Security threats Toolkit

IBM looks to hardwired DRM

Tags:
Trusted Computing,
Encryption,
Secure Blue,
DRM

Joris Evers CNET News

Published: 10 Apr 2006 08:45 BST

Researchers at IBM have come up with a way to hard wire encryption technology into a processor, promising a more secure way to store data.

IBM plans to announce availability of the new technology, dubbed Secure Blue, on Monday. The company envisions its idea and technology will be used in digital media players, electronic organisers, mobile phones, computers and devices used by the government, medical, and financial services industry.

With Secure Blue, data is encrypted and decrypted as it runs through processor, according to IBM. It is maintained encrypted in the device's RAM. One of the few times data would not be scrambled is when it is actually displayed.

"There is a lot of concern about leakage of data," Charles Palmer, a manager for security and privacy at IBM, said in an interview. "If you have an architecture where that information is always encrypted, you go a long way to protect your data."

Secure Blue requires a few circuits to be added to a processor, taking up a few percent of the overall silicon real estate, according to IBM. The encryption and decryption happens on the fly, without any processor overhead, the company said.

The hard-wired security technology can be used for multiple purposes, not all of which necessarily serve the device owner. It can protect a user's data when his computer or device is lost, stolen or hacked, for example. But content owners can also use it for enforcement of copyrights, called digital rights management, which critics have called a scourge to user freedom.

"This is a technology that can solve a lot of problems," Palmer said. "It can be used for DRM, it can be used for systems management, and it can be used for protecting my information on the BlackBerry." The future will tell what it will be used for, IBM on Monday is only announcing availability of the technology, he added.

The idea of hardware-based security is not new. Millions of laptops already contain a chip called a Trusted Platform Module, or TPM, which offers protected storage of encryption keys, passwords and digital certificates. The idea of the TPM is also coming to servers and mobile phones.

"The TPM is a step in the right direction," Palmer said. "But it is not a bulk encryption device and it would probably melt if you try to us it for an encrypted-anywhere capability."

IBM has built a prototype of Secure Blue using its own PowerPC processor technology. However, the system will work with any processor design, including those used in PCs from Intel and AMD. IBM has not had discussions with Intel and AMD on including Secure Blue in their processors.