With the latest release of Intel Antitheft (AT 2.0) it is now possible to brick (lock up) a PC and delete the disk encryption keys - rendering not just the PC inoperable, but locking access to the data on the hard drive so that even swapping the hard drive into another PC and using the original user credentials will not allow access to the data.  This is accomplished via AT utilizing the UUID (Unique User ID) of the platform and the user credentials to gain access to the data.  the UUID is unique to the platform and cannot be hacked into another platform, the IT department does have the ability through the management vendor of reloading a UUID into the AT Management Engine (ME) in the case of a failed Mother board - this requires an authorized representative of the IT department contact the Managment vendor and verify authentication of both the machine his/her identity.

 

With our newest partner WinMagic it is now possible to offer Pre-Boot Authentication (PBA), Customizable Message Recovery Screen along with Full Disk Encryption (FDE) and storage/deletion of the encryption keys in the Intel AT Management Engine.  The ability to send the "Poison Pill" via an SMS (3G) message for immediate lock down of the PC is also supported in AT 2.0 via several 3G hardware solutions.  

 

Intel AT 2.0 continues to support all the original Antitheft features with timer based lock down of the PC if a rendezvous with the backend server (internet connection) is missed prior to a timer out situation.  The timer features are System Administrator definable and different levels of remediation can be defined up to and including deletion of data.  Some of the other new features include: Audit and Event logging, PC Tamper Monitoring (HW Sensor based) and local IT support for Un-Enrolling a PC at EOL.

 

While a software based FDE has been available for some time - Intel AT 2.0 and an FDE solution offer uncompromising security by completely disabiling access to data, if the PC is bricked as the encryption keys are stored in the AT ME and a bricked PC deletes these keys from the PC.  A bricked PC's hard drive data is completely protected even if the original user credentials are known and the hard drive is installed in another PC as the encryption keys are not on the harddrive and the platform UUID is different.

 

The new features of AT 2.0 are fully supported by WinMagic and combined with their FDE product offer an uncompromising solution to protecting sensitive data on your PCs.  The following diagram shows a typical corporate network Infrastructure and how a PC checks in and is enrolled into WinMagic's solution, the Intel Permit Server is used only during enrollment.

 

  AT Infrastructure.png 

I have also included a ' WinMagic in a nutshell' chart of features below:

WinMagic in a nutshell.png

 

WinMagic offers both a IT-Hosted and SaaS solutions geared to the enterprise customer as well as the small and medium based business, if you have any questions or would like to inquire about a Pilot or POC project please contact Mike at mike.schulien@intel.com.