Frequently Asked Questions

Doesn't the Trusted Computing Initiative make all of this unnecessary?

Absolutely not. The Trusted Computing Initiative and the Trusted Platform Module are ostensibly targeted at the problem of preventing certain types of malware from running on a computer. It can also be used to lock the execution or use of specific content to a single computer. This is the antithesis of the CloakX philosophy. CloakX associates usage rights with a user rather than a computer.

How does the Secure Computing Device differ from the TCI Trusted Platform Module (TPM)?

The Trusted Computing Initiative requires that a Trusted Platform Module (TPM) be tightly integrated with a computing platform. The TPM is used to securely store encryption keys and digital certificates for use by kernel level software on that platform. Unlike an SCD, a TPM has no general computational ability, and is not portable.

Since my SCD in the CloakX System is the only thing that allows me to use my protected content, what happens if it is lost or stolen?

All enablement content in an SCD is replaceable. At any time, a user can log on to the CloakX registration server and report his/her SCD lost or stolen.

How do current DFM schemes work (or fail to work)?

Apple's scheme, called Fairplay, is a closed proprietary system. Apple refuses to license it to anyone, and hides behind DMCA to avoid competition.

Sony's system is terribly flawed and a failed attempt using Rootkit software implanted into customer computers.

Intertrust offers a classic DRM solution. Their patent portfolio does not overlap with CloakX intellectual property. Intertrust has three components:

    * Encrypted media files
    * Rights file
    * Decryption keys

Media files and Rights files are both encrypted with a common key, which is hidden on the system and locked to a hardware hash. The result is a standard scheme wherein the content becomes locked to the computer on which it is stored, and protection derives as much from the obscurity of the key protection as from the actual encryption.

Windows Media File: Microsoft is an Intertrust licensee.

How do current Identity mechanisms work (or fail to work)?

In the case of Biometrics, once stolen, they are irreplaceable. This system does not support multiple identities, and does not support identities for non-human entities or functions (like businesses, organizations, job functions

A second Identity scheme, RSA SecureID, is useable only online. It requires a separate token for every account, and can be cracked. Citibank, for example, has such a system and there are reports on the Internet that the system has been defeated.