Protect Laptops and Data with Intel® Anti-Theft Technology
Laptops with the 2nd generation Intel® Core™ processor with Intel® Anti-Theft Technology (Intel® AT) provide IT administrators with intelligent protection of lost or stolen assets. Intel AT’s flexible policy engine lets you specify the detection mechanism that asserts theft mode, the thresholds for timer intervals, and the action(s) to take. Because the technology is built into laptop hardware, Intel AT provides local, tamper-resistant, policy-based protection that works even if the OS is reimaged, the boot order is changed, a new hard drive is installed, or the laptop is disconnected from the network. Intel AT is activated through service subscriptions from Intel AT-enabled software and service providers. Find a list of service providers and Intel AT capable laptops at anti-theft.intel.com. Local and remote detection mechanisms Intel AT includes several hardware-based detection mechanisms that can trigger a lock down. Detection mechanisms can be local (based on IT policy) or remote (via LAN, WLAN, or 3G connectivity). Hardware-based detection and trigger mechanisms (all configurable by flexible IT policies) include:
• Excessive login attempts in the pre-boot authentication (PBA) screen. The PC can automatically trigger a lock down and prevent access to data if someone tries to log in too many times unsuccessfully.
• Missed check-ins with the central server. If multiple check-ins are missed, a local hardware based timer expires and the laptop immediately goes into theft mode, even if the system is not connected to the Internet.
• Notification via a message sent over an IP-based wired or wireless LAN. The next time the laptop connects to the central server, it can receive an encrypted message (the poison pill) to go into theft mode. (Note: the central server can be hosted on the Internet to allow communication with laptops outside the corporate firewall.)
• Notification via an encrypted SMS text message over a 3G network. For this option, the laptop does not need to be connected to the Internet, but it must be within range of a 3G network. This feature works even if the OS is not running or has been reinstalled, thanks to a hardware-to-hardware link between the 3G card and the Intel AT system.
• Resume from standby. IT administrators can now tighten the security of a laptop upon resume from standby (S3 sleep) state: If the Windows* login is not completed in a short period of time (as defined by IT), the user must re-enter the encryption login credentials before being allowed access to the PC.
Read the full Protect Laptops and Data Paper.