In the computing industry’s decades-old arms race against hackers and pirates, the bad guys continually find and exploit holes in security software, and the good guys rush in to patch them. Now for the first time, companies are rolling out a hardware-based security technology that promises to change the fundamental architecture of the personal computer. Whether the security technology threatens users’ control over their own software and data, however, remains a hotly contested concern.An industry consortium that includes IBM, Intel, Hewlett-Packard, and Microsoft has created specifications for a new microchip that-independent of a computer’s main processor-would store special keys for encrypting and decrypting data. Keys stored on a separate chip are beyond the reach of hacker software, so they can keep encrypted data secure. “It’s like having a little safe inside your PC,” says Bob Meinschein, an engineering manager at Intel Research and member of the technical committee of the companies’ Trusted Computing Platform Alliance, formed in 1999.
Since last June, IBM has been selling computers that incorporate the chips, and the company expects that the chips will eventually be in smaller computing devices such as personal digital assistants and cell phones. Microsoft has gone a step further and is developing a related but independent approach dubbed Palladium. That technology incorporates both Microsoft’s own designs for special hardware and a new “nexus,” a trusted suboperating system that will run programs configured to take advantage of the hardware. It will be included in future versions of the company’s Windows operating system.
The heart of both schemes is a special microchip, a tiny Fort Knox for secret data, that includes mathematical keys to encrypt and decrypt information so that no one but the machine’s authorized user can read it. (Computers today routinely handle such encryption when they send credit card information over the Web, but most computers store keys on their hard drives, which are highly vulnerable to hackers.) And this chip doesn’t simply store secrets; it also takes over basic cryptographic operations, so software configured to take advantage of the chip’s capabilities can ask the chip to encrypt data on its computer’s hard drive. Because each chip would come with unique encryption keys, encrypted information would be accessible only to the program and the computer that originally sealed it.