Trusted Computing Group trying to be TCPA follow-on [eetimes]

Bill Stewart bill.stewart at
Wed Apr 9 14:38:36 EDT 2003

New group aims to secure PCs, PDAs, cell phones
By Rick Merritt, EE Times
April 8, 2003 (2:20 p.m. EST)

SAN MATEO, Calif. — Fifteen companies announced Tuesday [April 8] they have 
formed the Trusted Computing Group, an industry initiative to define and 
promote a specification for security in PCs, servers, PDAs and cellphones.

The group essentially reboots the efforts of the now-disbanded PC-centric 
Trusted Computing Platform Alliance (TCPA), this time including 
participation from Nokia and consumer electronics companies such as Sony 
and Philips.

The Trusted Computing Group (TCG) expects to release a specification for PC 
security before the end of the year. A spec for cell phones, however, could 
be as much as two years away.

Founding members of the TCG are carryovers from the earlier 190-member TCPA 
effort. They include AMD, Hewlett-Packard, IBM, Intel and Microsoft. 
Contributing members include Atmel, Infineon, National Semiconductor, 
Nokia, Philips, Phoenix Technologies, Sony, ST Microelectronics, VeriSign 
and Wave Systems.

The TCPA defined a trusted platform module (TPM), a basic device with 
encryption and secure memory capabilities to oversee PC security. However 
the TPM 1.1 chips now shipping from companies such as Atmel, Infineon and 
National Semiconductor have not been widely adopted to date and do not 
conform to concepts for a secure PC execution mode recently defined by 
Microsoft under a program it called Palladium.

The TCG is defining a specification for a 1.2 version TPM and a software 
stack that will work with the Palladium architecture Microsoft developed in 
collaboration with Intel Corp. and Advanced Micro Devices. Microsoft will 
detail this approach publicly for the first time at the Windows Hardware 
Engineering Conference in May.

Microsoft's implementation, which it now calls the Next Generation Secure 
Computing Base (NGSCB), will require new logic in several PC components 
including processors, chip sets, graphics processors and I/O devices. 
Indeed, the concept for a secure operating mode is so broad Microsoft will 
devote an entire track at WinHEC — about 18 hours of content — to 
describing it.

Microsoft has not said, however, when it will ship software that complies 
with NGSCB. Industry watchers expect that code will appear late next year 
or early in 2005 in the next major version of Windows, dubbed Longhorn.

The security scheme will work in conjunction with processor functions Intel 
Corp. calls Le Grande Technology and has embedded in its next-generation 
Pentium processor dubbed Prescott, expected to ship later this year. AMD 
will also support the PC security concepts in its processors though it has 
not indicated when.

The TPM 1.2 modules will include a new session encryption interface and 
secure state counters that prevent replay security attacks, said Stephen 
Heil, a technical evangelist for security at Microsoft. The TCG has 
separate working groups defining those modules, a security software stack 
and particular needs for both servers and PDAs. The TCG is about to launch 
a working group to define a specification for secure cellphones, an effort 
that could take 18 to 24 months. Nokia is expected to be a key contributor 
to that group in addition to other members still being recruited by the TCG.

“I would expect to see our membership broaden to include many of the 
players required for that effort,” said Geoffrey Strongin, a security 
specialist at AMD.

Jim Ward, chair of TCG and a security specialist with IBM, said the group 
would like to create other specifications for platforms such as set-top 
boxes and video game consoles though no active efforts are currently 
underway. “We are looking to develop a broad specification that can be used 
by a broad set of products,” he said.

“The industry is coming together,” said John Hull, director of marketing 
for advanced PC products at National Semiconductor.

“We are thoroughly convinced that the future of the PC rests on three legs: 
networking, security and manageability. You will have to have all three to 
play in PCs going forward,” he added.

Hull said he expects TPM module makers will update their products to comply 
with the new security spec when Prescott processors roll out this fall. 
Further in the future, the modules could be integrated into existing PC 
components such as SuperI/O parts that provide legacy support for serial, 
parallel, keyboard and floppy controllers.

“IBM is about the only company in production with systems using the 
[standalone] TPM 1.1 devices as far as I know,” said Hull.

Ward said IBM has shipped millions of TPM devices in its PC systems. An HP 
spokesman said the company has not yet shipped systems with the modules 
which typically cost about $5.

“We have to increase the rate of adoption. That's why integration with 
Super I/O makes a lot of sense. We think this will be a checkbox item going 
forward,” Hull added.

As a legally incorporated group, the TCG will enforce reasonable and 
non-discriminatory licensing of any intellectual property in the spec and 
define a mechanism to certify compliance to it. The group is also expected 
to take a more pro-active approach than its predecessor to addressing 
controversial issues about privacy and digital rights raised by the PC 
security effort.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list