April 8, 2003 1:52 PM PDT
Tech giants put chips on security alliance
Death to the Trusted Computing Platform Alliance, long live the Trusted Computing Group.
A bevy of the biggest computer hardware and software companies, formerly members of the Trusted Computer Platform Alliance (TCPA), announced on Tuesday that they had reconstituted themselves under a new name: the Trusted Computing Group.
The group will license and market security hardware and software technology that they intend to be integrated into every computing platform, from PCs and PDAs to mobile phones.
"The TCPA organizations as a whole...is going away," said Jim Ward, director of the Trusted Computing Group and an IBM employee.
The TCG is a more formal group with licensing policy, a marketing budget, and a mission to push the trusted computing technology into a variety of devices. "As we go into the broader device categories," Ward said, "one of the key messages of the organization is that we have this common building block that can be used in different devices."
The new group adds marketing polish to the largely standards- and development-oriented Trusted Computing Platform Alliance. The specifications created by that group will form the core of the Trusted Computing Group, but in addition, the new group has created reasonable and nondiscriminatory (RAND) licensing terms and a logo program, and it has broadened the types of devices and applications for which the technology will be promoted.
The five founding members, called promoters, are Advanced Micro Devices, Hewlett-Packard, IBM, Intel and Microsoft. Ten other companies, including Nokia, Phoenix Technologies and Sony, have already joined.
The formation of the new group signals the start of a big push to put hardware-based security into a host of consumer and corporate devices. Security has become a much-marketed feature of the next-generation of chips and hardware coming onto the market. Among the many forthcoming technologies are Intel's LaGrande, chipmaker Via Technologies' Padlock, Phoenix Technologies' Core Managed Environment and Transmeta's next Crusoe chip.
However, the movement has prompted concerns by some privacy and digital rights advocates.
Some Hollywood movies houses have been pressing for legislation that would require
Trust or treachery?
Security technologies could
backfire against consumers.
"There is no intent to use these devices for Hollywood content," said Steve Heil, technical evangelist for Microsoft's Trusted Platform Technology and Infrastructure Group. "The intent is recognition that security on a platform can only get so good with software-only solutions."
In addition, the various technologies--especially Microsoft's hardware-software combination formerly known as Palladium and the Trusted Computing Group's predecessor, the TCPA--have become the center of a controversy over whether the modifications will erode consumer privacy.
Chipmaker AMD said that addressing privacy concerns will be a top priority for the new group.
"All of us are highly sensitized to this issue and have emphasized that these concerns must be addressed," said Geoffrey Strongin, platform security architect for AMD. Strongin argued that, far from undermining privacy, hardware-based security will improve user protections. "What we are doing here is a tremendous enhancement to privacy. Without adequate security, privacy protections is impossible."
The new security technology consists of two parts: a hardware component with hardwired encryption functions and memory, and a software component that curtains off memory and requires keys kept in the hardware to unlock certain data.
Who's in charge?
Despite the concerns, the new group seems set to push forward, said Roger Kay, director of client computing for market researcher IDC. While the Trusted Computing Group expands the types of devices that might include the technology, adds a marketing budget for the group and institutes licensing terms, the real improvement may be in governance, he said.
"They used to have something like a security council for governance, where anyone could veto," he said, adding that the new group will have a board that makes decisions on a two-thirds majority basis, and that should make decisions happen more quickly. "It's about the big guys saying, 'Look, enough of this posturing. We need to look forward.'"
CNET White Papers
The PC hardware giant's latest security technology, "LaGrande," will be introduced in the second half of the year.
The group will charge $50,000 for new promoters, who will be part of the decision-making body. Contributors who can participate in the working groups will be charged $15,000, and adopters who use the technology will have to pay $7,500.
Phoenix, a contributor, has already started building on the work of the Trusted Computing Platform Alliance with its Core Managed Environment software that it intends to build into the Basic Input Output Software (BIOS).
In addition to Phoenix, the other initial contributors are Atmel, Infineon, National Semiconductor, Nokia, Philips, Sony, ST Microelectronics, VeriSign and Wave Systems.
CNET News.com's Michael Kanellos contributed to this report.