©2003 IDC
#3577
15
T H E T R U S T E D C O M P U T I N G P L A T F O R M A L L I A N C E
E V O L V E S
IBM has put together one of the most comprehensive suites of security products in
the computer industry. Many of the elements evolved from the company's own R&D
and others have been adapted from other firms, such as RSA and Intel. Although IBM
acted unilaterally to design and implement its embedded solution, the design point
has been acknowledged by key players in the industry. The Trusted Computing
Platform Alliance (TCPA), which was inaugurated with IBM, HP, Compaq, Intel, and
Microsoft as founding partners in October 1999, now has more than 190 members,
essentially everybody who's anybody in the PC business. TCPA's position on the
technology is that it wants it to be universal in the computing industry, and IBM is
committed to making its development available via license to anyone who wants one.
More important, though, the success of any security strategy depends on its
comprehensiveness and universality, and it is in IBM's interest that this solution
become as widespread as possible. The platform specification, which has been
agreed upon by the general membership, is now shipping in version 1.1. Atmel,
based in Colorado, was the first manufacturer, and then Infineon, a captive
semiconductor fabricator owned by Siemens, came aboard. The Siemens connection
opens the door for a smart-card implementation of embedded security. Other
manufacturers include STMicroelectronics in Europe and California-based National
Semiconductor. The 1.1 specification is available at
www.trustedpc.org
.
The next revision of the specification, version 1.2, is currently being refined. It is
envisioned as part of an overarching security infrastructure, code named Palladium,
now being created by Microsoft. Palladium, which will incorporate TCPA's work, will
handle a wide variety of content and client security functions, including many — such as
digital rights management for copyrighted material — outside the scope of the TCPA
specification. Version 1.2 will be implemented in conjunction with future processor and
chipset families from Intel and others and will have to wait for Microsoft's Longhorn
generation of operating system, currently scheduled for release in 2004.
C O N C L U S I O N
In a trusted computing environment, the most important thing a participant owns is his
or her private key pair. It proves identity. At the level of data interchange, it can be
used to sign messages and exchange symmetric keys and it forms the basis for
participation in nonrepudiatable ecommerce. At the level of the local client node, it
can be used to uniquely authenticate the owner and store his or her files privately.
The private key must be kept absolutely secure.
A public key pair is open to everyone and need not be secured. Since the symmetric
keys used for bulk message encoding operate only once, the loss of any one key
exposes at most a single message. For these reasons, keys other than the user's
private pair have relatively low security requirements. But it is difficult to stress
sufficiently the importance of keeping a private key secret. And the only way to ensure
that the private key is totally safe is to implement security in embedded hardware.
In an ebusiness world, trust, protection of privacy, and a secure operating
environment are essential. The benefits of the TCPA-embedded security chip are
obvious:
!
Private keys are truly safe from malicious hackers.
!
Multiple secure keys can be generated to facilitate ecommerce with a wide
variety of entities.
In a trusted computing
environment, the
most important thing
a participant owns is
his or her private key
pair. It proves identity.