Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
The Future of the Internet
One year ago, almost to the day, Samuel Palmisano, the chief executive of IBM, delivered a speech in New York that sketched his company's vision of the future of computing, which he called "on-demand computing."
.
On Monday in Los Angeles, Bill Gates, the chairman of the Microsoft, was set to present his company's notion of where things are headed, which the software maker calls "seamless computing."
.
Behind the marketing shorthand is a kind of war of ideas over what can be thought of as "the Internet, Act II," a technological evolution that has been gathering pace. The next-generation development of the Internet has been helped by the continuing and remarkable progress in hardware. But probably more important has been the embrace of a set of software standards - rendered in a nerdy alphabet soup of acronyms, like XML, SOAP, WSDL, UDDI and so on - that open the door to widespread machine-to-machine communication across the Internet.
.
Over the past couple of years, IBM and Microsoft have cooperated closely to reach agreement on the software standards, known as Web services, necessary for this next step. The two companies, however, agree on little else.
.
The Internet, Act I, was mainly about e-mail programs and downloading digital information to look at or listen to - Web pages, animations, video and music. Act II should bring all kinds of automated transactions among businesses and individuals. And those transactions will be able to include a hint of computer-aided intelligence.
.
An example could be arranging an appointment with your dentist. Your calendar information, with stated time preferences and availability, exchanges data with your dentist's calendar to automatically set up an appointment. Similarly, companies should someday be able to conduct computer-automated auctions with suppliers.
.
The next-generation Internet can be thought of as the beginning of what researchers have said might be possible with software agents, or bots, performing as human assistants.
.
Many companies, including Hewlett-Packard, Oracle and Sun Microsystems, have their strategies and marketing campaigns for pursuing this next stage of computing. But IBM and Microsoft are the two with the greatest influence.
.
The Microsoft vision centers on the individual and technology tools, foreseeing a kind of rerun of the personal computer revolution in the Internet era. International Business Machines sees the computing evolution as helping free companies from the previous constraints of technology so they can focus more on using technology to streamline business processes and seek new markets than on the hardware and software itself.
.
One implication, IBM says, is that companies need not have so much internal technology. Instead, they can buy computing and technology services from outside suppliers like IBM, almost as if are dealing with a utility, paying only for what they use, on demand.
.
Their separate paths provide plenty of grist for debate. Microsoft portrays the IBM strategy as trying to exploit a post-bubble loss of enthusiasm for technology and persuade companies to hand over their computing chores to IBM. But when technology goes out the door, Microsoft insists, so do opportunities.
.
"IBM is talking about taking all the things we do now and outsourcing it," Gates said last week. "The utility model suggests that it is not about empowerment."
.
Microsoft executives compare the first stage of the Internet to the mainframe era, with the Web server computer the equivalent of the mainframe and the browser as the equivalent of the simple, "dumb" terminal of the mainframe days.
.
The personal computer, they say, brought an explosion of creativity and opportunity as millions of people began using computers and programming themselves. Some were professionals, they note, but many others were ordinary people using the simple programming tools in a spreadsheet, for example, to simulate and test new ideas for a business.
.
The next stage of computing, employing the Web services software standards, will do the same thing for the Internet, Microsoft executives say. "The Internet will be programmable," Microsoft's chief technical officer, Craig Mundie, said. "And there's no reason why the bulk of humanity won't be able to apply the tools we're talking about to this new world."
.
Some 7,000 people have registered to attend Microsoft's professional developers conference, which began Monday in Los Angeles. The turnout is a record, Microsoft says. The computer professionals will be shown glimpses of the Microsoft's next version of Windows, named Longhorn, which will be built using Web services standards. Microsoft has not said when Longhorn will be ready, but it is not expected to be shipped until late 2005 or 2006.
.
Microsoft will not announce a shipment date at the conference. "This is a technology-driven release, not a date-driven release," Gates said.
.
At the conference, Microsoft will show the professional programmers a set of development tools, called Indigo, intended to allow a programmer to write a Web-services application once that can then run on several devices - a PC, a personal data assistant, a cellphone.
.
This is Microsoft's notion of seamless computing. The devices need not be running Microsoft software, in the same way that e-mail messages can be sent and received by people using different e-mail programs. But, of course, the Microsoft message is that the preferred technology is Windows.
.
The Windows-centric strategy, IBM executives say, is increasingly out of step in a computing world moving toward technical diversity and open standards not owned by any one company.
.
"Microsoft today reminds me of IBM in the years from 1988 to 1990," said Irving Wladawsky-Berger, vice president for technology and strategy at IBM. "We were doing lots of things but the No. 1 thing was to protect the mainframe franchise."
.
"Windows will continue to be a superb legacy business, just as the mainframe is for us," Wladawsky-Berger said. "It's just that the dynamics change."
.
IBM clashes with Microsoft not least because IBM is the leading corporate backer of the free Linux operating system, a direct challenge to Windows. IBM regards the spread of Linux as part of the inevitable market of open technology standards.
.
"I regard it almost as a law of nature that anytime an Internet-based standard is good enough, it will take over the volume business from the proprietary standard," Wladawsky-Berger said. He regards Linux as one of those Web-based standards.
.
Microsoft's Windows is perhaps the most lucrative "volume business" the world has ever seen.
.
The New York Times
OT: RSA to support MS on security initiatives
RSA Security Inc, an e-security solutions provider, has offered support for Microsoft Corp's newly announced enhanced security initiatives, including a commitment to continued product development and industry education on the impact of information security threats on individuals and businesses.
A press release said Microsoft's chief executive Officer (CEO) Steve Ballmer outlined new security initiatives targeted at reducing the vulnerability of computer users around the world, and mentioned how companies like RSA Security can play a role in helping Microsoft carry out this initiative.
A study conducted in April 2003 by RSA Security, in conjunction with Opinion Research Corporation, found that consumers consider identity theft and attacks from malicious computer viruses among their top security concerns.
'Microsoft's announcement is a clear signal that information security is a serious issue, and the company's commitment to improving security for its users is an important step in the right direction', said Art Coviello, president and CEO at RSA Security.
'We've had a long-standing collaborative relationship with Microsoft, and will continue to work with them to help make the Internet a safer place for conducting personal and corporate business'.
RSA Security and Microsoft have teamed on e-security solutions for several years most recently adding RSA Security's market-leading two-factor authentication functionality into the Microsoft Internet Security and Acceleration Server 2000 Feature Pack 1, which is engineered to deliver enhanced security and ease of use beyond that of traditional firewalls for web server, Microsoft Exchange Server and Exchange Outlook Web Access deployments.
In addition, the two companies jointly serve on a number of industry coalitions chartered with increasing awareness and education of internet security issues, including the Coalition on Online Identity Theft, a group of leading financial services, information technology and electronic commerce companies working to expand public education, promote new technologies and share best practices in security, the release said.
--------------------------------------------------------------------------------
OT:IBM Boosts Thinkpad Mobile Workstations
By Mark Berniker
IBM Corp. on Monday announced the release of two new Thinkpad mobile workstations, which the company says pushes the limits of technologies from Intel (and ATI Technologies.
The Thinkpad R50p and T41p utilize Intels Pentium M microprocessor and ATI's graphics technology. IBM said its packed a number of new features into the new Thinkpad models designed for mobile professional customers.
IBM said these new Thinkpad's are designed especially for workers that demand sophisticated applications, including CAD/CAM.
The Thinkpad models utilize ATI's Mobility FireGL T2 graphics card, which includes 128MB of video memory. The video memory coupled with IBM's display technology, customers will be able to make presentations using three-dimensional technology.
The R50p contains a 1.7GHz Pentium M processor along with 512MB of PC2700 (33MHz) DDR SDRAM, a 60 GB hard drive, a CD-RW/DVD-RW all for a starting price of $3,799. The T41p has similar features to the R50p, but it only contains a standard CD-RW/DVD-ROM drive and has a starting price tage of $3,449.
Both new Thinkpads contain Bluetooth wireless networking technology, and either Intel's 802.11b Pro/Wireless 2100 chip or a dual band 802.11b/802.11a/802.11g are available on certain models.
IBM is targeting workers with intensive processing and graphics technology needs and the company said "a new mobile-workstation standard for engineers, geologists, digital content creators and any professional with industrial-strength graphics-crunching needs."
IBM also said "both the ThinkPad R50p and T41p come standard with IBM's Embedded Security Subsystem, consisting of an integrated security chip and downloadable IBM Client Security Software."
IBM is not the only PC company targeting the market for high-end notebook computers using Intel's latest processor designed for the scientific, design and other industries demanding graphics-intensive applications.
Hewlett-Packard (Quote, Chart) is marketing the Compaq Nw8000 notebook model for $2999, which contains a 1.6GHz Pentium M processor, 512MB of PC2700 DDR SDRAM, a 40 GB hard drive, a CD-RW/DVD-ROM drive, but has no wireless chip.
Dell Computer (Quote, Chart) has the Precision M60 mobile workstation on the market. Dell's high-performance notebook contains a 1.4GHz Pentium M processor, 256MB of DDR SDRAM, a 40GM hard drive, Intel's Pro/Wireless 2100 chip, a CD-ROM drive for a starting price of $2,668. Dell's notebook uses Nvidia's (Quote, Chart) Quadro FX Go700 graphics card with 128MB of video memory.
Way OT: Two Million Miles per Hour!
Here Comes the Sun Storm
Friday, October 24, 2003
NEW YORK -- In the kind of event that fascinates space forecasters but worries some industries, a strong geomagnetic storm (search) was expected to hit Earth on Friday, potentially disrupting everything from cell phones to power.
Space forecasters at the National Oceanic and Atmospheric Administration (search) said a potentially powerful ejection of magnetic material from the Sun could wreak havoc on satellites, pagers, electric grids and possibly airline schedules.
"This is not a super solar storm," said Larry Combs, a space weather forecaster with NOAA's Space Environment Center in Boulder.
So far, the storm has interfered with airline communications and radio communications for teams on Mount Everest, Combs said. But problems were not widespread.
"It is kind of like a snowstorm in June in Colorado," Combs said.
The cause of the storm is one of the largest sunspot clusters scientists have seen in some time. It developed over the past three days and produced an explosion of gas and charged particles into space from the outermost layers of the sun's atmosphere.
It's that disturbance, known as a coronal mass ejection, that was heading toward Earth at 2 million mph. The usual cycle for such a storm is every 11 years; this one was expected to hit three years ago.
Solar activity is rated in the same way as earthquakes, on a sliding scale of 1 to 5 with 5 being the most powerful. This storm is expected to rank at a moderate 3.
Much like predicting a hurricane, forecasting the impact of a geomagnetic storm is difficult.
"It could just strike a glancing blow or hit head on," Combs said.
One positive angle to the storm: much of Europe and the northern United States and Canada can expect to see brilliant skies from the northern lights.
A second sunspot cluster not yet visible from Earth could produce more geomagnetic storms in the next two weeks, NOAA said.
Ramsey...
Let us know what you find out. There's a link to the RSA conf on Wave's website, but they're not listed as an exhibitor. I noticed TCG and RSA, though.
Howie, actually...............
I think it'll be bigger than KidCard and Great Stuff Network
combined! lol
Your horse is pointed in the wrong direction in this race, Howie.
Is it just me?
Or do opportunities seem to be popping up? First, this:
Since July, FINREAD has been the subject of a "feasibility model" by GIE SESAM-Vitale. Four FINREAD readers (from two different manufacturers) are being tested for two separate applications: updating the Vitale medical benefits card, and reading the patient's secure Vitale card via the health professional's card (CPS).
The aims of this model are to validate the sound technical operation of SESAM-Vitale applications on FINREAD card readers, guarantee increased data security and confidentiality (use of the SSL secure data encryption protocol), and test the interoperability of FINREAD card readers.
Then this:
The EU may introduce a standard health insurance card for all member states next year, followed by passports containing a biometric ID chip
EU citizens may be hit by a double whammy of electronic idenfication measures over the next two years with the introduction of health insurance ID cards across Europe and a new EU passport embedded with a wireless chip carrying biometric information.
On 1 June, 2004, the European Commission is to launch the first phase of introducing a health insurance card that will significantly reduce the paperwork required before a European citizen can receive medical treatment in another member country, according to a recent proposal. Additionally, a new EU passport containing biometric data about its holder has been pencilled in for introduction in 2005, a few months after the US makes biometric passports for non visa-holders compulsory.
The original proposals for improving passport security were submitted in September 2001 and adopted by the European Parliament in regulation 334/2002, five months later. However, the latest proposal set out by the European Commission not only intends to speed up the roadmap set out in regulation 334/2002, but is designed to further improve the security of EU passports to aid the detection of individuals using forged or stolen documents. This will require an amendment to an earlier regulation that set the requirement for a uniform passport format for all EU member countries.
The proposal recommends that passports contain a digital image of the holder so that facial recognition technology can be used to aid the identification process. As a secondary measure, two fingerprints of the passport holder would also be stored in a wireless chip that is embedded within the document.
The proposal states: "The most appropriate storage medium is a contactless microchip. The microchip is necessary for the storage of the biometric information and the security code (PKI digital signature)". The document states that the chips should have a minimum of 32KB of storage, but recommends 64KB so that member states will be free to add unspecified "alphanumeric data".
According to the proposal, fingerprints were preferred over iris scans because most EU countries already maintain extensive databases using fingerprint information, so that background checks on individuals would be a relatively simple process.
As for the health insurance card, there are already a number of joint health schemes in operation, one example is between Germany and the Netherlands. Since 2000, the two countries have issued virtually identical health cards to allow their citizens to receive treatment from either country. The proposed EU-wide health card is designed to eventually replace at least five different application forms that currently have to be filled in by EU citizens when studying, travelling, working or receiving health care in member states.
Full details of the proposals for the EU health insurance card and biometric passport are available on the EU Web site.
Ramsey/Unclever, much thanks! e/
A couple pieces I hadn't seen before:
http://rsasecurity.agora.com/rsasecured/detail.asp?product_id=1011
and
http://www.complianceease.com/prod/prod_ssafe_overview.jsp
trustco,
Snackman is on vacation. You'll see him back Monday, possibly Sunday.
Ramsey, fwiw
I ran across this bit from EETimes:
Nokia is chairing a new handset working group within the ad hoc Trusted Computing Group (TCG) that is setting standards for the PC-centric initiative. The company is expected to make its first concept demo of how the security scheme would work on a cell phone at the Cellular Telecommunications and Internet Association conference in Las Vegas in October.
Doma,
It looks like Larry Dudash was looking for info to support his claim of a delay by Intel. I found this on the Intel board, dated the day after your heated exchange with him in September:
Posted by: Larry Dudash
In reply to: None Date:9/20/2003 11:29:41 AM
Post #of 7388
Intel D865GRH
Can any one give me a URL to find shipping date for this board?
howie,
what was all that bluster between you, Sherri, and silkstocking a couple of weeks ago? Did it ever lead to anything
kevin_s5
nelz/tampa, thanks for today's laugh! e/
OT: Intel and Sony Music Collaborate
to Bring Advanced Music and Entertainment to Intel-Based Cell
SANTA CLARA, Calif. and NEW YORK--(BUSINESS WIRE)--Oct. 16, 2003-- Intel Corporation and Sony Music Entertainment today announced they will work together to enable users to access music, images, videos and other Sony Music Entertainment content on powerful, Intel-based cellular phones and PDAs.
Together, the companies will optimize Sony Music Entertainment's mobile applications, services and content for mobile devices running the Intel(R) Personal Internet Client Architecture (Intel PCA) -- providing users with PC-quality digital music and video on their cell phones. The two companies also plan to co-develop future applications and services for Intel-based phones, including applications that will enable consumers to use PC-based multimedia content on their cell phones.
"Music, and music videos in particular, promise to be among the most exciting applications for mobile devices," said Ron Smith, senior vice president and general manager of Intel's Wireless Communications and Computing Group. "Through this collaboration, users will be able to take Sony Music's premium entertainment content with them anywhere and be able to enjoy a quality experience."
"Sony Music Entertainment's work with Intel promises to deliver the rich, multimedia applications that consumers expect on their phones," said Philip Wiser, chief technology officer, Sony Music Entertainment. "We're excited about working together to create products and services that take advantage of the advanced video, audio and 3D animation capabilities supported by the Intel PCA architecture. By optimizing our products for this powerful platform, we expect to enable a very compelling end user experience for Sony Music's mobile applications, services and content."
Intel and Sony Music Entertainment will work with cell phone makers and wireless carriers to make Sony Music's mobile applications and services available on Intel PCA-based phones on advanced wireless networks around the world. The Sony Music portfolio of mobile products and services enables wireless carriers to offer subscribers a variety of personalized services including the ability to download and experience images, ring tones, music videos and other music entertainment services. For phone makers, collaborations such as this enable exciting device and content bundles and provide an opportunity to showcase new and improved phone capabilities to customers.
The initial products from the collaboration are expected to be available through carriers and handset makers in 2004.
Hi Wavxmaster,
What is the connection between Gemplus and Trusted Logic?
http://www.trusted-logic.com/partners/partners.html
Good Health Network Selects RSA Security
to Secure its Trusted Healthcare Services(R) for the State of Florida
Tuesday October 14, 10:23 am ET
RSA Keon(R) digital certificate management software enables secure and wireless delivery of patient information to physicians, potentially saving Florida millions of dollars per year.
From Wave's website: RSA Security Inc., the most trusted name in e-security, helps organizations build trusted e-business processes through its RSA SecurID two-factor authentication, RSA ClearTrust® Web access management, RSA BSAFE® encryption and RSA Keon® digital certificate management product families. With approximately one billion RSA BSAFE-enabled applications in use worldwide, more than 12 million RSA SecurID authentication users and almost 20 years of industry experience, RSA Security has the proven leadership and innovative technology to address the changing security needs of e-business and bring trust to the online economy.
BEDFORD, Mass., Oct. 14 /PRNewswire-FirstCall/ -- RSA Security Inc. (Nasdaq: RSAS - News), the most trusted name in e-security®, announced today that Good Health Network, Inc. (GHN), a provider of identity management, security and confidentiality solutions for the healthcare industry, has integrated RSA Keon® digital certificate management software into its Trusted Healthcare Services®. Good Health Network chose RSA Keon software because of its scalable, flexible architecture and support for recent healthcare certificate standards, as well as its ability to help meet the Privacy and Security Standards under the Health Insurance Portability and Accountability Act (HIPAA).
Florida Medicaid is utilizing Trusted Healthcare Services to authenticate and securely enable communication between physicians and Florida's Medicaid prescription history databases. GHN's Trusted Healthcare Services enable participating physicians in the Florida Medicaid Wireless Pharmacology Project to use a state-supplied Personal Digital Assistant (PDA) to securely access and view patient medication history. The PDA permits physicians to remotely access the State of Florida's Medicaid preferred drug list. Previously, physicians had to refer to a 1,000-page reference guide. RSA Keon software issues, manages and validates the digital certificates that authenticate and secure the patient medication information with the application user name and strong password.
GHN's Trusted Healthcare Services enable participating physicians to wirelessly and securely access a 60-day drug history of their Medicaid patients. Physicians have access to filled prescriptions for shared patients to help eliminate drug-to-food and drug-to-drug interactions, including over- the-counter medications. GHN's Trusted Healthcare Services, together with Gold Standard Multimedia's pharmacological software program and Sprint's PCS network, will help the State of Florida avoid Medicaid fraud and abuse by identifying "drug seekers", patients who seek multiple prescriptions of the same drug from different physicians. As a result, these services are able to ensure greater patient safety and potentially save the State of Florida millions of dollars. This PDA is one of the first "wireless" tools to allow physicians to check for patient compliance of their drug orders.
"Based on the support we received during our deployment of Trusted Healthcare Services for the Florida Medicaid Project, Good Health Network recognizes that RSA Security has firmly established itself as a long-term partner to help ensure our success as we expand to other states," said Jim Kragh, president and CEO, Good Health Network. "Doctors are pleased with the real time access to trusted information that this project delivers, and RSA Security's swift compliance with the latest national and international healthcare standards was critical in making this happen."
Physicians using GHN's Trusted Healthcare Services access the Florida Medicaid drug history database and preferred drug list with their PDA through a two-factor authentication and identity management process. First, they are issued a digital certificate and second, they combine this with a personal identification number (PIN). This process, which includes an application username and strong password, significantly strengthens previously implemented security. According to Dr. Eric A. Moore, a family practitioner using Trusted Healthcare Services, "I'm on my PDA daily, and this is a great and practical way to do medication management. The data is readily accessible, and I can trust it."
"The selection of RSA Keon software to help manage digital certificates and provide secure transmission of patient data enables Good Health Network and their healthcare partners to increase customer satisfaction and reduce costs," said John Worrall, vice president of worldwide marketing at RSA Security. "We understand that establishing trust, security and privacy is of paramount importance to healthcare organizations, and we continue to be one step ahead on meeting the strict requirements for the industry."
RSA Keon software is an industry leading digital certificate management system, designed to enable companies to conduct secure, cost effective e- business by providing a flexible, scalable system for managing digital identities. It allows organizations to better develop, deploy and scale secure applications by automating and centralizing the management of cryptographic keys and digital certificates. RSA Keon software conforms to X.509 v.3 standard digital certificates and supports the American and International healthcare certificate standards, the ASTM E2212 and ISO 17090. Designed to enable strong authentication, access control, data integrity, audit, and encryption, RSA Keon software helps healthcare organizations to meet the requirements of the Privacy and Security Standards under the Health Insurance Portability and Accountability Act (HIPAA).
OT:Embedded FINREAD on CB booth at Cartes
November 18th to 20th 2003
The great worldwide cards Trade Show is convening again in Paris!
For the occcasion, the first secure and interoperable Embedded FINREAD-compliant devices will be displayed on Cartes Bancaires' booth.
Endorsed last September by the CEN, the Embedded FINREAD specifications bring a new dimension to the FINREAD concept of security and portability for remote transactions.
They will be demonstrated through several partners' initiatives:
Canal Plus' set-top box 'Pilotime' - a Canal Plus Technologies set-top box for a pay-per-view application based on a Java-MHP 2.0 platform.
Sagem myX-6 mobile phone - a Sagem mobile phone providing an electronic signature solution based on an MIDP secure application to authenticate on-line modifications to an insurance contract on the Internet;
A CB-payment on the VideoTel - a Call Image VideoTel(R): this videophone connected to Internet is equipped with a smart card reader for secure payments and transactions. These will be demonstrated with a CB payment card on a French flowers selling website (Interflora) also hosted on Call Image's platform. Call Image is VideoTel's manufacturer and operator.
GemCore(R) Secure Platform -Additionally, Gemplus is going to display its GemCore(R) Secure Platform, which allows to build FINREAD-compliant smart card readers. This very highly secure solution will be seen on Gemplus' booth as well as on Trusted Logic's as an implementation demonstration.
Innovacard will also demonstrate their 'USIP Consumer' prototype of single chip card. This fully EMV- and FINREAD-compliant product is designed to be embedded in FINREAD readers. Off-line demonstrations on an e-commerce application (payment transactions) will be performed on their booth 4 R057 (Hall 4).
OT: WinHEC newsletter
The Next-Generation Secure Computing Base (NGSCB) is new security technology for the Microsoft Windows platform. It will be included as part of an upcoming version of the Microsoft Windows operating system, code-named "Longhorn." NGSCB employs a unique hardware and software design to enable new kinds of secure computing capabilities to provide enhanced data protection, privacy and system integrity.
The technology being developed as part of NGSCB includes new software that will work on a new breed of PC hardware. NGSCB will not change anything in Windows, but rather will sit beside with the regular Windows environment. To make NGSCB possible, both the software and the hardware will evolve. On the hardware side, the CPU, chipset, USB I/O and GPU hardware components will be redesigned, and a new component will be added, called the Security Support Component (SSC). On the software side, a new operating system component will be added, called the nexus, along with some associated code to enable the NGSCB environment. Collectively, this software comprises the trusted computing base (TCB) for NGSCB.
At WinHEC 2003 in New Orleans, Microsoft architects and other industry representatives presented detailed information about the hardware fundamentals, overall design principles, platform advances, and developer community perspectives on NGSCB. To increase the availability of the technical information provided during NGSCB sessions at WinHEC, the slide presentations and whitepapers are available from the Windows Hardware and Driver Central Web site.
WinHEC 2003 Slides
All WinHEC 2003 presentations are in Microsoft PowerPoint® format. Windows users without Microsoft PowerPoint can view these presentations by downloading the PowerPoint Viewer from:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D1649C22-B51F-4910-93FC-4CF2832D3342&di....
Overview of Next-Generation Secure Computing Base (NGSCB)
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT06.exe
Technical Introduction to NGSCB
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT10.exe
Building a Next-Generation Secure Computing Base PC
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT15.exe
NGSCB Hardware Fundamentals:
Part 1: Core Hardware
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT03.exe
Part 2: Peripheral Hardware
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT04.exe
Trusted Graphics and NGSCB
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT11.exe
User Authentication in NGSCB
http://download.microsoft.com/download/c/f/1/cf1806ad-5a4f-4f7d-a5b2-07fdb59a7adb/WH03_TPT12.exe
Related Whitepapers
Security Model for the Next-Generation Secure Computing Base
http://www.microsoft.com/resources/ngscb/documents/NGSCB_Security_Model.doc
This white paper focuses on the components, features, and functions that make up the NGSCB security model. It describes the fundamental elements of NGSCB and how they interact, discusses features that make NGSCB important to both consumers and the computing industry, and provides a list of resource materials.
Hardware Platform for the Next-Generation Secure Computing Base
http://www.microsoft.com/resources/ngscb/documents/NGSCBhardware.doc
This white paper focuses on the hardware components required to implement the new security, trust, and privacy features of NGSCB. It describes the new processors, chipsets, and other hardware components required for NGSCB-enabled computers. Also discussed are the target customer groups for NGSCB features and services and key vendors that are building NBSCB hardware components.
Call to Action
Download and review the NGSCB slides and whitepapers from WinHEC 2003
Plan for the implementation of NGSCB in your products. A multi-year NGSCB roadmap is available in the WinHEC 2003 slides
For a preview of Windows Longhorn, attend the Professional Developers Conference (PDC) 2003. More information on PDC 2003 is available at:
http://msdn.microsoft.com/events/pdc/
Work with Microsoft to design your hardware for NGSCB
For more information, see these resources:
Microsoft Next-Generation Secure Computing Base Web site:
http://www.microsoft.com/resources/ngscb/default.mspx
Microsoft Senior VP and CTO Craig Mundie's "Trustworthy Computing" paper:
http://download.microsoft.com/download/a/f/2/af22fd56-7f19-47aa-8167-4b1d73cd3c57/twc_mundie.doc
Third-party Driver Development and Security Resources:
The Windows Driver Developer Digest
http://www.wd-3.com
Sysinternals
http://www.sysinternals.com
Hollis Technology Solutions
http://www.hollistech.com
WinGuides Network
http://www.winguides.com
--------------------------------------------------------------------------------
Hi Nelz,
I, too, saw this earlier today. The last mention of ARM and Wave that I could see dated back to 1999. While not definitive, I doubt there's anything to do with us here in this announcement. Good sleuthing though; you beat rooster!! lol
kevin
Nice find Sammy!! e/
OT: US Computer Makers Not Expected To Post 3Q Surprises
NEW YORK (Dow Jones)--With the demand for computer hardware stabilizing and companies cautious in their financial projections, U.S. computer makers are not expected to report significant third-quarter earnings or sales surprises.
While many computer companies posted solid results in the second quarter, management set low expectations for the third quarter to protect against a worsening environment. Fortunately for them, analysts said demand in the U.S. continued to stabilize during the third quarter, making the targets achievable.
Also aiding computer companies was the weak dollar, which, analysts said, could add 3% to 4% to sales results.
International Business Machines Corp. (IBM), which derives more than half of its sales from overseas, likely will see a 4% increase in sales solely because of currency, Steven Milunovich, an analyst at Merrill Lynch & Co., said in a recent research report.
He expects the Armonk, N.Y., technology powerhouse to report sales of $21.8 billion and earnings of $1.01 a share, but added that earnings could come in a penny or two higher. Analysts, according to Thomson First Call, expect Big Blue to weigh in with third-quarter earnings of $1.02 a share and sales of $21.9 billion. In the year-ago third quarter, IBM posted earnings of 99 cents a share and sales of $19.8 billion.
"IBM benefits from substantial annuity revenue, having banked half of its earnings coming into the quarter," said Milunovich, who does not own shares of IBM. When IBM reported second-quarter results, the company said it had already signed $3 billion in service deals. Milunovich added, however, that IBM also needed a "solid" end of the quarter to meet his estimates.
The analyst expects IBM's services unit to see 21% year-over-year revenue growth, while its software unit should see 10% growth and hardware sales should decline 2%. Merrill intends to seek an investment banking relationship with IBM.
Milunovich said IBM likely will back current estimates for the seasonally strong fourth quarter. Analysts surveyed by First Call expect the company to earn $1.51 a share and post sales of $25 billion in the period.
Daniel Niles, an analyst at Lehman Brothers Inc., said that IBM's strong showing in the third quarter should carry through to the fourth quarter, where he predicts more money from companies' information technology budgets will be spent.
Competitor Hewlett-Packard Co. (HPQ) is also expected to report fiscal fourth-quarter earnings in-line with expectations, although Morgan Stanley analyst Rebecca Runkle said there is room for the company to surprise on the upside. H-P's quarter closes a month after many of its peers.
According to Runkle, who owns shares of H-P, the Palo Alto, Calif., computer maker will not only benefit from currency rates but from a new product lineup and lean retail inventories. The analyst is calling for H-P to report earnings of 35 cents a share and sales of $19.02 billion. Analysts, according to First Call, have H-P posting earnings of 35 cents a share and sales of $18.9 billion. In the year-ago fiscal fourth quarter, H-P reported earnings of 24 cents a share and sales of $18 billion.
Prudential Securities analyst Steven Fortuna, who also expects H-P to earn 35 cents a share, said in a recent research report that, based on recent checks, there is cautious optimism that execution at H-P is improving and that demand is stable. Fortuna doesn't own shares of H-P, and Prudential does not provide investment banking services.
"The data points give us an extremely high confidence level in our October quarter estimates," wrote Fortuna. "Consumer spending appears solid for back to school; enterprise remains mixed with U.S. improving and Europe perhaps still weakening a little on a seasonally adjusted basis." Fortuna expects H-P to report fiscal fourth quarter sales of $18.8 billion.
Wider Loss Expected At Sun
One computer hardware company not expected to post improved results is Sun Microsystems Inc. (SUNW). Late last month, the company warned its fiscal first-quarter results would fall short of Wall Street expectations because of intense competition. Sun said then that it would lose between 7 cents and 10 cents a share, much wider than the consensus of a loss of 2 cents a share on sales of $2.7 billion. Analysts now expect Sun to post a loss of 8 cents a share and sales of $2.5 billion. In the year-ago first quarter, Sun posted a loss of 2 cents a share and revenue of $2.7 billion. Sun's first quarter ends in September.
Merrill's Milunovich said revenue could come in as low as $2.5 billion, which would be worse than his current estimate of $2.62 billion. According to the analyst, Sun's warning suggests that technology customers are moving away from Unix machines, which is driving the pricing down on those systems. He added that Sun's storage and service units are continuing to do well. Milunovich does not own shares of Sun, but Merrill intends to seek an investment banking relationship.
Analysts expect Dell Inc. (DELL), which has weathered the downturn relatively well, to post earnings of 26 cents a share and sales of $10.5 billion in its fiscal third quarter. Like H-P, Dell's quarter closes at the end of October.
"Given seasonal pickups in consumer back-to-school and government business in the third quarter, as well as a general seasonal uptick in Europe, we believe the company is poised to deliver our third-quarter revenue estimate of $10.6 billion and earnings of 26 cents a share," Prudential's Fortuna wrote in a research report.
While Fortuna said component prices during the third quarter are less favorable for Dell, he said they are manageable. In the year-ago third quarter, Dell weighed in with earnings of 21 cents a share and sales of $9.1 billion. Fortuna does not own shares of Dell.
Weby/go-kite
Thanks for the info. I looked at Kudelski's website and didn't find anything.
Kevin
STMicroelectronics And The Kudelski Group Sign Framework
Development And License Pact For M-commerce Secure 3G Java(TM) SIM/USIM Card Solution
Wasn't Wave involved with Kudelski at some point?
Software on demand: An emerging technology
On-demand application delivery systems (ODADSs) manage client applications centrally, but allow for client-side execution without installation of the applications on the desktop. These application deployment platforms do not install application software on desktops; they download only the runtime code that end users need for local execution of the applications by streaming bits of code at a time.
Although these software solutions are not traditional thin client, they can be used over most low-bandwidth networks. AppStream and Softricity, small new startups, offer products for Java and Microsoft Windows and .NET environments.
How the technology works
ODADSs are server-based software platforms that deliver applications on demand to network-connected end users. After using an analytic process that segments the application into small bits, only the necessary segments of an application are streamed to users through analytic and predictive tools included with the platform. For an application such as Microsoft Office, which has many features that are never used, only 15 percent of the total application code may be streamed to the desktop (in very small segments). Once streamed to the desktop, the runtime code is cached there, and only new features or changes to the application are streamed to the desktop through a network connection, which is required to receive the updates. The ODADS has a tool that identifies how the application installs, where the files are, where they go, and what the registry settings are; this information is packaged with the application when it is streamed (in very small segments) to the client. Users can request an application through a browser. Client-side Windows applications are supported by Softricity and AppStream, and AppStream also supports Java applications. The ODADS software authenticates users based on license compliance and access rights.
These vendors have their own client-side software agent, which ranges from 2 MB to 5 MB. The agent needs to be downloaded only once, but the size of this download is an inhibitor for remote access over low-bandwidth networks. AppStream and Softricity use their own proprietary transport protocol that runs on top of IP networks to connect to the server (which can sit behind the firewall) to prevent unauthorized users from accessing the enterprise's network. As more applications become mobile, the agent download requirement will become more of an issue and will limit the adoption of the technology.
Where the technology works
ODADS platforms are currently targeted for Java, Windows, and Windows Terminal Server applications. Some early adopters of this technology use it to meet some unique requirements. For example, a large financial services company uses an ODADS platform to allow its customers to access their primary trading application. Without ODADS, users had to download the entire Java applet (almost 2 MB) every time they needed to use the application. This approach was impractical for remote use and unusable during peak trading hours when simultaneous access saturated network bandwidth. More than 3,000 investors currently use the trading application with the ODADS, streaming bits of runtime code to local cache over 50-Kb dial-up without any performance issues. Prior to using the ODADS, the application download took three to five minutes or longer during non-peak hours. The installation and deployment was quick and relatively painless, as the pilot took only four weeks.
Another example is a service company with a large reservations system that has a Java-based front-end application (with a feature-rich graphical user interface, the applet is more than 3 MB). The company expects the number of users to grow to more than 100,000 during the next two years. The application is updated frequently. Deployment of the ODADS has resulted in positive user satisfaction and reduction of help desk calls, and has freed up network bandwidth for other applications. The agents are satisfied because they can work from home over slow networks with the same rich user interface to which they are accustomed. IS organization management is satisfied because no changes to the software were needed, and new features and enhancements are streamed to users automatically the next time they connect to the network. However, there is some doubt about performance when the deployment is expanded to Europe (which has slower than 56-Kb bandwidth in many locations) because the ODADS agent will require too much time to download.
A couple of references we interviewed use an ODADS with Citrix MetaFrame to consolidate their Windows Terminal Servers. The goal is to cut the number of servers in half, to consolidate software releases to the same version, and to migrate to new software versions easily and quickly. Different versions of the same application must be deployed on separate Windows Terminal Server farms (with or without MetaFrame) to eliminate conflict between different versions. The ODADS enables different versions of the same application to coexist on the same server farm because the versions are streamed to (not installed on) the server farm as virtual file systems, thereby eliminating any conflict.
Softricity agreement with Microsoft
Softricity and Microsoft announced a three-year joint marketing agreement in May 2002. There are no licensing or financial terms. This agreement is purely a marketing agreement to promote .NET solutions. It is not a product development agreement and does not involve Microsoft product groups.
Support
ODADS platforms support applications that are streamed to the desktop without any changes to the applications. However, enterprises must invest in training to develop the skills needed to use the technology. Problems that might occur when streaming applications are more likely to stem from the publishing process. If the application works traditionally, there is no apparent reason why it will not work in a streamed environment, but the issue is how well the applications will work. Intimate knowledge of the behavior of the applications is needed to optimize the applications to run effectively when deployed using an ODADS platform. There is the likelihood of encountering unexpected glitches.
Certification of third-party applications for this new technology is very important. AppStream and Softricity have a list of common applications that they have certified. Enterprises should be sure to obtain a copy of the list of certified applications with documentation on how to run these applications most effectively using the ODADS platform for which the applications have been certified. There is obviously more risk in encountering support problems for applications that have not been certified for the ODADS platform. Both vendors are developing a value-added reseller (VAR) channel, where the VARs are the first line of support. Softricity trains its VARs in a step-by-step methodology for streaming applications.
Potential strengths
ODADS platforms are server-based, combining aspects of thin and fat client applications, including
Central management and deployment of client-side applications without installing the applications locally.
Remote access over a minimum 56 Kb to 128 Kb lines.
Good performance for Java applications (with large applets).
Ability to work offline occasionally; but users must be online to receive new features or releases of their applications.
Rich user interface (there is no sacrifice in the user interface).
Works for all applications without modification.
Support for diverse client environments (Windows, Windows Terminal Servers, .NET Services, and Java).
Scalability; ODADS platforms are inherently more scalable than Windows Terminal Servers (because the server is basically a file server, with only one-time access to files per desktop necessary due to caching, very little processing is required).
Elimination of application conflict--enterprises can run multiple versions of the same application.
Limitations
Provability: ODADS platforms are unproven, and it will take time and experience to determine best practices for deploying applications using ODADS platforms. ODADS platforms must have proven scalability to support enterprises with 30,000 to 50,000 desktops.
Vendor viability: AppStream and Softricity are small startups with no guarantee of survival beyond the next 12 to 18 months. Enterprises will not invest in ODADS technology for large production rollouts until they feel the vendors are viable and can support them on a 24x7, quick-response-time basis.
Software support: ODADS platforms need buy-in and support by third-party application providers.
Application tuning: Applications need to be tuned to run well with ODADS platforms. Third-party applications should be certified for ODADS platforms. However, third parties may be reluctant to certify their applications because of the costs of testing and supporting the ODADS platforms.
Training: Enterprises must invest in training to develop skills in using the technology.
Standards: There are no ODADS standards. Each vendor has designed and implemented its own proprietary transport protocol stack.
What you need to know
ODADS is an emerging technology being offered by startups--risky ventures. These vendors may not make it on their own, especially in difficult times, but an acquisition by an established software vendor would provide necessary resources for sales, support, and engineering. The technology has the potential for delivering software as a service, but it is still an unproven technology with proprietary implementations by small startups. We encourage Type A (early IT adopter) enterprises to explore this technology for pilots, and to follow the technology and vendors.
Three scenarios for trustable computing platforms
October 9, 2003
By John Pescatore
Trustable computing platforms provide some benefits to enterprises and consumers, and many benefits to content providers. Acceptance and use of the technology will be driven by the content and software industries' ability to emphasize customer satisfaction over revenue protection.
Analysis
The PC platform was designed in the early 1980s, before nearly every PC was connected to a LAN or the Internet. Security wasn't an afterthought in the early days of PC hardware and software development--it wasn't a thought at all. Recently, driven by Microsoft and Intel, the PC industry has proposed including new security technologies in standard PC hardware and operating systems to make them trusted execution environments. If such capabilities are built into every PC, but the software and content industries continue to follow previous practices, digital rights management (DRM) technology embedded in PCs will be shunned by the marketplace in the long-term. This will be similar to how V-chip technology, which is built into all televisions sold in the United States, is mostly ignored today.
V-chip regulation forces television content providers to tag their programs with content ratings and enables parents to program their television sets to block programs with certain content ratings. However, V-chip technology is complex to use, and many parents who grew up in the permissive 1980s are suspicious of it because of privacy concerns ("Big Brother is watching").
Gartner uses the phrase "trustable computing" rather than "trusted computing," because a trusted execution environment on Windows-based PCs and servers does not equal a fully trusted computer platform. Predictability, reliability, and safety are other key requirements that must be provided to enable trustable computing. The Trusted Computing Group has proposed capabilities to build into the standard PC platform. In addition, at the Windows Hardware Engineering Conference in May 2003, Bill Gates committed Microsoft to integrating its Palladium secure computing technology into Longhorn, Microsoft's next desktop operating system (expected for release in early 2005). Intel is scheduled to ship its LeGrande technology, which provides hardware support for Palladium, by year-end 2004.
When Microsoft made Palladium public in 2002, a storm of controversy arose regarding strong content control being built into PCs. Microsoft since has changed the name of this technology to the mellifluous Next-Generation Secure Computing Base (NGSCB). However, the content control controversy remains.
Timeline
By 2008, DRM capabilities will be embedded in the hardware and operating system of 50 percent of PCs (0.7 probability). It will take several years for trustable computing platforms to reach enough "critical mass" to be effective--that is, until more than 75 percent of PCs include the technology. By 2008, the majority of PCs will have been upgraded to the Longhorn operating system running on PC hardware that has trusted execution environment support. Enterprises that migrate to Longhorn on new PCs prior to 2008 will be able to use the new technologies internally, but broad application will not happen until critical mass is reached in 2008.
For consumer content applications such as music and videos, trustable computing platforms must extend to consumer devices, such as cellular phones, set-top boxes, and other audio/video/entertainment equipment. Because consumer device markets are not dominated by the PC industry, adoption of a PC-centric, trustable computing approach will take longer in those markets. Penetration of trustable computing technologies will not reach critical mass in consumer device industries prior to 2010.
Three scenarios
Although the technology to support trustable computing will be embedded in PCs and other platforms by 2008, market factors will drive use of those capabilities. In the early days of the software industry, numerous piracy protection techniques were abandoned because of market resistance. These three scenarios forecast the adoption and use of trustable computing capabilities if a trusted execution environment is built into every PC.
"Nirvana" scenario
Software vendors and content providers reduce the costs and complexity of their distribution systems, while maintaining control of their intellectual property. Enterprises allow their employees to securely log in remotely from any computer, anywhere. Enterprises also offer secure online services and digital wallets to their customers. End users still must worry about viruses and hacker attacks, but many online services are enabled because PCs are more secure. The net result is lower prices and more choices for end users.
Apocalypse scenario
Software vendors with monopoly powers and content owners with exclusive access to popular content resist market change and extend their control onto PCs. Microsoft's dominance of the PC market is greatly amplified because modifications to Windows and Office software require more granular pricing or more frequent forced updates. The effect of such business practices more than outweighs the security benefits for enterprises. The music and movie industries force content formats that work only on new software that is developed specifically for trusted environments, enabling these industries to slow the movement toward digital distribution to prolong the lives of their legacy distribution models. The net result is higher prices for digital content and fewer alternatives for end users.
V-chip scenario
PC hardware is updated to include security chips, and the Windows kernel is modified to include NGSCB. However, consumers and the overall market ignore the trusted execution features, similar to how they ignore V-chip technology. Most end users (and IS managers) will have used the Internet for more than 10 years by 2008, when trustable computing platforms will emerge. These users resist more stringent controls on content and use their market power to reward content providers that provide more open access. The net result is limited use of the technology by enterprises, as well as little consumer adoption.
The technology required to create a trustable computing platform to support DRM is well-known--the concepts have been around for 20 years. How the technology is applied, integrated, and marketed will determine the success probabilities of the three scenarios. If content owners try to use the technology to treat all customers as criminals and to gain pricing advantage, the Apocalypse scenario is likely. However, Gartner believes that consumer resistance will cause the V-chip scenario to be more likely in the long term. If content owners use the technology to try to transform their markets and create more value for consumers and enterprises, the Nirvana scenario is likely.
If content owners continue their previous practices, the V-chip scenario is the most likely outcome for trustable computing by 2010. For example, Intuit's attempts to implement heavy-handed DRM capabilities resulted in a loss of market share, and Intuit removed the controls. The music industry's decision to subpoena end users of music-swapping programs, rather than to offer reasonably priced alternatives to those programs, is another bad sign.
The content industries have several years to try to change their ways. For example, Apple's iTunes online music service has taken a more relaxed and customer-friendly approach to controlling the use of downloaded music. Adobe's trials in adding DRM to Photoshop using a similar approach show an understanding of the need to not treat customers as criminals. These approaches could be even more secure and easier to use, without becoming more intrusive, if PCs were based on trusted execution environments.
Delivering fair use is key
To be successful, trustable computing platforms must support the ill-defined concept of fair use. Similar to Justice Potter Stewart's famous definition of obscenity--"I can't define it, but I know it when I see it"--fair use means different things to different people, cultures, and legal systems. The basic problem for trustable computing platforms is to stop dishonest people from taking malicious or illegal actions without impeding honest people from taking legitimate actions. At the 2002 Computer, Freedom and Privacy conference, Microsoft's Barbara Fox presented "Fair Use Friendly DRM?," an excellent discussion of the complexity of this issue.
Through 2007, 75 percent of DRM implementation attempts will fail because of intrusive approaches that drive market and consumer resistance (0.6 probability). By 2009, trusted execution environments will be incorporated into 80 percent of DRM implementations that gain market acceptance (0.6 probability).
Providing consumers with an acceptable level of fair use is critical to achieving a balance between reducing illegal use of content and alienating customers. The software and content industries' focus on support for fair use as a mandatory feature of trustable computing platforms is the critical factor in determining if these platforms will be ignored or embraced by the market. DRM implementations that don't meet the demand for fair use capabilities will fail. DRM implementations that provide fair use support, and succeed in the market, will leverage trustable computing platforms to make implementation and enforcement simpler and less expensive.
Key issues
How will enterprises evolve organizationally, architecturally, and procedurally to respond to growing concerns over corporate and personal privacy?
What best practices will information security organizations adopt to avoid potential legal liability and safeguard information assets?
eamonshute,
It is my understanding that what they are developing would include a fare system that uses something similar to the Moneo cards. Riders could download their fares to a smart card via their home computer.
Kevin
OT: for you online traders.....
allegations are the first to mix hacking, identity theft and computer fraud.
Federal authorities charged a Pennsylvania teenager on Thursday with hacking into an online brokerage account to dump worthless options on Cisco Systems, Inc. (CSCO) stock.
Van Dinh, a 19 year old student, hacked into the computer of a Westborough, Mass., man in July and secretly placed an order through the man's online brokerage account to buy option contracts on Cisco, according to authorities.
Dinh's hack attack allowed him to sell his own Cisco options, avoiding about $37,000 of losses when they expired worthless about a week later, according to documents filed in federal court in Boston on Thursday.
Authorities say they found the Phoenixville, Pa., teen about a week later, even though he took pains to conceal his identity through online aliases, overseas Internet accounts and Web sites that help people remain anonymous online.
Federal prosecutors in Massachusetts charged Dinh with securities fraud, mail and wire fraud, and causing damage through unauthorized access to a protected computer.
The Securities and Exchange Commission filed a civil fraud suit against the teen in Boston. It wants to force him to return his allegedly ill-gotten gains, with interest, and pay penalties.
SEC officials said the case shows the Internet is no place to hide.
"Despite the use of complex anonymizer programs and other cloaking devices, our staff was able to unravel this conduct quickly," deputy SEC enforcement division director Linda Thomen said in a statement Thursday.
Authorities say the conduct started in July, when Dinh invited online investment forum participants to test a computer stock-charting program. In reality, authorities say the software was a disguised version of a program called "The Beast" which tracks keystrokes on any computer, including logins and passwords.
When a 34-year-old Massachusetts man downloaded the program, Dinh was able to tap into the man's TD Waterhouse account and place an order to buy 7,200 put options on Cisco stock, authorities allege. Dinh had placed a sell order on Cisco put options through his own online account with CyberTrader, according to the SEC.
"I've never seen anything like this," said John Reed Stark, head of the SEC's office of Internet enforcement. While the office has brought hundreds of cases against thousands of individuals, Stark said the allegations about Dinh are the first to mix hacking, identity theft and computer fraud.
Investigators quickly traced the trades the teenager, who lives at home with his parents, even though he used Internet accounts in Australia and other countries to cover his tracks, Stark added.
Dinh isn't represented by an attorney and didn't immediately answer a call to his home.
OT: Washington area set to expand smart-card transit program
(Cubic and Northrup)
By Trudy Walsh
GCN Staff
Washington area bus riders have long been resigned to the frustration of fumbling for exact change as they race to the bus stop. But the fumbling may soon be a thing of the past, thanks to the Washington Metropolitan Area Transit Authority's plans to improve the smart cards it uses for fare payment.
WMATA this week gave two companies "notice to proceed" on the SmarTrip program, which would let transit riders in the District of Columbia, Maryland and Virginia use one plastic card to pay fares on as many as 17 different transit systems, including WMATA's Metrobus, Montgomery County's Ride-On bus service, and Maryland Rail Commuter (MARC) and Virginia Railway Express (VRE) trains.
ERG Group of Concord, Calif., and Northrop Grumman Information Technology of Herndon, Va., will offer back-end financial operations and customer service operations for SmarTrip.
Cubic Transportation Systems, a subsidiary of Cubic Corp., is the lead contractor for the project and provides all SmarTrip's network equipment, including the retail point-of-sale network. SmarTrip uses Cubic's cards, card readers and central computer system.
Since May 1999, SmarTrip cards have been accepted for fares in WMATA's Metrorail system and for payment at parking lots operated by Metro.
Metrobuses in Arlington, Va., have accepted the plastic SmarTrip cards for about a year in a pilot program. The buses are equipped with metal fare boxes, which look much like the coin-operated fare boxes that have been on buses for years.
Passengers touch their SmarTrip card to the fare box card reader, instead of depositing change.
The estimated cost for the region to adopt the fare boxes is about $100 million, said Murray Bond, WMATA's director of SmarTrip operations.
When the SmarTrip installation is complete, transit riders "will be able to go almost anywhere in Maryland, the District and Virginia using the cards," Bond said.
ERG Group will provide the financial clearing and settlement, card distribution and call center sevices for SmarTrip.
Northrop Grumman IT, a subcontractor and partner to ERG, will distribute the smart cards and operate a customer service center in Reston, Va.
Barry, regarding what? e/
Will Americans learn to love smart cards?
Last modified:June 26, 2003, 4:00 AM PDT
By Robert Lemos
Smart card experts have predicted the imminent popularity of chip-carrying plastic cards so many times that it has become an in-joke among industry cognoscenti.
Although these so-called smart cards--and their less technology-laden brethren, chip cards--have been relatively well-received overseas, the reception in the United States remains frosty. But efforts under way in the United States to better protect its borders and increase company security may finally give the smart card its day. Steven Humphreys, CEO of identity-management software maker ActivCard, already has deals to launch as many as 50 million cards over the next 10 years, with about 80 percent going to government agencies such as the U.S. Department of Defense (DOD), the U.S. Department of the Treasury and the Secret Service.
CNET News.com spoke with Humphreys to learn why he believes smart cards are finally getting a serious look in the United States after so many false starts.
Q: Have smart cards found their "killer app"?
A: I hate to call it a killer app, but it is definitely something that we do have right now. You have cards to get into your building; you have passwords; you have tokens. Now some people have biometrics. It's all about managing identities.
What are the advantages of smart cards for security?
It gets me in the building. On one card I have all of my passwords. With a card in a laptop with valid serial numbers, whenever I go to one of my sites whose password I've saved, it pulls the user ID and password off, and I don't even need to deal with it.
So password consolidation is there. The security is there. The physical access as well as the logical access and local encryption and security are there. And when I go remotely, the one-time use passwords are there. People are already doing all these things.
We have seen the biggest and fastest traction with the Department of Defense.
Once you pull all these functions together, what is the impact on cost?
The cost is much lower. In the average corporate environment, when you forget your password and call in, it costs about $35 a help-desk call--and that's to get a password reset, to change the password, to make sure it takes throughout the system, and to make sure the user has the password and is up and running again. On average, people do it six to seven times a year--about $200 per person per year is being spent on this problem.
What's driving smart card adoption?
Companies are finding that they are already managing identity--but in a fragmented way. When they integrate it, then they actually get cost reductions. That is why this is taking off in the enterprise space.
To what extent are the laptop and PC makers on board with putting smart card readers in their machines?
The big thing was to get the external readers to drop in price. A smart card reader used to cost about $100 per user; it now costs $10. And the cost of goods is under $5. That's made a big difference.
Is there a consumer side to this? There are a lot of consumers that have 30 or 40 passwords out there and might like that functionality.
I think there ultimately will be. The big businesses are already managing a bunch of badges and locations and everything else. I think that, in five years, users will be able to buy it off the shelf: You get a client, put in all your passwords and you are off and running. But right now, it's more of an organizational implementation.
Have you seen a push in the smart card/chip card market because of homeland security?
We have seen the biggest and fastest traction with the Department of Defense. They are issuing these at about 11,000 a day right now.
Are any other branches of the government using them?
We are also selling into the Department of the Treasury and its Internal Revenue Service, the Department of the Interior, the Secret Service, the Department of Energy, the Department of Justice and a couple of others that aren't yet public. They are all beginning to deploy identities and identity management.
To function in society, you need to disclose some information.
If 9/11 hadn't happened, do you think you would have seen the current card uptake?
That's a good question. The DOD project started well before 9/11. We started deploying in August of 2001. They have gotten up to a rate of 11,000 a day. In the absence of 9/11, I don't think it would have happened that fast. I think it would have gotten up to 5,000 or 6,000 a day and then stabilized. On the corporate side, I don't think we are making that many sales driven by security: If they save money, they'll buy it. And if they don't save money, they won't buy it.
What programs are on the horizon?
The transportation workers' identity card is one of the biggest ones--and that's the idea that all of our ports and truckers and everyone else should be identified if they are moving stuff around. You can't stop them from moving something that's bad. But if you know exactly who is moving what, people are far less likely to move something that is bad knowingly.
Another initiative came when the Department of Homeland Security put out a directive to secure infrastructure at the state level. The idea is that all the public utilities--water, telecommunications and power--should be secured. Right now, they aren't. There is this whole tug of war going on with the states saying that they don't have any money to do this, and the federal government saying it's a state issue.
Do you think that all utility workers will have an identity card?
Yes, some sort of state-issued identity card.
It sounds like an identity trail is being built up for anyone who has access to some part of the critical infrastructure.
Right.
How do you make sure that data is handled correctly? Do you need a law or regulation that specifies when certain groups or agencies or people can see a person's private data?
Some of that is in the Bush administration's "securing cyberspace" proposal. But I think the real answer is that it needs to happen one implementation at a time. No one questions that military personnel should have secure identity cards and that the military should probably know most of what personnel are up to--especially if they are checking out weapons or something like that. On the other extreme, take driver's licenses: We don't want everyone to know exactly where we are going at every given moment when we are driving our car.
But when it comes to a power plant worker or a water utility worker, we sure want to know when they come in and what they did while they were in there. I think it is one case at a time. You want to be sure that the system is secure enough that what you want to disclose is disclosed and what you don't want to disclose is not disclosed at all. I think it will be very hard to come up with a single policy across the board that everyone agrees on, because you will have the ACLU on one end and you will have Secretary of Defense Donald Rumsfeld on the other.
So you think everything will take care of itself? That there is nothing to worry about?
There is never nothing to worry about. But each issuance of identity and use of that identity should be done in a way that is the result of a mutual agreement. That agreement--once entered into--cannot be violated.
Some people will voluntarily expose certain information to their employers, for instance. Those who don't want to expose any won't have to. But to function in society, you need to disclose some information. Entering a password is by definition disclosing information to people whom you decided to disclose it to. It lets us securely disclose what we want to disclose and make sure that we don't disclose what we want to keep private.
Current Status of Trusted Computing
Great report, lots of citations, and a small Wave mention on page 12
http://www.giac.org/practical/GSEC/Chris_Hageman_GSEC.pdf
OT: VeriSign Announces Security Intelligence
and Control(SM)plication Security
Enterprises Leverage VeriSign's Web Services Security Technology and Strong
Authentication Infrastructure to Gain Control Over Application Security
MOUNTAIN VIEW, Calif., Oct. 7 /PRNewswire-FirstCall/ -- VeriSign, Inc. (Nasdaq: VRSN), the leading provider of critical infrastructure services for the Internet and telecommunications networks, today announced Security Intelligence and Control Services -- Application Security. These services leverage VeriSign's web services security technology, visibility into XML security threats, and global strong authentication infrastructure to enable enterprises to take control of complex application security problems.
Network security through firewalls and packet inspection is not adequate for allowing companies to directly connect their applications with partners, suppliers, and customers over public networks. Application security presents the next frontier of challenges. To effectively take control, it is necessary to implement key policies, such as end-to-end message security, universally across all applications.
VeriSign is an industry leader in setting standards, like WS-Security, for next-generation application security. Based on its unique expertise and visibility into XML-based security threats, VeriSign delivers application solutions that make it possible to separate policy from the application, and take control of security issues. These services are built on native support for secure XML message communication, inspection, and routing, and VeriSign's global strong authentication infrastructure for real-time validation of digital credentials, and seamless integration with near-ubiquitous platforms, such as Microsoft Windows. Enterprises get the full benefits and operating efficiencies of secure application integration, while reducing the cost, complexity, and risk of deploying application security.
"After a nine-month evaluation of solution providers, we chose VeriSign's security services because of its reliability and capacity to scale to millions of users, enabling us to support the new breed of online applications," said Ron Thornburgh, Kansas Secretary of State. "With VeriSign, we're able to offer government, business, and citizens electronic communications that authenticate the identities of senders and ensure that the original content of messages have not been changed."
Security Intelligence and Control -- Application Security consists of two key components:
Web Services Security
Web Services streamline processes and reduce costs by using open Internet standards to automate data sharing among applications, within or outside the enterprise. To maximize Web Services benefits, enterprises must be able to reliably and efficiently secure high-value, sensitive data in machine-to-machine communications.
VeriSign's core product for Web Services security is the Trust Gateway, which enables enterprises to offload Web Services security operations, policies, and administration to a dedicated, standards-based solution. The Trust Gateway leverages VeriSign Managed PKI to deliver a comprehensive, digital certificate-based solution that is easy to customize, implement, and manage.
By using the Trust Gateway, enterprises can rapidly extend application integration initiatives to trading partners, suppliers, and customers with complete confidence that valuable data is protected from end to end.
Application Security Consulting
VeriSign helps enterprises assess, design, and deploy cost-effective and scalable application security solutions, while maximizing the value of existing security investments. VeriSign offers a number of consulting services including:
-- Web Services and Web Applications Security Assessment -- Customized
Security Assessments leveraging VeriSign's deep expertise in Web
Services security standards (e.g., WS-Security).
-- Application Security Architecture and Design -- Tailored,
cost-effective architecture to meet enterprise business needs, along
with customized application security programs and policies.
-- Application Security Deployment and Integration -- Rapid, low-risk
deployment and integration into the application architecture.
"As an industry leader in setting standards for next-generation application security and Web Services, VeriSign has unique expertise that allows us to provide enterprises with application security solutions that are easy to architect, integrate, manage, and scale," said Judy Lin, Executive Vice President, VeriSign, Inc. "As more and more businesses take advantage of the benefits that connecting their applications with partners, suppliers, and customers bring, they also must contend with unseen security risks. Security Intelligence and Control Services -- Application Security provides them with the ability to monitor and adjust their environment to combat any problems they encounter."
VeriSign's Security Intelligence and Control Services -- Application Security is available today. Future releases will provide the capability to detect, trend, and respond to XML-based security threats in real-time, through monitoring and management of application security devices. Additional information can be found at:
https://www.verisign.com/products/applicationsecurity/
Interesting alliance.............................
IBM, GE partner on security solution
By Kate Evans-Correia,
22 Sep 2003 /
IBM Corp. and a key General Electric subsidiary said Friday they would merge their security offerings in an effort to solve a problem faced by large companies -- the communication gap between security tools used for protecting offices and physical property, such as badge readers, and the tools used for protecting computer data, such as passwords.
Electronic security provider GE Interlogix, Austin, Texas, will integrate its facilities security software with IBM's enterprise management and application server software, allowing the facility side of security management and the IT side to share information.
This collaboration is part of a growing movement -- albeit a slow one -- to converge the worlds of physical security and IT security, particularly in industries that are heavily regulated, such as finance.
Physical and IT security have merged on some levels already, says Allan Carey, program manager for information security services at International Data Corp., Framingham, Mass. For example, many businesses use the same smart card or common access card to enter the building they work in as well as access their desktops, networks and secure rooms within the building.
But for the most part, physical and IT security systems don't communicate with each other, preventing corporations from having a complete picture of their overall security environment -- often with negative results, like identity theft, experts say.
It's like having one hand that doesn't know what the other hand is doing.
According to Raymond Blair, vice president of business development at IBM Global Services, physical security assets such as badge readers and surveillance systems will be interlinked with logical security capabilities, such as smart cards and network passwords.
If a person leaves the building, swiping his identity badge on the way out, for example, and then five minutes later someone signs on to the network using that person's password, the badge system and the network system would sound an alert that a possible breach had occurred.
"We'll be able to see the information that they're getting [physical security], and they'll be able to see the information we're getting and then take action," Blair said. "We're not going to suddenly start seeing the physical security guy and the IT security guy walking hand in hand down the street singing 'Kumbaya,' but they'll be communicating and talking."
But the increasing need to converge physical security and IT security stems as much from the need to communicate as it does to consolidate. Blair cites an example of one major credit card company that has 73 different security registration systems in its organization. There are probably that many people trained to manage them, infrastructures to run them, and polices shaped around them.
"We're going to be able to tie all those together," he said. "There's a huge potential for savings there."
As part of the arrangement, IBM will be responsible for IT security services, application integration and solution deployment, and will work with an existing network of IBM and GE Interlogix partners to help customers integrate their IT infrastructure and back-office systems.
GE Interlogix will integrate Facility Commander, its security system integration software, with IBM's Tivoli enterprise management software, including Tivoli Risk Manager and Tivoli Enterprise Console, and WebSphere server software. GE Interlogix will also support IBM Directory Integrator and IBM's DB2 database.
IBM also plans to integrate IBM Tivoli Access Manager and IBM Tivoli Identity Manager with GE solutions to integrate and automate core identity management business processes with physical security practices.
svenm and GoWave, thanks! e/
HP draws on Intel for next tablet
Last modified: October 2, 2003, 11:54 AM PDT
By John G. Spooner
Staff Writer, CNET News.com
Hewlett-Packard's next Tablet PC will have Intel inside.
The Palo, Alto, Calif.-based computer giant is preparing to launch the HP Compaq Tablet TC1100 this fall, based on Intel mobile processors, sources close to the company said.
The forthcoming tablet, which will appear soon, looks much like the company's current model. They both have a 10.4-inch screen, for example, and probably will weigh about the same. But the new one will have a different processor, the sources said.
It will offer a choice of an 800MHz Celeron or a 1GHz Pentium M chip from Intel, the sources said. HP's current tablet, the HP Compaq Tablet PC TC1000, comes with a 1GHz Transmeta TM 5800 chip.
The change is likely a result of an effort to gain more performance and also to help lure business customers. To date, tablets like HP's, which come with Microsoft's Windows XP Tablet PC Edition operating system, have sold relatively well. But they have most often been adopted by businesses in specialized industries such as healthcare, analysts say.
Worldwide tablet sales reached nearly 72,000 units in the fourth quarter of 2002, following the November launch of the Microsoft tablet OS and tablet PCs from HP, Acer, Toshiba and others. Tablet PC shipments are expected to grow to 500,000 in 2004, IDC has said.
"Tablet PC shipments have met my expectations," said Alan Promisel, an analyst with IDC. But "it's primarily a vertical market. There's still a lack of one application that appeals to all users."
The advent of larger screens on so-called convertible tablets--notebooks whose screens open and rotate and fold down to create a tablet--and the adoption of higher performance processors are expected to help boost sales.
Transmeta will most likely gain some tablet PC business following the launch of its next processor, the Efficeon, on Oct. 14. But HP may deal the company a blow by not using that chip in its latest tablet.
The Pentium M, which is often bundled into a package named Centrino with an Intel chipset and wireless module, is becoming more popular for tablets. So far, manufacturers such as Acer and Motion Computing have moved to the Pentium M, which they say offers more performance than the older Pentium III-M chip they used previously.
Still, Transmeta is expected to name a handful of PC makers that are either evaluating or using Efficeon in products. They are likely to include Sharp, which sells a line of notebooks in the United States, and start-up Antelope Technologies, which is building a modular computer. Antelope's Modular Computer Core, based on a Transmeta chip, is designed to plug into a desktop or handheld chassis, allowing it to operate in different environments.
Transmeta declined to comment on future products.
HP is expected to maintain its relationship with the chipmaker, however, by continuing to offer the TC1000 tablet for a time. It is also likely to make clear that it has reserved the right to move back to a Transmeta processor in the future, should it find that Efficeon or another chip meets its needs.
HP also uses Transmeta processors in two of its newly introduced thin clients, which are terminal-like computers designed for businesses.
HP declined to comment on its future plans.
HP won't be the only company with a new tablet this fall. Fujitsu recently released a convertible tablet. The next few months should see upgraded models from others, including Acer and Toshiba.
Civil liberties group denounces 'trusted' PCs
Robert Lemos
CNET News.com
October 02, 2003, 15:35 BST
'Trusted computing', as promoted by Microsoft, IBM and others, represents a threat to users' privacy, says a prominent digital civil liberties group
A high-profile digital civil liberties group is criticising a component of the "trusted computing" technology promoted by Microsoft, IBM and other technology companies, calling the feature a threat to computer users.
The paper, which was set to be released late on Wednesday by the Electronic Frontier Foundation, analyses the promised features of several different trusted computing initiatives. The efforts aim to develop next-generation hardware and software that can better protect data from attackers, viruses and digital pirates.
Applauded in the paper are three features of the best-known trusted computing technology, Microsoft's Next-Generation Secure Computing Base, that may be positive ways of securing consumers' computers. However, the EFF criticised a fourth feature -- known as remote attestation -- as a threat that could lock people into certain applications, force unwanted software changes on them and prevent reverse engineering.
Remote attestation allows other organisations that "own" content on a person's computer to ascertain whether the data or software has been modified. Such technology could easily be at odds with a computer owner's interests, said Seth Schoen, staff technologist for the EFF and the primary author of the paper.
"We have a technology that doesn't exist today, which computer users are being asked to adopt," Schoen said. "If the new technology can be used in many ways that run counter to the interest of the people, then I think asking them to adopt it doesn't make any sense."
Microsoft, IBM, Intel and other companies have teamed to create hardware that would secure the world's personal computers and win the trust of service and digital-content providers. Microsoft initially proposed a software-hardware system, called Palladium, that would enhance security, while IBM and Intel formed a group called the Trusted Computing Platform Alliance to work on a hardware system.
The companies have formed a new group, the Trusted Computing Group, to work on a single hardware design that will be supported by a number of software programs, including Microsoft's controversial security prototype.
Many critics of the proposal have warned that such systems will wrest computer control from consumers and place it in the hands of software companies and digital-content owners.
The EFF proposes amending the trusted computing initiative to include a feature called "owner override" that would allow computer owners, whether individuals or companies, to essentially lie to an organisation that attempts to ascertain the integrity of their content.
Refusing to provide the information required by remote attestation won't work, Schoen said, because such a refusal is still giving something away. "In criminal cases, you can take the Fifth Amendment," he said. "While the jury is not supposed to infer anything from that, the general public certainly infers that the person is guilty or has something to hide."
Only the ability to lie to remote software or a content owner will allow the PC user's rights to be protected, Schoen said.
A representative from Microsoft, which has spearheaded much of the development behind trusted computing, wasn't immediately available to comment on the paper or the proposed feature.
Microsoft dominance makes IT security impossible
http://www.ccianet.org/papers/cyberinsecurity.pdf
09/30/03 Seven security experts have attacked Microsoft in their new study "Cyberinsecurity: The Cost of Monopoly". "Viruses, worms and other attacks on computer networks cannot be stopped as long as the software of one company dominates the IT infrastructure," says Bruce Schneier of Counterpane Internet Security. The experts presented the results of their study at a meeting of the Computer & Communications Industry Association (CCIA) in Washington. Two major voices in the CCIA are Microsoft competitors Sun and Oracle. The CCIA is currently suing Microsoft for misuse of its monopoly position. The organization also lobbies against the use of Microsoft software in government agencies.
Over 90% of all PCs use Microsoft operating systems, and these are shown time and time again to be vulnerable, according to the experts. The Microsoft management had said that its developers would give top priority to security. "The situation has gotten worse," says Schneier. During past weeks, the MSBlaster and Sobig.F worms have caused epidemics of a size not yet seen. "We didn't put out this paper to harangue against Microsoft," says Schneier. The point is to instigate more discussion about the vulnerability of homogeneous IT infrastructures. Nature also avoids monocultures because they are easy to get the best of. "It's just as if all people in the USA would have the same genes," says Perry Metzger, co-author of the study.
Schneier demands that Microsoft pay for the damage done by the most recent worms. This is the only way that the company can be forced to guarantee a higher level of security in its systems. According to Schneier, the biggest problem is Microsoft's dominance. To maintain its leading position in the market, the company concentrates more on eliminating its competitors chances than on the security of its products.
Experts insist that Microsoft should make its versions of its office software that would run on Linux, which can be secured better against security risks than Windows due to its freely available source code.
Microsoft has already reacted to the discussion paper. A spokesman says that the company will examine the report thoroughly and reply to it. A company which sells many operating systems is attacked more often than one which sells few. The report, according to Microsoft, is simply one more of the CCIA's attacks and an attempt to use consumer fears about security risks to promote the interests of IT manufacturers.
OT: Partner news
MortgageFlex and DocuTech Enter Into Strategic Partnership; Full-Service Mortgage Solution Delivered Seamlessly Online
JACKSONVILLE, Fla.--(BUSINESS WIRE)--Oct. 1, 2003--MortgageFlex Systems, Inc. and DocuTech Corporation (DocuTech) have announced the formation of a strategic partnership that offers lenders a full-service mortgage solution online. By integrating DocuTech's intelligent Web-based document solution, ConformX(TM), within MortgageFlex's advanced processing system, LoanQuest(R), the companies created a seamless product that serves the loan from application to up-front documents to data verification to closing documents and delivery. Those who use LoanQuest will find a seamless operation that requires no additional training or tools yet easily produces up-front disclosure and closing documents.
The new product protects data integrity from point-of-sale to investor delivery, offers a unique intelligence for legal compliance and provides both traditional paper and eMortgage-capable complete documentation services. Utilizing the flexibility of XML programming, it does not require importing of files; rather, loan data is seamlessly passed from LoanQuest into ConformX, which launches the DocuTech print engine. (DocuTech's in-house software solution, DTClassic(TM) is also available as a non-dialup alternative.) Data is verified by the system and users are automatically prompted if there are any missing data exceptions prior to producing a fully compliant loan document package. With this seamless process, the only screens that an end user actually sees are the missing data screen and the final loan package, which gives the option to print, e-mail, post to the Internet, or create PDFs or SMART Docs for electronic delivery.
Data verification automates the closing process, detecting any missing information and asking the user to input before printing. Advanced compliance logic automatically assembles document packages by state, loan type and investor. SMART Docs for all 50 states and loan types are available for partial or complete electronic mortgages.
"This is the perfect marriage between two systems that are XML-based," says Tim Anderson, Executive Vice President of eMortgage Solutions at DocuTech. "Both systems utilize XML technology, allowing for flexibility in exchanging and analyzing data and creating a perfect fit for loan origination and web-based delivery. Lenders now have the advantage of doing the entire mortgage process from application to closing docs, utilizing the best technologies available. There's no need for additional tools or training, as the entire document process is seamlessly integrated into LoanQuest."
MortgageFlex processing technology offers lenders a full suite of loan origination products, from Point of Sale to Servicing, using proven technologies, delivering the best solution to the challenges provided by the industry.
DocuTech offers automated calculations, document previews and invisible data integrity tests to provide users with compliance checks and data validation at their fingertips. Online operation provides the advantage of worldwide delivery of data and documents at any time, whereas the in-house desktop alternative serves those companies who want the technology on their individual systems.
"Many of our customers were looking for a solution that incorporates leading edge functionality, technology and compliance," said Lester Dominick, CEO of MortgageFlex. "The partnership between MortgageFlex and DocuTech gives customers the advantage from a compliance and cost standpoint. They can feel confident that the tools, edits, and calculations built into both systems will ensure a compliant cost efficient solution to their origination operations. Together, MortgageFlex and DocuTech provide the type of environment where technology significantly adds to the bottom line results."
"Online application is really the way of the future," said Ty Jenkins, President and CEO of DocuTech. "It offers lenders a way to conduct business anytime, anywhere. All you need is a laptop and an Internet connection, and you can process, close, and send documents to any location in the world."
The complete MortgageFlex/DocuTech system is also available in a desktop software solution.
About DocuTech
Founded in 1991, DocuTech Corporation is a leading provider of compliance services and documentation technology. By leveraging advances in digital data and document creation and delivery, DocuTech enables lenders and their partners to exchange, process, review and close loans in record time. From the point of sale to closing to investor delivery, DocuTech manages and secures all information needed for a loan, guaranteeing accuracy, data integrity, delivery, security and compliance. Systems interface with leading loan origination systems and are compatible with MISMO and SMART DOC technology standards. The only leading provider with technology designed in native XML, DocuTech provides solutions that can be accessed online or reside on a customer's desktop. For more information on DocuTech, visit the company's web site at www.DocuTechCorp.com.
About MortgageFlex
MortgageFlex Systems, Inc. (MFX) is a provider of state-of-the-art software and systems solutions within the lending industry. Founded in 1980, MortgageFlex, provides innovative mortgage automation software, including Windows and Web based products, to mortgage companies and lending institutions.
For information about products and services, visit www.mortgageflex.com.