It’s an interesting report and well worth a read.

• In the Exhibit Area
• TCG In Action part 1 and part 2
• Day 2 of TCG in Action
• Finally, a panel discussion recap

I wish I could have found a good excuse to get to go there!

Marlin protects both operator and content provider content during delivery and this protection is ensured within the end consumer product through the combination of the Sockeye Hardened Cryptography solution and the secure, powerful and flexible multi-core architecture of the STi7105.

Marlin seems rather popular in the broadcast world, and is the DRM behind, for instance, the acTVila system for streaming and download of video over the internet and direct to televisions in Japan.

In fact the real motivation behind the deal is an initiative to embed more security in hardware. Intel confidently believes that McAfee’s security technology will help create "hardware-enhanced security."

Given that Intel already have their TXT technology and implement DRTM, I cannot see this one myself. However, thinking a bit more, Intel are trying to get into the mobile and embedded world, and there not just a hardware root of trust is needed, but also runtime protection – I wonder if that’s what Intel see, McAfee providing software and firmware to make jailbreaking difficult or impossible?

Finally, David Lacey makes this suggestion:

So hardware security is certainly coming our way, though it might not take the form initially suggested by an Intel/McAfee merger. In fact, a smarter and cheaper option for a chip manufacturer might be to buy Wave Systems, a security vendor specializing in hardware based trusted computing solutions.

I’d describe Wave as "specialising in software for managing hardware-based trusted computing", but it’s a good point that Wave Systems would make a sensible investment for a chip manufacturer.

He makes this point:

Trusted computing is a seductive idea. You protect the hardware so that nothing bad can run on it. But think about this. If you stop bad things, you have to allow good things. Problem is, it’s not you (the user) but them (the trusted computing supplier) that defines what is good and what is bad.

That is almost correct, covering an area I’ve been looking at recently about who trusts who, and what does trust in fact mean, but it is also rather wrong in that it is (usually) the TPM Owner that defines what is good or bad; in a typical home situation the owner will be you the user, although in a corporate environment it is probably the IT department, but since the company owns your hardware that’s to be expected.

Acquisition enables a combination of security software and hardware from one company to ultimately better protect consumers, corporations and governments as billions of devices – and the server and cloud networks that manage them – go online.

Cloud security is getting more and more important these days, so it will be interesting to see what the merger can bring to the Trusted Computing world.

I’d love one of them for my corporate network so when I go on business trips I don’t need to carry two notebook computers, instead I can just plug the memory stick into my personal netbook.

• A PhD in a discipline relevant to information security.
• Experience of security management in large organisations.
• Deep knowledge of at least one area of significance to security management, e.g. network security, economics of security, systems architecture, trusted computing, operating system security, security policy, privacy, security of distributed systems, security modelling, information security, threats.
• Strong communication skills.

I know a couple of the guys at HP Bristol and I’ve read papers by a few others of them, so I think it would be a pretty awesome place to work; if I was in the UK I’d be sorely tempted to apply.

Currently there are 78 participants in China DRM Forum, including major Chinese content providers such as CCTV, SMG, and BTV, as well as leading technology companies such as TCL, Changhong, Panasonic, Philips, Sony, Nokia, and Intel.

I’ll have to check this out further…