Trusted Computing Group trying to be TCPA follow-on [eetimes]
New group aims to secure PCs, PDAs, cell phones By Rick Merritt, EE Times April 8, 2003 (2:20 p.m. EST) URL: http://www.eetimes.com/story/OEG20030408S0046 SAN MATEO, Calif. Fifteen companies announced Tuesday [April 8] they have formed the Trusted Computing Group, an industry initiative to define and promote a specification for security in PCs, servers, PDAs and cellphones. The group essentially reboots the efforts of the now-disbanded PC-centric Trusted Computing Platform Alliance (TCPA), this time including participation from Nokia and consumer electronics companies such as Sony and Philips. The Trusted Computing Group (TCG) expects to release a specification for PC security before the end of the year. A spec for cell phones, however, could be as much as two years away. Founding members of the TCG are carryovers from the earlier 190-member TCPA effort. They include AMD, Hewlett-Packard, IBM, Intel and Microsoft. Contributing members include Atmel, Infineon, National Semiconductor, Nokia, Philips, Phoenix Technologies, Sony, ST Microelectronics, VeriSign and Wave Systems. The TCPA defined a trusted platform module (TPM), a basic device with encryption and secure memory capabilities to oversee PC security. However the TPM 1.1 chips now shipping from companies such as Atmel, Infineon and National Semiconductor have not been widely adopted to date and do not conform to concepts for a secure PC execution mode recently defined by Microsoft under a program it called Palladium. The TCG is defining a specification for a 1.2 version TPM and a software stack that will work with the Palladium architecture Microsoft developed in collaboration with Intel Corp. and Advanced Micro Devices. Microsoft will detail this approach publicly for the first time at the Windows Hardware Engineering Conference in May. Microsoft's implementation, which it now calls the Next Generation Secure Computing Base (NGSCB), will require new logic in several PC components including processors, chip sets, graphics processors and I/O devices. Indeed, the concept for a secure operating mode is so broad Microsoft will devote an entire track at WinHEC about 18 hours of content to describing it. Microsoft has not said, however, when it will ship software that complies with NGSCB. Industry watchers expect that code will appear late next year or early in 2005 in the next major version of Windows, dubbed Longhorn. The security scheme will work in conjunction with processor functions Intel Corp. calls Le Grande Technology and has embedded in its next-generation Pentium processor dubbed Prescott, expected to ship later this year. AMD will also support the PC security concepts in its processors though it has not indicated when. The TPM 1.2 modules will include a new session encryption interface and secure state counters that prevent replay security attacks, said Stephen Heil, a technical evangelist for security at Microsoft. The TCG has separate working groups defining those modules, a security software stack and particular needs for both servers and PDAs. The TCG is about to launch a working group to define a specification for secure cellphones, an effort that could take 18 to 24 months. Nokia is expected to be a key contributor to that group in addition to other members still being recruited by the TCG. I would expect to see our membership broaden to include many of the players required for that effort, said Geoffrey Strongin, a security specialist at AMD. Jim Ward, chair of TCG and a security specialist with IBM, said the group would like to create other specifications for platforms such as set-top boxes and video game consoles though no active efforts are currently underway. We are looking to develop a broad specification that can be used by a broad set of products, he said. The industry is coming together, said John Hull, director of marketing for advanced PC products at National Semiconductor. We are thoroughly convinced that the future of the PC rests on three legs: networking, security and manageability. You will have to have all three to play in PCs going forward, he added. Hull said he expects TPM module makers will update their products to comply with the new security spec when Prescott processors roll out this fall. Further in the future, the modules could be integrated into existing PC components such as SuperI/O parts that provide legacy support for serial, parallel, keyboard and floppy controllers. IBM is about the only company in production with systems using the [standalone] TPM 1.1 devices as far as I know, said Hull. Ward said IBM has shipped millions of TPM devices in its PC systems. An HP spokesman said the company has not yet shipped systems with the modules which typically cost about $5. We have to increase the rate of adoption. That's why integration with Super I/O makes a lot of sense. We think this will be a checkbox item going forward, Hull added. As a legally incorporated group, the TCG will enforce reasonable and non-discriminatory licensing of any intellectual property in the spec and define a mechanism to certify compliance to it. The group is also expected to take a more pro-active approach than its predecessor to addressing controversial issues about privacy and digital rights raised by the PC security effort. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Wed, Apr 09, 2003 at 11:38:36AM -0700, Bill Stewart wrote: | The group essentially reboots the efforts of the now-disbanded PC-centric | Trusted Computing Platform Alliance (TCPA), this time including | participation from Nokia and consumer electronics companies such as Sony | and Philips. You'd think that, in light of the economy and all, the folks involved in such long, failed efforts would be let go. I wonder who's got who by the short and curlies? I'm sure JYA would be happy to get brown paper envelopes stuffed with truth. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 9:57 PM -0400 4/9/03, Adam Shostack wrote:
You'd think that, in light of the economy and all, the folks involved in such long, failed efforts would be let go.
Indeed. These Wave-oids have been at this book-entry-to-the-screen-buffer world-domination nonsense since before Adam, or at least I :-), was a cypherpunk: <http://www.phuber.com/huber/forbes/101893.html>. They've been delisted and re-listed so many times it's a wonder that their shorts don't have carpal tunnel in their sell-button fingers... One can imagine all these financial-crypto-clueless idiots standing around in their silver-lame Nehru-suits with their pinkies at the corners of their mouths. Of course, as a famous basketball-player-turned-senator said once, "It's bad luck to be behind at the end of the game." And so, boys and girls, the game of geek-versus-Fed continues apace... Cheers, RAH -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPpXEpMPxH8jf3ohaEQImDwCfSHKU8IIUZ+nxJr5gEkEcInZEIPwAoJ9z ZyW48FHbcNi1fBHxcmhqINMc =XoAH -----END PGP SIGNATURE----- -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
On Thu, Apr 10, 2003 at 03:24:05PM -0400, R. A. Hettinga wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
At 9:57 PM -0400 4/9/03, Adam Shostack wrote:
You'd think that, in light of the economy and all, the folks involved in such long, failed efforts would be let go.
Indeed.
These Wave-oids have been at this book-entry-to-the-screen-buffer world-domination nonsense since before Adam, or at least I :-), was a cypherpunk: <http://www.phuber.com/huber/forbes/101893.html>. They've been delisted and re-listed so many times it's a wonder that their shorts don't have carpal tunnel in their sell-button fingers...
Wave'a a bit player in TCPA, just hoping to get a few crumbs from the big boys. It's Microsoft and Intel and Compaq/HP who're dictating the action. Eric --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (4)
-
Adam Shostack
-
Bill Stewart
-
Eric Murray
-
R. A. Hettinga