Undeterred by a dispute between privacy advocates and Intel Corp., several providers of electronic commerce technology have announced plans to make use of the controversial serial number being embedded in the Pentium III chip.
The vendors are embracing Intel's original design intention, viewing the serial number as a security enhancement rather than a threat to privacy as perceived by some activist groups.
The technology "will benefit computer users by providing added trust to users of electronic signatures," said Albert Teng, director of Intel's new technologies and business group. "Providing added user features to applications such as this is a key part of effective information management."
Mr. Teng was commenting on announcements by, among others, SSE Ltd., an Ireland-based subsidiary of Siemens of Germany. It said it regards the serial number as a "perfect additional authentication element" to SSE's TrustedDoc document signing and security software.
SSE, which lets its customers choose whether to switch the serial number on or off, was not alone on the bandwagon. For example, Computer Associates International, one of the world's largest software companies, incorporated into a system developer's tool kit the ability to manage the security features of the new Intel chip, which officially went on the market Friday.
"When combined with other identification methods such as digital signatures and smart cards, the processor serial number can be used in multi-factor authentication," SSE said in a statement on Feb. 17, when Intel held a Pentium III preview in San Jose, Calif.
SSE said that on top of digital signing, time-stamping, and secure archiving, the chip's serial number adds an element of nonrepudiation to an on-line message or transaction. It can be tied back to a physical device- the computer itself-in the event of any question or dispute.
That capability threw a scare into groups like the Electronic Privacy Information Center of Washington when Intel started talking it up in January.
The dominant chipmaker was building into the Pentium III so much power at relatively low cost that it was being touted as a boon to higher-speed communications, PC-based multimedia and three-dimensional imagery, and on- line commerce. Intel apparently did not see the privacy lobby coming.
Among other moves, Intel entered into a wide-ranging licensing pact with RSA Data Security Inc. to marry that company's industry-leading data encryption technology with Intel hardware and to pursue marketing opportunities jointly.
They said it would take more concentrated efforts to get beyond such problems as the credit card industry's slowness in completing its Internet security protocol. "Products from Intel and RSA that incorporate these new security technologies will help ensure that the development of secure applications continues at a rapid pace," said Michael Glancy, general manager of Intel's platform security division.
The protest led by the Electronic Privacy Information Center and Junkbusters, an interest group based in Green Brook, N.J., centered on fears that the traceability of transactions would erode personal privacy. Intel eventually agreed to ship the new chip with the serial number present but deactivated. The personal computer makers Dell, Compaq, Gateway, Micron, and many more were quick to announce Pentium III products.
EPIC and Junkbusters were still calling for boycotts and for Federal Trade Commission intervention in the days leading up to the Pentium III's availability. But Internet security vendors were offering ways to use the serial numbers.
"A lot of the hoopla was about consumer privacy," said Scott Pranger, general manager of Brokat Infosystems, the German-owned payment and e- commerce software company with U.S. headquarters in Alpharetta, Ga. "But if you are a corporate banker, wouldn't you want to know who is initiating a million-dollar transaction, and on top of that know the exact machine the person is using?"
Intel focused on corporate security in a statement last week about the processor serial number. "When enabled, it works in conjunction with security solutions to provide for more secure Internet transactions," Intel said.
"Corporate information technology managers will be able to use the feature to enhance asset management, making it easier to track PCs and applications on the network as well as manage information better and control access to sensitive corporate data."
On Feb. 17, Brokat used its Twister system to demonstrate an approval of a $2 million wire transfer using a serial number registration, plus the rejection of an improperly authenticated attempt. Intel's chairman and former chief executive officer, Andrew Grove, paid Brokat the compliment of visiting its booth at the preview event.
"Identifying customers with certainty will end consumer fraud and cut the cost of doing business with customers you can't see," said Brokat U.S. vice president David Luther. "We support the steps that Intel is taking to strengthen the identification process and improve security for business conducted on the Internet."
The privacy advocates gained fuel for their arguments when a German computer magazine, C't, reported that it found a way to violate the software shroud around the serial number. International Business Machines Corp. then said it would move that security element into computer hardware instructions, which are less penetrable.
Aliroo Inc., an Israeli company with North American headquarters in McLean, Va., said the serial numbers would enhance its PrivaSeal, SecureSentry, and PrivaSuite systems that rely on physical tokens and digital signatures to authorize and authenticate users.
"Aliroo is pleased to see platforms such as those based on the Pentium III processor because they provide users with a new layer of security with our products," said the company's president, Meir Zorea. "With PrivaSeal working in conjunction with the Pentium III, for example, users can protect their graphic digital signature from hacking or intrusion."
RPK Security Inc. of New Zealand and San Francisco, a specialist in high-speed encryption for the high-bandwidth broadcasts known as streaming media, saw the serial number as a way to "provide a high degree of confidence that only authorized recipients may access confidential information," said Jack Oswald, president and CEO.
Mr. Teng of Intel said RPK is "taking advantage of the full capabilities of the RealNetworks G2 Platform and Pentium III. We are pleased that RPK is providing a processor serial number solution that offers additional security to streaming media and benefits in private data protection."
Rainbow Technologies Inc. of Irvine, Calif., a prominent data protection vendor and manufacturer of the recently released i-Key security token that competes with smart cards, developed a related i-Guard Client Security Framework around the Pentium III capabilities.
The system is designed for e-commerce sites, chat rooms, corporate extranets and intranets, and other applications "where simple password access is not enough," Rainbow said.
"Rainbow has long understood the benefit of hardware over software-only security and is happy to collaborate with Intel to take advantage of the new technology with the Pentium III processor," said Shawn Abbott, the company's chief technology officer. "We see this as a critical first step to providing hardware-level security for Internet clients."
Rainbow also announced a new software release, SentinelTrack 5.2, which would use the serial number instead of traditional host identification methods to track the use of software code throughout an enterprise.
In a press release, Rainbow spelled out security benefits it was able to develop with the Pentium III, including:
Caller ID-the serial number is checked when signing on to an Internet service.
A "secure identity" prevents repudiation of transactions.
An Internet browser can be prevented from registering for a service unless a Pentium III is present.
The user's privacy is ensured by having each registration agent assign a different hash value-an encryption-like code-to a Pentium III-based PC.
The "secured agents" portion of i-Guard, which helps to protect the serial number itself, will be shipped this quarter, Rainbow said. The security framework's software development kit is to follow in the second quarter.
