Abstract: A display information protection system includes a management system that stores a plurality of display information protection policies and that may provide any of the display information protection policies through a network. An endpoint device is coupled to the management system through the network and stores a display information protection policy that may have been automatically populated or received from the management system. The endpoint device displays a plurality of information and may determine that a first subset of the plurality of information that has been provided for display is defined by the display information protection policy. In response to detecting the first display information protection event and determining that the first subset of a plurality of information is defined by the display information protection policy, the endpoint device obfuscates the display of the first subset of the plurality of information on the endpoint device.

Abstract: Systems and methods for credential translation are described. In some embodiments, an Information Handling System (IHS) may include: a host processor; an embedded controller coupled to the processor; and an off-host authentication processing system coupled to the embedded controller and segregated from the host processor, the off-host authentication processing system further comprising: an off-host processor; and an off-host memory coupled to the off-host processor, the off-host memory having program instructions stored thereon that, upon execution, cause the off-host processor to: receive a certificate from a web-access management server; store the certificate in the off-host memory; and request that a user of the IHS provide a first authentication factor to be associated with the certificate such that, when the first authentication factor is presented to the off-host processor, the certificate is released from the off-host memory.

Abstract: An information handling system includes a display device and a processor configured to display a plurality of icons in a first display area, divide a second display area into a plurality of sectors, designate an authentication sector of the plurality of sectors, designate an authentication icon of the plurality of icons, receive a user input including selecting one of the icons and dragging the selected icon to a selected one of the sectors, determine if the selected sector is the authentication sector and if the selected icon is the authentication icon, and display a prompt to the user to provide an authentication factor to log on to the information handling system in response to the selected sector being the authentication sector and to the selected icon being the authentication icon.

Abstract: Systems and methods for hardware hardened advanced threat protection are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having BIOS instructions stored thereon that, upon execution, cause the IHS to: launch an Extensible Firmware Interface (EFI) gateway module; and determine, using the EFI gateway module, whether the BIOS instructions include malware.

Abstract: A display information protection system includes a management system that stores a plurality of display information protection policies and that may provide any of the display information protection policies through a network. An endpoint device is coupled to the management system through the network and stores a display information protection policy that may have been automatically populated or received from the management system. The endpoint device displays a plurality of information and may determine that a first subset of the plurality of information that has been provided for display is defined by the display information protection policy. In response to detecting the first display information protection event and determining that the first subset of a plurality of information is defined by the display information protection policy, the endpoint device obfuscates the display of the first subset of the plurality of information on the endpoint device.

Abstract: Systems and methods for providing object management for external off-host authentication processing systems are described. In some embodiments, a method may include: identifying, by an Information Handling System (IHS), raw data to be stored within an object in an off-host memory of an external off-host authentication processing system coupled to the IHS, wherein the external off-host authentication processing system provides a hardware environment segregated from the IHS; collecting authentication data from a user by prompting the user; generating a system identification (ID) that uniquely characterizes the IHS without prompting the user; and storing the authentication data, the system ID, and the raw data as part of the object in the off-host memory.

Abstract: An information handling system includes a host processing system and an authentication processing system. The authentication processing system authenticates to the host processing system based upon a shared secret. An authentication module of the authentication processing system operates as a master authentication module to establish an authentication area, determine that a first device is a first trusted device of the authentication module, determine that the first device is within the authentication area, authenticate the first device on the authentication area based upon the determination that the first device is within the authentication area, determine that a second device is a second trusted device of the authentication module, determine that the second device is not within the authentication area, and prevent the second device from authenticating on the authentication area based upon the determination that the second device is not within the authentication area.

Abstract: Systems and methods for fingerprint revocation are described. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: identify an endpoint device; and transmit a key management command to the endpoint device over a network, where the endpoint device includes a host processing system and an off-host processing system segregated from the host processing system, where the off-host processing system includes an off-host processor and an off-host memory coupled to the off-host processor, where the off-host memory includes Personal Identifiable Information (PII) encrypted with a master key, and where the off-host processor is configured to change a status of the master key in response to having received the key management command.

Abstract: Systems and methods for credential translation are described. In some embodiments, an Information Handling System (IHS) may include: a host processor; an embedded controller coupled to the processor; and an off-host authentication processing system coupled to the embedded controller and segregated from the host processor, the off-host authentication processing system further comprising: an off-host processor; and an off-host memory coupled to the off-host processor, the off-host memory having program instructions stored thereon that, upon execution, cause the off-host processor to: receive a certificate from a web-access management server; store the certificate in the off-host memory; and request that a user of the IHS provide a first authentication factor to be associated with the certificate such that, when the first authentication factor is presented to the off-host processor, the certificate is released from the off-host memory.

Abstract: Systems and methods for securing network devices through the use of an out-of-band beacon are described. In some embodiments, a method may include broadcasting, by a gateway, a wireless beacon that is out-of-band with respect to communications between the gateway and a plurality of devices over a network, where the wireless beacon includes a token; receiving an encrypted packet at the gateway as part of the communications; decrypting the encrypted packet into an intermediate payload by the gateway using a public key, where the public key corresponds to a certificate provisioned to each of the plurality of devices; and decrypting the intermediate payload into a decrypted packet by the gateway using the token.

Abstract: Systems and methods for time-based local authentication are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: generate a first time token; transmit the first time token to a secondary IHS via a local network, where the secondary IHS is configured to generate a second time token and to transmit the second time token to the IHS via the local network; receive the second time token from the secondary IHS; determine whether the first time token matches the second time token; and in response to the first time token matching the second time token, provide the IHS with access to a protected resource.

Abstract: Surrogate locational determination may rely on a surrogate device to provide a locational fix. When a device lacks an accurate geo-location system, communication may be established with a nearby surrogate device. The surrogate device is queried for an accurate location, such as that determined by a global positioning system receiver. Because the surrogate device is geographically proximate, the location determined by the global positioning system receiver may serve as a proxy or substitute for the local fix of the device.

Abstract: Systems and methods for hardware hardened advanced threat protection are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a Basic Input/Output System (BIOS) coupled to the processor, the BIOS having BIOS instructions stored thereon that, upon execution, cause the IHS to: launch an Extensible Firmware Interface (EFI) gateway module; and determine, using the EFI gateway module, whether the BIOS instructions include malware.

Abstract: Systems and methods for distributed authorization are described. In some embodiments, an Information Handling System (IHS) may include a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive a first authentication material from a first device; identify, based upon a policy stored in the IHS, a second device; and distribute a second authentication material to the second device.

Abstract: An information handling system includes a first processor, a second processor, and a third processor. The first processor requests a single-factor authentication from the second processor. The second processor receives a first authentication factor in response to the single-factor authentication request and requests a multi-factor authentication from the third processor. The third processor receives a second authentication factor in response to the multi-factor authentication request and provides the second authentication factor to the second processor. The second processor further verifies the first authentication factor and the second authentication factor and provides a single-factor authentication reply to the first processor in response to verifying the first authentication factor and the second authentication factor.

Abstract: Systems and methods for providing object management for external off-host authentication processing systems are described. In some embodiments, a method may include: identifying, by an Information Handling System (IHS), raw data to be stored within an object in an off-host memory of an external off-host authentication processing system coupled to the IHS, wherein the external off-host authentication processing system provides a hardware environment segregated from the IHS; collecting authentication data from a user by prompting the user; generating a system identification (ID) that uniquely characterizes the IHS without prompting the user; and storing the authentication data, the system ID, and the raw data as part of the object in the off-host memory.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: Systems and methods for providing technical support and exporting diagnostic data. In some embodiments, an Information Handling System (IHS) includes a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the IHS to: identify a video failure in response to executing a Basic I/O System (BIOS)/Unified Extensible Firmware Interface (UEFI) diagnostics routine prior to the booting of a main Operating System (OS), where the video failure renders the IHS incapable of providing a video interface; and in response to the identification, provide an audio interface to a user, where the audio interface enables the user to perform a troubleshooting operation in the absence of the video interface.

Abstract: An information handling system includes a first processor, a second processor, and a third processor. The first processor requests a single-factor authentication from the second processor. The second processor receives a first authentication factor in response to the single-factor authentication request and requests a multi-factor authentication from the third processor. The third processor receives a second authentication factor in response to the multi-factor authentication request and provides the second authentication factor to the second processor. The second processor further verifies the first authentication factor and the second authentication factor and provides a single-factor authentication reply to the first processor in response to verifying the first authentication factor and the second authentication factor.

Abstract: A display information protection system includes a management system that stores a plurality of display information protection policies and that may provide any of the display information protection policies through a network. An endpoint device is coupled to the management system through the network and stores a display information protection policy that may have been automatically populated or received from the management system. The endpoint device displays a plurality of information and may determine that a first subset of the plurality of information that has been provided for display is defined by the display information protection policy. In response to detecting the first display information protection event and determining that the first subset of a plurality of information is defined by the display information protection policy, the endpoint device obfuscates the display of the first subset of the plurality of information on the endpoint device.