InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
AI Subscribe Login/Register account icon
S&P 500
5,903.20
(
0.16%
)
US TECH 100
20,064.78
(
0.32%
)
Dow Jones
43,269.12
(
-0.28%
)
Brent Oil
72.97
(
0.04%
)
Bitcoin
92,654.33
(
2.33%
)

Replies to post #162405 on Wave Systems Corp. (fka WAVXQ)

Replies to #162405 on Wave Systems Corp. (fka WAVXQ)
icon url

New Wave

04/08/08 4:35 PM

#162425 RE: Fullmoon #162405

Fullmoon, thanks for posting the Microsoft piece on their "End to End" trust vision based on a comprehensive "trusted stack." Note the following passage regarding Microsoft's outline of a trusted stack, and how this could impact Wave's core TPM management, endpoint integrity and data protection services.

Microsoft outlines the components of a trusted stack:

Because all software operates in an environment defined by hardware, it is critical to root trust in hardware. Today, many computers come with a Trusted Platform Module (TPM), a technology that will expand and enter new form factors…The operating system must be verifiable based upon keys stored in the hardware (e.g., “trusted boot”). This allows the device to claim that the operating system has not been tampered with to bad effect…Computers were, of course, designed to run code, without concern about its authorship or the intent of that author. Today there are multiple ways to help protect people from software vulnerabilities and malicious code. To protect users from vulnerabilities, code can be rewritten in safer languages, checked with analytic tools, compiled with compilers that reduce vulnerabilities (e.g., buffer overruns) and sandboxed when executed…A safer Internet needs to support the option of identities based directly or derivatively upon in-person proofing, thus enabling the issuance of credentials that do not depend upon the possession of a shared secret by the person whose identity or identity attribute is being verified. To some extent, government activities and markets themselves are driving in-person-proofing regimes…Applications should incorporate seamless mechanisms for applying signatures to their outputs, and read signatures before opening documents, so that data origin and data integrity can be easily checked….An audit trail is a record of a sequence of events from which a history may be reconstructed. An audit log is a set of data collected over a period of time for a specific component. A series of audit logs can be studied to determine a pattern of system usage that, over time, can be used to highlight aberrant behavior such as criminal activity or the existence of malware. Audit data is also necessary to roll back suspicious or harmful transactions.