Chip-Based Security Finds New IT Niches

As seen in Microsoft Vista, Trusted Platform Modules are poised to become ubiquitous in PCs, servers and even cell phones.

Once purely a business desktop feature, Trusted Platform Modules are on the verge of a population explosion which will see them proliferate inside consumer PCs, servers and possibly even cell phones over the next few years.

The chips, which serve as tiny lockboxes that store passwords or encryption keys in hardware and thus make PCs harder to hack, have been available in business-oriented desktops and notebooks since IBM Corp. first rolled them out in 1999.

Now, a series of developments have created the right climate for TPM to proliferate, observers say.

These include the creation of open TPM (Trusted Platform Module) specifications that helped lower module costs and foster greater software development; Microsoft Corp.s decision to rely on TPM modules for security in its Windows Vista operating system; and businesses and consumers growing concerns about data security.

/zimages/4/28571.gifClick here to read more about Microsofts latest security strategy.

"Everybody faces security challenges today, whether youre a corporation or an end user trying to buy off of eBay," said William Deihl, vice president of product marketing at Gateway Inc.

Deihl said that the marketplace has reached an "inflection point of awareness, having the right standards in place—the TPM 1.2 specification addresses some of them—and cost … We are on the verge of this really exploding over the next couple of years."

Earlier this week, Gateway, of Irvine, Calif., became the latest PC maker to offer business desktops and notebooks with TPMs installed. Dell Inc. and Hewlett-Packard Co., the worlds largest PC makers; Lenovo Group LTD, which acquired IBMs PC arm earlier this year; and Fujitsu-Siemens LTD and Toshiba Corp. all offer TPM-equipped PCs as well.

Thanks in part to this broad adoption among PC makers, TPM shipments will jump from around 20 million units in 2005 to over 250 million by 2010, one recent forecast by International Data Corp. of Framingham, Mass. predicted.

"The reason the TPM is important is that its an agreed-upon universal standard thats going to be adopted by the industry," said Roger Kay, president of Endpoint Technologies Associates Inc. Kay authored the IDC study before founding Endpoint.

And in the future, TPMs wont only come in PCs. The modules have begun spreading to servers, where theyll be used to help secure logins, encrypt data and even protect individual transactions, said Brian Berger, chairman of the Trusted Computing Groups marketing workgroup.

The 115-member TCG (Trusted Computing Group) is responsible for setting TPM standards for the computer industry. The group released a specification for TPMs in servers about a month ago.

/zimages/4/28571.gifClick here to read the story behind the Trusted Computing Group.

The TPM server specification "starts to do some pretty interesting things around protecting data on servers or accessing servers," Berger said. When added to a machine, a TPM "will become root of trust for that server."

IBM has already begun shipping TPMs inside its xSeries 366 and xSeries 460 server models, which offer Intel processors and IBMs own chip set, an IBM spokesperson said.

Other manufacturers, including Gateway, arent likely to be far behind. Customers "can fully expect us to go down that path in the future," Deihl said.

TPM modules have also reached the PC component level, where they are being used to help encrypt hard drives, Berger said.

The TCG is also crafting specifications for TPM modules that can be inserted into handheld devices, such as cellular phones, and computer peripherals.

The specifications, which are separate, would help secure phones accessing corporate networks or possibly participating in e-commerce. Separately, the peripheral specification could help in securing inputs from devices such as keyboards, Berger said.

The TCG has also released software-based specifications, including one for TPM-assisted network security, called Trusted Network Connect.

The specification will help determine the type of computer thats attempting to access a network, its software, and whether or not it might harbor a virus.

"That adds a tremendous amount of value for IT" staff, Berger said.

Several companies are working with the specification now to create products such as firewalls.

Next Page: What TPMs can offer consumers.