HP has info on its new crypto stuff on the web now: <http://www.hp.com/go/security> and <http://www.hp.com/go/icf>. It's apparently a crypto coprocessor embedded in a board or chip which looks for a "policy token" (which is software/data, delivered via network or smartcard) which is doled out by local "policy servers", "developed and managed in conformance with national policy". Sounds to me like they want to be able to turn off strong crypto the way they can turn off high-detail GPS during politically/militarily sensitive events. As the press release notes, "ICF is designed to run any current or future cryptographic algorithms. Algorithms for key recovery also can be used. "Keys" are strings of computer code that lock and unlock data. Key recovery is a method that allows users to unscramble encrypted data if they lose their keys. Users can decide whether to use key recovery, based on personal needs or domestic -- or foreign -- government regulations. ICF cryptographic units, which can support keys of any length, are exportable because they are disabled until a Policy Activation Token activates them again. Policy Activation Tokens can be either a downloadable software module or a smart card. Policy Activation Tokens trigger particular algorithms for specific applications, based on needs. Additionally, ICF adapts easily to current government encryption policies, new encryption algorithms and changing key-recovery schemes. Customers who use ICF-based products are offered long-term investment protection, with rapid flexibility to meet changing needs." ICF is "International Cryptography Framework". The press release includes quotes from US and French government officials indicating that the new system will meet their needs. -- Greg Broiles | US crypto export control policy in a nutshell: gbroiles@netbox.com | http://www.io.com/~gbroiles | Export jobs, not crypto. |