New group aims at universal security
Published: 09 Apr 2003 12:00 BST
The Trusted Computing Group (TCG), announced on Tuesday, will license and market security hardware and software technology that they intend to be integrated into every computing platform, from PCs and PDAs to mobile phones.
The TCG's founders, including Microsoft and some if its key partners, were formerly members of the Trusted Computer Platform Alliance (TCPA), and are planning to adopt the TCPA's current specifications. Besides former TCPA members, the new group includes consumer electronics companies such as Nokia and Sony.
"The TCPA organisation as a whole is going away," said Jim Ward, director of the Trusted Computing Group and an IBM employee. The TCG is a more formal group with licensing policy, a marketing budget, and a mission to push the trusted computing technology into a variety of devices. "As we go into the broader device categories," Ward said, "one of the key messages of the organisation is that we have this common building block that can be used in different devices."
The new group adds marketing polish to the largely standards and development-oriented TCPA. The specifications created by that group will form the core of the Trusted Computing Group. In addition, the group has created new licensing terms, a logo program and has broadened the types of devices and applications for which the technology will be promoted.
The five founding members are AMD, Hewlett-Packard, IBM, Intel and Microsoft. Ten other companies, including Nokia, Phoenix Technologies and Sony, have already joined.
The formation of the new group signals the start of a big push to put hardware-based security into a host of consumer and corporate devices. Security has become a much-marketed feature of the next-generation chips and hardware coming onto the market.
Among the many forthcoming technologies are Intel's LaGrande, chipmaker Via Technologies' Padlock, Phoenix Technologies' Core Managed Environment and Transmeta's next Crusoe chip.
Privacy worries
However, the movement has prompted concerns by some privacy and digital rights advocates.
Some Hollywood movie houses have been pressing for legislation that would require similar security measures in all devices that handle digital content.
While the Trusted Computing Group's initiatives would seemingly fit that bill, the promoters denied that appeasing Hollywood is a goal of the group.
"There is no intent to use these devices for Hollywood content," said Steve Heil, technical evangelist for Microsoft's Trusted Platform Technology and Infrastructure Group. "The intent is recognition that security on a platform can only get so-good with software-only solutions."
In addition, the various technologies -- especially Microsoft's hardware-software combination formerly known as Palladium and the Trusted Computing Group's predecessor, the TCPA -- have become the centre of a controversy over whether the modifications will erode consumer privacy.
Chipmaker AMD said that addressing privacy concerns will be a top priority for the new group.
"All of us are highly sensitised to this issue and have emphasised that these concerns must be addressed," said Geoffrey Strongin, platform security architect for AMD. Strongin argued that, far from undermining privacy, hardware-based security will improve user protections. "What we are doing here is a tremendous enhancement to privacy. Without adequate security, privacy protection is impossible."
The new security technology consists of two parts: a hardware component with hardwired encryption functions and memory, and a software component that curtains off memory and requires keys kept in the hardware to unlock certain data.
Who's in charge?
Despite the concerns, the new group seems set to push forward, said Roger Kay, director of client computing for market researcher IDC.
While the Trusted Computing Group expands the types of devices that might include the technology, adds a marketing budget for the group and institutes licensing terms, the real improvement may be in governance, he said.
"They used to have something like a security council for governance, where anyone could veto," he said, adding that the new group will have a board that makes decisions on a two-thirds majority basis, and that should make decisions happen more quickly. "It's about the big guys saying, 'Look, enough of this posturing. We need to look forward.'"
For Intel, the group is its third attempt at pursuing a trusted computer platform. Privacy worries stymied the hardware maker's first attempt: the processor ID. After backing down from making the ID by default, Intel continued to manufacture chips with the feature disabled. Later, the company teamed with Microsoft and IBM to create the Trusted Computing Platform Alliance. Now, the company has left the TCPA in favour of the new Trusted Computing Group.
The PC hardware giant's latest security technology, "LaGrande," will be introduced in the second half of the year.
The group will charge $50,000 (£32,136) for new "promoters" who will be part of the decision-making body. Contributors who can participate in the working groups will be charged $15,000, and adopters who use the technology will have to pay $7,500.
Phoenix, a contributor, has already started building on the work of the Trusted Computing Platform Alliance with its Core Managed Environment software that it intends to build into the Basic Input Output Software (BIOS).
In addition to Phoenix, the other initial contributors are Atmel, Infineon, National Semiconductor, Nokia, Philips, Sony, ST Microelectronics, VeriSign and Wave Systems.
CNET News.com's Michael Kanellos contributed to this report.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
88 out of 181 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
