JP2013008400A - Persistent servicing agent - Google Patents

Abstract

PROBLEM TO BE SOLVED: To realize a servicing agent for enabling, supporting and/or providing services relating to management and protection of assets and their software configurations, with improved tamper resistance.SOLUTION: A tamper resistant servicing agent for providing various services comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, the CLM loads the AM, and the AM locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server.

Description

[Cross-reference of related applications]
This application includes US Provisional Patent Application No. 60 / 663,496, filed Mar. 18, 2005, US Provisional Patent Application No. 60 / 663,615, filed Mar. 18, 2005, and January 7, 2006. Claims the benefit of US Provisional Patent Application No. 60 / 756,796, filed in Japanese. This application is a continuation-in-part of US patent application Ser. No. 11 / 093,180, filed Mar. 28, 2005. These documents are incorporated herein by reference in their entirety.

  All publications referenced in this application are incorporated herein by reference in their entirety.

  The present invention relates to permanent or anti-tamper service agents in computer and network environments.

  In today's competing business environment, information technology (IT) is playing an increasingly important role in the exchange of knowledge in daily business functions. Individuals, systems, organizations, and other business assets are interconnected within this emerging economic network, and as this IT landscape becomes increasingly complex, computer assets become more efficient. The need to manage is also increasing. As a result, organizations today are more aware of the need to control, manage, and secure their computer asset base in order to maximize investment and manage costs.

  The amount of time and resources required to manage computers in a network can be critical. These assets support key business processes such as e-commerce and business intelligence. If these assets are not protected and do not have the ability to manage assets in advance, the potential for short and long term losses is enormous.

  One of the major challenges faced by organizations is managing individual software images and required updates on the device's storage drive, and tracking the location and ongoing movement of the organization's computers. Knowing what assets are and how they are changing over time is fundamental to current IT asset and policy management. Also, knowing that can improve planning and budgeting such as hardware or software upgrades or computer decommissioning. As businesses grow geographically and the adoption of mobile and remote systems becomes more and more common, this problem becomes more complex. Tracking these assets and the software images there are not only important for the value of the computer itself, but often more important for protecting valuable data residing on the machine. Lost or improperly set assets may have internally readable confidential or copyrighted information, may not be updated for antivirus protection, and remain entitled to access the corporate network There may be. An enterprise must be able to clarify its assets and its configuration and not only what is on them for hardware and software, but also where they are and who is using them. Only with this additional information can organizations address the issue of security and regulatory compliance for remote and mobile users.

  With the increasing processing power of mobile computing devices, there is an increasing number of individuals who choose mobile computing devices as replacements for desktop units or as additional devices for home or small business networks. Individuals are not originally interested in managing inventory and configuration of computer assets, but nevertheless share similar interests as large companies with regard to tracking personal computer assets and protecting personal data.

  Most IT departments will support the claim that traditional asset management solutions cannot correctly account for the ever-increasing remote and mobile user population. In practice, a normal organization loses up to 15% of PC assets in the two years leading up to PC drift 1, but in this case the assets were not necessarily lost or stolen, and many times after being paid Or because the department has changed, the location is not clear. On average, only 65% of an organization's actual PC asset base can be accurately identified by most organizations when it is required to create a inventory. As a model example, it is required to keep track of at least 90% of PC assets.

  Remote and mobile computer assets moving outside the LAN are problematic in many ways. First, most asset tracking management software cannot track a machine if it is not connected to a local network. In addition, such remote machines are a major security threat to the entire IT network. Remote users, rather than IT administrators, are often responsible for machine management and configuration updates. Most users usually do not have the necessary security awareness. Users may lower security settings, install malicious software without realizing it, expire antivirus software, and not install the latest security patches. What appears to be a small security mistake for remote users can have a dramatic impact on the entire network. When remote users connect to a LAN, they may infect the entire network because they are less concerned about security. Without an effective asset management tool for these remote machines, IT administrators cannot guarantee the integrity of the entire network. The security of the network is only the same as that of the weakest link. A CSI / FBI annual survey on computer security shows that 57% of stolen PC assets are being used to conduct further crimes against businesses.

  In response to recent corporate accounting scandals, identity theft and malicious hacking, the government is enacting rules that require businesses to protect and clarify all sensitive digital information. The Sarbanes-Oxley Act of 2002 of 2002 is an excellent example of such a rule. The Sarbanes-Oxley Act has increased the number of cases where assets are not reported correctly. Executives are required to legally verify that there are appropriate controls and rules to ensure accurate asset reporting. Today, it is the fiduciary responsibility of the Chief Financial Officer (CFO) and Chief Executive Officer (CEO) to ensure the implementation of accurate asset reporting. Legal, regulatory and financial charges for organizations that have incorrectly reported their asset base can be very significant. Computers often make up a large percentage of an organization's asset base, so accurate reporting is required. The Gram Reach Briley (GLB) Act is another rule that guarantees the protection of customer records in the finance department. Similarly, the Health Insurance Interoperability and Accountability Act (HIPAA) has established federal privacy standards that protect the confidentiality of medical records and insurance-related information. Significant regulatory issues can arise if an organization does not effectively track all computer assets.

  Asset tracking management and / or configuration management applications that assume tracking management functions should be able to resist some tampering by the user. In the context of asset tracking management, authorized users are usually responsible for some aspect of computer lifecycle management. In this situation, the tracking agent will justify the need to be able to disable the agent (eg, at the end of the computer asset lifecycle), while identifying authorized users from accidental removal of the tracking agent. Should be able to protect. An unauthorized user is a person who attempts to remove the agent software but is usually not responsible for managing the computer lifecycle. Reasons for deliberate and unauthorized attempts to remove an agent may include a thief or potential thief's act of leaving the tracking software permanently removed. Unauthorized but accidental removal attempts may include, for example, the success or unsuccessful attempt of someone attempting to install a new operating system or re-image a hard disk drive.

  Attempts to track, manage, and update PC assets and their configuration will cause the PC to go through its lifecycle through failure / coordination repair, configuration changes, operating system reinstallation, hard disk drive reformat / replacement, system corruption and A further challenge is given by the fact that many hardware, software and image changes are experienced, including user-initiated configuration changes. Many of these changes require reinstallation of the operating system, which may invalidate or remove the original footprint, identification information, or tracking management agent of the PC asset. This change is the beginning of a PC asset drift from a known state to an unknown state, if not hard-tracked and tracked. These daily PC lifecycle operation requirements can increase the complexity and challenges of PC asset tracking management, especially for remote and mobile PCs.

  To date, existing asset tracking management applications are required to achieve the required persistence against tampering by unauthorized users in a Windows NT / 2000 / XP environment. It is insufficient in that it does not show a function. Such tracking management applications are generally easily disabled by unauthorized or accidental user actions as described above, or other simple actions such as deleting registry settings or deleting application files.

  The assignee of the present invention, Absolute Software Corporation, is a product and service that securely tracks and recovers assets that have been lost or stolen. It develops and sells AbsoluteTrack, a secure asset tracking and inventory management solution that operates on the platform. Computrace introduces a stealth agent, which is a software client that resides on the hard disk drive of the host computer. Once installed, the agent automatically contacts the monitoring center periodically to send location information and all automatically discovered asset data points. Ongoing communication between the agent and the monitoring center requires no user intervention and is maintained over the Internet or telephone connection. As long as the computer is turned on and has either connection to a telephone line or access to the Internet (through an ISP or corporate network), the Computrace Agent can report asset data to the monitoring center. Communication that does not require user intervention between the agent and the monitoring center allows authorized users of the agent to securely access up-to-date location information and comprehensive asset data across the computer inventory. Whether used alone or as a complement to existing asset management tools, Absolute Track monitors remote, mobile and desktop computers and provides routine hardware and software inventory tracking management functions. Is a cost-effective application service that helps companies of all sizes to run. Computrace is an effective tool for tracking and managing mobile computer theft and recovering a stolen mobile computer.

  The technology underlying various Computrace products and services is disclosed and patented in the United States and other countries, and those patents are assigned to Absolute Software, the same assignee as the present application. For example, US Pat. No. 5,715,174, US Pat. No. 5,764,892, US Pat. No. 5,802,280, US Pat. No. 6,244,758, US Pat. No. 6,269,392 No. 6, U.S. Pat. No. 6,300,863, and U.S. Pat. No. 6,507,914, and related foreign patents. More information on absolute tracks is published by Absolute Software (eg, the white paper “AbsoluteTrack-Secure Computer Asset Tracking Solution” published April 25, 2003). See).

  Agents installed on each protected device are stealth and resistant to detection by computer users. The level of tamper resistance directly affects the difficulty of detection and the level of skill required to disable the Computrace service. Computrace Agent has the same level of tamper resistance as disk-based utilities, but provides an even higher level of tamper resistance, and further improves, enables and / or provides services other than asset tracking management and recovery It is desirable to develop a customized agent.

  The present invention enables, supports and / or provides services relating to management and protection of assets and their software settings (including but not limited to hardware, firmware, software, data, etc.) with improved resistance to tampering Related to the service agent. Services may include asset management tracking, asset recovery, data deletion, software installation, and the like.

  The service agent includes a plurality of modules. Each module is designed to function in a separate operating environment. The modular design provides the flexibility to configure the agent to be deployed in a specific operating environment, for example, in the BIOS or on a hard disk drive without having to rebuild the entire application. The agent may be implemented in whole or in part by software (including hardware microcode) and may be present in software, firmware and / or hardware components within the system.

  According to one aspect of the present invention, a loader module is loaded to obtain control during power-on self-test (POST). Rely on this agent to enable, support and / or provide services (eg, tracking management, data deletion and software updates) to the equipment on which the agent is installed and the assets associated with the equipment on which the agent is installed Can do. Once control is passed to the loader, the loader includes reloading the portion of the agent that may have been removed or lost from the machine, as needed and when appropriate, over a network (eg, the Internet). It is responsible for loading other functions and modules of the agent. Service agents have the ability to be persistent even if they are subjected to operations that would otherwise be removed.

  In one embodiment of the invention, the at least one module and / or data for the agent code of the persistent agent is a ROM present in the device and in particular a basic input / output system (BIOS) or a functional equivalent thereof. Realized in the firmware of the device, such as an object. The service agent can load the agent itself to detect its operating environment so that it can perform its intended service functions (eg tracking management, data deletion and software update) independent of the operating system of the device Can adapt to an environment (eg, device operating system) that controls some basic operations (eg, input / output) of the device, so agents can use these basic operations of the system. The intended service function can be executed.

  In another embodiment, the persistent agent comprises three main modules, including a “Computrace” loader module (CLM), an adaptive installer module (AIM), and a communications driver agent (CDA). The CLM loads the AIM, which locates the CDA, validates the CDA, decompresses, and adapts to the detected OS environment. In one embodiment, CDA exists in two forms: partial or mini-CDA and full function CDA. The function of the mini-CDA is to determine whether a complete or up-to-date CDA exists somewhere on the device, and if not, load the full-function CDA from the monitoring server via the network (eg Internet). is there. The full function CDA is in charge of all communication between the apparatus and the monitoring server. In another embodiment, different modules, particularly CLM, that may require custom functionality to adapt to a particular environment may be programmable. By providing agents in the form of several modules, the level of customization can be kept to a minimum. In one embodiment, at least the CLM is stored in firmware such as BIOS, and one or more other modules are stored in a hard disk partition gap, or a hard disk drive host protected area (HPA). In another embodiment, the CLM is stored in an alternate master boot record (MBR), or a combination of the above.

  In another aspect, service functions performed by an agent may be controlled by a remote server by combining invocations of generic subfunctions available at the agent. Because the agent is programmable in this way, it can be extended based on server-initiated commands. This scalability is important because it safely introduces agents into firmware such as BIOS where space is at a premium and frequent updates to add or change functionality are not economical. Scalability is a key component of agent activation and reactivation processes.

  In another aspect of the present invention, the expandability of the agent enables a data deletion application for erasing data stored on the client device.

  In yet another aspect of the invention, the expandability of the agent allows software updates to be supplied and programmed to the client device.

  The present invention improves the ability to keep pre-installed service agents in an “active” state, independent of the operation of the “user” of the device. In the context of the present invention, the term “active” means that the agent software component loads itself, eg, in one embodiment, hard disk drive formatting, operating system reinstallation, hard disk using an imaging utility. Refers to the specific ability to reconfigure the full capability for a wide range of “user” operations, including low-level commands for drive re-imaging and hard disk drive replacement. The term “user” refers to an individual who can perform these operations and act as an authorized or unauthorized person. The operation of removing the agent may be intentional or accidental.

  The present invention protects authorized users from accidental removal of service agents while justifying the need to allow agent deactivation (eg, at the end of the computer asset life cycle). The present invention prevents unauthorized users from removing agent software. The persistent attributes of the present invention have value in asset protection, data and network security, IT asset management, software installation, and other types of applications. In the context of a secure and stealth device tracking management software application, hiding valuable asset theft has become much more difficult regardless of what the thief does, and the software is persistent and remote The present invention has great value because it is possible to contact a monitoring center. Furthermore, since the service agent has a permanent nature, it can be trusted that the agent will not be accidentally removed, providing peace of mind to security personnel. In the context of secure asset management applications, the present invention has further value because it ensures continuity of asset tracking management throughout the entire life cycle. A major challenge for today's IT managers is the ability to track and manage assets throughout their lifecycle. During the lifecycle, a device is often handed over from one user to another, in which case the device re-images, reinstalls the operating system, or otherwise maintains maintenance procedures that make asset tracking difficult This is made easier by the present invention. In addition to the asset tracking management service, other services can be enabled, supported and / or provided by a persistent and extensible agent.

  For a more complete understanding of the nature and advantages of the present invention, as well as the preferred mode of use thereof, reference should be made to the following detailed description taken in conjunction with the accompanying drawings. In the drawings, the same reference numerals denote the same or similar parts throughout the drawings.

1 is a schematic diagram illustrating an exemplary communication link including a network that can implement asset tracking management, in accordance with one embodiment of the present invention. FIG. FIG. 3 is a schematic diagram illustrating a PCI option ROM attached to a BIOS, including a persistent agent, according to one embodiment of the present invention. FIG. 4 is a schematic diagram illustrating module components of a persistent agent residing in a PCI option ROM, according to one embodiment of the present invention. FIG. 6 is a schematic flow diagram illustrating an option ROM load routine, according to one embodiment of the present invention. FIG. 4 is a schematic flow diagram illustrating a routine executed by a persistent agent CLM, in accordance with one embodiment of the present invention. FIG. 4 is a schematic flow diagram illustrating a routine executed by a CLM interrupt handler, in accordance with one embodiment of the present invention. FIG. 4 is a schematic flow diagram illustrating a routine executed by a CLM interrupt handler, in accordance with one embodiment of the present invention. FIG. 4 is a schematic flow diagram illustrating a routine executed by the AIM of a persistent agent, according to one embodiment of the present invention. FIG. 5 is a schematic flow diagram illustrating an installer mode routine for a persistent agent CDA, in accordance with one embodiment of the present invention. FIG. 3 is a schematic flow diagram illustrating a CDA service mode routine according to one embodiment of the present invention. 4 is a schematic representation of CDA in application mode, according to one embodiment of the present invention. 2 is a schematic representation of flash image management, according to one embodiment of the present invention. 4 is a schematic representation of host protected area image management, according to one embodiment of the present invention. 2 is a schematic representation of partition gap image management, according to one embodiment of the present invention. 2 is a schematic representation of a communication session between a persistent agent CDA and a remote server, in accordance with one embodiment of the present invention. FIG. 6 is a schematic flow diagram illustrating a CDA client-side data deletion routine according to one embodiment of the present invention. It is a schematic flowchart which shows the server side data deletion routine based on one Embodiment of this invention. It is a schematic flowchart which shows the data deletion execution routine based on one Embodiment of this invention.

  This description is of the best mode presently contemplated for carrying out the invention. This description is made for the purpose of illustrating the general principles of the invention and should not be taken in a limiting sense. The scope of the invention is best determined by reference to the appended claims. As will become apparent upon understanding the principles underlying the present invention, the present invention may find utility in a variety of implementations without departing from the scope and spirit of the present invention. Asset tracking management as an example of services provided by agents and tracking management agents, and data deletion as another example of services provided by agents for purposes of illustrating the characteristics of the persistent agent of the present invention Refer to It should be understood that agents may be used for other services such as software distribution and updates without departing from the scope and spirit of the present invention.

  The following detailed description is presented primarily by a code representation of the method or process, operation, function, and features of the present invention. These method descriptions and representations are the means used by those skilled in the art to most effectively convey the substance of their work to others skilled in the art. A method or process implemented by software is considered in this application and generally a series of coherent steps leading to a desired result. These steps require physical operations of physical quantities. Although not necessarily, physical quantities often take the form of electrical or magnetic signals that can be stored, transferred, combined, compared, and otherwise operated. As will be further appreciated, the boundary between hardware and software is not always clear, and the processing implemented by the software can be in the form of coded instructions, such as microcode and / or stored program instructions. One skilled in the art will appreciate that it may be implemented in hardware, firmware, or software.

[Tracking management system overview]
The asset tracking management function is an example of a service that can be enabled, supported and / or provided by the persistent agent of the present invention. Referring to FIG. 1, an asset tracking management system according to one embodiment of the present invention includes a client / server architecture that may include the following major components. (A) Client device A composed of any one of the illustrated electronic devices in which an agent is embedded. The agent software is executed on the client device for the purpose of programming the agent to report assets, location and other information and receive instructions from the remote server to support and execute the desired functions. The present invention provides the ability to increase the persistence of agent software against accidental or deliberate removal and the programmability of clients from a monitoring server. (B) Communication link B such as an information exchange link. This may include switched communication networks, the Internet, private and public intranets, radio networks, satellite networks, and cable networks. And (c) the host monitoring system C. This includes a host monitoring server 3 that monitors the communication between the client device A and the host monitoring system C, and periodically receives contact from the client device and records information from the client device. The monitoring server also provides instructions to the client regarding actions to be performed, including actions to be performed by the client, data to be collected, and the next scheduled call time for the client. The client device contacts the monitoring server via communication link B (eg, IP connection or dial-up telephone connection). The monitoring server can serve as either a service provided on the Internet or a self-supporting server on a corporate intranet. The host monitoring system C may include a reporting and management portal that provides customers, administrators and asset tracking management service providers the ability to view monitoring server and client device data and manage these functions. The host monitoring server can notify the customer, designated agent and law enforcement agency regarding the status of asset monitoring via a number of communication means.

  Referring to FIG. 1, a useful client device A capable of implementing a permanent service agent according to the present invention includes, but is not limited to, general purpose or application specific digital processing, information processing and / or computing devices, These devices may be stand-alone devices or larger system components (eg, mass storage devices), portable, handheld, or fixed location. Different types of client devices may be realized by the service agent application of the present invention. For example, as described further below, desktop client computing devices, portable computing devices (eg, laptops and notebook computers), or handheld devices (eg, cell phones, having the ability to communicate with external servers) The service agent application of the present invention may be applied to a PDA (personal digital assistant), an information appliance, and the like. A client device may be selectively activated, activated or configured by programs, routines and / or sequences of instructions and / or logic stored in the device in addition to the operating system present in the device. In short, the use of the methods described and suggested in this application is not limited to a particular processing configuration.

  To facilitate an understanding of the principles, features and functions of the present invention, it will be described with reference to implementation and implementation in an exemplary embodiment. By way of example and not limitation, the invention will be described with reference to an arrangement and implementation example relating to the context of the Internet and with reference to a laptop or notebook computer as the client device A (computer A1 is shown schematically as a desktop device) But may be a portable computing device). Those skilled in the art will understand that this application contemplates applying the present invention to existing portions of future global networks. Further, while the Internet aspect of the present invention has been described and illustrated with reference to client computer A1, Internet applications can be readily applied to other client devices without departing from the scope and spirit of the present invention. I want you to understand.

  FIG. 1 is a schematic diagram of a communication link B in the form of an information exchange network into which the present invention can be introduced for asset tracking management. Information exchange networks accessed by the asset tracking management agent application according to the present invention include, but are not limited to, public and private computer networks (eg, the Internet, Intranet, WAN, LAN, etc.), value added networks, communication networks (eg, wired). Or a wireless network), a broadcast network, a cable network, a radio network, and a distributed or information exchange network such as a homogeneous or heterogeneous combination of such networks. As those skilled in the art will appreciate, a network includes both hardware and software, and may be viewed as either or both of which the description is most useful for a particular purpose. For example, a network may be described as a collection of hardware nodes that can be interconnected by communication functions, and alternatively may be described as communication functions, and alternatively with nodes or It may be described as a communication function itself that is not accompanied. Furthermore, it is recognized that the boundaries between hardware, firmware and software are not necessarily clear, and such network and communication functions and components of the persistent agent technology platform encompass aspects of software, firmware and hardware.

  The Internet is an example of an information exchange network including a computer network that can implement the present invention. Details of the various hardware and software components (such as servers, routers, gateways, etc.) that make up the Internet are not shown because they are well known in the art. Further, it should be understood that access to the Internet by user / client devices and servers may be achieved by tools such as coaxial cables, telephone lines, wireless RF links, etc. and browsers. Communication between the server and the client is performed by a predetermined protocol. As pointed out below, the persistent asset tracking management agent application of the present invention may be configured in one of the clients that can communicate with one of the servers through the information exchange network, or as itself. Although the present invention operates in combination with other existing technologies, this is well-known in the art and will not be described in this application to avoid obscuring the present invention. Specifically, methods currently exist that include, for example, the Internet, web-based tools and communications, and related methods and protocols.

  Referring to FIG. 1, the host monitoring system C is simply a computer configured to exchange data with a client device A that has an agent installed thereon (simultaneously or in parallel) via one or more communication links B. For example, the server 3) may be used. The host monitoring system C includes a routine (C1) that identifies and filters external user access. Further, the host management system C directly or directly with the owner and / or agent of the device A that is tracked and managed for information (for example, network location information) about the client device A that is tracked and managed through the report and management portal Communicate indirectly (C3). For example, the host monitoring system C includes an owner of a device to be tracked and managed by e-mail, fax, pager (registered trademark), telephone, etc., an agent designated by the owner, a department or agent designated by the company, You may communicate with surveillance service stations, law enforcement agencies, etc. where personnel are located. Alternatively, the host monitoring system C may itself be part of a monitoring service station, staffed, or law enforcement. The host monitoring system C and / or a downstream target location (eg, a monitoring service station with personnel) manages the inventory list of assets to be tracked or the lost / stolen state of the assets being tracked. Although one host monitoring system C is illustrated in FIG. 1, a plurality of host monitoring systems C may be distributed over communication networks in different geographical areas, for example.

  One important function of the agent is to contact the host monitoring system C to report identification information, location, and / or other information about the associated client device A. According to one embodiment of the present invention, each client device A is associated with unique identification information, which may be part of the information that the client device A provides to the host monitoring station C. The unique identification information may be an electronic serial number (ESN), a medium access control (MAC) number, an Internet host name / IP address, identification information identifying the owner / user, or displaying, identifying the client device, and / or Other numbers such as other numeric, alphabetic or alphanumeric information that allows its identification, the actual or virtual geographical location of the agent, and other information such as date and time that can provide further basis for determining or evaluating the identification information .

  The general concept of using stealth agents to track assets and / or recover device A that has been stolen or lost is disclosed in a patent assigned to Absolute Software, the assignee of the present invention. Has been. The agent must determine an appropriate time to call the host monitoring system C. Here, once an agent has been installed and executed, the agent can periodically (eg, every N hours), without user intervention to initiate a communication process (eg, from a system or user logon). Over the communication link B, either after a certain period of time or after a system boot of the device, or when some predetermined condition occurs, or triggered by some internal or external event, such as a hardware reconfiguration It would be sufficient to simply mention reporting the identification information and / or location to the host monitoring system C. The agent may also report its identification information and location to the host monitoring system C via two or more available communication links B at the same time. The location of the agent, and thus the device being tracked, is a trace that obtains a list of all IP routers that are used to enable communication between the client device A and the host monitoring system C over the Internet, for example. It may be determined by a route routine.

  All location and asset related data sent to monitoring system C may be kept in a central repository, and authorized administrators can do it 24 hours a day, 7 days a week via a secure web-based or network-based console. Accessible. In one embodiment, when the agent transfers location and asset data, the monitoring system C sends the next set of tasks and the next scheduled call date to the agent for programming. Monitoring system C archives all agent transmissions and provides a current and accurate audit trail for each computer (C2). Comprehensive computer asset tracking management and inventorying solutions capture this information on systems that are locally connected to the corporate network and on remote and mobile systems that are remotely connected via IP or dial-up. In addition, information needs to be captured regularly to ensure that the latest state of the asset is known.

  As described further below, the tracking management agent is permanent with high resistance to tampering, and the agent may be configured to be transparent to unauthorized users. Since the agent is hidden from the user, it will not interfere with a running application unless it is designed to interfere. The novel features, functions and operations of agents according to the present invention are discussed more fully below.

[Overview of Persistent Agent Platform]
IT managers need the ability to steadily track and manage all computer assets throughout the entire computer life cycle. This includes remote and mobile computers operating outside the LAN. The asset tracking management agent must be installed once at the beginning of the computer life cycle and communicated periodically until the computer is discarded. As computers experience many user, hardware and software changes during their life cycle, it is important that the tracking agent is persistent and can report changes in these three areas. The persistent agent according to the present invention, for example, throughout the entire lifecycle of a PC, regardless of IMAC and break / fix actions, even if the hard disk drive is reformatted or the operating system is reinstalled or tampered with. It is possible to report the initial identification information and the state of the PC asset. A permanent agent is designed to protect itself, so it can survive an unauthorized deletion attempt. This permanent feature is important for maintaining connectivity with PC assets in case of theft and ensuring accurate and secure asset tracking management.

  A persistent agent is an undetectable subordinate software client that resides on a host computer. Agents are permanent software and are extremely difficult to remove. The agent incorporates a self-healing function that functions to reconstruct the installation of the agent software even if the agent service is deleted by conventional means. The agent survives operating system installation, hard disk drive formatting, and even hard disk drive replacement. This survivability is important for successful asset tracking management and theft recovery (and other services that agents can enable, support and / or provide). Since the self-healing function does not exist in the file system, it is more difficult to detect and delete than conventional software. The permanent and self-healing part of the software is difficult to remove due to its stealth. This software is usually removed only by authorized IT administrators with the correct password. The self-healing function functions to repair the agent installation in the newly formatted and installed operating system and the newly imaged system.

  In another aspect of the invention, the agent is programmable to extend functionality beyond what was originally programmed. The agent communicates with the remote server, where the remote server sends and programs to the agent by providing the agent with the next set of tasks.

  An agent may be implemented in any electronic device hardware, firmware or software. Alternatively, the agent may be implemented in some component of the device, such as an electronic component such as a DSP in a modem or a CPU in a computer. Further, the agent function may be implemented in a circuit of any hardware device capable of establishing a communication link through transmission and / or reception of data packets. For example, an agent may be specified in a built-in function of a non-volatile memory (such as ROM BIOS, ROM, flash ROM, EPROM, EEPROM, etc.), a software program, a microcode program, a digital signal processor (“DSP”) program of an electronic device May be used.

  According to one embodiment of the present invention, a persistent tracking management agent (hereinafter also referred to as a “persistent agent”) is embodied in BIOS (or a functionally equivalent system). As is well known in the art, the BIOS is startup code that is executed whenever the system is powered on or restarted. This may be microcode embedded in the processing unit or software (instructions) starting from a predetermined location in the memory space. These instructions deal with booting operations such as power-on self-test (POST) and low-level control of hardware such as disk drives, keyboards, and monitors, and usually before and without booting the operating system present on the device. In one embodiment, the persistent agent is embodied in firmware such as read only memory (ROM) in client device A such as a personal computer. When embedded on the chip, the BIOS contains a set of encoded instructions in ROM. It should be understood that all references to BIOS below are not limited to ROM-based BIOS.

  Common brands of BIOS chips on motherboards currently on sale include Phoenix Technologies (registered trademark), Intel (registered trademark), IBM (registered trademark), and American Megatrends, Inc.) (registered trademark). Some system components have their own BIOS chip, but their instructions are also read into the device's memory at startup. For example, the BIOS on the hard disk control device stores a table of tracks and sectors on the drive. Unlike the BIOS-based agent disclosed in previous absolute software company patents, the present invention presents improvements including the use of a BIOS-based loader for the agent. As BIOS-based loaders make agent components more permanent, it becomes more difficult to disable asset tracking management or other service functions. A BIOS-based loader also eliminates the need to reverse the boot order of the machine, and thus eliminates one step in the manufacturing process. BIOS-based loaders are also compatible with products such as anti-virus scanners, whole disk encryption, and other utilities that read or modify the operating system loader in the Master Boot Record (MBR). Reduce the problem.

  According to one embodiment of the present invention, as shown in FIG. 2, a persistent agent 10 is initially attached to a peripheral BIOS interface image (Core BIOS Flash Image) 13. It is stored in an option ROM (Option ROM) such as a PCI option ROM (PCI Option ROM) 12 which is a PCI-based option ROM. Additional option ROMs may be installed that support other functions not related to the persistent agent (not shown). The persistent agent 10 comprises a plurality of modules. As shown in FIG. 3, the three main modules are a “Compute” loader module (CLM) 14, an adaptive installer module (AIM) 16, and a communication driver agent (CDA) 18.

  A small-capacity PCI option ROM 12 (which can be about 22 Kb in compressed state) containing three modules of the persistent agent 10 is combined with a standard core flash image and protected along with the BIOS and other option ROMs during BIOS POST Contains three modules of persistent agent 10 loaded into memory. A small capacity PCI option ROM is recognized by POST and loaded into the read / write shadow memory along with BIOS and other option ROMs during BIOS POST. This configuration provides a modular architecture that allows for improved security while minimizing development effort and the number of interface specification points in the core BIOS that require recertification.

  The CLM incorporates functions of PCI (in the case of a PC device), image management (Image Management), and execution environment (Execution Environment). The CLM is responsible for interfacing to the BIOS, locating and unpacking the AIM, resizing the PCI option ROM to the final size, and executing the AIM in the appropriate context on the system. The AIM accesses the hard disk drive, detects the active operating system, and adapts the mini CDA to the discovered installation. The mini CDA is a communication driver. The mini-CDA includes HTTP protocol support, an application layer for communicating with the monitoring server, a service layer for interfacing with the OS, and an adaptation layer for interfacing with the AIM.

  The mini-CDA is responsible for checking whether the full-function CDA is executable as a service in the computer's file system when the operating system is loaded. If the full function CDA is not available, the mini CDA starts downloading the full function CDA from the monitoring server. If a full-function CDA is present, it is frequently checked if there is a newer version on the monitoring server, and if a new version is available, replace itself with the new version.

  These and other embodiments of the various modules are discussed more fully.

[BIOS POST sequence and option ROM load processing]
The option ROM loading process 20 is shown in the flowchart of FIG. When the client device A in which the permanent agent 10 is installed is booted, the BIOS POST process executes a self-diagnosis and a chipset setting routine (21) and searches for an option ROM that supports functions on the motherboard or the expansion card. The scanning stage is reached (22). At this stage, the PCI option ROM 12 containing the persistent agent 10 is loaded into lower memory (eg, RAM) (23) and its initialization vector (CLM 14 as discussed below) is called (24). The initialization routine determines the state of the supported function and its final image size. Thereafter, the BIOS POST process completes the option ROM scan and calculates the final location of each option ROM where the function exists (25 and 26). It then re-identifies the location of each PCI option ROM, including the PCI option ROM 12 with the persistent agent enabled, and calls its completion vector. (Some Phoenix BIOSes, for example, re-identify the location of the PCI option ROM. Rather, it simply shrinks to fit the final size declared in the header before returning from the initialization vector). After the locations of all option ROMs are specified again, the BIOS memory is write-protected (27). The boot devices are called in sequence until the operating system is successfully started (28). At this stage, both the device operating system and the agent are executed simultaneously.

[PCI option ROM]
[A. Loader module CLM]
CLM 14 is responsible for setting up a temporary execution environment for AIM 16, loading and decompressing AIM 16, and calling it in the appropriate context. The last “action” of the CLM 14 is to reduce to the minimum size (2K) and return execution to POST. If the AIM 16 is not found or invalid, the CLM simply “fails”.

The CLM 14 is an interface to the POST or “front end” of the PCI option ROM 12. The header of the PCI option ROM 12 is in the CLM 14, and its entry point is notified in accordance with the standard of this header. The CLM 14 provides the following two function points for integration into the BIOS POST:
1. 1. ROM header and PCI option ROM header pair Interrupt handler (Interrupt Handler)

  These and other functions of the various components of the PCI option ROM will be described below with reference to, for example, an IBM BIOS installed on an IBM T43 notebook computer.

[1. ROM entry point]
An initial interface is presented upon enumeration of the PCI option ROM by the BIOS. This interface is a pair of standard legacy ROM header and PCI option ROM header. For example, referring to Phoenix BIOS, a PCI vendor ID (PCI Vendor ID) of 1917h and a device ID of 1234h may be set. As described above, when the BIOS POST process scans the bus looking for an option ROM that supports functions on the motherboard or expansion card, the entire PCI option ROM 12 is loaded and the initialization vector of the CLM 14 is called. Option ROM was compressed. Load and execute the COM application. The ROM entry point is defined by the START_SEG label. The START_SEG segment contains a ROM header and a link to its PCI option ROM header. The option ROM is initialized by FAR CALL to option ROM offset 3. The jump instruction chain now passes control to OptRomProc.

Referring to FIG. 5, the routine 30 undertaken by the PCI option ROM CLM 14 may be summarized as follows.
a. A BIOS POST memory manager is searched for (31).
b. Assign control STUB_BLOCK (eg, 2K for interrupt handling and application execution) (32).
c. Allocate expanded memory for backup of compressed (COMPRESSED) applications and application memory (eg, 64K) (33).
d. Allocate a block (eg, 64K) of application memory in conventional memory for execution of a decompressed application (34).
e. If the disk service is available (according to the count at 40: 75h, ie the number of hard disks) (35), the application is executed immediately (36), the memory is released (39), and the option ROM is zeroed (40).
f. If the video vector (Int 10h) is smaller than XBDA (40: 0Eh) (37), Int 15h is hooked to STUB_BLOCK (38), and the option ROM is reduced to zero (40).
g. Also, if you can't do anything without hooks, you're a failure! The memory is released (39) and the option ROM is reduced to zero (40).

[2. Interrupt handler]
The second interface is an interrupt handler. This is performed after the initial loading and execution of the PCI option ROM initialization procedure from memory allocated from the BIOS POST memory manager. This interface is first executed at Int 15h and then with an alternative trigger. Int 19h is the preferred alternative trigger and is the default. The interrupt handler is activated only when the BIOS disk service (Int 13h) is not yet available during the initialization of the PCI option ROM. In some cases, Int 19h is the preferred triggering method because Int 13h may not be issued by the BIOS after the last Int 15h / func 9100h. Another problem is that the physical drive 80h may not match the physical drive 80h at Int 19h until just before Int 19h. ComFileStub contains the main interrupt hook entry point.

Referring to FIGS. 6A and 6B, the process 41 undertaken by the interrupt handler may be summarized as follows.
a. At each Int 15h trigger, 9100h is functional (hard disk IRQ complete, indicating that Int 13h is in use) (42).
b. It is confirmed whether the hard disk service is available (count at 40: 75h) (43).
c. It also checks if the video vector is greater than or equal to XBDA (40: 0 Eh, indicating that the POST setup phase has been completed).
d. If the chain is not yet chained (44).
e. The hook of Int 15h is restored, the trigger Int xxh is hooked (_TRIGGER_INTNUM setting = Int 13h or Int 19h), and the next Int xxh is waited (45).
f. At the next trigger Int xxh (Int 13h or Int 19h), the trigger Int xxh is restored at (Int 13h or Int 19h) (46).
g. The stack is switched (48).
h. The decompressed (DECOMPRESSED) application memory is backed up and copied to the extended memory BACKUP_BLOCK (49).
i. The compressed (COMPRESSED) application is copied to the decompressed (DECOMPRESSED) application memory block (50).
j. The application is called and the contents of the application memory decompressed from the extended memory BACKUP_BLOCK (DECOMPRESSED) are restored (51).
k. Switch stacks back (52)
l. The trigger Int xxh call interrupted by the chain is completed (53).

[B. Agent Installer Module (AIM)]
The AIM 16 is designed to be loaded in the context of execution set up by the CLM 14. Referring to FIG. 7, the routine 54 undertaken by the AIM 16 includes the following steps. When executed, AIM 16 scans the partition table for an active partition (55). On the active partition, the AIM 16 looks for the operating system (OS) system directory or a configuration file pointing to it (56) and creates and installs an installer mode instance of the communication driver agent CDA (57). The installation mechanism is specific and unique to each OS, and the AIM 16 uses a standard OS installation mechanism.

[C. Communication driver agent (CDA)]
CDA18 exists in two forms: mini-CDA and full-function CDA. In one embodiment, the mini CDA resides in the PCI option ROM 12. The function of the mini CDA determines whether the full function and / or the latest version of the CDA is installed and functioning on the device, otherwise, the full function CDA from the host monitoring server C (FIG. 1) via the Internet. Is to load. The full function CDA is in charge of all communication between the apparatus and the host monitoring server C.

  Referring to FIG. 8, the mini CDA first executes the installer mode 58 (via the AIM 16), where the main function of the mini CDA is to register as an OS service. The agent's installer mode instance creates another instance of itself (59), for example in 2000 / XP, registers its copy by the service manager (60). The executable code cleans up its own installer copy and exits. Since the full function CDA takes over the normal operation of the CDA from this stage, the mini-CDA operates only once in the installer mode (Installer mode).

  Referring to FIG. 9, when the OS is started next time, the service mode instance of the mini-CDA is executed as a service under 2000 / XP, for example. The service sets up a service manager environment (62) and starts its own instance as an application (64) at the appropriate time (after waiting at 63). The application mode is a normal mode of operation of the mini CDA. The agent now enters "active" mode.

  If the latest full-function CDA is not found in the device, as shown in FIG. 10, the mini-CDA application initiates communication with the host monitoring server C using, for example, the HTTP protocol by default. Other protocols are supported by additional modules and uploaded from the host monitoring server C to the agent. The host monitoring server C executes functions such as agent identification, monitoring history storage, setting, and software update. The host monitoring server C conducts a session with the mini-CDA, launches and installs the full version of the CDA as required by the platform (eg, at the end of the device life cycle or when an upgrade to a newer version occurs) Disable the mini CDA, update the agent, and configure the agent (to disable the self-healing feature as possible). FIG. 10 shows communication between the client apparatus A and the server C via the communication link B according to one embodiment of the present invention. For example, if the mini CDA provides the server C with identification information or format of the BIOS or device platform, the full function CDA for a specific BIOS or platform or an updated version thereof may be downloaded to the device A.

  As previously described with reference to FIG. 1, the general concept of using stealth agents to track assets and / or recover device A that has been stolen or lost is the transfer of the present invention. It is disclosed in a patent assigned to the absolute software company. Application level functionality of the device tracking management and communication functions of full-function CDA is described in the stealth agent previously described and patented by the assignee of the present invention (these patents are incorporated herein by reference) and It may be similar to the function of an absolute track asset tracking management product developed by the assignee of the present invention.

  In general, in one embodiment of an Internet application that can run alone or concurrently with applications based on other communication links B (eg, PSTN), the agent can host at a predetermined, random, event-based or delayed time interval. Initiate a call to. According to one embodiment, in the “active” mode, the agent calls the host every time a predetermined time has elapsed. The agent encodes the Internet host name using the current time and the unique agent identification information. And in one embodiment, the agent uses the encoded Internet host name to form a DNS request. The agent sends this DNS request to the host through the Internet. If the agent attempts to send a DNS request to the Internet after a predetermined period of time expires, the agent repeats the call after sleeping for a predetermined period, for example, 1 minute. If the call fails due to another error (such as lack of a Winsock function to enable communication with the Internet and / or failure to set up the computer for TCP / IP communication), the agent will be in hours The cycle is repeated later. In this way, the agent confirms the existence of the Internet connection as an inherent property.

  After sending the DNS request, the agent waits for a response. When a valid response is received from the host, the IP address is extracted from the response and compared with the reference IP address. For example, the reference IP address may be set to “204.174.10.1”. If the extracted IP address is equal to “204.174.10.1”, the agent mode changes from “active” to “alert” on the Internet side. For example, if the host, or an operator of the host, determines that the agent's identity matches one of the entries in the list of reported lost or stolen computers stored on the host, the host Send address. If the IP address extracted from the host response is not equal to "204.174.10.1", the agent remains in active mode and does not call the host for the next 4 hours. However, when an agent enters an “alert” mode in an Internet application, the agent initiates a trace route routine that provides the host with the Internet communication link used to connect the client computer to the host. Such Internet communication links assist the host system in tracking client computers. Send the DNS query source IP address to the host in the DNS query. However, if the source of the query is sent through a “proxy” server, the client computer's IP address (which may not be unique because it may not have been assigned by the InterNIC) may be the location of the client computer Is often insufficient to track In such a scenario, it is necessary to determine the address of another IP router that has been accessed to allow communication between the client and the host. Such an address and the time it was accessed are compared with an internal log of the proxy server that records the access history of the client. In this way, clients can be uniquely identified and tracked. Furthermore, the transition of an Internet application to “alert” mode is a condition that triggers the transition of other available communication applications to “alert” mode.

[CDA-server communication]
[A. Extensible protocol]
The successful introduction of the permanent agent into the BIOS makes heavy use of, for example, the expandability included in the communication protocol. Without this scalability, agents would be larger and would require frequent updates to add or change functionality. The BIOS is programmed into the platform's flash EEPROM, and updating the BIOS requires the use of dedicated tools (often requiring user interaction), so such updates are practical and economical. Not right. Also, since BIOS integrity is important to the operation of the computer, OEMs are conducting a thorough inspection of the BIOS.
The main elements of the extensible protocol are:
1) A method of reading and writing the agent's memory space.
2) A method for allocating memory.
3) A method of releasing memory.
4) A method of loading an external module.
5) A method for determining the procedure address.
6) A method of calling a procedure.
The agent protocol is designed to provide such a mechanism.
The format of the read packet is | ADDRESS | NUMBER_OF_BYTES.
The format of the write packet is | ADDRESS | NUMBER_OF_BYTES | DATA. . . It is.
The communication protocol distinguishes read packets by determining that DATA is not included in the packet. If DATA exists, it is a write packet. This address-based protocol is the basis for an extensible design.

  FIG. 14 shows an outline of a communication session sequence based on the extensible protocol between the client device A and the server C via the communication link B according to an embodiment of the present invention. Examples of individual transactions processed by the communication session are disclosed below.

A normal session is started by the following connection sequence.
1) A client connects.
2) The server responds with a dedicated read from address 0xffffffff | 0xffffffff | 4.
3) The client responds with the address of its session handle.

The handle structure includes important information such as the client version, the supported OS version, and a command packet. The client interprets “writes” in the command packet as “special” and calls the CommandPacketProcessor () function. The CommandPacketProcessor () function takes arguments such as function code, parameter address, number of parameters, and result address. The minimum set of function codes that must be implemented is as follows:
・ CMD_FUNC_CCALL (calls the “C” function)
・ CMD_FUNC_STDCALL (calls the STDCALL function)
CMD_GETMH (Get module handle (Get Module Handle))
CMD_GETPA (obtain procedure address (Get Procedure Address))
CMD_ALLOC (allocate memory (Allocate Memory))
CMD_FREE (release memory (Free Memory))

Other function codes that can be implemented are for chaining command packets together to improve efficiency.
CMD_ENDC (end chain (End Chain))
・ CMD_IF (Conditional Branch)
・ CMD_GOTO (Unconditional Branch)

This small library of commands may be combined into a string to accomplish some administrative task. The important management tasks are:
1) File creation 2) Function library or load as executable code 3) Procedure call from operating system or created file.
4) Memory allocation and release in the context of the agent.

[B. transaction]
The following section describes communication between an agent and a remote (eg, monitoring) server (also known as CTSRV). Note that each item described represents one transaction (a message pair between a client and a server). Some transactions occur each time the agent is called, others depend on the service being implemented, and some are made only in one call as a result of a flag set by maintenance or recovery personnel. The following is a table of normal communication sessions between servers and agents.

[Basic communication (occurs each time an agent is called)]

[Call with basic asset tracking management by AT1 DLL on the client (occurs every time the client subscribes to the tracking service of the monitoring service provider)]
Search and retrieve AT1 data (for asset tracking management / monitoring service subscribers). Note that this is a subset of the data collected by the AT2 DLL. What is executed on the client is either the AT1 or AT2 DLL, but not both.

[Call with advanced asset tracking management by AT2 DLL on the client (occurs on every call if the client has purchased an absolute track or a Compute Complete product)
Search and retrieve AT-II data (eg, for absolute track and compute race complete customers). Note that this is an extended set of data collected by the AT1 DLL. What is executed on the client is either the AT1 or AT2 DLL, but not both.

[Basic call and remote upgrade of agent version (on / off based on technical support operation)
Check the version of the client agent and compare it with the version on the server. If the client version is old, perform a remote upgrade.

[Basic calling and manufacturing, type and serial number search (on / off based on technical support operation)
This function retrieves and retrieves the client's manufacture, type and serial number and changes the boot order.

[C. Application module startup process]
This activation process links the identification information of the application agent to the customer account and installs a permanent agent module. This process is described as follows.
-Application agent connects.
The server uses an extensible function in the protocol to send an inventory DLL to identify the computer—this DLL collects attributes such as BIOS, chassis and hard disk drive serial numbers.
• Store inventory records on the server and link to customer accounts retrieved from application agents.
Assign a unique identification number (electronic serial number) to the device associated with this inventory record.

A typical inventory record is shown below.
<? xml version = "1.0" encoding = "UTF-8"?>
-<CT: data version = "1.00" xmlns: CT = "http://www.absolute.com/atinfo/persistence">
-<CT: section name = "MachineInfo">
<CT: setting name = "ComputerMakeWMI" value = "VIA TECHNOLOGIES, INC. ~~"/>
<CT: setting name = "ComputerModelWMI" value = "MS-6321 ~ MS-6321 ~"/>
<CT: setting name = "ComputerSerialWMI" value = "~~"/>
<CT: setting name = "ComputerMake" value = "VIA TECHNOLOGIES, INC. ~~"/>
<CT: setting name = "ComputerModel" value = "MS-6321 ~ MS-6321 ~ MS-6321 ~"/>
<CT: setting name = "ComputerSerial" value = "~~"/>
<CT: setting name = "ComputerAsset0" value = ""/>
<CT: setting name = "ComputerAsset1" value = ""/>
<CT: setting name = "SystemSMBIOSVersion" value = ""/>
<CT: setting name = "SystemBiosVersion" value = "VIA694-42302e31 Award Modular BIOS v6.00PG"/>
<CT: setting name = "SystemBiosDate" value = "08/22/01"/>
<CT: setting name = "BaseBoardVersion" value = ""/>
<CT: setting name = "HDDSerialNumber0" value = "Y3NYPZDE"/>
<CT: setting name = "HDDSerialNumber1" value = "YMDYMLJ0046"/>
<CT: setting name = "HDDSerialNumber2" value = ""/>
<CT: setting name = "HDDSeriaINumber3" value = ""/>
<CT: setting name = "ComputerName" value = "PBGR7"/>
<CT: setting name = "MACAddress0" value = "0050ba432204"/>
<CT: setting name = "MACAddress1" value = "0050ba4434da"/>
<CT: setting name = "OSProductKey" value = "VF4BY-WXV47-RR9JQ-H297B-6QQVW"/>
<CT: setting name = "IBMComputraceStatus" value = "FFFFFFFF"/>
</ CT: section>
</ CT: data>

[D. Persistent module reactivation process]
When the persistent agent module is started, the following steps occur to reinstall the Application Agent and restore the settings.
A permanent module agent calls the monitoring server (CTSRV).
Monitoring server uses an extensible function in the protocol to send an inventory DLL to identify the computer-this DLL collects attributes such as BIOS, chassis and hard disk drive serial numbers and was stored previously Compare with things.
Find the inventory record stored during the first activation and reassign the previous ESN associated with this device's inventory. When the application agent is downloaded and installed, the application agent calls normally.

  The above process applies for both BIOS and software persistence, ie regardless of where the persistence module is located (see further discussion below).

[Data Delete]
Data deletion is another example of a service that is enabled, supported and / or provided by an agent. As discussed above, CDA survivability is extended to improve tracking of asset physical location. It has been recognized that physical recovery of tracked devices is not always feasible, even when the location of assets is determined, due to the burden of applicable local laws, police enforcement and ownership certification. In such cases, the programmable ability based on CDA's extensible protocol provides an alternative means of protecting sensitive or sensitive data on the device. For example, a user-defined data file, user profile or other user-defined information stored on the hard disk drive of the client device A can be deleted under the control of the monitoring server. Depending on the function and option specified by the monitoring server, data can be deleted for the selected data item, or the entire storage medium of the device including the operating system can be deleted.

Specific examples of data deletion functions and options include:
1. Selective data deletion-the ability to delete all or specific files or directories (leaving other parts of the device intact) based on user selection.
2. Data deletion restart on reboot—If the device is rebooted while data deletion is in progress, the data deletion client will also restart.
3. Two-stage data deletion process in the case of operating system all deletion-When the monitoring server designates "delete all O / S data", the agent is in two stages to ensure that the log file can be uploaded by the agent (eg CDA). Perform the deletion process. After the first stage deletion, the monitoring server obtains the log file from the agent, and then deletes the operating system in the second stage. The all O / S data deletion option includes the following steps.
a) Delete all files except O / S.
b) Force agent call and upload log file.
c) Delete the O / S file.
4). Data deletion override—If the computer is subsequently recovered, the monitoring server turns off the data deletion execution code to prevent the data deletion from being re-executed.
5. Pre-Data Deletion Check-The monitoring server provides an additional pre-start data deletion check for the target client device to ensure that: (a) There is a theft report for the target client device (B) the client device is clearly identified and no copy exists; (c) authorization by the client device owner (eg, the owner agent and the entity that maintains the monitoring server such as the host monitoring station) A prior authorization agreement) exists.
6). Notification—When a data deletion is initiated, a notification is sent (eg, via email, SMS (Short Message Service)) to the involved party (eg, the authorizing agent and / or requester that gives permission).

  FIG. 15 is a schematic flow diagram illustrating a CDA client-side data deletion routine 70 according to one embodiment of the invention. FIG. 16 is a schematic flow diagram illustrating a server-side data deletion routine 80 according to one embodiment of the present invention. FIG. 17 is a schematic flow diagram illustrating a data deletion execution routine 90 according to one embodiment of the present invention. Referring to each figure, in a normal data deletion operation on the server side, when all function CDAs contact the monitoring server (72 and 81), the identification information of the device is verified. If it is verified that the device is marked for data deletion operation (82), then the extensible communication protocol described above is used to trigger the CDA data deletion execution code or subfunction (74). Define data to be deleted using wildcard variables that delete all data structures (91) Call data deletion execution code or subfunction with parameters (84 and 85). The server instructs the agent to contact the server within a predetermined period (eg, 15 minutes) (86). The CDA subfunction may be deleted such that the data becomes unrecoverable using an algorithm recommended by the US Department of Defense (eg, US Department of Defense Standard Method 5220.22-M Erase / Sanitize Matrix). The CDA subfunction also deletes data using available embedded operating system support. Such data deletion algorithms and mechanisms are known to those skilled in the art, and the actual deletion mechanism does not change the capabilities of the system described in this application.

  The data deletion application, for example, deletes the application and data on the hard disk drive (93), then calls the monitoring server (95) and uploads the report (eg, log file) to the server (76 and 88) to delete the data Detail the success of the application (eg, log each action created / attached to log file and / or log full path of deleted file 94). If the data deletion application is instructed to exclude operating system deletion, the data deletion application deletes all data and application files except those required for operating system and agent functionality. At the end of the deletion process (83), an attempt is made to return (94) a status report (for example, log files) (76 and 88) to the monitoring server. The client device can operate after the deletion process. The server and agent data deletion routine continues with other operations (78 and 87). For example, if the data deletion application is instructed by the server to delete the operating system, it continues to delete the operating system files.

The routine for operating system data deletion is as follows. In the first stage, the data deletion application deletes all data and application files except those necessary for the operating system and agent to function. At the end of the first stage of the deletion process, the agent returns a status report to the monitoring server. Then, the data deletion application continues to delete the remaining files on the device. This can render the device inoperable. Once all data deletion processing is complete, the agent may not be able to call the monitoring server. If the user reinstalls the operating system, the agent regains its original functionality.
In any configuration, the data deletion service has the following functions.
-Write the pattern of 0 and 1 to the file three times-Write random data to the file-Change the file attribute to "Directory"-Change the file date / time stamp to a fixed value-Set the file size to "0" Set ・ Change the file name to a randomly generated file name ・ Remove the new file name from the directory

  Data removal applications are disguised to perform the purpose as secretly as possible. The service executed during the deletion process is given the file name “WCTSYS.EXE” in order to hide the deletion process that operates in the background. If the user aborts the process before the deletion is complete, the application can resume the deleted deletion process once the agent makes the next call to the monitoring server. For example, the agent determines whether the data deletion is permanent (92). If so, proceed to the remaining data deletion function (ie, 93 etc.). If not permanent and the data deletion has not been completed previously (97), the process proceeds to the data deletion function. If the data deletion has been completed (97), the data deletion process ends. For all client devices capable of deleting data, the agent call return period may be set to a predetermined value for both modem and IP calls (eg 86).

  The time required to complete the data deletion process depends on several variables such as the speed of the processor, the size of the hard disk drive, the amount of data to be deleted, and the amount of activity that has been performed on the client device so far. Dependent. It has been found that the expected time required to complete the data deletion process is from a few minutes to over 30 minutes.

The report returned upon successful deletion includes the following information:
-Confirm that the data deletion application has been downloaded and executed-List of deleted files-Change in hard disk space (This information is available only if the asset tracking management service is available and data can be collected from the PC Is)

  This information may be provided to the user when the data deletion process is successful.

  The data deletion function may be controlled by a policy file downloaded from the server (84 or 85). The policy file instructs the data deletion application on the file, folder, or file type to be deleted. The policy file may indicate other data selection criteria.

  Implemented policy file format sample

| Items || item name = | *. extensionToBeDeleted | type = | U | instruction = | P $ C: \ *. extensionToBeDeleted | seq = | 0 | / |
| Item name | = | C: \ FolderNameToBeDeleted \ | type = | U | instruction = | P $ C: \ FolderNameToBeDeleted || seq = | 1 | / |
| Item name | = | C: \ LJ \ FilenameWithExtensionToBeDeleted | type = | U | instruction = P $ C: \ LJ \ FilenameWithExtensionToBeDeleted | seq = | 2 |
| / Items |

[Further use of extensible protocol]
As described above and further below, full-function CDAs and mini-CDAs are the latest versions available on the monitoring server using extensible protocols (eg, in a non-BIOS or software persistent embodiment). To keep up with. It also uses this capability to update other asset tracking management extensions to the latest version. Since the general purpose sub-functions included in the extensible protocol are general and flexible, they can be utilized to have many functions in addition to the asset tracking management and data deletion described above. Another example of an extensible protocol application is downloading and starting an application from a monitoring server. You may start after downloading the execution code to memory. Alternatively, the installer may be downloaded from the monitoring server to initiate application installation or upgrade of existing applications.

Examples of applications that provide functionality utilizing the agent's extensible protocol include:
A permanent firewall. Agents can download and enforce network communication firewalls. The agent can also monitor and correct changes in firewall settings or removal or invalidation of firewalls. Because agents are permanent (cannot be deleted or removed), they can provide and implement security features like firewalls in a much more permanent way.
・ Data encryption. The persistent agent can encrypt the data on the machine in response to a command from the server. This allows data protection in the event of theft or loss in a much more permanent way. The agent can also change the encryption key or password after theft to protect the user's data. By changing the encrypted password or key, the machine can be protected even in case of internal theft where the user knows the password.
・ Location tracking management. One of the main functions of the agent is to contact the host monitoring system to report device identification information and physical location. The physical location can be implicitly defined by the machine's IP address or other related network parameters. Agents may use data from built-in GPS receivers or cellular network receivers and transmitters to identify the physical location of the device. In such a configuration, the agent can log GPS or assisted GPS location information (latest or series of log information). The CDA can periodically read the GPS position and create a log file, which can be uploaded to the server when called.

[Alternative embodiment of module]
The present invention can be used in (a) various BIOS implementations by various device (eg, PC) manufacturers, (b) various interface requirements with the BIOS, (c) various device manufacturers or various device types. In various embodiments of persistent agents that adapt to specific environments based on factors including, but not limited to, the various flash memory spaces possible and (d) the ability to operate without BIOS PCI option ROM enumeration hooks realizable. To accommodate these factors, the CLM is in PCI option ROM format, and the AIM and CDA may be stored separately and coupled to the CLM. The CLM reduces to a small stub at the end of the POST cycle. If the device has a BIOS that does not enumerate the PCI option ROM, the CLM may exist in the partition gap and use an alternate master boot record (MBR). Various embodiments of persistent agent module configurations are described more fully below.

[A. Flash resident type]
In the flash resident embodiment of the present invention, the CLM, AIM, and mini CDA are all loaded into the BIOS flash image. This approach takes advantage of existing processing used by the BIOS to load the PCI option ROM from the BIOS flash image. Additional modules (AIM and mini CDA) may be stored separately in the flash and may be coupled to the CLM in the PCI option ROM as in FIG.

  If the AIM and mini CDA are coupled to the CLM, the 18-20 KB PCI option ROM is loaded into the upper shadow memory by POST and the AIM is unpacked by the CLM. The AIM then adapts and configures the mini CDA for the system and returns control to the CLM. The CLM reduces the PCI option ROM image to the minimum size and remains in the upper memory area as a 2 KB ROM block. If AIM (~ 6KB) and CDA (~ 10KB) are simply stored in the flash image and not coupled to the CLM, the CLM incorporates an additional image access function that locates and unpacks the AIM and mini CDA. The operation of CLM, AIM, and mini-CDA is similar to the combining method described above. The size of the CLM will be slightly larger and will be adjusted to the platform that the flash image is targeted for. This approach assumes that the vendor ID is fixed in advance and that the flash resident PCI option ROM can be recognized. Flash image management is shown in FIG.

[B. Hard disk drive partition gap]
Due to BIOS specific space limitations, there may be insufficient space in the BIOS flash memory for all modules of the entire persistent agent. In this case, depending on the support of the device vendor, the AIM, or AIM and mini CDA, may reside in an area that is not accessible to the user in the mass storage device, such as a partition gap of a hard disk drive. This is an example of a form of “software permanent type”. In this embodiment, the CLM is still present in flash and is called during the PCI option ROM enumeration process as in previous embodiments, but the CLM loads the AIM and the AIM loads the CDA from another location. Execute.

  FIG. 13 illustrates partition gap image management that is relevant in situations where an additional module of a persistent agent exists within the partition gap. This gap exists between the MBR and the first partition. This gap is, for example, 62 sectors on most modern hard disk drives, but some sectors are reserved by installation utilities that maintain compatibility with other software, so the usable size is It is about 27 Kb. This size is sufficient to incorporate the agent basic modules (AIM, CDA) necessary to communicate with the server and bootstrap other modules to the OS.

[C. Host protected area (HPA)]
Referring to FIG. 12, alternatively, in situations where there may not be enough space in the BIOS flash memory for all modules, a persistent agent in the hard disk drive partition as in the previous embodiment. Instead of storing additional modules (ie, AIM and / or mini CDA), the persistent agent's additional module is inaccessible to another user on the mass storage device, such as in the HPA or its functional equivalent Present in the area. This is another example of software persistence. Additional support is required to lock and unlock the HPA. This HPA access mechanism is unique for each PC OEM. Images in the HPA may need to be managed at runtime. Drivers and applications support existing methods of authenticating through the BIOS interface and obtaining the runtime access necessary to manage that part of the HPA space. In this embodiment, the CLM is still present in flash and is called during the PCI option ROM enumeration process as in previous embodiments, but the CLM loads the AIM and the AIM loads the CDA from another location. Execute.

[D. Non-flash CLM]
Although most secure embodiments have the CLM present in the BIOS flash memory, there may be environments that do not support this. This may be the case if the OEM configures the BIOS not to list the CLM headers being flashed while scanning the PCI option ROM. In such systems, CLM's alternative location provides a superior solution compared to existing products. Using an alternative MBR provides a solution to this. In this embodiment, the CLM loads from an alternate master boot record. The CLM then loads the AIM and mini CDA, places them in the partition gap, and passes control to them as described in the previous embodiments. An alternative MBR approach for the agent subloader has been patented by the assignee and is incorporated herein by reference. Although the CLM of the present application may utilize a similar subloader approach, in the present invention, the CLM has additional different functions not found in previous patents related to AIM and CDA.

[E. Integration into flash-resident operating system image]
In this embodiment, the mini-CDA is integrated into an operating system image that is stored entirely in flash memory. Persistence is achieved by being incorporated into a persistent operating system image and is protected by the same security mechanisms used to prevent accidental or intentional modifications to the operating system. In this case, the mini CDA is loaded and executed directly by the operating system utility. Subsequently, the full function CDA is downloaded and installed in the volatile memory. In another substantially similar embodiment, the CLM is loaded by an operating system utility, which then loads and executes the mini CDA. In this latter case, both CLM and mini-CDA are embedded in a permanent operating system image.

[F. Server-initiated connection]
In this embodiment, the server initiates communication with the CDA instead of waiting for the CDA to initiate communication with the server. Server-initiated connections allow execution of server instructions that are time-constrained and cannot wait until the next planned call by the client. In this case, the server may use the same or different primary communication network or protocol that the CDA uses to call the server. An example of when it depends on time is to perform a data deletion operation on a mobile device that was placed in an improper location or stolen before communication was interrupted by the network operator as a result of a reported device theft It is to be. Any service that depends on time may be invoked in this way.

[G. Integration into operating system distribution]
In this embodiment, the mini-CDA is integrated into an operating system distribution (eg, software, hardware firmware). Persistence is achieved by being incorporated as a basic and inseparable component of the operating system. In this case, it is protected by the same security mechanism that is used to prevent accidental or intentional modifications to the operating system. In the case of an operating system reinstallation, the mini-CDA is reinstalled from the operating system installation media, so that the services provided by the mini-CDA are available in the second installation. In this embodiment, the mini CDA is loaded and executed directly by operating system functions. Thereafter, the full-function CDA is downloaded and installed in the same manner as in the other embodiments.

[H. Extensible Firmware Interface (EFI)]
Persistent modules (ie, AIM and CLM) BIOS embodiments may be modified to install a mini-CDA or agent into the EFI environment as either an EFI driver or EFI application prior to the OS loader. Persistence is achieved when the ELM loads the CLM and then the CLM uses the AIM to install or restore the mini CDA as in the BIOS embodiment. Similar to the BIOS embodiment, the mini CDA can download and install a full-featured agent after OS boot.

[optimisation]
It is not difficult to integrate the CLM PCI option ROM into the system BIOS. For example, IBM's T43 notebook computer is installed with an IBM BIOS having an option ROM structure. Its form and function are similar to the video option ROM or motherboard controller option ROM already present in the BIOS. If done simply, the BIOS must be easily reconfigured to recognize the CLM vendor ID. If the CLM form and function are more closely integrated into the host BIOS, some size optimization may be performed. There is an opportunity to save the small space up to 20KB required to store CLM, AIM and CDA in the flash image. The following is a table listing the various functions in the three main modules and the approximate size of each main function group. The “Optimization” column is a list of estimations of optimization possibilities for the functional groups in each module.

  Of the various functions in the module, only CLM functions (PCI, image management, and execution environment) may be optimized with specific support from the host BIOS. By using the BIOS compression algorithm and using the “join” method of storing the AIM and CDA modules, the size of the image management function can be reduced by about 0.3 KB. By making the PCI option ROM loaded near the end of POST so that all disk resources are available and the need for POST memory manager support is eliminated, the runtime configuration and control functions are 0.8KB. Can be reduced. The size up to 20KB is reduced to about 18.9KB. If platform specific support is required in the CLM, the upper limit may increase by 2KB.

  If the BIOS interface exposes an application program interface (API) for detecting and setting CLM through SMBIOS, the 2 KB visible ROM “stub request” is relaxed.

[Introduction of permanent service agents to portable digital devices]
The permanent service agent may be extended to track additional devices such as portable digital devices. The intelligent agent can be a consumer electronic device (e.g., Apple IPOD (R) digital media player, MP3 player, mobile phone, or Microsoft XBOX (R) or Sony PlayStation (R). The BIOS option ROM of the game device), the partition gap on the hard disk drive, the host protected area (HPA) of the hard disk drive, and embedded firmware (for example, OS ROM). As explained in the example discussed above, once executed, the CDA communicates with the monitoring server (either CDA-initiated or server-initiated communication). The CDA function may be a general-purpose function such as copying to memory, copying from memory, and execution from memory. These functions are executed based on a sequence provided by the monitoring server when communicating with the CDA. By executing such a sequence, the application may be copied to the memory and executed, and the result may be read and returned to the monitoring server. As explained above, the persistent agent may be programmable.

Permanent service agents may be installed in various portable and / or personal digital devices, for example:
-Personal information terminal (PDA)
-Digital media devices such as MP3 players, digital recorders, portable TVs, radios, etc.-Wireless devices such as mobile phones, two-way radios, etc.-Handheld devices such as the Global Positioning System (GPS)-Portable computer games ( Game devices such as Nintendo (registered trademark) (Nintendo (registered trademark), Sony (registered trademark) PlayStation (registered trademark)), etc.-digital camera

  Specific examples of agent deployment include:

[1. IPOD (registered trademark) digital media player]
The agent is pre-programmed to contact and receive contact from the monitoring server. The agent will wait until the device connects to the Internet or to another base device (eg, a personal computer) connected to the Internet. Once the device connects to a third party website (such as ITunes®), the agent connects to the monitoring server using the website's embedded control. Alternatively, the agent may connect to the monitoring server by installing a copy of itself or another agent on the connected base device. Once connected, the agent checks the status of the device from the monitoring server. This confirmation may include a check of the device's unique identification information (eg, electronic serial number (ESN), manufacturer serial number, or serial number embedded in the agent). This unique identification information is checked against the monitoring server database. If the mobile device is flagged as lost (eg, by the original owner or agent of the device), the agent can trigger an operation on the mobile device to disable the mobile device itself (eg, Data deletion, or shut-off or invalidation discussed above, or other similar operations that render at least some functions of the portable device inoperable to the extent that at least some of the portable device cannot be used. Alternatively or additionally, the agent triggers the device to display an information message to the person holding the mobile device. The message may also instruct the person to contact the owner, equipment vendor or asset tracking management company for further information such as return to equipment owner, rewards related to equipment return or reactivation. Good.

[2. mobile phone]
The agent is pre-programmed to contact the monitoring server (eg, server-driven or agent-driven). Once the device is connected to the wireless network, the agent may communicate with the monitoring server using standard communication protocols and alternatively or additionally monitor SMS messages (or another type of protocol). It may be sent to the server or the agent of the owner. Once connected, the agent confirms that the device's unique identification information is valid against the monitoring server database. This confirmation may include a verification of an identification number such as the ESN or serial number of the device (manufacturer serial number, identification number embedded in the agent, or SIM card ID, etc.). This unique identification information is checked against the monitoring server database. If the original owner of the device has set the flag indicating loss on the mobile device, the agent can trigger an operation on the mobile device to deactivate itself (e.g., the data discussed above). Delete, or shut off or disable, or at least some other similar operation that renders at least some functions of the portable device inoperable to the extent that the portable device cannot be used continuously. Alternatively or additionally, the agent triggers the device to display an information message to the person holding the mobile device. The message may also instruct the person to contact the owner, equipment vendor or asset tracking management company for further information such as return to equipment owner, rewards related to equipment return or reactivation. Good.

[3. Game console]
The agent is pre-programmed to contact the monitoring server (eg, server-driven or agent-driven). Once the game device connects to the online game server, the agent communicates with the monitoring server using a standard communication protocol (eg, IP) embedded in the game site. Alternatively, the agent may send TCP / IP or standard Internet protocols to another third party monitoring server. Once connected, the agent confirms the unique identification information of the device and performs an appropriate operation in a manner substantially similar to the embodiment described above.

  The service agent disclosed above has the ability to be persistent even if an operation is performed that would normally be expected to delete the service agent. Because the agent is programmable, its functionality can be expanded based on server-initiated commands. The present invention improves the ability of pre-introduced service agents to maintain an “active” state independent of the “user” operation of the device. The user's operation on the agent may be intentional or accidental. The present invention protects authorized users from accidental removal of service agents while permitting agent revocation by legitimate need (eg, at the end of the computer asset life cycle). The present invention prevents unauthorized users from removing agent software. The persistent attributes of the present invention have value in both security and asset management applications. In the context of a secure and stealth device tracking management software application, hiding valuable asset theft has become much more difficult regardless of what the thief does, and the software is permanent The present invention has great value because it is possible to contact a remote monitoring center. Furthermore, since the service agent has a permanent nature, it can be trusted that the tracking agent will not be accidentally removed, providing peace of mind to security personnel. In the context of secure asset management applications, this is of further value because it ensures continuity of asset tracking management throughout the entire life cycle. A major challenge for today's IT managers is the ability to track and manage assets throughout their lifecycle. During the lifecycle, a device is often handed over from one user to another, in which case the device re-images, reinstalls the operating system, or otherwise maintains maintenance procedures that make asset tracking difficult May be subject to.

  The processing and system of the present invention have been described above using functional modules in the form of block diagrams. Unless otherwise specified, one or more functions may be integrated into a single physical device or software module in a software product without departing from the scope and spirit of the present invention, and one or more functions may be combined. It will be appreciated that it may be implemented in a single physical device or software module distributed throughout a single location or network.

  It will be appreciated that a detailed discussion regarding the actual implementation of each module is not necessary to allow an understanding of the present invention. According to the disclosure of system attributes, functionality and interrelationships of various functional modules in the system in this application, the actual implementation is within the ordinary skill of the program and system engineer. One skilled in the art can apply the general skill to practice the present invention without undue experimentation.

  While the invention has been described in connection with embodiments thereof, it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the scope and spirit of the invention. For example, the information extraction application can be easily modified to accommodate different or additional processes that provide the user with more flexibility of web browsing. Accordingly, it will be understood that the invention is not limited by the specific exemplary embodiments, but only by the appended claims.

3 Host monitoring server 10 Persistent agent 12 PCI option ROM
13 Core BIOS flash image 14 Loader module 16 Adaptive installer module 18 Communication driver agent A Client device B Communication link C Host monitoring system

Claims (24)

A permanent service agent located in an electronic device connected to a network to a remote server and enabling, supporting and / or providing at least one service for said electronic device comprising:
A driver agent hidden in the electronic device, wherein the driver agent is configured to be resistant to external tampering, including self-healing upon tampering, the driver agent being a partial driver agent or full function At least one driver agent, wherein the full-function driver agent is configured to communicate with the network when providing a service, and the partial driver agent is a set of functions that are less than the full-function driver agent A driver agent configured to determine whether a full-function driver agent is available in the electronic device;
A persistent service agent comprising: an execution module configured to automatically start operation of the driver agent without user initiation or user intervention.   The driver agent enables, supports and / or services comprising at least one of asset tracking management, asset recovery, software deployment, data deletion, firewall protection, data encryption, location tracking management, message notification, and software upgrade. The permanent service agent of claim 1, wherein the permanent service agent is configured to provide.   The driver agent is configured to enable, support, and / or provide a data deletion service that deletes a selected data file in the electronic device, and the driver agent sends a report of the deleted data to the remote device. The persistent service agent according to claim 1, which is provided to an external server.   The persistent service agent of claim 3, wherein the driver agent is configured to enable, support and / or provide for deletion of an operating system of the electronic device.   The persistent driver of claim 4, wherein the driver agent is configured to first delete a data file other than the operating system, provide the report to the remote server, and then delete the operating system. Service agent.   The persistent service agent of claim 3, wherein the driver agent is configured to resume the data deletion service if a previous data deletion service was interrupted before completion.   The persistent service agent of claim 2, wherein the partial driver agent is located in the electronic device as at least one of firmware, software, and hardware.   The persistent service agent of claim 7, wherein the firmware comprises a non-volatile memory.   The persistent service agent of claim 8, wherein the non-volatile memory comprises at least one of a BIOS chip and a flash memory.   The permanent service agent of claim 7, wherein the software comprises an operating system of the electronic device.   The driver agent is configured to communicate with the remote server to receive instructions from the remote server related to data deletion of a selected data file in the electronic device. Persistent service agent.   The driver agent communicates with the remote server, receives an instruction from the remote server and executes the service in response to the instruction, the communication being initiated by the driver agent or the server. 2. A permanent service agent according to 2.   The persistence of claim 12, wherein the driver agent is configured to communicate with the remote server to receive instructions from the remote server in connection with establishing firewall protection in the electronic device. Service agent.   The persistence of claim 12, wherein the driver agent is configured to communicate with the remote server to receive instructions from the remote server related to undertaking data encryption in the electronic device. Service agent.   The persistent service agent of claim 12, wherein the driver agent is configured to communicate with the remote server to receive instructions from the remote server related to location tracking management of electronic devices.   The persistent service agent of claim 12, wherein the driver agent is configured to communicate with the remote server to receive message notifications and / or instructions that disable certain functions of the electronic device. .   An electronic device comprising the permanent service agent according to claim 1. A method for enabling, supporting and / or providing a service in an electronic device, comprising:
Hiding a driver agent in the electronic device, wherein the driver agent is configured to be resistant to external tampering, including self-healing upon tampering;
Providing an execution module configured to automatically start operation of the driver agent without user initiation or user intervention;
Communicatively connecting the driver agent to a network to communicate with a remote server to receive instructions relating to the service.   The method of claim 17, wherein the service comprises at least one of asset tracking management, asset recovery, software deployment, data deletion, firewall protection, data encryption, location tracking management, message notification, and software upgrade.   The driver agent is configured to enable, support, and / or provide a data deletion service that deletes a selected data file in the electronic device, and the driver agent enables deletion of the operating system of the electronic device. The method of claim 18, wherein the method is configured to enable, support and / or provide.   The method of claim 19, wherein the driver agent is configured to first delete a data file other than the operating system, provide the report to the remote server, and then delete the operating system. A system for providing at least one service in an electronic device connected to a network,
A remote server connected to the network;
A permanent service agent located in the electronic device, comprising a driver agent hidden in the electronic device, wherein the driver agent is resistant to external tampering, including self-healing upon tampering The driver agent comprises at least one of a partial driver agent or a full-function driver agent, wherein the full-function driver agent is configured to communicate with the network when providing the service; The agent is configured to determine whether a full-function driver agent is available in the electronic device with a small set of functions compared to the full-function driver agent, and the persistent service agent further includes a user Start by or yu A persistent service agents without intervention by THE comprising an execution module configured to automatically start the operation of the driver agent,
The permanent agent communicates with the remote server, receives a command from the remote server, and executes the service according to the command.   The system of claim 22, wherein the communication is initiated by the driver agent or the server. The persistent service agent communicates with the remote server;
(A) establishing firewall protection in the electronic device;
(B) undertaking data encryption in the electronic device;
(C) electronic device location tracking management;
(D) receiving a message notification;
23. The system of claim 22, configured to receive instructions from the remote server associated with at least one of (e) disabling certain functions of the electronic device.

Images