Patents by Inventor Andrew Fausak

Andrew Fausak has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190332773
    Abstract: A secured virtual environment provides access to enterprise data and may be configured remotely while isolated from the operating system of an Information Handling System (IHS). In secured booting of the IHS, references signatures are received via an out-of-band connection to the IHS. The reference signatures specify reference states for components of the IHS. Prior to launching a secured virtual environment, a trusted resource of the IHS, such as embedded controller isolated from the operating system, is queried for updated signatures specifying operating states of the component. The integrity of the IHS is validated based on comparisons of the respective reference signatures and updated signatures. If the integrity of the IHS is validated, a secured virtual environment is configured such that particular user may access the enterprise data according to applicable policies that may be periodically revalidated. The secured virtual environment may then be launched on the IHS.
    Type: Application
    Filed: April 25, 2018
    Publication date: October 31, 2019
    Applicant: Dell Products, L.P.
    Inventors: David Konetski, Carlton A. Andrews, Ricardo L. Martinez, Abeye Teshome, Joseph Kozlowski, Charles D. Robison, Girish S. Dhoble, Andrew T. Fausak
  • Publication number: 20190334951
    Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.
    Type: Application
    Filed: April 25, 2018
    Publication date: October 31, 2019
    Applicant: Dell Products, L.P.
    Inventors: David Konetski, Carlton A. Andrews, Ricardo L. Martinez, Abeye Teshome, Joseph Kozlowski, Charles D. Robison, Girish S. Dhoble, Andrew T. Fausak
  • Publication number: 20190294800
    Abstract: An information handling system (IHS) includes a memory having a BIOS, at least one sensor that generates security related data for the IHS, a controller, and one or more I/O drivers. The memory, at least one sensor and controller operate within a secure environment of the IHS; the I/O driver(s) operate outside of the secure environment. The controller includes a security policy management engine, which is executable during runtime of the IHS to continuously monitor security related data generated by the at least one sensor, determine whether the security related data violates at least one security policy rule specified for the IHS, and provide a notification of security policy violation to the BIOS, if the security related data violates at least one security policy rule. The I/O driver(s) include a security enforcement engine, which is executable to receive the notification of security policy violation from the BIOS, and perform at least one security measure in response thereto.
    Type: Application
    Filed: March 20, 2018
    Publication date: September 26, 2019
    Inventors: Carlton A. Andrews, Charles D. Robison, Andrew T. Fausak, David Konetski, Girish S. Dhoble, Ricardo L. Martinez, Joseph Kozlowski
  • Patent number: 10382521
    Abstract: A generic client engine can associate a transcoder process with a requested server-side application so that the transcoder process can act as an intermediary between the browser-based application and the server-side application. The transcoder process can be configured to communicate with the browser-based application using a browser-supported protocol. The transcoder process can be further configured to transcode between the browser-supported protocol and a protocol employed by the server-side application. In cases where a gateway service provides access to the server-side application, the transcoder process can also act as an intermediary between the browser-based application and the gateway service to transcode between the browser-supported protocol and a gateway protocol. In some cases, the transcoder process, and possibly the gateway service, can alternatively be located on the client device that hosts the browser-based application.
    Type: Grant
    Filed: December 14, 2015
    Date of Patent: August 13, 2019
    Assignee: Wyse Technology, L.L.C.
    Inventors: Andrew Fausak, Oleg Rombakh
  • Publication number: 20190149341
    Abstract: Systems and methods for tamper-proof detection triggering of automatic lockdown using a recoverable encryption mechanism issued from a secure escrow service. In an illustrative, non-limiting embodiment, an Information Handling System (IHS) may include: a processor; a secure storage device coupled to the processor, wherein the secure storage device comprises a container encrypted with a derived container key; and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution, cause the IHS to: receive a digital certificate from a remote server, wherein the digital certificate includes a public key and, in response to a detection of a tampering event, encrypt the derived container key using the public key.
    Type: Application
    Filed: November 16, 2017
    Publication date: May 16, 2019
    Applicant: Dell Products, L.P.
    Inventors: Charles D. Robison, Carlton A. Andrews, Girish S. Dhoble, Joseph Kozlowski, Andrew T. Fausak, David Konetski, Ricardo L. Martinez
  • Patent number: 10157287
    Abstract: A secure access client can be employed to enforce limitations on a user's access to a file while also allowing the user to access the file using an application of choice. To provide this functionality, the secure access client can implement an RDP client that is configured to create an RDP session with an RDP service executing on the same computing device. The RDP service can allow the secure access client to display the user interface of an application employed to open a file. The secure access client can be configured to selectively apply access limitations on a per file basis. This selective enforcement can be accomplished by only implementing a virtual channel extension to provide a particular type of access to the file when the file's access limitations would allow such access.
    Type: Grant
    Filed: February 9, 2016
    Date of Patent: December 18, 2018
    Assignee: Wyse Technology L.L.C.
    Inventors: Andrew Fausak, Oleg Rombakh, James Burke, Darrell Testerman, Chris Burchett, Warren Robbins
  • Patent number: 10044788
    Abstract: A Native Client-based remote display client can efficiently perform multimedia redirection by routing un-rendered multimedia content to browser code executing outside the sandbox in which the remote display client is executed. In this way, a remote display client implemented as a Native Client module will not be limited to using the APIs available within the sandbox to render the multimedia content. The Native Client module can communicate with the browser code to provide parameters necessary for the browser code to submit a web-based request to the Native Client module via localhost to thereby obtain the multimedia content via one or more web-based communications.
    Type: Grant
    Filed: November 17, 2015
    Date of Patent: August 7, 2018
    Assignee: Wyse Technology L.L.C.
    Inventors: Andrew Fausak, Oleg Rombakh
  • Publication number: 20180032302
    Abstract: A remoting client can be configured to offload various graphics-based remoting protocol processes to the GPU to thereby free up the CPU for performing other remoting tasks. In this way, a remoting client can be executed on a client terminal that has a less powerful CPU even when a graphics-rich desktop is virtualized on the client terminal. When the remoting client receives remoting communications containing graphics display data, the remoting client can write the graphics display data to a location in memory that is accessible to the GPU and can then pass the graphics display data to the GPU for further processing. The CPU is therefore freed from having to fully process the graphics display data including from having to copy the graphics display data to a display buffer.
    Type: Application
    Filed: July 26, 2016
    Publication date: February 1, 2018
    Inventors: Andrew Fausak, Oleg Rombakh, Richard Goldberg
  • Patent number: 9875076
    Abstract: A remoting client can be configured to offload various graphics-based remoting protocol processes to the GPU to thereby free up the CPU for performing other remoting tasks. In this way, a remoting client can be executed on a client terminal that has a less powerful CPU even when a graphics-rich desktop is virtualized on the client terminal. When the remoting client receives remoting communications containing graphics display data, the remoting client can write the graphics display data to a location in memory that is accessible to the GPU and can then pass the graphics display data to the GPU for further processing. The CPU is therefore freed from having to fully process the graphics display data including from having to copy the graphics display data to a display buffer.
    Type: Grant
    Filed: July 26, 2016
    Date of Patent: January 23, 2018
    Assignee: WYSE TECHNOLOGY L.L.C.
    Inventors: Andrew Fausak, Oleg Rombakh, Richard Goldberg
  • Publication number: 20170228551
    Abstract: A secure access client can be employed to enforce limitations on a user's access to a file while also allowing the user to access the file using an application of choice. To provide this functionality, the secure access client can implement an RDP client that is configured to create an RDP session with an RDP service executing on the same computing device. The RDP service can allow the secure access client to display the user interface of an application employed to open a file. The secure access client can be configured to selectively apply access limitations on a per file basis. This selective enforcement can be accomplished by only implementing a virtual channel extension to provide a particular type of access to the file when the file's access limitations would allow such access.
    Type: Application
    Filed: February 9, 2016
    Publication date: August 10, 2017
    Inventors: Andrew Fausak, Oleg Rombakh, James Burke, Darrell Testerman, Chris Burchett, Warren Robbins
  • Publication number: 20170171289
    Abstract: A generic client engine can associate a transcoder process with a requested server-side application so that the transcoder process can act as an intermediary between the browser-based application and the server-side application. The transcoder process can be configured to communicate with the browser-based application using a browser-supported protocol. The transcoder process can be further configured to transcode between the browser-supported protocol and a protocol employed by the server-side application. In cases where a gateway service provides access to the server-side application, the transcoder process can also act as an intermediary between the browser-based application and the gateway service to transcode between the browser-supported protocol and a gateway protocol. In some cases, the transcoder process, and possibly the gateway service, can alternatively be located on the client device that hosts the browser-based application.
    Type: Application
    Filed: December 14, 2015
    Publication date: June 15, 2017
    Inventors: Andrew Fausak, Oleg Rombakh
  • Publication number: 20170142184
    Abstract: A Native Client-based remote display client can efficiently perform multimedia redirection by routing un-rendered multimedia content to browser code executing outside the sandbox in which the remote display client is executed. In this way, a remote display client implemented as a Native Client module will not be limited to using the APIs available within the sandbox to render the multimedia content. The Native Client module can communicate with the browser code to provide parameters necessary for the browser code to submit a web-based request to the Native Client module via localhost to thereby obtain the multimedia content via one or more web-based communications.
    Type: Application
    Filed: November 17, 2015
    Publication date: May 18, 2017
    Inventors: Andrew Fausak, Oleg Rombakh
  • Publication number: 20080033596
    Abstract: A dispensing machine includes a visual detection system, having one or more cameras with a field of view sufficient to see a region through which a properly dispensed product is expected to travel, captures at least one image frame during the time in which the product is expected to be within the field of view. The detection system visually detects the presence of items in a dispense or vending area, determining the type of product from one or more predetermined attributes. If the correct product has not been dispensed, an exception indication is generated. In the case of a vending machine, the exception may result in a refund or credit of any amounts actually paid.
    Type: Application
    Filed: July 6, 2007
    Publication date: February 7, 2008
    Inventors: Andrew Fausak, Lawrenne Quinnell
  • Publication number: 20070038768
    Abstract: A system for communicating with a device is disclosed. The system includes a client configured to issue a request. The request represents an operation that the client wishes to have the device perform. The system further includes a server configured to receive the request from the client and translate the request into a format that is decipherable by the device, establish a logical connection with the device via the client, and forward the translated request to the device via the logical connection. The device acts on the translated request to effect the operation.
    Type: Application
    Filed: August 10, 2005
    Publication date: February 15, 2007
    Applicant: Wyse Technology Inc.
    Inventor: Andrew Fausak
  • Publication number: 20060242395
    Abstract: The present invention provides a system for booting an intelligent device with an embedded-type operating system obtained through an external interface disposed in the intelligent device, wherein the system includes an initialization module stored in a read-only memory provided in the intelligent device, the initialization module being executed in a processor disposed in the intelligent device and connecting to an external location through the external interface, and a server having a memory media which stores a boot agent module and an embedded-type operating system at the external location, the server sending the boot agent module to the intelligent device through the connection in response to a request from the initialization module, wherein the boot agent module is loaded into a runtime memory in the intelligent device and executed by the processor, the boot agent module then retrieving an embedded-type operating system image from the external location in the sever, whereupon the embedded-type operating s
    Type: Application
    Filed: March 9, 2005
    Publication date: October 26, 2006
    Applicant: Wyse Technology Inc.
    Inventor: Andrew Fausak
  • Publication number: 20060206702
    Abstract: A system for booting an computing device with a windowing operating system obtained from an external memory media via an external interface, wherein the system includes an initialization module stored in a read-only memory provided in the computing device, the initialization module being executed in a processor disposed in the computing device and establishing a data connection to the external memory media through the external interface, and an external device in which the external memory media is disposed, the external memory media storing a windowing operating system at an external location, the external device sending the windowing operating system image from the external memory media to the computing device via the external interface in response to a request from the computing device, the request being based on memory geometry information of the external memory media, wherein the windowing operating system image is received by the computing device, loaded into a runtime memory in the computing device and
    Type: Application
    Filed: March 9, 2005
    Publication date: September 14, 2006
    Applicant: Wyse Technology Inc.
    Inventor: Andrew Fausak
  • Publication number: 20050193393
    Abstract: The present invention discloses a method and system for specifying and executing computing tasks in a preboot execution environment in general, and, in particular, a method and system for generalized imaging utilizing a language agent and encapsulated object oriented polyphase preboot execution and specification language. The target customization is advantageously accomplished by encapsulating target dependent parameters in specification files. The target specific parameters are resolved at appropriate execution time when the parameter information becomes available. Such approach simplifies specification of complex tasks to a merely few lines of code. The approach of the present invention nevertheless affords reliable, robust, and accurate performance, because the pertinent parametric information are resolved only when they can be accurately ascertained. Furthermore, the specification encapsulations are themselves a part of the image set, providing self-describing images with self-contained imaging methods.
    Type: Application
    Filed: February 27, 2004
    Publication date: September 1, 2005
    Inventor: Andrew Fausak
  • Publication number: 20050193371
    Abstract: The present invention discloses a method for specifying and executing computing tasks in a preboot execution environment in general, and, in particular, an encapsulated object oriented polyphase preboot execution and specification language. The language is both a specification generator and interpreter. As a specification generator, the language allows encapsulation of parameters in specification files. Thus, the target customization of execution behavior is advantageously accomplished by encapsulating target dependent parameters in specification files, as the target specific parameters are best resolved at appropriate execution time when the parameter information becomes available. Such approach simplifies specification of complex tasks to a merely few lines of code, but, nevertheless affords reliable, robust, and accurate performance, since the pertinent parametric information are resolved only when they can be accurately ascertained.
    Type: Application
    Filed: February 27, 2004
    Publication date: September 1, 2005
    Inventor: Andrew Fausak