Abstract: A method of securing functionalities of an integrated subscriber identification module (iSIM) on an information handling system may include with an embedded controller (EC), detecting a powering-up process at the information handling system and determine a chain of trust access keys during bootup; with the execution of the EC, detecting and activating a wireless wide area network (WWAN) module; with the execution of the EC, detecting and accessing an integrated subscriber identity module (iSIM); with the execution of the EC, authenticating access to iSIM content including authorization information and carrier profile information with the chain of trust access keys generated from encryption keys based on digital signatures; and sending the authorization information and carrier profile information form the iSIM to the WWAN module for authentication, wirelessly, with a switched multimegabit data service (SM-DS) server associated with the carrier profile.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Verification of a token communication to an IoT gateway that failed in turn to pass the token to another IoT gateway indicates that the IoT gateway is a threat that may include malicious code.

Abstract: A method of provisioning an embedded subscriber identification module (eSIM) profile on an information handling system may include, with an embedded controller (EC), detecting a powering up process at the information handling system; with the execution of the EC, establishing an out-of-band (OOB) connection with a subscription manager-discovery server (SM-DS) to communicate an electronic identification confirming that the information handling system has an authentic subscription to services provided by a wireless wide area network (WWAN) carrier, the OOB connection being established at a level below an operating system (OS) of the information handling system; receiving a WWAN carrier eSIM profile over the OOB connection including an international mobile equipment identity (IMEI); installing the eSIM carrier profile with an embedded universal integrated circuit card (eUICC); and initiating a subscription confirmation with a WWAN carrier.

Abstract: Embodiments of systems and methods for real-time monitoring and policy enforcement of active applications and services are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: provide a hardware-rooted, Operating System (OS)-agnostic resource monitoring agent; receive, at the resource monitoring agent from a remote resource monitoring service via an out-of-band channel, a resource enforcement policy; determine, by the resource monitoring agent, that an application is using or attempting to use a resource in a manner that conflicts with the resource enforcement policy; and stop or prevent the application from using the resource in response to the determination.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Once malicious code is verified on an IoT gateway, the failed gateway is quarantined from the passing of the token and functions of the failed IoT gateway are assigned to other IoT gateways.

Abstract: Embodiments of systems and methods for real-time monitoring and policy enforcement of active applications and services are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: provide a hardware-rooted, Operating System (OS)-agnostic resource monitoring agent; receive, at the resource monitoring agent from a remote resource monitoring service via an out-of-band channel, a resource enforcement policy; determine, by the resource monitoring agent, that an application is using or attempting to use a resource in a manner that conflicts with the resource enforcement policy; and stop or prevent the application from using the resource in response to the determination.

Abstract: An endpoint computing device multi-network slice remediation/productivity system includes a core network system coupled to a RAN system and configured to allocate network slices and make them available for use in wireless communications via the RAN system. While operating in a pre-boot environment, an endpoint computing device determines that it is unable to transition to operating in a runtime environment and, in response, establishes a remediation network connection with a first network slice, and establishes a productivity network connection with a second network slice.

Abstract: A secured container provides access to enterprise data while isolated from the operating system of an Information Handling System (IHS). The secured container remains secured during its delivery and deployment. A secured container is configured to provide a user of the IHS with access to enterprise data. The secured container is encrypted using a symmetrical key that is transmitted to a secured storage that is isolated from the operating system of the IHS via out-of-band communications. The encrypted secured container is digitally signed using an asymmetric key pair. The digital signature and the encrypted secured container are transmitted to the IHS via in-band communications. At the IHS, the public key of the asymmetric key pair is used to validate the digital signature and the private symmetric key is retrieved from secured storage to decrypt the secured container. Additional embodiments provide a technique for securely migrating a secured container between IHSs.

Abstract: An endpoint computing device network slice certificate provisioning and management system includes a core network system that is coupled to a Radio Access Network (RAN) system and configured to allocate a plurality of a network slices and make each of the network slices available for use in wireless communications via the RAN system. An endpoint computing device is configured to establish a first network connection with a first network slice included in the plurality of network slices and perform, via certificate provisioning wireless communications over the first network connection with the first network slice, certificate provisioning operations to provision a certificate for the endpoint computing device. The endpoint computing device may then use the certificate to verify at least one server device to provide at least one verified server device, and perform secure network communications with the at least one verified server device.

Abstract: Systems and methods are provided for recording and validating modifications to a secured container. Modifications to the secured container by trusted parties are logged. The log may be maintained in a secured memory of an IHS (Information Handling System) and may be periodically validated. Each logged modification specifies a timestamp of the modification and the digital watermark assigned to the trusted party making the modification. Upon completing modifications, the secured container is sealed by imprinting the first digital watermark and the first timestamp at locations in the secured container specified by a watermarking algorithm assigned to the trusted party making the modification. Additional modifications may be serially watermarked on the secured container according the watermarking algorithm of the trusted party making each modification. The secured container is unsealed by re-applying each of the watermarking algorithms in reverse order.

Abstract: Systems and methods that may be implemented to use encryption to isolate SMI functions, libraries and data from each other, such as during operation of systems management mode (SMM). Isolation of SMI function, library and data (and limitation of SMI function/library privileges) may be achieved in SMI at runtime by decrypting only that code and data needed for performing the required action/s in response to a SMI received from a calling process by a host processor (e.g., CPU).

Abstract: A secured virtual environment provides access to enterprise data and may be configured remotely while isolated from the operating system of an Information Handling System (IHS). In secured booting of the IHS, references signatures are received via an out-of-band connection to the IHS. The reference signatures specify reference states for components of the IHS. Prior to launching a secured virtual environment, a trusted resource of the IHS, such as embedded controller isolated from the operating system, is queried for updated signatures specifying operating states of the component. The integrity of the IHS is validated based on comparisons of the respective reference signatures and updated signatures. If the integrity of the IHS is validated, a secured virtual environment is configured such that particular user may access the enterprise data according to applicable policies that may be periodically revalidated. The secured virtual environment may then be launched on the IHS.

Abstract: Systems and methods for agentless remediation and recovery. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include a Central Processing Unit (CPU); a Basic Input/Output System (BIOS) coupled to the CPU; a logic controller coupled to the CPU; and a memory coupled to the logic controller, the memory having program instructions stored thereon that, upon execution by the logic controller, cause the IHS to: during a first stage, check an operational state of a plurality of hardware components within the IHS in the absence of any involvement by the CPU or the BIOS; and during a second stage following the first stage, identify a failed hardware component amongst the plurality of hardware components in the absence of any involvement by the CPU or the BIOS.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Verification of a token communication to an IoT gateway that failed in turn to pass the token to another IoT gateway indicates that the IoT gateway is a threat that may include malicious code.

Abstract: Systems and methods that may be implemented to use encryption to isolate SMI functions, libraries and data from each other, such as during operation of systems management mode (SMM). Isolation of SMI function, library and data (and limitation of SMI function/library privileges) may be achieved in SMI at runtime by decrypting only that code and data needed for performing the required action/s in response to a SMI received from a calling process by a host processor (e.g., CPU).

Abstract: Systems and methods are provided that may be implemented to control flow integrity during systems management mode (SMM). The systems and methods may be implemented to restrict access by a given SMI function to specific regions of dynamic system memory by blocking unauthorized access to data or code regions of the system memory that are not needed by the SMI function so as to protect the rest of the system memory and system.

Abstract: An information handling system operating a sensor fusion prediction based automatic adjustment system may comprise sensors measuring influencing attributes comprising information handling system operational values, wherein a subset of the influencing attributes influence one of a plurality of system characteristics, and a memory storing definitions of a user behavior characteristic, a performance mapping characteristic, a power status characteristic, a security profile characteristic, and a policy configuration characteristic.

Abstract: Plural Internet of Things (IoT) gateways detect, secure against and remediate malicious code with an autonomous communication of tokens between the IoT gateways on a time schedule. Detection of an invalid token or a token communication outside of a scheduled time indicates that malicious code may have interfered with token generation or communication. Verification of a token communication to an IoT gateway that failed in turn to pass the token to another IoT gateway indicates that the IoT gateway is a threat that may include malicious code.

Abstract: Information handling systems interacting through a network, such as gaming between distal locations, remotely control ambience lighting of rooms in which the games are presented to enhance the interactive experience. An Internet of Things environmental lighting control system accessed by a remote information handling system adjusts illumination responsive to settings communicated from the remote information handling system.

Abstract: In one or more embodiments, one or more systems, method, and/or processes may receive an event from an operating system and provide the event to a management controller configured to perform out-of-band tasks. The management controller may provide information based on the event to at least one subscriber. In one example, the information may include a status of an information handling system (e.g., an impairment, a hardware failure, a progress of an update, etc.). In another example, the management controller may provide information utilizing a protocol that provides a measure of reliability. For instance, the protocol may include a transmission control protocol. In one or more embodiments, the protocol may include one or more of a hypertext transfer protocol (HTTP) and a HTTP secure (HTTPS).