Trusted Computing Encryption Chip Updated

The Trusted Computing Group released a new version of its chip-based encryption scheme, formerly Microsoft's Palladium, on Wednesday at the RSA Conference 2003 Europe in Amsterdam.

Microsoft Corp.s trusted computing vision inched closer to reality on Wednesday, as an industry group released an updated specification for storing encrypted information.

Version 1.2 of the Trusted Computing Groups hardware specification was released at the RSA Conference 2003 Europe in Amsterdam. The group is responsible for overseeing the development of Trusted Platform Modules, small microcontrollers that reside on a PCs hard drive and encrypt data, thus protecting it.

With the release of the specification, the Trusted Computing Platform member companies, including Advanced Micro Devices Inc., Atmel Corp., Intel Corp., and National Semiconductor Corp., can begin designing Trusted Platform Modules that conform to the specification. The group said it expects the first Version 1.2-certified modules would begin shipping in the first half of 2004.

The new specification will be a driving force behind Microsofts own trusted computing initiative. A spokesman for Microsoft confirmed that the new module specification will be used as the hardware foundation underlying the companys Next-Generation Secure Computing Base, formerly known as Palladium.

The Next-Generation Secure Computing Base will be used to "lock down" user data through the use a "nexus," a software module that will interact with the module chip and the secure operating system. The functionality will be built into Longhorn, the Microsoft operating system due around 2006.

The concept of "trusted computing" has been eyed with a degree of suspicion in the industry. On one hand, applying permissions to content and data will prevent copyrighted material from being unlawfully shared. Operating system vendors such as Microsoft have argued that it can offer the same degree of protection to users, who will then be able to conceal their own data from prying eyes.

Included in the updated specification, however, are several features designed to give users more control over their trusted PCs. Delegation, or the ability for the user to use specific, user-operated commands, would allow user more fine-grained control in determining what applications to trust or not trust, according to Mark Schiller, director of HPs trusted computing strategy group.

The 1.2 spec also adds locality, or the means for the user to manually assign permissions to external software processes.

"It wasnt like we were always out trying to be more proactive in that space," Schiller said. "But from a security and privacy standpoint, this one is very proactive."

IBM first implemented the Version 1.1 Trusted Platform Modules on some of its ThinkPad notebooks, and HP followed suit with a desktop. In October, HP equipped one of its Compaq notebook PCs with a module, Schiller said.

In the mobile world, business users are constantly on the go, and travelers always face the risk of losing a PDA or having a laptop snatched from a security checkpoint Schiller said.

"Folks are getting it and loving it," Schiller said. "Based on our initial market research...customers voiced completely unequivocal support for the concept." Both products have not been released for long enough to determine sales data, however, Schiller added.

The revised specification also allows the state of the module to be pinged by other applications through a feature called direct anonymous attestation, which communicates information about the state of a trusted computer equipped with a module. It does not communicate private, personal information, according to the Trusted Computing Platform.

In addition, the Version 1.2 specification defines the means for system software or firmware to store information on the unused portion of the module, with the users permission.