Group Developing Standards For Secure Cell Phone Hardware
The Trusted Computing Group plans to deliver a spec before June for functions including device authentication, third-party digital rights management, and software downloads.
SAN JOSE, Calif. An ad hoc industry group has taken its first step toward delivering in the first half of 2006 a hardware-security standard for cellphones.
The Trusted Computing Group released 11 user scenarios that are the basis for the spec it will release before next June.
The TCG established a standard for verifying the integrity of PCs more than a year ago. It specifies use of a security device, called the Trusted Platform Module (TPM), that creates cryptographic keys to identify a system’s integrity and provide secure data storage and execution space as needed. Developing a version of that spec for the more complex mobile sector has so far proved slow going.
That is due in part to the wide variety and diversity of stakeholders in the cellular industry. Active members in the TCG’s mobile work group include Authentec, Ericsson, France Telecom, IBM, Infineon, Intel, Lenovo, Motorola, Nokia, Philips, Samsung, Sony, STMicroelectronics, Texas Instruments, VeriSign, Vodaphone and Wave Systems.
The group has developed 11 user scenarios to guide its parallel efforts on drafting technical requirements and the final spec itself. The specification is currently about 70-percent complete, according to Janne Uusilehto, a senior technology manager in Nokia Corp.’s technology platforms group who chairs the TCG mobile group.
That draft differs from the existing PC spec in two major ways. While PCs have generally chosen to implement the TPM as a standalone chip, cellphones will likely embed the function in a block inside an existing chip. In addition, PC users have the option of turning off all TPM functions; however, cellphone users will not be able to turn off certain base security functions required by carriers or service providers, said Uusilehto.
Using the TCG’s technology, cellphones will be able to provide hardware-backed security for functions such as device authentication, third-party digital rights management and software downloads. A full list of the 11 user scenarios is at www.trustedcomputinggroup.org.
The technology is expected to open several doors, including encouraging premium content owners such as music studios to release their products to mobile phones via over-the-air services. Currently, studios are reluctant to release content to phones, fearing piracy.
“This spec will go a long way to addressing that,” said Thomas Hardjono, a TCG member and a principal scientist at VeriSign, which recently acquired businesses that sells ringtones and wallpaper for cellphones and hopes to begin selling full music tracks as well.
The technology has been presented to studios by at least one TCG member company. However, TCG members would not comment on the studio’s reception to the mobile spec to date.
The new spec “gives us an opportunity to have multiple sources of interoperable hardware that integrate these security services,” said Uusilehto of Nokia. “Because it is an open spec we also get the benefit of a wide review from industry security specialists, and the customers wind up with more reliable handsets,” he added.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2018 State of the CloudCloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
The Next Generation of IT SupportThe workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device