digital id world 2002
Services: The Secret Sauce to Sell Identity in the Digital World
Steven Sprague
October 10, 2002
And so today, we build a chip and on this chip we have a processor and memory, but this chip also talks to what we call a trust assurance network. And what a trust assurance network is is an infrastructure that permissions applications that are trusted applications. And so if I have an application and I want to permission it into this secure processor, then I can take an application like digital signature running in an open system and deploy the components that are the digital signature subsystem and say here's where I'm going to do the processing of the secrets. And so it's important to couple with the trusted platform the infrastructure that permissions the applications that are allowed to run on the trusted platform.
And so, now we can switch. So instead of having just a chip that does just one thing, the next thing I can do would be to take something like TCPA and run it as an application. Well in that aspect I offload locally the digital signature application into local storage so that I could reload it at a later date. And I keep going in keep doing this for very broad range of applications, so for the first time you have the general purpose capability on the clientside that says, I can support anybody's scheme, any form of authentication, any form of access control, any form of conditional access, any form of encryption and dynamically switch between them. And so now the service provider is deciding how they want to implement their form of security for the service that they want to offer. And if they want to change on a frequency because of security, because they made bad decisions, because whatever the reasons are, they can change on a frequency that is completely independent from changing the core underlying system.
And so, as part of this system, you don't need just a chip and the trust network, but you also need a number of baseline services - we've implemented a number of baseline capabilities in our chip; we've built some of our own commercial applications in commerce and content access and micro payments, but we've also built a developer toolkit so anybody can an application. And the benefit here is that ultimately that software developer kit can enable a very broad arena of applications to be deployed.
And as we look at this, we really think of it in the context of how do I build services infrastructures. So there are many devices. There are many different services. The deployment of those devices create the installed base, which drives the services revenue. The business model here again, is not something we're making up. The business model is defined and has been defined for a number of years, by a number of different industries. The objective here is how do we get to transactional revenue against the installed base of devices?
In some ways the most amazing transaction to prove that this, the PC industry or the general computing industry hasn't figured this out yet, was the transaction or merger of Compaq into HP. They had a 40 million unit installed base. But they didn't view the installed base as an asset in the transaction, they viewed it as a liability. Just to keep in context, that same 40 million unit installed base was used by AOL to buy Time Warner. So because AOL has a persistent long-term revenue generating relationship with every one of those end points, but my computer supplier doesn't. And would I in the future make choices about what platforms I buy, what service providers I invest in, based on the services that they offer me? I think that the cell phone industry has determined that the answer to that is yes. I make a decision because of which network I belong to, which broadband services I can get, can I send color photos from my phone to somebody else, might dictate whether I buy a different phone than the phone I have today.
So the goal is a very broad array of applications and services. And, I'll talk about a couple of these, but when you think about trusted computing, think about it in the broadest sense of all the applications and services that can be built and what's the marketplace that gets created by this.
I would argue that Web services can't be enabled until trusted computing is enabled, because all Web services will end in a trusted device, and that they need to, in order to be successful. While some of them can deploy today to get to scale, true scale, where they get broadly accepted, you have to have a trusted endpoint to manage the relationship with that end user. So the fundamental components of enabling a service based economy on top of the Internet requires a trusted client device. One of the ways to think about that is that if I have service providers, the network, and a trusted client, what I really want is an established trusted relationship between the service provider and the client. And when you expand that in context you can really think of it as virtual services networks.
A good way to think of a virtual services network would be HBO and its 80 million subscribers. A service, and 80 million subscribers. Now today that's done by a set-top box, but it could be done with the general purpose trusted device, it doesn't have to be proprietary wires. By the way, another virtual services network could be my baby cam and the four or five people I want to share pictures of the baby's lying asleep in the crib going like this, and I want to be able to share that over the network. The same infrastructure that HBO uses should be available to the end consumer. And so, whether it's a small workgroup of everybody who was at this conference, exchanging ideas after this conference, or it's 10 people across five companies working on a project, or it's an emergency response team trying to coordinate with five different agencies by using a public web site, because the rest of their infrastructure has been taken out - it doesn't matter. They're all virtual services networks. In some ways, what we ultimately want to do is get rid of some of the major concepts that exist in security today, in LANs and firewalls, we just want devices hooked to the network. And I think there are roles for a firewall to play, but they shouldn't be as a service delivery device.
There's no privacy without security. Privacy continues to be a growing both legal and social issue. And it's probably best shown through the concept of credential. And, it doesn't matter whether this credential is used by my corporation or as my national ID card, different people need different information off of a credential. And so providing for the end user the capabilities of a secure platform that protects their privacy, security could be used as a tremendous enhancer of privacy. A lot has been talked about the last couple of days, so I won't spend too much time on this, but let me show you an example. If I take a card, here we've just taken one and said okay, you've got your name and address and date of birth, that's fairly simple, but it has your entire criminal history, your entire healthcare information, all your digital IDs, all your bank accounts and all of the favorite places that you like to go. So, now let's go travel around the world. So, our belief is that you want a trusted reader for every credential. So in this case we're taking a smart card and plugging it into a trusted reader, but it could be any credential and a trusted credential reading device. So we go to the first place, we go to the Police Department and they want my name and address, date of birth, my biometric data to prove it's actually physically me, and my criminal history, because they caught me speeding down the highway and they want to know how many times I have been speeding down the highway. But then after that I go to the cybercafe, and I want to be able to walk into a PC and have it know all my favorites of where I've been, so I plug my card in, it logs me in automatically, it reconfigures that environment to my preferences and I can sit down at the cybercafe and use what I need to use. Then I end up at the hospital having drank too much caffeine at the cybercafe, and they want to know what my history is, when was last time that I was here, but they don't know anything about my criminal history. So, I'm able to completely separate pieces of data, depending on where I go. And I'm doing this without policing, because I'm using the technology to implement the policing. Because the technology can be programmed to say this is the only information I'm going to allow to be released. And I believe that while I think we can do a lot with policies, we can also do a lot to implement the policies in a manner that we don't need to actually implement enforcement. And so just to finish, I can then go to my bank, and my bank really doesn't need to know that I have a criminal history or that I do have health care issues, they just need to give me my money.
So we think that there's some very simple ways that we can take a credential. put a tremendous amount of information on it and say that the lowest common denominator reader is not where the discussion needs to be. We need to protect credentials depending on who's allowed to use which information. I think a perfect application of this is that if I go into a bar all that I want them to know is that I am 21. So I not only want to data, I don't even want to release my birth date, all I really want them to do is calculate in a trusted device that I am 21. That's all they need to know.
So let me talk about a couple of other applications. There's some very interesting work that's going on in Europe in and around secure smart card readers. And what we've done is we've implemented the European specification for something called FINREAD as an application that runs on one of our EMBASSY chips. And, FINREAD came about because the major banks in Europe got together and said," well, this Internet thing is coming along and we can't do secure shopping on the Internet with a smart card. Cuz it doesn't work. It's not sufficiently secure. So they haven't implemented a lot of the controls that exist in the US banking system for limitations on liability, etc. The result is e-commerce is much lower. And so as a result Cartes Bancaires, Banksys, InterPay, SIZ, which are the banking groups, got together and formed an EU working group to establish a standard called FINREAD, which stands for financial reader. And it requires a couple components. It requires a smart card reader, but it also requires the ability to securely enter your PIN number, as well as a secure display, so that the clearing bank can transmit down to the device the amount you're going to be charged and you can confirm that that's actually the amount. In this way, you're able to execute a transaction between the end user and the clearing bank, so that the merchant gets paid. But, the merchant never get your credit details. So now I don't care who I shop with. The merchant doesn't have my details. The merchant doesn't need my details. They need my shipping address, which by the way might be completely different than my card. They don't need my mailing address, they just need my shipping address. And because the card is able to, through a clearing bank and through a trust infrastructure, ensure that there's payment with non-repudiation. And so we're working to deploy these devices, and the first ones will begin to ship by the end of this year that enable the foundation for what we think is one of the killer applications in this space, secure shopping. Now it's somewhat crazy today that we don't have the tools to help us to some of the baseline applications like logon to email. All of a sudden now I have a trusted input device where I can enter in my PIN number and log into my email server, in a manner where my PIN number was never available to an untrusted system. So I can take a hack like is currently running around the Web today, "bugbear", it doesn't work. Because in essence, you've firewalled off the keyboard from the sort of open platform of the PC.
So in conclusion let me just say that trusted computing is a very broad market segment. And I think that one of the tests of this is going to be are there analysts that begin to follow it? Does it become a section in the magazine? I think the answer is yes. I think this is as big or bigger than multimedia. And, the reason I say that is because I think the more money is going to flow through this than ever flowed through multimedia. So the beginning of what many of the companies are that are investing in identity systems, in the infrastructure for security, is just the foundation from which all of this is going to be built. Because we have so many things to do, and it's just the beginning of a space. And it's a space that now is not going to be created by little companies getting together and trying to do stuff, but it's a space that's being created and being created in a very big way by players like Microsoft and Intel and AMD and others, who can drive this fundamental shift in direction. But it's for us to fill in all the parts because they're not going to be able to build everything. There're all sorts of bits and pieces of technology that need to be built to make this work. Like key management, where do all the keys go? Like the security issues around customer service, you know, gee I had stored value on my machine, and my machine blew up, where did my money go? There are all sorts of issues that surround this that have yet to be addressed. We're at just the beginning of the conversation. And in some ways getting overly distracted by some of the really low hanging fruit issues, things like identity and privacy, while extremely important, I think the first thing we should do is adopt the examples that exist in the marketplace today. And we can go look at them.
My cell phone company has an identity device. It hangs on my waist. It includes location information. They really wrestled with some of the very fundamental issues that I think we've been talking about, but they found at least enough of a viable business for them to go deploy a few phones and make a little revenue off of it, while they continue to address whether or not they're going to share the information with 911 or not. So I think that if there is any sort of piece of information that I can help impart on this is: this is a huge space. Invest time and energy in it because there is revenue to be extracted out of building the services infrastructure that will ultimately enable a much broader marketplace I think for all of us. And that trustworthy computing and trusted computing is really a key enabler of the Internet economy. If we go back and look a couple of years ago at the enthusiasm for the dotcoms, one of the things they were missing was the tools to manage a long-term subscriber relationship. If anyone had really truly been successful in that context and had built a large enough installed base, it would have broken. And you can prove that, because you can look at the television industry, and the television industry has substantially rebuilt the trust infrastructure now three or four times over. From analog filters to analog set-top boxes to digital set-top boxes to now digital media servers. So we're on like the fourth or fifth generation in the television industry of trusted devices, because it didn't make sense at the time to spend the money to do it right. And I think in many aspects we know how to do it right, and in some ways we shouldn't repeat the same exercise. I'm sure they decided not to put security in the first Motorola cell phone, because it costs ten cents, But the phone costs 1200 bucks! I can't believe that they just forgot. It's possible, but highly unlikely. So I think as we invest in the infrastructure for security and the infrastructure for services, let's look at those companies and industries where they're leveraging this type of technology, and recognize how do we go build the tools, customer service models, the key management models, the infrastructure, to generate the revenue and services that will ultimately enable this whole economy to work.
Thank you very much .
So if there are any questions ...
Q: It's not a very clean question yet, maybe you can sort of help me. You said something midway through the presentation that it starts with the devices, which will then sort of pull the service providers out. I'm just trying to figure out where you think the adoption first needs to happen since me as a consumer purchasing a device the benefit for me, either in enhanced services or in security, is only incremental. If someone steals my credit card now, I could change a quite easily. When is going to... does it happen with me or does it happen with the service providers, like where does the adoption happened? Where is the market getting driven? And who is building out the things that you say are necessary to make this so pervasive?
SKS: First off, I think that it happens somewhat in parallel. I think that, as I said at the beginning, I think that it requires some of the big players standing up and saying "this is going to happen." That puts a safety net on the investment that all of us make. Because if we build things eventually we'll catch the wave that they're creating. And that's probably the most important thing. Secondly, I think that in the computing industry, probably the biggest being made is that everybody is looking at this as an enterprise security problem, and it's not. Primarily, it's a consumer security issue, but if we solved consumer security every enterprise will use it. It's guaranteed. But if I create the ultimate device for the DoD and they may buy it and put it in every desktop of the DoD, is it going to help consumers? Most likely not. So, so much of this we've learned and forgotten. Right? To go back in time, was the PC adopted by enterprise or consumer first? It was adopted by the consumer first. And we took it to work, and we plugged it in at work and said, hey you know this works so much better than this minicomputer. I have the ability to put my spreadsheet on it and I can stop using my calculator, which was my enterprise provided calculating tool. So if you look at what are the things that we can do on a peer-to-peer basis, the consumer problem is so much harder to solve. Yet if we solve it, it becomes easy for enterprise to adopt. Enterprise has the wonderful benefit of an IT manager. Right, they can get up in the morning and they can decide we're going to deploy this type of security, they hand everybody a token, they change all the doors in the building, etc. The consumer on the other hand is kind of like, I just want this thing to work. You know, I want my wife to be able to edit the web page because my computer knows the password.
Q: You've described a situation that is clearly global as far as the [the buzz was too loud to hear question]
SKS: But I think we can do some very simple things that make it easy for the consumer. I think some of the very simple applications here are that for the first time my computer, I log into my computer, my computer logs into everything else. We have this perception of hot desking, which I think has gotten us away from the fact that, you know my computer should know everywhere that I like to go, and to remember all the passwords in a secure place. That application, in and of itself, would get broadly used, because we as consumers all know that using the same user ID and password in every single service is not a good idea. And we know this because you can test it. If you go out and do a look at user IDs and passwords, people use the same ID and password everywhere except two places, their bank account and their trading account. There they use different passwords, because they inherently know that they if use the same user ID and password everywhere they went and with the two things that they think do as critical functions that that would be a bad concept. Now they never change their password. But they at least transpose one or two letters and use a slightly different password for their bank account than they use for their e-mail. So I think actually there's some very baseline applications that are very early on in this process that make life easier. And that if we make life easier, then we can begin to deliver more to that platform. We shouldn't confuse however making life easier with saying that the bar is really low for what needs to be delivered. You've got to deliver a lot, because you want to create an installed base that's capable of doing everything you can dream off. And that's why I think things like what Microsoft is marching down the path to do becomes really important, cuz it's really big. At the end if I can write an application and put it on there and it's secure, then it's pretty open and flexible in what it is possible to do. I think the key ultimately to gaining adoption is programability. And there's some really great classic examples of where this has been a phenomenal failure because the lack of it. So the potential merger of EchoStar and DirecTV is going to require the expenditure of many billions of dollars, cuz they're going to have to throw away half of the boxes. Because there's no way to take a DirecTV box and reprogram it to get the EchoStar signal, or vice versa. They're stuck. By merging the two corporations, they take to different security schemes. They're not sufficiently upgradeable in the field. They have to throw away half the boxes. DVD is another really good example, where they shipped it, CSF the security scheme for DVD was broken. They're stuck! The only way to put the genie back in the bottle, is to replace all our DVD players. We don't want that. We want a DVD player that runs security version one, version two, version three, version four, version five. So that if I have a lot of version one disks, I don't want version one replaced by version two, I want it to run version one and version two. Cuz I don't want to get rid of all my old disks. I'll get really pissed if they changed my box and I've got to throw away all my old disks. And if they do this every couple of years, it's bad enough they change formats every decade, if they change security every couple years that would be a really, really big nightmare for us as consumers. So there are ways to accomplish this, and I think there are really good examples to look at in the marketplace today, where we can extract the things that have worked well for them and we can discard the things that have been a real headache for them.
Any other questions?
Q: [the buzz was too loud to hear question]
SKS: Yeah, so, let me give an example. In the Defense Department they have a little problem which is that they have this smart card called a Common Access Card, or a CAC card, and it's finite in its capacity to store stuff. And so the problem of course is that they've got a gazillion legacy systems that been around since the beginning of time, managed on a huge annual contract by IBM and now they want the CAC card to authenticate to the old 3270. Nobody wants to touch the software. So what they're doing is are saying okay, if I take a trusted card, authenticate to the reader, so there's a communication between the card and the reader, and the reader is a secure place, then what I can do is write an application that runs in the reader that is the IBM 3270 login application. And what it does is it talks to a server and everyday gets a new user and password pair over a trusted channel between the chip and that user ID and password server, and so now what they're able to do is have really complex 64 character or however long the 3270 would handle. They can change the user IDs and passwords every day. They have all those account management tools. They just automate that with a very simple box. And now my certificate base card logs into my reader, my reader says Ah, I've got the passcode for the day, it logs me into the 3270 and I'm off and running. And so they're able in this way to leverage the reader to build applications in essence as middleware, to transpose between an existing smart card and a legacy system without having to touch the legacy system. And that gives them a lot of flexibility in what they can do.
Q: [the buzz was too loud to hear question]
SKS: So let's use, let's say I want to go shopping in the cybercafe. So what I want is an encrypted copy of my wallet on the network. One that can be stored, managed, etc., where the data that's in the network is encrypted. Now I can pull it down to my trusted device, where it's been decrypted based upon the authentication code that I travel with. So my smart card has my ID key on it. I walk in type my PIN number into a trusted keyboard, that says okay here's my PIN number, go to the server and fetch my wallet, download my wallet into the trusted device and now I can act on it.
Q: [the buzz was too loud to hear question]
SKS: Well, then it's just like going out here where your user ID and password are being captured by a virus running on the machines out here, because you don't know. Right? We don't know. You don't run a virus checker before you sit down at the machine. It's been my belief since the beginning of time that if you want to make the most money, you rent all the computer at conferences,.you collect all the key people in the industry's emails, user IDs and passwords, and a you make as heck of a lot more money trading on that information than you can on just about anything else. Right? So we all ought to go into the PC rental business. Cuz the PC sitting outside the doors at Comdex is probably pretty low hanging fruit. And that's just a challenge. So how do we take a public terminal. That's probably one of the biggest challenges. And you really can have fun if you know anything about how PCs and the browsers and all this kind of stuff work. You know, if you walk into Fry's where they've got a terminal sitting there, and ask it for the history of web pages the guy's been to. And you just go back four or five in history, you can login to their trading account nine times out of ten, because they click the little box that says remember my user ID and password and the machine remembered it. And it was by no fault of the user other than they just didn't quite really know what they were doing. And it logs my password as I type it in, so if somebody has flipped that switch on in a public terminal, it will automatically remember passwords. Come back a day later, you can log into anybody's account that was previously on the terminal. So, providing the tools so that it's possible to have a public terminal, I think is very important. And then it won't take long for us to figure out that we want to go to a cybercafe that has trusted terminals versus a cybercafe that has regular terminals. And we think actually this is one of the really strong selling components, which is you got a choice. You can buy regular computer. Or you can buy a secure computer. You're going to be given that choice. Sometime in the course of the next 12 to 18 months, you'll walk into a computer store and make that choice. In the case of France, you're going to be able to make that choice starting this fall. Which one are you going to buy? Well if the difference in price is zero, we think it's a pretty easy decision. And the market researchers said if you take your wife along with you, she'll spend up to $150. The typical person will spend somewhere around 25 and $50 more for a PC. And they're willing to spend it. And it's the number three most important application, following processor speed and hard disk capacity. So most of the tests we run to ask on the future set is security important, you haven't explained to them what security is yet. The market research feedback that we got back, the group that did it, said we haven't seen results like this since they tested for putting air bags in cars. Same kind of thing. Do you want a passenger side airbag or no passenger side airbag? Depends upon whether you're married or not. I bought a car when that was the case when passenger air bags were optional and you're sitting in the little chair and your wife is sitting next to you and they say, well, would you like an optional passenger side airbag? Depends upon how your relationship is.
Any other questions?
Well thank you very much for your time. And I think we got us caught back up on schedule.