Intel Anti-Theft Technology (Intel AT) is turning perfectly good laptops into bricks and will eventually turn perfectly good smartphones into rocks.  The company is already teaming up with tracking, remote data removal, encryption or PC recovery software vendors, as well as device recovery service providers and OEMs to deter laptop computer theft.  At the request of partners and end customers, the technology will eventually extend to netbooks, MIDs, and smartphones. 

“Smaller devices are becoming more powerful and [mobile users] want to access to their data from anywhere,” said Mauricio Cuervo, marketing manager, PC Client Group in Intel’s Anti-Theft Services Group.  “We’re starting with laptops but getting requests from partners and end users to support smaller formats.”

Intel AT is included in the new Centrino 2 processor-based laptops.  It provides dedicated security and manageability functions as well as dedicated circuitry and firmware making Intel AT far more difficult to compromise than software solutions alone.  In fact, Absolute Software, PGP, Phoenix Technologies, WinMagic and others are teaming up with Intel to add yet another layer of security.  For example, using Phoenix Technologies, IT administrators are able to manage and  remotely remove or retrieve data from a lost or stolen laptop.  With the addition of Intel AT administrators can also render the machine completely inoperable.

In addition to working with ISVs and recovery service providers like Absolute Software, Intel provides hardware and an SDK so OEMs can make their laptops AT ready.  To take advantage of the technology, the purchaser of a laptop must buy an AT-ready laptop as well as software from the likes of PGP, WinMagic or Absolute Software. 

When a laptop has been reported lost or stolen, or a pre-defined event has been triggered, Intel AT disables the laptop via a “poison pill”.  The poison pill can be delivered over the Internet, locally, or via an SMS message.  Even if the OS is reinstalled, or the hard disk replaced, the laptop remains disabled.  However, the machine can be easily reactivated by administrators, assigned users or both, easily without causing data loss or damage to the PC.

“There are three key areas of anti-theft,” said Cuervo.  “Detection, response, and reactivation.”

Lost laptops can be detected in a number of ways, the most obvious of which is the user notifying the IT department or asset recovery service provider.  When a laptop has been reported lost or stolen, it is flagged in a central server.  When rebooted and connected to the Internet, it automatically receives a poison pill. 

Intel AT includes support for pre-boot authentication (PBA) modules which includes a hardware-based PBA login timer and PBA login failure counter to detect potential theft.  The PBA login timer controls the time it takes to login.  The PBA login failure counter monitors failed login attempts and triggers a response when the number of failed attempts exceed a pre-defined threshold. 

Intel AT also supports a rendezvous timer that requires the laptop to check in periodically with a central server. If the laptop fails to check in within the required time frame, a policy-based response triggers a local poison pill. 

Intel AT further includes tamper monitoring so if a user tries to alter a key element like the firmware or BIOS, a poison pill is automatically activated locally.  There is also a dedicated controller that blocks the boot process regardless of what device (e.g. hard drive, USB key, CD, DVD, external hard disk, etc) is used to boot the OS.

With solutions from encryption vendors like PGP and WinMagic, there is an additional level of data protection. In addition to disabling computer operation, a poison pill can also block data access by deleting or hiding the end-user credentials or the encryption keys or similar cryptographic material stored in the the chipset.  When a poison pill is triggered, the encryption keys can be deleted or hidden to prevent access to the data, even if the credentials have been compromised.

“If you bind the encryption key to the platform the data in the hard drive is only available to that laptop,” said Cuervo.  “And if you remove the drive you won’t be able to access the data, even if you know the credentials.”

In the absence of any anti-theft protection whatsoever, laptops and the data on them are completely exposed. “If you don’t have any protection you can read and extract the data on the drive.  You can also reformat, reuse or swap out the drive,” said Cuervo.  Not so with Intel AT.

After the poison pill is received, the laptop becomes completely inoperable with or without a new hard drive.  The OS will not boot and cannot be reimaged. 

Once disabled, a reactivation screen appears, indicating that the laptop has been disabled and the options to reactivate it.  Administrators can also include a custom message in that screen such as where a third party may return the machine to receive a reward.

Reactivation by an authorized user, administrator or both is quick and easy.  Users can enter a password they pre-defined (if their IT policy allows it) or an administrator can provide the user with a one-time recovery token that only works on that laptop.  The machine can also be reactivated by an administrator who sends a code via a secure text message (which requires the presence of a 3G card). 

At the present time, Intel AT is available on some laptops based on the Intel Centrino 2 processor with vPro Technology.  In 2010, Intel AT will expand its reach beyond enterprise customers to consumers as well as small to medium enterprises (SMEs) via the Core i3, Core i5, and Core i7 processors with the proper chipsets.  Because OEMs will be rolling out products in phases, Cuervo suggests consumers contact the OEM to verify the machine is AT capable.

Cuervo also encourages Moblin community members to get their hands on a Core i3, Core i5, or Core i7 system and play with it.

“We’d love to get their feedback because our customers and partners want us to build Intel AT into smaller devices,” he said.

Although he did not provide a timeframe specifying when more mobile devices will be supported, he did say it is likely netbooks will be targeted first, followed by MIDs and smartphones.

ISVs, OEMs, ODMs, service providers and independent developers can get more information about Intel AT here.  Cuervo said he can also be contacted directly at Mauricio.cuervo@intel.com and will gladly route inquiries to the appropriate parties.

* All names and brands are the property of their respective owners.

­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­

Lisa Morgan is an independent high tech management and marketing consultant who creates content and provides commentary to print and broadcast media.