|
WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations
(Edgar Glimpses Via Acquire Media NewsEdge)
Overview
Our Business
Wave was incorporated in Delaware under the name Indata Corp. on August 12,
1988. We changed our name to Cryptologics International, Inc. on December 4,
1989. We changed our name again to Wave Systems Corp. on January 22, 1993. Our
principal executive offices are located at 480 Pleasant Street, Lee,
Massachusetts 01238 and our telephone number is (413) 243-1600.
Wave develops, produces and markets products for hardware-based digital
security, including security applications and services that are complementary
to, and work with, the specifications of the Trusted Computing Group ("TCG"),
www.trustedcomputinggroup.org, an industry standards organization comprised of
computer and device manufacturers, software vendors and other computing products
manufacturers. Specifications developed by the TCG are designed to address a
broad range of current and evolving digital security issues. These issues
include: identity protection, data security, digital signatures, electronic
transaction integrity, platform trustworthiness, network security and regulatory
compliance.
The TCG was formed in April 2003 by its promoting founders: AMD, HP, IBM,
Intel, and Microsoft. Wave was initially invited to join the founding group as
a contributing member. Since 2008, Wave has held a permanent seat on the TCG
Board of Directors (the "TCG Board"). Wave has also elevated its membership
status to the highest level of TCG "Promoter." Permanent members of the TCG
Board provide guidance to the organization's work groups in the creation of the
specifications to protect personal computers ("PCs") and other computing devices
from attacks and to help prevent data loss and theft. Wave's enhanced
membership status allows it to take a more active role in helping to develop,
define and promote hardware-enabled trusted computing security technologies,
including related hardware building blocks and software interfaces. Wave is
eligible to serve on and chair the TCG Board, Work Groups and Special Committees
thereof. Wave is permitted to submit revisions and addendum proposals for
specifications with design guides and is similarly permitted to review and
comment on design guides prior to their adoption.
One of the current TCG specifications recommends a hardware-based trusted
computing platform, which is a platform that uses a semiconductor device, known
as a Trusted Platform Module ("TPM") that contains protected storage and
performs protected activities, including platform authentication, protected
cryptographic processes and capabilities allowing for the attestation of the
state of the platform which provides the first level of trust for the computing
platform (a "Trusted Platform"). The TPM is a hardware
21
--------------------------------------------------------------------------------
Table of Contents
chip that is separate from the platform's main CPU(s) that enables secure
protection of files and other digital secrets, and performs critical security
functions such as generating, storing and protecting "cryptographic keys," which
are secret codes used to decipher encrypted or coded data. While TPMs provide
the anchor for hardware security, known as the "root of trust", trust is
achieved by integrating the TPM within a carefully architected trust
infrastructure and supporting the TPM with essential operational and lifecycle
services, such as key management and credential authentication.
Prior to the formation of the TCG, Wave developed its pioneering EMBASSY
(EMBedded Application Security SYstem) Trust System. The EMBASSY Trust System
is a combination of client hardware consisting of the EMBASSY 2100 security chip
(the "EMBASSY chip") and its firmware, and software consisting of the Trust
Assurance Network ("TAN"), a back-office infrastructure that manages its
security functions. As the market for TPM-enabled products has developed with
computing devices being shipped in volume by leaders in the PC industry, Wave
has enabled the development work on the EMBASSY Trust System to support security
hardware based on the TCG specifications by repurposing these product assets.
Wave has since developed a set of applications known as the EMBASSY Trust Suite,
EMBASSY Trust Server products, middleware and software tools to work with
various other chip manufacturers' TCG-specified TPMs that are now available.
Wave's products support cross-platform interoperability for the currently
available TPM chips from Nuvoton Technology Corporation, Atmel, Broadcom,
Infineon Technologies AG, and ST Microelectronics and have been verified for
usage on TPM platforms shipped by Dell, Acer, Intel, Lenovo, HP, ASUS, NEC and
Fujitsu.
Wave's operations to-date have consisted primarily of product development,
performance under contract to develop products and marketing and sales to PC and
semi-conductor chip ("Chip") OEMs, resellers, and enterprises. Wave has been
successful in signing distribution and reseller contracts with Intel, Nuvoton,
ST Microelectronics, Dell, Acer, ASUS, Broadcom and Samsung.
Our Products
Client-side Applications
EMBASSY Trust Suite
The current version of the EMBASSY Trust Suite consists of a set of applications
and services that is designed to bring functionality and user value to
TPM-enabled products. Designed to make the TPM easy for users to set up and
use, the EMBASSY Trust Suite includes the EMBASSY Security Center (the "ESC"),
Trusted Drive Manager ("TDM"), Document Manager ("DM"), Private Information
Manager ("PIM") and Key Transfer Manager ("KTM").
The ESC enables the user to set up and configure the TPM platform. In addition
to the basic function of making the TPM operational, ESC is designed to enable
the user to manage extended TPM-based security settings and policies, including
strong authentication, Windows logon preferences to add biometrics and
streamlined password policy management. The TCG has published storage
specifications for another major trusted hardware component, the self-encrypting
drive ("SED"). The ESC software contains advanced lifecycle management tools
for the SED. Trusted Drive Manager is the software utilized for managing SEDs.
SEDs are designed to provide advanced data protection technology and they differ
from software-based full disk encryption in that encryption takes place in
hardware in a manner designed to provide robust security without slowing
processing speeds. Because the drives are factory-installed, the systems can be
configured such that encryption is "always on" for the protection of proprietary
information. The TCG has issued storage specifications over SEDs. These
specifications are based upon the Opal Security Subsystem Class (SSC)
specification - an industry standard issued by the TCG. The SSC specification
gives vendors an industry standard for developing SEDs that secure data. Wave's
products currently support all Opal-based, proprietary and solid-state SEDs.
Data protection is also addressed by the DM, which is offered to provide
document encryption, decryption and client-side storage of documents. The DM
works with Microsoft Windows and Microsoft Office to secure documents against
unauthorized users and hackers. Wave's software is Windows 7 and
22
--------------------------------------------------------------------------------
Table of Contents
Vista ready, building upon the operating system's data protection feature sets,
providing full-featured EMBASSY solutions for data protection and strong
authentication.
Password management can be a security challenge due to the increasing number of
passwords required and the tendency of users to select easily guessed
passwords. To help address these password issues PIM uses the TPM to securely
store and manage user information, such as user names, passwords, credit card
numbers and other personal information. It retrieves login information to
efficiently fill in applications, web forms and web login information.
Backup and recovery of keys used for logon, signing and protection of data can
be an essential requirement for deployment of TPM-based systems. KTM is an
archive application for the cryptographic keys that is designed to provide a
method to securely archive, restore and transfer keys, having the property of
being migratable, that are secured by the TPM.
Wave has also developed TPM Wizards as part of the EMBASSY Trust Suite allowing
users to setup and use the TPM for securing 802.11x networks, the Windows
Encrypting File System and encrypted email.
Wave Cloud
Wave Cloud is a cloud-based service for managing SEDs and TPMs. With Wave
Cloud, organizations do not need to buy, build and test (or maintain) server
infrastructure as the management of TPMs and SEDs is done using a web
interface. The platform allows enterprises to rapidly deploy centrally-managed
hardware-based data encryption on laptops - all without the complexity and cost
associated with maintaining on-premise servers. Wave Cloud provides activation,
ownership, and management of TPMs from a central location and puts TPM
management under IT control. Wave Cloud provides an organization with drive
initialization, user management, drive locking and user recovery for all
OPAL-based, proprietary, and solid-state SEDs.
Wave Endpoint Monitor
Wave Endpoint Monitor ("WEM") detects malware by leveraging the capabilities of
the TPM. WEM provides increased visibility into endpoint health to help protect
enterprise resources and minimize the potential cost of advanced persistent
threats such as rootkits. Rootkit attacks are particularly harmful in their
ability to hide in host systems, evade current mainstream detection methods
(such as anti-virus programs or whitelisting at the operating system level) and
their capacity to replace legitimate IT system firmware. Such attacks occur
before the operating system loads, targeting the system BIOS and Master Boot
Record, and can persistently infect higher-level system functions including
operating systems and applications. WEM captures verifiable PC health and
security metrics before the operating system loads, by utilizing information
stored within the TPM. If anomalies are detected, IT is alerted immediately with
real-time analytics. Capabilities of WEM include reporting of PC integrity
measurements, ensuring data comes from a known endpoint, alerting IT
administrators to anomalous behaviors, providing configurable reporting and
query tools, ensuring strong device identity through the use of hardware-based
digital certificates and remote provisioning of the TPM.
Wave for BitLocker® Management
Wave provides automated turn-key management for Microsoft BitLocker® encryption,
which is suitable for organizations that have not yet phased SEDs into their
computers and who are migrating to Windows 7 that have Microsoft Enterprise
Agreements or Software Assurance for Volume Licensing. Wave for BitLocker®
Management allows an organization to set policies with a click of a button, and
monitor security from a single console - simplifying an organization's
deployment by eliminating the need for specialized knowledge or costly systems.
Key features of Wave for BitLocker® include centralized policy enforcement,
recoverability of data in the event of a PC crash, securing of BitLocker®
recovery passwords in an encrypted database, remote discovery and activation of
BitLocker® client machines, remote activation of encryption without end-user
involvement and a seamless migration path to SEDs.
23
--------------------------------------------------------------------------------
Table of Contents
Wave plans to continue to develop and enhance the current products being
developed within this product group and to develop new applications and services
as the trusted computing market continues to evolve. Current planned
development costs for this product group are expected to be approximately $5.6
million for the twelve-months ending September 30, 2013.
Middleware and Tools
TCG-Enabled Toolkit
The Wave TCG-Enabled Toolkit is a compilation of software designed to assist
application developers writing new applications or modifying existing ones to
function on TCG-compliant personal computers having TPM security chips. Wave
provides two versions of the Toolkit, Discovery and Commercial, which can enable
developers to leverage basic and enhanced TCG services such as integrated key
lifecycle management, including key escrow and key recovery. The Discovery
Toolkit offers application developers a license for internal evaluation only,
whereas the Commercial Toolkit is a license for external redistribution.
Wave TCG-Enabled Cryptographic Service Provider ("CSP")
Wave offers a TCG-enabled CSP which can allow software developers to utilize the
enhanced security of a TCG standards-based platform facilitating a common user
experience independent of the platform. It is also designed to enable
applications to utilize functionality available on TCG-compliant platforms
directly through the Microsoft cryptographic application programming interface
without requiring user knowledge of any specific TCG software stack layer.
Current planned development costs for this product group are expected to be
approximately $5.7 million for the twelve-months ending September 30, 2013.
EMBASSY Trust Server Applications
EMBASSY Key Management Server ("EKMS")
EKMS is a server application that is designed to provide corporate-level backup
and transition of the TPM keys, a process known as key migration. Key migration
using EKMS is designed to help prevent the risk of serious data loss in the
event that a TPM, hard drive or motherboard becomes corrupted or a user leaves
the organization. EKMS may assist an organization that requires access to a
former employee's encrypted data or TPM-secured keys for business continuity or
disaster recovery purposes. EKMS enables enterprise-level key protection
services while ensuring proper archive procedures and recovery capabilities.
EMBASSY Authentication Server ("EAS")
EAS is offered to provide centralized management, provisioning and enforcement
of multifactor domain access policies. With EAS, authentication policies can be
based on TPM credentials, smart card credentials, user passwords and fingerprint
templates. With EAS, authentication policies can be provisioned and managed
from the domain controller. EAS also has an integrated biometric template
capability.
EMBASSY Remote Administration Server ("ERAS")
ERAS is a server product that is offered to provide centralized management and
auditing of TPMs and SEDs. ERAS for TPMs provides device and user
identification management. ERAS software presents the TPM as a virtual smart
card so existing solutions such as Microsoft Windows Login and Remote Desktop
may be easily integrated. This provides true, hardware-based, multi-factor
authentication that uses the hardware within the device. ERAS for TPMs also
provides security compliance as the software documents exactly which devices and
users are on a network, and provides data protection as access to a network can
be restricted to only known devices. ERAS for SEDs delivers drive
initialization, user management, drive locking, user recovery and cryto erase
for all Opal-based, proprietary and solid-state SEDs. ERAS is designed to
provide auditing capabilities that aid in compliance management by allowing for
validation of TPM and SED security settings and to allow IT administrators to
assess the risk of whether a lost or compromised PC is adequately secure. ERAS
is designed to facilitate enterprise adoption
24
--------------------------------------------------------------------------------
Table of Contents
of TPM and SED technology as it provides IT administrators with tools to utilize
the security of these devices while reducing deployment and management costs.
Current planned development costs for this product group are expected to be
approximately $3.5 million for the twelve-months ending September 30, 2013.
[ Back To Contact Center Solutions Homepage's Homepage ]
|
MetricNet Publishes 4 New Australian Benchmarks for IT Support, Contact Centres 
Part 1: Home Agents: The Big Game Changer [white paper]
