Wave Systems Corp. (fka WAVXQ)

[barge]

Just released re: Legrand, Intel: S. Sprague/WAVE heavily quoted.
See the bolded sections of bottom half of article.

http://www.eetuk.com/tech/news/OEG20030915S0025

LeGrand boost for trusted-PC effort


By Rick Merritt

EE Times
15 September 2003 (5:31 p.m. GMT)


San Jose, Calif. - Intel Corp. will advance an ambitious systems security effort this week when it discloses the first details of the so-called LeGrand technology that's built into Prescott, its next-generation Pentium. The disclosure comes as IBM, Hewlett-Packard and Nokia lay the groundwork for using the technology in their own PCs and handsets.

The trusted-computing initiative involves changes in a broad set of chips and software that probably won't all come together until sometime in 2005. Momentum is slowly building, however, and success could eventually put competitive pressure on companies that are not now participating, such as Apple Computer, PalmOne and Sun Microsystems.




Nokia is chairing a new handset working group within the ad hoc Trusted Computing Group (TCG) that is setting standards for the PC-centric initiative. The company is expected to make its first concept demo of how the security scheme would work on a cell phone at the Cellular Telecommunications and Internet Association conference in Las Vegas in October.

Intel will demonstrate its LeGrand technology for PCs for the first time at the Intel Developer Forum here this week and will also conduct developer classes on how to use the protected security mode.

However, the scheme also requires a redesign of a current TCG-defined hardware security chip; specially modified PC chip sets, and graphics and keyboard controllers; and secure operating-system features that Microsoft has said it will build into the next generation of Windows, dubbed Longhorn.

"I think the hardware will all line up at the end of next fall, and then it's a matter of waiting for Longhorn. I think that will come in 2005," said Martin Reynolds, a senior analyst with Dataquest (San Jose).

Using today's version 1.1 trusted-platform module (TPM) chips and special software, PCs can store hardware-protected certificates based on hashing algorithms tied to a PC that allow users to sign on to Internet services securely and anonymously. When all the components come together, systems could also handle bulk content decryption and other functions for trusted applications in a protected execution mode with protected DRAM and hard-disk memory.

Stephen Sprague, chief executive officer of Wave Systems Corp. (Lee, Mass.), one of the early players in the initiative, said the full-blown features will enable a new generation of trusted service brokers that act as secure clearinghouses for digital content, payments, voting and other services.

"My guess is the market could accommodate a dozen service providers," said Sprague. "Wave's goal is [that] when you lose your laptop you can call our 800 number and get all your credentials renewed."

OEM uptake
IBM Corp. is already shipping more than half its laptop computers with version 1.1 TPM hardware certificate chips from Atmel, said Stacy Cannady, client security product manager at IBM. "We have extensive plans for TPMs in other systems," he said, presumably referring to servers.

Hewlett-Packard Co. launched one business desktop with a TPM 1.1 chip in late May as a trial balloon, seeking user feedback. "We intend to launch new products [with TPM chips], including business notebooks, later this year," said Matt Wagner, a marketing manager for HP. "This is clearly still an emerging technology area."

Intel has also agreed to put a TPM chip on one of its motherboards. In addition, the Trusted Computing Group is said to have queued up four other announcements, due over the next six months, about OEMs using its technology.

"We've been seeing market acceptance in second-tier PC suppliers in the last six months," said Joerg Borchert, vice president of secure mobile solutions for Infineon Technologies North America, which supplies TPM chips to HP.

A 1.2 TPM spec to conform to Micro-soft's Longhorn architecture is expected to be complete by the end of the year, with upgraded chips shipping in the first half of 2004. But "the transition to 1.2 probably doesn't happen until late 2004," said HP's Wagner. "All our product plans depend on the 1.1 spec."

"I don't see the market taking off until Microsoft delivers Longhorn. It will take some time for chip makers to recoup their investment in designing TPMs," said one chip maker who asked not to be named.

Sprague of Wave Systems had initially lobbied for a more complex, programmable TPM chip so that systems could be upgraded once hackers found inevitable holes in the scheme. But OEMs and CPU makers balked at putting a $10 security coprocessor into a PC, favoring today's $2 fixed-function TPMs.

"My expectation is that in a couple of years the market will want a programmable chip. Security has always changed over time. Once it gets hacked you are going to want a program that can be renewed," said Sprague, whose company already sells such a chip. He estimated that a trusted PC will carry only a $20 price premium over a standard model.

If the trusted-computing effort succeeds in fielding more secure PCs and cell phones, it will put pressure on systems makers not participating now, such as Apple, Palm and Sun. "You don't want to be in the place of someone choosing a trusted platform vs. your platform. These things will drive real demand and they will be cheap," said Sprague.

Apple, Palm and Sun, he said, appear to be "in waiting mode to see what kind of traction this has. We will see how good that traction is this fall, and that will motivate them to go get a plan."

The Java community is now building a trusted infrastructure around signed applications, but more may be required to keep pace.

Sin-Yaw Wang, senior director of networking and security for Sun's Solaris operating system, downplayed the threat. "We already make some Intel-based systems, so putting a new chip on them would not be difficult," Wang said. "In a way, the Sparc side of Sun is waiting to see if this [initiative] stabilizes."

Meanwhile Sun is proceeding with its own product plans for 2004. "We are going out with perhaps the most sophisticated and fine-grained privilege model in the industry with Solaris X," said Wang. A preview version of that upcoming OS is said to be with beta testers.