公开(公告)号：US20220191152A1

公开(公告)日：2022-06-16

申请号：US17124295

申请日：2020-12-16

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Girish S. Dhoble ,  Joseph Kozlowski ,  David Konetski

IPC: H04L12/911 ,  H04L12/927 ,  G06F8/36 ,  G06F16/958

Abstract: Systems and methods for performing self-contained posture assessment from within a protected portable-code workspace are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory having program instructions that, upon execution, cause the IHS to: transmit, from an orchestration service to a local agent, a workspace definition that references an application, where the application comprises a first portion of code provided by a developer and a second portion of code provided by the orchestration service; and receive, from a local agent at the orchestration service, a message in response to the execution of the second portion of code within a workspace instantiated based upon the workspace definition. The second portion of code may inspect the contents of the runtime memory of the workspace upon execution, for example, by performing a stack canary check, a hash analysis, a boundary check, and/or a memory scan.

公开(公告)号：US11336655B2

公开(公告)日：2022-05-17

申请号：US16670910

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L29/06

Abstract: Systems and methods provide multilevel authorization of workspaces using certificates, where all of the authorization levels may be authorized separately or may instead be authorized at once. A measurement of an IHS (Information Handling System) is calculated based on the identity of the IHS and based on firmware of the IHS. A measurement of the configuration of the IHS is calculated based on information for configuring the IHS for supporting workspaces and also based on the IHS measurement. A measurement of a workspace session is calculated based on properties of a session used to remotely support operation of the workspace by the IHS and also based on the configuration measurement. Workspace session data may by authorized at all three levels by evaluating the session measurement against a reference session measurement.

公开(公告)号：US11334675B2

公开(公告)日：2022-05-17

申请号：US16671006

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/60 ,  G06F21/82 ,  G06F21/62 ,  H04L47/70 ,  G06F9/54 ,  H04L47/78 ,  G06F21/74

Abstract: Systems and methods support secure transfer of data between workspaces operating on an IHS (Information Handling System). Upon a request for access to a first managed resource, such as protected data, a first workspace is deployed according to a first workspace definition. Upon a request for access to a second managed resource, a second workspace is deployed according to a second workspace definition. In response to an indication of a portion of the protected data from the first workspace being copied to a buffer supported by the IHS and of a request to paste the copied portion of the protected data to the second workspace, the protections provided by the second workspace are evaluated. If the protections of the second workspace are inadequate, an updated second workspace definition is selected that specifies additional protections. The second workspace is updated according to the updated second workspace definition and the transfer is permitted.

公开(公告)号：US20210266184A1

公开(公告)日：2021-08-26

申请号：US16800751

申请日：2020-02-25

Applicant: DELL PRODUCTS L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny ,  Amy C. Nelson

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: The present disclosure provides various embodiments of systems and related methods to track and cryptographically verify system configuration changes. More specifically, systems and methods are disclosed herein to track an original system configuration of an information handling system (IHS) as the system was built by a manufacturing facility, and any system configuration changes that are made to the original system configuration after the IHS leaves the manufacturing facility. Once a user takes ownership of the IHS, systems and methods disclosed herein may be used to cryptographically verify a current system configuration of the IHS. In doing so, the present disclosure provides a way to authenticate or validate system configuration changes that may occur after the IHS leaves the manufacturing facility.

公开(公告)号：US20210168093A1

公开(公告)日：2021-06-03

申请号：US17107345

申请日：2020-11-30

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L12/911 ,  H04L12/917 ,  H04L29/06

Abstract: Systems and methods adjust workspaces based on available hardware resource of an IHS (Information Handling System) by which a user operates a workspace supported by a remote orchestration service. A security context and a productivity context of the IHS are determined based on reported context information. A workspace definition for providing access to a managed resource is selected based on the security context and the productivity context. A notification specifies a hardware resource of the IHS that is not used by the workspace definition, such as a microphone or camera that has not been enabled for use by workspaces. A productivity improvement that results from the updated productivity context that includes use of the first hardware resource is determined. Based on the productivity improvement, an updated workspace definition is selected that includes use of the first hardware resource in providing access to the managed resource via the IHS.

公开(公告)号：US20210133336A1

公开(公告)日：2021-05-06

申请号：US16671006

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/60 ,  G06F21/62 ,  G06F9/54 ,  H04L12/911

Abstract: Systems and methods support secure transfer of data between workspaces operating on an IHS (Information Handling System). Upon a request for access to a first managed resource, such as protected data, a first workspace is deployed according to a first workspace definition. Upon a request for access to a second managed resource, a second workspace is deployed according to a second workspace definition. In response to an indication of a portion of the protected data from the first workspace being copied to a buffer supported by the IHS and of a request to paste the copied portion of the protected data to the second workspace, the protections provided by the second workspace are evaluated. If the protections of the second workspace are inadequate, an updated second workspace definition is selected that specifies additional protections. The second workspace is updated according to the updated second workspace definition and the transfer is permitted.

公开(公告)号：US20210034733A1

公开(公告)日：2021-02-04

申请号：US16526467

申请日：2019-07-30

Applicant: DELL PRODUCTS L.P.

Inventor： Nicholas D. Grobelny ,  Richard M. Tonry ,  Balasingh P. Samuel

IPC: G06F21/44 ,  G06F21/57 ,  G06F9/4401

Abstract: Systems and methods are disclosed herein that may implement an information handling system including a gateway and a peripheral device monitor. The gateway may interface peripheral devices and control access of host resources of the information handling system by any of the peripheral devices. The peripheral device monitor may detect connection of an unverified peripheral device to the gateway, perform a trust verification process with the unverified peripheral device, control the gateway to enable access of the host resources by the unverified peripheral device when the unverified peripheral device becomes verified, and control the gateway to prevent access to the host resources by the unverified peripheral device when the unverified peripheral device fails the trust verification process. The trust verification process may include validating a device certificate and verifying a digest of boot code of the peripheral device. The peripheral device monitor may perform a verification failure procedure when the unverified peripheral device fails the trust verification process.

公开(公告)号：US20190196575A1

公开(公告)日：2019-06-27

申请号：US15852661

申请日：2017-12-22

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Jacob Mink ,  Rick C. Thompson ,  Nikhil Manohar Vichare

IPC: G06F1/32 ,  G06F1/26 ,  H02J7/00 ,  H02J7/04

Abstract: Systems and methods for remotely applying battery management policies based on local user behavior. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a battery management policy from a remote server; and apply the battery management policy to the IHS, wherein the battery management policy is selected based upon a local user's behavior.

公开(公告)号：US09846616B2

公开(公告)日：2017-12-19

申请号：US14280157

申请日：2014-05-16

Applicant: Dell Products L.P.

Inventor： Nicholas D. Grobelny

IPC: G06F11/14 ,  G06F9/44 ,  G06F11/07

CPC classification number: G06F11/1417 ,  G06F9/4401 ,  G06F9/441 ,  G06F11/0706 ,  G06F11/0757 ,  G06F11/1438 ,  G06F2201/805

Abstract: A boot recovery system includes a serial peripheral interface (SPI) storage that stores a primary boot block. A primary SPI controller is connected to the SPI storage through a primary SPI bus. An embedded controller (EC) includes an EC storage that stores a recovery boot block. The EC is coupled to the primary SPI bus through a secondary SPI bus. The EC is configured to determine that the primary boot block should be replaced, retrieve the recovery boot block from the EC storage, replace the primary boot block in the SPI storage with the recovery boot block through the secondary SPI bus, and initiate an information handling system (IHS) reboot process. The determining, retrieving, replacing, and initiating may be performed by the EC while a processing system that is coupled to the primary SPI controller is not in an operating mode.

公开(公告)号：US20240244045A1

公开(公告)日：2024-07-18

申请号：US18155839

申请日：2023-01-18

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny

IPC: H04L9/40 ,  G06F8/77 ,  G06F21/62

CPC classification number: H04L63/0823 ,  G06F8/77 ,  G06F21/6218 ,  H04L63/0876 ,  H04L63/20

Abstract: Systems and methods for managing credentials usable in the orchestration of workspaces by multiple remote orchestrators are described. In an illustrative, non-limiting embodiment, an Information Handling System (IHS), may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: allow a first remote orchestrator to manage a workspace instantiated by the IHS in response to the first remote orchestrator having a first credential, where the first remote orchestrator is associated with a first domain; receive a request from a second remote orchestrator to manage the workspace, where the second remote orchestrator is associated with a second domain within the first domain; and allow the second remote orchestrator to manage the workspace in response to a determination that the second remote orchestrator has a second credential provided by the first remote orchestrator.