Microsoft wants to change the fundamental architecture of the PC, adding security hardware to a future release of its Windows operating system, the company acknowledged Monday, after a media report and an analyst briefed by the company said as much.
The company wants future PCs to contain a security technology called Palladium, and is in discussion with Intel and AMD, among other players, to develop the chips to enable this, according to a report in the 1 July issue of Newsweek magazine published earlier this week on the MSNBC website, which is part-owned by Microsoft.
Palladium "is really about security, privacy and system integrity", said Mario Juarez, group product manager for the content security business unit at Microsoft. "We're talking here about rearchitecting the PC platform."
The new architecture, as described by Juarez, would see an encryption security chip added to PCs and APIs (application program interfaces) created to allow programs to be written to take advantage of Palladium. Palladium may also cover chipsets, graphics processors and USB input/output systems.
Though Intel and AMD have been involved in design discussions to ensure that Palladium will work with existing processor architectures, it is too early to say whether they will manufacture the encryption chip. Other companies have also been involved in the design of the system and will continue to be part of the process.
Palladium will create a secure space within a PC in which users will be able to run applications and store data. The secure space will not be accessible to the rest of the PC, meaning that a virus infecting the non-Palladium part of the computer could not make its way into the secure area, Juarez said.
The timeframe for Palladium's inclusion in Windows is uncertain as the initiative is only in its early stages, according to Juarez.
Among possible applications of the technology are authentication of communications and code, data encryption, privacy control and DRM (digital rights management), according to the Newsweek report. Microsoft was awarded a US patent on a "digital rights management operating system" in December 2001, though Juarez could not definitely say the patent was directly related to Palladium.
The system comprises three components: an authentication system; hardware chips; and software, called the 'nub', that handles the security tasks, according to Martin Reynolds, a research fellow with market analysis firm Gartner, who has been briefed on Palladium by Microsoft.
The three components will work parallel to the operating system, with security tasks shunted from the operating system to the Palladium system, rather than as an integrated part of it, he said. Palladium is a security foundation upon which to build other security features more than a system itself, he added.
As such, Palladium "is a very clever system", Reynolds said, "you can't crack it in the conventional sense."
Conventional cracking of the technology would be difficult because when a hacker tries to forge or attack the digital signatures used in the authentication component, the nub loses its encryption keys, stopping the system from communicating.
"It's not impossible [to crack]," says Reynolds. However it would likely have to be done one machine at a time and in hardware, rather than software, he explained.
"Palladium does have the ability to give us truly secure PCs," he said. "Once we have security, do we want it?" he asked, anticipating possible user concerns about privacy and digital rights management.
Consumers are unlikely to be pleased about Palladium's DRM features, though "if you're the Hollywood people, you're thrilled", he said.
"This system looks a lot like Hailstorm [a codename for an early version of Microsoft's .Net services] recreated," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Centre, a non-profit internet-user rights group based in Washington DC.
"It's not good for consumers. Anything with verification and DRM limits consumers' ability to control their behaviour," he said.
While most talk of DRM revolves around music, Bill Gates sees it as more useful for controlling email: Palladium could be used to limit forwarding of messages, or to make them unreadable after a certain time interval has elapsed, the Newsweek report said.
The technology needs to be widespread in order to be useful: 100 million devices will have to be shipped "before it really makes a difference", the report quotes Microsoft vice president Will Poole as saying.
When asked whether users would be required to run Windows in order to take advantage of Palladium's features, Juarez replied, "The short answer is 'yeah'."
That doesn't mean that all other platforms will be excluded, however.
"We understand the importance of being inclusive," he said. "We do not want this to be seen as a Microsoft-only initiative.
"Our goal is to be as inclusive as possible," continued Juarez, adding that other platforms would likely see some level of interoperability.
To facilitate that broader support, Microsoft will be working with other companies, both in the hardware and software markets, as well as listening to feedback from users, Juarez said.