Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Awk Re. TI "Trusted Mobile Platform? Very interesting.
Seagate Partners With STMicroelectronics and Quantum SPA for Mobile Digital Television
Wednesday February 14, 1:59 am ET
Companies to Explore the Market for Handheld DVR TV Devices
2007 3GSM SHOW, BARCELONA, Spain, Feb. 14 /PRNewswire-FirstCall/ -- Seagate Technology® (NYSE: STX - News) today announced co-operation with STMicroelectronics, a leader in delivering chipset solutions for mobile devices, and Quantum SPA, a leader in handheld digital television technology, to produce hard drive-based mobile devices that will let consumers receive, record and playback digital television signals. The solution, based on Quantum's QTM 1000 Pocket Television platform, will be built around STMicroelectronics' Nomadik(TM) mobile multimedia application processor and Seagate's mobile hard disc drives. The companies expect to market the solution to digital television providers, network operators, handheld device manufacturers, and others looking to participate in the growing availability of digital television signals around the world.
The companies will feature the QTM 1000 platform at the Seagate booth 2.1B69 located in Hall 2, Level 1 at the 3GSM World Congress in Barcelona.
With market imperatives and regulatory trends moving many countries quickly toward digital broadcasting, new business models are expected to open up for mobile video usage. The ability for consumers to receive digital broadcasts opens up many ways to extend the current broadcast-to-home model. Some of the content delivery models around digital television include:
-- Live broadcast
-- DVR time shift recording of broadcast TV
-- Pushing content to the hard drive
-- Streaming video and music content
-- On-demand downloads
-- Automotive entertainment
Based on the powerful Nomadik application processor, the QTM 1000 already allows consumers to bring a mobile digital television experience with them wherever they go. The addition of Seagate Lyrion(TM) 1.8-inch hard drives, or connectivity to Seagate's Digital Audio Video Experience(TM) (DAVE(TM)) wireless storage platform, will give consumers access to a mobile DVR solution that further extends the convenience, control and choice of television viewers everywhere. Nomadik, already highly power-efficient, will include the Seagate Storage Management Module(TM) (SMM(TM)) for added power efficiency and performance enhancements.
"The DVR experience is fast becoming an integral part of the television landscape. This partnership underscores the growing importance of the mobile entertainment consumer, and how Seagate is working to enable new markets," said Patrick King, senior vice president and general manager of Seagate's Consumer Electronics Business unit. "Now consumers will be able to bring the home theater with them wherever they go."
"A crucial element in bringing next-generation solutions to the mobile terminal market is partnering with leaders," said Ermanno Pace, VP of Strategic Marketing America of STMicroelectronics. "And with the award-winning Nomadik application processor, implemented in the company's world-class silicon technology, ST is playing a leading role in enabling OEMs to bring compelling entertainment experiences to consumers."
"It is extremely advantageous for Quantum to integrate Seagate's hard drive and storage solutions into our product," added Stefano Martini, Chief Executive Officer of Quantum. "This is the first step for us toward the possibility of offering our customers multimedia content with a fully reliable mobile DVR solution applied to the world's first DVB-H PocketTV handheld device available in the market thanks to the support of leading industry partners such as ST and Seagate."
Shipments of the first product to come out of this partnership are expected in the third calendar quarter of 2007.
Seagate Demonstrates Storage Management Module(TM) (SMM(TM)) With Texas Instruments OMAP(TM) Platform at 3GSM
Monday February 12, 1:59 am ET
Seagate's SMM Speeds the Adoption of hard Drives Into Mobile Devices
BARCELONA, Spain, Feb. 12 /PRNewswire-FirstCall/ -- 2007 3GSM SHOW -- Seagate Technology® (NYSE: STX - News) will demonstrate its Storage Management Module(TM) (SMM(TM)) running on Texas Instruments Incorporated (TI's) OMAP(TM) applications processor platform at Seagate booth number 2.1B69 located in Hall 2, Level 1 during 3GSM.
Seagate's SMM is a software solution containing drivers, utilities and tools to provide hard drive support for a wide variety of chipsets. Seagate's SMM will clear technical obstacles for integrating hard drives into popular consumer electronic devices such as mobile phones, personal media players, IPTV set-top boxes, automotive devices and others. The software is designed to optimize hard drive-powered devices for efficient power consumption, better media recording and playback performance, and instant-on response.
"As mobile devices continue to provide increasingly rich multimedia experiences to the end user, rapidly escalating storage requirements demand innovative solutions that keep pace," said Avner Goren, marketing director of Texas Instruments Cellular Systems Solutions. "Seagate's SMM harnesses the raw capacity of hard disc drive (HDD) storage, while simultaneously catering to the power and performance needs of mobile platforms. The strong multimedia capabilities of the OMAP 3 platform such as HD video download/playback and DVD quality camcorder functions will be well served by Seagate's SMM, as will the current generation of OMAP 2 platform-based devices as demonstrated here in Barcelona."
"SMM will ease the system integration and performance challenges traditionally associated with HDD in mobile platforms, thus adding the hard drive to a wide array of storage options that Texas Instruments can offer its mobile handset customers," said KC Kaanan, executive director in market development of Seagate's consumer electronics business unit. "By helping to make hard drive performance more accessible in a mobile platform, customers using TI OMAP processors have more flexibility to choose higher storage capacities that enable next-generation mobile business models."
Seagate's SMM Overcomes Technology Barriers
SMM is a software solution that overcomes many of the technology barriers for integrating the hard drive into mobile devices, enabling this advanced experience.
-- Speeds time-to-market and cuts development time by providing certified drivers and a simple file system, enabling a turnkey HDD supported solution with the chipset. The included CE-ATA driver is interoperable with the SD and MMC controllers on TI's application processor platforms and most other mobile multimedia devices.
-- Dramatically reduces HDD power consumption in mobile devices, extending battery life even while the consumer is enjoying power-hogging applications such as video. For example, SMM adds intelligence that utilizes onboard solid-
state memory to increase the efficiency of delivering multimedia streams from the drive to the system.
-- Improves device performance. SMM caches certain command sets to support performance features that consumers expect in mobile multimedia devices, such as instant-on and near-instantaneous media recording and playback response.
AWK.
AWM Investment co or Austin Marxe and David Greenhouse looks interesting. I believe they have a new postion in WAVX?
Here's a clip on them:
In other words, we try to always keep an eye on the movements of the real "smart money" on Wall Street – not the press-happy mutual fund managers that proudly parade their worn-out ideas around on CNBC.
So with this in mind, we were intrigued by a new 13D filing that hit the tape last week disclosing that Austin Marxe and David Greenhouse of the Special Situations funds had amassed a sizeable stake in a small software shop called Tarantella (TTLA). From a quick check I did earlier this afternoon, TTLA was delisted from Nasdaq earlier this year and is now trading on the lowly pink sheets due apparently to some accounting issues that knocked the firm off course.
Marxe and Greenhouse are well-respected for their eye at ferreting out, as the name of their investment fund implies, very profitable "special situation"-like investment opportunities. Thus, I'm not surprised to see them betting on a very speculative name like TTLA with seemingly lots of "hair" on it. It was Marxe and Greenhouse who bought a boatload of LiverPerson (LPSN) at a lowly 50-60 cents per share in the summer and fall of 2002 before the stock had its huge 2003 run off its lows, which they of course were selling into. LPSN closed today off -5 cents to $5.44 per share. We recently successfully shorted some LPSN for a quick 18% gain.
Based on this most recent 13D filing, Marxe and Greenhouse own 5.3 million shares or a commanding 38.6% stake in TTLA (assuming the full conversion of all of the TTLA warrants they own). TTLA shares closed today up 5 cents to $1.20 per share on light volume.
A quick check of the most recent news on TTLA shows that the struggling software shop named a new CEO and President, Frank Wilde, earlier this month (on December 11th) and also secured some new funding. Wilde was previously the CEO of Ravisent Technologies. According to the new corporate bio for Wilde on Tarantella's website, he grew Ravisent into "the eighth fastest growing business in the United States from funding to IPO in two years."
TTLA also announced at the same time as Wilde's appointment that it had raised $2.75 million in new capital by selling 2.75 million shares of TTLA common stock at $1.00 per share. Special Situations Technology Funds led the financing and new TTLA CEO Wilde invested in the round as well, along with "an additional private investor." The investors acquired warrants to purchase up to an additional 550,000 TTLA shares at an exercise price of $1.39.
Back at the start of October, TTLA had already raised $2.25 million in new capital in a separate private placement of TTLA common stock at a price of $1.15 per share. Special Situations and Vertical Ventures, the two funds that invested in this financing, also acquired warrants to purchase up to 1.95 million additional shares of TTLA at $1.39.
Needless to say, I'm intrigued that Marxe and Greenhouse are speculating in this name and I like the fact that the stock is still trading right around the price points of these recent financings. That said, I've taken only a very preliminary look at TTLA to date and am not fully up to speed yet on its business/products, capital structure or the size of its accounting issues and its status in getting current on its quarterly filings. If anyone has any insights or thoughts on any of these above topics on TTLA, we'd of course love to hear from you.
http://www.findprofit.com/archive/4089.html
Infineon vs ST Microelectronics.
Infineon states they have has started the process to pass the Common Criteria EAL4+. Back in September ST Micro's TPM was already certified EAL5+. I would assume that's a marketing advantage for ST Micro.
January 24, 2007 Infineon Technologies announced availability of a new software suite version for management of computers using Trusted Platform Modules (TPM) in enterprise environments.
Together with the currently shipping Infineon Trusted Platform Module (TPM) v1.2, the TPM Professional Package builds a comprehensive and Windows Vista Ready secure solution compliant with the Trusted Computing Group’s (TCG) 1.2 specification.
The TPM Professional Package v3.0 features a wide range of secure management capabilities enabling system administrators in enterprise and SOHO (Small Office/ Home Office) environments to securely manage TPM-enabled desktops and notebooks, including setting policies, handling backup and restore, and securely migrating critical protected information from one TPM to another. The Infineon solution, which already supports several available operating systems, such as Windows 2000, Windows XP and Windows Server 2003, is now Windows Vista Ready as a result of a close cooperation with Microsoft.
The Infineon TPM v1.2 solution simplifies customer data protection through support of the Microsoft Windows BitLocker Drive Encryption. PC manufacturers benefit from the complete Infineon TPM hardware and software offering since it secures all core components of a security subsystem used for authenticity, integrity and confidentiality of stored data.
Integrated onto the motherboard of a stationary or mobile PC, the TPM helps shield the stored data against unauthorized access and improves the system integrity. This enables more secure data storage, secure online business information exchange and online commerce transactions while protecting privacy. The Infineon TPM is the industry’s smallest for this type of device in a 9.7 mm x 4.4 mm package and it is also suitable for integration on mobile devices mainboards, such as handheld computers and PDAs.
“Building on its strengths, Infineon provides the basis for privacy and protection of information as well as increased user comfort,” said Peter Bauer, member of the management board and president for the Automotive Industrial and Multimarket business group at Infineon Technologies. “Along with an increased awareness for security, Infineon is determined to raise the bar for security and be a leader in this growing market.”
”Security is one of the driving factors for deployments of Windows Vista since many of our customers are looking at the early adoption of Windows Vista because of its numerous security enhancements and functionality,” said David B. Cross, director of program management for Windows Security at Microsoft Corp. “Windows BitLocker Drive Encryption makes optimal use of TPM 1.2 technology to help protect users’ data. The Infineon TPM solution complements the increased security features of Windows Vista and provides significant value to our mutual customers.”
“Meeting the security needs of our business PC customers is a priority at HP,” said Carol Hess-Nickels, director, worldwide business notebook marketing, Personal Systems Group, HP. “Integrating the Infineon TPM Professional Package as Embedded Security for HP ProtectTools across all of our TPM-enabled platforms provides customers with more secure protection of data and credentials. And with Infineon’s support for Windows Vista, customers will have access to a broader range of features designed to help keep their most sensitive data safe.”
“As a technology leader in security, Fujitsu is shipping the Infineon TPM Professional Package across all Fujitsu enterprise notebooks and selected desktops,” said Yasushi Ashikaga, general manager, Personal Systems business unit of Fujitsu Limited. “We chose the Infineon solution because of its manageability features for enterprises, Windows Vista readiness, and high-security standard, which are critical features for our customers.”
The TPM Professional Package is also shipping in desktops and notebooks for several other brands including Epson Direct Corporation, Hitachi, Ltd., NEC Corporation, Sony Corporation, Sotec Co., Ltd, and others.
US market research company IDC predicts approximately 50 million TPMs to be sold in 2006, mainly in business desktops and notebooks. IDC anticipates the TPM market to increase to more than 250 million pieces in 2010. This equals an attach rate of more than 90 percent of all notebooks and desktops.
Technical Details for the Infineon Professional Package v3.0 and TPM 1.2 (SLB 9635 TT 1.2) for Safer Computing
Infineon provides the highest possible performance for TPM systems consisting of secure hardware and complete system software and application software.
The TPM Professional Package v3.0 features application and management functionalities such as backup and restore as well as migration of secrets, policy settings and password handling. It supports multiple operating systems and specifically Microsoft’s new operating system Windows Vista, in both its 32- and 64-bit versions. The multi-language solution provides management functions optimized for use in enterprise environments with central administration of TPM-enabled PCs and notebooks. Additionally, multiple applications are supported such as WLAN security as well as file and folder encryption.
Infineon’s TPM v1.2 is based on the company’s proven family of 16-bit security controllers which was developed for use in high-security chip card applications. To securely store keys and passwords, the Infineon TPM offers state-of-the-art security features, such as an active shielding that sends a continuous stream of random data over the surface of the chip. Apart from active shielding, the chip features a true random number generator (RNG), hardware accelerated RSA crypto algorithms with key lengths of up to 2,048 bit and hash algorithms (where a document, file or computer drive is assigned a unique, cryptographically protected checksum which can be used to recognize manipulation), as required by the Trusted Computing Group specification.
Infineon’s TPM has started the process to pass the world’s strictest security evaluations for hardware security conducted according to internationally accepted standards and to achieve the industry’s highest rating for digital security, the Common Criteria EAL4+ (evaluation assurance level four plus).
Microsoft uses ST's ST19WP18 Trusted Platform Module in Windows Vista development. TPM provides an added element of robustness for BitLocker Drive Encryption feature in Vista.
September 27,2006 - STMicroelectronics (NYSE: STM), the first company to successfully release a TCG (Trusted Computing Group) 1.2 device, today revealed updated offerings to their family of Trusted Platform Modules (TPM 1.2) with support for the new security features in Microsoft’s forthcoming Windows Vista™ operating system, and in fact has been used by Microsoft in development and testing the new features. Software and data security are central features of Windows Vista, which has been released in Beta form, and expected to launch early in 2007. The TPM, embedded in a computer system motherboard, enables platform validation and core root of trust, user credential management, and provides secure storage for critical data and passwords.
The ST19WP18 is based on a full-featured 8-bit microcomputer from the ST19W family of security-proven MCUs, which is dedicated to smart card and other secure applications, with an advanced 1088-bit cryptographic co-processor supporting Public Key Infrastructure (PKI) functions. This secure microcontroller is now certified to the ‘Common Criteria’ Evaluation Assurance Level EAL5+ (Augmented), one of the highest levels of the ISO15408 standard for this type of product.
The Trusted Computing Group (TCG) is a broad alliance of major hardware and software companies working to create more secure computing environments through the use of secure hardware building blocks and cross-platform software interfaces. The ST19WP18, which entered volume production in mid-2005, is backward compatible with the earlier TCG 1.1b specification ST has already shipped millions, deployed in desktop and laptop computers by leading computer manufacturers.
The ST19WP18 TPM has been tested successfully with the native device driver in Microsoft® Windows Vista, and forms a hardware basis for Vista’s new BitLocker Drive Encryption™ security feature.
“The Trusted Platform Module performs a vital role in Microsoft Windows Vista data protection advancements, and STMicroelectronics has proven to be a world leader in the development of TPM technology,” said Peter Biddle, Product Unit Manager for the System Integrity group at Microsoft. “The TPM enables a hardware root of trust mechanism for our BitLocker Drive Encryption feature in Vista, and ST’s expertise in tamper resistant technology was beneficial in our development of these features. We look forward to further developments along these lines.”
Trusted capabilities are being implemented in the majority of new PC platforms, based on the TCG specifications. In addition to basic validation, the TPM can be used to verify that hardware is unchanged, that the BIOS has not been compromised, and the appropriate and trusted services have been executed. “The need for trusted computing developed as personal computer systems – especially laptop computers and other portable devices – have become more complex and more vulnerable to physical and electronic attack” said Bill Raasch, Vice President of Market Development in ST’s Computer and Peripherals Business Unit, North America Region. “And we are certainly delighted to support these first features Microsoft has chosen to deploy”.
The Vista support is yet another successful development for ST in the ST19WP18 family. ST also provides a full Windows XP software stack, including the core interface, security services framework, and cryptographic support utilities for PC applications that rely on the TPM, plus the BIOS and Windows 2000 and XP drivers. During the first half of 2006, more than 4 million ST19WP18 chips, which implement the latest and most advanced TCG 1.2 specification, were shipped by OEM’s in Windows XP platforms.
In addition to the TCG recommended TSSOP28 package, the low-cost ST19WP18 is also offered in tiny 4.4mm TSSOP28 and ultra-small VPFQFN packages. Budgetary pricing is around $3.00.
Federal Government GSA Contract # GS-35F-4076D (Civilian) - Notebooks - Compare Dell LatitudeTM Notebooks
http://www.dell.com/content/products/compare.aspx/latit?c=us&cs=RC956934&l=en&s=fed
Security
Integrated Smart Card Reader, Trusted Platform Module 1.2 and optional UPEK® finger print reader. Wave EmbassyTM Trust Suite
Dell - Pennsylvania.
Pennsylvania State Store - Notebooks - Latitude.
http://www.dell.com/content/products/compare.aspx/latit?c=us&cs=RC956856&l=en&s=slg
Security
Integrated Smart Card Reader, Trusted Platform Module 1.2 and optional UPEK® finger print reader. Wave EmbassyTM Trust Suite
FOR IMMEDIATE RELEASE:
May 12, 2006
GOVERNOR RENDELL SAYS DELL CONTRACT EXTENSION
WILL SAVE TAXPAYERS $8.2 MILLION
STRATEGIC SOURCING INITIATIVE SAVINGS REACH $159 MILLION
HARRISBURG — Governor Edward G. Rendell said today that the commonwealth’s decision to renew its contract with Dell for one year will save taxpayers an additional $8.2 million. The deal, made under the Governor’s strategic sourcing initiative, will provide products and services to all state agencies.
“When I campaigned for Governor four years ago, I said we could be better stewards of the taxpayer dollar,” said Governor Rendell. “By working smarter, eliminating waste, and applying proven business principles, we have been able to save hundreds of millions of dollars. Those are funds that can be re-invested into other programs to protect our citizens, revitalize our neighborhoods, and clean our environment.
“Strategic sourcing maximizes the commonwealth’s buying power and continues to play a huge role in delivering these savings. Furthermore, despite the substantial savings we’ve achieved, we continue to secure top notch products and services from Dell for use by state agencies, improving our service offerings.”
The commonwealth’s initial two-year contract with Dell, which began in 2004, saved the state $38.2 million over its duration. The additional savings expected under the one-year extension means the state will have saved nearly $50 million on this contract alone.
The contract for personal computers, laptops and monitors capitalizes on the large volume of computers purchased by the state each year to achieve significant cost reductions for Pennsylvania taxpayers.
The one-year contract extension with Dell, worth up to $23 million, was negotiated through the Department of General Services. The commonwealth will source information technology hardware directly from Dell and offer volume pricing to state agencies and state-affiliated entities to purchase technology products and services.
Addition, the company will provide the commonwealth with a full suite of Dell services and act as a single point of contact to manage the lifecycle of each technology asset and maximize accountability.
“We share in Governor Rendell’s desire to provide state employees with superior technology and services,” said Joe Marengi, senior vice president for Dell’s Americas business. “Purchasing directly from Dell enables the commonwealth to meet its technology needs and pass additional savings to its citizens.”
With this contract renewal, the total savings generated by strategic sourcing to date equals $158.6 million. The strategic sourcing “Taxpayer Savings Thermometer” can be viewed on the Governor’s homepage at www.governor.state.pa.us.
New Position in Lee.
From today's local paper, in part. Government sales on the way???
Administrator, Marketing Communications & Government Services.
Position based in Lee, MA.
Wave is looking for a focused and well-organized individual to provide administrative support for the Marketing Communications & Government Services Teams. The ideal candidate will be dynamic and self-directed, with excellent interpersonal and communication skills.
As the Marketing Communications & Government Services Administrator, you will split your time in support of both areas; as such, your duties will vary widely from day to day. Tasks include responding to requests for information, creating and maintaining files and databases, light word processing, proofreading and research. Primary responsibilities also include handling administrative details associated with exhibiting at trade shows. Occasionally, you will serve as a back up liaison with the company’s contracted PR firm, internal/external graphic designers and other outside vendors as appropriate.
In support of the Government Services Team, you will use and create the CRM customer database, organize, maintain and distribute non-disclosure agreement, requests for proposals, contracts, marketing and sales information. You will also develop and maintain reporting vehicles as needed.
Wave/Infineon.
Wave to Demonstrate Enterprise Data Security Solutions at Cartes Show in Paris, Nov. 7-9
Monday November 6
LEE, Mass.--(BUSINESS WIRE)--Wave Systems Corp. (NASDAQ:WAVX www.wave.com) announced today that it will demonstrate its EMBASSY line of enterprise security software at the Cartes IT Security trade show, November 7-9, at the Centre des Expositions in Villepinte, France (www.cartes.com).
Wave representatives will be on hand at Infineon's booth (4J 002) as fellow members of the Silicon Trust organization, created by Infineon in 2003 and comprised of other security partners. Wave will demonstrate the advanced functionality of its EMBASSY Trust Suite 2.3 software which, when combined with an industry standard security chip called a trusted platform module, enables organizations to protect data, manage passwords and perform strong pre-boot authentication.
Protection of sensitive enterprise and customer data has become a high priority and the focus of many new government and industry regulations. Many enterprises have been looking for more integrated data security features that are easy to use and are designed to provide constant protection. In addition, many enterprises need the assurance that encrypted data can only be accessed by authorized and authenticated users.
In addition, Wave will also have a model of Seagate Technologies' Momentus 5400 full disc encryption hard drive on hand. Last week, Seagate announced the availability of its DriveTrust Technology, a new security platform designed to protect data on the hard drive. Support for the hardware-based security platform is integrated into Wave's EMBASSY Trusted Drive Manager, a plug-in component to the EMBASSY Trust Suite, designed to work in conjunction with Seagate's DriveTrust to offer comprehensive security functions, including drive activation, drive security policy setup, automated key and password management, strong access control, and instant data destruction for repurposing or drive disposal.
March 6, 2003
Wave Systems Corp. a leader in the emerging trusted computing marketplace, has joined Infineon Technology's Silicon Trust Partnership Program for 2003.
The Silicon Trust Program is a platform created for those businesses using Infineon's Security IC technology and solutions in their end applications. Its primary goal is to develop and enhance market awareness as well as customer acceptance for individual products and solutions developed by the Silicon Trust's partners.
The Silicon Trust has over the past few years become a well-respected and established partnership program within the security industry. Infineon is focusing resources on continuing to build solid relationships with companies who are bringing about changes for the future of the security industry.
Wave clearly understands the fundamental role that onboard security will play in the immediate future, making it particularly gratifying that they have embraced the Silicon Trust program so wholeheartedly, said the Silicon Trust Program Director, Secure Mobile Solutions Group, Infineon Technologies.
"Wave Systems is pleased to be a key partner with Infineon in making silicon-based security a foundation of the trusted computing marketplace," said Brian Berger, senior vice president, Wave Systems. "As we jointly announced last November, Wave's EMBASSY(R) Suite of Secure Services has been enabled on the Infineon Trusted Platform Module (TPM) to make a secure computing platform, complete with an out-of the-box suite of secure and trusted services, available to personal computer manufacturers. Availability of these solutions will accelerate the adoption of trusted computing systems based on the specifications of the Trusted Computing Platform Alliance (TCPA)."
TCPA-compliant solutions can combine Infineon's TPM, a silicon-based security solution, and Wave's EMBASSY Suite of Secure Services to enable TCPA-enhanced applications, such as trusted digital signatures, document storage, document management, and advanced privacy options.
Infineon's TPM is designed specifically to support TCPA standards compliance in standard PC platforms. It uses the LPC (Low Pin Count) interface defined by Intel Corp. and can be incorporated directly onto system boards or used in daughter board configurations. Wave's EMBASSY suite of advanced secure services and applications works with the Infineon TPM to provide digital signature, document storage, document management, and enhanced privacy options that add value and important new revenue generating opportunities for PC-OEMs and others deploying TCPA-compliant solutions.
Asus w/TPM.
ASUS R1F - First Tablet PC from Asus
Security and data protection
The laptop is definitely aimed into the business sphere where confidential data often appears and this of course brings high demands for the data security. No wonder then that we can find the TPM (Trusted Platform Module) chip here, as well as a fingerprint reader. The reader can protect the system boot and/or Windows password. Generally we can say, that the matter of security was considered very important here and therefore the scale of options is huge. Some of the key issues can be set in the BIOS and the rest and more detailed settings are offered in the SW from Infineon, the producer of this particular TPM chip.
Besides the implied function of the administrator password, BIOS also offers to lock down the HDD and let this settings freeze so that the password cannot be changed afterwards. It is also possible to protect the computer against a possible loss of data by disabling all the interfaces including Secondary Master and that is not very common to see.
The capabilities of the SW mentioned above are really impressive. It can encode emails, files and folders, import and manage security certificates, provide data protection during the migration or backing up data and many others concerning e.g. networking or file management system. Together with the BIOS settings the R1F can protect itself from outside attacks as well as to make you sure that your possible employee will not try any tricks. When all the interfaces are secured and the TPM software appropriately set, the only way to get data out is by photographing the screen.
http://notebook.cz/__/,clanky,Laptop-Reviews,2006,en-asus-r1f-tablet-pc,index.html
Deepnet -
Deepnet Security, a leading provider of strong, two-factor and two-way authentication solutions, has announced that it would recruit between 30 and 40 security VARs over the next 6 months to help meet demand for its authentication products.
London, November 8, 2006 Commenting Simon Barnard - Head of Sales and Marketing for Deepnet Security said, 'we are building our reseller channel to help meet the growing demand for our authentication solutions'. 'The SMB and enterprise markets are evolving quickly and to help meet the challenges they face, we have solutions that are easier to deploy, mange and offer greater initial cost savings plus the total cost of ownership is far greater than traditional dedicated hardware tokens solutions can offer'.
Jason Thompson - Managing Director, at Softek (Deepnet Security official distributor) commented, 'Deepnet Security have an offering that very few vendors globally can match'.
'The dedicated hardware token will over time be replaced with new methods of authentication, such as type, mobile and virtual smart cards'.
The market for traditional authentication products and technology is forecast to grow at between 17-21% over the next 5 years, exponential growth of software tokens is forecast for the same period and Deepnet Security are well positioned to take advantage of this growth market within the security sector of the IT industry.
Phishing and identity theft are still a major issue Deepnet Security products are designed with this in mind and can help combat these types of fraud.
London, UK 16 Feb 2005: Alternative Browsers Force Microsoft U Turn
Leading UK web browser Deepnet Explorer today claimed that growing pressure from the new breed of alternative web browsers had forced Microsoft’s market leading Internet Explorer (IE) into a dramatic U turn in strategy.
Launched more than three years ago, Microsoft’s IE 6 has become outdated for a growing number of surfers, prompting them to turn to next generation alternative browsers like Deepnet Explorer or Firefox. The promise of better security features and advanced functions like RSS news readers is driving competition within the alternative browser market and attracting new users as they drift away from Microsoft IE. While still by far the word’s most dominant player, alarm bells have been sounding at Microsoft since reports that Internet Explorer’s share of users had dropped to below 90% towards the end of last year (Onestat).
"It’s a case of better late than never" says Deepnet Explorer’s Yurong Lin. "With the exception of Microsoft, the demand for better browsing has been obvious to everyone in the business for over two years now. Next generation browsers like ours appeal to surfers because they offer the latest features as soon as they become available, not when Microsoft decides they should have them. Password management, tabbed browsing, RSS newsreaders and high security anti-phishing features are all things available today for surfers if they want them."
Security fears and the dramatic rise in phishing, where cyber criminals create fake websites to dupe unknowing surfers into revealing personal banking or financial information, are likely to have prompted Microsoft’s decision to launch its new browser one year ahead of schedule says Deepnet’s Yurong Lin. "Phishing has become the number one weak spot in online security. Late last year, Deepnet became the first business to offer anti-phishing protection and, for the moment, our browser remains the only option for surfers that want to protect themselves from this growing hazard on the internet."
Deepnet Explorer has until now retained a unique place in this market. However, Netscape has already announced plans to incorporate anti-phishing technology into its new version 8.0 and today's announcement from Microsoft promises similar protection from the new version of Internet Explorer due for release this summer. "Our business has never been about competing with IE head to head, it's been about developing the most sophisticate technologies that protects users from online scams", claims Yurong Lin. "With the auto detection technology that is due for release next month, we are confident we will be able to retain our leading position in the anti-phishing market".
AWK.
Here's a French site with a list of TPM and info on each TSS.
States: documents coming from other computers (of Internet, your supplier, your friends…), or if you wish not to depend on a mark of computer in the future, you must choose a software allowing it. Indeed, some can read only the documents made safe by them-even or their mark of chip TPM (cf lists manufacturers of chip TPM). In the doubt, the products Wave Systems are the only ones with being compatible with all computers TPM some is the mark of their chip. Their interworking guaranteed to you not to find itself with illegible files bus not taken charges some by your PC.
http://64.233.179.104/translate_c?hl=en&u=http://www.protpm.fr/Liste-Choix-logiciel-TPM.html&...
Intel Core 2 Duo.
Not sure if this has been posted.
Today, only business PCs have the TPM 1.2 protection chip built in. With Core 2 Duo, all PCs will be protected. TPM (Trusted Platform Module) protects your passwords, logons, and personal data at a hardware level from hackers, spyware, and identity thieves.
http://www.pcmag.com/article2/0,1895,1989032,00.asp
Intel readies refresh for Core 2 Duo desktop line
Wednesday 18th October 2006
Intel will next year extend its Core 2 Duo desktop processor line, rolling out four CPUs in the Q2 2007 timeframe, three with support for the 1,333MHz frontside bus speed due to be introduced with the 'Bearlake' chipset series
(http://www.reghardware.co.uk/2006/08/17/intel_bearlake_chipset_roadmap/), it has been claimed.
Having seen the chip giant's latest desktop roadmap,
(http://www.dailytech.com/article.aspx?newsid=4589&www.reghardware.co.uk) Intel is preparing new Conroes clocked at 2.33GHz, 2.66GHz, 2.93GHz and 3GHz - respectively the E6650, E6750, E6800 and E6850. All four contain 4MB of shared L2 cache. The E6800 runs on a 1,066MHz FSB - the other three support the 1,333MHz bus speed.
The E6x50 chips also support Intel's Trusted Execution Technology (TET), which is the security infrastructure thus far known as 'LaGrande' and designed to make it harder for malware to tap right down into the system to sniff out sensitive data.
TET requires support at both the chipset and the processor level - handy, if you're a company that sells both. It allows apps to be run within their own sealed environment, inaccessible by other software.
Intel has already said it will ship is quad-core Core 2 Quad processor line in Q1 2007, led by the 2.4GHz Q6600.
http://www.channelregister.co.uk/2006/10/18/intel_desktop_core2duo_roadmap/
Trusted Execution Technology provides the capability to seal and unseal secrets with the assistance of a TPM v.1.2 device.
http://72.14.209.104/search?q=cache:2DXunr4_bAoJ:www.intel.com/technology/security/downloads/arch-ov...
Thursday.
One Day Until Windows Vista Launch
At the event in New York on Thursday, Microsoft's Steve Ballmer will unveil Windows Vista, some five years in the making and two years past due. Vista is the successor to the widely used Windows XP for both consumer and business computers, boasting no small number of enhancements.
T-minus one day and counting. On Thursday, at an invitation-only event in New York, Microsoft will unveil new versions of Windows, Office, and Exchange -- products that make up the bulk of the company's bottom line.
No less than Microsoft CEO Steve Ballmer will headline the show tomorrow, presiding over a Nasdaq event billed as "A New Day for Business," in which most of the major computer makers, including Dell , HP, and Lenovo, will also appear to display Microsoft's software on their machines.
First up? Windows Vista, some five years in the making and two years past due. Vista is the successor to the widely used Windows XP for both consumer and business computers, boasting no small number of enhancements.
Among the updates are Aero, a sleek interface that needs high-end hardware to run,and a wave of security improvements to protect users against phishing, hacking, and the cocktail of threats that confront anyone who surfs the Web.
Office Expansion
Microsoft has a new version of Office, too, now called the Office System, with a whopping 13 components from nuts-and-bolts basics like Word, Excel, and PowerPoint, to lesser-known tools such as Groove, which lets team members share calendars, documents, and other data.
Other Office System titles include OneNote, which helps students organize digital notes with an interface that resembles a notepad, and Publisher, for signs, brochures, flyers, sell sheets, and even basic Web sites.
Microsoft's new version of Exchange -- Exchange 2007 -- combines e-mail, voicemail, and faxing into one corporate platform, helping knowledge workers keep track of the dozens of times per day that people write, call, fax, or otherwise try to hunt them down in an age where "technology" has become a synonym for "now."
Better with Age?
Whether it's a well-deserved complaint or pure calumny, Microsoft is known for releasing software with dozens or even hundreds of bugs, then improving the applications as user complaints, requests, and suggestions filter in. But this time could be different.
Vista, Office, and Exchange have been widely tested -- so widely tested, in fact, that reports put the total number of beta testers in the millions. Indeed, "testing" is the standard (and widely accepted) response that Microsoft offers to explain the two-year delay in Vista's release.
"They've made a significant effort to focus on quality, stress testing, and why the operating system would crash at certain times," said Forrester vice president and research director Simon Yates, an expert in PC hardware and software. "They've made some pretty significant changes to the process for developing Vista that was very different than XP," he said.
Among the most important changes, according to Yates, is the fact that Microsoft released beta versions of Vista only when most of its features had been added. In prior versions of Windows, Microsoft betas had incomplete feature sets that kept users from vetting the system fully.
"In this case, they started with essentially a feature-complete version of Vista," said Yates. "So all of the features in Vista have had a lot more time to be tested than features in Windows XP."
Windows Vista Premium Ready program
Some premium features may require advanced or additional hardware. The Windows Vista Premium Ready program denotes hardware that can deliver these premium experiences, including Windows Aero, a productive, high-performing desktop interface. (Features available in specific premium editions of Windows Vista, such as BitLocker Drive Encryption, may also require additional hardware1.) The detailed information in the table and paragraphs below can help IT Professionals make informed buying decisions today.
http://www.microsoft.com/technet/windowsvista/evaluate/hardware/vistarpc.mspx
Windows Vista shipments estimated at 90 million for first year
http://www.tgdaily.com/2006/11/29/vista_shipment_estimate/
Soter.
I'm still tring to get up to speed on this. I'm wondering as well. I don't believe Wave has done anything with Linux.
Cell processor is key to IBM's open source plans
Wednesday 16 August 2006
Cell processor technologies are being closely coupled with IBM’s for open source operating systems and development software.
The IBM has made clear its commitment to Linux software development and open source software by saying it wants to accelerate the adoption of open standards. A key element of this will be an expansion of its Linux software roadmap to include the Cell processor development as well as visualisation and security.
Significantly, the Cell processor is being closely linked with IBM’s open source roadmap. IBM developers are integrating support for Cell BE processor technologies in the Linux kernel and creating Cell software development tools available for download.
It is also working with customers to develop new Cell BE processor-specific tools and plug-ins for application developers. Support for Cell hardware will be provided through standard Linux distributions.
IBM will develop Linux on Power for Cell systems to help customers refine and validate design choices and offer new Cell BE processor-specific tools and plug-ins for application developers.
According to Scott Handy, v-p Linux and Open Source at IBM, the firm is now defining its open source business priorities and that includes Cell. “IBM is going to be as bold and aggressive with open source as we are with Linux, more broadly and permanently transforming our company with the open movement,” said Handy.
The firm is committed to building on its existing Linux business to address the wider open source and open standards communities. It seems to be putting its considerable business weight behind the open-source development community and stepping up its collaboration with the Eclipse and Apache industry wide open source projects.
Behind the move is clear business logic, IBM says that with Linux adoption growing faster than Windows in the server market, Linux is expected to surpass Windows as an operating system for which developers write applications, according to a recent survey.
Cell BE - Security Architechure.
The Cell Broadband Engine processor security architecture
Hardware solutions to problems insoluble in software
http://www-128.ibm.com/developerworks/power/library/pa-cellsecurity/
Barge.
Re: Playstation 3, checkout the Cell BE (Broadband Engine) processsor.
The groundbreaking Cell BE processor appears in products such as Sony Computer Entertainment’s PLAYSTATION®3
Cell Broadband Engine Support for Privacy, Security, and Digital Rights Management Applications
White Paper
The multi-core design of the Cell Broadband Engine Architecture (CBEA) presents an interesting opportunity for advancing secure computing. One class of cores on a CBEA chip, the Synergistic Processor Element (SPE), can be put into isolation mode whereby it is physically isolated from the rest of the system. Unlike many other proposed security architectures, this protection does not rely on any software mechanisms. Therefore, the scheme is robust against a compromised operating system or hypervisor, making CBEA uniquely attractive for security, privacy and digital content protection. Furthermore, the first implementation of this architecture, the Cell Broadband Engine (CBE), has produced compelling performance results for widely used cryptographic routines.
http://www306.ibm.com/chips/techlib/techlib.nsf/techdocs/3F88DA69A1C0AC40872570AB00570985
College of Computing Selected as First Sony-Toshiba-IBM Center of Competence Focused on the Cell Processor
ATLANTA, November 15, 2006 – The College of Computing at Georgia Tech today announced its designation as the first Sony-Toshiba-IBM (STI) Center of Competence focused on the Cell Broadband Engine™ (Cell BE) microprocessor. IBM® Corp., Sony Corporation and Toshiba Corporation selected to partner with the College of Computing at Georgia Tech to build a community of programmers and broaden industry support for the Cell BE processor.
The groundbreaking Cell BE processor appears in products such as Sony Computer Entertainment’s PLAYSTATION®3, Toshiba’s Cell Reference Set, a development tool for Cell products, and already is included in the IBM BladeCenter® QS20, or “Cell Blade”, as well as through joint collaboration with Mercury Computer Systems, Inc., targeted at aerospace and defense, semiconductor, medical imaging, and other markets.
Directed by Bader, the new STI Cell Center of Competence at Georgia Tech has a mission to grow the community of Cell BE users and developers by performing research and service in support of the Cell BE processor, and further enable students at the College to grow their skills and experience around Cell BE technology to apply in future career opportunities. The Center will sponsor discussion forums and workshops, provide remote access to Cell blade hardware installed at Georgia Tech, create and disseminate software optimized for Cell BE systems, and perform research on the design of Cell BE systems, algorithms, and applications. The award from Sony-Toshiba-IBM will support the Center’s activities and research efforts in support of broadening Cell BE’s impact into multiple sectors and industries, including scientific computing, digital content creation, bioinformatics, finance, gaming and entertainment.
“We are looking forward to seeing a paradigm shift in computing, and anticipate that our collaboration with the College of Computing at Georgia Tech will create innovative applications for Cell processors,” said Masa Chatani, Senior General Manager, Cell Development Center, Sony Corporation and also CTO of Sony Computer Entertainment Inc. “We expect that it will generate tremendous value not limited to PLAYSTATION 3 but to all Cell-based computers. We are looking forward to seeing a new computing paradigm.”
"We look forward to seeing the Center of Competence at Georgia Tech generating outstanding technology based on Cell BE,” said Tomotaka Saito, General Manager, Broadband System LSI Division, System LSI Division I, Toshiba’s Semiconductor Company. "The future will see growing demand for multi-core processor applications, and we want to see the Center playing a key role in anticipating and responding to such demand."
“The joint collaboration by IBM, Sony and Toshiba on the Cell processor has led to tremendous advancements in computing applications and innovations,” said Sharon Nunes, Vice President, Business Development and Strategic Growth Initiatives, IBM Systems & Technology Group. “We are pleased to be collaborating with the College of Computing at Georgia Tech to enable a team of engineers, professors and students to create breakthrough solutions, share information among various industries and other universities, and further the Cell ecosystem overall.”
http://www.cc.gatech.edu/content/view/1233/
Wave Job Advertisement.
Today's local paper:
Inside Sales Representative, Enterprise
Position based in Lee MA
Wave is looking for a focused and well-organized individual to join our Enterprise Sales team selling Wave enterprise solutions including our desktop and server applications. Wave's enterprise solutions consist of software designed to offer small, medium and large businesses the productivity-enhancing power of Wave's security solutions including single sign on, network access control, data protection and other security solutions using biometrics, public key infrastructure (PKI) and smartcard technologies. You must be comfortable making dozens of calls per day, generating interest, qualifying prospects, building solutions and closing sales of $10K to $100K. You must also have demonstrated experience prospecting and growing an account list, as well as closing sales.
Responsibilities:
• Be responsible for the entire sales process from prospecting to close, while working with the outside sales representatives as appropriate.
• Lead Generation/outbound calling and warm lead follow up.
• Understand Customer Needs and requirements.
• Present and articulate advanced product features and benefits of Wave enterprise solutions:
• Be able to sell and differentiate in a competitive environment.
• Provide on-line demonstrations.
• Close Sales and be instrumental in the achievement of quarterly sales quotas.
Recommended qualifications:
BA/BS degree, preferably in business administration with sales/marketing concentration. Excellent communications capabilities.
An enthusiastic, highly motivated individual with a serious work ethic is required. Proven track record in inside sales. Ability to meet and exceed individual sales targets on a consistent basis.
A minimum of 2 years inside software sales experience.
Experience selling computer security solutions a plus
Experience with CRM software, preferably Microsoft CRM
Salary and Benefits: Salary for this position will be commensurate with experience. Wave offers extensive benefits, including medical and dental insurance (95% paid by the company), short- and long-term disability, employee stock option and stock purchase plans, life insurance, paid sick, holidays and vacation. Casual dress code.
Interested candidates may mail, fax or email their resume to Recruiting, Wave Systems Corp. 480 Pleasant Street, Lee MA 01238, Fax (800) 561•5606, email: recuiting@wavesys.com We are an equal opportunity employer.
HP Integrity RX6600 server.
http://www.hp.com/hpinfo/newsroom/press/2006/060907xa.html
HP Delivers Most Powerful HP Integrity Systems to Date
PALO ALTO, Calif., Sept. 7, 2006
The new HP Integrity rx6600 and rx3600 servers
http://docs.hp.com/en/AB464-9001A/apa.html
HP Integrity rx6600: Installation Guide
Appendix A Enabling the Trusted Platform Module
Wave - HP Procurve.
FWIW, Wave co-sponsored this event with HP ProCurve amoung others.
Wave announces availability of EMBASSY Network Access Control and Endpoint Enforcer Solutions at InterOp.
Interop New York 2006
Sept. 18, 2006--Wave Systems Corp.:
-- Network Access Control for Existing Infrastructure Available Now: Product Demonstrations at InterOp Trusted Network Connect Event.
-- Wave's new network security solutions will be demonstrated at InterOp, in a Trusted Network Connect event co-sponsored by Wave on Wednesday, September 20 (Room 2D08 - details below)
See the Products Live at InterOp NY
Wave Systems is demonstrating the advanced features of the Embassy Endpoint Enforcer and a complementary network access control solution at InterOp New York, both in the InterOp Labs and at the Trusted Computing Group event, "Trusted Network Connect and protecting the enterprise network" (Wednesday, September 20, 2006, Javits Convention Center in Room 2D08, 11:00 a.m., 2:15 p.m. and the 4:00 p.m. invitation-only networking reception). Wave is co-sponsoring the event with HP Procurve, Juniper Networks, Patchlink, Trapeze and Vernier Networks. Experts on network access control from leading networking vendors and from the Trusted Computing Group will review network access control solutions, the Trusted Network Connect architecture and its implementations, and multi-vendor demonstrations of TNC products/solutions in deployment.
Case study: Allied Tube & Conduit
http://www.hp.com/rnd/case_studies/allied_tube.htm#Allied
Cell BE processor.
Currently in PS3.
Cell Broadband Engine Support for Privacy, Security, and Digital Rights Management Applications
White Paper
The multi-core design of the Cell Broadband Engine Architecture (CBEA) presents an interesting opportunity for advancing secure computing. One class of cores on a CBEA chip, the Synergistic Processor Element (SPE), can be put into isolation mode whereby it is physically isolated from the rest of the system. Unlike many other proposed security architectures, this protection does not rely on any software mechanisms. Therefore, the scheme is robust against a compromised operating system or hypervisor, making CBEA uniquely attractive for security, privacy and digital content protection. Furthermore, the first implementation of this architecture, the Cell Broadband Engine (CBE), has produced compelling performance results for widely used cryptographic routines.
http://www-306.ibm.com/chips/techlib/techlib.nsf/techdocs/3F88DA69A1C0AC40872570AB00570985
College of Computing Selected as First Sony-Toshiba-IBM Center of Competence Focused on the Cell Processor
ATLANTA, November 15, 2006 – The College of Computing at Georgia Tech today announced its designation as the first Sony-Toshiba-IBM (STI) Center of Competence focused on the Cell Broadband Engine™ (Cell BE) microprocessor. IBM® Corp., Sony Corporation and Toshiba Corporation selected to partner with the College of Computing at Georgia Tech to build a community of programmers and broaden industry support for the Cell BE processor.
The revolutionary Cell BE processor is a breakthrough design featuring a central processing core, based on IBM's industry leading Power Architecture™ technology, and eight synergistic processors. Cell BE "supercharges" compute-intensive applications, offering fast performance for computer entertainment and handhelds, virtual-reality, wireless downloads, real-time video chat, interactive TV shows and other "image-hungry" computing environments. The groundbreaking Cell BE processor appears in products such as Sony Computer Entertainment’s PLAYSTATION®3, Toshiba’s Cell Reference Set, a development tool for Cell products, and already is included in the IBM BladeCenter® QS20, or “Cell Blade”, as well as through joint collaboration with Mercury Computer Systems, Inc., targeted at aerospace and defense, semiconductor, medical imaging, and other markets.
“The College of Computing at Georgia Tech firmly believes that the Sony-Toshiba-IBM Cell BE processor represents the future of computing using heterogeneous multi-core processors, and we are pleased to work with three leading technology companies in a broad collaboration that will demonstrate the extreme performance of Cell,” said David A. Bader, Associate Professor and Executive Director of High-Performance Computing in the College of Computing at Georgia Tech. “By supporting the growth of the industry-changing Cell BE processor technology, the College of Computing at Georgia Tech will drive the continued advancement of computationally-intensive applications that will directly impact the global growth of our industry and the evolution of our society.”
Directed by Bader, the new STI Cell Center of Competence at Georgia Tech has a mission to grow the community of Cell BE users and developers by performing research and service in support of the Cell BE processor, and further enable students at the College to grow their skills and experience around Cell BE technology to apply in future career opportunities. The Center will sponsor discussion forums and workshops, provide remote access to Cell blade hardware installed at Georgia Tech, create and disseminate software optimized for Cell BE systems, and perform research on the design of Cell BE systems, algorithms, and applications. The award from Sony-Toshiba-IBM will support the Center’s activities and research efforts in support of broadening Cell BE’s impact into multiple sectors and industries, including scientific computing, digital content creation, bioinformatics, finance, gaming and entertainment.
“We are looking forward to seeing a paradigm shift in computing, and anticipate that our collaboration with the College of Computing at Georgia Tech will create innovative applications for Cell processors,” said Masa Chatani, Senior General Manager, Cell Development Center, Sony Corporation and also CTO of Sony Computer Entertainment Inc. “We expect that it will generate tremendous value not limited to PLAYSTATION 3 but to all Cell-based computers. We are looking forward to seeing a new computing paradigm.”
"We look forward to seeing the Center of Competence at Georgia Tech generating outstanding technology based on Cell BE,” said Tomotaka Saito, General Manager, Broadband System LSI Division, System LSI Division I, Toshiba’s Semiconductor Company. "The future will see growing demand for multi-core processor applications, and we want to see the Center playing a key role in anticipating and responding to such demand."
“The joint collaboration by IBM, Sony and Toshiba on the Cell processor has led to tremendous advancements in computing applications and innovations,” said Sharon Nunes, Vice President, Business Development and Strategic Growth Initiatives, IBM Systems & Technology Group. “We are pleased to be collaborating with the College of Computing at Georgia Tech to enable a team of engineers, professors and students to create breakthrough solutions, share information among various industries and other universities, and further the Cell ecosystem overall.”
http://www.cc.gatech.edu/content/view/1233/
IEI Technology Corp. Launches the World’s First Competitively Priced High-Security Financial Security Terminal Motherboard.
Taipei, Taiwan, 15 May 2006 – IEI Technology Corp., the world’s leading industrial computer manufacturer, today launch the Enano-8523T, the world’s first competitively priced hardware security platform that integrates a TPM (Trusted Platform Module) v.1.2 chipset with an Intel 852GM Northbridge chipset and an Intel ICH4 Southbridge chipset. The integrated TPM v1.2 chipset makes the affordable Enano-8523T ideal for integration into financial terminals and other hardware applications where data security is critical.
All financial, military, medical institutes and corporations and businesses say network and computer system security is essential. However, research shows approximately 65% of all company networks and computer systems are exposed to security threats. Inherent flaws in software security solutions cause most system and network security threats. Traditional software security solutions only provide system protection once the operating system is fully booted and therefore provide hackers with a window of opportunity to penetrate the network or computer system.
The integrated TPM v1.2 chipset on the Enano-8523T protects the computer system from the time the system is turned on. The TPM v1.2 generates a unique encryption key based on both the unique hardware and software parameters of each Enano-8523T. Only systems with a matching encryption key can access the TPM v1.2 protected Enano-8523T preventing access to unauthorized remote users.
The TPM v1.2 chipset controlled system password access on the Enano-8523T also protects data on stand-alone computer systems, and specifically financial terminals, from being accessed if stolen. Without the correct password an unauthorized user cannot access the data on the system.
IEI Technology Corp.’s competitively priced IEI Enano-8523T TPM v1.2 hardware security terminal has passed European, American and Japanese financial system compatibility tests and POS system manufacturer compatibility tests.
The Enano-8523T is shipped with a powerful zero cache Intel Celeron 800M CPU and supports connectivity to four USB2.0 devices, four RS-232 serial communication devices and an LCD flat panel screen through an LVDS connector. The Enano-8523T is therefore an economical hardware security platform ideally suited for financial terminals and other diverse applications where data security is critical.
Enano-8523 Features:
New ULV Celeron M EPIC SBC
Hardware Security Function
Complete I/Os Support
Green Product
http://www.ieiworld.com/en/solutions_content.asp?id=erbium/projectOBJ00234810
ST Develops ST19NP18 TPM
A new module has tested successfully with the native device driver in Microsoft’s forthcoming Windows Vista operating system.
Friday, November 10, 2006: STMicroelectronics has announced a new module which is manufactured in ST’s advanced 0.15-micron CMOS EEPROM process technology. The new ST19NP18 is based on the successful previous-generation ST19WP18 TPM, with the 0.15-micron process delivering additional cost benefits for PC manufacturers.
Conforming to the most up-to-date version of the Trusted Computing Group (TCG) TPM specification, version 1.2, the ST19NP18-TPM also supports a highly secure field upgrade capability, to enable upgrades to future TCG specifications; to implement enhanced security countermeasures based on new security policies; and to react to newly-identified security threats. The upgrade mechanism takes full advantage of the product’s hardware security features and a public key infrastructure.
The ST19NP18 TPM has tested successfully with the native device driver in Microsoft’s forthcoming Windows Vista operating system, and forms a hardware basis for Vista’s new BitLocker Drive Encryption security feature.
The TPM is supported by a complete turnkey TCG software package for PC manufacturers and OEMs. The chip includes the Core TCG Software Stack (CTSS) licenced from NTRU Cryptosystems Inc., which provides essential core interface and security services framework for any application that relies on the TPM; and the Embassy Security Center (ESC) and Cryptographic Services Provider (CSP) from Wave Systems Corp., which are powerful TPM management and cryptographic support utilities for PC applications.
NTT connection???
These articles loose a lot in translation. Insight has a June PR announcing a TPM. Any relationship to NTT's Hotspot? Insight International was listed as a private company. Now appears to be a subsidiary of Nippon-RAD.
Announcing the TPM correspondence of INS-Sentinella-1X
In sight international corporation (or less in sight, head office: Representative President Tokyo: Yamato happiness one), TPM (Trusted Platform Module * 1) 802.1x [sapurikantosohutouea] which corresponds * 2 “TPM plug in for Sentinella” we announced that release it does on 2006 June 30th. TPM support plug in is the plug in module which adds TPM corresponding performance to 802.1x “INS-Sentinella-1X” which the same company sells. TPM plug in former INS-Sentinella -1X in the base, encodes the certificate which is utilized in certification with TPM, the PFX file * it is the solution for the wire/wireless LAN certification which actualizes more secure protection of 3. In addition with TPM support plug in, by utilizing the hardware based random number formation function where everything TPM has the random number which “INS-Sentinella-1X” forms, Takasina rank it reaches the point where you can obtain random number.
“TPM plug in for Sentinella”
The certificate which is utilized in EAP-TLS (PKCS#12 type, the PFX file) to encode with TPM, safely storage
Correspondence TPM: After TCG 1.1b
Correspondence OS: After Windows2000 SP2, Windows XP Home and Pro
Correspondence INS-Sentinella-1X itself program: After the INS-Sentinella-1X version 2.1
Offer start time: 2006 June 30th release schedule
* 1 TPM
It is IC tip/chip because Trusted Computing Group decides, actualizes the security environment of the next generation. At today, it is adopted for many notebooks PC. As main function, the signature with the formation and safe storage and the RSA secret key of the RSA secret key and the hash due to encoding, decoding and SHA-1 (summary function) there is operation and justifiability verification etc of the platform.
* 2 802.1x [sapurikantosohutouea]
Because the certification which conforms to IEEE802.1X is actualized, it is the necessary software on client side. Just the user which connection is permitted can receive service. It cannot participate in network the user which does not succeed in certification.
* 3 PFX files
One of type of certificate file. It consists of the certificate and the secret key. With PKCS#12, these elements it is protected by the password.
Topic 1: When HDD is pulled out, when it is possible to receive certification by the fact that HDD is transplanted to other PC the password is analyzed, it is illegitimately accessed in network.
Topic 2: The certificate (PKCS#12 type), it is protected only with the pass phrase.
The security improvement with TPM
Solution: With other TPM loading PC, it is not possible to do network certification.
Improvement: The certificate with encoding the hardware base, compared to firmly protection.
furthermore conveniently…
By retaining the certificate which is protected with TPM in external storage other than local HDD, [sumatokado] like security cheaply actualization. The private token and special application are unnecessary.
About “INS-Sentinella-1X”
It is for 802.1x which in sight international corporation sells. Colorful certification protocol (MD5, TLS, PEAP and TTLS) it supports, it is intuitively know and it has GUI which is easy to know. Including the major public wireless LAN service provider, it is the software which has the result which has been adopted for many customers.
With in sight international, for installed use we are inserting also the development of INS-Sentinella-1X of version in range of vision in addition to the latest TPM correspondence, it is the schedule which keeps offering TPM and vis-a-vis all nodes to which the INS-Sentinella-1X family includes WindowsPC, needs equipment certification and user identification.
About in sight international corporation
In sight international corporation was established Tokyo in 1984 as the head office. Introduction to the Japanese market of the American venture enterprise product and development of various software are designated as main business mainly. Although development of the firmware and the driver has become central business mainly the fact that connectivity section of the American Phoenix technologies corporation flows together to 2002 as an opportunity, development agency right of the WaveSystems corporation which is the TPM application development company in 2004 was acquired, the business operations regarding TPM were started. From the past regarding the installed field which this corporation makes proud, we have expanded the demand for TPM. We think the thing which reaches the point where more and more it can utilize two strengths of our company in the future with “installed use” and the fact that the crossover “of TPM” advances.
http://www.insight-intl.com/
You adopt for the client software for user identification of Windows correspondence security software “Sentinella-1X Client” NTT communication “hot spot” service
Corporation [seta] (head office: The for client who the Tokyo Koto Ku daybreak 3-1-25 the daybreak frontier building B ridge, Representative President Nonaka Makoto 之, following [seta] and inscription), started sale from last year security product group “Sentinella” as a first feature product of the series, conforms to” IEEE802.1X” it is the software, “Sentinella-1X Client”] it is, the [chi] x client), the n [tei] & [tei] communication corporation (the head office: We announce that it is adopted happiness town 1 Chome 1 - 6 inside the Tokyo Chiyoda Ku, Representative President Suzuki Masashi Makoto, following NTT communication and inscription) as the client software for user identification of wireless LAN access service “hot spot” business which is offered.
It continues to expand the wireless LAN market, rapidly with the cost reduction of the product which advances after 2000 suddenly and the increase of entry enterprise. Opening from the movement restriction with wireless conversion, with being able to accept to the user the big merit which is said advances, of course thing, also acceleration correspondence at private area such as home and inside enterprise not only as below, NTT communication offers, we have started spreading steadily the public like “hot spot service” as below, it reached the point where even socially important role is carried out.
But when it compares to wire network, it unites also the aspect where it is communication below also radio system peculiar security risk exists, includes danger for the user. [seta] developed as for “Sentinella-1X Client”, coped with the vulnerability of these wireless LANs is new security standard individually and it is the software for the client which designates [sapurikanto] which conforms to” IEEE802.1X” as the core. It is possible to construct firm security and the wireless LAN environment which has soft operability by such as access point utilizing, combining with the other 802.1X corresponding product and certification server,
This time NTT communication in order that safer wireless LAN access is offered at the time of “hot spot” servicing, introduced IEEE802.1X certification, furthermore to strengthen the security of radio section. Sentinella-1X Client the license it offered [seta] to the same company, “hot spot” private client software “Sentinella-1X for Hotspot” ([senteinetsura] was and it came to the point of being distributed to the user the [chi] x four hot spot) as via “the hot spot” home page.
As for the user which utilizes this service, it becomes possible to defend from security risk such as illegality utilization and wiretap by installing Sentinella-1X for Hotspot which is downloaded from the same sight to stock Windows PC.
Furthermore Sentinella-1X Client of the original product is in the same way utilization with “of the hot spot” possible.
By the fact that secure wireless LAN access environment is offered, Sentinella-1X in the user of hot spot service, supports safe network communication.
* About “hot spot” service
Increase the sight below viewing NTT communication it offers concerning “hot spot” service and private software “Sentinella-1X for Hotspot”
Hot spot official sight URL: http://www.hotspot.ne.jp/
NTT Communications Corp Now offers public wireless LAN Access called Hotspot.
http://www.hotspot.ne.jp/en/
Wavexpress French Article.
Translation by google.
Your podcasts médico-teaching on your television set
Hello with All,
Although this weblog is directed more towards the podcasting of teaching contents towards the mobile peripherals, we cannot overlook this information.
The company Wavexpress Inc. us proposes indeed the TVTonic service making it possible to recover our podcasts multi-media on our television set. This application comes to add an additional layer to Windows XP or better to Windows Media Center to visualize our videos-podcasts after an automatic synchronization. This program functions only with Internet Explorer and Windows Media Player and will enter very soon in competition with the next operating system Windows Vista which should propose an identical functionality.
For the other platforms like our Mac OS X, there is also Democracy Player which are free, multi-platforms and opensource but which is unfortunately buggué still a little (version 0.8.2 beta for Mac OS X).
As you can note it, we attend more and more a convergence of the video media within single platforms which we will make it possible to gather and to organize the vidéos that we wish to see and this some is their source.
It does not remain us any more that to export these vidéos since the television set or the computer towards a walkman in order to delocalize in more the place of visionnage as we can do it since the beginning of this academic year with this webblog.
Definitely, we are not at the end of our surprises with the concept of podcasting, is not this!!! We from this step will test the Béta version for Mac OS X and you give our first impressions
Good end of prolonged Weekend.
Vos podcasts médico-pédagogiques sur votre téléviseur.
Bonjour à Tous,
Bien que ce weblog soit plus orienté vers le podcasting de contenus pédagogiques vers les périphériques mobiles, nous ne pouvons passer sous silence cette information.
La société Wavexpress Inc. nous propose en effet le service TVTonic permettant de récupérer nos podcasts multimédia sur notre téléviseur. Cette application vient ajouter une couche supplémentaire à Windows XP ou mieux à Windows Media Center pour visualiser nos vidéo-podcasts après une synchronisation automatique.
Ce programme ne fonctionne qu'avec Internet Explorer et Windows Media Player et entrera très bientôt en concurrence avec le prochain système d'exploitation Windows Vista qui devrait proposer une fonctionnalité identique.
Pour les autres plateformes comme notre Mac OS X, il existe aussi le Democracy Player qui est gratuit, multi-plateformes et opensource mais qui est malheureusement encore un peu buggué (version 0.8.2 béta pour Mac OS X).
Comme vous pouvez le constater, nous assistons de plus en plus à une convergence du média vidéo au sein de plateformes uniques qui nous permettrons de regrouper et d'organiser les vidéos que nous souhaitons voir et ceci quelque soit leur provenance.
Il ne nous reste plus qu'à exporter ces vidéos depuis le téléviseur ou l'ordinateur vers un baladeur afin de délocaliser en plus le lieu de visionnage comme nous pouvons le faire depuis le début de cette année universitaire avec ce webblog.
Décidement, nous ne sommes pas au bout de nos surprises avec le concept de podcasting, n'est-ce pas!!!
Nous allons de ce pas tester la version Béta pour Mac OS X et vous donnez nos premières impressions.
Bonne fin de Week-End prolongé.
http://medmob.univ-rennes1.fr/limblog/index.php?2006/04
Barge.
Here is another example. Maybe shuttle will use Vista Ultimate.
http://www.infosyncworld.com/news/n/6521.html
Among the first media PCs to incorporate Intel's new Viiv platform, Shuttle offers a sneak peek of its new ultra-small form factor XPC X100 and the rack-sized XPC
http://sys.us.shuttle.com/Vista_Capable.aspx
There’s no reason to wait.
Hardware requirements and recommendations for the Windows Vista Capable XPCs have been selected to ensure that XPC systems and components that fit these criteria will run Windows Vista and will enable the next generation of Windows applications.
The Windows Vista Capable XPCs allow you to the transition from Windows XP to Windows Vista. Windows Vista Capable XPC reassures your investments will retain its value after Windows Vista is available.
M2000.http://www.silentpcreview.com/article661-page3.html
“Shuttle has chosen to use Seagate's DB35 7200.2 line of drives instead of the more mainstream Barracuda series.”
http://minitechnet.com/shuttle_st20g5_05.html
"Two further interesting features are the power speed II technology and the TPM security device."
Vista Upgrade
OEMs will likely start to move TPMs into the consumer space in the coming quarters, with some level of specific focus and promotion. Wavexpress has an integration of the TPM support in TV Tonic and Wavexpress is included with Media Center machines in the Microsoft media services suite. With the premium versions of Vista requiring TPMs and including Media Center in the OS, Wave should have a good entre into the consumer related systems as they get introduced.
So how does the OEM expect a consumer up grade to Vista Ultimate from a lower version of Vista if the PC does not contain a TPM?
Vista Feature Specific Requirements
Ultimate, Windows Vista Enterprise
BitLocker Drive Encryption Requires an integrated Trusted Platform Module (TPM) 1.2 chip or USB 2.0 key Windows Vista
http://www.microsoft.com/windowsvista/getready/hardwarereqs.mspx
Versions of Vista
Vista Starter will be designed for beginning computer users in emerging markets who can afford only a low-cost PC. As with the XP version, Vista Starter will be a subset of Vista Home and will ship in a 32-bit version only. The product will let only three applications (or windows) run simultaneously, will provide Internet connectivity but not incoming network communications, and won't provide for logon passwords or Fast User Switching. Vista Starter is analogous to XP Starter and will be sold only in emerging markets.
Vista Home Basic, a simple product designed for single-PC homes, will be the baseline version on which all other Vista editions will build. It will include features such as Windows Firewall; Windows Security Center; secure wireless networking; parental controls; antispam, antivirus, and antispyware functionality; network mapping; Windows search functionality; the Aero UI; Windows Movie Maker; a photo library; Windows Media Player (WMP); Microsoft Office Outlook Express with Really Simple Syndication (RSS) support; P2P Messenger; and more. Roughly analogous to XP Home, Vista Home Basic will be designed for general consumers, XP and Windows 9x Starter Edition upgraders, and price-sensitive or first-time buyers.
Vista Home Premium will provide entertainment and personal productivity throughout the home and on the go. As a true superset of Vista Home Basic, Vista Home Premium will include everything from Vista Home Basic, as well as Media Center and Media Center Extender functionality (including cable card support), DVD video authoring and HDTV support, DVD-ripping support (yes, you read that right), Tablet PC functionality, Microsoft Mobility Center and other mobility and presentation features, auxiliary display support, peer-to-peer (P2P) ad hoc meeting capabilities, Wi-Fi autoconfiguration and roaming, unified parental controls that work on multiple PCs, backup-to-network functionality, Internet File Sharing, offline folders, PC-to-PC synchronization, Sync Manager, and support for Quattro (a new Longhorn Server version). Vista Premium is similar to XP Media Center Edition (XP MCE) but adds several other features and functionality, including Tablet PC support. My guess is that it will be the Vista volume consumer offering (today, XP Pro is the dominant seller). This version is designed for PC enthusiasts, multiple-PC homes, homes with kids, and notebook users.
Vista Pro, a powerful, reliable, and secure OS for businesses of all sizes, will include domain-join and management functionality, compatibility with non-Microsoft networking protocols (e.g., Novell NetWare, SNMP), Remote Desktop, Microsoft IIS, and Encrypting File System (EFS). In addition, Vista Pro Standard will include Tablet PC functionality. Vista Pro is roughly analogous to today's XP Pro. This version is designed for business decision makers and IT managers and generalists.
Vista Small Business, which will be designed for small businesses that don't have IT staff, will be a superset of Vista Pro Standard and will include unique features such as backup and Microsoft Volume Shadow Copy Service (VSS) support, server-join networking, and PC fax and scanning utilities. Microsoft might include other features, including a Small Business Edition guided tour, prepaid access to the Windows Live! or Microsoft Office Live! subscription services, Multi-PC Health (a managed version of Microsoft OneCare Live), and membership in the Microsoft Small Business Club online service. Microsoft will offer a step-up program for Small Business Edition that will let customers upgrade to Vista Enterprise or Vista Ultimate at a reduced cost. This SKU is new to Vista; no XP Small Business Edition exists. This version is designed for small-business owners and managers.
Vista Enterprise will be optimized for the enterprise and will be a true superset of Vista Pro. It will also include unique features such as Virtual PC, the Multilanguage User Interface (MUI), and the Secure Startup-Full Volume Encryption security technologies (code-named Cornerstone). No analogous XP version exists for this product, which is designed for business decision makers, IT managers and decision makers, information workers, and general business users.
Vista Ultimate promises to be the best OS ever offered for the personal PC and will be optimized for the individual. Vista Ultimate is a superset of both Vista Home Premium and Vista Pro; it includes all the features of both product versions and adds a Game Performance Tweaker with integrated gaming experiences, a Podcast-creation utility (which is under consideration and might be cut from the product), online club services (i.e., exclusive access to music, movies, services, and preferred customer care), and other offerings that are currently under consideration. Microsoft is still investigating how to position its most impressive Windows release yet and might offer Ultimate Edition owners such services as extended A1 subscriptions, free music downloads, free movie downloads, Online Spotlight and entertainment software, preferred product support, and custom themes. Nothing like Vista Ultimate exists today. This version will be designed for high-end PC users and technology influencers, gamers, digital media enthusiasts, and students.
http://forum.digital-digest.com/showthread.php?t=65829
Barge Re: Apple.
Interesting.
Executive Summary
Regardless of what the media has been harping on for a long time, and regardless of what system attackers have been saying about the "evil TPM protection" Apple uses, Apple is doing no TPM-related evil thing. In fact, Apple is doing no TPM-related cryptographic thing at all in Mac OS X. Yes, I know, there has been much talk of "TPM keys" and such, but there are no TPM keys that Apple is hiding somewhere.
More specifically, Apple simply does not use the TPM hardware. In Apple computer models that do contain a TPM, the hardware is available for use by the machine's owner. Of course, to use it you need a device driver, which Apple indeed doesn't provide.
http://www.osxbook.com/book/bonus/chapter10/tpm
Shuttle.
http://www.silentpcreview.com/article661-page3.html
“Shuttle has chosen to use Seagate's DB35 7200.2 line of drives instead of the more mainstream Barracuda series.”
http://minitechnet.com/shuttle_st20g5_05.html
"Two further interesting features are the power speed II technology and the TPM security device."
http://sys.us.shuttle.com/Vista_Capable.aspx
There’s no reason to wait.
The Windows Vista Capable XPCs allow you to the transition from Windows XP to Windows Vista. Windows Vista Capable XPC reassures your investments will retain its value after Windows Vista is available.
Hardware requirements and recommendations for the Windows Vista Capable XPCs have been selected to ensure that XPC systems and components that fit these criteria will run Windows Vista and will enable the next generation of Windows applications.
http://www.infosyncworld.com/news/n/6521.html
Among the first media PCs to incorporate Intel's new Viiv platform, Shuttle offers a sneak peek of its new ultra-small form factor XPC X100 and the rack-sized XPC M2000.
http://global.shuttle.com/
Wave Systems 2Q05 Conference Call, 08/09/05.
There have been a number of very significant developments over the course of the second quarter. And many have seen these in their specific press releases, and I won't go into too much detail on each of these, so please refer back to the press releases that we did.
“Seagate's entry into the market with their Drive Trust technology, which we think will be a very important addition to the industry.”
http://www.unclever.com/wavx/WAVX2Q05.htm
Seagate Expands DVR Capabilities
CE Leader Demonstrates Compact DVR Platform, External DVR Storage, New DRM capabilities at NCTA
THE NATIONAL SHOW, SAN FRANCISCO, April 4 Seagate (NYSE: STX), the world's leading maker of DVR Hard Drives, today will exhibit its new class of add-on DVR storage devices designed to plug easily into properly equipped digital video recorders (DVR) and set-top boxes. At the National Show (Booth 5664) in San Francisco, Seagate will demonstrate its External DVR Hard Drive plugged into the Scientific-Atlanta Explorer(R) 8300(TM) Series DVR. The drive features up to 400GB of additional television
storage in a single plug-and-play box -- the highest capacity in the industry
-- and offers 1394, USB, or the new high-performance eSATA interface. Seagate offers its External DVR Hard Drive to cable service operators who want to provide add-on storage to their compatible cable DVR set-top boxes. Interested consumers and cable subscribers should check with their cable service provider regarding compatibility and availability.
Seagate will also demonstrate an entirely new concept for inside-the-box DVR storage that enables smaller, simpler, cooler-running and more cost-effective DVR designs. Based on Seagate's industry-leading technology platforms, and with a new 2.5-inch form factor that can offer up to 120GB of internal DVR storage, products based on this platform can be made available to interested DVR and set-top box manufacturers. Seagate is the only hard drive maker today offering this option for a new DVR platform.
In addition, Seagate today unveils a new application of its DriveTrust technology that enables cable service operators and DVR makers to lock external storage devices to a specific DVR or other device. This helps implement more robust digital rights management solutions for set-top boxes and enables a more rapid roll-out of better, easier-to-use entertainment storage technologies to consumers. Seagate DriveTrust technology enables a variety of hard drive-based protection and privacy solutions.
Expandable DVR storage
As subscribers become more comfortable with their DVRs and home media centers, more content will fill up these devices' internal drives. High-definition services can consume about six times more storage capacity than standard television consumes on DVRs. With Seagate's new External DVR Hard Drives, subscribers can easily expand the storage capacity of their compatible DVRs, enabling them to keep the same DVR longer as they upgrade capacity. The drive offers up to 400GB of additional TV storage in a single plug-and-play box. On compatible DVRs, additional drives for even more storage can be daisy chained and stacked or placed side-by-side.
Manufacturers of set-top boxes, DVRs and home media centers are looking for an efficient way to upgrade and expand the capabilities of their products. Seagate offers cable MSOs a comprehensive business model that can enable service operators to provide external DVR storage service to subscribers with minimized startup time, investment, and inventory commitment.
Based on its successful and award-winning design for PC-based external backup and storage, Seagate's partnership with service providers goes far beyond providing the External DVR Hard Drive unit:
-- Product customization -- many aspects of the External DVR Hard Drive's industrial design can be customized to maximize a service operator's brand image.
-- Technology flexibility -- Seagate also offers a variety of capacity points and compatible interfaces including 1394, USB and the new high-performance, low-cost eSATA interface, and can assist with the development of features such as content protection and enhanced video streaming.
-- Outsourcing efficiency -- service operators can utilize the call centers of the world's leading hard drive company to outsource any or all customer support for these external storage units, including pre-sales support, order-taking and product fulfillment, 24x7 technical support, and warranty service. This eliminates the need to train customer support staff on hard drive technology, reduces inventory exposure, and speeds time to market.
Seagate debuts content protection technology in hard drives
Monday 30th October 2006
Orlando (FL) - Seagate today announced a first hard drive that integrates a hardware- and software-based content protection technology: Called "Drive Trust," the security platform can prevent unauthorized access to data stored on the drive. It promises users a greater peace of mind when storing critical data, but the technology is very likely to end up as a new digital rights management (DRM) solution as well.
Drive Trust has been developed as a complementary platform for the security specifications of the Trusted Computing Group (TCG) and Seagate expects the platform result into a formal TCG storage specification that is scheduled for public release in early 2007. The company describes the approach as a "fully automated hardware-based security with a programming foundation," that enables content owner's software developers to take advantage of the drive's data security features on their own terms.
Locking down data has become an increasingly important topic in a time when more and more data is exchanging hands and data theft is a growing concern. In addition to already existing encryption and copy protection mechanisms, securing data directly on the hard drive is an almost logical step. And according to Seagate, Drive Trust is easy to manage, as it "automatically protects all drive data, not just selected partitions or files, at all times, and its security functions operate independently of the hard drive, preserving the hard drive's full performance." Also the company claims that the technology, which is marketed as a "feature" of certain hard drives, does not require any security patches, updates or upgrades.
The first drive to offer Drive Trust is Seagate's DB35 series, which is primarily used in digital video recorders. In the first quarter of 2007, Seagate will add a Drive Trust version of its 2.5" Momentus 5400 FDE notebook drive.
As of now the impact of the technology is unclear as its use will largely depend on content owners and their ideas how to leverage Drive Trust. However, the fact that the technology is available first in a consumer electronics hard drive at least indicates that we will see DRM related uses before there will be any applications that will be focused on securing critical content on corporate notebooks.
Security Smorgasbord on Show.
October 30, 2006
Security will feature prominently at the Storage Networking World tradeshow in Florida this week, with both big-name vendors and startups unveiling products and plans to lock down corporate data.
Cue hard-drive specialist Seagate, which will unveil its DriveTrust strategy today, eventually adding drive-level encryption to its entire product line. "Theft and loss is happening with servers and storage," Scott Shimomura, senior product marketing manager at Seagate, tells Byte and Switch. "We're trying to get people to look at security built into the drive itself as a security foundation."
First up is Seagate's Momentus drive, which the vendor will "harden" with an encryption chip and security firmware. As part of this effort, Seagate execs have opened up API-style "software hooks" into their drive technology in an attempt to lure specialist security ISVs onto the platform.
Two firms, Secude and WaveSystems, have already teamed up with Seagate to develop key management software, and the vendor expects to have its souped-up Momentus drive, the Momentus 5400 FDE.2, available sometime in the first quarter of 2007. After that, the vendor plans to extend drive-level encryption across its enterprise and desktop hard drives, including its Cheetah, Barracuda, and Savio product lines.
At this point, however, the vendor has not revealed pricing for its Momentus 5400 FDE.2 drive, nor has it described a detailed roadmap for extending drive-level encryption to other parts of its portfolio.
Startup Siafu will take the wraps off its Sypher tape encryption appliance this week. Unlike rival NeoScale, which touts Fibre Channel and SCSI-based security appliances, Siafu is putting its faith in iSCSI. (See NeoScale Faces Up to 4-Gig Encryption.)
"The iSCSI allows the product to be positioned at a lower price point," explains John Matze, the Siafu CEO. "Not everyone needs the speed of Fibre, especially in the SMB space, where a lot of people can't afford it."
Siafu will unveil two encryption appliances this week, a standard version, which can handle data at 30 Mbyte/s, and a 100-Mbyte/s "enhanced option." The two-rack-unit-high standard offering will be available in mid-November, priced at $6,995. The vendor is yet to reveal pricing for its higher-speed box, which will be on the market in the first quarter of next year.
Another tape encryption specialist, Decru, will also be busy in Florida over the next few days. (See Decru, Sepaton Team, Quantum, Decru Hook Up, and Decru Picks Key Partners.) The vendor will be announcing an expansion of its professional services program this week, which will include additional end-user support, training, and other services.
Other suppliers will also be bolstering their storage security stories. IBM, which recently added encryption to its TS1120 tape drive, is unveiling enhancements to the drive's 3599 cartridges. (See IBM Security Answer: Tape It Up and IBM Intros Solutions.) With users looking to both store and lock down more information, IBM will take the wraps off a 700-Gbyte version of the cartridges. "As you get more and more data on a single cartridge, security is more important," notes Charlie Andrews, director of storage product marketing at IBM.
The previous version of the 3599, like Sun's rival T10000 offering, had a maximum capacity of 500 Gbytes. (See Sun Fills in Storage Crypto Details and Sun Gets Secretive on Storage.) The new IBM cartridges, which will be available in January 2007, will be priced at $270 each.
Also at SNW, IBM will unveil new expansion and warranty options for its DS8000 storage system, as well as software enhancements that aim to improve the platform's ability to connect to mainframes. (See IBM Addresses High End, IBM's Mixed Bag of Storage, and IBM Wins at Wyoming U.)
Security for many firms also involves business continuity, a trend that hardware vendor StorServer hopes to build on with its K6000 appliance, an all-in-one device combining disk-to-disk backup, archiving, and disaster recovery.
The appliance, which uses IBM's Tivoli Storage Manager software, and Qualstar's XLS tape library, offers up to 10 Tbytes of disk-based storage and up to 4 Pbytes of tape-based capacity, according to the vendor. Movie channel Starz and University of Colorado Health Sciences are already considering the appliance, according to the vendor, which is touting the K6000 as an alternative to traditional archiving products and backup software such as Veritas NetBackup. (See Symantec Dips Into De-Dupe and EVault Intros Products.)
"In this day and age, there's no reason to go with [different technology] pieces and parts, because it's such a big headache," says Ellen Rome, StorServer's vice president of marketing. Pricing for the appliance, which is available now, will start at over $200,000.
As well as security, blades are also on the agenda for this week. Verari Systems, for example, will today take the wraps off what it describes as a high-density storage blade for its BladeRack 2 NAS platform and will also announce an OEM deal with PolyServe.
Up until now, most of the activity in the blade market has focused on server and compute blades, although more and more vendors are looking to the storage benefits of blades. (See Brocade Busts Out Upgrades, Sun Intros Blade Server, Gaming Companies Eye Storage, and HP Brandishes Blades.)
Verari's VB5150 Storage Subsystem is a 30-Tbyte blade that will use PolyServe's File Serving Utility software for clustering and virtualization.
"This is our first product that offers any significant capacity in the blade form factor," says Eric Seidman, Verari's manager of storage systems, who is touting the product as a small footprint alternative to traditional rack-mounted storage systems for high-capacity applications, such as those of ISPs, the oil and gas industry, and the financial services market.
Verari's OEM partner, PolyServe, has also got its eye on these markets. Version 3.5 of the software, which will be available this week, now offers a file system capacity of 128 Tbytes, compared to 16 Tbytes on the earlier version.
Pricing for Verari's VB5150, which is available now, starts at around $1 per Gbyte, although this figure depends on the amount of memory the system uses. PolyServe tells Byte and Switch that pricing for version 3.5 of its software remains the same as its earlier version, which is around $7,000 per CPU.
Panasonic today announced new additions to its Toughbook series of notebook computers, the company's line of durable, rugged laptops. Soon to be available, the CF-19 tablet PC and CF-30 clamshell notebook contain the latest technology in battery life, wireless connectivity, and screen display, according to Panasonic.
As direct successors to the CF-18 and CF-29, the CF-19 and CF-30 are built from magnesium alloy, with shock-mounted screens and hard drives, tested to withstand drops, shocks, vibration, and extreme temperatures, says Panasonic. Additionally, battery life tops out at six hours of full, continuous use.
They both include an Intel Core Duo processor and a slate of security features. Additionally, the notebooks have embedded access to the 3G wireless network from wireless mobile phone data carriers, and new, daylight-readable, 1000 nit screens, which Panasonic is calling the world's brightest notebook screen.
Both notebooks feature backwards compatibility with existing vehicle mounts for their respective predecessors. Also, they come equipped with a Trust Platform Module (TPM v1.2) security chip, as well as a slot for a cable lock and optional fingerprint scanner, with support for a Smartcard reader.
Both notebooks will be available in December. The basic versions of the CF-19 and CF-30 will carry estimated street prices of $4200 and $4700, respectively.
http://toughbook-europe.com/media/2006-04-08_PM_cf_51_eng.pdf
http://www.toughbook-europe.com/ENG/case_studies.aspx
Wave Systems Demonstrates Embassy(R) Strong Authentication Technologies at the DoD Public Key Enabling Trade Show
DoD Public Key Enabling Trade Show
LEE, Mass. Nov. 8, 2005 Wave Systems Corp. (NASDAQ:WAVX) announced today that it is demonstrating its Embassy secure software technologies featuring strong authentication capabilities at the Department of Defense Public Key Enabling (DoD PKE) trade show at the Atlanta Hilton, Atlanta, Georgia, today and tomorrow.
The conference focuses on enabling federal system administrators, workgroup managers, and users to get the most out of Public Key Infrastructure, featuring demonstrations, hands-on training sessions, and opportunities to interact with DoD and industry experts.
Wave's Embassy software supports the next generation Trusted Computing security chip hardware called the Trusted Platform Module (TPM) 1.2. The computer industry has already shipped millions of PCs embedded with the Trusted Computing Group-standard TPM 1.1 chips and is now shipping next generation 1.2 TPM chips. Wave's Embassy platform supports both standards.
TPMs help enable secure services and applications. Wave has designed its Embassy technology to work with all commercially available TCG-compliant TPMs. Wave's Embassy platform is also compatible with the Microsoft Office(R) environment, and facilitates a variety of PC-related security and productivity tasks.
At the conference, Wave is demonstrating the hardening of standard Department of Defense PKI systems. Using TPMs, Wave will demonstrate issuing a standard, medium assurance certificate (X.509 version 3 PKI class 3) which is commonly used for network and application authentication. The TPM will bind the certificate to the hardware platform, creating a more tamper resistant certificate. This is the first time that fully certified (FIPS 140-2 L2) TPMs will be shown in this security capacity. Wave is working with External Certificate Authorities (ECA) approved by the DoD C.I.O. to more broadly disseminate this solution.
"Working with TPM security chip enabled PCs, Wave's Embassy software technology can strongly authenticate both the PC and the user in a government or enterprise network," said Steven Sprague, president and CEO, Wave Systems. "Network administrators can benefit from better authentication capabilities by using available biometrics, smart cards, passwords or the TPM, all tailored to specific security needs."
Beyond its importance to the DoD PKI environment, Wave's Embassy trusted computing solutions are also designed to solve the real world authentication and identity management problems facing federal, state and local government agencies.
Intel plotting vPro for Apple
8 Sep 2006
New business platform coming soon to a Mac near you
Intel's brand new vPro desktop platform started shipping in business PCs yesterday and could already be on its way for Macs.
At the launch of the Core 2 Duo-based chipset yesterday in Antwerp, Intel digital office division general manager Greg Bryant said plans were being discussed to bring the Advanced Manageability Technologies at the heart of the vPro to Apple machines. We'll know one way or the other within 18 months, probably once they've sorted out how to punt the technology to laptop buyers.
http://www.channelregister.co.uk/2006/09/08/intel_vpro_shipping/
Wave Completes Licensing with Intel for EMBASSY(R) Trust Suite Software with New Intel Desktop Motherboards
LEE, Mass.--(BUSINESS WIRE)--Sept. 5, 2006--Wave Systems Corp. (NASDAQ:WAVX - News, www.wave.com - News) today announced the execution of an amendment to its Software License and Distribution Agreement with Intel®. The amendment permits Intel® to ship the next version of Wave's EMBASSY® Trust Suite with Intel's new Intel® P965 Express Chipset-based Intel® Desktop Boards for trusted personal computers. Wave's EMBASSY® Trust Suite (ETS) 5.1 is a new and simplified collection of practical, easy-to-use applications which leverage the Trusted Platform Module (TPM) hardware security chip. Wave's ETS is combined with the TPM and bundled with Intel® Desktop Boards DQ965WC, DQ965CO and DQ965GF to provide a final layer of security. Upon the commencement of Intel's shipment of products under this new amendment, the number of Intel Desktop Boards on which Wave's products are shipped will increase to 15. The agreement does not provide for guaranteed minimum or maximum shipped quantities or royalties.
Wave's ETS software is a trusted applications and services software security suite designed to be compliant with Trusted Computing Group (TCG) specifications. The computer industry has shipped tens of millions of PCs embedded with TPMs, the Trusted Computing Group-defined, next-generation security chip hardware. Wave has designed its security applications to work with all commercially available TPMs, including the version 1.2 chip.
"Wave's solutions are designed to leverage the TPM for stronger, standards-based network access, authentication, data protection and password management solutions that business users can leverage immediately for security and management," said Brian Berger, executive vice president, marketing and sales, Wave Systems. "We are pleased to have completed this amendment to include Wave's 4th generation of EMBASSY solutions on Intel's products. The ETS 5.1 is a new simplified set of applications that will be bundled with desktop boards based on the Intel P965 Express Chipset family that complements Intel® vPro(TM) technology."
http://biz.yahoo.com/bw/060905/20060905005279.html?.v=1
Intel Premieres vPro Desktop Platform
September 7, 2006.
As has been anticipated since last April, Intel today launched its effort to create a Centrino-like integrated technology platform around business desktop systems. The idea behind Intel's new vPro logo program is to encourage vendors to produce Core 2 Duo CPU-based desktop computers with motherboards utilizing the company's new Q965 Express chipset.
The Centrino program is generally seen as a sweeping success, not only provoking OEMs to produce notebook systems based on the Pentium M and its successors, but giving customers one name to remember when asking for a portable computer. Intel hopes to translate that success over to the desktop world, even though vendors and analysts alike report desktop systems constituting a lesser share of overall production as so-called "desktop replacement" notebooks take over.
While not a part of the Q965 Express chipset like AMT, Intel's Virtualization Technology (now abbreviated as "VT" for all platforms) is also incorporated into the vPro platform specification. This includes Intel's implementation of a Trusted Platform Module (TPM), which will enable computers and their components to authenticate themselves reliably within a network.
In this industry standard architecture promoted by the Trusted Computing Group, information transferred over a network can be trusted by a receiving component if the identity of its source can be authenticated by a component whose own identity cannot be spoofed.
Over the past few years, the development of TPMs has come under fire for, some say, giving vendors an avenue for locking consumers into using only brands or models that are considered "trusted," and also for possibly injecting digital rights management features into the core of the computer. But Intel has recently denied it will be using VT for any of these purposes, or enabling its partners to do so.
Still, it has refrained from introducing VT into chipsets or platforms targeted towards consumers and home users, in deference to their skepticism about its stated purpose.
Intel is also including its on-board gigabit network adapters and integrated graphics as components of vPro. This latter element remains the cause of some concern, as Intel has been feeling pressure to sell off some of its lesser performing businesses as part of its ongoing restructuring. It has already sold its handset architecture and media signaling divisions, which were purchased by Marvell and Eicon, respectively.
While Intel is arguably the leading manufacturer of integrated graphics, it's often considered a low-volume business, since systems with the technology are generally intended for either entry-level consumer systems or high-quantity business purchases, both of which fall under the "discount" category.
Some analysts say that if Intel goes against their advice and stays put in the integrated graphics business, it could find itself competing head-on against a newly combined AMD and ATI at a time when it could have had graphics powerhouse nVidia as a partner.
Intel says corporate purchasers should expect to see vPro-supporting software from Adobe, HP and Microsoft, among others, in the coming days. BetaNews will have more on the vPro platform as Intel makes new information available.
Foremost among these is the company's new Active Management Technology (AMT). For the first time, this architecture separates the general computing components of a system -- the parts relegated to Windows or Linux control -- from a full-time management component, parts of which can be accessed through the network even while the general components are turned off, or even crashed.
If you can imagine how, in modern Internet architecture, the part of the network that provides connectivity ("layer 3") is functionally separated from the part that enables applications over the network to share and transport data ("layer 4"), AMT would create a similar functionality division within the motherboard.
Although Intel doesn't use this terminology explicitly, in effect, user services such as the operating system, applications and even the general BIOS are split from an underlying manageability layer. This layer will provide network admins with assets enabling them to reinstall crashed operating systems, restore installed system services, and detect impending failures before they happen.
AMT will also create a kind of virtual "moat" between the part of the vPro computer that's directly connected to the network, and the applications that utilize network assets. This way -- at least for the time being -- an operating system cannot be directly vulnerable to network-based attacks. Intel calls this "network isolation," but it could be considered a more evolved version of a firewall. With AMT, what the user perceives as her computer is never really connected to the network.
http://www.betanews.com/article/Intel_Premieres_vPro_Desktop_Platform/1157653099
Biometrics Becomes A Commodity
02/01/2006
URL: http://www.itarchitect.com/shared/article/showArticle.jhtml?articleId=177100820
Biometrics has been called the future of IT security for years, but that future never seems to arrive. Last year, there were signs that this was about to change. Almost all laptop vendors began shipping models with built-in fingerprint readers, and biometric desktop keyboards also became an option from companies such as IBM and Microsoft.
The growth of biometrics is driven mostly by the failure of passwords. As computers increase in power, breaking dictionary passwords through brute force techniques becomes easier. At the same time, the increasing number of systems that each person must log in to is making passwords more difficult to remember. An unalterable physical characteristic that can't be forgotten or lost seems like a much better choice.
Maybe so, but IT departments considering biometrics need to keep three things in mind. First, forget about DNA sequencing or retina scans unless you're in the military or law enforcement. For the foreseeable future, fingerprints are the only physical biometrics set for widespread use in authentication--and even then, fingerprint readers will be far from ubiquitous.
Second, biometrics needs to be part of a multifactor authentication architecture, combined with passwords or hardware. This is partly because a biometric factor on its own acts only as an identifier--it's closer to a publicly known username than a secret password--and partly because today's cheap fingerprint scanners aren't reliable enough to be used alone.
Last and most importantly, physical biometrics is best used only for local physical security, not for direct access to networked resources. Transferring fingerprints over the Internet introduces risks, and a central store of private biometric data represents a valuable target for attackers. Instead, biometrics can be used indirectly: For instance, a server can be accessed via a digital certificate or one-time password that's stored on a local hardware device such as a smartcard, USB dongle, or Trusted Platform Module (TPM). That hardware can in turn be locked biometrically.
FACE OFF
When the IT security industry talks about a biometric factor, it's nearly always referring to fingerprints. Although other biometric measurements are used routinely in law enforcement, computer systems require much greater accuracy because they're intended to work without human supervision.
For example, many law enforcement agencies are beginning to deploy automated face recognition systems. In theory, these can help identify criminal suspects in a crowd. In practice, however, a very high false positive rate means the majority of faces picked out from a crowd are innocent, so every positive match needs to be flagged and shown to a human police officer, who must then decide whether the person identified looks enough like the suspect to warrant further investigation. The same can't happen automatically.
DNA authentication is a science-fiction favorite and set to remain that way. Superficially it seems like a good idea: Unlike most other biometrics, DNA is already digital, so a match can be made with 100 percent certainty. The problem is that DNA sequencing is very expensive and relies on chemical reactions that take hours, making it useless for most applications.
DNA also has severe privacy implications because it reveals more than just identity. At minimum, samples from two individuals will show how closely they're related. Depending on the genes chosen, samples can also reveal whether someone has a specific medical problem, or how likely they are to suffer from a particular disease in the future.
Apart from fingerprints, the one biometric factor that might go mainstream is the voiceprint. A voiceprint is a unique frequency pattern within a person's voice that's determined by the shape of that person's vocal tract. As a biometric measure, that has the opposite weakness of DNA: It's too easy to analyze and fake. A simple voiceprint identification system can be fooled with a tape recording, and much of the same research that helps produce efficient codecs for VoIP and cell phones also helps attackers impersonate other people's voices.
Nevertheless, voiceprints can still be used in combination with other methods. An Interactive Voice Recognition (IVR) system or a human call center agent can ask a person to repeat a specific random word or phrase, and then ask for a password. Credit card giant Visa International is using an IVR voiceprint system from Vocent Solutions to authenticate its own employees, but only as one part of a multifactor system. Like many biometrics vendors, Vocent warns that its software isn't reliable enough to be used alone.
THE WRONG HANDS
Voiceprints are the most extreme example, but all biometrics--fingerprints included--suffer from the same problem: They're hard to keep private. This has frustrated criminals since the 19th century, and it's set to frustrate IT departments in the 21st. Furthermore, the problem is getting worse as repositories of biometric data become widespread. Biometric authentication suffers from an inverse network effect: The more it's used, the less useful it becomes. Authenticating to everything with the same fingerprint isn't much more secure than using the same password for everything--and it's potentially much worse because there are only 10 to choose from.
For this reason, IT departments considering biometrics must take precautions to ensure the privacy of the user's fingerprint. They must also make sure the print hasn't already been compromised by some other system to which the same user has authenticated. "People focus too much on the device that the end user sees," says Rebecca Bace, a former NSA cryptographer who is now CEO of consultancy Infidel. "But they ignore what happens to the data afterward, and that's more important."
Because the fingerprint isn't necessarily secret, high-security applications should only treat it as an identifier, not the sole means of authentication. It needs to be combined with a password, or better yet some kind of hardware device carried by the user. Microsoft even includes the following disclaimer in the instruction manual for its biometric keyboard: "The fingerprint reader is not a security feature and is intended to be used for convenience only. It should not be used to access corporate networks or to protect sensitive data."
The privacy problems with fingerprints aren't as great as they seem because most biometric templates don't try to store an entire fingerprint. Instead, they keep track only of minutiae points, the locations on a print where different ridges cross, twist, or end. A typical fingerprint contains more than 100 such points, but most authentication systems only record 20 or less, so a fingerprint can't be reconstructed from a biometric template.
However, this doesn't mean there are no privacy risks. If the fingerprint scanner doesn't produce the minutiae points itself, a scan of the actual fingerprint will be transferred to a PC. Even if it does map the minutiae points itself, the points themselves could be sniffed in transit--and while this won't severely compromise the individual's privacy, it will compromise security.
PRINT OUT
The best way to protect user privacy is to ensure that biometric templates are never transmitted across a network or stored in a central database. This can be done by combining the biometric factor with a hardware device. Instead of sending fingerprints all the way to a server, users authenticate to local hardware, which in turn authenticates to a network using PKI.
The most obvious such hardware to use is the PC itself. To ensure that an attacker can't access either private keys or the biometric template, both can be stored on the TPM, a cryptographic coprocessor that includes some flash memory and a random number generator. All decryption and signing operations take place on the TPM itself, so private keys never leave the chip. Almost all new laptops aimed at the business market now include a TPM as standard, and it's beginning to be offered on many desktops as well.
Fingerprint readers are now following the same trajectory, starting in laptops and spreading to desktops. Fujitsu shipped the first laptop with a fingerprint reader in 2004. Since then it has been joined by most other major manufacturers, including Dell, HP, Sony, and Toshiba. Lenovo, which inherited a biometric ThinkPad from IBM, has also introduced a desktop PC with a fingerprint reader on the keyboard. Most vendors OEM their fingerprint hardware from specialist vendors Zvetco Biometrics and AuthenTec, which also sell standalone USB fingerprint readers so that existing PCs can be upgraded to handle biometrics.
It isn't a coincidence that both TPMs and fingerprint readers started out in laptops. Both are driven primarily by the need to encrypt data in case the laptop is stolen, and vendors see them as a natural fit together. Lenovo even gives potential customers a disclaimer similar to Microsoft's, warning that without a TPM, fingerprint readers are more about convenience than security.
The TPM is soldered permanently into a PC, so it doesn't help authenticate users who need to access a network through multiple machines. These users must carry their private keys and biometric templates on some other piece of hardware, usually a smartcard. To ensure that neither leak out, the NIST recommends that the smartcard itself perform the biometric authentication, using a system known as Match-on-Card.
Match-on-Card is more flexible than the TPM, but it requires that every PC include an integrated smartcard and fingerprint reader. (Two separate readers aren't good enough because this would mean exposing the biometric data to the PC.) The first such hardware was released by Precise Biometrics in December 2005, with Litronic planning to release a version early this year.
One risk with Match-on-Card is that if a card is stolen, a skilled hacker might be able to make it reveal its private keys without the correct fingerprint, or perhaps substitute the stored fingerprint template with someone else's. The other drawback is that smartcards have a relatively limited processing and memory capability, so the biometric match is likely to be less accurate than one performed on a PC.
FINGERS CROSSED
The biometrics industry got a big boost in December when the Federal Financial Institutions Examination Council (FFIEC) issued new rules requiring all online banks to use multifactor authentication by 2007. However, this doesn't mean your bank's Web site is going to start asking for a fingerprint anytime soon. After all, HIPAA mandates two-factor authentication for sensitive health records, and that hasn't led to widespread adoption of biometrics--or any strong authentication techniques for that matter.
"The health insurance legal system quickly decided that a username and password were two factors," complains Ravi Ganesan, CEO of TriCipher, which sells real two-factor authentication. "Regulatory compliance and security sometimes intersect, but they're separate."
The FFIEC was careful to make sure that banks don't have the same loophole as health insurers, but others may exist. A cookie stored in a user's Web browser can count as a second factor, provided it gets there through some method other than the user entering their regular username and password. For example, a customer could call the bank to get a one-time password to set the cookie, though the process would have to be repeated whenever the user clears the browser's cache.
Banks that want more security than cookies still have other options before they get to biometrics (see "Two-Factor Authentication On the Web" left). The same goes for IT departments. Smartcards and tokens have the advantage of being well-understood, and both are widely supported by major security vendors--most of whom haven't yet shown much interest in fingerprints or other biometrics. VeriSign has rejected them and actively competes against biometrics with its USB tokens. RSA Security has a similar strategy, though has formed an alliance with Precise to support customers who want to use both tokens and fingerprints simultaneously.
SECURING THE SNEAKERNET
Though PCs are only now beginning to incorporate fingerprint readers, portable storage devices have had them for much longer. It's easy to see why: A USB flash drive is extremely easy to lose, yet can easily store all of a medium-sized business's trade secrets and private customer data.
Sony shipped the first flash drive with a built-in fingerprint reader more than five years ago, when USB storage was still fairly unusual. Since then it's been joined by numerous other vendors, and biometric drives have become a commodity. Typically costing about $50 more than a similarly sized USB drive without biometrics, most can store prints from 10 different fingers and have the option of requiring a password in addition to (or instead of) a fingerprint.
As with ordinary flash drives, capacities are increasing all the time. The largest so far is a 4GB model from Memory Experts, with most vendors scaling from 128MB to 2GB. For users who need to carry more data, LaCie and Kanguru Solutions also sell portable hard drives with built-in fingerprint readers in capacities of up to 120GB and 400GB, respectively. From the PC's perspective, these work in the same way as flash drives, connecting and drawing power from the USB port. They can be divided into secure and insecure partitions, allowing access to non-sensitive data without authentication.
Unlike standalone biometric keyboards, biometric flash and hard drives do serve a useful security function. Even the cheapest consumer model will prevent a technologically challenged thief from accessing data on a stolen drive. However, not all of them actually encrypt stored data, so the level of security provided differs.
For example, LaCie sells two versions of its biometric hard disk. One simply uses the fingerprint for access control, so a computer forensics expert willing to dismantle the drive could read its contents without having the correct fingerprint. The other version encrypts all data using a fingerprint-derived AES key, making it much more difficult to hack. It's not completely secure because someone might find a way to extract the key, but the same applies to a smartcard, a TPM, or any other device when an attacker has physical possession.
The other caveat is that most fingerprint-secured storage devices are useful only for securing data in transit; they aren't meant to serve as a replacement for network authentication tokens. Although biometric templates and AES keys don't leave the drive, any data stored has to when it's accessed. Even most drives that include AES hardware only use it for encrypting stored data, not for network challenges and responses. So if the drive contains passwords or private keys, these must be decrypted and transferred to a PC for processing, during which time they're vulnerable to spyware.
The exception is Sony's Fingerprint Identity Unit (FIU) series of flash drives, which is based on smartcard-derived hardware and includes most of the same PKI functions. Like a smartcard or TPM, it can generate random RSA key pairs, with the private key never leaving the drive. This should be as secure as a TPM-based laptop or a Match-on-Card architecture, but with the advantage that it can work on any PC with a USB slot. The biggest problem is that it means trusting security to a company that has admitted to installing a rootkit on millions of its customers' PCs.
BIOMETRIC LOCK-IN
The other drawback of all fingerprint-based authentication systems is a lack of interoperability. Match-on-Card at present requires cards, readers, and back-end software made by Precise or one of its licensees, and competitors that copy the architecture will be similarly proprietary. Likewise, Sony's FIU line requires Sony software.
The TPM is actually a standard, so it could act as an interoperability layer. Every PC manufacturer uses its own custom hardware and software on the client, but the link between the TPM and the network or server can be standardized. However, the standard still isn't supported widely, and no OS recognizes it natively. Networks whose PCs aren't all from the same vendor will need third-party TPM authentication software, which so far is only available from Wave Systems.
Standards will evolve over the next few years, and the TPM will get support from Windows Vista late this year. But in one sense, complaints about a lack of standards show that fingerprint authentication is making real progress. It demonstrates that unlike other biometrics, the technology is real and has reached the stage where interoperability becomes an issue.
The Password as a Biometric Factor
Back in the 1940s, wartime Morse code operators realized they were listening to more than just dots and dashes. Even though they lacked a voice link and didn't even know what the encrypted messages they were transferring meant, they were able to identify each other with almost perfect accuracy. This was because each operator tapped the transmit button with a unique rhythm that was almost impossible for others to imitate.
Forty years later, Stanford researchers realized the same phenomenon could be applied to any keyboard. In fact, classical music listeners already do it subconsciously when they distinguish one concert pianist from another. And it isn't just Morse code operators and classical pianists: Everyone who uses a computer or phone has a unique method of typing or dialing that can serve as a biometric factor. The Stanford group filed a patent on its use in an authentication system, but that patent expires this month.
The technology is already being commercialized by BioPassword, a start-up targeting both Windows PCs and Web-based applications. The company sells software that measures the time between keystrokes as a person enters a username and password, essentially turning that username and password into a biometric factor.
BOARDING PASS
This system has two great advantages over other biometric systems. The obvious one is that it requires no special hardware, or even user awareness. People just enter a password. Less obviously, the biometric factor depends on both the person and the password, so there are no privacy risks. Unlike a fingerprint, it can easily be changed if someone does manage to intercept it or hack into the biometric store.
There are some drawbacks, however. The system is vulnerable to hardware keyboard sniffers, which can intercept the times between keystrokes just as well as the password itself. And although users don't have to carry around an extra device or give up personal information, they do experience some inconvenience.
To ensure an accurate reading, users need to type their password 10 times whenever they change it--and they must repeat the process if they plan to access the system through more than one type of device. BioPassword says people have similar enough typing patterns for the same template to work on a cramped laptop as on an ergonomic workstation, but not a smartphone or a BlackBerry, even one with a Qwerty layout.
BioPassword is already shipping software for Windows PCs that integrates with both XP's own login screen and Active Directory. The company plans to have one for Web-based applications in March and says it's talking to several financial institutions. These firms like the software because it's still password-based, but qualifies as two factors under the new FFIEC rules for online transactions.
Keystroke timing is a better fit for the Web compared to physical biometrics, but it's still not ideal. Web browsers don't normally measure time between keystrokes, so users must install a plug-in. BioPassword currently gives people a choice of ActiveX or Flash, though it may offer Java or JavaScript in the future.
Plug-ins and the need for actual key presses prevent surfers from using copy and paste or the password-caching tools built into most browsers. This might seem useful from a security perspective, but can have unintended consequences. If a lot of sites adopt it, people will likely choose very weak passwords or use the same one for every site.
Wave Employment.
Don't know if this was posted: Wave published a large Help Wanted in the local paper Sunday. They are seeking an experienced accountant. The positions reports to the VP of accounting. Interviewing will begin August 29, 2006.
Resposible for:
Monthly financial closing and quarterly financial closing for both the parent company and its subsidiary.
Preparation of the internal financial statements.
General ledger reconciliations.
Completing schedules and analyses for both the 10Q and the 10K.
Assist in the audit process with our independent auditors.
Maintaining the fixed asset subsidiary systems.
Systems' implementations/upgrades as necessary.
Preparation of the corporate annual budget.
Sales and use tax returns.
Bank reconciliations.
Special projects as assigned.