RealTime IT News

IT Heavies Unveil Mobile Spec

SAN FRANCISCO -- Three companies heavily steeped in the mobile world have initiated work on a new specification designed for future wireless data services.

NTT DoCoMo , IBM and Intel are spearheading the new architecture called "Trusted Mobile Platform." The initiative includes nearly 300 pages of documentation hardware and software architecture requirements, as well as protocol specifications.

The goal, say executives, is to advance the number of mobile-commerce services, such as electronic tickets and e-wallets for online purchases by making the infrastructure more secure.

"Mobile security is more than just protecting against new viruses, worms and attacks; it's about protecting critical business assets and information," Alistair Rennie, vice president of sales and marketing for IBM Pervasive Computing, said in a statement. "[We are] working to bring security specifications, such as the Trusted Mobile Platform, to standards bodies with the hope security will become more embedded across a broad range of business systems."

Similar to the PC industry's recent collaboration behind Microsoft's Service Pack 2 for its Windows XP operating system, chipmakers and mobile hardware manufacturers are beginning to see the benefits of a two-pronged hardware/software defense against viruses (now popping up in handsets and PDAs) and software attacks.

Each player said it brings a key ingredient to the table. NTT DoCoMo has its knowledge of wireless networks. Intel said it knows silicon and architecting wireless devices. IBM rounds out the rest, contributing its vast experience in business security and pervasive computing.

The Trusted Mobile Platform focuses on security techniques and applies them to the hardware and software architectures to define a trusted execution environment that protects the device at boot time and during run time.

For example, the companies have outlined several hardware requirements, including basic processor requirements and information on DMA Controllers, SIMs, Platform root of trust, Trusted Boot, and Cryptographic Engines. The software profiles include Algorithms and Modes of operation, one-way Hash Function and MAC, Pseudo Random Number Generator (PRNG) and higher level APIs.

In addition, Trusted Mobile Platform has defined a protocol that allows the security state of a device to be shared with other devices in the network. The specification sheets offer an example ticket purchasing protocol with various enterprise and consumer scenarios. The specification also covers how to apply several Web services standards, including WS-Security Profiles, WS-Trust, XML requirements and SOAP Message Structure.

The partners said they will now wait for an industry review of the specifications, architectures and protocols before submitting it for official review before the various standards bodies.