<http://www.eweek.com/print_article/0,1761,a=138221,00.asp> EWeek 'Palladium' Echoes in New Handheld Security Spec October 27, 2004 By Mark Hachman Intel, IBM and NTT DoCoMo have released a specification to create a "trusted mobile platform," which appears to take the foundation of Microsoft's own trust initiative, "Palladium," into the mobile space. The three companies placed the Trusted Mobile Platform specification on the Internet for public review. An executive at Santa Clara, Calif.-based Intel said the company hopes to have TMP products on the market by 2005, although the timing will be heavily dependent on OEM participation. ADVERTISEMENT The problem is that, as of now, the TMP group does not include a participating handset OEM, an operating-system manufacturer, a radio-component manufacturer, an application provider or a manufacturer of the trusted platform module (TPM) components that will be used to secure the platform. The lack of these elements led one analyst to state that the triumvirate will need many more players to achieve the critical mass it will need to move forward. But things move quickly in the mobile space, other analysts said, and even an aggressive 2005 launch date might not be out of reach. The goal is to provide a means of "trust" inside a mobile platform, similar to the "Palladium" initiative Microsoft Corp. began floating in 2002 and later referred to as the Next Generation Secure Computing Base. NGSCB is supposed to be a feature of Longhorn, Microsoft's next-generation OS. In May, Microsoft said it would tweak the Palladium architecture to make it simpler for developers to produce compatible applications. Like Palladium, the TMP initiative is designed to secure mobile commerce and protect the system from viruses and/or worms designed to modify the internal code. Intel's contributions are as a chip provider, while DoCoMo contributed the "key usage scenarios" that guided the research into creating the specification, said Jeff Krisa, director of marketing for Intel's cellular handheld group. Next Page: A lack of support from key vendors. Intel has already placed some elements of the TMP within its "Bulverde" wireless applications processor, known as the PXA27X family, Krisa said. "The level of digital rights management will be implemented on the software level within the middleware, and will procedurally determine what you can pass forward and save on the handset as well," Krisa said, adding that it will be managed by IBM's WebSphere team. IBM contributed software "expertise," June Namioka, a spokeswoman for IBM's Asia-Pacific headquarters in Tokyo, said in an interview. Intel's Krisa said work focused on some of the higher-end software protocols used by the technology. One analyst called IBM's involvement significant. "Enterprise wireless apps are more of a concern for the average IT manager than for the average consumer," said Julie Ask, a wireless analyst with Jupitermedia Corp.'s JupiterResearch division. "The risk isn't so much in bringing down my phone, it's hacking into my system or making sure the workers on the factory floor can't talk to one another, which could be disastrous." However, the initiative currently lacks the support of a number of other key vendors. For his part, Krisa said the 2005 launch date is "highly dependent on other members, middleware ecosystem and OS vendors." A representative from Symbian, a U.K.-based provider of embedded OSes, did not return a call for comment. Although both the hardware and software specifications were released Wednesday, the software document indicates that it was authored June 23. Analyst reaction was mixed. "Without having details, I see this '05 thing as questionable," said Neil Strother, senior analyst with In-Stat/MDR in Phoenix. "Even if they move quickly, I'm skeptical." If you want to build trust in the trust model, "you have to get the banking guys on board," he said. Cliff Raskind, director of wireless enterprise strategies at Boston-based Strategy Analytics, said his first impression was that the triumvirate didn't have the clout that a trio of Microsoft, Intel and Cisco Systems Inc. might have in trying to establish standards for the Wi-Fi space. Wireless, by contrast, encompasses too many players. "You need buy-in across the board," he said. Click here to learn what vendors were plugging at this week's CTIA Wireless show. On the other hand, the life cycle for phones has shrunk to between six and eight months, forcing handset makers and carriers alike to implement new technology quickly or risk losing market share, analysts said. In a recent executive study, JupiterResearch found that 30 percent of the respondents cited poor device security as their chief barriers to adopting new wireless devices. Thirty-one percent cited poor network security. "Things do move quickly in the mobile space, and Intel is very serious in growing its communications business and putting in the marketing dollars to do so," JupiterResearch's Ask said. "When you announce with a carrier, that's good," Ask added. "I'm not sure if it's going to turn into a North American thing, though, versus a Japanese one." Asian carriers are usually on the leading edge of OS and technology advances, she said. Other analysts pointed out that NTT DoCoMo is a major player only in the GSM space, and a European and American carrier would need to sign on. None of the analysts reached for comment said they had been briefed on the TMP technology, which they found unusual. The TMP initiative creates a "boundary of trust" around some of the central components within the handheld system. The system initially boots from a trusted OS stored on a secure ROM, and through the applications processor that's checked against the Trusted Platform Module, or TPM. Data stored on removable devices such as flash cards must be securely encrypted, and the specification also lists the SIM card, used to identify the phone to the carrier, as a trusted device that can authenticate the user. Intel's Krisa said the Trusted Computing Group, which oversees the TPM specifications, will have to come up with a derivative designed for mobile handsets to minimize the platform's power consumption. -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'