公开(公告)号：US11720682B2

公开(公告)日：2023-08-08

申请号：US17110043

申请日：2020-12-02

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Joseph Kozlowski ,  Charles D. Robison ,  David Konetski ,  Nicholas D. Grobelny

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/60 ,  G06F21/54

CPC classification number: G06F21/575 ,  G06F21/31 ,  G06F21/54 ,  G06F21/602

Abstract: Systems and methods for bare-metal or pre-boot user-machine authentication, binding, and entitlement provisioning are described. In some embodiments, a method may include: receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of the IHS, and (ii) device identification associated with the IHS before the IHS is shipped to the user; selecting a customer of the manufacturer associated with the device identification; forwarding an indication of the user credentials to a second portal managed by the customer; and, in response to the second portal having successfully authenticated the user, establishing an identity session with the second portal; receiving, from the IHS, a request to initiate an entitlement sequence.

公开(公告)号：US20230084956A1

公开(公告)日：2023-03-16

申请号：US17477355

申请日：2021-09-16

Applicant: DELL PRODUCTS L.P.

Inventor： Charles D. Robison ,  Shekar B. Suryanarayana ,  Srikanth S. Krishnamurthy

IPC: G06F21/57 ,  H04L9/06 ,  H04L9/08 ,  H04L9/32

Abstract: The present disclosure provides various embodiments of information handling systems and related methods to generate a cryptographic key, which may be used to cryptographically verify information handling system (IHS) platform components and track events associated with the platform components. In the embodiments disclosed herein, a wide variety of platform-related information may be collected from a plurality of system platform components and embedded into a single cryptographic key. Once a cryptographic key is generated, it may be decoded and/or compared with cryptographic key(s) subsequently generated by the IHS to securely verify the system platform components, determine if changes have been made to the system platform components, facilitate system diagnostics and/or perform additional functions.

公开(公告)号：US11604880B2

公开(公告)日：2023-03-14

申请号：US16800751

申请日：2020-02-25

Applicant: DELL PRODUCTS L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny ,  Amy C. Nelson

IPC: G06F21/57 ,  H04L9/32 ,  H04L9/40 ,  H04L9/08 ,  G06F9/4401

Abstract: The present disclosure provides various embodiments of systems and related methods to track and cryptographically verify system configuration changes. More specifically, systems and methods are disclosed herein to track an original system configuration of an information handling system (IHS) as the system was built by a manufacturing facility, and any system configuration changes that are made to the original system configuration after the IHS leaves the manufacturing facility. Once a user takes ownership of the IHS, systems and methods disclosed herein may be used to cryptographically verify a current system configuration of the IHS. In doing so, the present disclosure provides a way to authenticate or validate system configuration changes that may occur after the IHS leaves the manufacturing facility.

公开(公告)号：US11481497B2

公开(公告)日：2022-10-25

申请号：US17018416

申请日：2020-09-11

Applicant: Dell Products L.P.

Inventor： Anantha K. Boyapalle ,  Charles D. Robison ,  Amy C. Nelson

IPC: G06F21/57 ,  H04L9/40 ,  G06F21/55 ,  G06F21/72

Abstract: A method may include, during execution of a basic input/output system comprising boot firmware configured to be the first code executed by the processor when the information handling system is booted and/or powered on and execute prior to execution of an operating system of the information handling system, executing a hardware attestation verification application configured to: (i) read a platform certificate comprising information associated with one or more information handling resources of the information handling system recorded during creation of the platform certificate; (ii) perform hardware attestation of the information handling system by comparing information associated with the one or more information handling resources and the information stored within the platform certificate; and (iii) generate a log indicative of the results of the hardware attestation.

公开(公告)号：US20220200989A1

公开(公告)日：2022-06-23

申请号：US17126144

申请日：2020-12-18

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Charles D. Robison ,  Nicholas D. Grobelny ,  Joseph Kozlowski ,  David Konetski

IPC: H04L29/06

Abstract: Systems and methods for workspace deployment using a secondary trusted device are described. In some embodiments, a first Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the first IHS to: establish a first connection with a second IHS, where the second IHS is configured to establish a second connection with a workspace orchestration service, and where the workspace orchestration service is configured to: receive device identification information of the first IHS from the second IHS; and authenticate the device identification information against a database provided by a manufacturer of the first IHS; and in response to a successful authentication, establish a third connection with the workspace orchestration service.

公开(公告)号：US11336655B2

公开(公告)日：2022-05-17

申请号：US16670910

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L29/06

Abstract: Systems and methods provide multilevel authorization of workspaces using certificates, where all of the authorization levels may be authorized separately or may instead be authorized at once. A measurement of an IHS (Information Handling System) is calculated based on the identity of the IHS and based on firmware of the IHS. A measurement of the configuration of the IHS is calculated based on information for configuring the IHS for supporting workspaces and also based on the IHS measurement. A measurement of a workspace session is calculated based on properties of a session used to remotely support operation of the workspace by the IHS and also based on the configuration measurement. Workspace session data may by authorized at all three levels by evaluating the session measurement against a reference session measurement.

公开(公告)号：US11334675B2

公开(公告)日：2022-05-17

申请号：US16671006

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/60 ,  G06F21/82 ,  G06F21/62 ,  H04L47/70 ,  G06F9/54 ,  H04L47/78 ,  G06F21/74

Abstract: Systems and methods support secure transfer of data between workspaces operating on an IHS (Information Handling System). Upon a request for access to a first managed resource, such as protected data, a first workspace is deployed according to a first workspace definition. Upon a request for access to a second managed resource, a second workspace is deployed according to a second workspace definition. In response to an indication of a portion of the protected data from the first workspace being copied to a buffer supported by the IHS and of a request to paste the copied portion of the protected data to the second workspace, the protections provided by the second workspace are evaluated. If the protections of the second workspace are inadequate, an updated second workspace definition is selected that specifies additional protections. The second workspace is updated according to the updated second workspace definition and the transfer is permitted.

公开(公告)号：US20210266184A1

公开(公告)日：2021-08-26

申请号：US16800751

申请日：2020-02-25

Applicant: DELL PRODUCTS L.P.

Inventor： Charles D. Robison ,  Nicholas D. Grobelny ,  Amy C. Nelson

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

Abstract: The present disclosure provides various embodiments of systems and related methods to track and cryptographically verify system configuration changes. More specifically, systems and methods are disclosed herein to track an original system configuration of an information handling system (IHS) as the system was built by a manufacturing facility, and any system configuration changes that are made to the original system configuration after the IHS leaves the manufacturing facility. Once a user takes ownership of the IHS, systems and methods disclosed herein may be used to cryptographically verify a current system configuration of the IHS. In doing so, the present disclosure provides a way to authenticate or validate system configuration changes that may occur after the IHS leaves the manufacturing facility.

公开(公告)号：US20210168093A1

公开(公告)日：2021-06-03

申请号：US17107345

申请日：2020-11-30

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: H04L12/911 ,  H04L12/917 ,  H04L29/06

Abstract: Systems and methods adjust workspaces based on available hardware resource of an IHS (Information Handling System) by which a user operates a workspace supported by a remote orchestration service. A security context and a productivity context of the IHS are determined based on reported context information. A workspace definition for providing access to a managed resource is selected based on the security context and the productivity context. A notification specifies a hardware resource of the IHS that is not used by the workspace definition, such as a microphone or camera that has not been enabled for use by workspaces. A productivity improvement that results from the updated productivity context that includes use of the first hardware resource is determined. Based on the productivity improvement, an updated workspace definition is selected that includes use of the first hardware resource in providing access to the managed resource via the IHS.

公开(公告)号：US20210133336A1

公开(公告)日：2021-05-06

申请号：US16671006

申请日：2019-10-31

Applicant: Dell Products, L.P.

Inventor： Carlton A. Andrews ,  Girish S. Dhoble ,  Nicholas D. Grobelny ,  David Konetski ,  Joseph Kozlowski ,  Ricardo L. Martinez ,  Charles D. Robison

IPC: G06F21/60 ,  G06F21/62 ,  G06F9/54 ,  H04L12/911

Abstract: Systems and methods support secure transfer of data between workspaces operating on an IHS (Information Handling System). Upon a request for access to a first managed resource, such as protected data, a first workspace is deployed according to a first workspace definition. Upon a request for access to a second managed resource, a second workspace is deployed according to a second workspace definition. In response to an indication of a portion of the protected data from the first workspace being copied to a buffer supported by the IHS and of a request to paste the copied portion of the protected data to the second workspace, the protections provided by the second workspace are evaluated. If the protections of the second workspace are inadequate, an updated second workspace definition is selected that specifies additional protections. The second workspace is updated according to the updated second workspace definition and the transfer is permitted.