Theft-deterrence method and apparatus for processor based devices

US 8,298,295 B2
Filed: 09/28/2007
Issued: 10/30/2012
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. An article of manufacture, comprising:

a tangible non-transitory computer-readable storage medium;

a plurality of programming instructions stored in the storage medium, wherein, in response to execution of the instructions by a device, the programming instructions are configured to cause the device to perform operations including;

receiving, by a manageability engine of the device, a notification indicative of an availability of a network connection from a theft-deterrence agent operated by a processor of the device in an application execution environment operated by the processor, wherein the manageability engine resides on a chipset of the device and is configured to operate concurrently with the theft-deterrence agent, outside the application execution environment, and independently from the processor;

periodically obtaining, by the manageability engine, via the network connection, a theft status of the device from a theft-deterrence server remotely disposed from the device in response to said receiving of the notification, wherein periodically obtaining includes transmitting a request message, wherein the request message includes;

the theft status currently held by the manageability engine;

a current timer value, at expiration of which, the manageability engine is configured to enforce the theft-deterrence policy on the device; and

at least one of a current platform disable priority value, a current encrypted data disable priority value, and a current theft-deterrence server rendezvous priority value; and

enforcing, by the manageability engine, a theft-deterrence policy on the device based on the theft status of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A manageability engine of a processor based device and a host theft-deterrence agent of the processor based device, jointly implement a theft-deterrence protocol with a theft-deterrence service, remotely disposed from the processor based device, to deter theft of the processor based device. The host theft-deterrence agent is configured to operate in a processor operated application execution environment of the processor based device, and the manageability engine is configured to operate outside the application execution environment.

36 Citations

View as Search Results

15 Claims

1. An article of manufacture, comprising:
- a tangible non-transitory computer-readable storage medium;
  
  a plurality of programming instructions stored in the storage medium, wherein, in response to execution of the instructions by a device, the programming instructions are configured to cause the device to perform operations including;
  
  receiving, by a manageability engine of the device, a notification indicative of an availability of a network connection from a theft-deterrence agent operated by a processor of the device in an application execution environment operated by the processor, wherein the manageability engine resides on a chipset of the device and is configured to operate concurrently with the theft-deterrence agent, outside the application execution environment, and independently from the processor;
  
  periodically obtaining, by the manageability engine, via the network connection, a theft status of the device from a theft-deterrence server remotely disposed from the device in response to said receiving of the notification, wherein periodically obtaining includes transmitting a request message, wherein the request message includes;
  
  the theft status currently held by the manageability engine;
  
  a current timer value, at expiration of which, the manageability engine is configured to enforce the theft-deterrence policy on the device; and
  
  at least one of a current platform disable priority value, a current encrypted data disable priority value, and a current theft-deterrence server rendezvous priority value; and
  
  enforcing, by the manageability engine, a theft-deterrence policy on the device based on the theft status of the device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The article of claim 1, wherein the operations further comprise:
    - sending, by the manageability engine, an alert to the host theft-deterrence agent if the theft status denotes stolen status;
      
      providing, by the manageability engine, to the host theft-deterrence agent, a notification of expiration of a theft-deterrence service subscription; and
      
      receiving notification by the manageability engine, from the host theft-deterrence agent, a renewal of the theft-deterrence service subscription.
  - 3. The article of claim 1, wherein the operations further comprise invoking, by the manageability engine, a boot process to reboot the device, and to provide a basic input/output system (BIOS) of the device with a lock down instruction to abort boot up of the device to lock down the device.
  - 4. The article of claim 3, wherein the operations further comprise allowing, by the manageability engine, the BIOS to unlock the device upon reception of appropriate unlocking key.
  - 5. The article of claim 1, wherein said periodically obtaining comprises:
    - waiting, by the manageability engine, expiration of a pre-defined request timer,transmitting, via the network connection, by the manageability engine, on expiration of the request timer, the request message to the theft-deterrence server for the theft status of the device, andreceiving, via the network connection, by the manageability engine, the requested theft status from the theft-deterrence server.

6. A method, comprising:
- determining, by a manageability engine of a device, whether a theft status of the device is stolen, on expiration of a timer, wherein determining includes transmitting a request message, wherein the request message includes;
  
  the theft status currently held by the manageability engine;
  
  a value of the timer, at expiration of which, the manageability engine is configured to enforce the theft-deterrence policy on the device; and
  
  at least one of a current platform disable priority value, a current encrypted data disable priority value, and a current theft-deterrence server rendezvous priority value;
  
  on determining that the theft status of the processor based device is stolen, alerting, by the manageability engine, a host theft-deterrence agent of the device, the host theft-deterrence agent being operated by a processor of the device in an application execution environment operated by the processor, and the manageability engine residing on a chipset of the device and being operated outside the application execution environment, concurrently with the host theft-deterrence agent and independently from the processor;
  
  causing, by the host theft-deterrence agent, on receipt of the alert, the device to reboot; and
  
  enforcing, by the manageability engine, a theft-deterrence policy on the device.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6, further comprising causing the device to lock down if a user of the device is unable to provide an unlock secret acceptable to the manageability engine during said reboot.
  - 8. The method of claim 7, further comprising soliciting, by a basic input/output system (BIOS), the unlock secret from the user, providing an inputted unlock secret to the manageability engine, and receiving an indication from the manageability engine indicating whether the provided unlock secret is acceptable to the manageability or not.
  - 9. The method of claim 6, wherein said determining comprises:
    - receiving, by the manageability engine of the device, a notification indicative of an availability of a network connection from the host theft-deterrence agent;
      
      waiting, by the manageability engine, expiration of the timer;
      
      transmitting, via the network connection, by the manageability engine, on expiration of the timer, the request message to a theft-deterrence server for the theft status of the device; and
      
      receiving, via the network connection, by the manageability engine, the requested theft status from the theft-deterrence server.
  - 10. The method of claim 6, further comprises:
    - applying, by the manageability engine, the received theft status;
      
      transmitting, by the manageability engine, a status indicative of a result of said applying to the theft-deterrence server.
  - 11. The method of claim 6, further comprising registering, by the manageability engine, with the theft-deterrence server to subscribe to a theft-deterrence service.
  - 12. The method of claim 6, further comprising:
    - providing, by the manageability engine, a notification of expiration of a theft-deterrence service subscription to the host theft-deterrence agent; and
      
      notifying the manageability engine, by the host theft-deterrence agent, a renewal of the theft-deterrence service subscription.

13. An apparatus, comprising:
- a processor configured to operate a theft-deterrence agent in an application execution environment, wherein the theft-deterrence agent is configured to check availability of a network connection; and
  
  a manageability engine residing on a chipset coupled to the processor and configured to operate outside the application execution environment, concurrently with the theft-deterrence agent, and independently from the processor,wherein the manageability engine is further configured to;
  
  receive a notification indicative of the availability of a network connection from the theft-deterrence agent;
  
  periodically obtain, via the network connection, a theft status of the apparatus from a theft-deterrence server remotely disposed from the apparatus, wherein to periodically obtain the theft status, the manageability engine is configured to transmit a request message, wherein the request message includes;
  
  the theft status currently held by the manageability engine;
  
  a current value of a timer, at expiration of which, the manageability engine is configured to enforce the theft-deterrence policy on the device; and
  
  at least one of a current platform disable priority value, a current encrypted data disable priority value, and a current theft-deterrence server rendezvous priority value; and
  
  enforce a theft-deterrence policy on the apparatus based on the theft status of the apparatus.
- View Dependent Claims (14)
- - 14. The apparatus of claim 13, wherein the periodically obtain includes:
    - wait for expiration of the timer;
      
      transmit, via the network connection, on expiration of the timer, the request message to the theft-deterrence server for the theft status of the device; and
      
      receive, via the network connection, the requested theft status from the theft-deterrence server.

15. A system, comprising:
- a processor configured to operate a theft-deterrence agent in an application execution environment, wherein the theft-deterrence agent is configured to check availability of a network connection;
  
  a manageability engine residing on a chipset coupled to the processor and configured to operate outside the application execution environment, concurrently with the theft-deterrence agent, and independently from the processor,wherein the manageability engine is further configured to;
  
  receive a notification indicative of the availability of a network connection from the theft-deterrence agent;
  
  periodically obtain, via the network connection, a theft status of the apparatus from a theft-deterrence server remotely disposed from the apparatus, wherein to periodically obtain the theft status, the manageability engine is configured to transmit a request message, wherein the request message includes;
  
  the theft status currently held by the manageability engine;
  
  a current value of a timer, at expiration of which, the manageability engine is configured to enforce the theft-deterrence policy on the device; and
  
  at least one of a current platform disable priority value, a current encrypted data disable priority value, and a current theft-deterrence server rendezvous priority value; and
  
  enforce a theft-deterrence policy on the apparatus based on the theft status of the apparatus; and
  
  a BIOS coupled to the manageability engine and configured to obtain a system lock down status from the manageability engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Aissi, Selim, Chhabra, Jasmeet, Prakash, Gyan
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US11/904,793
Publication Number

US 20090089887A1
Time in Patent Office

1,859 Days
Field of Search

726 35- 36
US Class Current

726/35
CPC Class Codes

G06F 21/88 Detecting or preventing the...

Theft-deterrence method and apparatus for processor based devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Theft-deterrence method and apparatus for processor based devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links