GB2303726A - Immobilization protection system for electronic products and components - Google Patents

Immobilization protection system for electronic products and components Download PDF

Info

Publication number
GB2303726A
GB2303726A GB9615597A GB9615597A GB2303726A GB 2303726 A GB2303726 A GB 2303726A GB 9615597 A GB9615597 A GB 9615597A GB 9615597 A GB9615597 A GB 9615597A GB 2303726 A GB2303726 A GB 2303726A
Authority
GB
United Kingdom
Prior art keywords
ssp
ipds
lt
gt
ipd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB9615597A
Other versions
GB2303726B (en
GB9615597D0 (en
Inventor
Peter David Collins
Karl Royer
Mark Bowyer
Original Assignee
Peter David Collins
Karl Royer
Mark Bowyer
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to GB9515228A priority Critical patent/GB9515228D0/en
Application filed by Peter David Collins, Karl Royer, Mark Bowyer filed Critical Peter David Collins
Publication of GB9615597D0 publication Critical patent/GB9615597D0/en
Priority claimed from AU15510/97A external-priority patent/AU1551097A/en
Publication of GB2303726A publication Critical patent/GB2303726A/en
Application granted granted Critical
Publication of GB2303726B publication Critical patent/GB2303726B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/72Indexing scheme relating to groups G06F7/72 - G06F7/729
    • G06F2207/7219Countermeasures against side channel or fault attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/07Indexing scheme relating to G06F21/10, protecting distributed programs or content
    • G06F2221/0797Indexing scheme relating to G06F21/10, protecting distributed programs or content using dedicated hardware at the client

Abstract

An electronic security system embeds electronic immobilization protection devices (IPDs) in electronic products and components. IPDs have controlled access to a security service provider (SSP). At power on, and periodically there after, the IPD sends a cryptographically secure "challenge" to the SSP. If a part has not been reported stolen, then the SSP replies with a valid cryptographically secure "response", otherwise it replies with an invalid "response". If the IPD receives an invalid "response", or when a limited time has elapsed without a "response", it renders the part inoperative. A valid "response", inside the time limit, allows the part to function normally. A stolen and recovered product can be identified and traced to its rightful owner, who contacts the SSP to re-enable the product. IPDs allow specific parts to function normally for a limited period of time, so that existing hardware, software and network resources can be utilized to communicate to the SSP.

Description

DESCRIPTION Immobilization Protection System for Electronic Products and Components.

This invention relates to electronic security systems. The theft of complex electronic products (eg. computer, video and hi-fi appliances) and VLSI components (CPUs and SIMMs) has become a matter or great concern to both companies and individuals. At present, criminals are safe in the knowledge that most products and components are untraceable, due either to the lack of secure serialization, at manufacture, or secure tagging, by the rightful owner. As a result, criminals have the incentive that stolen equipment can be re-sold as new with negligible depreciation.

In general, such crime is deterred by physical security systems protecting premises and individual equipment. Many of these systems make the normal use of equipment difficult and pose no real deterrent to the determined criminal.

The publicised knowledge that products or components contain means of secure serialization is a significant deterrent to the criminal. However, the criminal still has the knowledge that he can re-sell (legally or not) working equipment. A greater level of deterrent to the criminal is the publicised knowledge that, taken away from its rightful owner, a product or component is rendered inoperative. This invention is concerned with a technique for rendering electronic products and components inoperative in the hands of anyone but the rightful owner. The technique allows stolen and recovered products and components to be identified and traced to their rightful owner(s).

Electronic products and components are designed with an embedded electronic immobilization protection device (IPD). From power on, the IPD controls the useful operation of the product or component.

The IPD is embedded within the product at one of three levels: (i) an additional component inside the case or mounted on a printed circuit board; (ii) an additional component bonded to one or more essential or high value components; (iii) additional logic integrated at mask (or multi-chipmodule) level to essential or high value integrated circuits. Essential components are those without which the product cannot function. Level (i) provides the lowest level of deterrent because means exist to by-pass the IPD. Furthermore, there is no deterrent against extraction of high values components. In level (ii) the IPD is bonded to and encapsulates components in such a way that by-pass or removal of the IPD causes terminal physical damage.

Level (iii) provides highest level of deterrent because the IPD is truly integral making by-pass intractable.

The rightful owner of a product is provided with controlled access to a security service provider (SSP). IPDs are programmed by the manufacturer or retailer with a unique part number (PN), one or more cryptographic functions, and cryptographic keys. At purchase, the rightful owner registers the IPDs with a SSP. Using a secure channel, the manufacturer or retailer advises the SSP of the necessary cryptographic functions and keys.

When a product or component is powered on a communication link between the IPDs and the SSP is established. This link can involve dedicated functions and communication paths within the product. Alternatively, the pre-existing microprocessor and communication units within the product can be programmed to provide the link. Once the link is established, each IPD sends its PN together with a cryptographically secure "challenge". If the product or component containing an IPD has not been reported stolen, then the SSP replies with a valid cryptographically secure "response", otherwise it replies with an invalid "response". An invalid "response" can be any response that is: (i) not the valid "response"; (ii) no reply. If the IPD receives an invalid "response", or when a time limit has elapsed without a valid "response", then it renders the product or component inoperative.If the IPD receives a valid "response", inside the time limit, then it allows the product or component to function normally. In either case, if the time limit, measured from power on, has elapsed and the IPD has not received a valid "response", then it disables the product or component. The time limit is short enough (typically a few minutes) to prevent any useful operation of the product or component.

A stolen and recovered product containing one or more IPDs can be identified and traced to its rightful owner by authorities granted access to the SSP database (eg.

the Police). When returned, the rightful owner contacts the SSP in order to reenable the product or components, after which, the product or components function as normal.

Some portable equipments maintain continuous power to specific components. To ensure such equipments are immobilized in the wrong hands, the "challenge" sponse" cycle is repeated periodically, eg. every eight hours. The duration of this interval can be varied to suit organizational or operational requirements.

Per device cryptographic keys are used to protect the system from compromise, ie.

if the keys within a single IPD are compromised the system as a whole is not compromised. The system has additional security because the manufacturers and system operators are free to agree their own algorithms. However, it is in the interests of the manufactures and operators to choose "strong" cryptographic algorithms. The term "strong" refers to algorithms that remain secure in the event of exposure, ie.

if the algorithm within a single IPD is exposed then IPDs using the same algorithm are not compromised. Prefixing the PN to the "challenge" is necessary to allow the SSP to select the correct algorithms and keys for the IPD requesting the "response" An SSP can provide its users with several modes of connection: (i) circuit or packet access to a central security server; (ii) packet access to a local security server; (iii) direct access to a plug-in security server. Mode (i) is a centralized mode whereby the product connects to a central security server using any available means of communication, eg. an individual can use a modem to connect via a PSTN; a company can use its LAN to connect via a WAN gateway. Mode (ii) is a distributed mode of operation in which local servers connect when necessary to a central security server.Local security servers contain at least one IPD per server, so that, in the event a server is stolen, equipment stolen from the same premises is not compromised. There are two types of local security server: (i) a slave server that computes "responses"; (ii) a cache server that requests several "challenges" in advance and stores the "responses" obtained from a central server. If possible, the local server uses volatile storage. However, information in non-volatile storage is stored encryp ted and decrypted on-the-fly. A single local server might be contained in a house or small business, whereas several might be used in large company or organization.

Consumer electronics inside a house can communicate to a local server using an infra-red network. Large office buildings might use a hierarchy of cache servers connected to a slave server. In mode (iii), a product has direct connection to a smart-card (or similar device) that computes "responses". The smartcard contains the key information necessary to acknowledge the IPDs within the product it serves.

When the product is unused, it is the users responsibility to remove and store safely the smartcard, in order to prevent the product from operating. The smartcard itself has a given lifetime that once exceeded renders the card useless. The smartcard can be reactivated by the SSP. If a product or component is stolen then the smartcard can be presented to an insurer as proof of immobilization.

Users may wish to purchase products and components with the IPD security unenabled. At some later date, the user can enable the IPD security and enter the system by contacting an SSP. Once enabled, the IPD security cannot be disabled.

However, SSP users can buy out of the system by obtaining a lifetime smartcard covering the users products and components. Once the user obtains such a card, the SSP can offer the user no security for these products and components.

The embedded and cryptographically secure natures of IPDs must be sufficient so that individuals outside the realms of approved manufactures and the SSPs, including the rightful owner, are unable to provide a method, or gain information, to by-pass or enable IPDs without a valid "response" from the said SSP.

IPDs incorporated into data storage products can provide data security in addition to immobilization. For example, the control processor on a fixed disk can be programmed, from power on, not transfer data on specified partitions until a valid "response" is obtain from an SSP. If the disk is reported stolen, then data on the disk in the specified partitions cannot be read at all, not even for a limited time.

IPDs can be used to provide controlled access to the equipments they immobilize.

For example, outside working hours, the SSP can answer selected IPD "challenges" incorrectly, in order to ensure that certain equipments cannot be used outside the working hours.

The SSP has day to day record of the products and equipments that send IPD "challenges". The SSP can use this record to provide an audit facility to its customers.

This is especially useful for computer memory modules, plug-in cards and peripherals that are moved around in a large organization, eg. the SSP can provide day-to-day lists of products containing IPDs that have been moved from one machine to another.

The length of time between "challenge" - "response" cycles can be lowered in order to provide customers a usage monitoring capability. However, the SSP cannot obtain such information when equipment is both switch-on and unused.

This invention will now be exemplified with reference to the accompanying drawings: Figure 1 is a flow diagram that shows the computational functions inside an IPD and SSP.

Figure 2 is a personal computer system incorporating IPDs.

Figures 3 and 4 show two methods a single PC can connect to an SSP.

Figures 5, 6 and 7 show how corporate users with existing networks can connect to an SSP.

Referring to figure 1. The IPD "challenge" takes the form of a non-recurring cryp tographically secure random number. To achieve the non-recurring property, the IPD contains a non-volatile state register 40. The IPD loads the contents of the state register Sn, into a sequence generator 41 from which a new unique state, Sn+l is generated, but not immediately used. The output of the sequence generator, On, (a function derived from Sn) is fed into a cryptographic function 42 with the key A'o stored in read only memory (ROM). The output of 42 is the "challenge", Cn. The key K0 need not be unique amongst all IPDs. However, if the key Ko is unique, then each IPD produces a unique sequence of cryptographically secure random "challenges".This level of refinement makes the system more difficult to attack. If an SSP wishes to filter "challenges" from rogue users, then IPDs must incorporate a means for the SSP to validate "challenges". (An attacker, wishing to deny SSP service from legitimate users, can flood SSP connections with rogue "challenges".) One such means is to send an authenticator, An, derived from the "challenge", Gn, using a cryptographic function 43 with the key, K11 stored in ROM.

At the SSP, the received "challenge" is fed into cryptographic function 44 with the key K1, obtained from a database lookup using the part number P. The functions 43 and 44 are identical. If the output, VAn, of 44 and the received authenticator (from the IPD) are equal then the "challenge", Cn, is valid. In this case, the SSP feeds the received "challenge" into a cryptographic function 45 with the key K2, obtained from a database lookup using P. The output of 45 is the cryptographically secure "response", Rn. Returning to the IPD, Cn is fed into a cryptographic function 46 with the key K2, stored in ROM. The functions 45 and 46 are identical.

If the output, VRn, of 46 and the received "response" (from the SSP) are equal (see 49), then the product or component is allowed to function and 40 is loaded with the state Sn+l. If the comparison 49 fails, then product or component is disabled and 40 remains in its original state, Sn The cryptographic function referred to in figure 1 can be block cipher algorithm in which the key is directly applied. Alternatively, the cryptographic function can be secure hash function in which the key is mixed with the input to the function. The non-recurring property of the "challenge" is highly desirable, but not essential. An alternative is to use a true random number generator in place of the non-volatile state register and sequence generator.

A personal computer (PC) system incorporating IPDs 71 72 is shown in figure 2.

Internal IPDs are connected via a simple bus 62 to the IPD interface adaptor 65, integrated on the PC motherboard 70. Alternativley, the IPD interface adaptor is a plug-in card. External IPDs 72 are connected to external IPD bus 67 and use a buffered connection 66 to the IPD interface adaptor 65. Alternativley, external IPDs can use existing connections to the computer, eg. printers can use a parallel or serial port and SCSI peripherals can use the SCSI bus. The PC has at least one means to access the SSP, eg. a network adaptor 73, a smartcard interface (see figure 3), or a modem attached to a PSTN (see figure 4).

When the PC is turned on, IPDs in system critical components 60 61 are enabled, for a limited period of time, allowing the computer to function normally. This time is sufficient for the PC to load its operating system, establish communication with the SSP, to send "challenges" and receive "responses". The details of procedure are as follows. The PC loads its operating system and starts a special process that (i) collects part numbers and "challenges" from the components 60 61 63 68 using the IPD interface adapter 65; (ii) establishes a connection to the SSP; (iii) sends the part numbers and "challenges" to the SSP; (iv) receives "responses" from the SSP; and (v) dispatches "responses" to the appropriate IPDs. Any component in the PC system that does not belong to its rightful owner receives an invalid "response" from the SSP. In this case, the IPD will disable the component after an additional short delay (to allow the computer fail safe). If all "responses" are valid, then the computer continues to function normally and with non-critical functions enabled. A key feature is, therefore, that existing hardware (such as 60 61) and software (and network 69 73) resources within the PC system are used to communicate with the SSP. The path between the IPD interface, on the PC motherboard, and the SSP can be encrypted in order to prevent an eves dropper auditing the property of an individual or organization.

Figure 3 shows a PC 30 connected to a smartcard interface 31. The user is issued a smartcard 32 by the SSP 34. On receipt of the smartcard, the user is able to operate his system for a set period (eg. one year), after which the SSP can use manual or electronic means to update the card, eg. using a modem (not shown) to establish a communication link from the smartcard to the SSP. Figure 4 shows a PC 20 that connects to an SSP 23 using a modem 21 connected to a public switched telephone network (PSTN) 22. The connection can be to a modem server located in the SSP.

Alternatively, the PC can dial-up a local Internet provider and communicate to an Internet connected SSP.

Figure 5 shows a PC 10 that connects to an SSP 14 via a LAN 11, a WAN 13, and a firewall 12. Figure 6 shows a PC 1 that connects to local security server 6 via a LAN 2. In turn, the local security server connects to the SSP 5 via (i) a firewall 3 and WAN 2 and/or (ii) a modem link (not shown). The local security server reduces the WAN bandwidth required by a large organization.

Figure 7 shows a system that uses a hierarchy of security servers inside a large customer premises 90. The PCs 102 103, on separate LAN subnets 91 96, connect to local cache security servers 92 94. The LAN subnets 91 and 96 are connected to a backbone LAN 97 by the router/firewalls 93 and 95. The LAN 97 has connected a slave security server 98 that has access via a gateway/firewall 99 to a WAN 100.

In normal operation, the cache servers 92 94 communicate "challenges" - "response" packets directly to the slave security server 98. In the event that the slave server fails, or is unable to identify a part number, the cache servers can communicate "challenge" - "response" packets off site to the SSP 101.

Index to Abbreviations <img class="EMIRef" id="026752184-00050001" />

<tb> Abbreviation <SEP> l <SEP> <SEP> Meaning <tb> <SEP> CPU <SEP> Central <SEP> Processing <SEP> Unit <tb> <SEP> I/F <SEP> Interface <tb> <SEP> IPD <SEP> Immobilized <SEP> Protected <SEP> Device <tb> <SEP> LAN <SEP> Local <SEP> Area <SEP> Network <tb> <SEP> PC <SEP> Personnel <SEP> Computer <tb> <SEP> PCB <SEP> Printed <SEP> Circuit <SEP> Board <tb> <SEP> PN <SEP> Part <SEP> Number <tb> <SEP> PSTN <SEP> Packet <SEP> Switched <SEP> Telephone <SEP> Network <tb> <SEP> ROM <SEP> Read <SEP> Only <SEP> Memory <tb> <SEP> SIMM <SEP> Single <SEP> Inline <SEP> Memory <SEP> Module <tb> <SEP> SSP <SEP> Security <SEP> Service <SEP> Provider <tb> <SEP> VLSI <SEP> Very <SEP> Large <SEP> Scale <SEP> Integration <tb> <SEP> WAN <SEP> Wide <SEP> Area <SEP> Network <tb>

Claims (8)

  1. CLAIMS 1. An electronic security system in which standalone or plug-in products, high value plug-in or extractable components, contain embedded immobilization protection devices (IPDs), that send cryptographic "challenges" to and receive cryptographic "responses" from a security service provider (SSP) in order to determine whether, or not, the rightful owner has reported them stolen; if the said "response11 is correct, then the said product or component is allowed to function normally; if the said "response11 is incorrect, or a limited period of time measured from power on has elapsed, then the said product or component is rendered inoperative.
  2. 2. Immobilisation protection devices, in a system according to claim 1, that are embedded into products or components at one of three levels: (i) an additional component inside the case or mounted on a printed circuit board; (ii) an addi tional component bonded to one or more essential or high value components; (iii) additional logic integrated at mask (or multi-chipmodule) level to essen tial or high value integrated circuits, essential components are those without which the product cannot function; in level (ii) the said IPD is bonded to and encapsulates components in such a way that by-pass or removal of the said IPD causes terminal physical damage.
  3. 3. A security service provider, in a system according to claim 1, that provides users several modes of connection: (i) circuit or packet access over public or leased lines to the said SSP; (ii) packet access over local networks to a slave or cache security server, inside the users premises, connected to the said SSP; (iii) direct access to a plug-in smartcard server issued by the said SSP.
  4. 4. Immobilisation protection devices, in a system according to claim 1, that con tained in system critical parts, allow said parts to function normally for a limited period of time, measured from power on, so that existing hardware, software and network resources can be controlled in order to establish the necessary communication link with the said security service provider.
  5. 5. Immobilisation protection devices, in a system according to claim 1, in which: per device cryptographic keys are used in order to prevent the system as a whole from compromise, so that if the keys within a single said IPD are com promised, then the security of other said IPDs is not compromised; the man ufactures and said security service providers are free to incorporate different or updated cryptographic algorithms in future said products.
  6. 6. Immobilisation protection devices, in a system according to claim 1, that can be used to: (i) secure data on storage devices when the storage device is re moved from specified equipment; (ii) restrict access to data on storage devives at specified times.
  7. 7. An electronic security system, according to claim 1, in which the said security service provider can, at the request of the user: (i) control access to equip ments that contain said IPDs; (ii) audit equipments that contain said IPDs (iii) monitor the use of equipments that contain said IPDs.
  8. 8. An electronic security system, according to claim 1, in which the embedded and cryptographically secure natures of said IPDs are sufficient so that indi viduals outside the realms of approved manufactures and the said SSP, includ ing the rightful owner, are unable to provide a method, or gain information, to by-pass or enable said IPDs without a said valid "response" from the said SSP.
GB9615597A 1995-07-25 1996-07-25 Immobilization protection system for electronic products and components Expired - Fee Related GB2303726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB9515228A GB9515228D0 (en) 1995-07-25 1995-07-25 Compu-kill

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
AU15510/97A AU1551097A (en) 1996-07-25 1997-01-28 Immobilisation protection system for electronic components
PCT/GB1997/000241 WO1998004967A1 (en) 1996-07-25 1997-01-28 Immobilisation protection system for electronic components
DE69722796A DE69722796D1 (en) 1996-07-25 1997-01-28 Protective system for blocking electronic devices and components and method therefor
EP97901699A EP0912919B1 (en) 1996-07-25 1997-01-28 Immobilisation protection system for electronic components and method therefor
DE69722796T DE69722796T2 (en) 1996-07-25 1997-01-28 Protective system for blocking electronic equipment and components and method therefor

Publications (3)

Publication Number Publication Date
GB9615597D0 GB9615597D0 (en) 1996-09-04
GB2303726A true GB2303726A (en) 1997-02-26
GB2303726B GB2303726B (en) 2000-02-02

Family

ID=10778214

Family Applications (2)

Application Number Title Priority Date Filing Date
GB9515228A Pending GB9515228D0 (en) 1995-07-25 1995-07-25 Compu-kill
GB9615597A Expired - Fee Related GB2303726B (en) 1995-07-25 1996-07-25 Immobilization protection system for electronic products and components

Family Applications Before (1)

Application Number Title Priority Date Filing Date
GB9515228A Pending GB9515228D0 (en) 1995-07-25 1995-07-25 Compu-kill

Country Status (1)

Country Link
GB (2) GB9515228D0 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0836131A2 (en) * 1996-10-09 1998-04-15 Hewlett-Packard Company Security of remote computing devices
EP1059578A2 (en) * 1999-06-07 2000-12-13 Hewlett-Packard Company Secure backdoor access for a computer
WO2002011093A1 (en) * 2000-07-27 2002-02-07 Sequred Pty Limited Theft deterrent device for appliances
WO2004010395A1 (en) * 2002-07-24 2004-01-29 Evatayhow Holdings Pty Ltd Theft deterrence security system
US9935847B2 (en) 2014-08-20 2018-04-03 Jamf Software, Llc Dynamic grouping of managed devices
US9998914B2 (en) 2014-04-16 2018-06-12 Jamf Software, Llc Using a mobile device to restrict focus and perform operations at another mobile device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4759062A (en) * 1986-10-06 1988-07-19 International Electronics Technology Corporation Arrangement for and method of protecting private security codes from unauthorized disclosure
GB2251503A (en) * 1991-01-04 1992-07-08 Inteleplex Corp Security system for eg. vehicle

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4759062A (en) * 1986-10-06 1988-07-19 International Electronics Technology Corporation Arrangement for and method of protecting private security codes from unauthorized disclosure
GB2251503A (en) * 1991-01-04 1992-07-08 Inteleplex Corp Security system for eg. vehicle

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0836131A2 (en) * 1996-10-09 1998-04-15 Hewlett-Packard Company Security of remote computing devices
EP0836131A3 (en) * 1996-10-09 1999-08-04 Hewlett-Packard Company Security of remote computing devices
EP1059578A2 (en) * 1999-06-07 2000-12-13 Hewlett-Packard Company Secure backdoor access for a computer
EP1059578A3 (en) * 1999-06-07 2003-02-05 Hewlett-Packard Company, A Delaware Corporation Secure backdoor access for a computer
WO2002011093A1 (en) * 2000-07-27 2002-02-07 Sequred Pty Limited Theft deterrent device for appliances
US7046144B2 (en) 2000-07-27 2006-05-16 Paul Stephen-Daly Theft deterrent device for appliances
WO2004010395A1 (en) * 2002-07-24 2004-01-29 Evatayhow Holdings Pty Ltd Theft deterrence security system
US7701335B2 (en) 2002-07-24 2010-04-20 Evatayhow Holdings Pty Ltd. Theft deterrence security system
US9998914B2 (en) 2014-04-16 2018-06-12 Jamf Software, Llc Using a mobile device to restrict focus and perform operations at another mobile device
US10313874B2 (en) 2014-04-16 2019-06-04 Jamf Software, Llc Device management based on wireless beacons
US10484867B2 (en) 2014-04-16 2019-11-19 Jamf Software, Llc Device management based on wireless beacons
US9935847B2 (en) 2014-08-20 2018-04-03 Jamf Software, Llc Dynamic grouping of managed devices

Also Published As

Publication number Publication date
GB2303726B (en) 2000-02-02
GB9515228D0 (en) 1995-09-20
GB9615597D0 (en) 1996-09-04

Similar Documents

Publication Publication Date Title
US20160098915A1 (en) System, method and apparata for secure communications using an electrical grid network
US8346925B2 (en) Apparatus for providing security over untrusted networks
Stajano et al. The resurrecting duckling: security issues for ubiquitous computing
US7890767B2 (en) Virtual smart card system and method
US9251353B2 (en) Secure caching of server credentials
Pearson et al. Trusted computing platforms: TCPA technology in context
US7228434B2 (en) Method of protecting the integrity of a computer program
US7591004B2 (en) Using trusted communication channel to combat user name/password theft
EP1204910B1 (en) Computer platforms and their methods of operation
US6950946B1 (en) Discovering stolen or lost network-attachable computer systems
JP4083218B2 (en) Multi-step digital signature method and system
US5602918A (en) Application level security system and method
US7487537B2 (en) Method and apparatus for pervasive authentication domains
Shirey Internet security glossary
Chang et al. An efficient and secure multi-server password authentication scheme using smart cards
ES2660543T3 (en) System and procedure for distributed management of shared computers
JP4667747B2 (en) System for accessing and controlling a controllable device via a network
US20130230165A1 (en) Scalable and Secure Key Management for Cryptographic Data Processing
US5751809A (en) Apparatus and method for securing captured data transmitted between two sources
US7272723B1 (en) USB-compliant personal key with integral input and output devices
US7302571B2 (en) Method and system to maintain portable computer data secure and authentication token for use therein
RU2321179C2 (en) Method for protected transmission of data between two devices
KR101365114B1 (en) Method for securely communicating information about the location of a compromised computing device
TW436747B (en) A circuit and method for configuring and registering a cryptographic device
US7016950B2 (en) System and method for restricting data transfers and managing software components of distributed computers

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20020725