Microsoft later filed a large number of patents
related to the NGSCB platform and its components. Patents for a
digital rights management operating system,
loading and identifying a digital rights management operating system,
key-based secure storage, and
certificate based access control were filed on Jan 8, 1999. A method to authenticate an operating system
based on its central processing unit was filed on March 10, 1999. Patents related to the
secure execution of code and
protection of code in memory were filed on April 6, 1999.
The development of Microsoft's digital rights management operating system, then a project maintained by the Microsoft Research division,
was first reported by John Lettice of The Register on March 23, 2001. The Register
would later report that Microsoft's patent for the operating system was granted on December 11, 2001.
The existence of the software platform
was revealed by Steven Levy of Newsweek on June, 24, 2002. [
Omit multiple references]
Levy stated that the platform would use public-key cryptography to authenticate and identify users, encrypt data to protect against unauthorized access, and use digital rights management technology to enforce access control of information. This combined functionality would allegedly prevent the proliferation of malicious software; a claim which Microsoft
would later deny.
Information encrypted by the platform could be bound to a specific hardware and software configuration. The platform's computing agents, referred to internally as "My Man," would allow authorized users to securely distribute this information to other authorized users, machines, and services. In addition, the platform would allow content providers or users to set policies related to the usage of information. As examples, Levy stated that users would be able to send e-mail messages that could be accessed only by the intended recipient, or create Microsoft Word documents that could only be read a week after their creation date. To provide this functionality, the platform would require specially designed hardware components, including updated processors, motherboards, peripherals, and a new cryptographic coprocessor. NGSCB architect Brian Willman was quoted as saying that the technology would later be available for portable devices, such as telephones and wristwatches. Levy noted that, in the short term, the technology could be used by Microsoft to extend its personal computing monolopy.
Response to Levy's article was critically negative. John Lettice of The Register
dismissed the idea that the platform was designed with security in mind and believed that it was the result of Microsoft's DRM operating system patent that was filed three years before. Richard Forno of The Register
blamed Microsoft's past record with security for the majority of computer security issues, and suggested that the new architecture was unnecessary. Ross Anderson of Cambridge University
released the first version of his TCPA / Palladium FAQ shortly after the revelation from Newsweek. In his assessment of the software platform, Anderson alleged that the technology would allow content providers to remotely validate software or data on personal computers to ensure that the content was legitimate, something which Anderson believed would allow information to be
monitored or censored. Anderson would
later claim that content protected by the platform would incorporate a form of "digital watermark" that would allow content providers to determine where the content originated and also prevent devices without an appropriate certificate from opening it. If a user were to circumvent this content protection, an NGSCB-capable application could detect that the data had been tampered with and remotely delete it (as well as all content associated with it). The tampered material would then be placed on a blacklist, which would be used to screen other files for certain criterion, such as the file's content, the application that had opened the file, or the serial number of the application that created it. Richard Stallman, creator of the GNU Project,
expressed similar concerns, and labelled the initiative as "treacherous computing." Robert Cringely of PBS
believed that Microsoft's
alleged plans to replace the Transmission Control Protocol with a proprietary protocol would come to fruition with the NGSCB. Open source software advocate and computer programmer, Bruce Perens,
believed that the platform was designed to prevent developers from writing open source software and would allow Microsoft to determine the software permitted to run on personal computers.
Less than three weeks before the Windows Hardware Engineering Conference (WinHEC) of 2003, Microsoft's approach
came under fire by two renowned cryptographers, Whitfield Diffie of Sun Microsystem Laboratories, and Ron Rivest, one of the designers of the Rivest-Shamir-Adleman (RSA) encryption algorithm, and founder of RSA security.
Whitfield Diffie admitted that an integrated security scheme was inevitable, but criticized Microsoft's approach with the NGSCB software platform because it was not designed to provide PC owners with the cryptographic keys used for its features. Diffie believed that this approach lent itself to market domination, lock out, and loss of personal computing control.
Ron Rivest stated that an adopter(s) of the technology would be "renting out a part of his PC to people he may not trust" and called for a broad public debate about the software platform.
In 2003, the German government
expressed its concerns that the adoption of the technology would lead to higher computing costs and extend Microsoft's monopoly.
Big Brother Awards
gave its Big Brother award to Microsoft in 2002 for the technology. The organization stated that Microsoft had twice been nominated for the award before - once for the online registration process of Windows 98, which was
reported to have assigned users with a globally unique identification number; and another time for Windows XP with its product activation technology. The German computer magazine CHIP would later refer to Microsoft as "Big Brother." (
CHIP Magazine, April 2004, p. 34-51)
===Name===
In Greek and Roman mythology,
the term "palladium" refers to an object that the safety of a city or nation was believed to be dependent upon.
On January 24, 2003, Microsoft
announced that "Palladium" had been renamed as the "Next-Generation Secure Computing Base." According to NGSCB product manager Mario Juarez, the new name was chosen not only to reflect Microsoft's commitment to the technology in the upcoming decade, but also to avoid any legal conflict with an unnamed company that had already acquired the rights to the Palladium name. Juarez acknowledged that the previous name had been a source of controversy, but denied that the decision was made by Microsoft in an attempt to deflect attention.
===Cancellation===
At WinHEC 2004, Microsoft
announced that it would reconsider its plans for the platform,
based on feedback from customers and ISV partners who stated that they did not want to rewrite their programs in order to benefit from its functionality. Although
some reports stated that Microsoft planned to cancel the platform because of this, the company
later reaffirmed its commitment to the technology.
At WinHEC 2005, Microsoft
announced that its plans had been scaled back in order to ship the post-reset "Longhorn" operating system within a reasonable timeframe. Instead of providing a parallel environment, NGSCB would offer full volume encryption with a feature known as Secure Startup (later renamed as Bitlocker Drive Encryption). The company
stated that it would deliver other aspects of its NGSCB vision at a later date.
In July 2008, Peter Biddle
stated that negative perception was the main factor responsible for the cancellation of the architecture.
