WO2008034944A1 - Method and system for locating a computer - Google Patents

Method and system for locating a computer Download PDF

Info

Publication number
WO2008034944A1
WO2008034944A1 PCT/FI2007/050493 FI2007050493W WO2008034944A1 WO 2008034944 A1 WO2008034944 A1 WO 2008034944A1 FI 2007050493 W FI2007050493 W FI 2007050493W WO 2008034944 A1 WO2008034944 A1 WO 2008034944A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
set forth
program
positioning
operating system
Prior art date
Application number
PCT/FI2007/050493
Other languages
French (fr)
Inventor
Tuure Laurinolli
Markus Mikkolainen
Simo SÄRKKÄ
Mikko WECKSTRÖM
Original Assignee
Indagon Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Indagon Oy filed Critical Indagon Oy
Publication of WO2008034944A1 publication Critical patent/WO2008034944A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/14Determining absolute distances from a plurality of spaced points of known location
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss
    • GPHYSICS
    • G08SIGNALLING
    • G08BSIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
    • G08B13/00Burglar, theft or intruder alarms
    • G08B13/02Mechanical actuation
    • G08B13/14Mechanical actuation by lifting or attempted removal of hand-portable articles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the application relates to a method and apparatus for locating a computer and for locating a computer snatched for unauthorized use.
  • the invention deals with the prevention of portable computer thefts and solving crimes.
  • Prior known systems are based for example on transmitting an individual identifier over a network access link, making an online computer locatable on the basis of the network access link.
  • Also known are various GPS tracking devices, as well as equipment transmitting a tracking signal. All these solutions are either subject to easy circumvention or call for expensive special features.
  • An objective of the invention is to create a system which enables tracking a computer in a simple manner and without an unreasonable increase in costs.
  • a tracking signal requires in practice helicopter tracking or triangulation relatively close to the location of a device, and a separate GPS module is usually removable or subject to sabotage. Positioning on the basis of a network access is unreliable and slow.
  • a thief or a retailer of stolen merchandise has expertise to replace modular components of a computer and, for example, to reinstall the operating system and to disable conventionally connected peripherals.
  • a thief is certainly able to disconnect the battery and to short-circuit the backup battery of a CMOS memory.
  • the security devices must not lend themselves to be disabled as described above.
  • the method according to the invention is based on a modification or a setup made in the firmware of a computer's motherboard, such as in the bootstrap loader, for example in BIOS software, forcing an activation of the computer from a memory medium attached to a positioning device.
  • the memory medium can be for example a motherboard-connected LJSB device, a diskette-drive emulating device, or a webcard-integrated device.
  • the memory medium is accompanied by positioning devices operating at least from time to time while the computer is off. Thus, even when integrated with a motherboard, the positioning devices will be able to function at a high-quality signal-to-noise ratio with no need for a separate antenna.
  • the positioning devices store geographic information in the memory medium, and the starting program, loading from the memory medium during the course of an activation process, during an activation process, transmits the geographic information over a local area network, such as a wireless network, a telenetwork or a radio link, further to an external server.
  • said memory medium can be a disk drive or a BIOS expansion.
  • the memory medium includes a small microprocessor, which controls positioning, stores a positioning result in the memory medium and, upon activating the computer, functions as a starting disk or a BIOS expansion.
  • the memory medium can be a memory medium, yet it contains a processor which modifies the geographic information stored in the memory and, for example after a successful transmission of positioning information, the processor may direct the computer to restart.
  • a processor present in connection with a memory medium may change contents of the medium and thereby control the operation of a computer in the starting sequence.
  • the device may function for example as a normal positioning medium or as a write protected starting disk.
  • the invention does not require any particular operating system, and the communication medium can be any medium which the starting program is able to use for the transmission of a message.
  • the communication medium can be any medium which the starting program is able to use for the transmission of a message.
  • it is possible to use for example a WLAN or ethernet access integrated with the motherboard of a portable computer. Because, in the method according to the invention, it is the central processor of a computer itself which transmits a positioning message, there is no need for a separate data transfer medium in connection with the positioning devices. Hence, it is possible to use a data transfer medium previously integrated with the motherboard.
  • the system according to the invention is more flexible and more readily adaptable for various communication networks.
  • a computer according to the invention possibly lends itself to remote control during a transmission of the geographic information.
  • the bootstrap loader for example a BIOS or the starting program of a PDA device, is thus modified on firmware level in such a way that the booting is only possible from a medium containing a booting program of the invention.
  • a BIOS program together with a booting program, may enable for example the use of several operating systems or start-up drives and for example a faulty operating system can be reinstalled by activating a computer for example from a diskette or a CD drive.
  • the booting program may also be modifiable after the activation, such that the activation is continued from another memory medium immediately after the transmission of a position report or the computer is rebooted and a desired operating system is activated by the bootstrap program in the next starting cycle.
  • the computer shall first report its geographic information and it is not until thereafter that the actual operating system is able to activate.
  • modification of BIOS setups is not possible until after a successful transmission of the geographic information, whereby preventing the operation of a network access or a GPS receiver prevents also activation of the computer as long as the position reporting program does not allow the activation of another program before a successful reporting of the location.
  • a computer keeps restarting until reporting is successful or the reporting program requests a password prior to allowing the computer to activate the operating system.
  • the positioning according to the invention can be based on mobile phone positioning, inertial positioning, or satellite positioning, for example GPS positioning.
  • the device is provided at least with a satellite positioning feature. It has a long-term power consumption, a high precision, and an easy first use, since no collaboration is needed for example with a mobile operator and the operation in a system of the invention is reliable.
  • the position reporting device may also include means for activating a computer momentarily for reporting in the event that positioning devices indicate that the computer has moved.
  • the starting loader may only execute minimum necessary procedures. For example, there is no need to check mass and main storages as it is sufficient to have the data transfer link operating and the data transmitted.
  • the data transfer link can also be used for the remote control of a computer and possibly, for example, for loading a program code to be executed over the data transfer link. If used as "a back door", the system is preferably provided with reliable authentication for only allowing an authorized party to work on setups.
  • the position reporting program may allow the activation of an operating system either in such a way that the program itself activates a desired operating system or in such a way that the computer is re-booted by means of a reset, and the MBR (Master Boot Record) of a memory medium according to the invention is set up to activate a desired operating system in the next boot cycle.
  • the memory medium of the invention may include a microprocessor, which controls operation of the system, performs positioning, and possibly shakes hands with a BIOS system or another starting loader, such that for example a replacement of the memory medium and positioning device with another similar type memory medium is not possible.
  • the replacement of a memory medium can also be hampered by having the device integrated with a motherboard, for example in association with a webcard integrated with a microcontroller connected to the USB bus of a motherboard.
  • BIOS circuits and especially those of portable computers, are generally permanently fixed on the motherboard, a modification of the program is not easy.
  • the BIOS program can be for example in a BGA or PGA (Ball Grid Array, Pin Grid Array) circuit, so its updating must be effected programmatically, the replacement of a multi-terminal, motherboard-soldered circuit, without damaging the motherboard, being quite a difficult task.
  • the security of a BIOS program can be further enhanced by supplementing the BIOS code with a handshaking performed with a starting drive for ensuring that the starting drive cannot be replaced with another one of the same type. Since the motherboard itself does not necessarily require hardware modifications, the method is applicable in connection with equipment from many manufacturers. If necessary, the system can also be deleted by loading the original BIOS code after a starting process of the invention. In practice, the BIOS updating of a stolen computer cannot be done unless the starting program of the invention allows the activation of an updating program or the actual operating system.
  • BIOS setups by means of zeroing a battery can be denied simply by adapting the restored setups to use a starting mode of the invention. Hence, for example the removal of a battery for a sufficiently long time puts a system of the invention back in service.
  • the method according to the invention employs for example a device connected to the USB bus of a motherboard, having a small microprocessor, a locator, and some memory.
  • the device is visible for example as a mere starting disk drive, the contents of which can be modified by a processor reading a GPS navigator.
  • the device may be visible also as a GPS navigator when the computer is in active service.
  • the device draws its power continuously from the battery of a portable computer or the device has possibly an independent power supply.
  • the device stores positioning results at least from time to time while the computer is off and transmits the results when the computer is switched on. Thus, interferences produced by the computer's motherboard are avoided, nor is an external antenna necessary.
  • the locator is not disturbed by radio interferences produced by the computer's motherboard and, in addition, there is always obtained a positioning result in a typical theft situation as long as the device makes a visit for example outdoors before activation.
  • the intra-endosure interferences of a typical portable computer would be disturbing the positioning and, in addition, the computer could not be located as long as said computer were used in a GPS blind area only.
  • a positioning result would never be obtained for a computer used for example inside a building, if the measuring were only conducted when the computer is on. With the computer off, the sensitivity of positioning is considerably higher and a measuring result is obtained with a higher probability.
  • the device of the invention reports at least the latest measuring result obtained prior to the activation of a computer. It is also possible to report several measuring results for finding out the travel route.
  • the battery capacity of a portable computer is sufficient for the momentary operation of just a navigator for a very long time. That is, by effecting the positioning while the computer is off and by not transmitting the positioning result until at the time of switching it on, two major benefits shall be achieved: Positioning proceeds without an external antenna and positioning proceeds also when a computer is traveling. Secondly, during the course of an activation process, the transmission of a message can be conducted by using other hardware of a computer. Hence, a separate data transfer medium is not needed for the positioning device.
  • the program can do other things as well, it can even load program code in context of transmitting a positioning message and execute the relevant code, whereby, if desired, the computer can be loaded with any programs.
  • the boot program When the computer is switched on, the boot program will be loaded by BIOS for example from a USB memory medium containing a device of the invention. It contains a concise operating system or software, which is capable of operating the computer's network access and transmitting over a wireless or wired network a positioning result to an external server for storing the same in a database. Thus, in connection with activations of all devices, the database compiles locations of such devices at that particular moment and possibly also the information regarding for example a WLAIM base station. It is also possible not to transmit a positioning message until upon request, i.e. nothing but the identification data of a computer is normally reported and the geographic information is not disclosed until requested.
  • the concise operating system can be for example a Linux- or Windows-based system and contains at least the necessary communication features.
  • the starting drive is by write protection secured against viruses
  • the actual operating system can also be loaded from a drive of the invention, the information security improving at the expense of flexibility.
  • this enables preventing a modification of setups and the write protected starting disk is safe from many nuisance programs, and for example operating system updates are easily provided in a centralized manner.
  • the replacement of an operating system with another or the parallel use of several operating systems is awkward.
  • a stolen computer can be subjected to tracking and upon its next activation, a message is obtained regarding its location. Additionally a computer, known to be stolen, can be commanded to perform certain procedures in a remote controlled manner, for example to continue positioning, to transmit base station information, to eavesdrop or survey secretly its surroundings, or to destroy information from hard drives.
  • the computer according to the invention always activates first a position- tracking program, and not until this is successfully completed will it be possible to access the setups of a starting loader or the firmware updating or to enable activation of the operating system.
  • the computer according to the invention sets up communication for example over a WLAN network or another wireless or wired network, and not until a positioning message has been delivered is the computer allowed to activate a program, which controls the BIOS setups, or the actual operating system.
  • the system according to the invention may also allow for such a modification of BIOS setups that the positioning is not working. In this case, also, the positioning result shall be transmitted prior to the modification of BIOS setups.
  • the device according to the invention can be integrated for example with a network card, whereby a part of the software can even be updated or activated over a wireless network, and it can be ensured that the computer doesn't operate without a network access link. It is also possible to use a boot program, which emulates a diskette or other disk drive or even functions directly as random access memory.
  • the device according to the invention can be provided with means for updating a program by means of a communication link.
  • the lending computers are marked as usual, making them difficult to sell for that reason alone. Warning about the use of a method according to the invention has also a preventive effect.
  • the components of lending computers are marked individually at the factory and registered, so the dismantling of stolen computers into components is risky business for the thief and selling the components is difficult.
  • the user of a computer is authorized to carry the computer within a certain, even quite extensive area, for example to school, home, library, and in other normal journeys.
  • the system according to the invention supplies a server with a report regarding a location of the computer and possibly a travel route between activations.
  • the server stores the geometric information of computers within the limits set by local legislation and terms of user agreements. As a presumption, the information need not be kept in storage for long or even gathered in a centralized manner. It will be sufficient to keep the geographic information for some time for example in databases associated with base stations and to compare such information with a list of computers reported stolen. This serves to avoid gathering and keeping futile information, while still being able to request information about a computer lost for example the day before.
  • a computer reported stolen is placed under surveillance and when the computer reports its location next time, is can possibly be also remote controlled from the server and for example the hard drives can be destroyed for ensuring the information security of the legal user.
  • the system can be commanded to position the computer at a more frequent rate, to report other information, for example base station distances, or to command the camera and microphone to transmit image and sound to the server.
  • the system is also able to deny completely the normal activation of an operating system or to activate, over a network access link, programs which enable for example a transfer of information existing on hard drives, a destruction thereof, or for example Bluetooth or WLAN can be activated to transmit a signal for enabling the authorities to locate the computer with higher precision, the same transmission being also useful for sending the microphone and camera signal.

Abstract

A method and apparatus for tracking the location of a computer by using a positioning device and a communication link, such that position measurements are conducted while the computer is off, and measuring results are transmitted over the communication link without activating the computer's actual operating system.

Description

Method and system for locating a computer
The application relates to a method and apparatus for locating a computer and for locating a computer snatched for unauthorized use.
The invention deals with the prevention of portable computer thefts and solving crimes. Prior known systems are based for example on transmitting an individual identifier over a network access link, making an online computer locatable on the basis of the network access link. Also known are various GPS tracking devices, as well as equipment transmitting a tracking signal. All these solutions are either subject to easy circumvention or call for expensive special features.
An objective of the invention is to create a system which enables tracking a computer in a simple manner and without an unreasonable increase in costs. For example, the use of a tracking signal requires in practice helicopter tracking or triangulation relatively close to the location of a device, and a separate GPS module is usually removable or subject to sabotage. Positioning on the basis of a network access is unreliable and slow.
It is presumable that a thief or a retailer of stolen merchandise has expertise to replace modular components of a computer and, for example, to reinstall the operating system and to disable conventionally connected peripherals. In addition, a thief is certainly able to disconnect the battery and to short-circuit the backup battery of a CMOS memory. Thus, the security devices must not lend themselves to be disabled as described above.
Accordingly, most prior known methods, which use a separate device connected for tracking, do not provide a desired result as the thief is able to remove the tracking devices. In the event that tracking is based on modifications made in the operating system or merely in programs, those will be easy to bypass as long as the computer is capable of having a commercially available operating system installed therein. On the other hand, incompatible equipment or software increases considerably costs and maintenance problems. An objective of the invention is to determine the location of a stolen computer or at least to prevent its use and resale. Another objective is to eliminate drawbacks present in the above-mentioned prior known techniques.
The method according to the invention is based on a modification or a setup made in the firmware of a computer's motherboard, such as in the bootstrap loader, for example in BIOS software, forcing an activation of the computer from a memory medium attached to a positioning device.
The invention is characterized by what is presented in the independent ones of the appended claims and preferred embodiments are set forth in the dependent claims.
The memory medium can be for example a motherboard-connected LJSB device, a diskette-drive emulating device, or a webcard-integrated device. The memory medium is accompanied by positioning devices operating at least from time to time while the computer is off. Thus, even when integrated with a motherboard, the positioning devices will be able to function at a high-quality signal-to-noise ratio with no need for a separate antenna. The positioning devices store geographic information in the memory medium, and the starting program, loading from the memory medium during the course of an activation process, during an activation process, transmits the geographic information over a local area network, such as a wireless network, a telenetwork or a radio link, further to an external server.
From the viewpoint of a starting loader, said memory medium can be a disk drive or a BIOS expansion. In practice, the memory medium includes a small microprocessor, which controls positioning, stores a positioning result in the memory medium and, upon activating the computer, functions as a starting disk or a BIOS expansion. From the viewpoint of a computer, the memory medium can be a memory medium, yet it contains a processor which modifies the geographic information stored in the memory and, for example after a successful transmission of positioning information, the processor may direct the computer to restart. A processor present in connection with a memory medium may change contents of the medium and thereby control the operation of a computer in the starting sequence. In addition, the device may function for example as a normal positioning medium or as a write protected starting disk. Since the starting program is always loaded under compulsion by BIOS before the rest of a starting sequence and the starting program contains an option to continue the starting sequence further from a desired memory medium, the invention does not require any particular operating system, and the communication medium can be any medium which the starting program is able to use for the transmission of a message. Thus, according to the invention, it is possible to use for example a WLAN or ethernet access integrated with the motherboard of a portable computer. Because, in the method according to the invention, it is the central processor of a computer itself which transmits a positioning message, there is no need for a separate data transfer medium in connection with the positioning devices. Hence, it is possible to use a data transfer medium previously integrated with the motherboard. In comparison with a separate computer-connected tracking device which has its own data transfer link, the system according to the invention is more flexible and more readily adaptable for various communication networks. In addition, a computer according to the invention possibly lends itself to remote control during a transmission of the geographic information.
The bootstrap loader, for example a BIOS or the starting program of a PDA device, is thus modified on firmware level in such a way that the booting is only possible from a medium containing a booting program of the invention. A BIOS program, together with a booting program, may enable for example the use of several operating systems or start-up drives and for example a faulty operating system can be reinstalled by activating a computer for example from a diskette or a CD drive. The booting program may also be modifiable after the activation, such that the activation is continued from another memory medium immediately after the transmission of a position report or the computer is rebooted and a desired operating system is activated by the bootstrap program in the next starting cycle.
Accordingly, after the power is switched on, the computer shall first report its geographic information and it is not until thereafter that the actual operating system is able to activate. Thus, modification of BIOS setups is not possible until after a successful transmission of the geographic information, whereby preventing the operation of a network access or a GPS receiver prevents also activation of the computer as long as the position reporting program does not allow the activation of another program before a successful reporting of the location. For example, a computer keeps restarting until reporting is successful or the reporting program requests a password prior to allowing the computer to activate the operating system.
The positioning according to the invention can be based on mobile phone positioning, inertial positioning, or satellite positioning, for example GPS positioning. Most preferably, the device is provided at least with a satellite positioning feature. It has a long-term power consumption, a high precision, and an easy first use, since no collaboration is needed for example with a mobile operator and the operation in a system of the invention is reliable.
The position reporting device may also include means for activating a computer momentarily for reporting in the event that positioning devices indicate that the computer has moved. In this case, the starting loader may only execute minimum necessary procedures. For example, there is no need to check mass and main storages as it is sufficient to have the data transfer link operating and the data transmitted.
In this context, the data transfer link can also be used for the remote control of a computer and possibly, for example, for loading a program code to be executed over the data transfer link. If used as "a back door", the system is preferably provided with reliable authentication for only allowing an authorized party to work on setups.
The position reporting program may allow the activation of an operating system either in such a way that the program itself activates a desired operating system or in such a way that the computer is re-booted by means of a reset, and the MBR (Master Boot Record) of a memory medium according to the invention is set up to activate a desired operating system in the next boot cycle. The memory medium of the invention may include a microprocessor, which controls operation of the system, performs positioning, and possibly shakes hands with a BIOS system or another starting loader, such that for example a replacement of the memory medium and positioning device with another similar type memory medium is not possible. The replacement of a memory medium can also be hampered by having the device integrated with a motherboard, for example in association with a webcard integrated with a microcontroller connected to the USB bus of a motherboard.
Because BIOS circuits, and especially those of portable computers, are generally permanently fixed on the motherboard, a modification of the program is not easy. The BIOS program can be for example in a BGA or PGA (Ball Grid Array, Pin Grid Array) circuit, so its updating must be effected programmatically, the replacement of a multi-terminal, motherboard-soldered circuit, without damaging the motherboard, being quite a difficult task. The security of a BIOS program can be further enhanced by supplementing the BIOS code with a handshaking performed with a starting drive for ensuring that the starting drive cannot be replaced with another one of the same type. Since the motherboard itself does not necessarily require hardware modifications, the method is applicable in connection with equipment from many manufacturers. If necessary, the system can also be deleted by loading the original BIOS code after a starting process of the invention. In practice, the BIOS updating of a stolen computer cannot be done unless the starting program of the invention allows the activation of an updating program or the actual operating system.
Modification of BIOS setups by means of zeroing a battery can be denied simply by adapting the restored setups to use a starting mode of the invention. Hence, for example the removal of a battery for a sufficiently long time puts a system of the invention back in service.
The method according to the invention employs for example a device connected to the USB bus of a motherboard, having a small microprocessor, a locator, and some memory. For the USB bus the device is visible for example as a mere starting disk drive, the contents of which can be modified by a processor reading a GPS navigator. In addition, the device may be visible also as a GPS navigator when the computer is in active service. In case the device is used as a navigator, there is generally needed an extra-enclosure antenna because, when associated with the motherboard of a computer, the GPS reception is not otherwise reliable because of radio interferences. The device draws its power continuously from the battery of a portable computer or the device has possibly an independent power supply. The device stores positioning results at least from time to time while the computer is off and transmits the results when the computer is switched on. Thus, interferences produced by the computer's motherboard are avoided, nor is an external antenna necessary.
Because the locator is not disturbed by radio interferences produced by the computer's motherboard and, in addition, there is always obtained a positioning result in a typical theft situation as long as the device makes a visit for example outdoors before activation. In the event that positioning were always conducted as late as during an activation process, the intra-endosure interferences of a typical portable computer would be disturbing the positioning and, in addition, the computer could not be located as long as said computer were used in a GPS blind area only. Hence, in practice, a positioning result would never be obtained for a computer used for example inside a building, if the measuring were only conducted when the computer is on. With the computer off, the sensitivity of positioning is considerably higher and a measuring result is obtained with a higher probability. Furthermore, information is possibly obtained regarding a travel route of the computer. The device of the invention reports at least the latest measuring result obtained prior to the activation of a computer. It is also possible to report several measuring results for finding out the travel route. The battery capacity of a portable computer is sufficient for the momentary operation of just a navigator for a very long time. That is, by effecting the positioning while the computer is off and by not transmitting the positioning result until at the time of switching it on, two major benefits shall be achieved: Positioning proceeds without an external antenna and positioning proceeds also when a computer is traveling. Secondly, during the course of an activation process, the transmission of a message can be conducted by using other hardware of a computer. Hence, a separate data transfer medium is not needed for the positioning device. In addition, the program can do other things as well, it can even load program code in context of transmitting a positioning message and execute the relevant code, whereby, if desired, the computer can be loaded with any programs.
When the computer is switched on, the boot program will be loaded by BIOS for example from a USB memory medium containing a device of the invention. It contains a concise operating system or software, which is capable of operating the computer's network access and transmitting over a wireless or wired network a positioning result to an external server for storing the same in a database. Thus, in connection with activations of all devices, the database compiles locations of such devices at that particular moment and possibly also the information regarding for example a WLAIM base station. It is also possible not to transmit a positioning message until upon request, i.e. nothing but the identification data of a computer is normally reported and the geographic information is not disclosed until requested. The concise operating system can be for example a Linux- or Windows-based system and contains at least the necessary communication features.
Since the starting drive is by write protection secured against viruses, the actual operating system can also be loaded from a drive of the invention, the information security improving at the expense of flexibility. In the case of a lending or leasing computer, this enables preventing a modification of setups and the write protected starting disk is safe from many nuisance programs, and for example operating system updates are easily provided in a centralized manner. On the other hand, the replacement of an operating system with another or the parallel use of several operating systems is awkward.
A stolen computer can be subjected to tracking and upon its next activation, a message is obtained regarding its location. Additionally a computer, known to be stolen, can be commanded to perform certain procedures in a remote controlled manner, for example to continue positioning, to transmit base station information, to eavesdrop or survey secretly its surroundings, or to destroy information from hard drives.
Replacing the BIOS of current motherboards is quite difficult for the average thief, because the program has been loaded in a permanent flash memory which is not easy to replace, nor can it be updated without being first able to activate a required program. The computer according to the invention always activates first a position- tracking program, and not until this is successfully completed will it be possible to access the setups of a starting loader or the firmware updating or to enable activation of the operating system. Hence, the computer according to the invention sets up communication for example over a WLAN network or another wireless or wired network, and not until a positioning message has been delivered is the computer allowed to activate a program, which controls the BIOS setups, or the actual operating system. The system according to the invention may also allow for such a modification of BIOS setups that the positioning is not working. In this case, also, the positioning result shall be transmitted prior to the modification of BIOS setups.
Instead of a USB drive, the device according to the invention can be integrated for example with a network card, whereby a part of the software can even be updated or activated over a wireless network, and it can be ensured that the computer doesn't operate without a network access link. It is also possible to use a boot program, which emulates a diskette or other disk drive or even functions directly as random access memory. The device according to the invention can be provided with means for updating a program by means of a communication link.
The following description deals with an exemplary system of the invention in an application to prevent lending or leasing computers from being stolen.
Many countries have nationwide wireless public information networks and, in addition, for example WLAN or GPRS and 3G modems are practically capable of operating around the world. Thus, a portable computer lent for example to school children is able to use a nationwide wireless information network for establishing a network link in domestic use. In addition, for example classrooms or libraries may have a wired link or a local WLAN hot spot for providing a faster access. Because, especially in poorer countries, the demand for computers amongst school children and students could be most easily met by lending portable computers, the emerging problem will be the information security and thefts of such computers. A schoolboy or -girl may not even necessarily dare to bring a computer home, if its value is remarkably high with respect to neighborhood income. This risk can be reduced in such a way that, in the case of a theft, the computer has a retailing value which is low as possible and the risk of apprehension is as high as possible.
The lending computers are marked as usual, making them difficult to sell for that reason alone. Warning about the use of a method according to the invention has also a preventive effect. Preferably, the components of lending computers are marked individually at the factory and registered, so the dismantling of stolen computers into components is risky business for the thief and selling the components is difficult.
The user of a computer is authorized to carry the computer within a certain, even quite extensive area, for example to school, home, library, and in other normal journeys. Upon each activation of the computer, the system according to the invention supplies a server with a report regarding a location of the computer and possibly a travel route between activations. The server stores the geometric information of computers within the limits set by local legislation and terms of user agreements. As a presumption, the information need not be kept in storage for long or even gathered in a centralized manner. It will be sufficient to keep the geographic information for some time for example in databases associated with base stations and to compare such information with a list of computers reported stolen. This serves to avoid gathering and keeping futile information, while still being able to request information about a computer lost for example the day before.
It is also possible to monitor the migrations of computers for example in such a way that a computer is expected to appear at least once a week back in school or in library, or otherwise the computer shall be subjected to automatic surveillance. As an alternative, the user can be required to sign for the authorized use of a computer for example upon entering into the school's information system. Thus, the authorized use of a lending computer can be monitored without disturbing the user and unreasonable breach of privacy.
A computer reported stolen is placed under surveillance and when the computer reports its location next time, is can possibly be also remote controlled from the server and for example the hard drives can be destroyed for ensuring the information security of the legal user. At the same time, the system can be commanded to position the computer at a more frequent rate, to report other information, for example base station distances, or to command the camera and microphone to transmit image and sound to the server. The system is also able to deny completely the normal activation of an operating system or to activate, over a network access link, programs which enable for example a transfer of information existing on hard drives, a destruction thereof, or for example Bluetooth or WLAN can be activated to transmit a signal for enabling the authorities to locate the computer with higher precision, the same transmission being also useful for sending the microphone and camera signal.

Claims

Claims
1. A method for tracking the location of a computer by using a positioning device and a communication link, operating in conjunction with the computer, characterized in that position measurements are conducted while at least the computer is off, and measuring results are transmitted by a program (firmware), which is a part of the computer, over the communication link without activating the computer's actual operating system.
2. A method as set forth in claim 1, wherein the communication link is the internet.
3. A method as set forth in claim 1 or 2, wherein the communication link is wireless.
4. A method as set forth in any of the preceding claims for tracking the location of a computer, characterized in that the positioning device is a satellite positioning device.
5. A method as set forth in any of the preceding claims for tracking the location of a computer, characterized in that the transmission of a measuring result is followed by activating the computer's actual operating system.
6. A method as set forth in any of the preceding claims for tracking the location of a computer, characterized in that the positioning device has an independent power supply.
7. A method as set forth in any of claims 1-5 for tracking the location of a computer, characterized in that the positioning device is connected directly to the computer's battery.
8. A method as set forth in any of the preceding claims, characterized in that the computer's bootstrap loader or BIOS is able to activate a location reporting program even without activation of the actual operating system.
9. A method as set forth in any of the preceding claims, characterized in that the positioning device is accompanied by a memory medium, the program present therein being run during a starting sequence of the computer.
10. A method as set forth in any of the preceding claims, characterized in that the positioning device is able to activate the computer also independently.
11. A method as set forth in any of claims 8-10, characterized in that the bootstrap loader shakes hands with a program present in the memory medium and permits an activation of the computer's actual operating system only if the handshaking is successful.
12. A method as set forth in any of claims 8-10, characterized in that the bootstrap loader is programmed permanently to be activated from a memory medium present in connection with the positioning device, and operation of the memory medium is modified after a successful transmission of geographic information in such a way that the computer's actual operating system is activated.
13. A device for reporting positional information about a computer by way of a communication link, characterized in that the positioning elements of the device operate at least from time to time while the computer is off, and the device has facilities of activating a program medium, which by way of the communication link transmits a positioning message to an external server as the computer is switched on.
14. A device as set forth in claim 13, which is adapted to execute a method as set forth in any of claims 1-12.
15. A device as set forth in claim 13 or 14, characterized in that said program means are the computer's BIOS, bootstrap loader or a part thereof.
16. A device as set forth in claim 13 or 14, characterized in that said program means are activated by the computer's BIOS or bootstrap loader.
17. A device as set forth in any of claims 13-16, characterized in that said program means are executed by the computer's main processor.
18. A program medium or product, containing a code which, when executed by a computer, implements a method as set forth in any of claims 1-12.
19. A computer, whose bootstrap loader is adapted to be set up in a way to enable a method as set forth in any of claims 8-12.
PCT/FI2007/050493 2006-09-22 2007-09-14 Method and system for locating a computer WO2008034944A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FI20065581 2006-09-22
FI20065581A FI20065581A (en) 2006-09-22 2006-09-22 Computer locating method and system

Publications (1)

Publication Number Publication Date
WO2008034944A1 true WO2008034944A1 (en) 2008-03-27

Family

ID=37067232

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FI2007/050493 WO2008034944A1 (en) 2006-09-22 2007-09-14 Method and system for locating a computer

Country Status (2)

Country Link
FI (1) FI20065581A (en)
WO (1) WO2008034944A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2207122A1 (en) * 2008-12-31 2010-07-14 Intel Corporation System and method to provide added security to a platform using locality-based data
CN104181551A (en) * 2013-05-28 2014-12-03 鸿富锦精密工业(武汉)有限公司 System and method for positioning and tracking of electronic equipment
CN104200168A (en) * 2014-08-22 2014-12-10 国家电网公司 Method for positioning abnormal reasons and warning abnormal results through matrix method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748084A (en) * 1996-11-18 1998-05-05 Isikoff; Jeremy M. Device security system
GB2395079A (en) * 2002-10-28 2004-05-12 Kuldip Bajwa Laptop PC tagging device
US20050149752A1 (en) * 2003-12-29 2005-07-07 Johnson Robert K. System and method for tracking laptop computers
US6954147B1 (en) * 1999-03-31 2005-10-11 Lenovo Pte. Ltd. Method and system for providing protection against theft and loss of a portable computer system
US20060145839A1 (en) * 2004-12-17 2006-07-06 Sandage David A Method and apparatus for location-based recovery of stolen mobile devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5748084A (en) * 1996-11-18 1998-05-05 Isikoff; Jeremy M. Device security system
US6954147B1 (en) * 1999-03-31 2005-10-11 Lenovo Pte. Ltd. Method and system for providing protection against theft and loss of a portable computer system
GB2395079A (en) * 2002-10-28 2004-05-12 Kuldip Bajwa Laptop PC tagging device
US20050149752A1 (en) * 2003-12-29 2005-07-07 Johnson Robert K. System and method for tracking laptop computers
US20060145839A1 (en) * 2004-12-17 2006-07-06 Sandage David A Method and apparatus for location-based recovery of stolen mobile devices

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2207122A1 (en) * 2008-12-31 2010-07-14 Intel Corporation System and method to provide added security to a platform using locality-based data
JP2010160795A (en) * 2008-12-31 2010-07-22 Intel Corp System and method to provide added security to platform by using locality-based data
JP2013033557A (en) * 2008-12-31 2013-02-14 Intel Corp System and method to provide added security to platform by using locality-based data
US8561138B2 (en) 2008-12-31 2013-10-15 Intel Corporation System and method to provide added security to a platform using locality-based data
CN104181551A (en) * 2013-05-28 2014-12-03 鸿富锦精密工业(武汉)有限公司 System and method for positioning and tracking of electronic equipment
CN104200168A (en) * 2014-08-22 2014-12-10 国家电网公司 Method for positioning abnormal reasons and warning abnormal results through matrix method

Also Published As

Publication number Publication date
FI20065581A0 (en) 2006-09-22
FI20065581A (en) 2008-03-23

Similar Documents

Publication Publication Date Title
KR101524881B1 (en) A security module having a secondary agent in coordination with a host agent
US8734529B2 (en) Distribution channel loss protection for electronic devices
CA2778913C (en) Approaches for ensuring data security
AU2010324789B2 (en) Approaches for a location aware client
US8745383B2 (en) Secure computing environment using a client heartbeat to address theft and unauthorized access
CN101681257B (en) Virtual machine control
WO2008034944A1 (en) Method and system for locating a computer
WO2018134785A1 (en) System and method for the persistence of security agents in electronic devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07823130

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07823130

Country of ref document: EP

Kind code of ref document: A1