Wei Dai <[EMAIL PROTECTED]> writes:
>On Tue, Mar 28, 2000 at 04:16:39PM -0500, Peter Gutmann wrote:
>>(For people who don't know what EMBASSY is, it's a kind of combination of
>> Clipper and DIVX, although recently they've tried to deemphasise this since
>> noone was buying it - see earlier posts to cypherpunks on this topic. Maybe
>> the press release wasn't by Wave after all but set up by Intel to make their
>> PIII serial number look good in comparison).
>
>I couldn't find the earlier posts on this subject.
I've included my original message below.
>It certainly looks very, very bad.
That's the toned-down version, you should have seen what their pages
originally contained.
Peter.
-- Snip --
An EMBASSY is a complete cryptographic and usage measurement system
integrated into hardware on the client PC. It is designed to provide
metered access to executables and information by authorized users, and
host specially programmed services in a secure, tamper-proof environment.
The system is based on symmetric crypto implemented in a proprietary ASIC.
The way it works is that Wave Systems preloads a 3DES key and unique ID into
each chip when it's made. The chip then periodically contacts Wave's central
server to submit updates about what your system is doing. It's possible to
load Wave-approved code (protected with a 3DES MAC) into the thing, for
example by downloading it over the net and loading it into the device on the
fly. It doesn't look like there's any inter-app protection for code running
in the device.
The online communications side (WaveNet) is split into two facilities, the
Transaction Gateway (which handles general comms with the device) and the
Information Clearing House (which tracks usage and handles metering and
billing).
Worldwide use of cryptography requires balance between government
regulations and business needs. [...] The VerSecure architecture involves
enabling the cryptographic attributes allowed by the country of import
(physical machine location.) Because the device is registered with the
country of import, these attributes can manage the ever-changing government
regulations, meet the needs of enterprises, developers and government bodies
They claim HP is a partner in this, so it at least this part of it looks like
the dying gasp of HP's ICF experiment of a few years ago.
They're selling the design as a standard macro cell for integration into
existing chips, one place where you'd put it is in the general-purpose I/O
chips which handle keyboard/serial port/parallel port I/O (they're claiming
SMSC and ITE have signed up to put it in their chipsets so you'd see them
appearing in things like http://www.smsc.com/main/catalog/ultra.html, although
I couldn't find any indication on their websites that they're supporting the
Wave stuff).
These guys are selling a dongle/Clipper chip/PentiumIII-processor-ID/potential
keyboard sniffer/serial line sniffer all rolled into one, and they're expecting
people to pay money to have them fitted to their PC's. All that's left for
them to do is to figure out how to make them carcinogenic. More information at
http://www.wavesys.com/embassy.html.
