[OLPC Security] Anti-theft and Anti-Sale ideas for Nepal

Bipin Gautam bipin.gautam at gmail.com
Sun Feb 18 12:45:24 EST 2007


On 2/18/07, Bryan Berry <bryan.berry at gmail.com> wrote:
> >This is exactly how P_THEFT is already specified; normally we _also_
> >provide a lease expiry system.
>
> Basically, I am trying to say that the expiry system wouldn't work for Nepal
> because of connectivity issues.
>
>
> >> 2) We could hard code a national identifier into the laptop's MAC
> >> address.  The laptop could periodically check it's national identifier
> >> against it's Internet gateway.  If it is no longer in Nepal, say Bangkok
> >> or Delhi, it disables itself.
>
> >This is technically trivial, should a country request it, but has a
> >bunch of social implications. What if the kids go on a field trip, for
> >example?
>
>  Ivan, thanks for your reply
>
> Nepali kids in public schools don't have any school field trips, as far as I
> am aware.  This technically trivial solution could seriously dampen the
> resale market for XO's.  Kids in private schools could get XO's w/out this
> country specific feature.
>

If we are going to use one  say a small villege server for any purpose
(maybe to act as a file hosting/backup server, we'll have a nepali
version of dictionary/encyclopaedia an intranet network with email
server, archived website and other reading materials on it as per
request etc)

 can we have a feature like heartbeat in failover to authenciate the laptop?

like... the laptop should compulsarily register itself to the villege
server (say, as n school attendance/roll call) in say every 1 month
atlest. And the village server will send it a SIGNED digital
certificate as its attendance token that will expire in 1 month. Say,
the attendance can be done manually or automatically. In this case
say... if the laptop misses attendance for more than 1 month the
laptop will automatically be de-activated. The laptop reported as sold
or stolen wont get the certificate token. Kernel and firmware
modification can only be done by proper validiation of personal
identity by teachers etc on request immidiately or the person has to
wait for atlest say 3 months before he/she gets a developer key.

Looks like n foolproof theory to me    lol ;)

Ivan please drop your views. Can you guys implement such feature if
the country requests?

with regards,
-bipin


More information about the Security mailing list