公开(公告)号：US20240248699A1

公开(公告)日：2024-07-25

申请号：US18157120

申请日：2023-01-20

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Jason Kolodziej ,  Girish S. Dhoble ,  Nicholas D. Grobelny

IPC: G06F8/65 ,  H04L9/40

CPC classification number: G06F8/65 ,  H04L63/0823 ,  H04L63/0838

Abstract: Systems and methods support updates to an Information Handling System (IHS). A workspace is instantiated on the IHS based upon a received workspace definition, where the workspace identifies an available update to a system operating on the IHS. A request is made for a first credential used for validation of the IHS by a first remote workspace orchestrator. The workspace provides the first credential to a second remote workspace orchestrator that controls access to updates to the system operating on the IHS. The second remote workspace orchestrator uses the first credential to validate the IHS with the first remote workspace orchestrator. The workspace performs the available update to the system operating on the IHS using a second credential provided by the second remote workspace orchestrator upon validation of the IHS by the first remote workspace orchestrator. The IHS maintains separate confidentiality with each remote orchestrator providing credentials for the update.

公开(公告)号：US20240028713A1

公开(公告)日：2024-01-25

申请号：US17870912

申请日：2022-07-22

Applicant: Dell Products L.P.

Inventor： Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski

IPC: G06F21/55 ,  G06F21/56

CPC classification number: G06F21/554 ,  G06F21/568 ,  G06F21/552

Abstract: Workspace instantiations are monitored for potentially suspicious behavior. A client endpoint computer creates and maintains a log of historical events associated with a workspace instantiation. Each time the client endpoint computer processes an event associated with the workspace instantiation, the client endpoint computer adds and timestamps a new entry in the log of the historical events associated with the workspace instantiation. The log of the historical events thus represents a rich database description of the workspace instantiation, its corresponding workspace definition file, its corresponding workspace lifecycle events, and their corresponding timestamps. A workspace orchestration service (perhaps provided by a server) may monitor the log of historical events and flag or alert of any entries indicating suspicious behavior. Any current workspace instantiation may thus be terminated as a security precaution.

公开(公告)号：US11809876B2

公开(公告)日：2023-11-07

申请号：US17243804

申请日：2021-04-29

Applicant: Dell Products L.P.

Inventor： Nicholas D. Grobelny ,  Shun-Tang Hsu ,  Lip Vui Kan ,  Sumanth Vidyadhara

IPC: G06F9/4401 ,  H04L9/08

CPC classification number: G06F9/4408 ,  H04L9/088

Abstract: An information handling system is configured to support first and second boot sequences, which invokes first and second bootloaders respectively. The bootloaders may be stored in an NVMe storage boot partition. Each bootloader may be associated with a corresponding encryption key generated by a trusted platform module, which may seal the first and second keys in accordance with one or more measurements taken during the respective boot sequences. The system determines whether a boot sequence in progress comprises is to invoke the first or second bootloader. The system then unseals the appropriate encryption key to access the appropriate bootloader. The first bootloader may be a host OS bootloader and the second bootloader may be for a recovery resource invoked when the host OS fails to load. The recovery resource may enables BIOS to connect to a remote store and download an image via a HTTP mechanism.

公开(公告)号：US20230222200A1

公开(公告)日：2023-07-13

申请号：US17647796

申请日：2022-01-12

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Charles D. Robison

IPC: G06F21/44 ,  G06F21/60 ,  G06F21/34

CPC classification number: G06F21/44 ,  G06F21/34 ,  G06F21/606 ,  G06F2221/2153

Abstract: Systems and methods support transferring control of a workspace that operates on an Information Handling System (IHS). An authorization policy is established on the IHS that is modifiable only by an arbiter of a remote orchestration service. The authorization policy specifies authorized administrators of the workspace. The authorization policy is modified to specify the arbiter and a first remote orchestrator as authorized administrators of the workspace. Administration of the workspace by the first orchestrator is allowed based on credentials that validate it as an authorized administrator specified by the policy. A notification is received of a transfer of orchestration of the workspace to a second remote orchestrator. The authorization policy is modified to specify the arbiter and the second orchestrator as authorized administrators of the workspace. Administration of the workspace by the second orchestrator is allowed based on credentials that validate it as an authorized administrator specified by the policy.

公开(公告)号：US20230195904A1

公开(公告)日：2023-06-22

申请号：US17644844

申请日：2021-12-17

Applicant: Dell Products, L.P.

Inventor： David Konetski ,  Nicholas D. Grobelny ,  Girish S. Dhoble ,  Carlton A. Andrews ,  Ricardo L. Martinez

IPC: G06F21/60 ,  G06F9/455

CPC classification number: G06F21/60 ,  G06F9/45558 ,  G06F2009/45587 ,  G06F2221/2137

Abstract: Systems and methods are provided for swapping computing architectures used by workspaces operating on an Information Handling System (IHS). A first workspace definition is generated for deployment of a workspace on the IHS using a first computing architecture. A timer is initiated upon deployment of the workspace on the IHS according to the first workspace definition. Upon expiration of the timer, a second workspace definition is generated for redeployment of the workspace using a second computing architecture. The workspace is then redeployed on the IHS according to the second workspace definition. The duration of the timer may be a randomized interval, or may be selected based on security and/or productivity metrics for the deployment of the workspace on the IHS. Through swapping of the computing architecture used by the workspace, the attack surface presented by the workspace is regularly altered, thus thwarting malicious actors attempting to compromise the workspace.

公开(公告)号：US11659005B2

公开(公告)日：2023-05-23

申请号：US17123814

申请日：2020-12-16

Applicant: Dell Products, L.P.

Inventor： Girish S. Dhoble ,  Nicholas D. Grobelny ,  Charles D. Robison

IPC: H04L9/40 ,  G06F12/14 ,  G06F21/79 ,  H04L9/08 ,  G06F8/61

CPC classification number: H04L63/20 ,  G06F12/14 ,  G06F21/79 ,  H04L9/0861 ,  G06F8/61 ,  G06F2212/1052

Abstract: Systems and methods for self-protecting and self-refreshing workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a workspace based upon a workspace definition; determine that a context of the client IHS has been modified; in response to the determination, terminate the workspace; and receive, from the workspace orchestration service, one or more files or policies configured to enable the client IHS to re-instantiate the workspace based upon the workspace definition.

公开(公告)号：US11595322B2

公开(公告)日：2023-02-28

申请号：US17124295

申请日：2020-12-16

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Girish S. Dhoble ,  Joseph Kozlowski ,  David Konetski

IPC: H04L47/78 ,  G06F16/958 ,  G06F8/36 ,  H04L47/80

Abstract: Systems and methods for performing self-contained posture assessment from within a protected portable-code workspace are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory having program instructions that, upon execution, cause the IHS to: transmit, from an orchestration service to a local agent, a workspace definition that references an application, where the application comprises a first portion of code provided by a developer and a second portion of code provided by the orchestration service; and receive, from a local agent at the orchestration service, a message in response to the execution of the second portion of code within a workspace instantiated based upon the workspace definition. The second portion of code may inspect the contents of the runtime memory of the workspace upon execution, for example, by performing a stack canary check, a hash analysis, a boundary check, and/or a memory scan.

公开(公告)号：US20230042384A1

公开(公告)日：2023-02-09

申请号：US17972797

申请日：2022-10-25

Applicant: DELL PRODUCTS L.P.

Inventor： Nicholas D. Grobelny ,  Michael David ,  Christian L. Critz

IPC: G06F21/86 ,  G06F21/31 ,  H04L9/08 ,  E05B73/00 ,  G07C9/00

Abstract: A lock for an information handling system includes a sensor configured to detect removal of an element from a chassis prior to verification of a user credential, and a plunger that engages the chassis at a first position. A security controller verifies the user credential, and causes the muscle wire to move the plunger from the first position to a second position in response to the verified user credential.

公开(公告)号：US20220391498A1

公开(公告)日：2022-12-08

申请号：US17820100

申请日：2022-08-16

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/55 ,  G06F11/30 ,  G06F21/57 ,  G06F11/34

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor, and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: transmit, by a local management agent to a workspace orchestration service, an access request and context information; receive, at the local management agent from the workspace orchestration service, one or more files or policies configured to enable the local management agent to instantiate a workspace based upon a workspace definition, wherein the workspace orchestration service is configured to: (i) calculate a security target and a productivity target based upon the access request and the context information, and (ii) create the workspace definition based upon the security target and the productivity target; and instantiate the workspace.

公开(公告)号：US11496518B2

公开(公告)日：2022-11-08

申请号：US16530356

申请日：2019-08-02

Applicant: DELL PRODUCTS L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny ,  Jason Kolodziej

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/30 ,  H04L9/32

Abstract: Various embodiments of network access control (NAC) systems and methods are provided herein to control access to a network comprising a plurality of network endpoint nodes, where each network endpoint node includes a policy information point and a policy decision point. The policy information point within each network endpoint node stores a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node executes the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network, and executes consensus algorithm to select one of the network endpoint nodes to be a policy decision point leader.