(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2003/0065934 A1
`Angelo et al.
`(43) Pub. Date:
`Apr. 3, 2003
`
`US 2003OO65934A1
`
`(54) AFTER THE FACT PROTECTION OF DATA
`IN REMOTE PERSONAL AND WIRELESS
`DEVICES
`(76) Inventors: Michael F. Angelo, Houston, TX (US);
`Manuel Novoa, Houston, TX (US);
`Sompong P. Olarig, Pleasonton, CA
`(US)
`Correspondence Address:
`CONLEY ROSE, PC.
`P. O. BOX 3267
`HOUSTON, TX 77.253-3267 (US)
`(21) Appl. No.:
`09/965,960
`(22) Filed:
`Sep. 28, 2001
`Publication Classification
`
`(51) Int. Cl. .................................................. G06F 12/14
`
`(52) U.S. Cl. ............................................ 713/200; 713/176
`
`(57)
`
`ABSTRACT
`
`A Security System is provided which permits a user or owner
`of a portable electronic device to report the device missing
`to a Security Station. In response, the Security Station wire
`lessly transmits a Security message or command to the
`portable electronic device which, in turn, responds by caus
`ing a “destructive' Security action to occur. The destructive
`action may include erasing memory in the portable device,
`disabling certain functions (e.g., transmitting data, receiving
`data, accessing memory, etc.) or other types of actions Such
`as reporting location information to the Security Station.
`Various Security mechanisms can be implemented as well to
`minimize the risk that an unauthorized entity will be able to
`broadcast Security messages to portable devices.
`
`PORTABLE
`DEVICE
`
`200
`
`SECURITY
`STATION
`
`
`
`VOLALE
`MEMORY
`
`212
`
`GPS
`
`204
`
`
`
`WRELESS
`TRANSCEIVER
`
`218
`2O7
`HA
`KEY
`HASH 208
`STORAGE
`1.
`NON-VOATLE
`MEMORY
`
`ID
`
`-
`
`209
`
`DSPLAY
`216
`
`2O2
`-?
`
`230
`
`
`
`WRELESS
`TRANSCEIVER
`
`236
`
`KEY
`
`STORAGE
`
`238
`
`us
`
`HASH
`
`
`
`234
`
`WOLATE
`MEMORY
`
`EX-1007
`US Patent 10,789,393
`
`

`

`Patent Application Publication
`
`Apr. 3, 2003 Sheet 1 of 2
`
`US 2003/0065934 A1
`
`
`
`
`
`S
`
`
`
`

`

`Patent Application Publication
`
`Apr. 3, 2003. Sheet 2 of 2
`
`US 2003/0065934 A1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`9
`
`ETILVTO/\
`
`ÅRHOWNE W
`
`

`

`US 2003/0065934 A1
`
`Apr. 3, 2003
`
`AFTER THE FACT PROTECTION OF DATA IN
`REMOTE PERSONAL AND WIRELESS DEVICES
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`0001. Not applicable.
`
`STATEMENT REGARDING FEDERALLY
`SPONSORED RESEARCH OR DEVELOPMENT
`0002) Not applicable.
`
`BACKGROUND OF THE INVENTION
`0003) 1. Field of the Invention
`0004. The present invention relates generally to computer
`Security. More particularly, the invention relates to Security
`in a remote computer device. Still more particularly, the
`invention relates to broadcasting an authenticated Security
`message to a remote computer device upon its theft to cause
`the computer device to protect its data.
`0005 2. Background of the Invention
`0006 Numerous innovations have been made in the
`computer arts. For example, wireleSS portable devices Such
`as laptop computers, handheld personal data assistants
`("PDAs”), wireless email devices, and the like have made it
`easy to perform computer tasks (e.g., word processing,
`email, etc.) Virtually anywhere. Improvements in miniatur
`ization have resulted in portable computer devices that are
`very Small with Some being no larger than a common pager.
`0007 As with anything small and valuable, theft has
`increasingly become a problem for wireleSS portable com
`puter-type devices. The value of portable device lies in the
`hardware itself as well as any information Stored on the
`device. In fact, in many cases the value of the information
`stored on the device or the information to which the device
`has acceSS may far outweigh the cost of the hardware. The
`information Stored on or accessible to the device may
`contain highly Sensitive information pertaining to an indi
`vidual or an organization.
`0008 Thus, an authenticated security mechanism is
`needed for Such devices. One proposed attempt to provide
`Security has been to remotely activate a password feature in
`the device. That is, a wireleSS message is Sent which causes
`the Stolen device to enable a password that, until a valid
`password is entered, precludes further use of the device.
`Although generally acceptable, this type of Security
`response results in the Sensitive information remaining in the
`device. A clever enough thief might be able to bypass the
`password protection, or discovery or guess the password,
`and get at the Sensitive information nonetheless.
`0009. Some PDAs today (as well as other types of
`devices Such as cell phones, pagers, etc.) include a Security
`mechanism which requires a user to enter a valid password,
`such as a 4 digit personal identification number (“PIN”)
`before accessing the capabilities of the device. The device
`will lock itself if a predetermined number of invalid PINs are
`entered. The idea is that if Someone attempts to access the
`device by Simply guessing passwords, the device will time
`out before the perSon is likely to guess a correct password.
`If the device times out and locks itself from any further
`access attempts, Sensitive information, nevertheless, Still
`
`remains Stored in the device's memory and literally in the
`hands of an unauthorized perSon. Further, because the pass
`word is Set to come on after a period of inactivity, the
`password is inconvenient and complicates use of the device.
`Most users, in fact, fail to enable the password feature. AS
`a result, many Such portable devices are unprotected. On
`Some devices, a protection mechanism exits whereby if the
`password feature is enabled, the device will lock up after 10
`invalid password attempts and even delete contents of
`memory. This mechanism works only if the user has enabled
`the password. This Security mechanism is useleSS if the user
`has not enabled the password. If the password is not enabled
`on a device, any user (including unauthorized users) of the
`device will have access to Sensitive information contained
`therein.
`0010. These types of security features are useful in their
`own right, but there is room for improvement. Accordingly,
`a Security feature is needed which addresses the shortcom
`ings of the techniques noted above.
`
`BRIEF SUMMARY OF THE INVENTION
`0011. The problems noted above are solved in large part
`by permitting a user or owner of a portable electronic device
`to report the device missing to a “security Station.” In
`response, the Security Station transmits a Security message or
`command to the portable electronic device which, in turn,
`responds by causing a “destructive' Security action to occur.
`The destructive action may include erasing memory in the
`portable device, disabling certain functions (e.g., transmit
`ting data, receiving data, accessing memory, etc.) or other
`types of actions Such as reporting location information to the
`Security Station.
`0012. In accordance with the preferred embodiment, the
`Security Station comprises an entity, which can be a com
`puter or collection of networked computers (i.e., a “data
`center”), to which a person can contact to report a portable
`device missing. The portable device preferably wirelessly
`communicates with the Security Station. The Security Station
`preferably Verifies the authenticity of the perSon reporting
`the missing device, and if the perSon passes the Verification
`process, the Security Station generates and transmits the
`Security message to the portable device. The portable device
`responds to the Security Station by performing one or more
`destructive actions.
`0013 Additionally, other security features can be incor
`porated to minimize the risk for an unauthorized entity to
`determine how to Send Security messages to the various
`portable devices. For example, the Security Station may
`digitally sign the Security message using a private "key
`asSociated with the perSon reporting the device missing.
`Upon receiving the signed message, the portable device
`Verifies the Signature and performs the destructive action.
`The Security message itself may be encrypted if desired.
`Numerous other types of Security mechanisms can be put in
`place Such as permitting a user to abort the destructive
`Security action, permitting a user of the portable device to
`perform tasks on the device for a specified period of time
`before the destructive action is performed. These and other
`Security mechanisms are described in detail in the following
`Section.
`
`

`

`US 2003/0065934 A1
`
`Apr. 3, 2003
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0.014
`For a detailed description of the preferred embodi
`ments of the invention, reference will now be made to the
`accompanying drawings in which:
`0.015
`FIG. 1 shows a block diagram of a security system
`uSable in connection with a Security Station and one or more
`portable electronic devices, and
`0016 FIG. 2 shows a more detailed schematic of the
`block diagram of FIG. 1.
`
`NOTATION AND NOMENCLATURE
`0017 Certain terms are used throughout the following
`description and claims to refer to particular System compo
`nents. AS one skilled in the art will appreciate, computer
`companies may refer to a component and Sub-components
`by different names. This document does not intend to
`distinguish between components that differ in name but not
`function. In the following discussion and in the claims, the
`terms “including and “comprising” are used in an open
`ended fashion, and thus should be interpreted to mean
`“including, but not limited to . . .
`. Also, the term “couple”
`or “couples' is intended to mean either a direct or indirect
`electrical connection. Thus, if a first device couples to a
`Second device, that connection may be through a direct
`electrical connection, or through an indirect electrical con
`nection via other devices and connections. To the extent that
`any term is not specially defined in this specification, the
`intent is that the term is to be given its plain and ordinary
`meaning.
`
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`Referring now to the figures, FIG. 1 is presented to
`0.018
`broadly illustrate the principles underlying the preferred
`embodiment. FIG. 1 shows a portable device 100 and a
`security station 102 in accordance with the preferred
`embodiment of the invention. As shown, portable device 100
`and Security Station 102 are in communication with one
`another via communication link 104. In accordance with the
`preferred embodiment, the communication link 104 may
`comprise a wireleSS link or, if desired, a wire-based link. In
`general, multiple portable devices 100 may be operatively
`coupled to Security Station 102, although only one is shown
`in FIG. 1.
`0019. The portable device 100 may comprise any type of
`portable electronic devices Such as personal data assistants
`("PDAS”), laptop computers, pagers, and the like. In gen
`eral, device 100 comprises any type of device that conceiv
`ably may fall into the possession of an unauthorized perSon
`or entity and that may contain Sensitive information that
`should be protected from unauthorized access. The Security
`Station 102 preferably comprises one or more pieces of
`electronic equipment that can Send and, if desired, receive
`messages to/from portable device 100. For example, security
`Station 102 may be an individual computer or a data center
`comprising a plurality of computers. In one embodiment,
`Security Station 102 may comprise an application Service
`provider ("ASP") on the web and communication link 104
`may comprise a wireleSS Internet connection.
`0020. In accordance with a normal scenario, an “autho
`rized person' owns or possesses the portable device 100 or
`
`otherwise has permission to use the portable device and
`access the information contained therein. In the event the
`portable device 100 is stolen by an “unauthorized person” or
`otherwise is misplaced or Stolen, the authorized person can
`contact the Security Station 102 to initiate a Security proce
`dure. The authorized person identifies the portable device
`100 to the security station 102 using a unique identifier
`(“ID”) 106. The unique identifier 106, which is stored in
`portable device 100, provides a mechanism by which secu
`rity Station 102 can communicate with the device as opposed
`to all other portable devices 100. The identifier 106 may be
`any type of uniquely identifying value, Such as an Internet
`Protocol ("IP") address or a wireless ESN number, that the
`Security Station 102 can use to conduct a private communi
`cation. As shown in FIG. 1, the security station 102 pref
`erably includes a registry 108 in which one or more portable
`devices 100 can be registered. Each registration may include
`various fields of information Such as the device's ID value.
`The security station uses the ID value to determine how to
`initiate a message transfer to the targeted portable device.
`Any suitable manner for the security station 102 to deter
`mine how to communicate with the Specific portable device
`based on the ID value is acceptable. For example, the ID
`value may comprise the portable device's address or the
`address may be a separate piece of information in the
`registry 108 associated with the ID. The security station 102
`would then use the address to communicate with the device.
`Other information captured in the registry for a portable
`device may include device type, authorized perSon's name
`and address, and the like.
`0021. Once the authorized person identifies to the Secu
`rity station 102 the identity of a particular device 100 that
`may be in a comprised situation (i.e., lost or Stolen), the
`Security Station preferably performs a Security procedure
`that causes a “destructive' action to occur on the portable
`device 100. To this end, the security station 102 transmits a
`security message to the portable device 100 over commu
`nication link 104 to cause the destructive action to occur.
`The portable device 100 preferably interprets the security
`message and performs a destructive action that has been
`predetermined or Specified in the Security message itself.
`0022. A “destructive' action generally refers to one of
`Several types of actions. The first type of destructive action
`is one in which certain information Stored in the portable
`device 100 is simply erased. An example of this type of
`destructive action may entail the portable device 100 erasing
`all of its internal memory (i.e., a “reset). Alternatively, the
`destructive action could include erasing only a portion of the
`devices internal memory, Such as a portion that may be
`allocated for Storing information deemed to be more Sensi
`tive than data in other portions of memory. These types of
`destructive action prevent recovery of the information by
`even the authorized perSon.
`0023 The second type of destructive action is one in
`which one or more functions of the portable device 100 are
`disabled, but can be reactivated if desired. For example, the
`portable device 100 might place itself into a mode in which
`it can receive messages, but cannot transmit or release
`information for use by other devices. Alternatively, the
`portable device might transition to a mode in which it can be
`used to transmit messages, but the contents of its memory
`cannot be accessed. In general, this type of destructive
`action causes the portable device to function for an unau
`
`

`

`US 2003/0065934 A1
`
`Apr. 3, 2003
`
`thorized perSon in Such a way that would be acceptable to
`the authorized person given that the device may be in the
`hands of an unauthorized perSon. Another action might be to
`Simply lock the machine down while displaying a pre
`defined message with a return address for the device or a
`telephone number to call.
`0024.
`It should be noted that instead of, or in addition to,
`a destructive action, other types of Security actions could be
`implemented as well. For example, the portable device 100
`could be equipped with a well-known global positioning
`system (“GPS") receiver (not specifically shown in FIG. 1).
`The Security message from the Security Station 102 might be
`for the portable device 100 to report its location to the
`Security Station. Further, a portion of the device's hardware
`may be destroyed, Such as by tripping a Switch to short out
`circuitry. Alternatively, the destructive action may include
`running memory at an incorrect clock rate (either too slow
`or too fast).
`0025. It should be noted also that, if the registry 108
`includes a portable device type field for each registered
`device, the Security Station 102 can initiate a Specific type of
`Security action based on the type of portable device identi
`fied. For example, the security station 102 might transmit
`one type of Security message to a PDA and a different
`Security message to a laptop computer. In this manner,
`different types of portable devices may respond to Security
`problems in different ways. Alternatively or additionally, the
`Security Station may simply transmit a basic Security mes
`Sage to any type of portable device and each type of portable
`device may be pre-programmed to perform a desired Secu
`rity action.
`0026. A more specific implementation of the preferred
`embodiment of the invention is shown in FIG. 2. As shown,
`portable device 200 preferably includes a central processing
`unit (“CPU”) 204, a volatile memory 206, a non-volatile
`memory 208, an input/output (“I/O”) module 210, a GPS
`receiver 212, a wireleSS transceiver 214, and a display 216.
`The aforementioned components and the way in which they
`are connected as shown in FIG. 2 are not required. Not all
`of the componets shown as comprising portable device 200
`need be included (e.g., GPS receiver 212) and it should be
`recognized that other components (e.g., a battery) may be
`included that are not shown in FIG. 2.
`0027 Generally, the CPU 204 controls the operation of
`the portable device 200. The CPU may read from and write
`to volatile memory 206 (which preferably comprises RAM
`memory). The CPU204 may also access non-volatile stor
`age 208. The CPU 204 may coordinate the transfer of
`information between it and the security station 202 via I/O
`module 210 and wireless transceiver 214. A display 216 may
`be included to permit a person to use the device 200. In the
`form of a PDA, the display 216 preferably comprises a touch
`sensitive liquid crystal display (“LCD”) with which a stylus
`(not shown) can be used as an input device. GPS transceiver
`212 may also be included to provide location information as
`noted above with regard to FIG. 1.
`0028. The security station 202 may be a computer as
`shown or a collection of computers coupled together to form
`a data center. As a computer, Security Station 202 may
`include a CPU 230, a wireless transceiver 232, volatile
`memory 234, key storage 236 and a hash function 238. One
`of ordinary skill in the art will recognize that many other
`
`components may be included in Security Station 202 as well.
`The system shown in FIG. 2 generally functions as
`described above with regard to FIG.1. An authorized person
`can identify a portable device 200 (presumably one that is
`missing) by its ID 209 (which may be stored in non-volatile
`memory 208). The security station 202 responds by trans
`mitting a security message to the portable device 200 which
`may respond destructively as explained above, Such as by
`erasing all or a portion of volatile memory 206, precluding
`access to data stored on memory 206 or 208, providing
`location information from GPS 212 and the like.
`0029 Several other features may be incorporated into the
`security system described herein for portable devices. For
`example, if an unauthorized individual was to intercept the
`Security message transmitted from the Security Station to the
`portable device, that individual might then know how to
`Sabotage other portable devices by commanding them to
`erase their data or perform Some other type of Security
`action. Thus, it may be preferred for the security station 202
`to Send the Security message in any Suitable form that is Safe
`from unauthorized perSons or entities. Doing So will frus
`trate, if not preclude, an unauthorized person from inter
`cepting the Security message and being able to determine
`how to Send Such Security messages.
`0030. For instance, the security message may be digitally
`“signed using any one of a variety of authentication tech
`niques, now known or later developed. AS is well known to
`those of ordinary skill in the art, most digital Signature
`techniques involve the use of a "hash' function and an
`encryption “key.” Thus, as shown in FIG. 2, portable device
`200 and security station 202 include key storages 207,236,
`and hash functions 218 and 238. The key storage 207 in the
`portable device 200 preferably is part of the non-volatile
`memory 208 and preferably, in accordance with known
`hardware and/or Software techniques, cannot be overwritten
`or copied. The key storage 236 in the security station 202
`preferably is part of Some type of non-volatile memory and
`may, for example, be a “Smart card” or other type of
`removable, non-volatile memory media. The hash function
`238 also is stored in non-volatile memory. The registry
`information explained above with respect to FIG. 1 may be
`included as part of key Storage 236 with each user's key
`being associated with that user and their portable device.
`0031. In accordance with preferred embodiment, the por
`table device's key Storage includes a public key and the
`corresponding private key is Stored in the Security Station's
`key Storage 236. Then, when the authorized perSon looses or
`misplaces their portable device 200, that person contacts the
`Security Station 202 via a telephone call to a perSon or over
`a network such as the Internet. The security station 202 then
`Verifies that the authorized perSon is, in fact, authorized to
`cause the Security Station 202 to issue a Security message to
`the missing portable device 200. The technique for verifying
`the perSon desiring the Security Station to issue a Security
`message can be in accordance with any Suitable type of
`Verification protocol, Such as answering a Secret question,
`providing a predetermined code word, biometrics (i.e., the
`perSon's fingerprint, voice, iris Scan, etc. is digitized and
`sent to the Security station for verification), and the like.
`0032. Upon successfully verifying the person requesting
`the transmission of a Security message to a portable device,
`the Security Station 202 Signs the Security message prefer
`
`

`

`US 2003/0065934 A1
`
`Apr. 3, 2003
`
`ably with that person's private key Stored in key Storage 236.
`This may be accomplished by the CPU 230 retrieving and
`applying the “hash” function 238 (hash functions are well
`known in the art) to the Security message to create a Security
`message “digest.” Typically, a digest will be of a fixed size
`that is Smaller than the message it is derived from, although
`this need not always be the case. The security station's CPU
`230 then encrypts the Security message digest using the
`private key to thereby sign the Security message. The
`Security Station 202 transmits both the unencrypted Security
`message and the encrypted Security message digest to the
`portable device.
`0033. The portable device 200 receives the digitally
`Signed Security message, decrypts the message digest using
`the public stored in key storage 207 to recover the trans
`mitted message digest, and also applies the same hash
`function used by the Security Station to the Security message
`to independently create a message digest. It should be noted
`that, alternatively, a public key could be used by the Security
`Station 202 to Sign the message with the portable device
`using a private key to Verify the Signature. The portable
`device then compares the message digest it independently
`computed to the message digest it recovered by decrypting
`the digest transmitted to it by the security station. If the two
`message digests match, the Security message has been
`Successfully authenticated. Upon authenticating the Security
`message, the portable device's CPU 204 immediately pro
`ceeds to perform the desired Security action. If, however, the
`portable device's CPU 204 cannot authenticate the digital
`Signature, the portable device will not perform the requested
`Security action. Furthermore, the portable device may
`respond back to the Security Station with appropriate Status
`as to the failure of the requested Security action and, if
`desired, the requested Security action and its failure can be
`logged at the Security Station. In this way, an unauthorized
`person or entity (or at least a person without access to the
`correct private key) will not be able to cause a portable
`device to effectuate a Security action and any unauthorized
`Security action is logged at the Security Station.
`0034.
`In the event that a message is received by the
`portable device there are Several actions that could be
`performed. AS noted above, one action is to log the fact that
`an invalid message was received. Even upon receipt of a
`valid Security message, Some Status may be sent to the
`Security Station to proactively advise what message was
`received by the portable device and that the desired action
`has been implemented. This also helps to ensure that if a
`“middle man” compromises the Security Station's private
`key for this device, this event can be detected and logged
`when the Security Station receives notification of a Security
`action being performed that it did not request. After the
`Security Station logs the device's response to a particular
`message, the Security Station may decide to notify the device
`owner, generate new keys if, for example, Status is received
`for an action that the Station did not request or many failed
`messages to the device etc.
`0035. The security station and the portable device each
`may have their respective key pairs to further ensure privacy.
`For instance, two separate key pairs (one in the device and
`another in the Security station) can be used Such that one
`private/public key pair is used for encryption and the other
`for Signing. Alternately, there could be a signing public/
`private key pair and a Symmetric/shared key for encryption
`
`that may be negotiated between the Security Station and
`device. In addition, the Security message itself may be
`encrypted with a private device key before or after the hash
`function is applied. As such, the hash function 238 may be
`applied to the unencrypted Security message to create a
`message digest which is then encrypted. Then both the
`digital Signature and the message are transmitted to the
`portable device. The portable device would then decrypt the
`message and the digest using its public device key, apply its
`own hash function 218 to the message and authenticate the
`Signature by comparing the two digests. Alternatively, Secu
`rity station's CPU 230 may first encrypt the security mes
`Sage using the private device key (p) key and then apply
`the hash 238 to the encrypted message to create the digest,
`which further is encrypted also using the Security Station's
`private key. The portable device 200 would then decrypt the
`encrypted message digest using the Security Station's public
`key, apply hash function 218 to the encrypted message,
`compare the two digests, and decrypt the Security message
`using its private decryption key if the Signature is Success
`fully verified.
`0036). In another embodiment, no digital signature is
`included and the Security message is simply encrypted with
`a private device key at the Security Station 202 and trans
`mitted to the portable device 200. The portable device uses
`its public device key to decrypt the Security message and
`carry out the requested Security action.
`0037. In another embodiment still, each user private key
`stored in the security station 202 and used to encrypt a
`Security message may itself be encrypted with yet a different
`key. The encrypted private key on the Security Station would
`then require a key provided by the user Simply to decrypt it
`So that the decrypted key(s) can be used to sign or encrypt
`a Security message. In this way, additional Security is pro
`vided which precludes the security station 202 from sending
`a Security message without first receiving a key simply to be
`able to obtain the correct key needed to sign or encrypt the
`Security message. This provides further assurance that an
`unauthorized perSon is unable to access the Security Station
`202 and Send out Security messages to portable devices.
`Further Still, encryption and Signing keys can be encrypted
`Separately for additional Security.
`0038 Another concern that may also be addressed, if
`desired, is an unauthorized person that intercepts a Security
`message to a particular device and then is able to retransmit
`that message to the same device at any time to cause the
`device to erase its memory. Accordingly, it is desirable to be
`able to prevent an undesired “replay' of a Security message.
`To prevent Such undesirable replays, the Security Station's
`CPU 230 preferably includes a unique value with the
`Security message that the portable device uses to Verify the
`message. Preferably, the unique value is different each time
`a Security message is to be sent to the portable device. For
`example, the unique value could be a time Stamp, a non
`repeating Sequence number, or a randomly generated num
`ber that only the authorized Security Station and the portable
`unit would know or be able to determine. The portable
`device thus uses the unique value to verify the authenticity
`of the Security message. If an unauthorized perSon or entity
`were to intercept a Security message, which has the afore
`mentioned unique value, and attempts to Send that same
`message, with the same unique value, the portable device
`
`

`

`US 2003/0065934 A1
`
`Apr. 3, 2003
`
`will not verify the message because the unique value will be
`different than what the portable device expects.
`0039. Additionally, the encrypted security message could
`be one that would request the portable device to prompt the
`user for an abort key. The abort key can be any Suitable type
`of abort key that presumably only an authorized use would
`know or have access to. If the user enters a correct abort key,
`the Security action that would otherwise have occurred is
`aborted and the portable device continues its normal opera
`tion. If the abort key is not Successfully verified, perhaps
`within a given amount of time, the portable device 200
`proceeds to cause the Security action to occur. The abort key
`can be verified in a variety of ways such as by the portable
`device 200 itself, using information contained within the
`Security message transmitted by the Security Station, or by
`transmitting the abort key back to the security station 202 for
`verification by CPU 230.
`0040. A modification of the aforementioned technique
`would be to permit the user to execute a Specified number of
`commands (either predetermined or programmable) on the
`portable device prior to the Security action occurring. Fur
`ther still, the portable device 200 may allow a specified
`amount of time to elapse before the Security action occurs.
`During this specified time, the user could perform any
`functions or a limited Set of functions on the portable device.
`Even further Still, the Security message could permit the
`portable device 200 to perform a certain number of tasks
`during a certain period of time. After either the Specified
`number of tasks have been performed or the Specified time
`period has expired, the portable device 200 would then
`perform the Security action.
`0041) If desired, the security station's CPU 230 may
`cause the Security message to be signed by the authorized
`user's private key noted above and then by a private key
`associated with the security station itself. The portable
`device would then have to Verify the Security message in
`light of both keys. Accordingly, even if the user's private key
`is Stolen, a portable device Still would not respond to a
`Security message unless it can verify the Security Station's
`private key as well. This provides further Security against a
`Sabotager.
`0.042
`Further still, it may desirable to have more than one
`perSon or entity able to cause the Security Station to initiate
`a security response to a missing portable device 200. For
`example, an employer may assign a portable device to an
`employee. If the portable device is stolen or otherwise
`missing, it may be desirable for both the employee and
`employer to be able initiate a Security response. In one
`embodiment, the employer and employee may simply use
`the same pr