Computer systems have become dramatically smaller and more portable. Personal computers and peripherals are small enough to sit on the desk at work. Smaller still are lap top computers and notebook computers. There are computer terminals which are small enough to be mounted in a vehicle such as a delivery truck. Still smaller are the hand held terminals typically used for their portability features where the user can carry the terminal in one hand and operate it with the other.
Many of today's computer systems can be hooked up to the Internet or the World Wide Web (WWW) being a part of the Internet. There are also computer systems that are solely used inside a protected area, such as a local network that is not connected to the outside world, or an intranet fenced off from the outside world by means of firewalls or the like. More and more of these computer systems draw at least part of their functionality from the network, such as the Internet, WWW, intranet, or local network.
A connection to the network can be established using Ethernet, Token Ring, or other wire based or fiber based schemes. Details and implementations of these schemes are well known in the art and are thus not addressed herein in detail.
Likewise, wireless ad-hoc connections schemes (e.g. body networks, radio frequency connections, or infrared connections) can be used to hook up a computer system to a network. Ad-hoc connections are required where devices move around, enter an area and exit the area. The term ad-hoc refers to the need for frequent network reorganization.
There are different wireless communications approaches known that have been developed and designed with an eye on the communication between peers or subsystems of such wireless ad-hoc networks. Typical examples are addressed in the following.
GTE Corporation has developed a short-range radio-frequency (RF) technique which is aimed at giving mobile devices such as cellular phones, pagers and handheld personal computers (PCs) a smart way to interact with one another. GTE's technique is tentatively named Body LAN (local area network). The original development of Body LAN was via a wired vest with which various devices were connected (hence the name Body LAN). This graduated to an RF connection a couple of years ago.
Xerox Corporation has developed a handheld computing device called PARC TAB. The PARC TAB is portable yet connected to the office workstation through base stations which have known locations. The PARC TAB base stations are placed around the building, and wired into a fixed wired network. A device can thus be connected through the PARC TAB base station to the Internet or WWW.
In an attempt to standardize data communication between disparate PC devices several companies, including Ericsson, IBM, Intel, Nokia, and Toshiba established a consortium to create a global standard for wireless RF-based connectivity between fixed, portable and mobile devices. There are many other adopter companies. The proposed standard comprises an architecture and protocol specifications ranging from the physical layer up to the application layer. Enabling seamless voice and data transmission via wireless, short-range radio, the Bluetooth technology will allow users to connect a wide range of devices easily and quickly, without the need for cables, expanding communications capabilities for mobile computers, mobile phones and other mobile devices. The Bluetooth operating environment is not yet fully defined, but there are expected to be similarities with the IrDA (Infrared Data Association) specification and the Advanced Infrared (AIr) specification. Other aspects that probably will find their way into Bluetooth might stem from the IEEE standard 802.11 and/or HIPERLAN, as promulgated by the European Telecommunications Standards Institute (ETSI).
Bluetooth radio technology provides a mechanism to form small private ad-hoc groupings of connected devices away from fixed network infrastructures. A link to a fixed network, such as the Internet or WWW might be provided. Further details can be found in Haartsen, Allen, Inouye, Joeressen, and Naghshineh, “Bluetooth: Vision, Goals, and Architecture” in the Mobile Computing and Communications Review, Vol. 1, No. 2. Mobile Computing and Communications Review is a publication of the ACM SIGMOBILE.
HomeRF (based on Shared Wireless Access Protocol (SWAP)) is another example of an operating environment which can be used to connect devices. A HomeRF Working Group was formed to provide the foundation for a broad range of interoperable consumer devices by establishing an open industry specification for wireless digital communication between PCs and consumer electronic devices anywhere in and around the home. The working group, which includes the leading companies from the personal computer, consumer electronics, peripherals, communications, software, and semiconductor industries, is developing a specification for wireless communications in the home called the SWAP. The HomeRF SWAP system is designed to carry both voice and data traffic and to interoperate with the Public Switched Telephone Network (PSTN) and the Internet or WWW; it operates in the 2400 MHz band and uses a digital frequency hopping spread spectrum radio. The SWAP technology was derived from extensions of existing cordless telephone (DECT) and wireless LAN technology to enable a new class of home cordless services. It supports both a time division multiple access (TDMA) service to provide delivery of interactive voice and other time-critical services, and a carrier sense multiple access/collision avoidance (CSMA/CA) service for delivery of high speed packet data. The SWAP system can operate either as an ad-hoc network or as a managed network under the control of a connection point. In an ad-hoc network, where only data communication is supported, all stations are equal and control of the network is distributed between stations. For time critical communications such as interactive voice, the connection point—which provides the gateway to the PSTN—is required to coordinate the system. Stations use the CSMA/CA to communicate with a connection point and other stations. Further details about HomeRF can be found at the Home Radio Frequency Working Group's web site http://www.homerf.org. The SWAP specification 1.0 is incorporated by reference in its entirety.
It is a well known problem that computer systems, and in particular portable computers, are expensive and thus tempting to steal. There is also the likelihood that such devices get lost or that the owner or user forgets a device when traveling, for example. The same applies to rental cars, cellular phones and many other devices.
There are a few protection mechanisms, like passwords, that are not widely used because of the added burden they impose on the user. Password protection only works on devices that have some means to key in the password. An alternative to password-protection is to use a dedicated central registry on a network where devices periodically send “hello” messages together with their own address, in order to track stolen or lost devices. This alternative is vulnerable to firewalls because the “hello” messages going to the central registry can easily be intercepted by a firewall filter, since the central registry's well-known address must be carried in these “hello” messages.
A known protection scheme is described in the International patent application with publication number WO 98/04967, Peter Collins et al., as published on 5 Feb. 1998. The protection scheme disclosed in this patent application is based on the known challenge response protocol. In Collins et al. a shared secret key is used that is only known to the client and the server. It is a disadvantage of this shared key approach that the number of shared keys goes up when the number of clients increases. All these shared secret keys have to be generated and distributed which puts some burden on the system. The protection scheme of Collins et al. requires each client to run a timer. If no response is received from the server in due course, then the client shuts down. Furthermore, Collins et al. have to define in the client how often it sends a challenge to the server. It is another disadvantage of Collins' approach that an intruder or hacker can extract the part number or unique identifier which is sent from the client to the server. This can be done using a sniffer, for example. The user's privacy is thus not adequately protected.
Another protection scheme is described in the International patent application with publication number WO 96/15485, Christian Cotchini et al., as published on 23 May 1996. This protection scheme makes use of a modem that is used on the telephone network to allow the client to periodically call a remote server. The client's serial number is reported to the server via an encoded series of dialed numbers. The server only accepts calls from clients on a predefined list. If the call comes from a stolen client, then the client's caller ID might be used to locate it. This scheme is secretly and transparently embedded in the client. Such a scheme cannot be used in data network such as the Internet.
Yet another protection scheme is described in “ThinkPad Tracking”, Sharon Nash, PC MAGAZINE, 23 Mar. 1999, p. 29. According to this publication, IBM started to ship notebook computers with an Asset ID, a security technology designed to protect notebook computers.
The Asset ID technology combines a radio frequency (RF) tag and an RF scanner to allow notebooks to be registered in a company's inventory. If a notebook is removed without authorization through a door protected by an RF sensor, the respective notebook becomes automatically password-protected. The Asset ID security technology enables customers to track and protect computer systems, ensuring that the assets are in the hands of those responsible for their use. Asset ID is the result of a joint development effort between HID Corporation, IBM Corporation, and Atmel Corporation. (Asset ID is a trademark of IBM Corporation).
Software-based theft protection schemes, like the one described in the above-discussed International patent application with publication number WO 96/15485, can be removed or disabled by the astute adversary. Once a patch bypassing a software-based scheme is available, it will be widely disseminated in a short time.
On the other hand, a hardware-based protection scheme suffers from high complexity and price.
It is an object of the present invention to provide a scheme enabling the protection of a lost or stolen computer system.
It is an object of the present invention to provide systems enabling the protection of a lost or stolen computer system.