IBM Looks to Secure More Than Data

Global Movement Management will aim to secure not just information, but also people, goods, conveyances and money.

IBMs soon-to-be unveiled GMM (Global Movement Management) supply-chain security framework will introduce a multi-engine backbone security architecture, to be known as GMSA (Global Movement Security Architecture), geared to handling everything from certifying people, data and product shipments to managing "enforcement and alerts."

First mentioned publicly last month, during a press conference held to announce IBM Corp.s Intelligent Trade Lane supply-chain initiative, GMM will aim to secure not just information, but other "key flows," such as people, goods, conveyances and money, within a set of targeted vertical markets.

But a recent white paper, made available to Ziff Davis Internet News by IBM, spells out GMM in greater detail. According to the IBM document, data about these five "key flows" will pass through a GMSA system architecture containing software engines for tracking; analysis; enforcement and alerts; CRM (customer relationship management); and clearance.

/zimages/3/28571.gifClick here to read more about IBM donating development assets to Eclipse.

Since last month, IBM has also released more information about Intelligent Trade Lane, the initial implementation of GMM. Intelligent Trade Lane will use IBMs Java-enabled JCOP (JavaCard OpenPlatform) software for embedded security, according to an IBM spokesperson.

Slated for initial pilot testing in November, Intelligent Trade Lane is a joint initiative with ocean shipper Maersk Logistics designed to offer supply-chain efficiencies as well as better security to customers shipping products internationally.

The new technology combines tamper-proof smart cards; wireless sensors for measuring location and temperature; and satellite, cellular, and mesh wireless networks for communications from ocean-bound cargo containers to customers over the epcGlobal network, said IBMs Moegens Roedbro, speaking at a press conference in late September at the Maritime Security Conference in New York.

/zimages/3/99811.jpgThe smart cards and sensors will be housed inside cigar box-sized devices called TRECs (Tamper Resistant Embedded Containers), which will attach to shipping containers, according to Roedbro, a European-based partner and vice president in IBM Business Consulting Services.

An IBM PR representative said later that the TRECS will obtain their tamper resistance from onboard encryption, produced through the use of IBMs JCOP software.

IBMs family of JCOP products includes JCOP Card Software and JCOP Tools, a plug-in to the Eclipse environments built-in JDT (Java Development Tooling), which is designed for development of JavaCard applets. Originally an IBM-founded project, and later spun off as a separate foundation, Eclipse supports team development of interoperable software for the Microsoft Windows, Linux, and Apple Mac OS X operating systems.

Meanwhile, GMM, a much broader initiative than Intelligent Trade Lane, is slated for formal rollout by IBM some time over the next few months, said W. Scott Gould, vice president IBMs Public Sector and Change division, during an interview.

Implementations of GMM and its GMSA architecture will be targeted at vertical markets such as shipping, travel, and finance.

According to IBMs white paper on GMM, the GMSA will come into play when "key flows" cross a system boundary, such as entering through a national border, the posting of a financial transaction, or the loading of a shipping container on to an ocean carrier.

The five "key flows" will first interact with a gateway called the System Entry Tool, which will register objects in the GMSA system, certify them in situations where pre-credentialing is relevant, and replicate and distribute the data inputs as appropriate to other portions of the system.

The data will then be used by interrelated tracking, analytic, and enforcement and alert engines, constituting a distributed network of applications, "running on tens of thousands of computers around the world, but interacting with each other to allow appropriate users a real-time picture of the parts of the system [that] can inform security decisions."

/zimages/3/28571.gifClick here to read more about IBM rolling out new virtualization tools.

Intended to monitor the progress of the key flows and objects in the system, the GMSAs Tracking Engine will include traditional supply chain management tools. Geared mostly to commercial users, it will also be capable of deep integration with existing commercial systems.

The Analytic Engine will use all the data generated by the system to "detect system anomalies" and to give law enforcement officials the information they need to protect the system.

Data from the Analytic Engine can then be used as the basis for activity in the Enforcement and Alert Engine, according to IBM officials.

Law enforcement agencies will be able to use the Enforcement and Alert Engine for communications with "key stakeholders," to monitor suspicious activity, and, where appropriate, to "take targeted steps to halt this activity and trace it to its source."

A System Exit Tool will be implemented to certify that the object "is the same one that entered the system earlier, [to remove] identifiable private data as appropriate, and [to archive] other data where desired or required."

A diagram included in the white paper also depicts a CRM Engine and a Clearance Engine, for communicating with system users such as national, regional and local governments; international organizations; the private sector; and individuals.

The GMMs GMSA architecture will interface to existing systems providing some of this same functionality, but it could also supply "new functionality where legacy systems do not provide the requisite level of security," according to the IBM document.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.