System and method for preventing thin/zero client from unauthorized physical access

US 10,552,646 B2
Filed: 07/29/2016
Issued: 02/04/2020
Est. Priority Date: 07/29/2016
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a computing device as a thin client or a zero client, wherein the computing device comprises a central processing unit (CPU) and a chassis enclosing the CPU, and the computing device as the thin client or the zero client is remotely accessible by a server; and

a microcontroller located and operated entirely within the chassis of the computing device and operated independently and separately from the computing device, and communicatively connected to the chassis via a first interface, the microcontroller comprises a processor and a storage device storing computer executable code, wherein the computer executable code, when executed at the processor, is configured to;

monitor the chassis, wherein the chassis is configured to generate a signal for the first interface when the chassis is physically opened;

in response to receiving the signal from the chassis via the first interface, determine that a physical access event occurs to the computing device; and

in response to the physical access event,generate a log to record events for the computing device, and store the log in the storage device; and

perform a self-protect action to the computing device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain aspects direct to systems and methods for preventing a thin client or a zero client from unauthorized physical access. A microcontroller is provided and connected to the chassis of the thin client or zero client computing device via a first interface, such as a general-purpose input/output (GPIO) line. Whenever the chassis is physically opened, the chassis generates a signal, and sends the signal to the microcontroller via the GPIO line. Upon receiving the signal, the microcontroller determines that a physical access event occurs to the computing device. Unless the physical access event is authorized, the microcontroller may generate a log to record events for the computing device, and store the log in the storage device; and perform a self-protect action to the computing device. If network connectivity is available, the microcontroller may send the log to a server via the network.

10 Citations

20 Claims

1. A system, comprising:
- a computing device as a thin client or a zero client, wherein the computing device comprises a central processing unit (CPU) and a chassis enclosing the CPU, and the computing device as the thin client or the zero client is remotely accessible by a server; and
  
  a microcontroller located and operated entirely within the chassis of the computing device and operated independently and separately from the computing device, and communicatively connected to the chassis via a first interface, the microcontroller comprises a processor and a storage device storing computer executable code, wherein the computer executable code, when executed at the processor, is configured to;
  
  monitor the chassis, wherein the chassis is configured to generate a signal for the first interface when the chassis is physically opened;
  
  in response to receiving the signal from the chassis via the first interface, determine that a physical access event occurs to the computing device; and
  
  in response to the physical access event,generate a log to record events for the computing device, and store the log in the storage device; and
  
  perform a self-protect action to the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as claimed in claim 1, wherein the first interface is a general-purpose input/output (GPIO) line.
  - 3. The system as claimed in claim 1, further comprising a server communicatively connected to the computing device and the microcontroller via a network, wherein the computer executable code, when executed at the processor, is further configured to:
    - in response to the physical access event, send the log to the server via the network.
  - 4. The system as claimed in claim 1, wherein the microcontroller is connected to the CPU of the computing device via a second interface, and the microcontroller is configured to perform the self-protect action to the computing device by:
    - generating a command for the self-protect action; and
      
      sending the command to the CPU via the second interface.
  - 5. The system as claimed in claim 4, wherein the second interface is a serial peripheral interface (SPI).
  - 6. The system as claimed in claim 1, wherein the self-protect action comprises:
    - disabling or locking features of the computing device; and
      
      erasing or changing data stored in the computing device.
  - 7. The system as claimed in claim 1, wherein the storage device of the microcontroller is a non-volatile memory.
  - 8. The system as claimed in claim 1, further comprising a battery connected to the microcontroller, wherein the microcontroller is powered by a power supply unit (PSU) of the computing device when the PSU is available, and by the battery when the PSU is unavailable.
  - 9. The system as claimed in claim 1, wherein the computer executable code, when executed at the processor, is further configured to:
    - receive an input to authorize access to the computing device for a period of time; and
      
      in response to the input, determine, within the period of time, the physical access event as an authorized access event, wherein the computer executable code does not perform the self-protect action to the computing device in response to the authorized access event.
  - 10. The system as claimed in claim 9, further comprising a server communicatively connected to the computing device and the microcontroller via a network, wherein the computer executable code, when executed at the processor, is configured to receive the input to authorize access to the computing device from the server via the network.

11. A method for preventing a thin client or a zero client from unauthorized physical access, the method comprising:
- monitoring, by a microcontroller, a chassis of a computing device as the thin client or the zero client of a system, wherein the microcontroller is located and operated entirely within the chassis of the computing device and operated independently and separately from the computing device, and is communicatively connected to the chassis via a first interface, the computing device as the thin client or the zero client is remotely accessible by a server, and the chassis is configured to generate a signal for the first interface when the chassis is physically opened;
  
  in response to receiving the signal from the chassis via the first interface, determining, by the microcontroller, that a physical access event occurs to the computing device; and
  
  in response to the physical access event,generating, by the microcontroller, a log to record events for the computing device, and storing the log in a non-volatile memory; and
  
  performing, by the microcontroller, a self-protect action to the computing device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method as claimed in claim 11, wherein the first interface is a general-purpose input/output (GPIO) line.
  - 13. The method as claimed in claim 11, wherein the microcontroller is connected to the CPU of the computing device via a second interface, and the microcontroller is configured to perform the self-protect action to the computing device by:
    - generating a command for the self-protect action; and
      
      sending a command to the CPU via the second interface;
      
      wherein the second interface is a serial peripheral interface (SPI).
  - 14. The method as claimed in claim 11, wherein the self-protect action comprises:
    - disabling or locking features of the computing device; and
      
      erasing or changing data stored in the computing device.
  - 15. The method as claimed in claim 11, further comprising:
    - receiving, by the microcontroller, an input to authorize access to the computing device for a period of time; and
      
      in response to the input, determining, nu the microcontroller within the period of time, the physical access event as an authorized access event, wherein the self-protect action to the computing device is not performed in response to the authorized event.

16. A non-transitory computer readable medium storing computer executable code, wherein the computer executable code, when executed at a processor of a microcontroller, is configured to:
- monitor a chassis of a computing device as a thin client or a zero client of a system, wherein the microcontroller is located and operated entirely within the chassis of the computing device and operated independently and separately from the computing device, and is communicatively connected to the chassis via a first interface, the computing device as the thin client or the zero client is remotely accessible by a server, and the chassis is configured to generate a signal for the first interface when the chassis is physically opened;
  
  in response to receiving the signal from the chassis via the first interface, determine that a physical access event occurs to the computing device; and
  
  in response to the physical access event,generate a log to record events for the computing device, and store the log in a non-volatile memory; and
  
  perform a self-protect action to the computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium as claimed in claim 16, wherein the first interface is a general-purpose input/output (GPIO) line.
  - 18. The non-transitory computer readable medium as claimed in claim 16, wherein the microcontroller is connected to the CPU of the computing device via a second interface, and the microcontroller is configured to perform the self-protect action to the computing device by:
    - generating a command for the self-protect action; and
      
      sending a command to the CPU via the second interface.
  - 19. The non-transitory computer readable medium as claimed in claim 16, wherein the self-protect action comprises:
    - disabling or locking features of the computing device; and
      
      erasing or changing data stored in the computing device.
  - 20. The non-transitory computer readable medium as claimed in claim 16, wherein the computer executable code, when executed at the processor, is further configured to:
    - receive an input to authorize access to the computing device for a period of time; and
      
      in response to the input, determine, within the period of time, the physical access event as an authorized access event, wherein the computer executable code does not perform the self-protect action to the computing device in response to the authorized event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AmZetta Technologies, LLC (American Megatrends International, LLC)
Original Assignee
AmZetta Technologies, LLC (American Megatrends International, LLC)
Inventors
Subramanian, Yugender P., Ayanam, Varadachari Sudan, Christopher, Samvinesh, Sureshkumar, Rajamanickem
Primary Examiner(s)
Shaw, Peter C

Application Number

US15/224,005
Publication Number

US 20180032761A1
Time in Patent Office

1,285 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/86 Secure or tamper-resistant ...

G06F 2221/2143 Clearing memory, e.g. to pr...

System and method for preventing thin/zero client from unauthorized physical access

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for preventing thin/zero client from unauthorized physical access

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links