From The Sip Trunking Experts

TMCNet:  WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations

[November 09, 2012]

WAVE SYSTEMS CORP - 10-Q - Management's Discussion and Analysis of Financial Condition and Results of Operations

(Edgar Glimpses Via Acquire Media NewsEdge) Overview Our Business Wave was incorporated in Delaware under the name Indata Corp. on August 12, 1988. We changed our name to Cryptologics International, Inc. on December 4, 1989. We changed our name again to Wave Systems Corp. on January 22, 1993. Our principal executive offices are located at 480 Pleasant Street, Lee, Massachusetts 01238 and our telephone number is (413) 243-1600.

Wave develops, produces and markets products for hardware-based digital security, including security applications and services that are complementary to, and work with, the specifications of the Trusted Computing Group ("TCG"),, an industry standards organization comprised of computer and device manufacturers, software vendors and other computing products manufacturers. Specifications developed by the TCG are designed to address a broad range of current and evolving digital security issues. These issues include: identity protection, data security, digital signatures, electronic transaction integrity, platform trustworthiness, network security and regulatory compliance.

The TCG was formed in April 2003 by its promoting founders: AMD, HP, IBM, Intel, and Microsoft. Wave was initially invited to join the founding group as a contributing member. Since 2008, Wave has held a permanent seat on the TCG Board of Directors (the "TCG Board"). Wave has also elevated its membership status to the highest level of TCG "Promoter." Permanent members of the TCG Board provide guidance to the organization's work groups in the creation of the specifications to protect personal computers ("PCs") and other computing devices from attacks and to help prevent data loss and theft. Wave's enhanced membership status allows it to take a more active role in helping to develop, define and promote hardware-enabled trusted computing security technologies, including related hardware building blocks and software interfaces. Wave is eligible to serve on and chair the TCG Board, Work Groups and Special Committees thereof. Wave is permitted to submit revisions and addendum proposals for specifications with design guides and is similarly permitted to review and comment on design guides prior to their adoption.

One of the current TCG specifications recommends a hardware-based trusted computing platform, which is a platform that uses a semiconductor device, known as a Trusted Platform Module ("TPM") that contains protected storage and performs protected activities, including platform authentication, protected cryptographic processes and capabilities allowing for the attestation of the state of the platform which provides the first level of trust for the computing platform (a "Trusted Platform"). The TPM is a hardware 21 -------------------------------------------------------------------------------- Table of Contents chip that is separate from the platform's main CPU(s) that enables secure protection of files and other digital secrets, and performs critical security functions such as generating, storing and protecting "cryptographic keys," which are secret codes used to decipher encrypted or coded data. While TPMs provide the anchor for hardware security, known as the "root of trust", trust is achieved by integrating the TPM within a carefully architected trust infrastructure and supporting the TPM with essential operational and lifecycle services, such as key management and credential authentication.

Prior to the formation of the TCG, Wave developed its pioneering EMBASSY (EMBedded Application Security SYstem) Trust System. The EMBASSY Trust System is a combination of client hardware consisting of the EMBASSY 2100 security chip (the "EMBASSY chip") and its firmware, and software consisting of the Trust Assurance Network ("TAN"), a back-office infrastructure that manages its security functions. As the market for TPM-enabled products has developed with computing devices being shipped in volume by leaders in the PC industry, Wave has enabled the development work on the EMBASSY Trust System to support security hardware based on the TCG specifications by repurposing these product assets.

Wave has since developed a set of applications known as the EMBASSY Trust Suite, EMBASSY Trust Server products, middleware and software tools to work with various other chip manufacturers' TCG-specified TPMs that are now available.

Wave's products support cross-platform interoperability for the currently available TPM chips from Nuvoton Technology Corporation, Atmel, Broadcom, Infineon Technologies AG, and ST Microelectronics and have been verified for usage on TPM platforms shipped by Dell, Acer, Intel, Lenovo, HP, ASUS, NEC and Fujitsu.

Wave's operations to-date have consisted primarily of product development, performance under contract to develop products and marketing and sales to PC and semi-conductor chip ("Chip") OEMs, resellers, and enterprises. Wave has been successful in signing distribution and reseller contracts with Intel, Nuvoton, ST Microelectronics, Dell, Acer, ASUS, Broadcom and Samsung.

Our Products Client-side Applications EMBASSY Trust Suite The current version of the EMBASSY Trust Suite consists of a set of applications and services that is designed to bring functionality and user value to TPM-enabled products. Designed to make the TPM easy for users to set up and use, the EMBASSY Trust Suite includes the EMBASSY Security Center (the "ESC"), Trusted Drive Manager ("TDM"), Document Manager ("DM"), Private Information Manager ("PIM") and Key Transfer Manager ("KTM").

The ESC enables the user to set up and configure the TPM platform. In addition to the basic function of making the TPM operational, ESC is designed to enable the user to manage extended TPM-based security settings and policies, including strong authentication, Windows logon preferences to add biometrics and streamlined password policy management. The TCG has published storage specifications for another major trusted hardware component, the self-encrypting drive ("SED"). The ESC software contains advanced lifecycle management tools for the SED. Trusted Drive Manager is the software utilized for managing SEDs.

SEDs are designed to provide advanced data protection technology and they differ from software-based full disk encryption in that encryption takes place in hardware in a manner designed to provide robust security without slowing processing speeds. Because the drives are factory-installed, the systems can be configured such that encryption is "always on" for the protection of proprietary information. The TCG has issued storage specifications over SEDs. These specifications are based upon the Opal Security Subsystem Class (SSC) specification - an industry standard issued by the TCG. The SSC specification gives vendors an industry standard for developing SEDs that secure data. Wave's products currently support all Opal-based, proprietary and solid-state SEDs.

Data protection is also addressed by the DM, which is offered to provide document encryption, decryption and client-side storage of documents. The DM works with Microsoft Windows and Microsoft Office to secure documents against unauthorized users and hackers. Wave's software is Windows 7 and 22 -------------------------------------------------------------------------------- Table of Contents Vista ready, building upon the operating system's data protection feature sets, providing full-featured EMBASSY solutions for data protection and strong authentication.

Password management can be a security challenge due to the increasing number of passwords required and the tendency of users to select easily guessed passwords. To help address these password issues PIM uses the TPM to securely store and manage user information, such as user names, passwords, credit card numbers and other personal information. It retrieves login information to efficiently fill in applications, web forms and web login information.

Backup and recovery of keys used for logon, signing and protection of data can be an essential requirement for deployment of TPM-based systems. KTM is an archive application for the cryptographic keys that is designed to provide a method to securely archive, restore and transfer keys, having the property of being migratable, that are secured by the TPM.

Wave has also developed TPM Wizards as part of the EMBASSY Trust Suite allowing users to setup and use the TPM for securing 802.11x networks, the Windows Encrypting File System and encrypted email.

Wave Cloud Wave Cloud is a cloud-based service for managing SEDs and TPMs. With Wave Cloud, organizations do not need to buy, build and test (or maintain) server infrastructure as the management of TPMs and SEDs is done using a web interface. The platform allows enterprises to rapidly deploy centrally-managed hardware-based data encryption on laptops - all without the complexity and cost associated with maintaining on-premise servers. Wave Cloud provides activation, ownership, and management of TPMs from a central location and puts TPM management under IT control. Wave Cloud provides an organization with drive initialization, user management, drive locking and user recovery for all OPAL-based, proprietary, and solid-state SEDs.

Wave Endpoint Monitor Wave Endpoint Monitor ("WEM") detects malware by leveraging the capabilities of the TPM. WEM provides increased visibility into endpoint health to help protect enterprise resources and minimize the potential cost of advanced persistent threats such as rootkits. Rootkit attacks are particularly harmful in their ability to hide in host systems, evade current mainstream detection methods (such as anti-virus programs or whitelisting at the operating system level) and their capacity to replace legitimate IT system firmware. Such attacks occur before the operating system loads, targeting the system BIOS and Master Boot Record, and can persistently infect higher-level system functions including operating systems and applications. WEM captures verifiable PC health and security metrics before the operating system loads, by utilizing information stored within the TPM. If anomalies are detected, IT is alerted immediately with real-time analytics. Capabilities of WEM include reporting of PC integrity measurements, ensuring data comes from a known endpoint, alerting IT administrators to anomalous behaviors, providing configurable reporting and query tools, ensuring strong device identity through the use of hardware-based digital certificates and remote provisioning of the TPM.

Wave for BitLocker® Management Wave provides automated turn-key management for Microsoft BitLocker® encryption, which is suitable for organizations that have not yet phased SEDs into their computers and who are migrating to Windows 7 that have Microsoft Enterprise Agreements or Software Assurance for Volume Licensing. Wave for BitLocker® Management allows an organization to set policies with a click of a button, and monitor security from a single console - simplifying an organization's deployment by eliminating the need for specialized knowledge or costly systems.

Key features of Wave for BitLocker® include centralized policy enforcement, recoverability of data in the event of a PC crash, securing of BitLocker® recovery passwords in an encrypted database, remote discovery and activation of BitLocker® client machines, remote activation of encryption without end-user involvement and a seamless migration path to SEDs.

23 -------------------------------------------------------------------------------- Table of Contents Wave plans to continue to develop and enhance the current products being developed within this product group and to develop new applications and services as the trusted computing market continues to evolve. Current planned development costs for this product group are expected to be approximately $5.6 million for the twelve-months ending September 30, 2013.

Middleware and Tools TCG-Enabled Toolkit The Wave TCG-Enabled Toolkit is a compilation of software designed to assist application developers writing new applications or modifying existing ones to function on TCG-compliant personal computers having TPM security chips. Wave provides two versions of the Toolkit, Discovery and Commercial, which can enable developers to leverage basic and enhanced TCG services such as integrated key lifecycle management, including key escrow and key recovery. The Discovery Toolkit offers application developers a license for internal evaluation only, whereas the Commercial Toolkit is a license for external redistribution.

Wave TCG-Enabled Cryptographic Service Provider ("CSP") Wave offers a TCG-enabled CSP which can allow software developers to utilize the enhanced security of a TCG standards-based platform facilitating a common user experience independent of the platform. It is also designed to enable applications to utilize functionality available on TCG-compliant platforms directly through the Microsoft cryptographic application programming interface without requiring user knowledge of any specific TCG software stack layer.

Current planned development costs for this product group are expected to be approximately $5.7 million for the twelve-months ending September 30, 2013.

EMBASSY Trust Server Applications EMBASSY Key Management Server ("EKMS") EKMS is a server application that is designed to provide corporate-level backup and transition of the TPM keys, a process known as key migration. Key migration using EKMS is designed to help prevent the risk of serious data loss in the event that a TPM, hard drive or motherboard becomes corrupted or a user leaves the organization. EKMS may assist an organization that requires access to a former employee's encrypted data or TPM-secured keys for business continuity or disaster recovery purposes. EKMS enables enterprise-level key protection services while ensuring proper archive procedures and recovery capabilities.

EMBASSY Authentication Server ("EAS") EAS is offered to provide centralized management, provisioning and enforcement of multifactor domain access policies. With EAS, authentication policies can be based on TPM credentials, smart card credentials, user passwords and fingerprint templates. With EAS, authentication policies can be provisioned and managed from the domain controller. EAS also has an integrated biometric template capability.

EMBASSY Remote Administration Server ("ERAS") ERAS is a server product that is offered to provide centralized management and auditing of TPMs and SEDs. ERAS for TPMs provides device and user identification management. ERAS software presents the TPM as a virtual smart card so existing solutions such as Microsoft Windows Login and Remote Desktop may be easily integrated. This provides true, hardware-based, multi-factor authentication that uses the hardware within the device. ERAS for TPMs also provides security compliance as the software documents exactly which devices and users are on a network, and provides data protection as access to a network can be restricted to only known devices. ERAS for SEDs delivers drive initialization, user management, drive locking, user recovery and cryto erase for all Opal-based, proprietary and solid-state SEDs. ERAS is designed to provide auditing capabilities that aid in compliance management by allowing for validation of TPM and SED security settings and to allow IT administrators to assess the risk of whether a lost or compromised PC is adequately secure. ERAS is designed to facilitate enterprise adoption 24 -------------------------------------------------------------------------------- Table of Contents of TPM and SED technology as it provides IT administrators with tools to utilize the security of these devices while reducing deployment and management costs.

Current planned development costs for this product group are expected to be approximately $3.5 million for the twelve-months ending September 30, 2013.

[ Back To SIP Trunking Home's Homepage ]

Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner

Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.