Förderverein Informationstechnik und Gesellschaft

Intel's Master Plan - 'Wired for Management'

------- Forwarded Message Follows -------
Date:          Mon, 1 Feb 1999 05:26:23 -0600
From:          "Richard Hornbeck" <>
Subject:       Intel's Master Plan - 'Wired for Management'
To:            <>

Intel's release of PSN technology in its Pentium III chips represents
a single, yet essential component of a much more elaborate, (and
sinister?) long-range goal. Intel, (not unlike Microsoft), has a
vision of the future that consists of a billion connected computers
doing electronic commerce and other forms of communication, and all
running Intel (Wintel) technology. Craig Barrett, in his first-day
keynote address at the Intel Developer Forum in Palm Springs last
September, said the billion-connected-computer level will come "in
six, eight or 10 years." There are about 150 million computers in
operation today, 300 million will be in use by the end of the century
and by 2005 a billion may be "interacting in an instant fashion,"
Barrett said. The CDSA (common data-security architecture), and
hardware support for data encryption, are needed to keep momentum
going in the industry.

"We want the industry to move toward three things: easy to use;
instantly available; and always connected," Barrett said.

One would be hard pressed to claim that Intel's goal is world
domination; but less hard pressed to recognize that its goal is
domination over the world's computer market. Faced with increasing
competition, falling prices, and several technical missteps, Intel was
forced to raise the bar on feature robustness, and try to leap frog
into a position as permanent market share leader. Over a year ago, it
set out to accomplish this ambitious goal through a program called
'Wired for Management.' Briefly, the goal of this program is to embed
into Intel processors the necessary features that would enable remote
management, support, and upgrading of any computer's software and
hardware (Flashing). In other words, by providing the capability
within its chips to enable secure communications between a 'master'
computer and its various nodes, the master could perform any
management functions necessary to support the remote computer.

Needless to say, an individual company or entity has the authority and
responsibility to implement whatever technology it needs on its own
corporate computers and networks, to allow it to manage its computer
resources cost-effectively, efficiently, and securely. However, one of
the potential threats to the private citizen is the reality that this
same technology which Intel intends to offer for commercial use, may
become ubiquitous, and also exist in the private individual's
computer. Because this technology can be readily circumvented, and
fraudulently manipulated, not only will corporate assets be at risk,
but the private individual could be vulnerable to remote abuse by
hackers, criminals, and others, without their knowledge.

Intel proposes to make these same features available for mobile
platforms, such as laptops, via modem. For example, if an employee is
in the field, and the network manager needs to upgrade one of the
software components on the laptop, then the next time the employee
dials in to the corporate Intranet, the 'master' server will take
control of the laptop, through Intel's technology, and load the
necessary software.

In an excellent article, 'Intel's security plans raise fear from PC
builders' by Rick Boyd-Merritt and Mark Carroll, in the December 12,
1998 issue of 'EE Times,' ( concerns were raised by
'software, semiconductor and systems companies that fear the processor
giant could wind up encroaching on their markets, extending its own
reach deeper into the PC architecture.'

The article goes on to describe the reasons behind these other
companies concerns:

Quoted excerpt begins:

'Intel's plans center around a so-called firmware hub, essentially a
flash memory with key BIOS functions, which will be part of its
Camino, Carmel and Whitney chip sets. Those products will accompany
next year's Katmai [Pentium III] processors and are expected to be
used in the Merced line too. "This is an example of Intel taking in
one more piece of the PC architecture," said a senior R&D manager with
a major PC company who asked not to be named.

Intel would not comment on its unannounced products. However, the key
features of the chip are beginning to come to light based on reports
from multiple sources. The firmware hub is "basically a flash chip
with locks on its read and write capabilities that can be opened using
a cryptographic protocol," said another source briefed by Intel.

Hardware security functions include a cryptographic engine to
authenticate "digital certificates" that Intel or a third party could
load in. The chip could hold multiple certificates, each with
permission to grant specific features, such as to permit an operating
system or an MPEG player to run. They would also ensure that a
software program licensed to one user was not copied and run on
another machine, a common practice. In addition, the certificates will
act like unique serial numbers, identifying a given machine in any
Internet or corporate network transaction, sources said.

The hub may also include a random-number generator to create public
keys for encryption and help enable encrypted transmissions between
PCs. That would provide security for electronic commerce and software
downloads, possibly including software modules for host-based modems,
MPEG players or audio codecs that are housed in the firmware hub and
run on the CPU.

Another feature sources have mentioned is physical security, linking
sensors to the hub so that it may report problems to a central network
administrator if the case is tampered with or peripherals are removed.

Even though the firmware-and the chip sets it is part of-are not due
for production until at least mid-1999, samples have been available in
Taiwan for some time. "We have had samples of the firmware hub for a
while," said a project manager for First International Computer Inc.
"We really haven't done too much with [it] yet. It is still not quite
clear when it will be used and what its full functions will be."'

Sources close to Intel suggested the company would be leery of
entering a new PC-related market while under the shadow of a Federal
Trade Commission investigation. The company's motive is simply to
bring new features to the PC, enhancing sales for corporate and
consumer users, these sources said.

Still, "If Intel controls what and how stuff gets put in the BIOS,
that's really significant," said one analyst. "That's a wonderful
control choke point."

Quoted excerpt ends.

Another article in EE Times, 'Security tops Intel's priority list,' by
David Lammers, 9/18/98, discusses how Intel has already received
approval by both the U.S. and Japanese governments to implement this
technology in pursuit of both countries
digital-transmission-content-protection (DTCP) initiative, and that
licensing to OEMs is ready to begin. The approach ensures that digital
content which moves from one piece of hardware to another is
copy-protected, and complements the content-scrambling approach
adopted by the DVD industry.

Quoted excerpt:

Digital content protection is key to moving the 1394 interface
forward, first in digital-consumer products and later in 1394-enabled
personal computers, Intel said. Intel will build 1394 support into its
chip sets within the next 18 months, Gelsinger said in a keynote
address at IDF on Thursday.

Building in 1394, and convincing desktop OEMs to build out the ISA bus
and internal PCI slots, is central to Intel's vision of where the PC
industry needs to go to improve ease of use. Dan Russell, director of
platform marketing, claimed that the cost of implementing the 1394 bus
- in terms of gates, board space and dollars - is about equal to
today's cost of adding in the legacy ISA bus.

Next year, Intel intends to build hardware support for data security
into its CPUs and chip sets - including flash-based BIOS chips.
Random-number generators, digital signatures, monotonic counters and
other hardware-based security measures will be supported in logic
primitives on silicon.

A senior design manager at Dell Computer Corp. (Austin, Texas) said
the Intel approach to security has been discussed for the past year,
but "things have gotten bogged down over the past few months. You have
to bring together the content providers, the applications, so many
different elements. It just takes a lot of time."

Bringing together disparate interest groups to rally around Intel's
approach to the desktop is what IDF is all about. Gelsinger said, "we
either cooperate or die," and no issues have been more contentious
than digital-content protection and data encryption.

End excerpt:

Intel's main selling points, along with the WfM 2.0 specification, and
other general information, are available in and around:

Richard Hornbeck
Electronic Frontiers Texas