David G. Koontz
Sat, 30 Jun 2007 05:53:50 -0700
Looking for TPM enterprise adoption. The current version of TPM was adopted in March o f 2006, which should have limited TPM up take. There's an article in Network World http://www.networkworld.com/allstar/2006/092506-chip-security-papa-gino.html from September 2006 talking about a restaurant chain being a pioneer in the use of TPM, apparently a poster boy for Dell. There's also http://www.fcw.com/article95422-07-26-06-Web July 26, 2006, talking about the Army mandating TPM in all their small computers (PCs), a relatively large enterprise customer. A 10-Q filed by Wave Systems in May provides providence for the numbers quoted in NVLabs abstract on their TPM breaker: http://sec.edgar-online.com/2007/05/10/0001104659-07-038339/Section9.asp † Adoption of TPMs and Trusted Computing technology is also growing - according to industry analyst, IDC, shipments of TPMs are expected to grow from under 25 million units in 2005 to over 250 million units in 2010. More information is available from the IT Compliance Institute. (looking at the IT Compliance Institute doesn't seem to help) The IDC is the quoted source for TPM adoption, figuring prominently on the trudedcomputingroup.org web site and articles derived from publicity. There's an Executive Summary from IDC: https://www.trustedcomputinggroup.org/news/Industry_Data/IDC_448_Web.pdf Predicting TPM 75 percent penetration for world wide Desktop PCs in 2009, 85 percent for mobile computing, and 80 percent for servers. The only other data point is for 2005, showing a couple of percent for Desktop PC, three percent for Servers, and 37 percent for mobile PCs There's a claim the Bitlocker in Vista provided the tipping point for TPM uptake in: http://www.investors.com/editorial/IBDArticles.asp?artsec=17&issue=20070306 The IDC reference is "Worldwide PC Interface and Technologies 2007-2010 Forecast" February 2007, Doc #205155, a Market Analysis http://idc.com/getdoc.jsp?containerId=205155 At $4500, a bit steep for curiosity's sake. TPM is the focus of a chapter or section on Security, as seen in the table of contents The Papa Gino's Restaurants example for Network World,is indeed a Dell real world example, one of several mentioned: https://www.trustedcomputinggroup.org/news/Industry_Data/Endpoint_Technologies_Associates_TCG_report_Jan_29_2007.pdf The real world examples include a Japanese pharmaceutical company with 20,000 seats Papa Gino's Pizzas A US auto rental agency of indeterminate size using HP's security solution. Three projects underway in Japan, the Japanese Ministry of Economy, Trade and Industry funded security initiatives for: Sendai Wellness Consortium (sounds like an HMO) IBM's Tokyo Research Laboratory Nagoya University Medical Center The size of these aren't known, but should qualify as respectably sized enterprises. This paper is from Endpoint Technologies, again and intended to allay naysayers of Trusted Computing adoption rates: Some market watchers may feel that the entire Trusted Computing movement, championed by the Trusted Computing Group (TCG) with its Trusted Platform Module (TPM) and related security technologies, is just a straw man and that it will be years before large numbers of companies and even individuals adopt TPM based secure computing. For example, IDC cites, in "Trusted Platform Module: Adoption Dynamics," August 30, 2006, a complex system dynamics model that shows that only the PC hardware OEMs and the smallest security vendors are fully engaged with the TPM, and that Microsoft and the major security players remain at best tepid in their support. Particularly, the authors cite a lack of user pull in TPM deployment. They conclude that, although many TPM modules will ship on client systems over the next few years, most will remain inactive. [There's also anecdotal evidence IDC hasn't always had their cheery outlook for TPM uptake.] There are other developments mentioned in the paper: The NSA uses TPM for encrypted disk drives The US Army is mentioned herein requiring TPM on PCs The Federal Deposit Insurance Corporation has recommended that their member banks adopt TPM. Also, Microsoft appears to have actually jumped on the TPM bandwagon, supplying impetous over the tipping point: http://www.pc.ibm.com/us/pdf/idc_compliance_whitepaper.pdf February 2005, Validation of Hardware Security in PC Clients, sponsored by IBM and Microsoft TPM is pretty much required for PC biometric authentication (fingerprints) There are a few more poster children marched out: A large international pharmaceutical company (perhaps different from above) A Large Apparel Manufacturer, mentions Sarbannes-Oxley, and fingerprint access. We're being underwhelmed with hard numbers and numerous examples of enterprise adoption. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]