Method, apparatus and system for remote management of mobile devices

US 8,795,388 B2
Filed: 11/08/2012
Issued: 08/05/2014
Est. Priority Date: 12/19/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

continuously monitoring, by a theft deterrence agent on a device, for messages including at least one command specifying an action to secure the device, the theft deterrence agent executing on an embedded processor included in the device, the embedded processor operating independently from a central processing unit (CPU) included in the device, the CPU having an operating system configured to operate the device when executing on the CPU, the embedded processor having another operating system that is separate from the operating system and configured to operate the theft deterrence agent when executing on the embedded processor;

receiving, by the theft deterrence agent on the device, a message directly from another device via a secure network connection, the message including the at least one command specifying an action to secure the device, the action including one of deleting files, deleting a disk or deleting an encryption key;

executing, by the theft deterrence agent on the device, the at least one command in the message to delete files, a disk or an encryption key, the executing including powering on the device to enable the command be executed, upon determination that the device is powered down; and

sending, by the theft deterrence agent on the device, an acknowledgement upon completion of executing the at least one command in the message.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon'"'"'s to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible.

26 Citations

View as Search Results

21 Claims

1. A method, comprising:
- continuously monitoring, by a theft deterrence agent on a device, for messages including at least one command specifying an action to secure the device, the theft deterrence agent executing on an embedded processor included in the device, the embedded processor operating independently from a central processing unit (CPU) included in the device, the CPU having an operating system configured to operate the device when executing on the CPU, the embedded processor having another operating system that is separate from the operating system and configured to operate the theft deterrence agent when executing on the embedded processor;
  
  receiving, by the theft deterrence agent on the device, a message directly from another device via a secure network connection, the message including the at least one command specifying an action to secure the device, the action including one of deleting files, deleting a disk or deleting an encryption key;
  
  executing, by the theft deterrence agent on the device, the at least one command in the message to delete files, a disk or an encryption key, the executing including powering on the device to enable the command be executed, upon determination that the device is powered down; and
  
  sending, by the theft deterrence agent on the device, an acknowledgement upon completion of executing the at least one command in the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1 further comprising:
    - requesting approval from the another device to execute the at least one command in the message prior to executing the at least one command in the message; and
      
      receiving the approval to execute the at least one command in the message.
  - 3. The method according to claim 1, wherein the action specified by the at least one command comprises a system lockdown.
  - 4. The method according to claim 3 further comprising:
    - transmitting the system lockdown message from the theft deterrence agent to a system lockdown agent;
      
      storing device state information in a non-volatile random access memory if the system lockdown agent is missing access to a continuously running battery on the device; and
      
      sending a system reset signal to a system reset line on the device to shutdown the device.
  - 5. The method according to claim 4, further comprising receiving an authorized unlock credential to disable the system lockdown and restore the state information on the device.
  - 6. The method according to claim 5, wherein disabling the system lockdown further comprises:
    - authenticating the unlock credential against a previously provisioned unlock credential on the device, wherein the previously provisioned unlock credential is stored in the secure embedded processor.
  - 7. The method according to claim 6 further comprising:
    - restoring the state information on the device; and
      
      storing the restored device state information in the non-volatile random access memory if the system lockdown agent is missing access to the continuously running battery on the device.

8. An apparatus, comprising:
- a secure embedded processor; and
  
  a theft deterrence agent coupled to the secure embedded processor,the theft deterrence agent to;
  
  continuously monitor for messages including at least one command specifying an action to secure the device;
  
  receive a message directly from another apparatus via a secure network connection, the message including the at least one command specifying an action to secure the device, wherein the action includes one of delete files, delete a disk or delete an encryption key;
  
  authenticate the message against the secure embedded processor via a secure protocol;
  
  execute the at least one command in the message to delete files, a disk or an encryption key, wherein to execute includes power on the apparatus to enable the command be executed, upon determination the apparatus is powered down; and
  
  send an acknowledgement to the user upon completion of executing the at least one command in the message,wherein the theft deterrence agent is to execute on the embedded processor included in the apparatus, the embedded processor operating independently from a central processing unit (CPU) included in the apparatus, the CPU having an operating system to operate the apparatus when executing on the CPU, the embedded processor having another operating system that is separate from the operating system and to operate the theft deterrence agent when executing on the embedded processor.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus according to claim 8, whereinthe theft deterrence agent is to request approval from the another apparatus to execute the at least one command in the message prior to executing the at least one command in the message,the theft deterrence agent is to receive the approval to execute the at least one command in the message.
  - 10. The apparatus according to claim 8, wherein the theft deterrence agent is to execute a system lockdown command in the message to lockdown the apparatus.
  - 11. The apparatus according to claim 10 further comprising:
    - a system lockdown agent coupled to the embedded processor,the system lockdown agent to receive the system lockdown message from the theft deterrence agent;
      
      the system lockdown agent further capable of storing to store device state information in a non-volatile random access memory if the system lockdown agent is missing access to a continuously running battery on the apparatus,the system lockdown agent additionally capable of sending to send a system reset signal to a system reset line on the apparatus to shutdown the apparatus.
  - 12. The apparatus according to claim 11, wherein the system lockdown agent is to receive an authorized unlock credential to disable the system lockdown and restore the state information on the apparatus.
  - 13. The apparatus according to claim 12, wherein the system lockdown agent is to disable the system lockdown;
    - wherein to disable includes to authenticate the unlock credential against a previously provisioned unlock credential on the apparatus, wherein the previously provisioned unlock credential is stored in the secure embedded processor.
  - 14. The apparatus according to claim 13 wherein the system lockdown agent is to:
    - restore the state information on the apparatus; and
      
      store the restored device state information in the non-volatile random access memory if the system lockdown agent is missing access to the continuously running battery on the apparatus.

15. A non-transitory machine accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to enable a device to:
- continuously monitor for messages including at least one command specifying an action to secure the device;
  
  receive in a theft deterrence agent on a device a message directly from another device via a secure network connection, the message including the at least one command specifying an action to secure the device, wherein the action includes one of delete files, delete a disk or delete an encryption key;
  
  authenticate the message against a secure embedded processor via a secure protocol;
  
  execute the at least one command in the message to delete files, a disk or an encryption key, wherein to execute includes power on the device to enable the command be executed, upon determination that the device is powered down; and
  
  send an acknowledgement upon completion of executing the at least one command in the message,wherein the theft deterrence agent is to execute on the embedded processor included in the device, the embedded processor operating independently from a central processing unit (CPU) included in the device, the CPU having an operating system to operate the device when executing on the CPU, the embedded processor having another operating system that is separate from the operating system and to operate the theft deterrence agent when executing on the embedded processor.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory machine accessible medium according to claim 15, wherein the instructions, when executed by the machine, further cause the machine to:
    - request approval from the another device to execute the at least one command in the message prior to executing execution of the at least one command in the message; and
      
      receive approval to execute the at least one command in the message.
  - 17. The non-transitory machine accessible medium according to claim 16, wherein the instructions, when executed by the machine, further cause the machine to execute a system lockdown command in the message.
  - 18. The non-transitory machine accessible medium according to claim 17, wherein the instructions, when executed by the machine, further cause the machine to:
    - transmit the system lockdown message from the theft deterrence agent to a system lockdown agent;
      
      store device state information in a non-volatile random access memory if the system lockdown agent is missing access to a continuously running battery on the device; and
      
      send a system reset signal to a system reset line on the device to shutdown the machine.
  - 19. The non-transitory machine accessible medium according to claim 18, wherein the instructions, when executed by the machine, further cause the machine to receive an authorized unlock credential to disable the system lockdown and restore the state information on the machine.
  - 20. The non-transitory machine accessible medium according to claim 15, wherein the instructions, when executed by the machine, further cause the machine to disable the system lockdown, wherein to disable includes to authenticate the unlock credential against a previously provisioned unlock credential on the device, wherein the previously provisioned unlock credential is stored in the secure embedded processor.
  - 21. The non-transitory machine accessible medium according to claim 20, wherein the instructions, when executed by the machine, further cause the machine to:
    - restore the state information on the machine; and
      
      store the restored device state information in the non-volatile random access memory if the system lockdown agent is missing access to the continuously running battery on the machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Aissi, Selim, Chhabra, Jasmeet, Prakash, Gyan
Primary Examiner(s)
Poltorak, Peter

Application Number

US13/672,345
Publication Number

US 20130125218A1
Time in Patent Office

635 Days
Field of Search

None
US Class Current

726/35
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/88   Detecting or preventing the...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2147   Locking files

H04L 63/08   for authentication of entit...

Method, apparatus and system for remote management of mobile devices

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and system for remote management of mobile devices

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links