The present invention relates generally to information handling systems, and more specifically to a system and method for securing information handling systems, operating systems, software applications, information and the like against theft or misuse.
Information handling systems such as desktop personal computers, portable computers (i.e., laptop or notebook computers) and the like, being valuable assets, have historically been prone to theft or misuse. For example, an enterprise may own several portable computers that are made available for use by personnel at remote sites to perform enterprise-related tasks. Because of their small size and high value, such portable computers may easily be stolen by third parties or by the personnel themselves, and once stolen, are extremely difficult to recover. Likewise, an enterprise may employ a networked computer system available for use by personnel while on the enterprise""s premises. Such an enterprise may wish to limit access to the network to curtail unproductive activities such as Internet browsing during working hours.
Proprietary software applications and information utilized by such information handling systems are similarly plagued by problems such as unauthorized use, copying and piracy. With the growing popularity of services such as the Internet, such software applications and information are increasingly provided for sale to consumers via electronic fund transfer and downloaded directly to the consumer""s computer. Prevention of unauthorized use or illegal copying of software applications distributed in this manner is extremely difficult and rarely successful. Further, once downloaded, developers of stand-alone software applications (i.e., software applications that do not require support external to the information handling system) have extremely limited means of controlling use of the application. For example, the developer of an application may wish to provide a complementary copy of the application to users and thereafter incrementally charge for its use, disabling use if payment is not received. Presently, this objective is not possible. Thus, sales of the application may be hampered because potential users are unwilling to pay for unlimited use of the application, even though such users may frequently desire the application and would be willing to pay a lesser amount for more limited use if the option was available.
Known to the art are a variety of security systems and methods that limit access to networked information handling systems by unauthorized individuals. Such systems typically require a special access code such as a user identification and/or password, or a special device such as a key or identification card to allow use of the information handling system. However, access codes and devices are frequently lost or forgotten, and may themselves be stolen or copied. Further, such security systems only prevent access to the information handling system network, and do not prevent continued use of client information handling systems while disconnected from the network, for example, if stolen.
Similarly, client/server security systems are known wherein a software application provided via a network such as a local area network (LAN), Wide Area Network (WAN), Online Service Provider, the Internet, etc. is divided into a server component resident on a server computer and a client portion resident on a client computer, wherein the client component essentially serves as the user""s interface to the server component. However, while such systems do prohibit unauthorized copying and use of software applications, they require continuous connection of the client computer with the server computer via the network. Such connection requirements often adversely affect the speed and capabilities of the software application especially during periods of high network usage.
For the foregoing reasons, it would be advantageous to provide an improved system and method for securing functions of an information handling system such as startup (i.e., boot), loading of an operating system, execution of a software application, etc. whereby the information handling system must be authenticated by a centralized authority, such as a server or home station, to permit the information handling system to provide or to continue providing the function when disconnected from the system.
Accordingly, the present invention is directed to a novel system and method for securing functions of an information handling system such as startup (i.e., boot), loading of an operating system or execution of a software application by requiring authentication of the information handling system to enable the function. According to a principal aspect of the present invention, a client information handling system establishes a communication link with a central system. An example would be to connect to a server via a network such as a Local Area Network (LAN), Wide Area Network (WAN), Online Service Provider, or the Internet; or to connect directly with a connection to a home station, a second system or docking station. A request for authentication is sent to the central system by the information handling system via the communication link. The central system, upon receiving the authentication request from the information handling system, determines if the authentication request is valid, and, if valid, authenticates the information handling system allowing the information handling system to provide the function or continue providing the function, even when disconnected from the central system.
In a first exemplary embodiment, the present invention is utilized as an anti-theft system for information handling systems such as desktop and/or portable computers. Authentication is comprised of encrypted tokens passed from the central system to the information handling system via the network to enable operation of the information handling system. Tokens may be stored by the information handling system to allow remote operation of the information handling system independent of the central system. Preferably, each token enables a predetermined amount of start ups, or boot ups, of the information handling system, after which the information handling system is disabled unless communication is reestablished with the central system and additional tokens are requested and received.
In a second exemplary embodiment, the present invention may be utilized to allow incremental charging for the use of software applications and information, and to prevent unauthorized use or copying of software applications and information. A stand-alone software application resident in the information handling system requires authentication of the information handling system for execution. Authentication is comprised of encrypted tokens passed from the central system to the information handling system via the communication link to enable execution of the software application or use of the information. Tokens may be stored by the information handling system to allow continued execution of the application independent of the central system. Preferably, each token enables a predetermined amount of start ups, or some other measure of usage, of the application, after which time execution of the application is disabled unless communication is reestablished with the central system and additional tokens are requested and received.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention claimed. The accompanying drawings which are incorporated in, and constitute a part of, the specification illustrate embodiments of the invention and, together with the general description, serve to explain the principles of the invention.