IBM Corp says that customers are worried about security levels, and is adding security support into its PC hardware. Security breaches happen both inside and outside the organization, and IBM says it’s no longer enough simply to hide behind a firewall. Next week, IBM is set to announce new versions of its PC 300 commercial systems and NT-based IntelliStation workstations under the name IBM Client Security Solutions. The systems will ship by the end of October, and according to IBM won’t be subject to a price premium over other models for the security. Actual prices weren’t available at press time.

Until now, says IBM, no one has put much thought into PC security. There are smart card readers available for PCs – including a new kit from IBM itself – and Apple Computer Inc recently introduced Voice Password access with the latest version of MacOS. But IBM says it’s putting hardware level support in place that will secure the platform below those systems, and provide the interfaces for those additions.

The new systems include an embedded security chip on the motherboard, developed for IBM by Atmel Corp. The cryptographic microprocessor supports key encryption for privacy and digital signatures for authentification or user identification. It requires the chip itself and a proper pin code for two levels of security. Signatures and certificates are encrypted and stored on the chip. Email messages can be signed and sent securely, and private content on the PC or file server can be protected. Learning from Intel Corp’s problems with its processor serial numbers earlier this year, IBM has gone to privacy advocate groups to check out its strategy, and says it has satisfied the groups by making personalization and trust relationships user controlled. No identification number is placed on the PC.

The new systems also include integrated client-based authentication and authorization policy software, called User Verification Manager. UVM is an application for setting up identity and determining access rights and privileges. IBM says it’s working with suppliers of biometric devices so that customers can choose devices such as fingerprint scanners to make secure access easier. UVM will act as the integration point for IBM’s existing SecureWay and First Secure security software middleware.

IBM is also adding what it says is the first IPSec Network Interface Card including Wake on LAN and Alert on LAN 2 functionality. IPSec is a joint security standard proposed by IBM with Intel Corp, Compaq Computer Corp and Microsoft Corp. It is also supporting the Digital Video Interface, which includes encryption support between PC and monitor. IBM says it’s also keeping its eye on pre-boot security at the BIOS level, but won’t be ready to introduce any products this year.

Security will be added to the PC 300PL and Intellistation E Pro. IBM is also announcing the PC 300GL using the 600MHz Intel Pentium III chip and 133MHz front-side bus in micro tower or desktop formats. IBM will ship the 56-bit encryption systems immediately to all but seven countries the US Government considers unfriendly and will roll-out 256-bit support as the government restrictions are relaxed. IBM admits that despite the added hardware security, the weakest link is still Microsoft’s operating systems software, but points to the additional security support promised for Windows 2000.