ABSTRACT

Intel introduced its new Anti-Theft technology for the mobile computers. In the event of theft, the technology will "basically lock the system, lock the disk, so people cannot be maliciously using and getting the data. According to the company, the technology will be able to disable system from working, disable data access and protect hard disk drive (by encrypting all the data). The technology focuses on asset recovery, theft management and data protection and will arrive in laptops very soon with Intel Core vPro processors at the end of 2011. This hardware-based technology provides compelling tamper-resistance and increased protection to extend your security capabilities and minimize your business risk. Anytime, Anywhere you need

1 | INTELS ANTI THEFT TECH.

Introduction
Intel IT recently completed a technology evaluation of Intel Anti-Theft Technology (Intel AT), available on laptops PCs with 2010 Intel Core vPro processors. Intel ATs flexible policy engine lets you specify the detection mechanism that asserts theft mode, the thresholds for timer intervals, and the action(s) to take. Because the technology is built into laptop hardware, Intel AT provides local, tamper-resistant, policybased protection that works even if the OS is reimaged, the boot order is changed, a new hard drive is installed, or the laptop is disconnected from the network. When the laptop is recovered, you can reactivate it quickly and easily using your choice of methods Intel AT enhances security solutions as Follows:-

Fig A: Intel AT enhances security solutions

2 | INTELS ANTI THEFT TECH.

1].What is Anti theft technology ????

Intel AT is a hardware based technology that can help detect theft and disable a laptop if it is lost or stolen. This protects valuable enterprise data and intellectual property as well as the hardware itself. Additionally, Intel AT adds value to full-disk encryption by protecting data even if the encryption keys are compromised. Intel worked with their encryption supplier during the development of Intel AT to help define the features required for enterprise use.In Intels evaluation they worked with the Intel AT product group and their encryption supplier to test features over their wireless LAN (WLAN), LAN, and virtual private network (VPN), based on a possible enterprise use case in which a service Desk technician disables a stolen laptop. The result of Intels evaluation indicates that Intel AT will improve their ability to protect company-owned laptops as well as data and intellectual property. We plan the same features over a mobile 3G network in the near future. A local and remote detection mechanism Intel AT includes several hardware-based detection mechanisms that can trigger a lock down. Detection mechanisms can be local (based on IT policy) or remote (via LAN, WLAN, or 3G connectivity).Hardware-based detection and trigger mechanisms (all configurable by flexible IT policies) includes-: Excessive login attempts in the pre-boot authentication (PBA) screen. The PC can automatically trigger a lock down and prevent access to data if someone tries to log in too many times unsuccessfully. Missed check-ins with the central server. If multiple check-ins are missed, a local hardware-based timer expires, and the laptop immediately goes into theft mode, even if the system is not connected to the Internet. Notification via a message sent over an IP-based wired or wireless LAN.The next time the laptop connects to the central server, it can receive an encrypted message (the poison pill) to go into theft mode. (Note: the central server can be hosted on the Internet to allow communication with laptops outside the corporate firewall.) Notification via an encrypted SMS text message over a 3Gnetwork For this option, the laptop does not need to be connected to the Internet, but it must be within range of a 3G network. This feature works even if the OS is not running or

3 | INTELS ANTI THEFT TECH.

has been re-installed, thanks to a hardware-to-hardware link between the 3G card and the Intel AT system.2 Resume from standby. IT administrators can now tighten the security of a laptop upon resume from standby (S3 sleep) state: If the Windows* login is not completed in a short period of time (as defined by IT), the user must re-enter the encryption login credentials before being allowed access to the PC. This feature closes a traditional vulnerability in data protection of PCs and is available on PCs with the 2nd generation Intel Core i5 vPro and Core i7 vPro processors. Flexible IT-specified responses Intel AT provides flexible options for automated loss/theft responses. Depending on the mechanism, the response can be activated locally and automatically, or remotely by IT. Disable access to encrypted data. Delete essential elements of cryptographic materials that are required to access encrypted data on the hard drive. Disable the laptop (poison pill). Block the boot process through the laptops hardware. This response works even if the boot order is changed, the hard drive is replaced or reformatted, or other boot devices (for example, a secondary hard drive, removable drive, CD, DVD, or USB key) are tried. Location beaconing over a 3Gnetwork. This is possible after the PC has been disabled, thanks to a direct hardware link between the 3G module and Intel AT (no OS dependency.) Customizable lost-and-found message. This message is displayed after the laptop enters theft mode. For example, a lost-and-found message could say, This laptop has been reported missing. Please call 1-555.666.777 to return the system.IT can combine responses to provide different levels of lock down for different users.

1.1] Its not your PC, its your business. Lock it tight.
Laptops powered by the 2010 Intel Core processor family and enabled with Intel Anti-Theft Technology1 are so smart they can disable themselves if they are lost or stolen. Because the technology is built into PC hardware, Intel Anti-Theft Technology1 (Intel AT) provides local, tamper-resistant protection that works even if the OS is reimaged, the boot order is changed, a new hard-drive is installed, or the laptop is disconnected from the network.
4 | INTELS ANTI THEFT TECH.

Detects suspicious behavior, such as excessive login attempts or failure to connect to the theft-monitoring server at regular intervals, and triggers theft mode. You determine the monitoring intervals to fit your companys needs.

Locks down stolen or lost laptops at the hardware level without harming your software. Deletes essential cryptographic material2 from system hardware in order to disable access to encrypted data stored on the hard drive, even if data encryption credentials are compromised.

Displays a customized warning message to aid in laptop recovery. Easily and quickly reactivates your PC, software and data when the laptop is recovere

2].Need of

Intel Anti-Theft Technology

Data breaches continue to increase in number and cost Businesses have access to many robust security solutions. These include anti-virus applications, intrusion prevention systems (IPSs) and intrusion detection applications, as well as encryption, data loss prevention (DLP) solutions, and authentication applications (identity and access management solutions). Yet, with all the security applications and approaches available today, companies are still vulnerable to data loss and theft. In fact, according to a 2010 Ponemon Institute benchmark study, the average laptop has about a 7 percent chance of being lost or stolen.1 Businesses are struggling not only to protect sensitive data, but also to prove compliance with increased security regulations in both Europe and North America. With less investment, its easier to break through security and commit data breaches which includes:- An increasingly mobile workforce. As users become more mobile, laptopsand their dataare more exposed to loss and theft. For example, health-care workers are often mobile, not just within hospitals and health-care centers, but between campuses. Other vulnerable groups include consultants, financial advisors, sales and marketing users, construction engineers, and other workers who travel between job sites Laptops are often shared in environments such as data centers, schools, and customer service centers. Sharing laptops among many users not only makes sensitive data more vulnerable to loss or theft, but it also puts data at greater risk of unauthorized access.
5 | INTELS ANTI THEFT TECH.

Bulk shipments of laptops. The military, government agencies, and educational organizations are particularly vulnerable to laptop theft during transport. Expensive assets. Customized telecommunications laptops for field technicians, for example, are particularly tempting to thieves. As a result, their sensitive data are at greater risk of exposure.

Security applications installed at the OS or BIOS level. These can be robust solutions, but are at risk of being circumvented or disabled. Security credentials are often stored in software. This makes them vulnerable to attacks aimed at gaining access to applications and data. Data breach costs are still rising Companies face both direct and indirect costs in the aftermath of a data breach: Stiffer fines, more post-incident requirements, and higher post-incident costs. For example, the average organizational cost of a data breach increased to USD 6.75M in 2009.1

Loss of intellectual property. 71 percent of laptop thefts result in a data breach, exposing not only client and consumer data but proprietary data as well Legal costs of investigation, notification, and resolution of the incident. Last years average per-victim cost was USD 204, an increase of USD 2 per customer record compared to similar costs in 2008.1

Credit monitoring. A company may need to provide costly credit monitoring for individuals who could be affected by the data breach. Damage to the brand. Loss of public and investor confidence, business opportunities, and revenue that result from a companys damaged reputation is responsible for USD 144 (70 percent) of the USD 204 average cost of a compromised record

6 | INTELS ANTI THEFT TECH.

3]. A layered approach to security, including hardware-based Intel Anti Theft Technolgy (Intel AT)
Security is installed at the OS level, integrated in BIOS and firmware, and also designed into hardware. This layered approach helps businesses manage and mitigate risk and improve compliance with new regulations Rapid local or remote policy-based detection and response Security vendors are taking advantage of local and remote tamper-resistant triggers that can detect a suspicious condition: Excessive login attempts (local). Multiple failed login attempts in a pre-boot authentication (PBA) screen. PBA login timer expires (local). If the user does not log into the PBA screen successfully within the IT-specified time frame, the laptop enters theft mode Rendezvous timer expires (local). A local, hardware-based timer expires if the laptop does not check in with the central server within an IT-specified interval of time. This feature is a local trigger implemented in hardware; it works regardless of network connectivity Notification from server (remote)via IP-based network. A flag set in the central server triggers a poison pill, which is sent to the laptop via a wired or wireless LAN the next time the system checks in Notification from server (remote) via 3G-based network. IT administrators can automatically or manually send a poison pill via an encrypted SMS text message over a 3G network.5 This allows IT administrators to remotely and rapidly trigger a lock down even without LAN/WLAN-based connectivity PC tampering (local). A lock down can be triggered when Intel AT detects changes in the firmware of the laptop or removal of the CMOS battery. These flexible responses allow IT to specify the conditions that determine a lock down or trigger the disabling of encryption credentials. Laptops themselves can now

7 | INTELS ANTI THEFT TECH.

Figure 1. A layered approach to protect assets and sensitive data on laptops.

8 | INTELS ANTI THEFT TECH.

4].Features of ATT:New in Intel Anti-Theft Technology (Intel AT): Protection for decrypted data after resume from S3 sleep state One of the traditional vulnerabilities of encryption on laptops occurs when a laptop resumes from standby (S3) sleep state. Files that were decrypted before the system entered sleep state remain decrypted when the system wakes. The decrypted data can be easily accessed by thieves, and even by unauthorized users who simply lift the lid of the laptop to steal the data. Access is allowed because, upon resume from S3, a traditional laptop bypasses the pre-OS authentication screen for the encryption application. Intel Anti-Theft Technology (Intel AT) closes that window of vulnerability and enforces pre-OS encryption by requiring that the user re-authenticate when the system resumes from S3. The user must enter his or her credentials within a predefined period of time before regaining access to the decrypted files. This feature is available on laptops with 2nd generation Intel Core processors 4.1 Data Access Disable:a) Protect encrypted data from unauthorized access. b) Secure hardware environments through software-based encryption keys placed in escrow instead of on the hard disk. c) Protect PCs with tamper-resistant hardware. 4.2 PC Disable:a) Minimize sensitive data being accessed or stolen. b) Disable the PC locally or remotely. c) Intel Anti-Theft Technology can assist as a theft deterrence tool since the PC becomes inoperable, thereby unattractive to steal. 4.3 Notification via message a) sent over an IP-based wired or wireless LAN. b) The next time the laptop connects to the central server, it can receive an encrypted message (the poison pill) to go into theft mode

9 | INTELS ANTI THEFT TECH.

4.3 Reactivation:Restore notebooks to full functionality without compromising local security features for data or PC disable access.: Intel AT includes several mechanisms for easy, rapid reactivation of a recovered laptop, including integration with existing software vendors pre-boot login modules Local passphrase entered by the user or by IT in a special pre-OS reactivation screen (via BIOS or a PBA module) One-time reactivation code generated by IT or by the users service provider, and entered in a special pre-OS reactivation screen or PBA 3Gencrypted SMS message sent from IT to the laptop makes it easy to reactivate the laptop; the user does not have to enter anything once confirmed as the rightful owner.

Whichever method is chosen, reactivation returns the laptop to full functionality in a simple and quick manner, without compromising sensitive data or the systems security features.

10 | INTELS ANTI THEFT TECH.

5].How it ATT works?

Intel AT includes two programmable hardware-based timers to help identify an unauthorized access to the system: a disable timer and an unlock timer. Using these programmable timers, Intel AT can detect potential loss or theft situations shifts, into theft mode and then respond according to configured IT policy. In our evaluation, we worked with the Intel AT product group and our encryption supplier to test features over our wireless LAN (WLAN), LAN, and virtual private network (VPN), based on a possible enterprise use case in which a Service Desk technician disables a stolen laptop .

11 | INTELS ANTI THEFT TECH.

Fig B:screen shot of database from intel server The results of our evaluation indicate that Intel AT will improve our ability to protect company-owned laptops as well as data and intellectual property. We plan to test the same features over a mobile 3G network in the near future.

Figure 1. Intel Anti-Theft Technology (Intel AT) can help detect theft and disable a laptop if it is lost or stolen. THEFT DETECTION When users report that a laptop has been stolen, Service Desk technicians can send a remote theft alert to the laptop that disables it. Intel AT can also use programmable triggers to detect suspicious behavior and disable a laptop locally. Intel AT works in three ways: User-reported theft. If the laptop owner contacts the Service Desk, a technician an send a poison pill to disable the laptop. The poison pill, served in the form of an encrypted Short Message Service (SMS) text message, can be delivered over a LAN, WLAN, or 3G network. Tamper detection using the local grace timer. In the event of suspicious activity, such as excessive attempts to log on to the network or a longer-than-usual amount of elapsed time before credentials are entered, the laptop disables itself using its programmable grace timer.
12 | INTELS ANTI THEFT TECH.

Tamper detection using the local rendezvous timer. If the laptop does not log on to the network within a period of time set by policy, such as daily, it disables itself using the programmable local rendezvous timer.

Figure 2. Intel Anti-Theft Technology allows Service Desk technicians to set flexible, policy-based responses to laptop theft.

5.1].Local, hardware based detection and trigger based technology include:

5.1 Excessive login attempts the system is disabled after an IT determined number of login failures in the pre-operating system screen. 5. 2 Time frame login requirement The system is disabled if the software agents does not log into central server by a specific time/date. 5.3 Notification from central sever if IT flags the notebook in the central server database, the next time that notebook software agent logs into the network, the notebook synchronizes with the central server and after receiving the servers notification, performs IT defined policy based actions. 6].Poison pill responses:There are several the poison pill responses to theft mode, the responses are flexible and can be programmed to the following:

13 | INTELS ANTI THEFT TECH.

a) Disable access to the data, by deleting components of software-based encryption keys and other cryptographic credentials required to access the encrypted data on the HDD. b) Disable the PC by blocking the boot process, even if the hard drive is replaced or reformatted. c) Disable both the PC and access to the Intel AT data storage area. 6.1. Exclusive login attempts can trigger poison pills for PC disable:a) Disable a PC after exclusive login attempts can be an effective way to prevent loss of encrypted data. For example the engineers notebook and wallet might be stolen from an airport. The thief might try to log in using information from the engineer's wallet, but based on T policy-- after three login attempts, the Intel Anti Theft trigger is tripped, and the system locks down. b) If an encryption software vendor has provided this feature, encryption keys for encrypted data (or software components that are needed to access these keys) can be erased from the hard drive and thereby disabling the PC. In this case even if the thief removes the hard drive and installs it on another device, the security credentials that provides access to encrypted data on the hard drive can be erased or disabled and the data cannot be stolen. Until reactivated by the authorized user or IT, the PC will not boot and the encrypted data cannot be accessed. 6.2.Server login attempts can trigger position pills for PC Disable:In another example, the research scientists notebook might contain highly sensitive data about a new invention. In this case , IT has defined the triggers on the scientists notebook to require the notebook to log in daily. During a family event, the scientist takes time off and does not login for two days. Based on locally stored policy for the login timeframe, the notebook enters Theft Mode , disable itself (and erases the encryption keys for encrypted data on the hard drive, if an encryption software vendor has provided this feature). Even if the notebook is removed from the lab while the user is away, the notebook has secured itself until the scientist returns and reactivates the system.

14 | INTELS ANTI THEFT TECH.

Figure 1. Intel Anti-Theft Technology (Intel AT) can help detect theft and disable a laptop if it is lost or stolen.

7]. How Intel AT disables your notebook

a) Intel AT locks the Intel chipset, which prevents the notebook from booting into any services, programs, or operating systems, even if the hard drive is replaced or reformatted. The only thing shown on the display when the notebook is powered on is a message indicating that the notebook is disabled. b) Intel AT also disables access to encrypted data on the hard drive by deleting the key cryptographic files required to access the data.If the hard drive is removed and installed in a different computer, the data remains intact and secure because the cryptographic key has been removed from the hard drive. c) When the notebook is recovered, it can be restored to the state it was in before being disabled by Intel AT.

15 | INTELS ANTI THEFT TECH.

8].How Intel AT saves your notebook----

To help recover a disabled notebook, you can display a custom message when it is turned on. For example, you could display, "This notebook has been reported missing. Please call 1-800-555-1234 to return the system and receive a reward."

16 | INTELS ANTI THEFT TECH.

Figure 2 Custom Disabled PC message using Intel AT

Once recovered, a disabled notebook can be returned to full functionality with:

a)

A password Your password for logging into and restoring a disabled device is created when you configure Intel AT. To restore a disabled notebook with your password, select

b)

User Password in the Intel AT message screen, then enter the password when prompted. A reactivation code A unique reactivation code is required for logging into and restoring a disabled device that is managed by an IT department or service provider. To restore a disabled notebook with a reactivation code, select Code provided by administrator in the Intel AT message screen. then enter the code when prompted.

c)

17 | INTELS ANTI THEFT TECH.

d)

Detection Mechanism:- When user report that a laptop has been stolen, Service Desk technicians can send a remote theft alert to the laptop that disables it. Intel AT can

9].Intel AT works in three ways:a) User Reported Theft:-If the laptop owner contacts the Service Desk, a technician sends a poison pill to disable the laptop. The poison pill, served in the form of an encrypted Short Message Service (SMS) text message, can be delivered over a LAN, WLAN or 3G network.

b) Tamper detection using the local grace timer:-In the event of suspicious activity, such as excessive attempts to log on to the network or a longer than usual amount of elapsed time before credentials are entered, the laptop disables itself using its programmable grace timer.

c) Tamper detection using the local rendezvous timer:-If the laptop does not log on to the network within a period of time set by policy, such as daily, it disables itself using the programmable local rendezvous timer. d) Intel AT can block the OS from loading,- even if the hard drive is replaced or reformatted. Intel AT can also be used to disable the access to data encryption keys and block access to valuable data on the hard drive, even if the drive is moved to a different system.

10.]System Recovery:10.1 Easy Restoration:- A disabled laptop can display a customizable recovery message with contact information to help return the laptop to its rightful owner. Once the laptop is back in its owners hands, it can be restored without damage to the hardware or data by using one of two techniques as follows: 10.2 Local Passphrase:-Users set a strong passphrase in advance, to be used in a special prelogon screen. 10.3 Recovery Token:- A Service Desk technician generates a single-use alphanumeric key and provides it to the user.
18 | INTELS ANTI THEFT TECH.

11].Computrac LOJACK software:

when your laptop is stolen, you can feel powerless. But you dont have to. LoJack for Laptops by Absolute Software is a computer theft recovery service with remote device and data security features. If your laptop is stolen or missing, youve got the power to remotely block access to it and the personal data it contains, while our dedicated Theft Recovery Team works to recover it for you. The technology behind Absolute Softwares products is the Computrace Agent, a small software client that is embedded into the BIOS firmware of most computers at the factory. Or you can easily install yourself.

19 | INTELS ANTI THEFT TECH.

The Agent in your computer maintains daily contact with the Absolute Monitoring Center. If you report your computer stolen, Agent contact will increase to every 15 minutes. Increased contact allows us to obtain specific details like the physical location of your computer, any activity that has occurred post-theft, and other important data that will aid us in working with local law enforcement to catch the thief and return your property to you. Regardless of recovery status, you can remotely delete data to remove some or all of the information stored on your computer so that it doesn't fall into the wrong hands. This could include files and applications containing personal photos, internet bookmarks, browser cookies, financial information, and stored passwords. Everything an identity thief would need to steal your identity.

12].Computrance with intel anti theft technology

Computrace immediately gave us visibility into our laptop population. We can see where thelaptop is, who is logging in and what software is installed. It also allows us to verify that thelaptops encryption is up to our standard which is key for regulatory compliance. It has taken us from 30% IT asset auditing capability to well over 95% on computers that are outside our facilities.

11.1] IT ASSET MANAGMENT, DATA PROTECTION ,THEFT

RECOVRY
Computer security is not an option its a necessity. Now, more than ever, organizations must accurately track and protect their computers, and prevent sensitive data from falling into the wrong hands. Computrace technology, when combined with Intel Anti-Theft (AT) capabilities, provides Absolute customers with the best possible means to protect their computers, secure their data, and minimize the financial, legal and regulatory risks of lost or stolen machines. A Powerful Set of Options With Computrace, you can easily identify computers that have gone missing or receive alerts so you can proactively investigate suspicious behavior. If security measures are desired, instructions can be sent from the Absolute Customer Center.

20 | INTELS ANTI THEFT TECH.

Intel AT provides an added layer of security to computers already protected by Computrace, allowing you to remotely disable a machine and render it virtually useless to unauthorized users. Together, these solutions provide a powerful set of options when responding to loss, theft or suspicious circumstance, and offer an enhanced level of protection even when the hard disk is encrypted, the PC is off, or the operating system is down. Intel AT Automatic Disable Intelligently disable computers that fail to check in to the Absolute Monitoring Center within a pre-defined time period. Secure assets and data even if theft is not immediately recognized Send a poison pill Remotely lock down a compromised notebook and prevent the OS from booting. Use real-time technology to invoke the Intel AT lock almost immediately.1 Disable regardless of physical location, internet connection, or if device is turned on A computer that is locked with Intel AT technology can be easily reactivated once security is reestablished. Unmatched Protection If your computers are Intel AT enabled and youve activated our Computrace Agent, your computers are now protected with the most reliable and tamper-resistant combination of technologies available today. For a complete list of computers that support Intel Anti-Theft Asset Management Manage computers and smartphones (regardless if a device is on or off the company network). Monitor changes in asset information including user identification, physical location, and the installation of software/hardware that may not comply with company regulations. Data & Device Security Remotely delete sensitive data on missing computers and produce an audit log of the deleted files to prove compliance with government and corporate regulations. Use the Device Freeze feature to freeze a computer. Once frozen, display a custom message to the user encouraging them to comply with specific requests for action (return for servicing, validate user identity, etc.).

21 | INTELS ANTI THEFT TECH.

 Geotechnology Use GPS or Wi-Fi technology to track your assets on an internet map. You will be able to see current and historical locations within about 33 feet. Computrace products that include Geofencing allow you to build pre-defined areas (geofences) and apply rules with alerts if a condition occurs for instance if a device remains outside a boundary beyond a set measure of time. If the physical location of a device contravenes the rule you will be alerted so you can investigate and determine if further action is required. Theft Recovery At our customers request, the Absolute Theft Recovery team will forensically mine a stolen computer over the internet using a variety of procedures including key captures, registry and file scanning, geolocation, and other investigative techniques to determine who has the computer and what theyre doing with it. Most importantly, we will use our technology to pinpoint the physical location of the computer and work closely with local law enforcement to recover it.

22 | INTELS ANTI THEFT TECH.

13].New Intel AT features take advantage of 3G networks

Intel Anti-Theft Technology (Intel AT), IT administrators can now use encrypted SMS messages over a 3G networkto send a poison pill, remotely unlock a recovered laptop quickly, or direct the system to send location information(GPS coordinates) back to the central server: Poison pill delivery via an encrypted SMS message over a 3Gnetwork. 3G connections can occur regardless of the state of the OS, via a direct hardware link between Intel AT and the 3G module. Remote unlock via an encrypted SMS message over a 3Gnetwork. This lets IT reactivate the laptop within minutes of recovering the PC. Location beaconing. Intel AT can now transmit latitude and longitude (using GPS coordinates) to the central server if the system is equipped with a supported 3G module.2 IT administrators can specify automated beaconing at regular intervals or location information on request when the laptop is marked as lost or stolen. To take advantage of 3G-based communication, the laptop does not need to be connected to the Internet, but it must be within range of a 3G network.

23 | INTELS ANTI THEFT TECH.

13].ADVANTAGES & DISADVANTAGES

Advantages of A T T:The following are some of the benefits of Intel AT:
1)

Deter theft Remove the temptation to steal a notebook which will soon stop functioning. Guard data assets Protect data on the hard drive by preventing the operating system from loading and disabling access to data encryption. Customize detection/reaction Control how and when the notebook detects it has been stolen, and what actions are taken. Restore operation easily Reactivate a locked notebook quickly with no damage to its hardware or data. Personalize a recovery message Display a personalized "Good Samaritan" recovery message on the notebook screen to aid in recovery. Rely on trusted partners Subscribe to a software security service to utilize all

2)

3)

4)

5)

6)

Disadvantage of A T TThe following are some of the disadvantages of Intel AT: a. Costly b. Battery cosuption is more c. Requires internet connection for device tracking d. Arrive in market at end of 2011 e. Help of local police is required

24 | INTELS ANTI THEFT TECH.

14.]Defining Intel AT Requirements

In December 2008, they began working with the Intel AT product group to help define and evaluate Intel AT. In 2009, the product group asked us to work with our encryption supplier to help define an architecture that might make Intel AT more valuable in an enterprise environment. They worked with the supplier in a series of face-to-face planning meetings to define enterprise-level requirements and features. These meetings focused on topics such as: How and where an Intel AT console would fit in the enterprise network. Security requirements associated with access controls and event logging. Enterprise requirements, including scalability, so that Intel AT meets the needs of as many clients as possible. A hierarchical management interface for establishing policy and for reporting.

15]Business Challenge
Each year, 2 million laptop PCs are stolen, and 97 percent of these are never recovered.1 This represents a huge risk to enterprises in terms of lost hardware and, more importantly, lost data and intellectual property. Intel IT is responsible for investigating potential impacts on the enterprise of all lost and stolen company-owned PCs. We investigate tools and practices that help avoid these risks, and we are interested in assessing Intel AT toward this end.

15.1]SYSTEM REQUIREMENT
Intel AT is available on laptop PCs with 2012 Intel Core vPro processors

15.2]Technology Evaluation
Working with the product group and our encryption supplier, we tested various features of Intel AT on our WLAN, LAN, and VPN. We also brainstormed additional use cases, such as investigations support, and discussed the potential integration of Intel AT with other enterprise security capabilities.

25 | INTELS ANTI THEFT TECH.

Our evaluation was based on a theoretical use case in which a user calls the Service Desk and reports the laptop stolen. In response, the Service Desk technician sends a poison pill from the IT management console. The poison pill disables access to the encryption keys by deleting a critical encryption key stored on the chipset. We also tested reactivating a disabled laptop using both a local passphrase and a remote recovery token to restore access to the encryption keys.

TEST SETUP AND CONFIGURATION

We successfully activated, configured, and enrolled Intel AT on multiple systems. Activation. We first made sure that each test laptop had the appropriate level of BIOS. Then we enabled Intel AT in the BIOS using a couple of configuration switches FEATURE EVALUATION SUMMARY We successfully tested the key features of Intel AT. Poison pill. We simulated a stolen laptop in order to trigger various Intel AT behaviors. We sent an encrypted SMS message to the stolen laptop to disable it. Local grace timer. We simulated a user taking too long to enter credentials, after which time the laptop disabled itself as expected. Local rendezvous timer. We simulated a user not logging on within a specified period of time, which disabled the laptop. Local passphrase. We used a local passphrase for self-recovery after an expired grace timer and a missed rendezvous timer. Recovery token. We simulated finding a lost or stolen laptop and sending the recovery token to the laptop to restore the data and platform to its original state. tested the ability to set flexible anti-theft policies from the test console by switching policy settings for the grace and rendezvous timers, as shown in Figure 2. For example, once a laptop is marked stolen, responses can include: Disable access to encrypted data by deleting a critical encryption key stored on the chipset. Disable the laptop entirely by blocking the boot process. Disable both the laptop and the data

26 | INTELS ANTI THEFT TECH.

14.]Conclusion:Intel ITs collaboration with the Intel AT product team and encryption supplier was important in defining Intel AT. This product has the potential to improve our intellectual property. While hard-drive encryption is a valuable approach to data security, the ability of Intel AT to further make the encryption keys inaccessible extends the value of encryption. With Intel AT, encryption keys can be deleted remotelyand automatically. Without the encryption keys there is no way an unauthorized user can access the data. Even more importantly, unlike software-based anti theft solutions, Intel AT is hardware-based and enables the encryption keys to be restored in the event that the platform is recovered.

27 | INTELS ANTI THEFT TECH.

15].Reference:1) www.google.com 2) www.intel.com 3) Amezon.com 4) Wikipedia.com 5) Tachikawa, K. NTT DoCoMo, Inc., A perspective on the evolution of anti theft device IEEE Communications Magazine, Oct 2003

28 | INTELS ANTI THEFT TECH.

29 | INTELS ANTI THEFT TECH.