公开(公告)号：US11876900B2

公开(公告)日：2024-01-16

申请号：US17747160

申请日：2022-05-18

Applicant: DELL PRODUCTS L.P.

Inventor： Nicholas D. Grobelny ,  Richard M. Tonry ,  Balasingh P. Samuel

IPC: H04L9/08 ,  H04L9/06 ,  G06F21/52 ,  G06F21/54 ,  G06F21/64 ,  G06F21/12

CPC classification number: H04L9/0869 ,  G06F21/12 ,  G06F21/52 ,  G06F21/54 ,  G06F21/64 ,  H04L9/0643 ,  H04L9/0877 ,  H04L9/0897

Abstract: A system includes a communication channel monitor configured to calculate a hash value of a first encrypted code segment based on a measurement. A security module may derive a first encryption key using a key decryption function operation from the hash value of the first encrypted code segment. A processor decrypts the first encrypted code segment with a seed key retrieved from a storage device, and if the decryption is successful then executes the first decrypted code segment. The processor may retrieve a second one of the encrypted code segments, wherein the second encrypted code segment is a next encrypted code segment for execution after the first encrypted code segment according to a sequence of execution, decrypt the second encrypted code segment with the first encryption key, and if the decryption is successful then execute the second decrypted code segment.

公开(公告)号：US20230274001A1

公开(公告)日：2023-08-31

申请号：US17652519

申请日：2022-02-25

Applicant: Dell Products, L.P.

Inventor： John Boyle ,  Ricardo L. Martinez ,  Nicholas D. Grobelny ,  Sudhakaran Jayakrishnan Venkateshaperumal ,  Justin W. Johnson ,  Golam Sarwar

IPC: G06F21/57 ,  G06F21/73 ,  G06F21/79

CPC classification number: G06F21/572 ,  G06F21/575 ,  G06F21/73 ,  G06F21/79

Abstract: Systems and methods for off-host integrity verification of Trusted Execution Environments (TEEs) are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to obtain, by an Operating System (OS) agent, a measurement of contents of a selected area of a Non-Volatile Memory (NVM) used by a TEE coupled to the processor, transmit the measurement from the OS agent to another IHS configured to perform integrity verification of the TEE based, at least in part, upon the measurement, and receive, at the OS agent from the other IHS, an indication of a result of the integrity verification.

公开(公告)号：US11727122B2

公开(公告)日：2023-08-15

申请号：US17930330

申请日：2022-09-07

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/57 ,  G06F9/455

CPC classification number: G06F21/577 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45587

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service, the IHS comprising a processor and a memory coupled to the processor, the memory having program instructions stored thereon that cause the IHS to: receive initial context information from a local management agent; produce a first workspace definition based upon the initial context information, where the local management agent is configured to instantiate a first workspace based upon the first workspace definition; receive updated context information from the local management agent; and in response to the updated context information being noncompliant with attributes of the first workspace definition, select a second workspace definition, where the updated context information complies with the attributes of the second workspace definition, and the local management agent is configured to instantiate a second workspace based upon the second workspace definition.

公开(公告)号：US20230179613A1

公开(公告)日：2023-06-08

申请号：US17457934

申请日：2021-12-07

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Nicholas D. Grobelny ,  Girish S. Dhoble ,  Ricardo L. Martinez

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1466 ,  H04L63/1416

Abstract: Systems and methods for detecting security attacks using workspace orchestration logs are described. In some embodiments, a workspace orchestration server may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, may cause the server to: maintain a first workspace orchestration log, receive a second workspace orchestration log from a client Information Handling System (IHS), and identify the security attack, at least in part, in response to a discrepancy between the first and second workspace orchestration logs.

公开(公告)号：US20230063135A1

公开(公告)日：2023-03-02

申请号：US18049716

申请日：2022-10-26

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Ricardo L. Martinez ,  Carlton A. Andrews ,  Charles D. Robison

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

公开(公告)号：US11586738B2

公开(公告)日：2023-02-21

申请号：US17111253

申请日：2020-12-03

Applicant: Dell Products, L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny

IPC: G06F21/57 ,  G06F21/60 ,  G06F21/74 ,  G06F21/73 ,  G06F21/64

Abstract: Systems and methods for evaluating security risks using a manufacturer-signed software identification manifest are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a request to perform attestation of a client device; retrieve, from an agent executed by the client device, a manifest comprising: (i) a signature portion encrypted with a first key, and (ii) a software identification (SWID) portion encrypted with a second key; retrieve the first key from a manufacturer database; retrieve the second key from a customer database; decrypt the signature and the manifest with the first and second keys; and perform the attestation using the decrypted manifest.

公开(公告)号：US20230004656A1

公开(公告)日：2023-01-05

申请号：US17930330

申请日：2022-09-07

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/57 ,  G06F9/455

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service, the IHS comprising a processor and a memory coupled to the processor, the memory having program instructions stored thereon that cause the IHS to: receive initial context information from a local management agent; produce a first workspace definition based upon the initial context information, where the local management agent is configured to instantiate a first workspace based upon the first workspace definition; receive updated context information from the local management agent; and in response to the updated context information being noncompliant with attributes of the first workspace definition, select a second workspace definition, where the updated context information complies with the attributes of the second workspace definition, and the local management agent is configured to instantiate a second workspace based upon the second workspace definition.

公开(公告)号：US11487881B2

公开(公告)日：2022-11-01

申请号：US16670796

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/57 ,  G06F9/455

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service, the IHS comprising a processor and a memory coupled to the processor, the memory having program instructions stored thereon that cause the IHS to: receive initial context information from a local management agent; produce a first workspace definition based upon the initial context information, where the local management agent is configured to instantiate a first workspace based upon the first workspace definition; receive updated context information from the local management agent; and in response to the updated context information being noncompliant with attributes of the first workspace definition, select a second workspace definition, where the updated context information complies with the attributes of the second workspace definition, and the local management agent is configured to instantiate a second workspace based upon the second workspace definition.

公开(公告)号：US11481248B2

公开(公告)日：2022-10-25

申请号：US16985977

申请日：2020-08-05

Applicant: Dell Products L.P.

Inventor： Balasingh P. Samuel ,  Richard M. Tonry ,  Nicholas D. Grobelny

IPC: G06F9/48 ,  G06F9/54

Abstract: An SMI task to be completed across multiple SMI events. An OS agent can be employed to determine a current load on a computing device. Based on the load, the OS agent can create an SMI message that specifies a maximum duration for an SMI event and that segments the SMI data for the SMI task. The OS agent can provide the SMI message to BIOS as part of requesting that the SMI task be performed. During the resulting SMI event, the BIOS can reassemble the segmented SMI data and then perform the SMI task. If this processing cannot be completed within the specified maximum duration for an SMI event, the BIOS can pause its processing and cause a subsequent SMI event to occur during which the processing can be resumed. In this way, the SMI task can be completed across multiple SMI events while ensuring that no single SMI event exceeds the specified maximum duration.

公开(公告)号：USRE49226E1

公开(公告)日：2022-09-27

申请号：US16177115

申请日：2018-10-31

Applicant: DELL PRODUCTS, L.P.

Inventor： James T. Gillon ,  Thomas E. Voor ,  Nicholas D. Grobelny ,  Nathan F. Martell

IPC: H04L61/5038 ,  H04L61/5084

Abstract: An information handling system (IHS) unambiguously addresses networked devices connected by a local area network (LAN) based network interface controller (NIC) by detecting a device descriptor of LAN-based NIC, determining that the device descriptor indicates a capability for assigning a reserve media access control (MAC) address to the networked device, writing the reserve MAC address in the LAN-based NIC of the networked device, and associating the reserve MAC address with the networked device in an inventory data structure for the IHS.