Transcript Document

Global Press
November 14, 2006
Brian Berger
EVP Marketing & Sales
Wave Systems Corp.
TCG Director & Marketing Chair
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #1
Who is TCG?
• The Trusted Computing Group (TCG) is a Industry
Standards Group
• The TCG develops Specifications amongst it members
– Upon Specification completion, the TCG then publishes these
Specifications on the public side our Website.
– Anyone may use the Specifications once they are published
• The TCG markets the specifications and uses membership
implementations as examples of the use of TCG
Technology.
• The TCG is organized into a Work Group model whereby
experts from each technology category can work together to
develop the Specifications
– This enables competitors and collaborators a neutral
environment for developing industry best capabilities that are
vendor neutral and interoperable.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #2
TCG Mission
Develop and promote open, vendor-neutral, industry
standard specifications for trusted computing building blocks
and software interfaces across multiple platforms
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #3
TCG Membership
150 Total Members as of November, 2006
8 Promoter, 86 Contributor, 56 Adopter
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #4
TCG Membership
150 Total Members as of October 17, 2006
8 Promoter, 86 Contributor, 56 Adopter
Promoters
AMD
Hewlett-Packard
IBM
Infineon
Intel Corporation
Lenovo
Microsoft
Sun Microsystems, Inc.
Contributors
3Com
Agere Systems
American Megatrends, Inc.
ARM
Atmel
AuthenTec, Inc.
AVAYA
Broadcom Corporation
Certicom Corp.
Check Point Software , Inc.
Citrix Systems, Inc
Dartmouth College
Decru
Dell, Inc.
Emulex Design and Manufacturing
Endforce, Inc.
Ericsson Mobile Platforms AB
ETRI
Extreme Networks
F5 Networks
France Telecom Group
Freescale Semiconductor
Fujitsu Limited
Fujitsu Siemens Computers
Gemalto
General Dynamics C4 Systems
Giesecke & Devrient
Hitachi, Ltd.
Industrial Tech. Research Institute
Contributors
Infoblox
InfoExpress, Inc.
InterDigital Communications
iPass
ITE Tech Inc.
Juniper Networks, Inc.
Lancope, Inc.
Lexar Media, Inc.
Lexmark International
Lockheed Martin
LSI Logic
Lucent
M-Systems Flash Disk Pioneers
Marvell Semiconductor, Inc.
Maxtor Corporation
Mirage Networks
Motorola Inc.
NEC
Neoscale Systems
Nokia
Nortel Networks
NTRU Cryptosystems, Inc.
NVIDIA
NXP Semiconductors
Phoenix
Pointsec Mobile Technologies
Quantum Corporation
Renesas Technology Corp.
Ricoh Company LTD
RSA Security, Inc.
Contributors
SafeNet, Inc.
SanDisk Corporation
SCM Microsystems, Inc.
Seagate Technology
SECUDE IT Security GmbH
Siemens AG
SignaCert, Inc.
Sinosun Technology Co., Ltd.
SMSC
Sony Corporation
StillSecure
STMicroelectronics
Symantec
Symbian Ltd
Toshiba Corporation
Trend Micro
TriCipher, Inc.
Unisys
UPEK, Inc.
Utimaco Safeware AG
VeriSign, Inc.
Vernier Networks
VMware, Inc.
Vodafone Group Services LTD
Wave Systems
Western Digital
Winbond Electronics Corporation
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #5
TCG Membership
150 Total Members as of October 17, 2006
8 Promoter, 86 Contributor, 56 Adopter
Adopters
Advanced Network Technology Laboratories
Aircuve
Apani Networks
Applied Identity, Inc.
ATI Technologies Inc.
BlueRISC, Inc.
Bluesocket Inc
Bradford Networks
CPR Tools, Inc.
Dai Nippon Printing Co., Ltd.
Feature Integration Technology, Inc.
Fiberlink Communications
ForeScout Technologies
Fortinet Inc.
GuardianEdge
ICT Economic Impact, Ltd.
Identity Engines
Infosec Corporation
Innerwall, Inc.
Insight International Corp
Insyde Software Corp.
Integrated Technology Express Inc.
Kaspersky Lab
Konica Minolta
LANDesk Software
Lockdown Networks
Adopters
Meganet Corporation
Meru Networks
O2 Micro
OPSWAT Inc.
Oxford Semiconductor
PatchLink Corporation
Q1 Labs
Ruijie Networks Ltd
SafeBoot
Safend LTD.
Secure Elements
Senforce Technologies, Inc
SII Network Systems Inc.
Silicon Integrated Systems Corp.
Silicon Storage Technology, Inc.
Sirrix AG Security Technologies
Softex, Inc.
Soliton Systems K.K.
StepNexus, Inc
Symwave
Telemidic Co. Ltd.
Trapeze Networks, Inc.
Trust Digital
Trusted Network Technologies
ULi Electronics Inc.
Universal Data Protection Corporation
Valicore Technologies, Inc.
ViaSat, Inc.
Websense, Inc.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #6
TCG: The “BIG” Picture
Desktops &
Notebooks
Mobile
Phones
Applications
•Software Stack
•Operating Systems
•Web Services
•Authentication
•Data Protection
TCG
Standards
Networking
Applications
& Gear
Storage
Servers
Security
Hardware
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #7
Terminology and Descriptions
•
TPM (Trusted Platform Module)
– A set of security building blocks integrated in
products as discrete silicon or integrated
multifunction products
• e.g. Discrete TPM 1.2, IO, Gig-Ethernet
•
TNC (Trusted Network Connect)
– Open, vendor neutral, interoperable, public building
blocks for end-point integrity and network security.
• NAC – Network Access Control
•
Storage
– Media used to store information. In the context of
TCG Storage is a category of technology that uses
the TCG capabilities
•
Mobile
– Mobile is a category of development work being done
by the leading mobile products and services
providers to provide mobile product implementations
of a TCG capability.
•
•
TCG (Trusted Computing Group)
Trusted Platform
– A product that is built using TCG specifications
implemented by product companies.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #8
International Presence
• BOD Structure is global and includes
NORAM, ASEAN and EMEA permanent
seats
• International outreach
–
–
–
–
–
–
China Business Community Day (BCD)
Japan RSA Presentation, BCD, Booth on floor
EMEA RSA Presentation, BCD, Booth on floor
EMEA Government outreach - cont.
ASEAN Government outreach – cont.
Other events and regions under consideration.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #9
Security
Strong Authentication and TPMs –
Umbrella Strategy
Password
Software
PKI
Biometrics
+
Password
Smart
Card
+
Password
TPM
+
Password
/
Biometrics
/Smart
Card
Trusted Platform Module
Solution Value
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #10
TPM Module Forecast
(In millions of units shipped)
300
250
200
150
100
50
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
Source: IDC
1999
0
Status Update
• TPM PCs – approximately 20 Million shipped; 50 Million
estimated for 2006
– Virtually all enterprise PC’s have TPMs
• TPM servers shipping
• TPM manufacturers continue to emerge and drive
efficiencies though integration and cost
• TNC Products shipping
• Use Cases released for trusted mobile & storage
– Storage proof of concept demonstration available
• Applications available and shipping with the PCs
• Software Infrastructure Specifications to be released
next week.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #12
Product Implementations
TPM Vendors:
Atmel*
Broadcom*
Infineon*
Sinosun*
STMicroelectronics*
Winbond*
Solutions for:
Data Protection
ID Management
Network Security
802.1X Security
Drive Makers
Seagate
VPN Security
SSO
TCG Solutions:
M-Systems*
NTRU*
Softex* (Omni Pass and Theft Guard)
Utimaco* (SafeGuard)
VeriSign* (Personal Trust Agent)
Wave Systems* (Embassy Trust Suites)
TNC Suppliers
Juniper
HP
Wave Systems
TCG Enabled PC Systems:
Dell (Latitude Notebook and Optiplex Desktop Series)
Fujitsu (LifeBook Notebook & Desktop systems)
HP* (HP Protect Tools)
IBM* (Embedded Systems Solution)
Intel*(Intel® Desktop Board’s – 12X)
Lenovo (T-Series)
Toshiba
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #13
New Specifications - IWG
• To be published the week of November 20th, 2006
• 1) Integrity Management Architecture - provides a
common framework for defining, collecting and reporting
information about the integrity of the hardware and
software components of a trusted platform (one that has
the TPM).
– Integrity information includes values in the TPM within a system,
– files on the system,
– in-memory images
Example: A implementation of TCG’s Trusted Network Connect
(TNC) for network access control, the client trying to attach to
the network might be measured to determine what patches and
antivirus software it has loaded, or checked to see if it has
changed since the last connection.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #14
New Specifications – IWG, cont.
• 2) Platform Trust Services Interface specification defines a
measurement agent to collect, measure and report the
integrity information on the platform, which can be a PC,
mobile phone, server or other device.
Example: Trusted Network Connect architecture is
complimented by enabling an integrity check of the
platform before it is connected to the network.
• Results:
– Detect root kits when used in concert with boot integrity checking
– Identify infected or unauthorized clients.
• 3) Integrity Schema specification provides a common XMLbased data format to facilitate information exchange within
the Integrity Management Architecture and integrates with
Platform Trust Services Interface specification.
– The schema specification covers
• Format for integrity data to be collected and reported
• Format for representing reference measurement of known values
• Format for evaluating the results of platform integrity assessments
– Including reporting of the TPM platform configuration registers
(PCRs).
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #15
Quote’s from the Experts
The availability of a common approach for assurance of
platform integrity and measurement means that users and
administrators are assured of accurate and consistent
reporting
of the platform’s
state,step
enabling
effective the
“These
specifications
are the next
to completing
deployment
ofcapabilities
applicationsofsuch
as network
access
framework
and
the trusted
platform
and
control, essential
managingtopatches,
platform
effectivemonitoring
information
securityintegrity,
intrusion detection, support for forensics and others,”
noted TCG Infrastructure Work Group co-chairs Thomas
Hardjono, CTO, Signacert, and Ned Smith, security
architect, Intel Corporation.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #16
Example: Network Authentication
Domain Controller: MS2003 Server
with Active Directory, Cert Server
Cert Server Provides TPM-based Certificates for
Strong Authentication for VPN, Domain, or Wireless
Computer
Authentication
Using TPM
VPN
Network
Client
User
Authentication
Using Password,
Biometrics, Smart
Card, and/or TPM
TPM
Certificate
VPN Strong
Authentication
- TPM as token Using Password,
Biometrics,
Smart Card
Any TPM-Enabled PC
Fingerprint Reader
Smart Card Reader
Multi-factor authentication
to network with TPM security
TPM Certificate
for VPN
Authentication
Any TPM-Enabled
Laptop
Fingerprint Reader
Smart Card Reader
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #17
TNC Architecture – Existing Support
Access Requestor
Endpoint
Supplicant/VPN Client, etc.
Policy Enforcement
Point
Network Device
FW, Switch, Router, Gateway
Policy Decision
Point
AAA Server, Radius,
Diameter, IIS, etc
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #18
TNC Solution Creates a “Virtual Airlock” for Network
Access & Protection
REMEDIATION
INTEGRITY
CHECK
login
IDENTITY
CHECK
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #19
TCG Storage Use Cases (other examples)
Full Disc Encryption
-Laptop Loss or Theft
-Re-Purposing
ALL
Encrypted
Crypto Key
Management
-End of Life
Crypto
-Disk Erase Enhancement
Chip
DriveLocking
Personal
Video
Recorders
Forensic Logging
DRM Building Blocks
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #20
Why? How? What?
• Why?
– TCG Products are standards based and allow a multi-vendor,
best of breed solution context for IT.
– TCG Technology is not defined as a point solution but rather a
Computing Ecosystem
– Its shipping, it works, its “security” focused on solving realworld issues.
• How?
– TCG Technologies are available form a variety of suppliers and
through traditional channels
• What?
– Buy: PCs with TPM 1.2, Servers with TPM 1.2, Trusted Drive’s,
TNC appliances & applications, Data/ID Management/Key
Back-up/Authentication Software.
– Ask for TCG capable products from your suppliers
– Ask for a system design from your suppliers defining a TCG
technology implementation
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners.
Slide #21