Intel exec envisions "the trusted PC"
Intel's plan for chip-based security won't replace software, but will "build a foundation" for more secure computers, said Patrick Gelsinger. Intel's latest plan: individual serial numbers on chips.
Patrick Gelsinger, group vice president of Intel's desktop products group, also detailed the giant chipmaker's stepped-up lobbying on privacy and government controls on exporting strong encryption.
"Intel will deliver the security building blocks to enable the trusted, connected PC," Gelsinger said at the RSA Data Security conference, expanding on the announcement earlier this week of a broad partnership with RSA.
"Security is only as a strong as the foundation, and hardware means stronger trust," he said, indicating plans to include security in its Pentium III chips, chipsets, motherboards, and other products.
"We are not replacing software, we are building a foundation for trusted software," he said.
Gelsinger also promoted Intel's Common Data Security Architecture [CDSA], a framework for infusing security into all aspects of computers built with Intel chips. In addition to its own CDSA, Intel products will enable Microsoft's Crypto API [CAPI] and RSA's security framework.
Anticipating an upcoming announcement, he revealed that Compaq has signed onto the CDSA alliance, joining IBM, Security Dynamics, Hewlett Packard, Lotus, Certicom, Motorola, and AT&T.
Yesterday, Ireland's Baltimore Technology said it will create CDSA software tools for markets outside North America.
This year, Intel will add serial numbers to each Pentium III processor, making it easier to identify the specific machine being used in an online environment, Gelsinger said. The chipmaker also will add a random number generator, a common cryptographic technique, to the chipset. The RNG will use the thermal noise of semiconductor resistors to create random numbers, thus enabling better cryptography and digital signing protocols.
The chips will ship by the end of March, he said.
Further, through its pending acquisition of Shiva, Intel's networking group will support IPSec, an important Internet security standard.
"We are happy and surprised by enthusiasm from application developers for the processor serial numbers," Gelsinger said, adding that 30-plus software developers have committed to write both consumer and business software that takes advantage of putting a unique number on every Pentium III processor.
Next year, Intel will add authentication capabilities to its offerings, and in 2001 will deal with peripheral devices.
On the public-policy front, Gelsinger campaigned hard for lifting U.S. limits on encryption exports, a popular stand at the conference.
"The government should not limit the global deployment of necessary encryption technology. Intel wants to ship products on a global basis, run our business on a global basis, conduct e-commerce on a global basis, and manufacture products on a global basis," he said.
He praised this week's announcement by France that it would soften its controls of encryption, deregulate the use of strong, 128-bit encryption within France, and spend more on security research.
"The right policy is fighting technology with technology," Gelsinger said. Intel strongly opposes secret "back doors" in encrypted products that allow the government to obtain the cryptographic keys to decrypt scrambled data, he said.
On privacy, he said Intel will build into its chips the ability for individuals to control whether to hide their identity online. Intel also will make people aware of the kind of data being collected about them.
Some online privacy advocates worry that serial numbers will allow a way to track individuals on the Internet. But Intel counters that concern by arguing that serial numbers would improve security and protect the privacy of individual users.
"This does not in any way limit anyone's privacy or capabilities in terms of what they can do," according to Intel spokesman Seth Walker. "Intel will never keep a list of processor numbers of which processors go where. This is designed to bring greater security to end users and help grow the pervasiveness of e-commerce worldwide."
As an example, he argued that individuals would be more willing to send personal medical information over the Net if they had the additional layer of security provided by serial numbers on their hardware.