TMCnet News

WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations
[November 09, 2012]

WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations


(Edgar Glimpses Via Acquire Media NewsEdge) Overview Our Business Wave was incorporated in Delaware under the name Indata Corp. on August 12, 1988. We changed our name to Cryptologics International, Inc. on December 4, 1989. We changed our name again to Wave Systems Corp. on January 22, 1993. Our principal executive offices are located at 480 Pleasant Street, Lee, Massachusetts 01238 and our telephone number is (413) 243-1600.



Wave develops, produces and markets products for hardware-based digital security, including security applications and services that are complementary to, and work with, the specifications of the Trusted Computing Group ("TCG"), www.trustedcomputinggroup.org, an industry standards organization comprised of computer and device manufacturers, software vendors and other computing products manufacturers. Specifications developed by the TCG are designed to address a broad range of current and evolving digital security issues. These issues include: identity protection, data security, digital signatures, electronic transaction integrity, platform trustworthiness, network security and regulatory compliance.

The TCG was formed in April 2003 by its promoting founders: AMD, HP, IBM, Intel, and Microsoft. Wave was initially invited to join the founding group as a contributing member. Since 2008, Wave has held a permanent seat on the TCG Board of Directors (the "TCG Board"). Wave has also elevated its membership status to the highest level of TCG "Promoter." Permanent members of the TCG Board provide guidance to the organization's work groups in the creation of the specifications to protect personal computers ("PCs") and other computing devices from attacks and to help prevent data loss and theft. Wave's enhanced membership status allows it to take a more active role in helping to develop, define and promote hardware-enabled trusted computing security technologies, including related hardware building blocks and software interfaces. Wave is eligible to serve on and chair the TCG Board, Work Groups and Special Committees thereof. Wave is permitted to submit revisions and addendum proposals for specifications with design guides and is similarly permitted to review and comment on design guides prior to their adoption.


One of the current TCG specifications recommends a hardware-based trusted computing platform, which is a platform that uses a semiconductor device, known as a Trusted Platform Module ("TPM") that contains protected storage and performs protected activities, including platform authentication, protected cryptographic processes and capabilities allowing for the attestation of the state of the platform which provides the first level of trust for the computing platform (a "Trusted Platform"). The TPM is a hardware 21 -------------------------------------------------------------------------------- Table of Contents chip that is separate from the platform's main CPU(s) that enables secure protection of files and other digital secrets, and performs critical security functions such as generating, storing and protecting "cryptographic keys," which are secret codes used to decipher encrypted or coded data. While TPMs provide the anchor for hardware security, known as the "root of trust", trust is achieved by integrating the TPM within a carefully architected trust infrastructure and supporting the TPM with essential operational and lifecycle services, such as key management and credential authentication.

Prior to the formation of the TCG, Wave developed its pioneering EMBASSY (EMBedded Application Security SYstem) Trust System. The EMBASSY Trust System is a combination of client hardware consisting of the EMBASSY 2100 security chip (the "EMBASSY chip") and its firmware, and software consisting of the Trust Assurance Network ("TAN"), a back-office infrastructure that manages its security functions. As the market for TPM-enabled products has developed with computing devices being shipped in volume by leaders in the PC industry, Wave has enabled the development work on the EMBASSY Trust System to support security hardware based on the TCG specifications by repurposing these product assets.

Wave has since developed a set of applications known as the EMBASSY Trust Suite, EMBASSY Trust Server products, middleware and software tools to work with various other chip manufacturers' TCG-specified TPMs that are now available.

Wave's products support cross-platform interoperability for the currently available TPM chips from Nuvoton Technology Corporation, Atmel, Broadcom, Infineon Technologies AG, and ST Microelectronics and have been verified for usage on TPM platforms shipped by Dell, Acer, Intel, Lenovo, HP, ASUS, NEC and Fujitsu.

Wave's operations to-date have consisted primarily of product development, performance under contract to develop products and marketing and sales to PC and semi-conductor chip ("Chip") OEMs, resellers, and enterprises. Wave has been successful in signing distribution and reseller contracts with Intel, Nuvoton, ST Microelectronics, Dell, Acer, ASUS, Broadcom and Samsung.

Our Products Client-side Applications EMBASSY Trust Suite The current version of the EMBASSY Trust Suite consists of a set of applications and services that is designed to bring functionality and user value to TPM-enabled products. Designed to make the TPM easy for users to set up and use, the EMBASSY Trust Suite includes the EMBASSY Security Center (the "ESC"), Trusted Drive Manager ("TDM"), Document Manager ("DM"), Private Information Manager ("PIM") and Key Transfer Manager ("KTM").

The ESC enables the user to set up and configure the TPM platform. In addition to the basic function of making the TPM operational, ESC is designed to enable the user to manage extended TPM-based security settings and policies, including strong authentication, Windows logon preferences to add biometrics and streamlined password policy management. The TCG has published storage specifications for another major trusted hardware component, the self-encrypting drive ("SED"). The ESC software contains advanced lifecycle management tools for the SED. Trusted Drive Manager is the software utilized for managing SEDs.

SEDs are designed to provide advanced data protection technology and they differ from software-based full disk encryption in that encryption takes place in hardware in a manner designed to provide robust security without slowing processing speeds. Because the drives are factory-installed, the systems can be configured such that encryption is "always on" for the protection of proprietary information. The TCG has issued storage specifications over SEDs. These specifications are based upon the Opal Security Subsystem Class (SSC) specification - an industry standard issued by the TCG. The SSC specification gives vendors an industry standard for developing SEDs that secure data. Wave's products currently support all Opal-based, proprietary and solid-state SEDs.

Data protection is also addressed by the DM, which is offered to provide document encryption, decryption and client-side storage of documents. The DM works with Microsoft Windows and Microsoft Office to secure documents against unauthorized users and hackers. Wave's software is Windows 7 and 22 -------------------------------------------------------------------------------- Table of Contents Vista ready, building upon the operating system's data protection feature sets, providing full-featured EMBASSY solutions for data protection and strong authentication.

Password management can be a security challenge due to the increasing number of passwords required and the tendency of users to select easily guessed passwords. To help address these password issues PIM uses the TPM to securely store and manage user information, such as user names, passwords, credit card numbers and other personal information. It retrieves login information to efficiently fill in applications, web forms and web login information.

Backup and recovery of keys used for logon, signing and protection of data can be an essential requirement for deployment of TPM-based systems. KTM is an archive application for the cryptographic keys that is designed to provide a method to securely archive, restore and transfer keys, having the property of being migratable, that are secured by the TPM.

Wave has also developed TPM Wizards as part of the EMBASSY Trust Suite allowing users to setup and use the TPM for securing 802.11x networks, the Windows Encrypting File System and encrypted email.

Wave Cloud Wave Cloud is a cloud-based service for managing SEDs and TPMs. With Wave Cloud, organizations do not need to buy, build and test (or maintain) server infrastructure as the management of TPMs and SEDs is done using a web interface. The platform allows enterprises to rapidly deploy centrally-managed hardware-based data encryption on laptops - all without the complexity and cost associated with maintaining on-premise servers. Wave Cloud provides activation, ownership, and management of TPMs from a central location and puts TPM management under IT control. Wave Cloud provides an organization with drive initialization, user management, drive locking and user recovery for all OPAL-based, proprietary, and solid-state SEDs.

Wave Endpoint Monitor Wave Endpoint Monitor ("WEM") detects malware by leveraging the capabilities of the TPM. WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits. Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system loads, targeting the system BIOS and Master Boot Record, and can persistently infect higher-level system functions including operating systems and applications. WEM captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the TPM. If anomalies are detected, IT is alerted immediately with real-time analytics. Capabilities of WEM include reporting of PC integrity measurements, ensuring data comes from a known endpoint, alerting IT administrators to anomalous behaviors, providing configurable reporting and query tools, ensuring strong device identity through the use of hardware-based digital certificates and remote provisioning of the TPM.

Wave for BitLocker® Management Wave provides automated turn-key management for Microsoft BitLocker® encryption, which is suitable for organizations that have not yet phased SEDs into their computers and who are migrating to Windows 7 that have Microsoft Enterprise Agreements or Software Assurance for Volume Licensing. Wave for BitLocker® Management allows an organization to set policies with a click of a button, and monitor security from a single console - simplifying an organization's deployment by eliminating the need for specialized knowledge or costly systems.

Key features of Wave for BitLocker® include centralized policy enforcement, recoverability of data in the event of a PC crash, securing of BitLocker® recovery passwords in an encrypted database, remote discovery and activation of BitLocker® client machines, remote activation of encryption without end-user involvement and a seamless migration path to SEDs.

23 -------------------------------------------------------------------------------- Table of Contents Wave plans to continue to develop and enhance the current products being developed within this product group and to develop new applications and services as the trusted computing market continues to evolve. Current planned development costs for this product group are expected to be approximately $5.6 million for the twelve-months ending September 30, 2013.

Middleware and Tools TCG-Enabled Toolkit The Wave TCG-Enabled Toolkit is a compilation of software designed to assist application developers writing new applications or modifying existing ones to function on TCG-compliant personal computers having TPM security chips. Wave provides two versions of the Toolkit, Discovery and Commercial, which can enable developers to leverage basic and enhanced TCG services such as integrated key lifecycle management, including key escrow and key recovery. The Discovery Toolkit offers application developers a license for internal evaluation only, whereas the Commercial Toolkit is a license for external redistribution.

Wave TCG-Enabled Cryptographic Service Provider ("CSP") Wave offers a TCG-enabled CSP which can allow software developers to utilize the enhanced security of a TCG standards-based platform facilitating a common user experience independent of the platform. It is also designed to enable applications to utilize functionality available on TCG-compliant platforms directly through the Microsoft cryptographic application programming interface without requiring user knowledge of any specific TCG software stack layer.

Current planned development costs for this product group are expected to be approximately $5.7 million for the twelve-months ending September 30, 2013.

EMBASSY Trust Server Applications EMBASSY Key Management Server ("EKMS") EKMS is a server application that is designed to provide corporate-level backup and transition of the TPM keys, a process known as key migration. Key migration using EKMS is designed to help prevent the risk of serious data loss in the event that a TPM, hard drive or motherboard becomes corrupted or a user leaves the organization. EKMS may assist an organization that requires access to a former employee's encrypted data or TPM-secured keys for business continuity or disaster recovery purposes. EKMS enables enterprise-level key protection services while ensuring proper archive procedures and recovery capabilities.

EMBASSY Authentication Server ("EAS") EAS is offered to provide centralized management, provisioning and enforcement of multifactor domain access policies. With EAS, authentication policies can be based on TPM credentials, smart card credentials, user passwords and fingerprint templates. With EAS, authentication policies can be provisioned and managed from the domain controller. EAS also has an integrated biometric template capability.

EMBASSY Remote Administration Server ("ERAS") ERAS is a server product that is offered to provide centralized management and auditing of TPMs and SEDs. ERAS for TPMs provides device and user identification management. ERAS software presents the TPM as a virtual smart card so existing solutions such as Microsoft Windows Login and Remote Desktop may be easily integrated. This provides true, hardware-based, multi-factor authentication that uses the hardware within the device. ERAS for TPMs also provides security compliance as the software documents exactly which devices and users are on a network, and provides data protection as access to a network can be restricted to only known devices. ERAS for SEDs delivers drive initialization, user management, drive locking, user recovery and cryto erase for all Opal-based, proprietary and solid-state SEDs. ERAS is designed to provide auditing capabilities that aid in compliance management by allowing for validation of TPM and SED security settings and to allow IT administrators to assess the risk of whether a lost or compromised PC is adequately secure. ERAS is designed to facilitate enterprise adoption 24 -------------------------------------------------------------------------------- Table of Contents of TPM and SED technology as it provides IT administrators with tools to utilize the security of these devices while reducing deployment and management costs.

Current planned development costs for this product group are expected to be approximately $3.5 million for the twelve-months ending September 30, 2013.

[ Back To TMCnet.com's Homepage ]