Secure computing environment using a client heartbeat to address theft and unauthorized access

US 8,745,383 B2
Filed: 08/07/2009
Issued: 06/03/2014
Est. Priority Date: 08/08/2008
Status: Active Grant

First Claim

Patent Images

1. One or more machine-readable non-transitory mediums storing one or more sequences of instructions for securing a client, which when executed, cause:

an operating system agent to send, at intervals during the execution of an operating system of the client, a message to a BIOS agent, wherein the message describes an operational state of the operating system agent, wherein the BIOS agent resides in a runtime portion of the BIOS of the client, wherein the operating system agent is one or more software modules that execute in the operating system, and wherein the BIOS agent is one or more software modules operating in a BIOS of the client,wherein the BIOS agent receives messages from the operating system agent after the client has booted; and

the BIOS agent to perform, after the client has booted, an action based on a policy, wherein the policy is described by policy data stored within the BIOS of the client, and wherein the BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time,wherein the action is performed by the BIOS agent while the operating system is operational.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for securing a client. An operating system agent is one or more software modules that execute in an operating system of a client, such as a portable computer. Portions of the operating system agent may monitor resources of the client. The operating system agent sends a message, which describes an operational state of the operating system agent, to a BIOS agent. The BIOS agent is one or more software modules operating in a BIOS of the client. The BIOS agent performs an action based on a policy that is described by policy data stored within the BIOS of the client. The BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time.

37 Citations

View as Search Results

19 Claims

1. One or more machine-readable non-transitory mediums storing one or more sequences of instructions for securing a client, which when executed, cause:
- an operating system agent to send, at intervals during the execution of an operating system of the client, a message to a BIOS agent, wherein the message describes an operational state of the operating system agent, wherein the BIOS agent resides in a runtime portion of the BIOS of the client, wherein the operating system agent is one or more software modules that execute in the operating system, and wherein the BIOS agent is one or more software modules operating in a BIOS of the client,wherein the BIOS agent receives messages from the operating system agent after the client has booted; and
  
  the BIOS agent to perform, after the client has booted, an action based on a policy, wherein the policy is described by policy data stored within the BIOS of the client, and wherein the BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time,wherein the action is performed by the BIOS agent while the operating system is operational.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The one or more machine-readable non-transitory mediums of claim 1, wherein the client is a laptop computer.
  - 3. The one or more machine-readable non-transitory mediums of claim 1, wherein the policy data is stored by the BIOS on a flash microchip, and wherein the policy data is encrypted on the flash microchip.
  - 4. The one or more machine-readable non-transitory mediums of claim 1, wherein the expected period of time is measured by a number of times the client is rebooted.
  - 5. The one or more machine-readable non-transitory mediums of claim 1, wherein the operational state described by the message indicates whether any portion of the operating system agent has been removed or is corrupted.
  - 6. The one or more machine-readable non-transitory mediums of claim 1, wherein at least one module, of the one or more software modules comprising the operating system agent, monitors resources of the client, and wherein at least two modules, of the one or more software modules comprising the operating system agent, contribute information for inclusion within the message.
  - 7. The one or more machine-readable non-transitory mediums of claim 1, wherein the action is to disable the client.
  - 8. The one or more machine-readable non-transitory mediums of claim 1, wherein the operational state described by the message indicates the number of times a portion of the operating system agent has been removed or become corrupted, and wherein the policy references the number of times the portion of the operating system agent has been removed or become corrupted.
  - 9. The one or more machine-readable non-transitory mediums of claim 1, wherein execution of the one or more sequences of instructions further causes:
    - upon the BIOS agent not receiving the message after the expected period of time, the BIOS agent to determine if the operating system agent is installed on the client; and
      
      upon the BIOS agent determining that the operating system agent is not installed on the client, the BIOS agent to cause the operating system agent to become installed in the operating system of the client.

10. A method for securing a client, comprising:
- an operating system agent sending, at intervals during the execution of an operating system of the client, a message to a BIOS agent, wherein the message describes an operational state of the operating system agent, wherein the BIOS agent resides in a runtime portion of the BIOS of the client, wherein the operating system agent is one or more software modules that execute in the operating system, and wherein the BIOS agent is one or more software modules operating in a BIOS of the client,wherein the BIOS agent receives messages from the operating system agent after the client has booted; and
  
  the BIOS agent performing, after the client has booted, an action based on a policy, wherein the policy is described by policy data stored within the BIOS of the client, and wherein the BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time,wherein the action is performed by the BIOS agent while the operating system is operational.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the client is a laptop computer.
  - 12. The method of claim 10, wherein the policy data is stored by the BIOS on a flash microchip, and wherein the policy data is encrypted on the flash microchip.
  - 13. The method of claim 10, wherein the expected period of time is measured by a number of times the client is rebooted.
  - 14. The method of claim 10, wherein the operational state described by the message indicates whether any portion of the operating system agent has been removed or is corrupted.
  - 15. The method of claim 10, wherein at least one module, of the one or more software modules comprising the operating system agent, monitors resources of the client, and wherein at least two modules, of the one or more software modules comprising the operating system agent, contribute information for inclusion within the message.
  - 16. The method of claim 10, wherein the action is to disable the client.
  - 17. The method of claim 10, wherein the operational state described by the message indicates the number of times a portion of the operating system agent has been removed or become corrupted, and wherein the policy references the number of times the portion of the operating system agent has been removed or become corrupted.
  - 18. The method of claim 11, further comprising:
    - upon the BIOS agent not receiving the message after the expected period of time, the BIOS agent determining if the operating system agent is installed on the client; and
      
      upon the BIOS agent determining that the operating system agent is not installed on the client, the BIOS agent causing the operating system agent to become installed in the operating system of the client.

19. An apparatus for securing resources thereon, comprising:
- one or more processors; and
  
  one or more machine-readable non-transitory mediums storing one or more sequences of instructions, which when executed by the one or more processors, causes;
  
  an operating system agent to send, at intervals during the execution of an operating system of the apparatus, a message to a BIOS agent, wherein the message describes an operational state of the operating system agent, wherein the BIOS agent resides in a runtime portion of the BIOS of the client, wherein the operating system agent is one or more software modules that execute in the operating system, and wherein the BIOS agent is one or more software modules operating in a BIOS of the apparatus,wherein the BIOS agent receives messages from the operating system agent after the client has booted; and
  
  the BIOS agent to perform, after the client has booted, an action based on a policy, wherein the policy is described by policy data stored within the BIOS of the apparatus, and wherein the BIOS agent performs the action in response to either (a) the operational state described by the message, or (b) the BIOS agent not receiving the message after an expected period of time,wherein the action is performed by the BIOS agent while the operating system is operational.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Absolute Software Corporation
Original Assignee
Absolute Software Corporation
Inventors
Tarkhanyan, Anahit, Gupta, Ravi, Banga, Gaurav
Primary Examiner(s)
Okeke, Izunna

Application Number

US12/538,044
Publication Number

US 20100037291A1
Time in Patent Office

1,761 Days
Field of Search

726/35
US Class Current

713/164
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/88 Detecting or preventing the...

Secure computing environment using a client heartbeat to address theft and unauthorized access

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure computing environment using a client heartbeat to address theft and unauthorized access

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links