The Trusted Computing Platform Alliance, a trade group representing about 145 technology companies, on Tuesday will release a specification for making computer data more secure. Compaq Computer, Hewlett-Packard, IBM, Intel and Microsoft are among the group's sponsors.
IBM developed the basic security technology that TCPA voted to adopt during a Jan. 18 meeting. The Armonk, N.Y.-based computing giant started selling 256-bit security chips on its PCs in September 1999. That technology evolved into TCPA's Trusted Computing Platform Specification 1.0
"It's sort of a victory for IBM," said IDC analyst Roger Kay. "They put out this security solution that involved multiple elements--including their own chip--and the understanding that good security requires multiple elements and is only as good as its weakest link."
Companies using the specification will adopt a combination hardware-software security approach, involving a security chip that encrypts data, whether filed locally or e-mail sent over the Internet.
"The specification defines how to design one of these trusted computing platforms and how to incorporate them," said Jim Ward, IBM's representative on TCPA's board. "This is really a major accomplishment and a big step forward for how people in general are benefiting from and exploiting security in their systems."
The specification is over 400 pages "and tells how to design and what you need to do to be compliant with the standard," said Ward.
The security chip, an integral component of the specification, resides on a computer's motherboard.
"This offers even more robust security than software alone," said Technology Business Research's Bob Sutherland. "IBM's chip is unparalleled by any other chip out there. It's not surprising these organizations are establishing standards IBM has been involved in."
Hackers using Trojan Horses and other tools could pilfer passwords used even as part of the encryption process, Sutherland said. "Software has been a concern because it's easier for hackers to work on these things."
The security mechanism uses the public?key, private-key encryption method commonly used for creating digital signatures. Both keys--scrambled numbers and characters created in matched pairs--are required to open an encrypted document or authenticate a digital signature.
"What this allows customers to do as they use PKI (Public Key Infrastructure security) in their businesses, is have like a smart card on the motherboard," said Arsen Varjabedian, IBM's security chip expert. "It allows them to securely store the public and private keys, and in addition allows them to do all things encryption and decryption--signing e-mails and those kinds of things--in the protected environment of the chip."
The security chip is expected to add about $2 to the cost of a system, but costs could vary depending on how manufacturers adopt the specification.