公开(公告)号：US11568091B2

公开(公告)日：2023-01-31

申请号：US17149956

申请日：2021-01-15

Applicant: Dell Products L.P.

Inventor： Charles D. Robison ,  Vaibhav Soni

IPC: H04L29/06 ,  G06F21/73 ,  H04L9/32 ,  H04L9/06 ,  H04L9/00

Abstract: A system, method, and computer-readable medium are disclosed for attesting component certificates to particular devices. An enterprise hosted integrity protected distributed ledger, such as a block chain, is provided to publish component certificates. Component vendors are provided authorization tokens to publish their component certificates. Manifests are generated by the original equipment manufacturer (OEM) that includes vendor component identifiers. End users discover the distributed ledger through a verification mechanism, and the component certificates are retrieved from the distributed ledger.

公开(公告)号：US20220200806A1

公开(公告)日：2022-06-23

申请号：US17126077

申请日：2020-12-18

Applicant: Dell Products, L.P.

Inventor： Nicholas D. Grobelny ,  Ricardo L. Martinez ,  Carlton A. Andrews ,  Charles D. Robison

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: Systems and methods for providing trusted local orchestration of workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a system memory coupled to the processor, the system memory having program instructions stored thereon that, upon execution, cause the IHS to: receive an orchestration code from a workspace orchestration service; record, using a trusted controller coupled to the processor, a log comprising: the orchestration code, and an indication of a sequence of operations performed during an instantiation of a workspace by the local management agent; provide a copy of the log to the workspace orchestration service; and establish a connection between the workspace and the workspace orchestration service in response to the workspace orchestration service's successful: (i) authentication of the orchestration code, and (ii) verification of the sequence of operations.

公开(公告)号：US20220200796A1

公开(公告)日：2022-06-23

申请号：US17126070

申请日：2020-12-18

Applicant: Dell Products, L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny ,  Ricardo L. Martinez

IPC: H04L9/08 ,  H04L9/14 ,  G06F9/455

Abstract: Systems and methods for multilayer encryption for user privacy compliance and corporate confidentiality are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: transmit, from a workspace instantiated by a local management agent to a portal managed by an enterprise: (i) a request to store a once-encrypted document, and (ii) an indication that the once-encrypted document is encrypted with a controlvault key; receive, from the portal at the workspace, a request to encrypt the once-encrypted document with an enterprise-issued cryptographic key to produce a twice-encrypted document; and transmit, from the workspace to the portal, a copy of the twice-encrypted document.

公开(公告)号：US20220171853A1

公开(公告)日：2022-06-02

申请号：US17110043

申请日：2020-12-02

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Joseph Kozlowski ,  Charles D. Robison ,  David Konetski ,  Nicholas D. Grobelny

IPC: G06F21/57 ,  G06F21/54 ,  G06F21/60 ,  G06F21/31

Abstract: Systems and methods for bare-metal or pre-boot user-machine authentication, binding, and entitlement provisioning are described. In some embodiments, a method may include: receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of the IHS, and (ii) device identification associated with the IHS before the IHS is shipped to the user; selecting a customer of the manufacturer associated with the device identification; forwarding an indication of the user credentials to a second portal managed by the customer; and, in response to the second portal having successfully authenticated the user, establishing an identity session with the second portal; receiving, from the IHS, a request to initiate an entitlement sequence.

公开(公告)号：US11316902B2

公开(公告)日：2022-04-26

申请号：US16671045

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L29/00 ,  H04L29/06

Abstract: Methods and system are provided for dynamically securing a workspace based on changes in the security context in which the workspace operates. Upon receiving a request from an IHS for access to a managed resource and receiving attributes of a risk context for the request, a risk score for the request is determined. A workspace definition that provides access to the managed resource is selected based on the risk score. A workspace definition includes security requirements for operation of the workspace by the IHS, where the security requirements are commensurate with the risk score. The workspace definition is transmitted to the IHS for operation of the workspace according to the security requirements. A risk context may include, IHS software, a physical environment in which the IHS is located, a physical location of the IHS, a classification of the requested resource, IHS hardware, and a user of the IHS.

公开(公告)号：US11240109B2

公开(公告)日：2022-02-01

申请号：US16670516

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/06 ,  H04L29/08

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.

公开(公告)号：US20210136082A1

公开(公告)日：2021-05-06

申请号：US16670910

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L29/06

Abstract: Systems and methods provide multilevel authorization of workspaces using certificates, where all of the authorization levels may be authorized separately or may instead be authorized at once. A measurement of an IHS (Information Handling System) is calculated based on the identity of the IHS and based on firmware of the IHS. A measurement of the configuration of the IHS is calculated based on information for configuring the IHS for supporting workspaces and also based on the IHS measurement. A measurement of a workspace session is calculated based on properties of a session used to remotely support operation of the workspace by the IHS and also based on the configuration measurement. Workspace session data may by authorized at all three levels by evaluating the session measurement against a reference session measurement.

公开(公告)号：US10855619B1

公开(公告)日：2020-12-01

申请号：US16670969

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L29/06 ,  H04L12/911 ,  H04L12/917

Abstract: Systems and methods adjust workspaces based on available hardware resource of an IHS (Information Handling System) by which a user operates a workspace supported by a remote orchestration service. A security context and a productivity context of the IHS are determined based on reported context information. A workspace definition for providing access to a managed resource is selected based on the security context and the productivity context. A notification specifies a hardware resource of the IHS that is not used by the workspace definition, such as a microphone or camera that has not been enabled for use by workspaces. A productivity improvement that results from the updated productivity context that includes use of the first hardware resource is determined. Based on the productivity improvement, an updated workspace definition is selected that includes use of the first hardware resource in providing access to the managed resource via the IHS.

公开(公告)号：US20190332421A1

公开(公告)日：2019-10-31

申请号：US15962275

申请日：2018-04-25

Applicant: Dell Products, L.P.

Inventor： Joseph Kozlowski ,  Ricardo L. Martinez ,  Abeye Teshome ,  Charles D. Robison ,  Girish S. Dhoble

IPC: G06F9/48 ,  H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F9/455

Abstract: A secured container provides access to enterprise data while isolated from the operating system of an Information Handling System (IHS). The secured container remains secured during its delivery and deployment. A secured container is configured to provide a user of the IHS with access to enterprise data. The secured container is encrypted using a symmetrical key that is transmitted to a secured storage that is isolated from the operating system of the IHS via out-of-band communications. The encrypted secured container is digitally signed using an asymmetric key pair. The digital signature and the encrypted secured container are transmitted to the IHS via in-band communications. At the IHS, the public key of the asymmetric key pair is used to validate the digital signature and the private symmetric key is retrieved from secured storage to decrypt the secured container. Additional embodiments provide a technique for securely migrating a secured container between IHSs.

公开(公告)号：US20190294800A1

公开(公告)日：2019-09-26

申请号：US15926551

申请日：2018-03-20

Applicant: DELL PRODUCTS L.P.

Inventor： Carlton A. Andrews ,  Charles D. Robison ,  Andrew T. Fausak ,  David Konetski ,  Girish S. Dhoble ,  Ricardo L. Martinez ,  Joseph Kozlowski

IPC: G06F21/57 ,  G06F21/60 ,  G06F21/64

Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.