Compaq, Hewlett Packard, IBM, Intel, and Microsoft Announce Open Alliance to Build Trust and Security into PCs for e-business

Trusted Computing Platform Alliance Invites Companies to Join

Select a topic or year

NEW YORK - 11 Oct 1999: -- Compaq, Hewlett Packard, IBM, Intel, and Microsoft today announced the formation of the Trusted Computing Platform Alliance (TCPA), an industry group focused on building confidence and trust of computing platforms in e-business transactions by creating an industry standard for security technologies in personal computing environments.

The alliance's mission is the development of a new hardware and software specification that will enable technology companies to offer a more trusted and secure personal computer platform based on common standards. The five members are inviting other companies to join the TCPA and participate in the development of the new specification.

According to a recent report by Forrester Research, business-to-business trade on the Internet will surge from $43 billion in 1998 to $1.3 trillion in 2003.1 With its focus on simplifying the deployment, use, and manageability of security technologies, the TCPA will enable more trust in existing e-business, while paving the way for e-business opportunities that may not exist today.

"Security solutions, which must be designed from top to bottom, not incrementally, will become more critical to e-business as security concerns increase,'' said David Farber, the Alfred Fitler Moore Professor of telecommunications systems, at the University of Pennsylvania. "With the formation of the Trusted Computing Platform Alliance and by making it open to broad industry participation, I believe that the TCPA will benefit the whole information technology industry by enabling a more secure solution to doing business on the Internet.''

"The widespread adoption of internet-based electronic commerce will depend on significant improvements in the security capabilities of current PCs,'' said Brian Gladman, a U.K.-based independent security consultant, well-known in Europe. "I am delighted to find that the Trusted Computing Platform Alliance is investing is such developments by fostering international, industry-wide cooperation on the requirements and technologies needed for a truly secure computing platform.''

An overriding security problem for companies as they manage networks of personal computers is that they lack a standard set of system hardware-based functions needed to establish trust on the platform. Companies need a common standard to simplify the way they deploy, use, and manage security elements on personal computers.

Numerous technologies, products, services and standards address the issue of security, such as X.509, IPSEC, IKE, VPN, PKI, smart cards, biometrics, S/MIME, and SSL, but the goal of the new alliance is to create a base-level security standard that would complement existing technologies, and enhance security at the level of the platform hardware, BIOS, and operating system. Such a standard does not currently exist.

The alliance aims to create a specification proposal by the second half of 2000, to be licensed openly to the industry through appropriate verification and implementation processes.

The specification will help to define security operations in several critical areas. Examples of areas under investigation by the alliance include secure storage of confidential information, generation of random numbers used to create public and private encryption keys and electronic signing of data used to authenticate the identity of the sender. Recognizing that privacy is extremely important, the TCPA specification will allow a computer owner to maintain complete control over information contained by the system. In addition, the group is investigating how to build stronger integrity into systems by enhancing virus detection to validate beyond the software level; check the hardware BIOS, master boot record and operating system; and supply platform integrity information.

The alliance is inviting participation by new members in defining these and other areas of the specification. For more information about joining the Trusted Computing Platform Alliance, see its web site at

# # #