Trusted Computing chips are already built into most new business PCs. At this week’s RSA Security show, the Trusted Computing Group unveiled a draft specification that will add a simplified version of the chip to storage devices, too. Intended mainly for hard disks and USB flash drives, it can be used for both and portable and networked storage.
Seagate Technology last year launched a laptop drive that automatically encrypted all data at wire speed. At the show, the company announced that this was based on the draft specification, which allows encryption keys to be transferred between drives and the Trusted Platform Module (TPM) chips in PCs.
No other companies have yet announced products compliant with the new trusted storage spec, but that's the promise from the Trusted Computing Group. “There’s a lot more to follow,” says Michael Willett, Seagate’s Director of Research. “Everyone in the storage industry is involved in this.” The group's membership roster includes more than 120 companies, of which 39 are participating in the storage effort.
The spec is still at a draft stage, and so far Seagate only makes one drive with full-disk encryption: the Momentus 400, available in capacities from 40 to 120 GB. But the company has big plans. “It will be everywhere,” says Willett. “We have this on our roadmap for our complete product range.”
The TPM can already encrypt data stored on a PC’s local hard disk, using software provided by the PC manufacturer or third parties such as Wave Systems. Microsoft has also said that this capability will be built into Windows Vista when running on a TPM-equipped PC, through a feature called Secure Startup. However, a standalone TPM limits the data to a single PC: the encryption key is stored on that PC’s security chip, so the encrypted drive is useless if removed.