-
公开(公告)号:US11496518B2
公开(公告)日:2022-11-08
申请号:US16530356
申请日:2019-08-02
Applicant: DELL PRODUCTS L.P.
Inventor: Charles D. Robison , Nicholas D. Grobelny , Jason Kolodziej
Abstract: Various embodiments of network access control (NAC) systems and methods are provided herein to control access to a network comprising a plurality of network endpoint nodes, where each network endpoint node includes a policy information point and a policy decision point. The policy information point within each network endpoint node stores a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node executes the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network, and executes consensus algorithm to select one of the network endpoint nodes to be a policy decision point leader.
-
52.发明申请公开(公告)号:US20220198043A1
公开(公告)日:2022-06-23
申请号:US17126073
申请日:2020-12-18
Applicant: Dell Products, L.P.
Inventor: Joseph Kozlowski , Ricardo L. Martinez , David Konetski , Carlton A. Andrews , Nicholas D. Grobelny , Charles D. Robison , Girish S. Dhoble
Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.
-
公开(公告)号:US20220179958A1
公开(公告)日:2022-06-09
申请号:US17111253
申请日:2020-12-03
Applicant: Dell Products, L.P.
Inventor: Charles D. Robison , Nicholas D. Grobelny
Abstract: Systems and methods for evaluating security risks using a manufacturer-signed software identification manifest are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a request to perform attestation of a client device; retrieve, from an agent executed by the client device, a manifest comprising: (i) a signature portion encrypted with a first key, and (ii) a software identification (SWID) portion encrypted with a second key; retrieve the first key from a manufacturer database; retrieve the second key from a customer database; decrypt the signature and the manifest with the first and second keys; and perform the attestation using the decrypted manifest.
-
公开(公告)号:US20220103432A1
公开(公告)日:2022-03-31
申请号:US17643291
申请日:2021-12-08
Applicant: Dell Products, L.P.
Inventor: Carlton A. Andrews , Girish S. Dhoble , Nicholas D. Grobelny , David Konetski , Joseph Kozlowski , Ricardo L. Martinez , Charles D. Robison
Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.
-
55.发明申请公开(公告)号:US20210243030A1
公开(公告)日:2021-08-05
申请号:US16777415
申请日:2020-01-30
Applicant: DELL PRODUCTS L.P.
Inventor: Charles D. Robison , Nicholas D. Grobelny , Amy C. Nelson
Abstract: Various embodiments of systems and methods are provided to bind a system identifier that uniquely identifies an information handling system (IHS) to the system platform, so that the identity of the IHS can be cryptographically verified. More specifically, the present disclosure provides methods to bind a unique system identifier to an IHS platform, and methods to cryptographically verify the identity of the IHS using the unique system identifier and a plurality of keys generated and stored with a Trusted Platform Module (TPM) of the IHS. Systems are provided herein to perform such methods. As such, the systems and methods disclosed herein enable system identity to be irrefutably verified, thereby preventing theft and misuse of system identity.
-
Patent Agency Ranking
公开(公告)号:US11048551B2
公开(公告)日:2021-06-29
申请号:US15962275
申请日:2018-04-25
Applicant: Dell Products, L.P.
Inventor: Joseph Kozlowski , Ricardo L. Martinez , Abeye Teshome , Charles D. Robison , Girish S. Dhoble
Abstract: A secured container provides access to enterprise data while isolated from the operating system of an Information Handling System (IHS). The secured container remains secured during its delivery and deployment. A secured container is configured to provide a user of the IHS with access to enterprise data. The secured container is encrypted using a symmetrical key that is transmitted to a secured storage that is isolated from the operating system of the IHS via out-of-band communications. The encrypted secured container is digitally signed using an asymmetric key pair. The digital signature and the encrypted secured container are transmitted to the IHS via in-band communications. At the IHS, the public key of the asymmetric key pair is used to validate the digital signature and the private symmetric key is retrieved from secured storage to decrypt the secured container. Additional embodiments provide a technique for securely migrating a secured container between IHSs.
-
公开(公告)号:US20210133318A1
公开(公告)日:2021-05-06
申请号:US16670848
申请日:2019-10-31
Applicant: Dell Products, L.P.
Inventor: Carlton A. Andrews , Girish S. Dhoble , Nicholas D. Grobelny , David Konetski , Joseph Kozlowski , Ricardo L. Martinez , Charles D. Robison
Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor, and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: transmit, by a local management agent to a workspace orchestration service, an access request and context information; receive, at the local management agent from the workspace orchestration service, one or more files or policies configured to enable the local management agent to instantiate a workspace based upon a workspace definition, wherein the workspace orchestration service is configured to: (i) calculate a security target and a productivity target based upon the access request and the context information, and (ii) create the workspace definition based upon the security target and the productivity target; and instantiate the workspace.
-
公开(公告)号:US10990706B2
公开(公告)日:2021-04-27
申请号:US15962641
申请日:2018-04-25
Applicant: Dell Products, L.P.
Inventor: Charles D. Robison , Andrew T. Fausak , Abeye Teshome , Ricardo L. Martinez , Girish S. Dhoble , Carlton A. Andrews , David Konetski
Abstract: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order. The integrity of the secured container, and each modification, is thus validated.
-
公开(公告)号:US10949540B2
公开(公告)日:2021-03-16
申请号:US15926551
申请日:2018-03-20
Applicant: DELL PRODUCTS L.P.
Inventor: Carlton A. Andrews , Charles D. Robison , Andrew T. Fausak , David Konetski , Girish S. Dhoble , Ricardo L. Martinez , Joseph Kozlowski
Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.
-
公开(公告)号:US20210037060A1
公开(公告)日:2021-02-04
申请号:US16530356
申请日:2019-08-02
Applicant: DELL PRODUCTS L.P.
Inventor: Charles D. Robison , Nicholas D. Grobelny , Jason Kolodziej
Abstract: Various embodiments of network access control (NAC) systems and methods are provided herein to control access to a network comprising a plurality of network endpoint nodes, where each network endpoint node includes a policy information point and a policy decision point. The policy information point within each network endpoint node stores a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node executes the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network, and executes consensus algorithm to select one of the network endpoint nodes to be a policy decision point leader.
-
-
-
-
-
-
-
-
-
Search Results
132
records
(took 0.031 seconds)
