Security will move farther from the fallible hands of users and closer to the heart of the computer with a deal announced by Intel and Wave Systems. The deal will help bridge the gap between hardware and software protection.
Chip giant Intel will use software from Lee, Massachusetts-based Wave Systems to support a security measure known as the Trusted Platform Module (TPM) in a version of Intel’s desktop motherboards to be released in the fourth quarter, Intel spokesperson Mary Ellin Brooks told TechNewsWorld.
Gartner vice president of research Martin Reynolds said the move marks one of the first uses of the TPM, a smart-card-like hardware feature that is present but rarely used in PCs today.
“It’s not just a chip on the board, now — it’s something that’s useful,” Reynolds said.
Wave makes software that works with security-focused hardware to help users encrypt information and store it in secured areas within their PCs.
Reynolds said that while the TPM concept, pioneered by IBM, is a PC component already being shipped today, the software to support the trustworthy platform is still making its way to market.
“We’re going to see more and more of this as people realize the need for security,” Reynolds said.
According to the terms of the deal, Intel will bundle Wave’s software and services with a version of its desktop motherboards. The move is part of an effort from the Trusted Computing Group — which includes Intel, Microsoft, IBM, Hewlett-Packard and others — to build security into hardware and supporting software.
The group has defined the TPM semiconductor device to serve as a “root of trust” for protected activities on enabled platforms, Wave said in a statement.
“Basically, you need some software to work with the TPM,” Intel’s Brooks said. “For this particular board, the Wave software will be used.”
Gartner’s Reynolds called the approach a mixed hardware and security measure, touting the advantages of putting security into processors rather than into the hands of people.
“It’s a pretty robust way to keep a secret,” Reynolds said. “It’s possible to get pretty good security in the chip itself.”
The difficulty, according to Reynolds, is avoiding password access to any security measure because passwords that humans can remember and use are easily identified.
“With this, you can put security in the TPM and use relatively simple software to bridge to Windows,” Reynolds said. “You don’t have to remember [a password]. The chip, effectively, does it for you.”
For Computing or Copyright?
Wave, which has similar deals with chipmakers Infineon Technologies AG and National Semiconductor, said its software uses TPMs to extend trusted functions within a PC, allowing users to encrypt and decrypt data and secure storage.
However, critics of the trusted-computing movement, which includes Microsoft’s Next Generation Secure Computing Platform, have expressed concerns that it enables and extends Digital Rights Management (DRM) and will result in privacy incursions.
“It boils down to the problem of creating an infrastructure that will track users,” Electronic Privacy Information Center deputy counsel Chris Hoofnagle told TechNewsWorld. “You’re basically creating a lot of transactional activity linked to your identity. We think there’s a great potential for privacy invasion.”
While both companies downplayed privacy concerns, Intel’s Brooks said the deal with Wave centers on desktop motherboards that will be sold to a broad business market through resellers or white-box PC manufacturers.
Reynolds said that while TPM and the security mechanisms it entails might have difficulty penetrating the IT markets because it is both new and difficult to understand, there is an eager audience for trustworthy computing.
“It’s a significant increase in the level of security,” he said. “There are people who realize the need for this and they will buy it.”