the IBM system if you are concerned about user authentication. But consider usability issues, as well as potential Windows PC security flaws.
Analytical Source: Martin Reynolds, Gartner Research
OT: barge
I wonder if the subject Janus will come up??
http://www.tmcnet.com/usubmit/2004/Oct/1080300.htm
yaya,
My IT dept ran some diagnostics on my computer and between bugs, spyware, and viruses got 197 hits.
What will it take to wake up the enterprise sector???
Ballmer part 3
What is the focus with Xbox?
"[It's got huge market share] It's not making money but that's our problem. If you take a look at market share we're neck and neck with Sony in the US and neck and neck or ahead in the UK. But we're nowhere in Japan."
Are you seeing an upturn in IT budgets and investment?
"Starting in 1998 IT budgets got ramped up for Y2K and then the Internet bubble. Then there was a two-and-a-half year drying out period. We're now in a stable place. IT directors are making good cost/benefit trade-offs. We're seeing good levels of investment in corporate IT. We see lots of growth in the enterprise server software market."
How do you see the threat to your licensing and pricing policy from Linux, piracy, price erosion and selling cheaper versions of cut-down Windows in some developing countries?
"[On the Hindi version of Windows] If we get paid for anything we raise our price. There is no price erosion. Our price in China is exactly the same in the UK. We offer a good product, good value, good price and good total cost. This [cheap version] is designed for poor people in poor countries. Today most people are paying less in emerging markets than in the UK. Why? Because most people pirate."
How much does Microsoft lose to piracy?
"$6bn to $8bn in sales. China alone is multibillions. IP rights are not well enforced. Yes it bothers me. All developed countries should be concerned we have an imbalance here. It's a big issue."
Is Linux more of a marketing than a technology problem?
"Sometimes there is also a political dynamic. Unlike every other competition we've ever been in we were quiet and shy with the facts. Two years ago we were grappling with this mysterious competitor. It feels more like a normal competition nowadays."
Is Linux your number one competitor?
"What is the number one competitor to Windows these days? It's Linux. By numbers we are winning and we have gained market share in the server space -- although so has Linux. People are starting to realise free is not free. This stuff does not have low total cost of ownership. We know what we're doing. We'll continue to gain ground."
Are you disappointed with the delays to Longhorn and will the phased rollout of some features slow down adoption as people wait for the full version?
"Longhorn has a schedule now and it will ship in 2006. If we'd never announced that we will conceptualise it people would still say it’s the biggest best Windows we've ever released. We'll get early adopters and some people will wait."
What are your thoughts on the decision not to buy SAP and are acquisitions still on the agenda?
"Ultimately we did decide to pass. It's funny because we were pretty good on confidentiality on that deal and the world really wouldn't have known about it if it hadn't have been for the Oracle PeopleSoft case. We're always looking at acquisitions but we don't have cash earmarked for acquisitions. Almost all of those [big deals] are done for stock anyway. We'll return the $75bn to shareholders and if we can return even more we will."
Ballmer/DRM
Q: Doesn't the EC case represent a threat to Microsoft's very business case by potentially restricting your ability to enter new markets by shipping products with Windows?
A: "I don't think there's anything in the case with the EC that discusses our entry into new markets. This was resolved in a satisfactory way in the US. We'll wind up with some kind of a framework. There is competition and there’s always been competition. Maybe it’s easier to understand that today than it was a couple of years ago. [On the appeal to have the EC Media Player sanctions suspended] I don't have much to add beyond what we said in court."
Q: How much progress do you think you have made with the Trustworthy Computing security programme?
"We'll be working on Trustworthy Computing for the rest of my days at Microsoft, which I hope are many. There are bad people out there in cyberspace and they are not going to go away. We are going to have to be vigilant. That's going to last for the duration. The bad guys only have to be right one time and we have to try to be right every time. We have made three years [worth] of progress, if not more. It's not like five or six years ago viruses didn't exist. More damage has been done in other periods of time [than today]. The last 12 months was a better 12 months by a margin. I do believe in the next two to three years we will get good enough and customers' practice of implementation will get good enough."
What about security for all the customers not on XP?
"We can never say to people the answer is to get the most recent version. That's why we talk about the need for isolation. We need to have ways of isolating those systems -- that's some of what we've done with XP SP2. In corporates the number one way people get viruses is in fact with machines that are on their networks sometime and off the network other times. How do you check before you re-introduce someone to the network? Do I want to make sure they have all the patches implemented? It's a form of isolation. [we hope to have it in Windows] certainly by Longhorn but the goal is before Longhorn."
Does the rise in popularity of other browsers such as Firefox and Mozilla reflect user dissatisfaction with the lack of innovation in IE in recent years?
"The focus on security has pushed back some of the innovations. Windows XP Service Pack 2 (SP2) has pushed things out, but in fact SP2 really was a major browser release. It's a funny thing for me to have to defend our strategy. Usually we're saying, 'We¹ve got all this stuff in terms of new features,' and people are saying, 'What about security?'…Do I know that there is list of features as long as your arm that people would like? Sure. But we had to focus on security and reliability."
What are your plans for anti-spam technology now that Sender ID has been knocked back by the rest of the industry?
"We think that technology is a very good technology. We think we're very open in the way we tried to licence the technology, and we were rebuffed. We're doing a little bit of re-thinking but the technology and the way we've done it, we still think is spot on."
Ballmer opens up on Microsoft's future
Michael Parsons, ZDNet UK and Andy McCue, silicon.com
ZDNet UK
October 05, 2004, 16:55 BST
http://insight.zdnet.co.uk/software/0,39020463,39169018-1,00.htm
What is Windows' strongest competitor? Will Microsoft expand successfully beyond the PC? Find out what Steve Ballmer thinks
Microsoft chief executive Steve Ballmer hosted a Q&A session for a handful of UK journalists in London on Sunday and ZDNet UK and sister site silicon.com were there. Ballmer opened the session with his thoughts on the future of Microsoft and the software industry.
"I have a fundamental optimism about the future of information technology and the role Microsoft will play in that future," he said. "The two big drivers are Moore's Law and innovation in software -- which is where we come in. I see integrated devices going to many more people. The number of smartphones sold is relatively small -- that number will grow."
On new markets and products he said: "When we're not first our goal is to be the first to get it really right and if not the first two then the first to make any money off it. We have good competition, we're getting back to a rational environment and we have settled many of our legal issues around the world. We trust that [the EC case] will resolve itself."
Below is a summary of the main topics covered in the Q&A including Ballmer's views on Linux and the never-ending security battle.
Q: Doesn't the EC case represent a threat to Microsoft's very business case by potentially restricting your ability to enter new markets by shipping products with Windows?
A: "I don't think there's anything in the case with the EC that discusses our entry into new markets. This was resolved in a satisfactory way in the US. We'll wind up with some kind of a framework. There is competition and there’s always been competition. Maybe it’s easier to understand that today than it was a couple of years ago. [On the appeal to have the EC Media Player sanctions suspended] I don't have much to add beyond what we said in court."
Q: How much progress do you think you have made with the Trustworthy Computing security programme?
"We'll be working on Trustworthy Computing for the rest of my days at Microsoft, which I hope are many. There are bad people out there in cyberspace and they are not going to go away. We are going to have to be vigilant. That's going to last for the duration. The bad guys only have to be right one time and we have to try to be right every time. We have made three years [worth] of progress, if not more. It's not like five or six years ago viruses didn't exist. More damage has been done in other periods of time [than today]. The last 12 months was a better 12 months by a margin. I do believe in the next two to three years we will get good enough and customers' practice of implementation will get good enough."
What about security for all the customers not on XP?
"We can never say to people the answer is to get the most recent version. That's why we talk about the need for isolation. We need to have ways of isolating those systems -- that's some of what we've done with XP SP2. In corporates the number one way people get viruses is in fact with machines that are on their networks sometime and off the network other times. How do you check before you re-introduce someone to the network? Do I want to make sure they have all the patches implemented? It's a form of isolation. [we hope to have it in Windows] certainly by Longhorn but the goal is before Longhorn."
Does the rise in popularity of other browsers such as Firefox and Mozilla reflect user dissatisfaction with the lack of innovation in IE in recent years?
"The focus on security has pushed back some of the innovations. Windows XP Service Pack 2 (SP2) has pushed things out, but in fact SP2 really was a major browser release. It's a funny thing for me to have to defend our strategy. Usually we're saying, 'We¹ve got all this stuff in terms of new features,' and people are saying, 'What about security?'…Do I know that there is list of features as long as your arm that people would like? Sure. But we had to focus on security and reliability."
What are your plans for anti-spam technology now that Sender ID has been knocked back by the rest of the industry?
"We think that technology is a very good technology. We think we're very open in the way we tried to licence the technology, and we were rebuffed. We're doing a little bit of re-thinking but the technology and the way we've done it, we still think is spot on."
Doma,
I hadn't seen that before. Thanks. What do you make of this
recent FINREAD announcement?:
Embedded FINREAD mobile in Deauville
October 5th 2004
Cartes Bancaires is exhibiting the France Télécom 'Embedded FINREAD' mobile phone demonstration at the Deauville "RSI Normandie" Trade Show and Conference.
This demonstration will combine a France Télécom R&D server with a Sagem FINREAD mobile phone. It achieves an electronic signature on an insurance contract, in order to authenticate modifications performed via the Internet.
This Embedded FINREAD feature is based on a Java-MIDP secure application and a France Télécom R&D server.
This demo will be accompanied by the presentation of the CB solutions for 3-D Secure that will be explained by Cartes Bancaires staff as well.
One of them should rely on a FINREAD reader authentication in a near future
HJ:
http://www.wave.com/news/press_archive/04/040722_ARM.html
Wave Systems Corp. (NASDAQ:WAVX), a leading supplier of trusted computing products and solutions, today announced it has joined the ARM® Connected Community. As part of the ARM Connected Community, Wave will gain access to a full range of resources to help it market innovative solutions associated with the new ARM TrustZone™ technology that will enable developers to get their ARM Powered® products to market faster.
“As evidenced with the creation of the Trusted Computing Group (TCG), hardware-based security is becoming increasingly important in devices ranging from personal computers to cell phones to PDAs,” said Lark Allen, executive vice president, Wave Systems. “ARM TrustZone technology, including the recently announced software support from Trusted Logic, provides a robust trusted environment which will enable both current and new trusted computing applications to execute on a single processor. Wave's EMBASSY® technologies, including support for the open specifications of the TCG, provide the opportunity to work with ARM and its Partners to develop advanced trusted computing applications and services for these new trusted platforms.”
“By joining the ARM Connected Community, which now comprises more than 250 companies, Wave Systems increases the large portfolio of skills, products and services that are centered around the ARM architecture, and currently available to developers worldwide,” said Mary Inglis, director of Software & Alliance Marketing for ARM.
ARM and Trusted Logic Announce
Evaluation Version of Security Software for Microsoft Windows CE 5.0
http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/09-30-2004/0002262394&....
Thursday September 30, 2:19 pm ET
Trusted Logic software is available to developers for the first time, enabling increased electronic transaction security for ARM Powered consumer devices
REDMOND, Wash. and CAMBRIDGE, England, Sept. 30 /PRNewswire-FirstCall/ -- ARM [(LSE: ARM - News; Nasdaq: ARMHY - News)] and Trusted Logic announced at the third annual Microsoft and ARM Executive Summit, the evaluation version of the Trusted Logic Security Module for Microsoft Windows CE 5.0, which is optimized for ARM® TrustZone(TM) technology. This new evaluation software means that for the first time, developers of Windows CE 5.0 can use Trusted Logic software to increase electronic transaction security in ARM Powered® devices.
The Windows CE 5.0 evaluation version of the Security Module, coupled with the ARM TrustZone technology, will provide consumers with a more secure environment for electronic transactions such as mobile banking, e-commerce and digital rights management. This security can be designed into ARM Powered consumer devices such as mobile phones, payment terminals, and set-top boxes.
"This solution is an excellent example of how the close level of technical collaboration between Microsoft and ARM is resulting in innovative software," said Jonas Hasselberg, Group product manager, Mobile and Embedded Devices Division at Microsoft. "Trusted Logic's Security Module, when used with ARM TrustZone technology will provide improved performance and increased security for devices running Windows CE 5.0."
"Making mobile devices more secure is critical to the success of next- generation mobile applications. In turn, these mobile applications are a vital revenue stream for operators who need to have their investments bear fruit," said Dominique Bolignano, president and CEO, Trusted Logic. "Now that our Security Module will be available to Windows CE developers, they will soon realize some of the benefits of TrustZone technology, which will provide operators and handset OEMs with portable, interoperable and certifiable security."
The Security Module implements the TrustZone APIs to enable smooth evolution and compatibility with future versions of the software running on ARM TrustZone technology-enabled processors. The software is part of a portfolio of embedded security products offered by ARM and developed under a recently announced agreement between Trusted Logic and ARM. The new software will protect against common attacks and frauds such as mobile phone security codes being overwritten, and will provide consumers with a secure environment for mobile banking, e-commerce, and digital rights management in mobile phones, payment terminals and set-top boxes.
"The buzz around the third annual Microsoft and ARM Executive Summit is a testament to the fact that both parties are fully committed to a future working hand-in-glove, which is reflected in the fact that ARM is one of the leading architectures for Windows CE-based devices," said Mary Inglis, director, OS & Alliances, ARM. "Windows CE developers can now use the Security Module implementing the TrustZone APIs to design an environment which can accelerate the growth of m-commerce, while reaping benefits like reduced time- to-market benefits of a consistent cross-platform framework."
Availability
The new evaluation version of the TrustZone technology-compatible Security Module will be available in Q4 2004; its commercial release will be in Q1 2005. The Security Module is available for licensing exclusively from ARM now.
RSA throws weight behind OMA DRM
http://www.cbronline.com/article_news.asp?guid=6C75607E-6C8A-465F-8319-44E33719D1E1
RSA Security Inc is to push adoption of digital rights management standards from the Open Mobile Alliance by releasing a set of DRM products in January, the company said yesterday.
29 Sep 2004, 09:37 GMT -
The company said it will release DRM products compatible with OMA's DRM 2.0, finalized over the summer, and the Open Digital Rights Language 1.1. RSA's BSAFE, ClearTrust and Keon developer toolkits will support the specs.
The idea is to drive support for the standards in mobile and PC-based content services by using the concept of rights "domains", where a consumer can have the right to use content across an array of devices under the same license.
RSA director of product management Michael Vergara said that companies such as Apple Inc, with its iTunes service, have demonstrated DRM can work in a consumer scenario, but that there are increasing interoperability frustrations.
"We see this as a problem," Vergara said. "We think the solution is to have a more standards-based approach, and decouple the technology from the business model."
In recent months, the DRM interoperability problem made headlines when RealNetworks Inc escalated its ongoing feud with Apple by reverse-engineering Apple's proprietary Fairplay DRM to permit songs bought from RealNetworks to run on the iPod.
Of the other major players in the market, Microsoft and Time Warner Inc (owner of America Online) are seeking approval for their acquisition of ContentGuard Inc, which has control over a number of DRM technologies.
ContentGuard is home to eXtensible Rights Markup Language (XrML), which is already used by Microsoft, The MPEG standard Rights Expression Language (REL) is based on XrML, and is a comparable to ODRL
OT: Industry group seeks to link DoD networks
By George Leopold
EE Times
Sep 28, 2004
WASHINGTON — A consortium of 28 aerospace and IT companies unveiled an initiative on Tuesday (Sept. 28) aimed at developing a common networking architecture that would link military and homeland security users and a range of sensor systems to an interoperable, global network.
The Network Centric Operations Industry Consortium is a response to Defense Department transformation efforts aimed at linking its forces around the world. Consortium members said military officials requested their help in developing the interoperable network. The effort also builds on past efforts to link, or fuse, military sensors and data. Those efforts have taken on greater urgency as Pentagon leaders seek to transform U.S. military operations. A key element is network-centric military operations.
"The companies are working together to enable network-centric operations," said Oracle's Gary O'Shaugnessy.
Systems connected to the proposed interoperable network would operate as nodes on a common, secure network, added Carl O'Berry, an executive of Boeing Corp. Current networks do not allow information sharing.
A 1996 effort in Bosnia called the Command and Control Augmentation System served as a prototype for what military planners are seeking. The "publish and subscribe system" provided an encrypted bit stream of intelligence data at 30 Mbits/s. The network-centric initiative would build on these earlier networking programs, according to Paul Kaminski, a former DoD acquisition chief who is serving as an advisor to the industry consortium.
O'Shaughnessy said the consortium will define and deploy a set of guidelines based on open standards that would permit most systems and types of information to interoperate on the global network. The group is working to enable network-centric operations using emerging network standards, the Oracle executive added.
Discussion aimed at forming the group began last November, and formal meetings began last month. Initial talks are focusing on collaborating on standards development and developing "common semantics," executives said. So far, the group has established no implementation plan for delivering its blueprint for a common network architecture.
"We're committed to finding a way forward," one consortium member said.
The group will also seek to apply industry standards to DoD's existing network reference models and sensor systems. In the past, there has been little interoperability among networks operated by different military services, making it difficult to share battlefield information. "We will try to fill those gaps," a consortium executive said.
Among the consortium's other members are Cisco Systems, Ericsson, Hewlett-Packard Co., IBM Corp., Microsoft Corp. and Sun Microsystems.
IT Security Adoption Will Intensify
across industries in Asia/Pacific excluding Japan in The Next 5 years, says IDC
27 Sep 2004
http://www.snpx.com/cgi-bin/news5.cgi?target=www.newsnow.co.uk/cgi/NGoto/71224023?-2622
Singapore, 27 September, 2004 - A recent IDC report "Asia/Pacific Security and Business Continuity Services by Vertical Industry" (Doc #AP223105L) shows that enterprises across various industries in Asia/Pacific excluding Japan (APEJ) are increasingly valuing the importance of IT security as enterprises perceive security to be a necessity and a centerpiece of their business continuity plans. IDC's Continuum Survey shows that an average of about 50% of enterprises in APEJ have deployed at least some sort of IT security. The range of investments and involvement fluctuate widely, ranging from low cost purchases of pirated antivirus products up to multi-million-dollar security implementations. One consistent trend, though, is that companies which have previous security breaches have made security a top priority for their organization.
Among the array of IT solutions such as ERM, CRM, SCM, BI, security, storage, and wireless connectivity, security solutions has been ranked as the second most strategically important in the region after ERM. "In APEJ, security investment comes primarily from large and dominant industries such as financial, telecommunications and government," says Jessie Yu, Associate Market Analyst, IDC Asia/Pacific Security and Business Continuity Services. "The common characteristics of the above sectors are their data-sensitive business nature and their reliance on the "always on" network connectivity, where any downtime or security breach would induce detrimental consequences."
Level of security adoption among different industries in Asia/Pacific, 2004
Source: IDC, 2004
IDC's Continuum Survey also shows that most Asian enterprises take the day-to-day running of their communication networks and business continuity plans for granted. The survey shows that a surprising 29% of public agencies do not have any business continuity plans in place, although they are aware that the loss of public information and the collapse of business controls could lead to irreversible adversities –such as loss of trust and reputation in front of the public. However, the extent of security deployment varies between industries, depending on the business nature of each industry. IDC estimates a strong 22% compound annual growth rate (CAGR) in 2003-2008 for the APEJ security services market, but vendors still need to understand the market both vertically and geographically in order to exploit opportunities and gain market share.
secure_observ
wavxjr may have misunderstood since ITSS doesn't have a share price:
Internet Security (NASDAQ: ISSX )
Internet Security Systems, Inc.. The Group's principal activities are to provide security management solutions for protecting digital assets and network security monitoring, detection and response software for protecting the security and integrity of enterprise information systems. The Group also provides comprehensive managed security services for organizations to develop an in-house information security solution. The Group's customers include public and private sector organizations. The Group provides security management solutions in the United States, Canada, Latin America, Europe, Middle East, Africa and Asia/Pacific Rim. As of December 31, 2003, the Group had more than 11,000 business customers and maintained operations in 22 countries. On 14-Jan-2004, the Group acquired Cobion AG.
Did anyone else see a $1 bid @ the close? e/
2004 e-Financial WorldExpo
November 18 & 19, 2004
National Trade Centre at Exhibition Place, Toronto, Canada
--------------------------------------------------------------------------------
David Grawrock
Principal Engineer Security Architect, Intel
Trusted Computing: Opportunities and Challenges
IT managers have searched for years for more effective ways to secure confidential corporate data. Trusted Computing has emerged as one potential option. This hardware-based security initiative starts with the Trusted Platform Module silicon embedded in a PC or other device motherboard, to securely store data, authenticate users and perform other functions. Applications on top of the TPM then allow IT managers to set varying security levels, control applications and perform other administrative functions. However, as with most security schemes, issues of privacy, owner control and usability emerge. What is the status of the Trusted Computing initiative? What issues is it addressing specifically, and how will it impact IT planning and administration? David Grawrock, lead author of the Trusted Platform Module specification and Intel researcher, will address these issues. Grawrock also will briefly review the Trusted Platform Module features and applications.
thanks boom
I was a bit hesitant to post the link, but I seemed to recall something about internet TV and Wavexpress being kicked around here a few weeks ago.
OT:BT in talks to enter pay-per-view TV market
http://www.computer-business-review.com/article_news.asp?guid=D68B812C-5D01-413E-BB4C-3BEF7407E3D1
BT Group Plc, the former telecoms incumbent in the UK, continues to examine alternative strategies to offset the decline in its traditional fixed-line business, with the news that it is in advanced discussions with UK-based television content providers, including the BBC, ITV, and Sky.
22 Sep 2004, 09:24 GMT -
The talks are centering on BT securing the rights to offer its broadband consumers popular TV programs over its high-speed internet connections. This is part of BT's move into so called "new wave services", as the telecoms operator searches for a major growth engine to make up for the lack of a mobile phone unit, which most of its European competitors such as France Telecoms SA (with Orange) and Deutsche Telekom AG (with T-Mobile) enjoy.
After a very slow start in rolling out broadband access in the United Kingdom, BT's roll-out is now nearing completion, and the carrier hopes that by offering a range of value-added services including pay-per-view TV and VoIP, it can carve itself a dominant position in the emerging "triple play" market of video, internet access, and voice telephony.
BT has apparently been in discussions with the makers of Freeview boxes (a digital TV box that allows users to view 30 or more free digital TV stations in the UK). In the UK at the moment, some 3.9 million homes now have Freeview boxes.
BT is looking to develop a branded set-top box that will connect its broadband services to TV sets. This will allow it to offer a video-on-demand system through a broadband phone line.
Trials of the system are due to start with a few hundred customers this week, and BT hopes to have a full commercial launch of the service in the summer of 2005.
go-kite
yep, I know. It is interesting, to me at least, to follow the progress of some of our partners.
goinup
EMBASSY is still alive, but aimed at the peripherals, such as smart card readers, not the smart cards themselves. Wave will be presenting for the TCG at the Smart Card Alliance annual meeting in October, and highlighting the complementary nature of both platform security and smart cards.
Unfortunately, the IBM related activities mentioned in the article are strictly aimed at smart cards, and in general these organizations are not connected with TCG or the
platform security related items.
Speaking of FINREAD, one of our partners, Trusted Logic, was recently mentioned on the FINREAD website:
Based on Gemplus and Trusted Logic technologies, the GemCore Secure Platform has successfully passed the FINREAD 'D10' compliance tests.
This highly secure and interoperable Jeff (Java language compliant) architecture targeting EAL4 and EMV level 1&2 compliance will be the core of the new high end GemCore offer proposed by Gemplus.
This GemCore solution is dedicated for integration into all secure applications devices such as e-payment, network access control, home banking and more.
This cost efficient technology targets any secure devices such as pin pads, set-top boxes, PC readers, keyboards, handheld and Internet devices. Extensions are also available for fingerprint, contact-less and magnetic stripe interfaces.
OT: IBM and Smartcards
http://www.smartcardalliance.org/newsletter/september_04/mempro_0904.html
What role does smart card technology play in supporting IBM's products and services?
As the demand for smart card solutions escalates across industries, IBM Global Services increasingly is playing the roles of smart card consultants and system integrators. We also are heavily involved in smart card application development and security architectures. We have the unique advantage of industry expertise in our consulting arm, and the enormous depth of our research team, who are improving the security of card operating systems, developing tools to simplify the development of card applications, and working directly with standards organizations. IBM developers in Research and other areas of the business have numerous patents awarded over the past 24 years, many directly related to smart card technology. In addition, IBM's software group owns and licenses chip operating systems to smart card industry suppliers. Today, our JCOP (Java Card) and MFC OS (Multi Function Card OS) versions are branded under the IBM WebSphere name and licensed by several silicon manufacturers.
What do you see are the key drivers for smart card technology in the market?
Security, security, security - for access control, authentication, identification and payments. Contactless smart cards are also coming into their own and will grow because they can directly address the cardholder's concern for privacy and be implemented with minimal infrastructure upgrades. Because of the contactless smart card's additional attributes, the value proposition is extended to all stakeholders ... issuer, acceptor, and cardholder. Consumers are getting so sophisticated about security and privacy - as they should - and we have the answers in smart card technology.
What trends do you see developing in the market that IBM hopes to capitalize on?
We see smart cards, in all form factors, starting to solve real problems. Look at the problem of identity theft for example. It is not just my concern as a consumer. Bankers, retailers, civil servants, doctors, insurers, and first responders, all have a financial and/or liability stake in the problem that needs to be resolved. Access control to top-secret facilities, dangerous chemicals, and explosives is crucial - we're living in a world where heightened security is critical.
What obstacles to growth do you see that must be overcome to capitalize on these opportunities?
The establishment of ubiquitous standards which resolve interoperability issues and allow the widespread deployment of an acceptance infrastructure. For example, in some organizations that use smart cards today, we still see someone walking down the hall wearing a "necklace of cards." Reducing that necklace of cards down to a manageable few requires new standards at the application interface level (for example, in presenting userids and passwords), business agreements and risk models on sharing computing resources, and security assurances about the cards themselves.
What do you see are the key opportunities and issues for systems integration in the smart card systems being deployed now?
We believe the business issues or problems are geographically driven by each industry sector. For example, the problem of bank card fraud is addressed by the EMV technology migration in countries where the bank card associations have recognized and mandated the need for change. The issues of fraud, national security and identity theft are three big drivers that span geographic boundaries and industry sectors. The smart card technologies which can help address those problems are mature in 2004 and become the core business of successful systems integrators.
How do you see your involvement in the Alliance helping IBM become successful?
The Smart Card Alliance provides a forum for all of us involved in the sector to actually collaborate on the resolution of larger industry problems. It both sharpens our focus on specific technologies and gives us a unique chance to view the bigger picture where smart card technologies are converging. I like the example of convergence in the payment and transit sectors, with industry-standard contactless payments being processed and cleared within the existing payment processing networks.
What's ahead for IBM?
Continued melding of industry expertise and Research and close collaboration with customers, partners, and the Alliance. We have tremendous smart card talent and experience at IBM, but it's collaboration that will move this important technology forward.
New model from IBM?:
http://www-306.ibm.com/common/ssi/rep_ca/0/897/ENUS104-340/ENUS104-340.PDF
Check out the description of the EMbedded Security Subsystem on pages 2 and 3.
greg, re: $6000 quarter
Did you forget or did you not read unclever's transcript?
One of the challenges we have, and I think last quarter helped us reflect on it, we booked more business than we can show as revenue. And yet there were contracts that we thought would apply to revenue would have made our $6,000 number look better, we’re taking a very conservative approach to booking that, which I think is absolutely appropriate for a company of our size and at this scale in our development.
Wave Systems Gets Delisting Notice From Nasdaq
http://biz.yahoo.com/e/040920/wavx8-k.html
Form 8-K for WAVE SYSTEMS CORP
--------------------------------------------------------------------------------
20-Sep-2004
Notice of Delisting or Transfer
Item 3.01 Notice of Delisting or Failure to Satisfy a Continued Listing Rule or Standard; Transfer of Listing.
On September 14, 2004, Wave Systems Corp. received notification from The Nasdaq Stock Market indicating that for the last 30 consecutive business days, the bid price of Wave's common stock has closed below the minimum $1.00 per share requirement for continued inclusion under Marketplace Rule 4450(b)(4). The Nasdaq notice indicated that in accordance with Marketplace Rule 4450(e)(2), Wave will be provided 180 calendar days, or until March 14, 2005, to regain compliance by having its shares close above $1.00 for a minimum of 10 consecutive trading days. The Nasdaq notice further provided that, if Wave's shares have not regained compliance during this period, but otherwise meet the applicable initial listing requirements, Wave may qualify for a second 180 day compliance period. Thereafter, if Wave has not regained compliance by July 26, 2005, Nasdaq will issue a letter notifying Wave of its continued non-compliance, the pending expiration of the compliance period, and its right to request a hearing. If Wave does not regain compliance by March 14, 2005 and is not eligible for an additional compliance period, Nasdaq will provide written notification that Wave's common stock will be delisted or moved to The Nasdaq SmallCap Market. At that time, Wave may appeal the determination to delist its securities to a Listings Qualifications Panel.
Wave has determined that no specific action is warranted at this time.
--------------------------------------------------------------------------------
OT: (given today's discussion)
http://au.news.yahoo.com/040915/11/qsry.html
FCC Chief Pushes TV Via High-Speed Internet Lines
WASHINGTON (Reuters) - U.S. Federal Communications Commission Chairman Michael Powell on Wednesday said technology and telecommunications companies are racing to develop ways to pipe television shows into consumers' homes via high-speed Internet lines.
Telephone companies like SBC Communications Inc. are trying to fend off mounting competition from cable television companies that are able to offer consumers a bundled package of products, including phone and Internet service.
"Almost every major phone company I'm aware of has an initiative underway to begin to try to plug the hole with partnerships with satellite-delivered video but what they're really working on is broadband-delivered IP (Internet protocol) television," Powell told reporters.
"That's a major component that's moving fast," he said. Powell noted that TiVo Inc., famous for its digital television recorders, was joining up with online DVD renter Netflix Inc. to offer movies to a home via high-speed Internet, or broadband, lines.
Powell said it was unclear what regulatory obligations such as serving the public interest would apply to television via the Internet, if any.
Separately, the FCC chief said the agency would likely resolve numerous complaints about indecency on television and radio by the end of the month because of time limits on such grievances.
In another sign that television via the Internet was gaining traction, Verizon Communications, the biggest U.S. local telephone company, on Wednesday appointed a new executive to manage entertainment content and marketing, Terry Denson, formerly of Insight Communications.
Verizon is rolling out high-capacity fiber-optic lines that can carry huge loads of data, with the goal of passing 1 million homes by the end of this year and another 2 million homes in 2005.
"His experience with Insight, MTV and ABC rounds out our capability to compete powerfully over our broadband services," said Marilyn O'Connell, Verizon senior vice president of broadband solutions.
Already Qwest Communications International Inc. operates a small IP television service in Arizona and the other three big local telephone companies are ramping up their efforts, as well.
All four carriers already resell satellite television services from DirecTV Group Inc. and EchoStar Communications Corp. as part of their voice and Internet packages.
(Dow Jones) Corporate spending on computer-security technology appears
to be slowing, and government spending on information security has flatlined,
says Wedbush Morgan analyst Kevin Trosian, who cites a new survey from
PricewaterhouseCoopers and CIO Magazine, along with his own market research.
The cost-conscious are looking for easy product integration, which Trosian
thinks will benefit companies like Symantec (SYMC), McAfee (MFE) and Check
Point (CHKP). He also thinks there's a spending shift toward internal
corporate security and away from the heavy "perimeter" security of the past.
Beneficiaries here include RSA Security (RSAS), Websense (WBSN) and Netegrity
(NETE). (RTR)
New TCG page
https://www.trustedcomputinggroup.org/about/faq/
Interesting that the response to TCG and DRM is highlighted in blue.
From IDF
TPMs are highlighted:
http://www.extremetech.com/slideshow_viewer/0,2393,l=135027&s=25522&a=135039&po=20,00.as...
Here's the complete slideshow:
http://www.extremetech.com/slideshow/0,2394,l=135027&pg=0&s=25522&a=135039,00.asp
Smart card use grows
BY Aliya Sternstein
http://www.fcw.com/fcw/articles/2004/0906/web-smart-09-10-04.asp
Federal agencies are moving toward large-scale adoption of smart cards for identification, according to the latest survey from the Government Accountability Office.
"We're seeing a trend toward larger, agencywide smart card projects," said John de Ferrari, GAO's assistant director of information management issues. "Since we reported in 2003, about half of [the ongoing projects] have been terminated. Many of them were pilot projects or they were specific projects in small agencies, offices or divisions."
GAO auditors said that agencies have added 10 projects since the 2003 survey, which tracked 52 smart card programs. In the report released this week, seven large agencies still do not have smart card projects, including the Department of Housing and Urban Development, the Energy Department, the National Science Foundation and the Small Business Administration.
The survey was prepared for the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee.
Smart cards are credit card-size plastic devices that contain a computer chip capable of exchanging data with other systems and processing information. Unlike debit and credit cards, smart cards do not use strips, which can be deleted or changed. And smart cards have so-called three-factor authentication, a system requiring users to present a smart card, enter a password and verify a biometric scan.
Newer cards can accommodate 64K, enabling users to track itineraries, link to medical records or store cash. Notably, the Washington Metropolitan Area Transit Authority uses smart cards for fares and parking fees.
Between December 2004 and December 2008, officials at five agencies -NASA, the Defense Department, the Homeland Security Department, the Interior Department and the Department of Veterans Affairs — are planning to make an aggregated purchase of up to 40 million cards through a GSA contract. One of the largest agencywide efforts is DHS' identification and credentialing project. DHS officials plan to issue 250,000 cards to employees and contractors for three-factor" authentication.
Sounds like attestation..............
http://www.mit-kmi.com/articles.cfm?DocID=593
Q: How is the Army Knowledge Online (AKO) portal performing, and how is it supporting transformation from the cultural, technological and enterprise levels?
A: We are extremely pleased with how AKO has evolved. There’s an AKO unclassified side, the NIPRnet side, and the SIPRnet side, which is secret. That has evolved very quickly. We now have 1.69 million accounts on it, and we get log-ins from around the world. About 49 percent of the active Army logs into AKO every week—49 percent of the active Army, much of which is deployed around the world. Last week, we also had about 3 million instant messages. 740,000 users have downloaded over 15.9 million documents. So we’re very pleased where AKO is today. On the SIPRnet side, AKO is very heavily used by the intelligence community and the operations community.
We are now moving into the next generation of where portals should be. Beginning this fall, when you log onto AKO, not only will it know who you are, but it also will know what your role in life is. If you log in as a specialist in a particular area of a certain grade, the information presented to you will be tailored to you alone. Some of that’s done today.
When I log in today, it already tells me whether I need a flu shot or if my physical is up to date. That’s going to be greatly expanded. If you have something that affects your specialty, it will come up for you. It will also allow us to ensure that you do not get information that you should not have. You won’t have access to information that is sensitive or that you don’t have a need to know.
I’m very pleased with our progress so far. We’re also working with the other services to link their portals together. We’re just beginning that process, and once we get the role base done in the Army, it will enable us to have a much tighter relationship with the other portals.