Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: Multiple binary images stored in the firmware of an electronic device are written to the device's configuration tables during booting of the device, where one of the binary images is a manager binary. During booting, the manager binary is saved to the file system of the operating system such that it automatically executes upon completion of booting. The manager binary then saves the other binary images to the OS file system, such that they also execute automatically.

Abstract: Multiple binary images stored in the firmware of an electronic device are written to the device's configuration tables during booting of the device, where one of the binary images is a manager binary. During booting, the manager binary is saved to the file system of the operating system such that it automatically executes upon completion of booting. The manager binary then saves the other binary images to the OS file system, such that they also execute automatically.

Abstract: A mailbox mechanism is used for communication of secure messages from a server to the firmware of a device. Mailbox content provided by the server is authenticated in a driver execution environment of the device, using reboots across the communication sessions, and then stored in secure storage. The communication sessions include first receiving a signed server key, and then receiving a message from the server that is based on a hash of a nonce generated by the device.

Abstract: A utility to determine identity of an electronic device electronically, by running a device attribute collection application that collects key data points of the electronic devices and a device identification application that uses these key data points to link the electronic device to a specific owner or entity. Data points of the device may change over time for reasons such as reconfiguration, repair or normal daily use. The device identification application intelligently and consistently tracks changes in key data points associated with the device, even if the data points change over its lifecycle. The device may be identified remotely with the device identification application (e.g., in the event of theft or loss of the device) based on the collected data points. The device identification application may be deployed in conjunction with services that may include asset tracking, asset recovery, data delete, software deployment, etc.

Abstract: A utility to determine identity of an electronic device electronically, by running a device attribute collection application that collects key data points of the electronic devices and a device identification application that uses these key data points to link the electronic device to a specific owner or entity. Data points of the device may change over time for reasons such as reconfiguration, repair or normal daily use. The device identification application intelligently and consistently tracks changes in key data points associated with the device, even if the data points change over its lifecycle. The device may be identified remotely with the device identification application (e.g., in the event of theft or loss of the device) based on the collected data points. The device identification application may be deployed in conjunction with services that may include asset tracking, asset recovery, data delete, software deployment, etc.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: A tamper resistant software Agent for enabling, supporting and/or providing various services (e.g., tracking assets; data delete and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. In another aspect, the servicing functions that the Agent performs can be controlled by a remote server, by combining generic sub-function calls available in the Agent.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: A tamper resistant servicing Agent for providing various services (e.g., data delete, firewall protection, data encryption, location tracking, message notification, and updating software) comprises multiple functional modules, including a loader module (CLM) that loads and gains control during POST, independent of the OS, an Adaptive Installer Module (AIM), and a Communications Driver Agent (CDA). Once control is handed to the CLM, it loads the AIM, which in turn locates, validates, decompresses and adapts the CDA for the detected OS environment. The CDA exists in two forms, a mini CDA that determines whether a full or current CDA is located somewhere on the device, and if not, to load the full-function CDA from a network; and a full-function CDA that is responsible for all communications between the device and the monitoring server. The servicing functions can be controlled by a remote server.

Abstract: A system for locating and monitoring electronic devices utilizing a security system that is secretly and transparently embedded within the software, firmware, or hardware of the electronic device. The security system may be embodied in internal memory devices such as ROM BIOS, ROM, Flash ROM, EPROM, EEPROM, electronic components such as modem, CPU, or hardwired circuits or integrated circuits of a computer. This security system initiates the computer to periodically and conditionally call a host system to provide unique identifying indicia and location information. In one embodiment, the security system calls the host through a public switched telephone network (PSTN) and transmits the indicia in encoded form. In an alternative embodiment, which may be incorporated concurrently with the PSTN application, the security system calls the host system through the Internet and provides the host with indicia encoded within the DNS query sent.

Abstract: The present invention provides a method and apparatus for brokering memory resources. A memory broker cooperates with one or more memory servers and one or more memory clients. The memory servers obtain usable memory space and report the availability of such memory space to the memory broker. The memory clients request and receive memory allocations from the memory broker. In one embodiment of the invention, the memory broker interacts with memory servers that may be unable to guarantee the duration of availability of the memory space they provide. The memory broker can fulfill memory requests from memory clients using portions of memory distributed among multiple memory servers.