Microsoft Security Chip Open to Discussion

BARCELONA -- Microsoft would be prepared to license the intellectual property for its proposed Palladium security chip to any software manufacturer, but certification of that software would be essential if the system is to work, the company's U.K. chief security officer Stuart Okin said last week.

"Last week, details of Palladium were leaked, or squirreled out by a journalist," Okin said, speaking at Microsoft's Tech Ed conference here. "This is still at a consultation mode and we will issue white papers by the end of the month, and ask for feedback. So nothing is certain yet."

Chipping In

Palladium is a security technology that would change the fundamental architecture of a PC, with a security chip installed to ensure security and control what software is run.

"It's a combination of hardware and software, a security chip and a public and private key system," he said. "It's designed to guarantee privacy, and to guarantee that if you get rogue software on the machine it'll be moved to a vaulted environment where it can't affect the rest."

This sort of development is necessary if the Internet is to reach its full potential, he said.

"We want people transacting millions of dollars, millions of euros, over open systems, and for that to happen you have to be able to guarantee a source. And that takes a combination of hardware and software," Okin said.

Necessary Restrictions

While Palladium would be very powerful in terms of digital rights management, able to tell whether software is licensed, or digital files copied, "its prime function is to ensure security and privacy," he said.

For that to happen, a degree of software restriction is necessary, he said.

"We'll release white papers at the end of the month, and I'd ask people to wait until then, until we have a chance to get feedback. One thing I can guarantee is that it will be 'off' by default, an opt-in technology," he said. "It will live or die by user acceptance."

Advanced Micro Devices and Intel are working with Microsoft on the idea and have been "very supportive and interested," Okin said. "But there won't be hardware on the market until 2004, 2005, and it'll probably be another two years beyond that before applications are developed."

More Trustworthy

Okin's position was created four months ago as part of Microsoft's push to "Trustworthy Computing." He acknowledges that the first thing security managers say to him when they meet is "You've got a bad image on security."

"But then they acknowledge that, in fact, we're no better or worse than anyone else, and they are glad we're now talking to them and listening."

Okin disputes any suggestion that Microsoft has been slow to look at security. "It's a subject that's come to the fore recently. The U.K.'s National High Tech Crime Unit has only been running 18 months. The user community has altered enormously in two years--it's not just 20-year-olds now--and that's changed the focus. And then there have been viruses, and reports about security in the press. It's just become high profile now."

The U.K. now has about 15 people dedicated to improving Microsoft's security record, working with developers, vendors and customers, Okin said. Other European subsidiaries may follow suit, depending on their size, he said.