IP: Trusted Computing Platform Alliance Invites Companies to Join

[David Farber <farber () cis upenn edu>]

(IBM/CQ/HP/IBM/INTEL/MSOFT)(IBM) Compaq, Hewlett Packard, IBM, Intel,
and Microsoft Announce Open Alliance to Build Trust and Security into PCs
for e-Business

     Business/High-Tech Editors

     NEW YORK--(BUSINESS WIRE)--Oct. 11, 1999--


Trusted Computing Platform Alliance Invites Companies to Join


     Compaq, Hewlett Packard, IBM, Intel, and Microsoft today announced the
formation of the Trusted Computing Platform Alliance (TCPA), an industry
group focused on building confidence and trust of computing platforms in
e-business transactions by creating an industry standard for security
technologies in personal computing environments.



     The alliance's mission is the development of a new hardware and software
specification that will enable technology companies to offer a more trusted
and secure personal computer platform based on common standards. The five
members are inviting other companies to join the TCPA and participate in the
development of the new specification.



     According to a recent report by Forrester Research, business-to-business
trade on the Internet will surge from $43 billion in 1998 to $1.3 trillion
in 2003.1 With its focus on simplifying the deployment, use, and
manageability of security technologies, the TCPA will enable more trust in
existing e-business, while paving the way for e-business opportunities that
may not exist today.



     "Security solutions, which must be designed from top to bottom, not
incrementally, will become more critical to e-business as security concerns
increase," said David Farber, the Alfred Fitler Moore Professor of
telecommunications systems, at the University of Pennsylvania. "With the
formation of the Trusted Computing Platform Alliance and by making it open
to broad industry participation, I believe that the TCPA will benefit the
whole information technology industry by enabling a more secure solution to
doing business on the Internet."


     "The widespread adoption of internet-based electronic commerce will
depend on significant improvements in the security capabilities of current
PCs," said Brian Gladman, a U.K.-based independent security consultant,
well-known in Europe. "I am delighted to find that the Trusted Computing
Platform Alliance is investing is such developments by fostering
international, industry-wide cooperation on the requirements and
technologies needed for a truly secure computing platform."



     An overriding security problem for companies as they manage networks of
personal computers is that they lack a standard set of system hardware-based
functions needed to establish trust on the platform. Companies need a common
standard to simplify the way they deploy, use, and manage security elements
on personal computers.



     Numerous technologies, products, services and standards address the
issue of security, such as X.509, IPSEC, IKE, VPN, PKI, smart cards,
biometrics, S/MIME, and SSL, but the goal of the new alliance is to create a
base-level security standard that would complement existing technologies,
and enhance security at the level of the platform hardware, BIOS, and
operating system. Such a standard does not currently exist.



     The alliance aims to create a specification proposal by the second half
of 2000, to be licensed openly to the industry through appropriate
verification and implementation processes.



     The specification will help to define security operations in several
critical areas. Examples of areas under investigation by the alliance
include secure storage of confidential information, generation of random
numbers used to create public and private encryption keys and electronic
signing of data used to authenticate the identity of the sender. Recognizing
that privacy is extremely important, the TCPA specification will allow a
computer owner to maintain complete control over information contained by
the system. In addition, the group is investigating how to build stronger
integrity into systems by enhancing virus detection to validate beyond the
software level; check the hardware BIOS, master boot record and operating
system; and supply platform integrity information.



     The alliance is inviting participation by new members in defining these
and other areas of the specification. For more information about joining the
Trusted Computing Platform Alliance, see its web site at
http://www.trustedpc.org