Abstract: Systems and methods are provided that may be implemented during a pre-boot environment to authenticate a user in the basic input/output system (BIOS) of an information handling system, and to securely provision a resulting authentication token to post-boot operating system (OS) login components of the system. In addition, single sign-on user authentication may be performed during a pre-boot BIOS environment and then extended to the post-boot OS environment without requiring exchange of pins or other intermediary authentication factors between the OS and pre-boot authentication (PBA) for the user to gain access to the information handling system or other network resources.

Abstract: A system for a time-based one-time password security system operating at a provisioning server may comprise transmitting one or more first locally generated random-string numbers for generation of a first time-based one-time password to a remotely connected internet of things sensor and a remotely connected internet of things sensor hub. The system may also comprise executing code instructions to associate the internet of things sensor with a first client key in a table stored in a memory operatively connected to the processor, associate the internet of things sensor hub with a second client key in the table, and associate the internet of things sensor and internet of things sensor hub with the one or more first locally generated random-string numbers in the table. Further the first remotely generated random-string numbers may identify a first preset function for generation of a first session key used in encrypting and decrypting sensor data records.

Abstract: In scenarios where I/O ports of an IHS are not secured, malicious actors may exploit such I/O ports when a user of the IHS is unaware. Embodiments provide techniques for securing access to I/O ports of an IHS based on the context of the IHS, which includes the user context and the system context of the IHS. Upon initialization of the IHS, access to the I/O ports is configured based on a boot context policy. The operating system is booted and use of the IHS proceeds. Modifications to an IHS context are detected. Based on a policy applicable to the modified IHS context, modified access to the I/O ports is configured. In embodiments where the IHS is a convertible laptop, a system context may include the posture in which the system is physically configured. A user context may include whether a user is detected in proximity to the IHS.

Abstract: Data is frequently protected by securing the data within containers that are only accessible using a specific security application. Once such data is transferred, all protections provided by the security application are lost. Methods and systems provide secured access to data by intercepting requests for access to a data files accessed via an IHS (Information Handling System) by applications operating within the operating system of the IHS. Based on condition settings stored in the data files, access privileges are determined for applications. The conditions settings include environmental conditions required for providing access to the data. If the IHS satisfies the environmental conditions specified by a data file, access to the data file may be granted. The data requests may be intercepted by a kernel process of the operating system of the IHS. The environmental conditions may specify requirements on the networks, display devices and/or software utilized by the IHS.

Abstract: An information handling system for securely storing a file includes a storage device and a processor that instantiates an operating system, a file system filter driver, and a storage device driver. The file system filter driver receives the file and access information from the operating system, combines the file and the access information to provide a secure file, and stores the secure file via the storage device driver on the storage device. The file system filter driver further receives a request for the secure file from the operating system, directs the storage device driver to retrieve the access information from the secure file on the storage device, and determines if the request is authorized based upon the access information. In response to the request being authorized, the file system filter driver directs the storage device driver to retrieve the secure file from the storage device, and provides the secure file to the operating system.

Abstract: Systems and methods are provided that may be implemented during a pre-boot environment to authenticate a user in the basic input/output system (BIOS) of an information handling system, and to securely provision a resulting authentication token to post-boot operating system (OS) login components of the system. In addition, single sign-on user authentication may be performed during a pre-boot BIOS environment and then extended to the post-boot OS environment without requiring exchange of pins or other intermediary authentication factors between the OS and pre-boot authentication (PBA) for the user to gain access to the information handling system or other network resources.

Abstract: In scenarios where I/O ports of an IHS are not secured, malicious actors may exploit such I/O ports when a user of the IHS is unaware. Embodiments provide techniques for securing access to I/O ports of an IHS based on the context of the IHS, which includes the user context and the system context of the IHS. Upon initialization of the IHS, access to the I/O ports is configured based on a boot context policy. The operating system is booted and use of the IHS proceeds. Modifications to an IHS context are detected. Based on a policy applicable to the modified IHS context, modified access to the I/O ports is configured. In embodiments where the IHS is a convertible laptop, a system context may include the posture in which the system is physically configured. A user context may include whether a user is detected in proximity to the IHS.

Abstract: A system for a time-based one-time password security system operating at a provisioning server may comprise transmitting one or more first locally generated random-string numbers for generation of a first time-based one-time password to a remotely connected internet of things sensor and a remotely connected internet of things sensor hub. The system may also comprise executing code instructions to associate the internet of things sensor with a first client key in a table stored in a memory operatively connected to the processor, associate the internet of things sensor hub with a second client key in the table, and associate the internet of things sensor and internet of things sensor hub with the one or more first locally generated random-string numbers in the table. Further the first remotely generated random-string numbers may identify a first preset function for generation of a first session key used in encrypting and decrypting sensor data records.

Abstract: Data is frequently protected by securing the data within containers that are only accessible using a specific security application. Once such data is transferred, all protections provided by the security application are lost. Methods and systems provide secured access to data by intercepting requests for access to a data files accessed via an IHS (Information Handling System) by applications operating within the operating system of the IHS. Based on condition settings stored in the data files, access privileges are determined for applications. The conditions settings include environmental conditions required for providing access to the data. If the IHS satisfies the environmental conditions specified by a data file, access to the data file may be granted. The data requests may be intercepted by a kernel process of the operating system of the IHS. The environmental conditions may specify requirements on the networks, display devices and/or software utilized by the IHS.

Abstract: In an example of a system and method for time-based local authentication, an Information Handling System (IHS) may include a processor and a memory coupled to the processor. The memory may have program instructions stored thereon that, upon execution, cause the IHS to generate a first time token and to transmit the first time token to a secondary IHS via a local network, where the secondary IHS is configured to generate a second time token and to transmit the second time token to the IHS via the local network. The IHS may receive the second time token from the secondary IHS and it may determine whether the first time token matches the second time token. In response to the first time token matching the second time token, the IHS may receive access to a protected resource.

Abstract: An information handling system for securely storing a file includes a storage device and a processor that instantiates an operating system, a file system filter driver, and a storage device driver. The file system filter driver receives the file and access information from the operating system, combines the file and the access information to provide a secure file, and stores the secure file via the storage device driver on the storage device. The file system filter driver further receives a request for the secure file from the operating system, directs the storage device driver to retrieve the access information from the secure file on the storage device, and determines if the request is authorized based upon the access information. In response to the request being authorized, the file system filter driver directs the storage device driver to retrieve the secure file from the storage device, and provides the secure file to the operating system.

Abstract: A system for a time-based one-time password security system operating at a provisioning server may comprise transmitting one or more first locally generated random-string numbers for generation of a first time-based one-time password to a remotely connected internet of things sensor and a remotely connected internet of things sensor hub. The system may also comprise executing code instructions to associate the internet of things sensor with a first client key in a table stored in a memory operatively connected to the processor, associate the internet of things sensor hub with a second client key in the table, and associate the internet of things sensor and internet of things sensor hub with the one or more first locally generated random-string numbers in the table. Further the first remotely generated random-string numbers may identify a first preset function for generation of a first session key used in encrypting and decrypting sensor data records.

Abstract: A system for a time-based one-time password security system operating at a provisioning server may comprise transmitting one or more first locally generated random-string numbers for generation of a first time-based one-time password to a remotely connected internet of things sensor and a remotely connected internet of things sensor hub. The system may also comprise executing code instructions to associate the internet of things sensor with a first client key in a table stored in a memory operatively connected to the processor, associate the internet of things sensor hub with a second client key in the table, and associate the internet of things sensor and internet of things sensor hub with the one or more first locally generated random-string numbers in the table. Further the first remotely generated random-string numbers may identify a first preset function for generation of a first session key used in encrypting and decrypting sensor data records.

Abstract: A pre-boot authentication (PBA) credential sharing system includes a secure subsystem including an off-host processing system and a secure storage. A credential management application is coupled to the off-host processing system. A data protection engine is coupled to the off-host processing system and a PBA database. The data protection engine receives a notification from the off-host processor of the enrollment of an authentication credential in the secure storage by the credential management application, and provides PBA object information for association with the authentication credential to create a PBA object that is stored in the secure storage. Subsequently, while in a pre-boot environment, the data protection engine requests the PBA object from the secure storage, retrieves storage authentication information from the PBA database using the PBA object, and performs a pre-boot authentication process using the storage authentication information.

Abstract: Systems and methods for time-based local authentication are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: generate a first time token; transmit the first time token to a secondary IHS via a local network, where the secondary IHS is configured to generate a second time token and to transmit the second time token to the IHS via the local network; receive the second time token from the secondary IHS; determine whether the first time token matches the second time token; and in response to the first time token matching the second time token, provide the IHS with access to a protected resource.

Abstract: A pre-boot authentication (PBA) credential sharing system includes a secure subsystem including an off-host processing system and a secure storage. A credential management application is coupled to the off-host processing system. A data protection engine is coupled to the off-host processing system and a PBA database. The data protection engine receives a notification from the off-host processor of the enrollment of an authentication credential in the secure storage by the credential management application, and provides PBA object information for association with the authentication credential to create a PBA object that is stored in the secure storage. Subsequently, while in a pre-boot environment, the data protection engine requests the PBA object from the secure storage, retrieves storage authentication information from the PBA database using the PBA object, and performs a pre-boot authentication process using the storage authentication information.

Abstract: A cursor control device having a light source and an image sensor for optically tracking motion. The device includes an upwardly facing dome or window that provides a visual and tactile interface for user interaction. The user's hand or finger, bare or gloved, or other object controlled by the user, can be moved in close proximity or touching the dome, and means are provided to discriminate against the motion of objects that are not close to the dome in order to prevent unwanted cursor motion. Said means can include optics having a limited depth of focus, adaptive illumination processing for controlling the intensity of light emitted from the light source to optimize sensor operation, and/or processing for projecting cursor motion in accordance with a detected level of confidence in the sensor data.

Abstract: A cursor control device having a light source and an image sensor for optically tracking motion. The device includes an upwardly facing dome or window that provides a visual and tactile interface for user interaction. The user's hand or finger, bare or gloved, or other object controlled by the user, can be moved in close proximity or touching the dome, and means are provided to discriminate against the motion of objects that are not close to the dome in order to prevent unwanted cursor motion. Said means can include optics having a limited depth of focus, adaptive illumination processing for controlling the intensity of light emitted from the light source to optimize sensor operation, and/or processing for projecting cursor motion in accordance with a detected level of confidence in the sensor data.

Abstract: A method of moving the cursor is used in a computer system having a processor operatively coupled to a cursor control device having a light source and an image sensor for optically tracking motion of the cursor control device. The method is executed to move the cursor according to an enhanced tracking value generated based on a measured tracking value, a projected tracking value, and a tracking confidence value based on an illumination value representative of an intensity of light sensed by the sensor.

Abstract: A cursor control device (700) having a light source (70) and an image sensor (80) for optically tracking motion. The device (700) includes an upwardly facing dome (710) or window (32) that provides a visual and tactile interface for user interaction. The user's hand or finger, bare or gloved, or other object controlled by the user, can be moved in close proximity or touching the dome (710), and means are provided to discriminate against the motion of objects that are not close to the dome in order to prevent unwanted cursor motion. Said means can include optics (40) having a limited depth of focus, adaptive illumination processing for controlling the intensity of light emitted from the light source (70) to optimize sensor operation, and/or processing for projecting cursor motion in accordance with a detected level of confidence in the sensor data.