RSA Secy's SecurID, Motorola's PowerQuic, and AMD's Au1550 are among products that provide security for embedded systems. For embedded security, organizations must consider the types of assets to be protected, and they must protect against memory loss and use encryption when an embedded system is connected to a network or the Internet. Also required is protection of browser-accessible resources. NIST's (National Institute of Standards') special publication 800-27 provides various security-related design principles to be taken into account during each phase of a product's life cycle. For software, the U.S., Canada, and several European nations created the Common Criteria for Information Technology Security Evaluation, also known as Common Criteria. The Common Criteria structure permits consumers, developers, and evaluators to specify security functionality of a product in standard protection profiles and evaluation-assurance levels (EALs). No operating system (OS) has yet achieved the highest EAL-7 certification, but some development programs are in process, including one from LynuxWorks. Another embedded software security standard is Multiple Independent Levels of Security (MILS), which permits creation of mathematically verified, always-invoked, and tamper-proof application code with security features that cannot be circumvented for attempts at hacking. To create open industry standards for interoperable hardware and software, the Trusted Computing Platform Alliance (TCPA) was formed by Compaq, Hewlett-Packard (HP), IBM, Intel, and Microsoft in 1999 to define and develop a paradigm for trusted computing as a security standard. RSA Security's SecurID is a widely used two-stage authentication system and is used by many organizations for identification of remote users. The token fits on a key chain and outputs a new six-digital security code every minute. Users have to enter a private PIN and the code displayed on the token to gain access to a secure embedded system. For browser security, Secure Sockets Layer (SSL) generally protects TCP/IP-transmitted data and offers data encryption, server authentication, message integrity, and optional client authentication. Also for browser security, Motorola adds integrated security engines to its widely used PowerQuicc processors, including thee MPC885, MPC8272, and MPC8349E families, to get rid of encryption slow-downs in applications supporting IPSec, SSL, and other security protocols. AMD's Au1550 for browser security is a security network process with an integrated security engine that deploys the IPSec virtual private network (VPN)-packet protocol to speed packet-processing in hardware and to provide security functions without impacting the primary application software.