This invention relates to a method for computer security whereby commands can be sent remotely to the computer such that operation is enabled or disabled.
Physical computer equipment, and intellectual property stored on hard drives in portable computers, can be worth millions of dollars to the owner companies. Particularly where small, expensive, and portable computers are involved, asset management is becoming very difficult.
With the advent of the Internet and pervasiveness of computers in business and personal life, it is only natural that theft of such equipment, components, and information stored on these systems becomes more prevalent. Employees continue to be the primary source for losses due to theft. For example, employees who have compatible systems at home may be tempted to swap boards and input devices at work to repair their systems at home. Employees are not the only threat. Repairmen, janitors, delivery-persons, other contractors, customers, invited guests, and even security people themselves have an opportunity to take computer property.
Size and portability are also factors. As integrated circuit manufacturers reduce the size of chips with a complementary boost in performance and power, the boxes into which the chips are placed become smaller. Grab-and-run thefts are likely to focus on the smallest equipment. As computer equipment continues to decrease in size (e.g. sub-notebook and smaller computers), the chance of losing it to theft increases. The reduction in size certainly seems to be the way of the future.
Intellectual property comprises a significant part of company""s asset portfolio. In many cases, the value of a piece of intellectual property far exceeds the value of the hardware on which is stored. Consequently, if the hardware is stolen, the ability to prevent access to that information is paramount, and return of the hardware is only a secondary objective. A survey of 325 U.S. companies by the American Society for Industrial Security concluded that potential losses to U.S. companies could total $24 billion a year.
Computers and related peripherals, and intellectual property are not the only target of high-tech theft. State-of-the-art instrumentation and test equipment are also prime candidates and are usually more expensive per unit volume than a typical home computer. Although less marketable than computer equipment, they can represent a sizeable loss to companies using such equipment.
Companies are becoming increasingly concerned about the loss or illicit disclosure of corporate proprietary information. Protection of stored information is accomplished primarily by hard disk software security locks and data encryption. These measures are not absolutely theft-proof and in many cases can be defeated rather easily. Furthermore, once defeated, the system is useable. For example, theft of a laptop with a software protected hard disk can be defeated by simply swapping in a new or different compatible drive without the software protectionxe2x80x94a small price to pay relative to the value of the whole system. Moreover, removal of the laptop computer to a different location will in many cases provide ample time to defeat the software locks and encryption employed to secure the information.
However, in some cases, the theft is for the value of the hardware and not the information contained on the system storage devices. Thus, most hardware security systems attempt to protect the computer system by fixing it to another less mobile object. However, once a security cable is removed, the computer is still fully operational and easily resalable.
These prior art measures are ineffective where the computer equipment has yet to be secured, for example, during shipment to the consumer or during assembly at the manufacturer. Furthermore, the conventional methods are ineffective against theft from a car or from the person. As mentioned before, as integrated circuits become smaller, the more functions that can be designed into a chip and the more densely populated a board becomes. Eventually, all electronic functions of the computer may be integrated into one board. Conventional theft protection methods do not provide the level of protection in these situations to discourage theft of a board or system.
One difficulty in preventing this problem is that most users are unwilling to go to the inconvenience of using passwords or other security measures. Therefore, although some of today""s systems have POST passwords or encryption devices built in, very few of these features are actually enabled, and therefore it is difficult for companies to ensure that systems are secure. Currently, if such a system is lost or stolen while its security features are disabled, there is no way for the owner to prevent its unauthorized use.
The automotive industry has made some use of remotely-activated anti-theft devices. A popular system is called LoJack(trademark), and is used to track stolen vehicles. To protect a car, a transmitter/receiver unit is attached in an inconspicuous place. If the car is stolen, the owner notifies the police. The police then remotely activate the transmitter, which sends a continuous signal allowing police to locate and recover the car. The disadvantage with this system is that the owner must first discover, and notify authorities, that the property has been stolen. Thus it is possible for the thieves to drive the vehicle away when the owner is not aware of the theft, and work for several hours at defeating the anti-theft device or stripping the car. Furthermore, a seasoned thief can easily disable or even remove the transmitter/receiver device, thereby defeating the effectiveness of this anti-theft system.
Other products use Global Positioning System (xe2x80x9cGPSxe2x80x9d) satellites to let distressed drivers call for help or authorities to track stolen cars. The driver must connect a cellular phone installed in the vehicle and enter a pass-code when starting the car.
Further disadvantages of these and related systems are that the owner pays monthly service charges for use of the system. In other designs, it requires that the system be active, and plugged into a phone system. Up-front costs are high for parts and installation. In addition, many solutions reduce the ability to perform work and are subsequently not used.
In general, any remotely activated anti-theft add-on which is inoperative when the system is inoperative has a serious weakness: if the system can be physically removed while inoperative, a thief can take it to a shielded location and work at length on disassembling the system or removing the protection.
The present invention incorporates a new type of security feature into the circuitry of a portable computer (or analogous equipment). The computer contains an RF receiver unit which is always active, even when the computer is not. If the computer is reported stolen, a signal is sent to the receiver to activate a security feature (such as boot password protection), even if the user had previously inactivated this security feature. When the computer is next turned on, this security feature will prevent the thief from making use of the computer.
This security architecture, in the presently preferred embodiment, does not permanently destroy operation of the system, but simply restores the system""s built-in security protection options. This is done by setting a bit in nonvolatile memory, which thereafter makes the system require a password for access to operate the system. (If the user has not enabled password protection, he will have to get an emergency password from his system administrator or from technical support.) An important feature of this embodiment is that it is executed during the system Power-On Self-Test (xe2x80x9cPOSTxe2x80x9d) procedure, and thus cannot be bypassed.
An advantage is that the feature can be coupled to existing third-party communication systems to allow a command to be received by the computer in order to disable operation to unauthorized owners. For example, Eagle Eye Technologies, Inc., builds a tracking system that is capable of locating a transponder to within 3 meters of its actual location. The present application uses a slightly different technique, based upon the same radio frequency (RF) interfacing hardware, to set an electronic key bit in non-volatile RAM of a computer (or a comparably complex mobile or portable unit) which impedes operation of the unit if a security command is sent. Thieves will be reluctant to steal a device with this feature.
Another advantage is obtained at a lower level. With the feature integrated onto the system board, the board itself can be disabled from operating. This prevents board swapping by employees to home computers.
Another advantage is the protection of user data at a higher level. Theft of proprietary information is more difficult in that one more barrier is added to the process. If the system is disabled, the thief must remove the storage unit and install it into a compatible system in order to steal the information.
Another advantage over prior art security systems is that systems are secure during shipment and while sitting in a warehouse. If a shipment disappears, its illegitimate operation can be disabled from any point in the country, or perhaps even the world.
Preferably the satellite receiver is always on, and thus can be commanded to set the security feature even if the system is powered down. This prevents thieves from taking a stolen computer into a shielded room to defeat its protection.
Another advantage is that the system can be secured after it has been lost or stolen, even if the original user did not take advantage of conventional security features.