-
公开(公告)号:US12073233B2
公开(公告)日:2024-08-27
申请号:US17648033
申请日:2022-01-14
申请人: Dell Products, L.P.
IPC分类号: G06F9/445 , G06F9/4401 , G06F9/50 , H04L9/40
CPC分类号: G06F9/4451 , G06F9/4403 , G06F9/44505 , G06F9/44536 , G06F9/50 , H04L63/08
摘要: Systems and methods are provided that support configuration of settings of an Information Handling System (IHS), such as by external configuration tools that are delegated authority to configure any portion of the configurable settings of IHS. During factory provisioning of the IHS, an inventory of configurable settings of the IHS is generated and permissions are assigned for configuration of a portion of the configurable IHS settings by a configuration tool. During the factory provisioning, credentials are stored to the IHS for authenticating communications from the assigned configuration tool. Once the IHS has been delivered and deployed, configuration of the assigned portion of IHS is allowed when configuration requests from the assigned configuration tool are successfully validated against the credentials stored to the IHS during factory provisioning. The configurable settings of the IHS may include BIOS settings, operating system settings and settings supported by hardware components of the IHS.
-
公开(公告)号:US20240028713A1
公开(公告)日:2024-01-25
申请号:US17870912
申请日:2022-07-22
申请人: Dell Products L.P.
CPC分类号: G06F21/554 , G06F21/568 , G06F21/552
摘要: Workspace instantiations are monitored for potentially suspicious behavior. A client endpoint computer creates and maintains a log of historical events associated with a workspace instantiation. Each time the client endpoint computer processes an event associated with the workspace instantiation, the client endpoint computer adds and timestamps a new entry in the log of the historical events associated with the workspace instantiation. The log of the historical events thus represents a rich database description of the workspace instantiation, its corresponding workspace definition file, its corresponding workspace lifecycle events, and their corresponding timestamps. A workspace orchestration service (perhaps provided by a server) may monitor the log of historical events and flag or alert of any entries indicating suspicious behavior. Any current workspace instantiation may thus be terminated as a security precaution.
-
公开(公告)号:US20230195904A1
公开(公告)日:2023-06-22
申请号:US17644844
申请日:2021-12-17
申请人: Dell Products, L.P.
发明人: David Konetski , Nicholas D. Grobelny , Girish S. Dhoble , Carlton A. Andrews , Ricardo L. Martinez
CPC分类号: G06F21/60 , G06F9/45558 , G06F2009/45587 , G06F2221/2137
摘要: Systems and methods are provided for swapping computing architectures used by workspaces operating on an Information Handling System (IHS). A first workspace definition is generated for deployment of a workspace on the IHS using a first computing architecture. A timer is initiated upon deployment of the workspace on the IHS according to the first workspace definition. Upon expiration of the timer, a second workspace definition is generated for redeployment of the workspace using a second computing architecture. The workspace is then redeployed on the IHS according to the second workspace definition. The duration of the timer may be a randomized interval, or may be selected based on security and/or productivity metrics for the deployment of the workspace on the IHS. Through swapping of the computing architecture used by the workspace, the attack surface presented by the workspace is regularly altered, thus thwarting malicious actors attempting to compromise the workspace.
-
公开(公告)号:US11595322B2
公开(公告)日:2023-02-28
申请号:US17124295
申请日:2020-12-16
申请人: Dell Products, L.P.
IPC分类号: H04L47/78 , G06F16/958 , G06F8/36 , H04L47/80
摘要: Systems and methods for performing self-contained posture assessment from within a protected portable-code workspace are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory having program instructions that, upon execution, cause the IHS to: transmit, from an orchestration service to a local agent, a workspace definition that references an application, where the application comprises a first portion of code provided by a developer and a second portion of code provided by the orchestration service; and receive, from a local agent at the orchestration service, a message in response to the execution of the second portion of code within a workspace instantiated based upon the workspace definition. The second portion of code may inspect the contents of the runtime memory of the workspace upon execution, for example, by performing a stack canary check, a hash analysis, a boundary check, and/or a memory scan.
-
公开(公告)号:US20220391498A1
公开(公告)日:2022-12-08
申请号:US17820100
申请日:2022-08-16
申请人: Dell Products, L.P.
发明人: Carlton A. Andrews , Girish S. Dhoble , Nicholas D. Grobelny , David Konetski , Joseph Kozlowski , Ricardo L. Martinez , Charles D. Robison
摘要: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor, and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: transmit, by a local management agent to a workspace orchestration service, an access request and context information; receive, at the local management agent from the workspace orchestration service, one or more files or policies configured to enable the local management agent to instantiate a workspace based upon a workspace definition, wherein the workspace orchestration service is configured to: (i) calculate a security target and a productivity target based upon the access request and the context information, and (ii) create the workspace definition based upon the security target and the productivity target; and instantiate the workspace.
-
公开(公告)号:US20220198043A1
公开(公告)日:2022-06-23
申请号:US17126073
申请日:2020-12-18
申请人: Dell Products, L.P.
发明人: Joseph Kozlowski , Ricardo L. Martinez , David Konetski , Carlton A. Andrews , Nicholas D. Grobelny , Charles D. Robison , Girish S. Dhoble
摘要: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.
-
公开(公告)号:US20220103432A1
公开(公告)日:2022-03-31
申请号:US17643291
申请日:2021-12-08
申请人: Dell Products, L.P.
发明人: Carlton A. Andrews , Girish S. Dhoble , Nicholas D. Grobelny , David Konetski , Joseph Kozlowski , Ricardo L. Martinez , Charles D. Robison
摘要: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.
-
公开(公告)号:US20210133318A1
公开(公告)日:2021-05-06
申请号:US16670848
申请日:2019-10-31
申请人: Dell Products, L.P.
发明人: Carlton A. Andrews , Girish S. Dhoble , Nicholas D. Grobelny , David Konetski , Joseph Kozlowski , Ricardo L. Martinez , Charles D. Robison
摘要: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor, and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: transmit, by a local management agent to a workspace orchestration service, an access request and context information; receive, at the local management agent from the workspace orchestration service, one or more files or policies configured to enable the local management agent to instantiate a workspace based upon a workspace definition, wherein the workspace orchestration service is configured to: (i) calculate a security target and a productivity target based upon the access request and the context information, and (ii) create the workspace definition based upon the security target and the productivity target; and instantiate the workspace.
-
公开(公告)号:US10990706B2
公开(公告)日:2021-04-27
申请号:US15962641
申请日:2018-04-25
申请人: Dell Products, L.P.
发明人: Charles D. Robison , Andrew T. Fausak , Abeye Teshome , Ricardo L. Martinez , Girish S. Dhoble , Carlton A. Andrews , David Konetski
摘要: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order. The integrity of the secured container, and each modification, is thus validated.
-
公开(公告)号:US10949540B2
公开(公告)日:2021-03-16
申请号:US15926551
申请日:2018-03-20
申请人: DELL PRODUCTS L.P.
发明人: Carlton A. Andrews , Charles D. Robison , Andrew T. Fausak , David Konetski , Girish S. Dhoble , Ricardo L. Martinez , Joseph Kozlowski
摘要: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.
-
-
-
-
-
-
-
-
-
搜索结果
82 条记录 (耗时 0.022 秒)
