Intel Marches On With ‘Project Amber’ To Deliver Independent Trust Assurance
Intel hosted the Innovation conference this week in San Jose. Intel frames the event as for developers by developers—providing an opportunity for attendees to collaborate and learn more about the latest advanced technology, open ecosystem resources, and innovative new computing solutions. Intel also used the event as an opportunity to share progress on “Project Amber” and provide a glimpse at how Intel envisions delivering its attestation-as-a-service offering to customers.
Day one of Intel Innovation kicked off with a keynote from Intel CEO Pat Gelsinger. Pat talked about the evolving industry landscape and shared his insight and vision on the essential technologies of today and tomorrow.
The event packed a lot into two days—and featured information for everyone. There were a variety of session tracks focused on AI/ML (artificial intelligence and machine learning), Client Computing, Data Center/Cloud, Innovation for the Future, Network & Edge Compute, Open Accelerated Computing, and Security.
Intel announced “Project Amber” earlier this year at the Intel Vision conference in Dallas. Intel understands that security and trust are crucial, and invests significant effort and resources to develop innovative solutions that make the world more secure for everyone.
In an increasingly connected world with a rapidly expanding ecosystem of devices, trust is required. Communication between devices or individuals, interacting across the internet with cloud platforms and SaaS (software-as-a-service) applications, and connecting to remote systems and services depend on the ability to verify that the device or person on the other end is legitimate. “Project Amber” is designed to address this challenge by offering an independent, third-party trust authority—similar in scope and function to the way secure certificate authorities enable secure web access.
The initiative was just getting started when I spoke with Intel executives in May. Intel started work on the effort with intent to make a pilot available by end of year and with a target of early 2023 for general availability. In the Day 2 keynote, Greg Lavender delivered an update on the status of “Project Amber”—and shared news of a proof of concept with Leidos’ Health Group.
A blog post from Intel describes the collaboration with Leidos: “The Health Group is building a proof of concept for the Project Amber attestation service for potential use in its QTC Mobile Medical Clinics, which uses large, specially equipped vans to perform “in-the-field” medical exams and health information processing for U.S. veterans in rural and underserved areas. The company is looking to Intel’s new offering and trusted hardware platform to play a key role in meeting complex new security challenges, many caused by connected devices on the Internet of Things (IoT) and Medical Internet of Things (MIoT).”
Ultimately, Leidos’ Health Group wants to create an independently verified hardware root of trust and a trusted distributed compute foundation built around the Project Amber Attestation and Intel Software Guard Extensions (SGX).
Future of Attestation-as-a-Service
I spoke with Nikhil Deshpande, Director of Product Development at Intel, about the progress and future of “Project Amber” and the concept of attestation-as-a-service. He explained that the plans are still evolving, but the intent is to offer Project Amber Attestation under a freemium model—providing the base service to customers for free, and offering premium features or capabilities as a subscription for customers who want or need more.
Nikhil shared, “The free service is designed so that the end users or small developers can test drive Confidential Compute.”
Some of the things that might be part of a subscription or premium offering are record immutability and the ability for customers to be able to provide evidence of that assurance to customers, or a guaranteed SLA (service level agreement) that commits Intel to deliver a prescribed quality of service and support.
Intel is still on track to make the pilot available by end of year and marching ahead with a focus on launching for general availability early next year. Companies who are interested in participating can reach out by emailing email@example.com.