RECEIVING POLICY DATA FROM A SERVER TO ADDRESS THEFT AND UNAUTHORIZED ACCESS OF A CLIENT

US 20100037323A1
Filed: 08/07/2009
Published: 02/11/2010
Est. Priority Date: 08/08/2008
Status: Active Grant

First Claim

Patent Images

1. A machine-readable medium storing one or more sequences of instructions for securing a client, which when executed, cause:

upon the client undergoing a change in operational state, an operating system agent sending a state message to a server, wherein the state message describes the change in the operational state of the client, wherein the operating system agent is one or more software modules that execute in an operating system of the client;

the client receiving a policy message from the server, wherein the policy message contains policy data; and

a BIOS agent storing the policy data in a BIOS of the client, wherein the policy data identifies one or more security policies which the client should follow, wherein the BIOS agent is one or more software modules that execute in the BIOS of the client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for securing a client. When a client, such as a portable computer, undergoes a change in operational state, an operating system agent sends a state message to a server. The state message describes the change in the operational state of the client. The operating system agent is one or more software modules that execute in an operating system of the client. The client receives a policy message from the server. The policy message contains policy data, which a BIOS agent stores in the BIOS of the client. The policy data identifies one or more security policies which the client should follow.

56 Citations

View as Search Results

23 Claims

1. A machine-readable medium storing one or more sequences of instructions for securing a client, which when executed, cause:
- upon the client undergoing a change in operational state, an operating system agent sending a state message to a server, wherein the state message describes the change in the operational state of the client, wherein the operating system agent is one or more software modules that execute in an operating system of the client;
  
  the client receiving a policy message from the server, wherein the policy message contains policy data; and
  
  a BIOS agent storing the policy data in a BIOS of the client, wherein the policy data identifies one or more security policies which the client should follow, wherein the BIOS agent is one or more software modules that execute in the BIOS of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The machine-readable medium of claim 1, wherein the client is a first client, and wherein the policy data is sent by the server to a second client contemporaneously with the server sending the policy message to the first client.
  - 3. The machine-readable medium of claim 1, wherein the one or more security policies are predefined by an owner of the client, and wherein the owner causes the server to send the policy message to the client by submitting a single instruction to the server.
  - 4. The machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further cause:
    - the client receiving a command from the server, wherein the command instructs the client to become disabled.
  - 5. The machine-readable medium of claim 1, wherein the policy data has been defined by the owner of the client using a web interface provided by the server.
  - 6. The machine-readable medium of claim 1, wherein the change in operational state is the client being physically moved outside of a bounded geographical area.
  - 7. The machine-readable medium of claim 1, wherein execution of the one or more sequences of instructions further cause:
    - the client receiving one or more files from the server, wherein the one or more files are used by the client to restore or reinstall at least a portion of the operating system agent.
  - 8. The machine-readable medium of claim 1, wherein the change in operational state is the client being assigned a new network address or experiencing a change in hardware configuration.
  - 9. The machine-readable medium of claim 1, wherein the change in operational state is a difference in a current message that was received by the BIOS agent and sent from the operating system agent compared to a prior message that was received by the BIOS agent and sent from the operating system agent, wherein the current message and the prior message describe operational states of the operating system agent.
  - 10. The machine-readable medium of claim 1, wherein the change in operating state is the client being powered on or powered off.
  - 11. The machine-readable medium of claim 1, wherein an owner of the client is not a user of the client, and wherein the user of the client cannot modify the one or more security policies which the client should follow.

12. A method for securing a client, comprising:
- upon the client undergoing a change in operational state, an operating system agent sending a state message to a server, wherein the state message describes the change in the operational state of the client, wherein the operating system agent is one or more software modules that execute in an operating system of the client;
  
  the client receiving a policy message from the server, wherein the policy message contains policy data; and
  
  a BIOS agent storing the policy data in a BIOS of the client, wherein the policy data identifies one or more security policies which the client should follow, and wherein the BIOS agent is one or more software modules executing in the BIOS of the client.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the client is a first client, and wherein the policy data is sent by the server to a second client contemporaneously with the server sending the policy message to the first client.
  - 14. The method of claim 12, wherein the one or more security policies are predefined by an owner of the client, and wherein the owner causes the server to send the policy message to the client by submitting a single instruction to the server.
  - 15. The method of claim 12, further comprising:
    - the client receiving a command from the server, wherein the command instructs the client to become disabled.
  - 16. The method of claim 12, wherein the policy data has been defined by the owner of the client using a web interface provided by the server.
  - 17. The method of claim 12, wherein the change in operational state is the client being physically moved outside of a bounded geographical area.
  - 18. The method of claim 12, further comprising:
    - the client receiving one or more files from the server, wherein the one or more files are used by the client to restore or reinstall at least a portion of the operating system agent.
  - 19. The method of claim 12, wherein the change in operational state is the client being assigned a new network address or experiencing a change in hardware configuration.
  - 20. The method of claim 12, wherein the change in operational state is a difference in a current message that was received by the BIOS agent and sent from the operating system agent compared to a prior message that was received by the BIOS agent and sent from the operating system agent, wherein the current message and the prior message describe operational states of the operating system agent.
  - 21. The method of claim 12, wherein the change in operating state is the client being powered on or powered off.
  - 22. The method of claim 12, wherein an owner of the client is not a user of the client, and wherein the user of the client cannot modify the one or more security policies which the client should follow.

23. An apparatus for securing resources therein, comprising:
- one or more processors; and
  
  a machine-readable medium storing one or more sequences of instructions, which when executed by the one or more processors, cause;
  
  upon the apparatus undergoing a change in operational state, an operating system agent sending a state message to a server, wherein the state message describes the change in the operational state of the apparatus, wherein the operating system agent is one or more software modules that execute in an operating system of the apparatus;
  
  the apparatus receiving a policy message from the server, wherein the policy message contains policy data; and
  
  the apparatus storing the policy data in a BIOS of the apparatus, wherein the policy data identifies one or more security policies which the apparatus should follow.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absolute Software Corporation
Original Assignee
Absolute Software Corporation
Inventors
Lemieux, Jacques, Banga, Gaurav, Gupta, Ravi, Tarkhanyan, Anahit

Granted Patent

US 8,332,953 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/88 Detecting or preventing the...

RECEIVING POLICY DATA FROM A SERVER TO ADDRESS THEFT AND UNAUTHORIZED ACCESS OF A CLIENT

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

RECEIVING POLICY DATA FROM A SERVER TO ADDRESS THEFT AND UNAUTHORIZED ACCESS OF A CLIENT

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links