Once purely a business desktop feature, Trusted Platform Modules are on the verge of a population explosion which will see them proliferate inside consumer PCs, servers and possibly even cell phones over the next few years.
The chips, which serve as tiny lockboxes that store passwords or encryption keys in hardware and thus make PCs harder to hack, have been available in business-oriented desktops and notebooks since IBM Corp. first rolled them out in 1999.
Now, a series of developments have created the right climate for TPM to proliferate, observers say.
These include the creation of open TPM (Trusted Platform Module) specifications that helped lower module costs and foster greater software development; Microsoft Corp.s decision to rely on TPM modules for security in its Windows Vista operating system; and businesses and consumers growing concerns about data security.
“Everybody faces security challenges today, whether youre a corporation or an end user trying to buy off of eBay,” said William Deihl, vice president of product marketing at Gateway Inc.
Deihl said that the marketplace has reached an “inflection point of awareness, having the right standards in place—the TPM 1.2 specification addresses some of them—and cost … We are on the verge of this really exploding over the next couple of years.”
Earlier this week, Gateway, of Irvine, Calif., became the latest PC maker to offer business desktops and notebooks with TPMs installed. Dell Inc. and Hewlett-Packard Co., the worlds largest PC makers; Lenovo Group LTD, which acquired IBMs PC arm earlier this year; and Fujitsu-Siemens LTD and Toshiba Corp. all offer TPM-equipped PCs as well.
Thanks in part to this broad adoption among PC makers, TPM shipments will jump from around 20 million units in 2005 to over 250 million by 2010, one recent forecast by International Data Corp. of Framingham, Mass. predicted.
“The reason the TPM is important is that its an agreed-upon universal standard thats going to be adopted by the industry,” said Roger Kay, president of Endpoint Technologies Associates Inc. Kay authored the IDC study before founding Endpoint.
And in the future, TPMs wont only come in PCs. The modules have begun spreading to servers, where theyll be used to help secure logins, encrypt data and even protect individual transactions, said Brian Berger, chairman of the Trusted Computing Groups marketing workgroup.
The 115-member TCG (Trusted Computing Group) is responsible for setting TPM standards for the computer industry. The group released a specification for TPMs in servers about a month ago.
The TPM server specification “starts to do some pretty interesting things around protecting data on servers or accessing servers,” Berger said. When added to a machine, a TPM “will become root of trust for that server.”
IBM has already begun shipping TPMs inside its xSeries 366 and xSeries 460 server models, which offer Intel processors and IBMs own chip set, an IBM spokesperson said.
Other manufacturers, including Gateway, arent likely to be far behind. Customers “can fully expect us to go down that path in the future,” Deihl said.
TPM modules have also reached the PC component level, where they are being used to help encrypt hard drives, Berger said.
The TCG is also crafting specifications for TPM modules that can be inserted into handheld devices, such as cellular phones, and computer peripherals.
The specifications, which are separate, would help secure phones accessing corporate networks or possibly participating in e-commerce. Separately, the peripheral specification could help in securing inputs from devices such as keyboards, Berger said.
The TCG has also released software-based specifications, including one for TPM-assisted network security, called Trusted Network Connect.
The specification will help determine the type of computer thats attempting to access a network, its software, and whether or not it might harbor a virus.
“That adds a tremendous amount of value for IT” staff, Berger said.
Several companies are working with the specification now to create products such as firewalls.
What TPMs Can Offer
TPMs have only been offered in business PC models to date. However, industry observers predict that they will also migrate to consumer PC models in the near future as module prices come down and software takes better advantage of the technology.
Module costs are indeed coming down, thanks to integration. Although many still come as stand-alone chips, modules are being added to chips used in network interface cards and for other functions, making the modules easier to drop into PCs.
Gateway and HP, for example, use a BroadCom Corp. network card, which incorporates a TPM module following the TCPs TPM 1.2 specification.
Lenovo uses a TPM module thats built into a Super I/O chip from National Semiconductor Inc.
Endpoints Kay predicts that the majority of TPM modules added to PCs will be integrated into other components. Eventually, he said, Intel will likely add a TPM module directly to one of its chip sets, which are the equivalent of a PCs nervous system.
The biggest barrier to fully adopting the modules for groups such as consumers and small businesses wont be cost, however, but ease of use. The ability to interact with TPMs via software must be improved, observers say.
“There will be a time when not only Gateway, but the industry at large starts to integrate this kind of functionality into a consumer platform,” Gateways Deihl said. “But if you look at the software, were not there as an industry.”
Describing todays software as “cryptic at best,” Deihl added that Gateway has been working with third parties to foster easier interfaces. The PC maker plans to bolster its TPM hardware with new software later this year.
But Deihl said he expects that Windows Vistas TPM support will also lend improvements. The forthcoming operating system, due in the third quarter of 2006, will support the use of a TPM chip which supports the TCGs TPM 1.2 specification for functions such as storing encryption keys if one is present in a PC, Microsoft has said.
Windows Vista will also deliver “secure startup” by using a TPM to lock down its hardware and software.
“Having Microsoft do the usual integration of the enabling pieces will help us quite a bit,” Deihl said.
Ease of use is also a top priority among numerous other companies that are working on TPM software. Lenovo, in one example, plans to roll out an easier-to-use software suite for its TPM module in August.
The application, Lenovos Client Security Solution Version 6.0, focuses on making it easier to set up TPM-assisted security, including file encryption, password management and the ability to work with accessories such as Lenovos fingerprint reader, said Clain Anderson, Lenovos program director for wireless security.
“Particularly, were aiming at small business with this—folks that dont have a huge IT staff and can turn this on and get productive immediately,” he said.
Popular perception of TPM modules and their potential uses could be another potential hurdle, observers say. Although TPM modules have been associated with DRM or digital rights management, a controversial concept that some people view as companies trying to control how they use certain applications or data on their PCs, Berger said TPMs were was not created to assist DRM.
Instead, TCG envisions TPMs use among consumers as being to assist with passwords, encrypt sensitive personal files and help protect eCommerce transactions.
“We are not and never have been … interested in doing DRM, and we dont have anything that would give people a complete solution to do that,” Berger said. While a TPM could technically be used to assist in a given DRM setup, “Its not physically or technologically possible using just a TPM,” he said.
Regardless of public perceptions, TPM-equipped consumer PCs could show up as soon as the end of this year, Anderson predicted.
“I think [the TPM] will end up just being there—itll be cheaper to include it than to not. Its [cost is] almost nothing, so … why not?” he said. “All the buzz in Taiwan [where a huge portion of the computer parts industry is located] is, Youve got to have a TPM. When I heard that start happening, I knew wed gone ubiquitous.”
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.