TW201028883A - Secure platform management device - Google Patents

Abstract

A platform management device configured to control the functionality of a provisioned electronic device is disclosed. The platform management device includes a processor operative to execute commands. A memory maintains a series of instructions that when executed by the processor, causes the processor to: (1) establish a connection with a corresponding electronic device; and (2) transfer operating parameters to the corresponding electronic device, such that access to and operation of the electronic device may be controlled. Examples of device control include denying access to an unauthorized user and forcing the electronic device into a disabled state by remote operation from an authorized user.

Description

201028883 VI. Description of the Invention: TECHNICAL FIELD OF THE INVENTION The present invention generally relates to electronic devices and, more particularly, to a platform management device that provides secure connection and control of a correspondingly disposed electronic device. [Prior Art] Electronic devices (eg, laptops, palmtop computers, personal digital assistants' cellular communication devices, point-of-sale vending machines, and other suitable devices, and combinations thereof) have become an integral part of mobile work. Component. Previously, employees were limited to working on desktop computers or other fixed locations, and the emergence of laptops and other mobile PC devices has made mobile computer operations a general exception and not an exception. Despite this, mobility has its drawbacks. First, lost and/or stolen computers have greatly increased the amount of confidential information placed in public areas. One of the unfortunate by-products of this information loss over the past few years has been the increase in identity theft. In addition, since the user reports a lost/stealed computer event, the replacement and configuration-replacement system is equivalent to the previous computer system; it may be necessary to perform two, three or more times on many scenarios and take several steps to ensure that their identity is not Stolen m 'examples> users report incidents to banks, credit card companies, credit agencies and other collaterals; t, the huge reduction in productivity caused by the organization of the organization will result in a possible loss of productivity during the period Thousands of dollars in losses 'company and individuals can not recover these losses. Due to the increase in lost/stolen computers, the industry has tried to reduce the possible risks. /, Lost/Stolen Computer Related I38076.doc 201028883 One such effort is to equip a Global Positioning System (GPS) interrogator with a computer 'especially a laptop' that periodically sends a signal To a monitoring station, it is possible to monitor or quickly determine the location of the computer. In addition, the computer can be configured such that if the computer is not used for a predetermined period of time, the unit will be turned off and the holder of the unit needs to enter a password or before returning to a full-featured or active state. Provide some other forms of identification.

A disadvantage associated with a digital solution is that it may require the computer to have an active network connection (for example, if the Internet is lost/stealed, it is located in a building or in an underground structure, then a network The disadvantage of using a connection that is not available and often not available is that it can be easily avoided by removing or turning off the corresponding timing hardware (such as a counter) from the base system. Or, the computer The currently unauthorised holder may have obtained the password of the authorized owner or the computer user without the permission or approval of the authorized system; thereby allowing unauthorized access to the computer. SUMMARY OF THE INVENTION Whether a laptop is available to the holder of the laptop. In addition, the platform management device can provide other capabilities that can be verified to be useful to the user, for example, security, identity, storage, and location. For example, two = only the user who has already held the management device =! Appropriate: Insert: the platform management device into - available _ 戍 八. Properly, it prompted the deployment of the laptop to be enabled. If the platform management device controls a built-in electronic device (for example, 138076.doc 201028883, the inserted platform management device is not built to the laptop or does not correspond to the laptop it has inserted) The laptop will remain disabled; thereby preventing unauthorized access to the laptop. In a deactivated system, the laptop's firmware prevents basic hardware subsystems and components from functioning. Function; therefore no software executable. Operation. For example, S, by physical possession (physical p〇ssessi〇n) and fingerprint or other biometric identification, can provide an identification code for an authorized user. The user or holder of the + management device will have to establish authorization by rubbing his finger on a biometric reader. If the fingerprint is not recognized or unauthorized, then the platform management device Will not become a function to prevent the laptop from being deployed with the management device because the platform management device contains

Storage is provided by the platform management device, such as a flash memory and recovery system for storing data. As the case may be, if it is for a particular device, then the entire station I

The laptop is operational J38076.doc 201028883 provides two-factor authentication. The point is that a further laptop provided by the present invention can be controlled at a remote location.

The present invention provides a feature that can be used to prevent confidential information by remotely disabling a device when it is not authorized by an authorized laptop. access. [Embodiment]

The above and related advantages and features of the present invention will be more readily understood from the following detailed description of the appended claims. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS A schematic block diagram of a network structure (1) of the present invention will now be described with reference to the accompanying drawings, which is configured to employ and use the platform management apparatus in accordance with the present invention. If not, the network 10 includes a corporate server 12, an intermediate communication device, or a plurality of electronic devices 16 (e.g., a laptop computer that can be connected to the enterprise via a network 20 such as the Internet The server 12 performs remote communication in the application via a corresponding firewall 18, 19' between the enterprise server 12 and one or more electronic devices 16 and one or more electronic devices μ and the enterprise server 12 Communication. The enterprise server 12 can be implemented as one or more servers that contain and communicate usage policies associated with the respective electronic device 16. The employee or authorized personnel of the enterprise that owns the enterprise server 12 can use the Each of the electronic devices 16 and the enterprise server 12 includes a communication device 'for example, a transceiver that allows the enterprise server 2 and/or a plurality of 138076.doc 201028883 electronic devices. Communication between 16 . The structure and functionality of one or more electronic devices 16 will be described in more detail with reference to Figure 2. The intermediate communication device 14 can be implemented as one or more servers that accommodate one or more Multiple companies Communication, usage policies, and data protocols enable a plurality of companies (each company owning one or more enterprise servers 12) to communicate with their remote working forces via the electronic devices 16. In the application, one or more enterprise servers The data and other suitable information exchanges between the intermediate communication device 14 and the intermediate communication device 14 are provided by a communication link 15. The communication link 15 can be implemented as a wired communication link or a wireless communication link. The electronic device 16 can be a laptop, a desktop computer, a palmtop computer, a mobile communication device (eg, a cellular phone), or other suitable device, and combinations thereof. One or more of the electronic devices 16 are configured with a dedicated The firmware, referred to as platform management firmware 132 (FIG. 2), operates in conjunction with a platform management device 200 to provide authorized, secure operation of the electronic device 6 and more with a corresponding enterprise server 12. Secure communication. In application ten, communication between the one or more electronic devices 16 and the enterprise server 12 can be performed via one or more firewalls 18, 19. In some applications, it is not necessary Such firewalls 18, 19. Figure 2 is a schematic block diagram of an exemplary electronic device 16 that is configured to operate in conjunction with the platform management apparatus of the present invention. For ease of use and without limitation (4) 'The electronic device 16 is implemented as a laptop. However, the average person should understand that the electronic device 16 can be implemented as a desktop PC, a tablet PC', a handheld (four), a PDA, and wireless communication. A device (eg, a cellular phone), a printing device, or other suitable device 138076.doc 201028883, or a combination thereof. The laptop computer 16 includes at least one controller or processor 102 configured to control the lap All operations of the computer 16. The processor 102 can include an arithmetic logic unit (ALU) for performing computations, one or more registers for temporarily storing data and instructions, and a control for controlling the operation of the laptop 16. Device. In one embodiment, the sho processor 102 includes any of the x86, PentiumTM & PentiumproTM microprocessors manufactured by Intel Corporation (Intel c〇rp〇rati〇n), or by Supermicro (Advanced) Κ_6 microprocessor sold by Micro Devices. The processor 102 is not limited to a microprocessor, and may take other forms, such as a microcontroller, a digital signal processor, a dedicated hardware (such as an ASIC), and one or more microprocessors distributed across a network. The state machine or software that is executed. One of the functions performed by the processor 102 is to cause the system firmware 1 of the laptop 16 to disable the corresponding laptop when the platform management device 200 (Fig. 3) is out of range of the laptop 16. Computer 16. For example, • This can be determined by the processor 1〇2 measuring the signal strength transmitted between the connected devices. If the signal strength is below a predetermined threshold, the processor 1G2 sends a - sign to the levitator 13(), which causes the levitator to stop • operation of the base device (eg, a laptop), and transmission A signal 'to the audio device 115' causes the audio device 115 to generate three beeps that alert the user to an out of range condition. A comparable signal is sent to the platform management device fan via converter 108; thereby causing speaker 215 of platform management device 200 to provide an out of range warning. The processor 102 is coupled to a bus 138076.doc 201028883 controller 104 by a "cafe" 1G3 (4). The bus controller 1〇4 includes a memory controller 107 integrated therein. In an alternate embodiment, the memory controller is separated from the bus controller 104. The memory controller m is the system memory 1 〇 6 by the processor 102 or other device (eg, synchronous dynamic randomness). Access memory) provides an interface for access. The bus controller 1〇4 is coupled to a system bus U3, such as a peripheral component interconnect (PCI) bus, an industry standard architecture (ISA) bus, a wireless connection, or other suitable communication medium. A first transceiver 108 coupled to the system bus 113; a display controller </ RTI> operative to transmit data 117 for display on a corresponding display device 118 (e.g., a monitor or computer screen); a hard disk 114; an audio device 115 (eg, a speaker); a motion detector 116 (eg, an accelerometer); a visual indicating device 119 (eg, a light emitting diode (1^〇)); An input/output (ι/〇) controller 120 and a USB or smart card reader 埠124. The s-heavy transceiver 108 can be any suitable device capable of transmitting and receiving data and information through an applicable communication network. For example, 'the transceiver 1 〇 8 can be a USB-based communication device, or a Bluetooth-enabled device, and the Bluetooth-enabled device can provide a connection to and on a Bluetooth network. Send and receive information. The transceiver port 8 can also employ or utilize other data link connection protocols (e.g., RFID). The hard disk 114 can be any suitable non-volatile memory, such as a flash δ memory. The hard disk 114 holds a system firmware 13 (e.g., BI〇s software) or other suitable core system software for the laptop 16. The firmware 130 is responsible for initializing and configuring various hardware subsystems (eg, display 138076.doc -10. 201028883 controller 112, motion sensor 116, input/output (I/O) controller 118, or other suitable The device is either in the laptop computer 16, controlled by the computer or coupled to a series of devices of the computer) and starts the operating system (〇3) to boot the boot process. Within the system firmware 13 is a Platform Management Firmware (PMF) code 132' for communication and activation with a platform management device 200 (Fig. 3) that can be associated with the laptop 16. The functionality of the device. The functionality of the platform management device and its basic firmware will be described in more detail below. In addition, the system firmware 130 can be stored in a processor readable medium or transmitted by a computer data signal embodied in a carrier through a transmission medium or other suitable communication link. The processor readable medium can include any medium that can store or transfer information, such as an electronic circuit, a semiconductor memory device, a ROM, a flash memory, an erasable programmable ROM (EPROM), A flexible magnetic disk, a CD_R〇M, a compact disc, a fiber optic medium, a radio frequency (RF) link, or other suitable medium. The computer information signal can include any signal that can be propagated via a transmission medium (e.g., an electronic network channel, fiber optic, airborne electromagnetic, RF link, or other suitable transmission medium). The code segments can be downloaded via a computer network (e.g., the Internet 'an internal network, LAN, WAN, or other suitable network, or a combination thereof). For example, an audio module (1) can be implemented by a speaker or other suitable device capable of providing an audible warning to the user. In the application, during the unauthorized period, when the laptop is called, the coughing module 115 will become active (for example, providing a second or other second message), as will be discussed in more detail below. . The audio module ιΐ5 is also mentioned (four) 138076.doc • 11- 201028883 One of the operational states of the laptop 16 is indicated. For example, a single tone indicates that the laptop 16 is deactivated. Two beeps indicate that the laptop 16 is enabled. For example, if the laptop is initially in a sleep or hibernation state, the two beeps may occur after the laptop computer 16 receives a valid fingerprint or other biometric value. Three beeps indicate that the laptop 16 is outside the wireless range of a corresponding platform management device. A motion sensor 116 (e.g., an accelerator) is configured to determine when the laptop 16 is being moved. In an application, when the laptop 16 is moved, the motion sensor 116 sends a corresponding signal to the firmware running on the processor 102. In response to the signals, the processor 112 sends a suitable signal to the audio module 115, which causes the audio module to provide an audible signal that the laptop 16 is not being moved (eg, a click) Alternatively, in response to the motion signal provided by the motion sensor 116, the processor 1G2 sends a -apply signal to the visual indication device ι 9 (eg, an LED) that causes the LED 119 to provide the laptop w is moved by one of the visual warnings. The ι/〇 control 11118 is configured to control a plurality of input devices (eg, a mouse (2), a (four), a joystick or other peripheral input device a] and a biometric sensor 123 (eg, a fingerprint read) Pick-up), and information transfer between an applicable output device (eg, a printer (French + machine) and a phantom between the input device and the processor 102 The I/O controller 118 is also configured to provide information and information to the transceiver 108 to communicate with devices at the remote end of the laptop 16. The USB Tan 124 is configured to An external device a, &amp; 丨 置 (for example, the platform of the present invention - J2 138076.doc 201028883 management device or - standard USB memory device) receives a corresponding usb connector. In an embodiment, the USB The device 124 can also be a smart card reader. Figure 3 is a schematic block diagram of the platform management device 200 of the present invention. The platform management device 200 can be accommodated for the purpose of &lt;RTIgt;

In a housing with a footprint, the footprint corresponds to the coverage area of a standard USB device. However, all of the device housings φ of the housing components described herein are contemplated by the present invention and are within the spirit and scope of the present invention. The platform tube device 00匕3 processor or controller 202 is configured to control the device. The entire operation of 200. The processor 200 can include an ALU for performing calculations (e.g., signal strength calculation), one or more registers for temporarily storing data and instructions, and a control for the platform. The controller of the operation of the management device 2. The processor 202 is not limited to a microprocessor, but may take other forms such as a microcontroller, a digital signal processor, a dedicated hardware (for example, A&quot; Or a plurality of distributed traversing-state machines or entities executing on the microprocessor of the network. The processor 202 is coupled to the bus controller 204 by a device bus 2()3. The bus controller 2〇4 can include a corpus contained therein that is operable to provide access to the device memory 206 (e.g., step DRAM). The device 204 is connected to a device sink Row 213 (eg, - ISA bus or other suitable communication medium). Lightly coupled to the device sink 213 is a transceiver 208, - GPS signal generator 21, - speaker 138076.doc,, 201028883 or other audio device 215, a non-volatile memory 214 (eg, a non-volatile flash memory), a power supply 2丨6, a visual indicator 219 (eg, an LED), a 1/0 controller 22〇 A disable button 222, a USB connector 224, and a wireless communication controller 226. The transceiver 208 can be implemented by any suitable device capable of detecting, establishing, and transmitting and receiving data and other information via a network. For example, the transceiver 208 can be a USB-based communication device, or a Bluetooth-enabled device capable of providing a connection to a Bluetooth network. The 208 may also employ or utilize other data link routing protocols (e.g., RFID). The GPS signal generator 21A may be any suitable interrogator capable of providing a positioning signal via a network. Alternatively, the GPS signal generation Available The last known location and the location of a corresponding laptop 16 (Fig. 2) to an enterprise server for further processing and disposal. The audio device 215 can be any amp (four) or can provide an audible warning (eg ...bi sound) to other suitable devices for a user. When the basic laptop is, for example, the laptop being deployed is moved; when the platform ❹ management device 200 and the correspondingly deployed laptop When the distance between the computers exceeds the predetermined distance, an audible warning may be provided; or the user may be informed that the operation state of the device is 200. For example, when the audio device is provided with a single-. The platform management device 200 is deactivated upon completion of a sound or other suitable indication signal. For example, 'two after reading the fingerprint from the biometric reader, such as successfully. The sound indication indicates that the platform management device is enabled. The three (four) sound indicates that the distance between the platform management device 200 and the corresponding laptop or other device 338076.doc -14 - 201028883 $ device exceeds a threshold. For example, when the computer is out of the wireless range of the corresponding platform management device, the audio device 215 provides three beeps. The non-volatile memory 214 can be any suitable memory (e.g., a flash memory) that is in a low power or power-off state at the base device. (4) The content stored therein is maintained. The 疋 platform management object 232 within the non-volatile memory 214, when executed by the processor 〇2, causes the processor to add functionality to the platform management device 200. The portion of the port 232 is held in a hard disk or other non-volatile memory or other suitable device of a built-in laptop, so that the combined body modules 132, 232 are provided. The security installation and operation of the present invention. Moreover, the body 232 includes some of the moving bodies 132' of the deployed laptop to prevent operation of the deployed laptop when the platform management device is outside the transmission range. The functionality provided by the object will be described in more detail with reference to Figures 4-5. • The t-source provider 216 can be any suitable device capable of providing at least eight hours of connection time and at least seven days of standby or non-connection time. An example of such a power supply may be a clock ion (Li-ΟΝ) battery or a recorded metal chloride battery. In an alternate embodiment, the power supply W can be implemented by a rechargeable battery or similar component. For example, the visual indicator 219 can be implemented by a light emitting diode (LED) or any suitable device capable of providing a visual warning in response to a command or state of the platform management device 200. For example, a green LED indicates that a successful fingerprint reading has occurred. A red ΕΕ〇 indicates a loss 138076.doc -15- 201028883 A failed fingerprint reading has taken place. A flashing brown LED indicates that the platform management device 200 is in a low power state. Any number of additional color indicators can be presented to provide an indication of the status of the platform management device 200. The s-hai I/O controller 220 is configured to control a plurality of input devices (eg, 'deactivate button 222 and biometric reader 223, and other peripheral devices (not shown) and/or a corresponding laptop) ) The transfer of information between. The disable button 222 is used to control whether the correspondingly deployed laptop μ is deactivated and to control the operating state of the platform management device 2 . For example and §, when the disable button 222 is pressed, the corresponding laptop 16 is placed in the disabled state by 0. For example, this may be accomplished by the platform management device 2 transmitting a signal to the corresponding laptop 16 to complete the signal including causing the system firmware 13 of the laptop 16 (FIG. 2) to prevent the Commands such as basic subsystems and component operations; thereby preventing any software from being executed by the built-in laptop. In an alternate embodiment, when the disable button 222 is pressed, the system of the laptop will prevent the laptop from being turned on or resumed from a low power or interrupted state. When in a deactivated state, the Led 219 on the platform management device 2 will flash red. One: Once inactive - the authorized user will have the ability to enter a _ word to restart the deployed laptop 16. Alternatively, the user can rub his fingerprint on the biometric reader 223 to restart the built-in computer 16 . Rebooting the deployed laptop 16 from a restricted or deactivated state requires the platform management device to face the USB or corresponding port 124 (FIG. 2) of the deployed laptop 16 or In the wireless range of the computer 138076.doc •16- 201028883 type computer built in the office. When the built-in laptop is restarted, the LED 21 9 will flash green and two noises will be provided by the speaker 215. The biometric reader 223 can be any suitable fingerprint reader or corresponding biometric scanning device that is operable to communicate information about one of the user's biometrics to the processor 202 for authentication. In the application, the platform management device 200 is associated with a different user. The use of φ can be authenticated by a password or, for example, its fingerprint. In the application, the fingerprint profile of the authorized user is stored in the non-volatile episode of the platform management device. It has been hidden in 214. When a user wants to activate the management device 2, it rubs one of its fingers on the biometric reader 223. Transmitting the captured image or other required biometric data to the processor, and the controller 202 determines that the captured fingerprint information is compared with the biometric information stored in the non-volatile memory 214. The finger that is being used [information is not relevant to authorized users. If the captured biometrics match the stored biometric information, the LED 219 will flash and the user will be able to use the platform management device; thereby allowing the u user to access and Use the correspondingly built laptop 16. The other party ' ® ' right to capture the biometric information and stored biometric information matching - Hai LED 219 will flash red, and will refuse the platform management device and the corresponding built-in laptop 16 access. Referring briefly to Figure 2, any attempt to remove the 5 laptop 16 in the case where the laptop 16 is deactivated will cause the accelerometer or (d) (iv) itm to sense the movement. When the movement occurs, the accelerometer ι ΐ6 sends a corresponding signal to 138076.doc -17· 201028883, for example to the speaker 1 1 5; thereby causing the speaker to provide an audible warning such as three beeps to alert the user and The laptop 16 is moved by others in the surrounding area. In addition, the accelerometer 可6 can send a signal to! ^]) 119, causing the LED to provide a visual warning that the laptop 16 is being moved. Returning to Figure 3, the wireless communication controller 226 can be implemented as a Bluetooth, wireless USB or wireless RFID chip capable of detecting and providing a connection to one of the above-described resource links or a combination thereof. In this manner, the platform management device 200 can be coupled to a correspondingly built laptop computer via a wireless communication medium. USB connector 224 is used to provide a direct connection between the platform management device 2 and a USB port 124 (Fig. 2) on a correspondingly deployed laptop. In this manner, the platform management device 2 can be connected to a corresponding laptop by a physical communication medium.

Figure 1 is a flow chart illustrating the steps performed by the platform management device and the corresponding laptop, brain when the laptop is deployed to work in conjunction with the platform. Fabrication is the process of consuming the platform management device to a laptop computer. The deployment can be directly interconnected by the US-based management device of the platform management device, and the corresponding interconnection transceivers of the respective devices can be interconnected by the respective devices.乂佑〇: And it is done wirelessly. Regardless of the connection mechanism, perform the following steps to build 兮&quot;m 丄 408 〇 . The method begins with the steps and continues until the step in step 4〇2. The platform management device is coupled to a corresponding un-built 138076.doc -18·201028883 system. This can be done by physically connecting the platform management device to the coffee machine of the un-system or via the corresponding transceiver to the un-system. In step 4G4, a determination is made as to whether or not the laptop is deployed to the light-weighted + station management device. For example, this can be accomplished by interrogating the viewer or determining whether the platform management device and the corresponding laptop are authorized or related. If the laptop and the Xiao platform management device are deployed, the program moves to step 4〇5, which provides the platform management device with a secure connection to the laptop, which then proceeds to the laptop. Normal operation. If the laptop does not have a platform management device, the program moves to step 4-6. (d) In step 406, a specific decision is made as to whether the particular platform management of the laptop should be deployed to the laptop. For example, this can be done by requiring the user to authorize the deployment. If the installation is unauthorized, the program moves to step 4〇7. Otherwise, the program moves to φ step 408. In step 407, the platform management is configured to act as a standard job (e.g., a memory device). In this case, the non-volatile and device memory of the platform management device is for standard user storage. (4) The device will not be used for any meaning or control of the laptop. In step 408, the laptop transmits a command sequence and corresponding set of bear parameters to the management device; thereby recognizing the device and authorizing it to charge the controller of the laptop. From this point on, The integrated planar device (4) is built into the corresponding computer. At this time, the 'generating-group symmetric record is recorded and exchanged between the laptop and the platform management device to allow the security agreement to be in the 13S076.doc •19-201028883 The laptop operates between the platform management device. The keys can be AES keys having a particular width or 3DES keys having a particular width. However, any standard symmetric encryption algorithm can be used. Therefore, the laptop will only be enabled after booting by the particular platform management device. In this way, two-factor authentication will now be required to enable the laptop: interconnection with the associated platform management device And the biometric and/or password recognition by the user. Then the installation procedure is terminated. Borrowing = one of the benefits provided by using the (four) management device of the invention t, the laptop is lost When the theft, the laptop's

An authorized user will most likely have the platform management device, and the thief discoverer will own the laptop. For example, if all are authorized; by pressing the button-applicable combination request, the management device will connect with one of the user's cellular phones via the cellular data. SM: transmit the knee The last known location of the laptop. For example, &quot; a transceiver that can be managed by the platform (4) the user's cellular language

Connect to Bluetooth or other suitable network to connect to the cellular phone: Complete. Or 'the user can plug the platform (4) device into any computer device to execute and execute the program in the material memory to transfer the location data to the location (for example, a company operated by the user) The operation - the server). Another feature that can be implemented by the platform management device on the deployed laptop is to force the laptop into a human-standby mode. This can be seen from the back of the New Energy Road. This is the laptop that was built by the group. 138076.doc -20· 201028883 Enter the aforementioned power-saving bear with the button when the button is executed by the laptop. The computer and corresponding parameters of the office. The communication between the laptop and the platform management device will be described. The built-in laptop μ ^ . . The transceivers of these ten management devices are used: 贤 贤 链路 link agreement (for example, Bluetooth, delete, r

Intercommunication: And communicate with the - enterprise server. Some of these agreements are often available for contact or for use in the range of materials. Other agreements (eg, Bluetooth) require explicit pairing that can be performed, deployed, and two. The above has been detailed with reference to Figure 4 for the brain and the platform management = when the laptop is built The transceiver of the electrical, σ s device performs a secure input at the top of the data link to ensure that the transport obtains a higher order protocol message and

. When the deactivation button is pressed, the debit function is determined by the configuration of the platform management device during the deployment process, and the encryption message is executed after the execution of the higher-order agreement message. . Then the solution, the cow case. Encryption can be performed by or using any general purpose symmetric algorithm. The key (e.g., shared key 4〇8 (Fig. 4)) is changed by the parent during deployment and can be updated after multiple messages are exchanged. The agreement is (but not limited to) the information described in the following table. ~3 138076.doc -21 - 201028883 &lt;seq&gt; EXCHANGE -KEY &lt;key-width&gt; <key data &gt; Seq is the command serial number. Propose a new password for encryption. &lt;seq&gt; KEY-CONFIRMED &lt;key-width&gt;&lt;key-data&gt; Confirm previous command &lt;seq&gt; DISABLE to disable the electronic device (for example, laptop ~~~ &lt;seq&gt; DISABLE-CONFIRMED Confirm previous command ~~~ ' &lt;seq&gt; ENABLE Enables the electronic device (for example, laptop &lt;seq&gt; ENABLE-CONFIRMED confirms the previous command ~~一' &lt;seq&gt; TRANSFER-FIRMWARE &lt;size&gt;&lt;firmware bytes&gt; <size> bit] '~~ &lt;seq&gt; TRANSFER-CONFIRMED Confirm previous command &lt;seq&gt; TRANSFER FAILED Negative previous command ------

In addition, the platform management device supports an all-USB protocol and, as discussed above, can be implemented as a large-capacity storage USB device depending on whether the platform management device is authorized to be deployed to a particular laptop. The foregoing detailed description of the invention has been provided for purposes of illustration and description. Although the present invention has been described with reference to the preferred embodiments of the present invention, it is understood that the invention is not limited by the And modification. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic block diagram of a network structure in which one or more remote electronic devices are configured with the platform management device of the present invention; FIG. 2 is a schematic block diagram of an electronic device. The electronic device is operated by the group bearer in conjunction with the platform management device of the present invention; FIG. 3 is a schematic block diagram of a platform management device of the present invention; and 138076.doc • 22· 201028883 FIG. 4 is a flowchart illustrating The steps performed by the platform management device and a corresponding electronic device when such a device is deployed. [Main component symbol description]

10 Network structure 12 Enterprise server 14 Intermediate communication device 15 Communication link 16 Electronic device 18 Firewall 19 Firewall 20 Network 102 Processor 103 CPU bus bar 104 Bus controller 106 System memory 107 Memory controller 108 Transceiver 112 Display Controller 113 System Bus 114 Hard Disk 115 Audio Device 116 Motion 117 Data 118 Display Device 119 Visual Indicator Device 138076.doc -23- 201028883 120 Input/Output (I/O) Controller 121 Mouse 122 Peripheral input device 123 Biometric sensor 124 USB or smart card reader 埠 130 System firmware 132 Combined firmware module 200 Platform management device 202 Processor 203 Device bus bar 204 Bus bar controller 206 Device memory 208 Transceiver 210 GPS signal generator 213 device bus 214 non-volatile memory 215 speaker / audio device 216 power supply 219 visual indicator 220 I / O controller 222 disable button 223 biometric reader 224 USB connector 226 Wireless Communication Controller 232 Combined Firmware Module 138076.doc •twenty four-

Claims (1)

201028883 VII. Patent application scope: 1. A platform management device, comprising: a processor; and a memory coupled to the processor, the memory retaining an instruction 'when the processor executes the instructions Causing the processor to: establish a connection with a corresponding electronic device; transmit operational parameters to the corresponding electronic device such that the controllable pair Access and operation of the electronic device. The platform management device of claim 1, further comprising a biometric s seller. The biometric reader is operative to authenticate a user. 3' The platform management device of claim 2, further comprising an audio device operable to provide an audible alert when the user has not authenticated. 4. The platform management device of claim 2, further comprising a visual indication X visual deductor operable to provide a visual warning when the user has not authenticated. The platform management device of claim 1, wherein the operating parameter transmitted to the corresponding electronic body comprises a disable command, wherein the electronic device 3 causes the electronic device to be placed in a disabled state. 6. As requested in platform 5, s. &amp; device, where the deactivated state is disabled by the -monitor. Standby, low power, keyboard deactivation 2 7. If the platform management device of the item 1 is required, the I and 曰々 are executed by the processor, and the execution is further prompted by the processor. A disable signal is transmitted when the distance from a deployed electronic device exceeds a predetermined threshold by the platform management device j 138076.doc 201028883. 138076.doc -2-