SAN JOSE, Calif. — Convinced that encryption and network security will be required to realize the dream of connecting PCs worldwide, Intel Corp. will begin incorporating security features into its hardware. The company's first steps, outlined at the RSA'99 conference of RSA Data Security Inc., will be a unique ID number for every Pentium III microprocessor that Intel ships, and the ability to generate purely random numbers in hardware.

Much as the company encouraged the development of sophisticated graphics applications on the PC, it plans to prod the industry to develop ubiquitous security across a PC-based network. That's a relatively recent push within Intel, driven by the realization that its vision of connecting PCs worldwide could never work without ways to secure those networks, said Patrick Gelsinger, vice president of Intel (Santa Clara, Calif.).

Intel will discuss its encryption plans with the press in a briefing today (Jan. 21), but an Intel spokesman contended that the company hasn't fleshed out its specific plan for wielding the RSA technology. "Certainly nothing's solidified," he said.

"Intel is covering its bases," said Albert Pang, electronic commerce analyst with International Data Corp. (Mountain View, Calif.). "They realize this is something they can't overlook." Banks, for example, are "one of the major spenders" in technology, and they could scale back their networking plans if they aren't satisfied with advances in security, he said.

Intel joins the fray armed with a cross-licensing agreement with encryption specialist RSA Data Security (San Mateo, Calif.). RSA's announcement of the agreement with Intel earlier this week led to speculation that Intel would build its own encryption chip or add encryption functions to the PC core logic, but both perceptions were "just wrong," the Intel spokesman said.

On the surface, it appears that Intel would prefer to help define the road map for existing encryption companies rather than consume their markets. Some vendors had been pre-briefed about Intel's security plans and were confident that Intel's interest would help drive the growing market for PC and network security.

"It's not out of compassion" that Intel shares this information, said Shawn Abbott, chief technical officer for Rainbow Technologies Inc. (Irvine, Calif.), a vendor of encryption hardware and hardware-based security. Rather, Intel realizes it can't do all the legwork itself and instead turns to established industry players to become allies, he said. But he conceded that Intel's presence looms large: "Without disclosure six months ago, this would have been a very dangerous move to us," Abbott said.

"Just like every software company's looking over their shoulder at Microsoft, every silicon company's looking at Intel," said Bob Monsour, vice president of marketing for encryption-chip vendor Hi/fn Inc. (Los Gatos, Calif.).

Still, he didn't see Intel as an immediate threat, partly because Intel can't yet replace networking security everywhere. Even if Intel were to handle all encryption inside the PC, corporations would need other vendors to secure the surrounding network. "We're still at least five years off from having security be truly transparent, end-to-end, from my PC and my LAN to your PC and your LAN," Monsour said.

Pang, for one, agreed that Intel was unlikely to muscle in on the security business, which increasingly consists of middleware and client-server software applications more than raw encryption. "Fundamentally, Intel is a chip vendor, so they're not going to go after the security business," Pang said. "They just want these chips to be as fully featured as possible. Security is one of these areas people have been talking about for a long time."

Also not threatened by Intel's moves so far is the Microsoft Corp. initiative, also outlined at RSA, to add security features to Windows 2000. "We work with Microsoft as we work with everybody," the Intel spokesman said. Intel's hardware enhancements will support Microsoft's Crypto API as well as RSA's security framework and Intel's own Common Data Security Architecture effort, Gelsinger said.

Intel's plan, outlined by Gelsinger in a keynote speech yesterday (Jan. 20), is to add security functions — not necessarily encryption — to every part of the PC, including the CPU, core logic and motherboard.

That doesn't necessarily mean Intel's chips will handle all encryption and security themselves, the Intel spokesman said. Such a move wouldn't be practical anyway, he said, because varying international encryption controls would prevent such chips from being shipped worldwide. Intel has not yet made any changes to BIOS to add security features there, he said.

Intel will be adding features to the hardware that security applications can exploit, and not all of the features will directly involve cryptography. "The idea is that the cumulative total of these features increases the security of the system," he said.

For starters, Intel will burn a unique, secret identification number into every Pentium III that will ship. (While Gelsinger used the term "serial number," Abbott pointed out that the numbers can't be literally serial, or they wouldn't be secret.) Applications for the number could range from authenticating the PC and user during network communications to registering individual machines for software. "We have some 30-plus applications that have committed to take advantage of this," Gelsinger said.

Because the ID number also could be a privacy threat, Intel plans to allow end users to block transmission of the number, reportedly through a software patch.

For companies that sell into corporate networking environments, the ID number is a long-awaited relief.

"We had dreamed of having a 'serial number' on the motherboard," Abbott said. Previous efforts to tack some kind of unique identification to a PC, through hardware or even through the operating system, had come up empty — "Intel is the only one that could make this happen," Abbott said.

Additionally, Intel plans to provide a hardware-based random-number generator in every PC. The flaw in computer-generated pseudorandom numbers is that they fall in deterministic sequence; each "random" number is calculated based on its predecessor, making cycles and subtle patterns inevitable. Truly random numbers can only be gathered through physical phenomena, such as radioactive decay or, in Intel's case, thermal noise.

Chances are, the hardware random-number generator will be used to select a "seed," or starting point, for an application's pseudorandom generator. This is because pseudorandom numbers are good enough in many cases; the problem is simply that an obvious seed is chosen, usually based on the date.

Intel's move could boost the security industry by reducing the additional cost for security, Abbott noted. He recalled Rainbow's short experiment with smart-card-based security: the company showed a prototype system to banks only to be rejected due to the cost of the card reader — banks wouldn't even adopt the system if the cards came free, he noted.

Intel officials declined to explain any future security enhancements being planned. It's possible they would take the form of extension-set instructions, in the same way that MMX was installed as a multimedia aid. "I've heard people say they might do something similar with RSA," Monsour said.