Most active management technology (AMT) usage devices (which may be included in for example a “notebook” or laptop computer) depend on network connectivity. If an AMT device does not have a usable Internet connection, then the notebook computer cannot be effectively managed by an information technology (IT) administrator or a manageability service provider (MSP). If the host operating system (OS) is running, the manageability engine or management engine (ME, such as, for example, Intel Management Engine™) can use the host network stack to access the network; if not (e.g., the notebook computer is in power state S3, S4 or S5, or the host OS is corrupted), the network stack of the ME itself can be used to establish a connection. If the notebook computer is connected to a corporate network or other networks like home networks, the host network stack or network stack of the ME can be used, depending on the state of the host OS. This is also applicable when the notebook is located for example at home.
A “hotspot” generally refers to a venue or area that offers access (usually wireless access) to a publicly accessible network, typically either local area network (LAN) or wireless local area network (WLAN), typically free or commercial (e.g., requiring payment). Other types of hotspots are known. A commercial hotspot may require an account to be set up with the provider. The user may need to log in to the hotspot with pre-established credentials in order to gain full Internet connectivity.
If the host OS is running and there are no networking problems, the notebook computer may be reachable for manageability purposes by performing hotspot login on the host OS, typically requiring user intervention.
However, if the host OS is not running, the ME may be unable to interact with the user, since it cannot display messages or ask for run-time input (such as credentials from the user). It must therefore be able to connect to the hotspot network without any user interaction.
Furthermore, embedded devices with communication stacks (such as for example Intel AMT™, Intel ME™) need to communicate over secure protocols, such as, for example, hypertext transfer protocol over secure socket later (HTTPS), transport layer security (TLS) or other cryptographic protocols, for many functions. These protocols require the devices to store a large set of root certificates to validate the server certificate presented. However, embedded devices typically do not have enough storage capacity and it is difficult (and sometimes impossible) for them to store all the root certificates for certification authorities (CA) generally stored in a typical browser. This severely limits the servers such devices can securely communicate with because of the inability to verify the certificate chains in absence of root certificates. In addition, even these root certificates can expire and may have to be changed, which is hard to accomplish on an embedded device.