Abstract: Systems and methods for fingerprint revocation are described. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: identify an endpoint device; and transmit a key management command to the endpoint device over a network, where the endpoint device includes a host processing system and an off-host processing system segregated from the host processing system, where the off-host processing system includes an off-host processor and an off-host memory coupled to the off-host processor, where the off-host memory includes Personal Identifiable Information (PII) encrypted with a master key, and where the off-host processor is configured to change a status of the master key in response to having received the key management command.

Abstract: Systems and methods for credential translation are described. In some embodiments, an Information Handling System (IHS) may include: a host processor; an embedded controller coupled to the processor; and an off-host authentication processing system coupled to the embedded controller and segregated from the host processor, the off-host authentication processing system further comprising: an off-host processor; and an off-host memory coupled to the off-host processor, the off-host memory having program instructions stored thereon that, upon execution, cause the off-host processor to: receive a certificate from a web-access management server; store the certificate in the off-host memory; and request that a user of the IHS provide a first authentication factor to be associated with the certificate such that, when the first authentication factor is presented to the off-host processor, the certificate is released from the off-host memory.

Abstract: Systems and methods for credential translation are described. In some embodiments, an Information Handling System (IHS) may include: a host processor; an embedded controller coupled to the processor; and an off-host authentication processing system coupled to the embedded controller and segregated from the host processor, the off-host authentication processing system further comprising: an off-host processor; and an off-host memory coupled to the off-host processor, the off-host memory having program instructions stored thereon that, upon execution, cause the off-host processor to: receive a certificate from a web-access management server; store the certificate in the off-host memory; and request that a user of the IHS provide a first authentication factor to be associated with the certificate such that, when the first authentication factor is presented to the off-host processor, the certificate is released from the off-host memory.

Abstract: Systems and methods for fingerprint revocation are described. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: identify an endpoint device; and transmit a key management command to the endpoint device over a network, where the endpoint device includes a host processing system and an off-host processing system segregated from the host processing system, where the off-host processing system includes an off-host processor and an off-host memory coupled to the off-host processor, where the off-host memory includes Personal Identifiable Information (PII) encrypted with a master key, and where the off-host processor is configured to change a status of the master key in response to having received the key management command.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: A method of context replication including receiving a first context item at a first system in a network, determining that the first system is a context management master system, establishing a first peer-to-peer session with a second system in the network in response to determining that the first system is the context management master system, and providing, from the first system, the first context item to the second system.

Abstract: In accordance embodiments of the present disclosure, a method may include, during execution of an operating system on an information handling system and responsive to a user input indicating a desire to invoke a basic input/output system (BIOS) setup program for configuring a BIOS, prompting for and receiving user-provided credentials via a user interface communicatively coupled to the processor. The method may also include, during execution of the operating system, passing BIOS credentials to the BIOS based on the user-provided credentials. The method may additionally include, during execution of the operating system determining, by the BIOS, if the BIOS credentials are valid. The method may further include, responsive to determining that the BIOS credentials are valid, setting a flag to a value indicating that the BIOS setup program is to be invoked on a subsequent boot of the information handling system.

Abstract: A method of context replication including receiving a first context item at a first system in a network, determining that the first system is a context management master system, establishing a first peer-to-peer session with a second system in the network in response to determining that the first system is the context management master system, and providing, from the first system, the first context item to the second system.

Abstract: A method of context replication including receiving a first context item at a first system in a network, determining that the first system is a context management master system, establishing a first peer-to-peer session with a second system in the network in response to determining that the first system is the context management master system, and providing, from the first system, the first context item to the second system.

Abstract: In accordance embodiments of the present disclosure, a method may include, during execution of an operating system on an information handling system and responsive to a user input indicating a desire to invoke a basic input/output system (BIOS) setup program for configuring a BIOS, prompting for and receiving user-provided credentials via a user interface communicatively coupled to the processor. The method may also include, during execution of the operating system, passing BIOS credentials to the BIOS based on the user-provided credentials. The method may additionally include, during execution of the operating system determining, by the BIOS, if the BIOS credentials are valid. The method may further include, responsive to determining that the BIOS credentials are valid, setting a flag to a value indicating that the BIOS setup program is to be invoked on a subsequent boot of the information handling system.

Abstract: In accordance embodiments of the present disclosure, a method may include, during execution of an operating system on an information handling system and responsive to a user input indicating a desire to invoke a basic input/output system (BIOS) setup program for configuring a BIOS, prompting for and receiving user-provided credentials via a user interface communicatively coupled to the processor. The method may also include, during execution of the operating system, passing BIOS credentials to the BIOS based on the user-provided credentials. The method may additionally include, during execution of the operating system determining, by the BIOS, if the BIOS credentials are valid. The method may further include, responsive to determining that the BIOS credentials are valid, setting a flag to a value indicating that the BIOS setup program is to be invoked on a subsequent boot of the information handling system.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: A method may also include receiving from each of one or more of potential peer information handling systems a connection request comprising a peer minimum acceptable security level for the peer information handling system. The method may additionally include comparing the peer minimum acceptable security level to a security level of the information handling system. The method may further include completing a peer-to-peer connection between the information handling system and the peer information handling system if the minimum acceptable security level is not higher than that of the security level of the information handling system.

Abstract: In accordance embodiments of the present disclosure, a method may include, during execution of an operating system on an information handling system and responsive to a user input indicating a desire to invoke a basic input/output system (BIOS) setup program for configuring a BIOS, prompting for and receiving user-provided credentials via a user interface communicatively coupled to the processor. The method may also include, during execution of the operating system, passing BIOS credentials to the BIOS based on the user-provided credentials. The method may additionally include, during execution of the operating system determining, by the BIOS, if the BIOS credentials are valid. The method may further include, responsive to determining that the BIOS credentials are valid, setting a flag to a value indicating that the BIOS setup program is to be invoked on a subsequent boot of the information handling system.

Abstract: A method of context replication including receiving a first context item at a first system in a network, determining that the first system is a context management master system, establishing a first peer-to-peer session with a second system in the network in response to determining that the first system is the context management master system, and providing, from the first system, the first context item to the second system.

Abstract: A client hosted virtualization system (CHVS) includes a processor and non-volatile memory with BIOS code and virtualization manager code. The virtualization manager initializes the CHVS, authenticates a virtual machine image and launches the virtual machine based on the image. The CHVS is configurable to execute the BIOS or the virtualization manager. A client system update network includes a client update system and a CHVS with a processor, a security processor, and non-volatile memory with BIOS code and virtualization manager code that initializes the CHVS, authenticates a virtual machine image and launches a virtual machine based on the image. The CHVS is configurable to execute the BIOS or the virtualization manager. The client update system receives updates and sends them to the CHVS. The CHVS authenticates the updates with the security processor, and overwrites the non-volatile memory with the updates.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.