digital id world 2002
Understanding Trusted Computing
Lark Allen
October 09, 2002
An overview of some of the both technologies, issues, politics, what's going on in the industry around trusted computing in general. And I'm not sure what your specific interests are, so feel free to ask questions. I've got a whole range of topics that we'll go through here, and let's see if we can get it to go forward. I've got my own history to go along with Phil's overview this morning of kind of where we've come from in the last 20 years as we've moved to pervasive processing, pervasive connectivity, to the Web, which gave us a way to overcome all of the proprietary kinds of access approaches and gave the normal person off the street an easy way to figure out how to maneuver and navigate around the Web. And so, what we have today, as Phil has talked about, is a pretty mature environment that can deliver stuff to millions of end points around the world, billions actually, with increasing amounts of bandwidth, and more intelligence in the end user side of this. So, my description of where the Internet is today, it has proven to be exquisitely successful for things that are free or things that are stolen. The challenge is, as we talked about this morning, as you look at moving to the next stage of the Internet, how do you take your core business that has security, has value to it, has other things, has legal relationships between a service provider and a user and others, and move that onto the Web. So what we've talked about is do we now overlay what we see as an infrastructure with trust and security that can handle a wide range of requirements that are required for doing Web services in the broadest sense of the term. So, this next-generation, if you will, of what's the next big thing, clearly there's a whole set of new standards and as you heard this morning from the fellow from General Motors, that will allow them to take more and more of their business and layer it out onto the Web, and do things like legally binding contracts across the Web for instance, using digital signatures to buy cars, to do all kinds of relationships, that becomes a key part of it.
We struggle around with what's a good definition of trusted computing, and I would just offer this as one, there's probably 20 others, this is one of the descriptions that says, what you would really like is to make sure that the hardware and software that has been developed does what it is supposed to do. More than that you'd like to have it do secure things that it's supposed to do. We'll talk about what some of those things are, but the challenge of trust is, so I'm trying now to embed trust into the PC platform, or into a cell phone or a mobile device or others, the definition of trust changes depending on who you are in this circle. And for the user to say "I trust the device," what characteristics does it have to have to bring trust so that the user will say it will protect my identity, my passwords, my credit cards. And I would submit that's probably a different set of things than the enterprise customer that says, I know this should be allowed into my remote access, into my VPN and others. Or, if I was a service provider, clearly the Hollywood crowd has a service set of companies to define what is it going to take for me to be able to trust my content to a PC, and know that it can't be copied a million times. They're perfectly fine with it being copied 10 times or whatever fair use ends up being defined for a user who buys it once and wants to use it on all of their devices. What they can't afford is to sell one copy and have it be copied 10 million times. So, a whole set of different requirements are on there.
Trusted computing, why is it required? Well, this is the latest headline that says okay, watch out for bugbear; it's out there; it has a key stroke logger, so when you go to login it grabs your credit card and your password by capturing the keystrokes inside the PC. And we've come to see almost weekly virus alerts, security attacks of all kinds, and other things that are part of the challenge that the open technology of both the PC and the Internet itself, because while it's brought great function to the Internet, to the PC, it also has its downside when you now want to do things of value out there.
So, when I was taking trigonometry in high school and you had to do the proofs, this is one of those ones where isn't it intuitively obvious why you want to have trusted security in the PC platform as part of the solutions set. And one of the other views of this is that, the thing that's changed about all this and we use physical world arguments to overlay what's going on in the digital world, the difference is you can't buy one Mercedes and make 1000 copies of it in your backyard at zero cost and give it to all of your friends. So we never got into these kinds of issues in the physical world that have become pervasive issues in the digital world.
If you look at what's going on in the industry, there are actually lots of trusted computing platforms, and there's a number of new initiatives, particularly aimed at the PC platform, but I would submit that smart cards, which have been under development as an industry for 20 years, is a trusted computing environment. It's a pretty small processor, pretty small memories and other things, but it's high-security aimed at doing some very specific things around authenticating the user's identity and even doing applications on the card itself.
Cell phones have a trusted environment. We've seen in the past where the cloning problem, where you had phones stolen and cloned, and what happened was the platform manufacturers and cell phone service providers worked on new strategies for making it very difficult to clone. So they added new capabilities and trusted security into the cell phone itself. And as they now add more and more functions and features, they too have the challenge of how do I provide a trusted computing environment for all of the services I'm trying to pack into the phone. A good example of that is that E911, that says your phone is a GPS device and you can now be tracked by your phone. So you have the issues of when do I want to allow myself to be tracked, so that if I'm walking by a Starbucks they can spam me with a free opportunity for a credit here, or when do I want to be anonymous and not to be tracked. So the E911 legislation that talks about what the cell phone companies can and can't do with your location information becomes very critical to the privacy issues of can I now subpoena them to find out where you were at a certain time if I suspect you of a crime, for instance.
Set-top boxes are clearly a trusted computing environment. They do some fairly simple, straightforward things. They tell you have you subscribed to HBO, yes or no. And, when you click the remote button, it makes the decision locally as to whether you are a subscriber to that service. It doesn't go back across the network to a server. So it's doing it at that level.
So, each one of these have the same types of characteristics. Now Microsoft has announced Palladium as a very ambitious program to fundamentally change the architecture of the PC in conjunction with the hardware part of that industry, Intel and AMD to start with, have also announced that part of that will include trusted hardware in the keyboard, trusted hardware in the graphics output device, as well as the main processor, as well as the security chip on the motherboard. So, pretty broad environment. A couple weeks ago Intel announced an initiative called Le Grande, which also is aimed at putting hardware security into a broad range of devices and components inside the PC.
Part of the challenge with trust is that when you say "security" it evokes all kinds of things. And if you look now, for instance, if you went out to the boards and looked at the discussion boards around things like Microsoft, Palladium and the other things, what you see is a pretty wide range of debates going on, all the way from now they'll be able to track you, find out if you've got illegal software and automatically delete it from your machine. So the problem when you step into this arena is that it has a significant amount of political challenge associated with it and doing things right. Kind of the famous one from three years ago now, is the Intel serial number problem. Sincerely their goal was how to deliver better services, but in fact, didn't really understand the privacy implications of exposing the serial number that could be tracked by Web locations out to the Internet. They obviously stepped into a big one on that one. So the politics associated with this and the laws associated with this, the privacy laws and other things, in one aspect we probably have a pretty good set of laws that came out of the physical world of what you can do and what you cannot do. All we're really trying to do is translate the physical world policies, and laws, and actions into what goes on in the digital world. Not dramatically try to change that, but also try to make sure that we don't violate some of the things we've all become accustomed to in this world.
So, trusted computing and various I would say niche environments, have been around for a long time. The thing that's different about it now is the drivers that are going on. Not only the drivers, but the money behind it. And obviously as we've talked about, Palladium probably is the most aggressive and ambitious plan. And when you get someone like Microsoft that says we're going to make this a core piece of what we're doing, because if we look forward in the future of delivering services whether it's to the user's PC or even to the servers and other things, security is an absolute requirement for lots of different pieces.
You've seen this in June, the first announcements of Palladium came out in this Newsweek article. In fact some of our folks, Peter Biddle down at the bottom, John Manferdelli is the number two guy, he'll be here speaking and talking about Palladium in some depth, so we're not going to go into great depth in Palladium. But needless to say, Microsoft has laid it out that this is going to be a very important thing and they've also gotten Intel and AMD, so at least they've got a lot of momentum behind the fact that they're going to make some changes.
The other thing that became clear pretty quickly is that there's been a lot of work done in software around security. In some contexts software security is for all practical purposes kind of an oxymoron. For some people, you can certainly hide things, such that the normal person off the street can't find them. On the other hand, what we've seen with the Internet is all you need is one really smart guy in Norway to break it, and it's now available to tens of millions of people on the Internet. So, everyone doesn't have to be a cryptographer, only one really smart person. There's plenty of those people who think this is the ultimate challenge is to hack these things. So, a whole new change in the balance of power. And so, you've seen things including the Ernest Hollings legislation requiring hardware security in every consumer device. And there's a lot of interesting people that are lined up on both sides of this one. Obviously, Jack Valenti, representing the movie industry has said, "Look, this is win or lose for us." And there's another guy, actually a very smart guy, Scott Dinsdale, who's the kind of the digital czar for the MPAA, that made this comment about the PC platform in general. Because if you look at the piracy problem it's almost exclusively today targeted towards the PC, while there's been people, you could make all of the videotapes you wanted for a long time, there's not a lot of money to be made in trying to compete with Blockbuster giving away $2.99 rental VCR tapes out there compared to this environment. So, it becomes an important part of it.
As you look at the industry, security can be looked at as a pyramid where I've got things in software only. There's a whole technology called tamper resistant software, which is the notion here is obfuscation. And the approach is one that says, so if I have a pen, suppose this is our PC, if I have a pen I can write tamper resistant software where I can hide the pen somewhere in the PC. Now if I let you take the PC into your closet, you've got as much time as you possibly want to find that. You'll eventually look all over this room and you'll find this, because it's just hidden in a place. On the other hand, if I take it and lock it in a vault, a cryptographic vault, that's hardware, then even though you know what exactly where the pen is, it's in the vault, how you get it out is a much tougher problem. That's why hardware becomes an important part of this and why you see the tougher hardware environments, things like the Trusted Computing Platforms Alliance and smart cards, clearly have hardware as a core part of the security, because it raises the bar of what does it take to hack this environment. And in general, we have a number of hardware approaches, but these are hardware that's controlled and owned by a single party. They may be running multiple applications, but they're controlled by a single party.
As we move forward, we'll talk more about this. As you move forward, what you want particularly in a PC is security hardware, but I need to have it to do lots of different things and have the same hardware be trusted by the user as well as be trusted by Universal Studios. That becomes a much tougher problem. And we'll talk about some of the infrastructure, such as PKI and others that will enable the hardware to be shared. Some of it, actually some very good presentations today about the authentication gateway that the federal government is putting together and the PKI infrastructure for supporting that.
So one of the challenges is that if I do security at a certain level, for instance if I do security at the application level and I encrypt things at the application level, I can always defeat it by just coming down one level in the stack and hacking it at the systems services level or at the OS level. So one of the reasons why hardware has become a requirement, is that you must have hardware at the bottom of this, so that you can protect the entire stack. And trusted computing then requires some source of trust to be established for the platform and then some level of integration of that all the way up through the top, including up to the Web services level and identities, which are clearly of the user and the application layer, but if your platform down below that isn't trusted as you've seen from the MPAA comment, it actually still doesn't deliver you a trusted result.
So, the challenge we get in the security world is there's a lot of crap in this thing. This isn't just an algorithms game, that says okay, give me the world's strongest algorithm. This is a systems level solution. The last chart you saw that said, not only do you have to have new hardware, but by the way it needs to be enabled all the way up the stack, says there's a lot of work to be done to turn the PC from an open platform into a trusted platform. A lot of that's been laid out. But it requires these kinds of technologies and we won't go through them in detail, because this isn't designed to be a crypto session. But if you've got questions I'll be glad to talk about or answer any of these. As we go through feel free to ask questions on any of this stuff, if you got some questions.
So, this is an example of a chip that's designed to be a single system chip to do and be a trusted computing environment. It's got a trusted OS in the middle. I've got a lot of interfaces that give me input and output. It's got a place, nonvolatile memory becomes very key, because I have to store secrets that have to stay in there and can't be turned on and turned off, because I have no way to deliver the secrets, if they get deleted. And then I've got a whole set of crypto algorithms. I've got encrypted memory to manage the memory itself. And then I've got a processor to do things. So, this is a single solution that says, hey there's a lot of pieces to make this into a functional security subsystem.
As we look at the environment of things like e-commerce, they represent an inter-related set of very complex trust relationships. Bob Thibadeau is actually going to be here Friday morning. He is on a panel with the International Security Trusted Privacy Alliance. Bob has been one of the leading guys from Carnegie Mellon in development of the privacy language for W3T and working with Europeans and others. But Bob has an interesting quote here that says, as you look at moving e-commerce to the Web, the challenge of authenticating who are the partners exchanging, or bartering and who doing transactions becomes a very difficult set of trust relationships that must exist in this environment. And hardware is one of the requirements for that.
So, if I have a device for instance that is a shared device to do e-commerce. So let me give you an example, in once case I have the user and they're going to pay for this, whatever they're going to buy with something. They're going to say, who am I, and in some cases they actually may or may not need to expose who they are, all they may need to do is say, I have some money or stored value, like today's stored value cards, so I have something that I'm going to use in this transaction. On the other side, the merchant has a service, content, music, games, whatever and you must protect the merchant's stuff until it's been paid for. And the third part is the financial transaction. So in the case that I rent you some software for an hour, to use for an hour, first of all I need to know is when is the hour up, so secure time becomes very important. If the user can change the time at will then an hour has no meaning on the PC. So if you look at the set of trust relationships in doing e-commerce out at the end of the network becomes pretty challenging from a security standpoint.
The other thing that becomes interesting is in the past we've had a lot a systems that are essentially vertical asylums. ["asylums" --??] That is, set-top boxes are owned by the cable company. They run their security system to deliver you services. So, they're an asylum. They're a general purpose trusted computing environment.
But as I, and actually Craig Munde will also be here, tomorrow I think he's speaking, from Microsoft, but I think he describes his very well. He says, we've got a lot of background in how you create a trustworthy system. Generally, the way, you make it trusted is you isolate it so that no one can get to it. And you own the hardware. And you make sure you know where it came from, and no one can clone it and make copies of it. So we have those. On the other hand, as we look at the Internet, we've got a little problem with the Internet. If you look at all the stuff that we're trying to secure, you've got all the authentication tokens, and each one of those has their own security requirements around them. You have the devices themselves. You have applications. How do I know it's the right application that it hasn't been tampered with. The data itself. And these are all different groups, organizations, standards and pieces, and in general, you could build a vertical (firewall?) but the user's PC ends up being the gateway to all of this stuff. So this is why you need an open programmable trusted platform that is capable of lots of pieces of the security puzzle.
So as we've talked about these are some of the current vertical models, that say yep, we've got vertical trusted computing platforms associated with each one of these. In general, they're proprietary or closed technologies. And what we really need is a model where I've got a horizontal platform where it can be shared and trusted and support multiple Web services.
The challenge we get into as you look at this is, even though I can run say multiple applications on my cell phone, it's still the trust infrastructure is owned by the cell phone provider itself. They own all those services. Third parties don't get services onto the cell phone except through the cell phone service provider. On the other hand, I have credentials that can be trusted by multiple people, but they're just my credential to say who I am. As I move to an environment that's going to be trusted by multiple people and support multiple applications, it becomes much more difficult.
Now, I'm not expecting you to see anything on this other than a pedigree chart. So in the world of trust, you don't just show up in the world and say, "I'm trusted." You have to have some source of trust. You think in the physical world the way that we know we trust people is either my neighbor says, "This is a really good guy. You should hire him to pay your house, cuz I did and I trust him." So there's lots of third-party trustors. You get the service because you bought it through your bank. Your bank is a source of trust. Or, others are a source of trust.
So in the digital world, the concept of mathematical trust says I have a digital certificate, so there's a root of trust that's owned by a trusted third party that ends up being the source of trust. In reality it's a bag of bits that says, okay here's a digital certificate, with then keys embedded and other things, I now move that as a source of trust. And they have things like servers that do functions. I have these servers that can be run by third parties to deliver these. I have devices that can now have this root. When this device shows up in the world if I want to know if it's trusted, I take that bag of bits and go find out is that bag of bits the same bag of bits that came from a trusted third party and the same thing for applications and services. So it becomes, an infrastructure becomes very important. You aren't going to have trust, just by the fact that I have a chip with a bunch of features on it,by itself doesn't make it a trusted chip. So it has to have a trust infrastructure associated with it.
You then can get into the interesting environment that says okay if I'm trying to make this open, and I don't want just one trust infrastructure for the whole world, that means there's going to be lots of trust infrastructures. How do I get these trust infrastructures to work together? So the concept of an open trust infrastructure, where I can have a device that may have a service with another infrastructure, how do I know it it's trusted becomes very important.
Now in the Homeland Security stuff that's going on, one of the biggest issues as you look at the critical infrastructures, is that today there's no mechanism for a host to know that it can trust a controller. So when a host, so let me assume that Hoover Dam is a host. It says "I'm here, my job is to open and close the gates of Hoover Dam." The controller calls it up and says, "Hey this is me. I'm your authorized controller and I'm telling you open all the gates, and let the water out so we can flood the Imperial Valley." So what's the mechanism by which the dam knows that it can trust whoever contacted it and is who they say they are.
So critical infrastructures, like the power grids, the industrial infrastructures, gas, airlines, the air traffic control, dams, all those kinds of things, in addition to the digital world of the Internet becomes important for doing trusted infrastructures. This is kind of like federated identity, it's how do I share trust between infrastructures as well.
So it's clear that trusted computing isn't a point solution, it's actually a systems solution as we've seen through the pedigree charts and others. So Bruce Schneier has an excellent book ,actually a couple of them. One called Applied Cryptography, and the first 60 pages are for a normal human being, the rest of the stuff if you are a real cryptographer or like to go to sleep early you can get into the algorithms themselves. But he's also got another one called Secrets and Lies, in which he talks about security is a process, it's not a product. Complexity is the enemy of security. That's one of the challenges that we have with the PC, it's become very very complex. I mean, I just downloaded the latest service release for XP, and I think it was 30MB or 100MB, anyway it was some big big amount that took a long time over my cable modem. But anyway, you have to design security in from the beginning. So today, if you look at a model of the Internet, we have untrusted devices and we've worked to make the network trusted. So, we've built firewalls, and so while it's on the network it's encrypted; it's in VPNs; it's in firewalls. But when you get to the end points, the end points are not trusted. But in fact, I would submit that's absolutely wrong, the opposite approach to what we should be doing. What you should be doing is having trusted endpoints, and having an open and clear network that you don't have to muck up with all of the infrastructures, the firewalls, which are administratively rich -- is what the term is, and other things - so you end up with this kind of environment. And one of the things that you find out is, is that if you have trusted devices and these actually could be components within a PC and the red could be the PC bus or the USB bus itself, which is an open bus that's shared, I can actually have any trusted conversation between devices over an untrusted network. So I can have secure communications between any two trusted devices. This is kind of like one times one always equals one. On the other hand, if I ever insert an untrusted device in that flow, this is a one times one times one times zero, and the answer is zero. If it ever becomes untrusted, the result then is questionable. It may still be OK, but you know that it could have been hacked at this point.
So I'll give you an example. We have some gold at one end we want to deliver in a Brinks truck. So, in the trusted environment, I have the Federal Reserve, and when I put the gold into the truck, I can take that truck, and when I drive it I never open the truck except inside the building of the Federal Reserve. So the gold is never in the clear. On the other hand, when I get to an untrusted point, all of a sudden, if I leave this in the open, for instance I decrypt the movie using my main processor, and I now ship it to my graphics adapter, it's now in the clear between the main processor and the graphics adapter. So if I want to create a device that says, "I'm a trusted DVD device. Send it to me." But in fact you are spoofing a DVD device, that it's not trusted, that it's just something that is recording this, then you've got the gold in the clear. And this is actually one of my best PowerPoint features, so what you end up with is the ability for some -- you want to see that again? Wasn't that good? - Anyway so you've got the guy, the stuff in the clear and he makes off with it.
And so they have new features, and you can go on all night making animations on PowerPoint.
So one of the things that you see, we had an interesting relationship, we've been working with Carnegie Mellon who's done some interesting work over the notion of self securing devices. And the model they use is the medieval castle. And, in this model, the castle doesn't just have a doorway, that if you break down the doorway, you now defeat the castle. The castle has moats. The castle has towers with their own security. So in fact, what you'd really like to do is have distributed points of trust, such that even if you broke and got across the bridge on the moat, you didn't get through the castle gate, you didn't get into the drive, and you didn't get to this. So the notion is everything and every component needs to eventually become trusted, particularly in the open environment of the PC. So today, for instance, I've got the open bus of the PC, which includes USB and 1394 and others, I can put security into the keyboard to do authentication of the keystrokes so that bugbear can't get it. And in fact, what you're seeing as part of the initiatives for Intel, Microsoft and others is security functions in hardware and software being inserted in a lot of different devices, including the peripheral devices, and the main processor and others. So once I've done that, I can now create essentially a secure, trusted, local area network inside the PC, but I can expand this if I add wireless and other devices. This is my home network. So I can bring content in to a home network. I can re-encrypt in a key that's only known by these devices, allow you to make as many copies as you'd like of the content. So if you happen to have 50 devices, you can make copies on 50 devices. So you can have fair use, but it can never be used outside of your user trust building. So I have a way now to start to address the fair use issues. I want to buy a copy of the CD once, I don't have to buy 10 times for every one of my devices.
So as you might expect, security is a big deal for lots of reasons not just 911. What you see here is in the new Homeland Security bill. If it ever gets passed there's a lot of money for various security things. There's not just security hardware and software, but as you can imagine a lot of integration services that will also go along with this. The challenge is, you look at the new Web services you clearly need some deployment. What you're starting to see some deployment through a number of different technology channels and the services being delivered for these. We've actually seen a change. And, forever the view was users will not pay for security. What you're seeing is the capability, we've done some market research. In this case, it was actually one of the market researchers that did this, Hart research, indicated this was probably as strong a result as anything they've done since they did the airbag surveys back in the early seventies, that says, you've got 84% of the people saying they'd spend at least 25 bucks for a trusted PC and on down. So most cases, what we're talking about as additional hardware costs in the platform is generally minimal. It's probably five books or less in additional costs into the PC. You already some examples of these in the market, IBM's embedded security system, that they're selling very heavily in their platforms.
So one of the applications, this is kind of like asking back in 1982 what can you do with the PC? Well I can do spreadsheets, and I can do word processing. Then I come 20 years later, and you say well there are thousands of applications for which I would like to have the ability to trust the outcome of the hardware and software. And these are some examples.
Let me show you a little different model. In this case, this is one of those ones associated with content that says, what I've done is I've got a security subsystem in my PC. I want to broadcast the content. I don't want to do just to peer-to-peer level Napster stuff, I want to broadcast to 10 million people at the same time so that you can all get the game or the video or whatever, you can cache it on your PC, but then I want to put a micro transaction system in the PC that allows you to buy it by the minute, by the hour, by the bullet, by the whatever pay-per-view kind of stuff, so in this case we're broadcasting and then caching on the PC. In this case, I've got a bunch of channels. I've got things like there's a set of golf lessons from the top 25 golf instructors, and you can take any lesson you want for a buck and I can sell it to you, a whole different buying model. It's on your PC. If you don't want to receive it, you don't subscribe to that channel. I can add and delete any channel. I can come over here and say how much space doo I want to have that take. In my case I've got things, a gigabyte of content, I can have examples like this is a music video channel [garble] now instead of a small streaming window, what I get is maybe full-motion video. Let's see. There we go. [quite special blasting of the ear drums] Let's turn this down. I don't know where John Tesh at Redrocks, but ... In this case, what I have for instance, there are all the music videos that I've cached. Not only do I send the music video for which any one of these I can go on pull up the music video. I've already sent the album. So if you want to buy the album, I can let you play the song once for a penny. You can buy it for $.99 a track. And you now have it available to use. So what I have now with trusted computing is a whole new model for content delivery, for doing transactions and other things.
There's a lot of proposals. This was an interesting one on a new US identity card. As you've seen, most likely it's going to be a driver's license, not a US identity card. But again trusted computing - I have a smart card chip. I've got internal memory. I've got 2-D bar codes. I've got optical strips. I've got all kinds of either volatile or nonvolatile storage, where I can put biometrics and other information. What you'd like to do for instance then is have a trusted input device, where I can capture the keystrokes, put the smart card in, do multifactor authentication or specifications for trusted financial transactions. And you could put this into cell phones, keyboards and others. And to give you an example that what you'd like is that in the physical world, you've got whatever your identity is, credit cards and smart cards. I want to authenticate myself to a trusted server. So in today's world, the challenge is I handed my trusted credential to an untrusted PC and expected it then to log me in over here across the network. What you'd really like to do is extend the perimeter, by putting trust into the input device itself. So you now authenticate yourself. So it's a trusted to trusted to trusted flow with no untrusted step in the middle, as part of the end to end security for doing authentication.
So as we've talked about, there's flexibility needed. There's a lot of places we're looking to put trusted computing things, and hardware is part of that requirement as we move forward. So as you look at the industry challenges as to how to how do I standardize this stuff, there's a lot of stuff to be brought together. There's actually good work that's going on in most of these areas. How do I balance that with both the privacy and security laws, and the time that it's going to take to deliver these kinds of trusted ecosystems. You're seeing things today. You'll start, you'll see more and more over the next year or two years or three years associated with that. I think you've still got the legacy problem of the population of current devices today and how do you work with those? So, as I said we're potpourri-ing a lot of stuff around trusted computing.
>Questions
[What follows is even crummier audio ... so it's sketchy]
Q: The first one, one of the issues that happened with the machine ID that came became a problem was the whole issue of privacy, and all the privacy advocates, they jump all over it. You talked about trusted computing here today. And I can assure you that [?] right now is somebody that's writing something about trusted client or trusted designating [?] trusted by home is the question and the whole issue of privacy. So how do you see this privacy thing playing out? And with specific reference to [grmermgdl]
Lark Allen: Well there's, actually as you look at the various security technologies, if you want to know if you're talking to a trusted device you have to have some ID [?] so the notion of having an ID, was a good notion. The challenge was then exposing that to people so that it could be tracked. So in fact, you've got your hardware, but you've got ... a global unique ID. One of the things you'd like to do, however, is have a service or application level, where it might have my credit card application that's going to run in the trusted computing application. I want my digital ID. But for that service that's part of this, I don't want to have that be locked to this. So for instance, this unique ID is only so that I know the device is trusted and then I want to firewall it off so that this application nor anything else has access to it. So that says my device can't be tracked by this ID, I can track this, but in fact if this is secure, if this is my Visa or my Barclays bank application. They're the only ones that have the keys communicate with this. If I'm the user and I find Barclays has somehow violated the information I've shared with them, the user can delete that service. And just as you can take a loan out and say I don't want the credit card, I'll cut it up and get rid of it. You get rid of the service, but you can't track me by the ID in my wallet. So [?] So there are technologies that allow you to hide this from a privacy standpoint, so you don't expose it. And those actually become very important to build into the platform, so you don't become a source of privacy violations
Q: operability without portability, the timing
Lark Allen: So part of this is saying that if you look at the ecosystem of smart cards, of trusted PCs, servers, networks and so on, what you'd like to do is this is like a client server model that says there's some things, for instance portability becomes very ... important and openness so that I can use this, that I don't end up with 400 things each one of which does a single thing. So they're both portable and interoperable I guess that [?] that my rights would travel around with me and not be just associated with just a platform. You're right that [?] be very important. I want to take my services with me
Q: Mrgrrrrmrr
Lark Allen: Well I actually, uh, there are some important things that are happening right now. More and more smart cards are an important vanguard of that. In a place like Europe they're pretty widespread already. And even cell phones, they've gotten more and more robust. And set-top boxes. The Trusted Computing Platform Alliance is a group of about 200 companies [beep]... the only company that'is shipping a TCPA-compliant platform. I think in next year you'll see most likely all of the major or most of the major PC OEMs and some of the other white box guys start to ship them on at least some lines, they're associated with it. You'll see more of it in the enterprise space than in the consumer space. I think we'll start to see it on both sides. We haven't seen them announce the time frames yet on things like Palladium or Le Grande. Those are clearly the ones that say when [??] we'll start to see this in 10 million or 20 million or a hundred million PCs. But my guess is that you'll start to see progress in that next year and then in 2004 and 2005 I think you'll begin to see some pretty good deployments in that.
[indecipherable]
Okay, great. Thank you.