X

IBM bakes security into processors

Secure Blue adds encryption technology to processors, promising better security for data on PCs and portable devices.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
See full bio
Joris Evers
2 min read
Researchers at IBM have come up with a way to hardwire encryption technology into a microprocessor, promising a more secure way to store data.

IBM plans to announce availability of the new technology, dubbed Secure Blue, on Monday. The Armonk, N.Y.-based company envisions its idea and technology will be used in digital media players, electronic organizers, cell phones, computers and devices used by the government and the medical and financial industries.

With Secure Blue, data is encrypted and decrypted as it runs through a processor, according to IBM. It is maintained encrypted in the device memory, or RAM. One of the few times data would not be scrambled is when it is actually displayed.

"There is a lot of concern about leakage of data," Charles Palmer, manager security and privacy at IBM, said in an interview. "If you have an architecture where that information is always encrypted, you go a long way to protect your data."

Secure Blue requires a few circuits to be added to a microprocessor, taking up a small percentage of the overall silicon real estate, according to IBM. The encryption and decryption happens on-the-fly, without any processor overhead, the company said.

The hardwired security technology can be used for multiple purposes, not all of which necessarily serve the device owner. It can protect data when a person's computer or device is lost, stolen or hacked, for example. But content owners can also use it for enforcement of copyright, called digital rights management (DRM), which critics have called a scourge to user freedom.

"This is a technology that can solve a lot of problems," Palmer said. "It can be used for DRM, it can be used for systems management, and it can be used for protecting my information on the BlackBerry." The future will decide how it will be used. IBM on Monday is only announcing availability of the technology, Palmer noted.

The idea of hardware-based security is not new. Millions of laptops already contain a chip called a Trusted Platform Module, or TPM, which offers protected storage of encryption keys, passwords and digital certificates. The idea of the TPM is also coming to servers and mobile phones.

"The TPM is a step in the right direction," Palmer said. "But it is not a bulk encryption device, and it would probably melt if you try to use it for an encrypted anywhere capability."

IBM has built a prototype of Secure Blue using its own PowerPC processor technology. However, the system will work with any processor design, including those from Intel and Advanced Micro Devices that are used in PCs. An IBM representative said the company has not had discussions with Intel or AMD on including Secure Blue in their processors.