Browse Prior Art Database

Method to make Personal Computers more theft resistant.

IP.com Disclosure Number: IPCOM000014570D
Original Publication Date: 2001-Aug-11
Included in the Prior Art Database: 2003-Jun-19
Document File: 3 page(s) / 44K

Publishing Venue

IBM

Abstract

Disclosed is a method that makes Personal Computers (both desktop and mobile) more theft resistant. Background : A concern that is common to all users of personal computers (both individuals and large enterprises) is that the equipment might be stolen and resold to unscrupulous or unknowing buyers. There are several schemes common in the industry today that purport to lower this risk. 1. Physical: Some systems can be fitted with attachment points that are used to connect a chain or cable that is then secured to an immovable object. This might serve to deter a casual thief but is not a deterrent to a thief equipped with a common hardware store bolt cutting tool.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 47% of the total text.

Page 1 of 3

Method to make Personal Computers more theft resistant.

Disclosed is a method that makes Personal Computers (both desktop and mobile) more theft resistant.

Background:

A concern that is common to all users of personal computers (both individuals and large enterprises) is that the equipment might be stolen and resold to unscrupulous or unknowing buyers. There are several schemes common in the industry today that purport to lower this risk.

1. Physical: Some systems can be fitted with attachment points that are used to connect a chain or cable that is then secured to an immovable object. This might serve to deter a casual thief but is not a deterrent to a thief equipped with a common hardware store bolt cutting tool.

2. Removal detection devices: Some systems are fitted with devices that can be sensed by portal monitors that detect when the system is being carried through the door. If the thief is aware of these measures, he can simply do something simple like break a window and remove the equipment by a path that is not covered by the portal
monitors.

3. Passwords: Most systems provide some sort of password scheme that, in theory, should make the machine unusable to someone who doesn't know the password (such as the buyer of a stolen machine).

Common schemes include:

A: User passwords. This is a basic scheme in which the user can set a password that must be entered before the system will boot. The password is often stored in a battery powered memory such as CMOS. User passwords suffer from the following problems:

1. Users don't bother to set them.

2. Users choose trivial passwords such as their names or easy to remember keystroke

sequences such as "qwerty" or "asdf".

3.The password can be compromised by someone observing the user enter the

password.

Even if the user has chosen a good random password, it is easy to remove it and make the system usable by clearing CMOS with either a jumper or by pulling the battery.

B: Administrator passwords. Some systems provide a second password commonly known as the administrator password. Typically this protects access to some BIOS setup functions, access to BIOS update programs and can be used to override the user password if one is set and lost. It is not unusual for a large enterprise to have a single administrator password for all the systems within the enterprise.

This practice of having a single administrator password leads to the disquieting scenario of having the administrator password compromised that would make it possible for thieves to steal every system from an enterprise and easily making the systems usable to prospective buyers.

1

Page 2 of 3

Another venerability of password schemes can be envisioned if the thief does not want to resell the system but merely wants to access the data stored in the system. If the thief has an In Circuit Emulator unit, he can stop the system when it has requested a password and through fairly simple inspection of the code, cause the system to boot as...