With Brian Berger, executive vice president, marketing and sales for Wave Systems and marketing chair for the Trusted Computing Group. In late September, the group unveiled "use-cases" that describe secure ways in which to implement features and functions of mobile devices.
Question: Can you describe the announcement The Trusted Computing Group recently made?
Berger: The Trusted Computer Group has released use-cases for potential uses of security in mobile phones. The reason that we released use-cases — which is a pre-release of information prior to a spec, but not a spec — is that we wanted to share what the TCG is doing in mobility and solicit feedback. We felt it is very important from an organizational standpoint to be
Question: Why did TCG — which has initiatives in a number of areas — decide to focus on mobile computing?
Berger: There is public information about viruses starting to be addressed in mobile phones, public information about people who lose their phones [and valuable data]. Mobile phones are getting more sophisticated. Things like Blackberrys and RIM devices and Treos are used to go on private networks of organizations to get e-mails. The amount of security on those devices is quite low. If I have a Blackberry and you pick it up, you can read my e-mail. People are using these devices for more than making phone calls. You have a device that's pretty powerful, e-commerce is being deployed throughout world... The need for security for privacy and e-commerce is growing. You have two market segments being addressed. One is the consumer, one is the corporate user. When you look at business uses of mobile phones, you have regulatory and compliance [concerns].
Question: How will the use-cases be utilized?
Berger: The specifications will be building blocks on how to enable phones with hardware security. So you look at use-cases. Organizations say, "What's this used for?" We make sure we've covered as many of the potential uses as possible. That's what we published. The specification will be released in the first half of 2006. That will go public and anybody can download it from the TCG Web site. The development of the spec is done by the membership. It doesn't specify how the third party does it. We're not an organization that stands over the users and tells them how to do it. We give them the tools to do it. We publish a spec that is free and available for the market to use. We enable the technology. We don't do certification or compliance testing.
This 3 Questions originally appeared in a weekly report from IT Business Edge.