Abstract: The present disclosure provides various embodiments of information handling systems and related methods to generate a cryptographic key, which may be used to cryptographically verify information handling system (IHS) platform components and track events associated with the platform components. In the embodiments disclosed herein, a wide variety of platform-related information may be collected from a plurality of system platform components and embedded into a single cryptographic key. Once a cryptographic key is generated, it may be decoded and/or compared with cryptographic key(s) subsequently generated by the IHS to securely verify the system platform components, determine if changes have been made to the system platform components, facilitate system diagnostics and/or perform additional functions.

Abstract: Embodiments of systems and computer implemented methods are provided to transfer software licenses and entitlements associated with a user account from a first information handling system (IHS) to a second IHS. A computer implemented method in accordance with the present disclosure may generally include executing an entitlement management service to reassign the software licenses and entitlements associated with the user account to the second IHS, executing at least one local validation service on the second IHS to validate the second IHS and the user's workspace, and if the second IHS and the user's workspace is successfully validated by the at least one local validation service, executing one or more cloud-based orchestration services to verify the user account, determine which software licenses and entitlements are associated with the user account, and acquire and validate the software licenses and entitlements before transferring the software licenses and entitlements to the second IHS.

Abstract: Various embodiments of systems and methods are provided to bind a system identifier that uniquely identifies an information handling system (IHS) to the system platform, so that the identity of the IHS can be cryptographically verified. More specifically, the present disclosure provides methods to bind a unique system identifier to an IHS platform, and methods to cryptographically verify the identity of the IHS using the unique system identifier and a plurality of keys generated and stored with a Trusted Platform Module (TPM) of the IHS. Systems are provided herein to perform such methods. As such, the systems and methods disclosed herein enable system identity to be irrefutably verified, thereby preventing theft and misuse of system identity.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described. In some embodiments, a client Information Handling System (IHS) may include a processor and a memory, the memory having program instructions that, upon execution by the processor, cause the client IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a first workspace based upon a first workspace definition; allow a user to execute a non-vetted application in the first workspace; determine that the first workspace is compromised; and receive, in response to the determination, from the workspace orchestration service, one or more other files or policies configured to enable the client IHS to instantiate a second workspace based upon a second workspace definition, where the second workspace definition allows execution of a vetted application corresponding to the non-vetted application.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: Systems and methods for workspace deployment using a secondary trusted device are described. In some embodiments, a first Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the first IHS to: establish a first connection with a second IHS, where the second IHS is configured to establish a second connection with a workspace orchestration service, and where the workspace orchestration service is configured to: receive device identification information of the first IHS from the second IHS; and authenticate the device identification information against a database provided by a manufacturer of the first IHS; and in response to a successful authentication, establish a third connection with the workspace orchestration service.

Abstract: Embodiments provide access to enterprise data via a secured virtual environment hosted on an Information Handling System (IHS), with the integrity of the IHS validated prior to launching the virtual environment. The integrity of the IHS may also be continuously validated during operation of the launched virtual environment. Policies for accessing the enterprise data are stored in a secured memory that is isolated from the operating system of the IHS. A virtual environment is configured, according to the policies, with resources for a particular user to access the enterprise data. If the integrity of the IHS is validated by a trusted resource on the IHS, the virtual environment is launched. During operation of the virtual environment, the trusted resource periodically confirms the integrity of the IHS. If the integrity of the IHS is not verified or policy changes are identified, access to the secured workspace may be revoked.

Abstract: Systems and methods for endpoint context-driven, dynamic workspaces are described.

Abstract: Systems and methods for bare-metal or pre-boot user-machine authentication, binding, and entitlement provisioning are described. In some embodiments, a method may include: receiving, at a first portal managed by a manufacturer of an Information Handling System (IHS): (i) user credentials associated with a user of the IHS, and (ii) device identification associated with the IHS before the IHS is shipped to the user; selecting a customer of the manufacturer associated with the device identification; forwarding an indication of the user credentials to a second portal managed by the customer; and, in response to the second portal having successfully authenticated the user, establishing an identity session with the second portal; receiving, from the IHS, a request to initiate an entitlement sequence.

Abstract: Systems and methods for securely deploying a collective workspace across multiple local management agents are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, at a workspace orchestration service from a first local management agent, first context information and a first split key; receive, at the workspace orchestration service from a second local management agent, second context information and a second split key; determining, by the workspace orchestration service, that the first and second context information match a collaborative workspace policy; in response to the determination, authenticate the first and second split keys; and in response to the authentication, transmit a collaborative workspace definition to the first and second local management agents.

Abstract: Systems and methods are provided that may be implemented by services executing on one or more remote servers and on an endpoint information handling system to remotely erase (i.e., clear or remove) biometric fingerprint credential data that is previously stored on non-volatile memory of a discrete “match-on chip” fingerprint reader (MOFR) of the endpoint information handling system, as well as to erase separate non-biometric OS user identifier (ID) fingerprint enrollment information stored on separate system non-volatile memory of the endpoint information handling system.

Abstract: System and method are provided for assigning a service identifier for use by an IHS (Information Handling System), where a new service identifier may be assigned to the IHS due to replacement of hardware of the IHS. The IHS is provisioned with an inventory certificate that identifies hardware components of the IHS, including a service identifier for the IHS. Support provided for the IHS is tracked based on this service identifier. A hardware component of the IHS is removed, where the service identifier is assigned to this removed hardware component. A replacement hardware component is installed in the IHS. An updated inventory certificate is generated that assigns a new service identifier to the replacement hardware component installed in the IHS. The IHS is provisioned with the updated inventory certificate that specifies the new service identifier. Support provided for the IHS is now tracked based on the new service identifier.

Abstract: Systems and methods support transferring control of a workspace that operates on an Information Handling System (IHS). An authorization policy is established on the IHS that is modifiable only by an arbiter of a remote orchestration service. The authorization policy specifies authorized administrators of the workspace. The authorization policy is modified to specify the arbiter and a first remote orchestrator as authorized administrators of the workspace. Administration of the workspace by the first orchestrator is allowed based on credentials that validate it as an authorized administrator specified by the policy. A notification is received of a transfer of orchestration of the workspace to a second remote orchestrator. The authorization policy is modified to specify the arbiter and the second orchestrator as authorized administrators of the workspace.

Abstract: Systems and methods are provided that may be implemented in one example to physically transfer or relocate information handling systems between facilities of different system owners in a manner that is downstream of the original equipment manufacturer (OEM) of the transferred information handling system/s, and which in one example may be managed in part or in whole by the OEM’s customer base. In conjunction with facilitating physical transfer of each given information handling system directly between different enterprise owners, the disclosed systems and methods may also be implemented at the same time to utilize a unique identifier (that is assigned by the OEM manufacturer to each given information handling system) to manage transfer of the registration or other type of association of the given information handling system assets between the enterprise OEM user accounts of the different enterprise owners that are maintained by an OEM of the information handling system assets.

Abstract: An information handling system including a port or wireless antenna to operatively couple one or more peripheral devices to the information handling system and the processor executing code instructions of a peripheral devices reporting module for managing the one or more peripheral devices in coordination for a remotely-located peripheral device management system, wherein the processor is configured to generate a manifest of the information handling system and the one or more peripheral devices, and a network interface device to transmit to the remotely-located peripheral device management system the manifest to be associated a user account for peripheral device management services utilize usage data from the one or more peripheral devices to monitor peripheral device usage lifecycle status or peripheral device health status.

Abstract: Systems and methods for dynamic workspace targeting with crowdsourced user context are described. In some embodiments, an Information Handling System (IHS) of a workspace orchestration service may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: detect execution of an application in a workspace instantiated by a client IHS; validate the application based upon productivity context information and security context information received from the client IHS; and in response to the validation, distribute the validated application to another workspace instantiated by another client IHS.

Abstract: Systems and methods for self-protecting and self-refreshing workspaces are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, from a workspace orchestration service, one or more files or policies configured to enable the client IHS to instantiate a workspace based upon a workspace definition; determine that a context of the client IHS has been modified; in response to the determination, terminate the workspace; and receive, from the workspace orchestration service, one or more files or policies configured to enable the client IHS to re-instantiate the workspace based upon the workspace definition.

Abstract: Systems and methods for hardware-based protection of Application Programming Interface (API) keys are described. In some embodiments, an endpoint Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: send an encrypted API key to a trusted controller; and receive a decrypted API key from the trusted controller.