Patents by Inventor Marshal F. Savage

Marshal F. Savage has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11431476
    Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.
    Type: Grant
    Filed: April 30, 2020
    Date of Patent: August 30, 2022
    Assignee: DELL PRODUCTS L.P.
    Inventors: Michael Emery Brown, Nagendra Varma Totakura, Marshal F. Savage
  • Publication number: 20220245222
    Abstract: A BMC firmware security system includes a BMC coupled to a programmable circuit device and a first storage subsystem. In response to BMC initialization, the BMC uses a system identifier to verify that a license in the first storage subsystem authorizes the BMC to use BMC firmware in the BMC, uses branding identity information in the BMC to verify that the BMC is branded for the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, the performs BMC initialization operations using the BMC firmware. A BIOS is coupled to the programmable circuit device and a second storage system. In response to BIOS initialization, the BIOS uses the branding identity information in the second storage subsystem to identify the BMC firmware, determines that the programmable circuit device identifies the BMC firmware and, in response, performs BIOS initialization operations.
    Type: Application
    Filed: February 4, 2021
    Publication date: August 4, 2022
    Inventors: Patrick Oliver Boyd, Marshal F. Savage, Eugene David Cho, Mukund P. Khatri
  • Publication number: 20220222349
    Abstract: An information handling system may include a host system comprising a processor and a management controller comprising a main processor and a trusted integrated processor configured to perform secured boot services and run-time security functions of the management controller. The information handling system may also include a legacy communications bus interfaced between the host system and the main processor and a secure communications bus interfaced between the host system and the main processor. The trusted integrated processor is further configured to implement a secure attestation channel to the host system via the secure communications bus in order to provide access by the host system to security services owned by the management controller.
    Type: Application
    Filed: January 13, 2021
    Publication date: July 14, 2022
    Applicant: Dell Products L.P.
    Inventors: Timothy M. LAMBERT, Pablo R. ARIAS, Milton Olavo Decarvalho TAVEIRA, Marshal F. SAVAGE
  • Publication number: 20220207127
    Abstract: Embodiments support remote validation of the secure assembly and delivery of an IHS (Information Handling System). A validation process of the IHS initiates a remote management connection with a remote management console. The remote management console retrieves an inventory certificate generated during factory provisioning of the IHS and stored to the IHS and/or to a remote location. The inventory certificate includes an inventory identifying a plurality of hardware components installed during factory assembly of the IHS. The remote management console retrieves an inventory of detected hardware components of the IHS and compares the inventory of detected hardware components against the inventory from the inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components installed during factory assembly of the IHS.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220207126
    Abstract: Various embodiments provide methods for validating secure assembly and delivery of an IHS (Information Handling System) by confirming that the detected hardware components of the IHS include only factory installed hardware components. During factory provisioning of an IHS, an inventory certificate is uploaded to the IHS, where the inventory certificate includes an inventory that identifies the hardware components installed during factory assembly of the IHS. An inventory is collected of the detected hardware components of the IHS. The collected inventory is compared against the inventory from the inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components that were installed during factory assembly of the IHS. Embodiments provide a customer receiving an IHS with a capability of validating that a delivered IHS includes only factory installed hardware components.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220207186
    Abstract: Embodiments validate the secure assembly and delivery of IHSs (Information Handling Systems) that are installed in a shared chassis, such as two 1RU (rack unit) servers installed in a shared 2RU chassis. An inventory certificate is retrieved that was uploaded to a first IHS of the IHSs installed in the shared chassis during factory provisioning of the first IHS. The inventory certificate specifies factory installed hardware components installed in each of the IHSs of the shared chassis. A validation process of the first IHS collects an inventory of hardware components detected by each of the IHSs of the shared chassis. The validation process compares the collected inventory of detected hardware components of the IHSs against the factory installed hardware components specified in the inventory certificate in order to validate the detected hardware components as the same hardware components installed during factory assembly of each of the IHSs.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220207463
    Abstract: Various embodiments provide methods for validating hardware modifications of an IHS (Information Handling System) by confirming that a hardware modification corresponds to a hardware component supplied for installation in the IHS by a trusted entity. During factory provisioning of an IHS, an inventory certificate that specifies the factory installed IHS hardware is uploaded to the IHS and is also stored for ongoing support of the IHS. Upon a hardware component being supplied for installation in the IHS by a trusted entity, the inventory of the stored inventory certificate is updated to identify the supplied component and the updated certificate is transmitted to the IHS. An inventory of detected hardware components of the IHS is compared against the inventory from the updated inventory certificate in order to validate the detected hardware of the IHS includes the component, supplied by the trusted entity, that is identified in the updated inventory certificate.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220207474
    Abstract: Embodiments provide methods for validating secure delivery of an IHS (Information Handling System) by confirming that the packages by which the IHS was delivered include only the packages used to ship the IHS from a factory or other trusted entity. During factory provisioning of the IHS, a shipping certificate is uploaded to the IHS, where the certificate includes shipping identifiers that are each associated with a package used to ship the IHS. Upon receiving packages by which the IHS has been shipped, shipping identifiers, such as bar codes and RFID codes, are collected from the received packages. The shipping identifiers collected from the received packages are compared against the shipping identifiers from the shipping certificate in order to validate the plurality of received packages as the same packages that were used to ship the IHS.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220207145
    Abstract: Embodiments support secure booting of an IHS (Information Handling System) based on validation of the secure assembly and delivery of the IHS. A validation process of the IHS is initialized that delays further booting of the IHS until detected hardware components of the IHS are validated. An inventory certificate is retrieved that was uploaded to the IHS during factory provisioning of the IHS. The inventory certificate includes an inventory that identifies hardware components installed during factory assembly of the IHS. A collected inventory of detected hardware components of the IHS is compared against the inventory from the inventory certificate in order to validate the detected hardware components of the IHS as the same hardware components installed during factory assembly of the IHS. When the comparison validates the detected hardware components of the IHS as only including factory assembled hardware, further booting of the IHS is allowed.
    Type: Application
    Filed: December 30, 2020
    Publication date: June 30, 2022
    Applicant: Dell Products, L.P.
    Inventors: Jason Matthew Young, Marshal F. Savage, Mukund P. Khatri
  • Publication number: 20220129525
    Abstract: A method for verifying licenses is performed by a legacy management controller (LMC) and a non-legacy management controller (NLMC). The method includes obtaining, by the LMC, a first license installation request and a license, wherein the license comprises license data and a plurality of signatures; in response to the first license installation request: making a first determination, by the LMC, that a first signature of the plurality of signatures is valid; in response to the first determination: installing, by the LMC, the license on the LMC; obtaining, by the NLMC, a second license installation request and the license; in response to the second license installation request: making a second determination, by the NLMC, that a second signature of the plurality of signatures is valid; and in response to the second determination: installing, by the NLMC, the license on the NLMC.
    Type: Application
    Filed: October 27, 2020
    Publication date: April 28, 2022
    Inventors: Jason Matthew Young, Marshal F. Savage
  • Patent number: 11288341
    Abstract: A portable information handling system having an NFC device obtains identifier information from information handling systems through NFC and applies the identifier information to obtain license keys for applications stored on the information handling system from a license server through a network interface. NFC transfer of license keys in a secure environment, such as to server information handling system management controller in a data center, provides the convenience of public license servers without the security risk of an open public network access to the management controller.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: March 29, 2022
    Assignee: Dell Products L.P.
    Inventor: Marshal F. Savage
  • Publication number: 20220038333
    Abstract: A system for distributing firmware, comprising a group controller operating on a processor and configured to perform an algorithmic process of sending an update task with a download host to one of two or more group members. A group member operating on a processor and configured to perform an algorithmic process of receiving the update task with the download host and to request a payload file from the download host.
    Type: Application
    Filed: October 18, 2021
    Publication date: February 3, 2022
    Applicant: DELL PRODUCTS L.P.
    Inventors: Cyril Jose, Yee Ja, Marshal F. Savage, Chandrasekhar Puthillathe, Choudary Akkiah Maddukuri
  • Patent number: 11196733
    Abstract: Methods and systems for access in a management controller group hierarchy may involve receiving a request for a user at an information handling system, determining whether a link of trust is established, and validating the single sign-on request. The request may be to authenticate the user for access using a single sign-on token. Determination of whether the link of trust is established may be based on an initial login location stored in the single sign-on token. Validation of the single sign-on token may be based on a determination that the link of trust is established.
    Type: Grant
    Filed: February 8, 2018
    Date of Patent: December 7, 2021
    Assignee: Dell Products L.P.
    Inventors: Yee Ja, Marshal F. Savage, Cyril Jose, Srihari Srirangam, Anto Dolphinjose Jesurajan Marystella, Farhan Mohammed Syed
  • Publication number: 20210344480
    Abstract: A system for transmitting data is disclosed that includes a file distribution system operating on a processor that is configured to identify one or more files for distribution to a device, forward error correction data for the one or more files, and a cryptographic key associated with the device. A Merkle tree system operating on the processor is configured to receive the forward error correction data and to generate an encrypted root hash. A data transmission system operating on the processor is configured to transmit the one or more files and the encrypted root hash to a predetermined device.
    Type: Application
    Filed: April 30, 2020
    Publication date: November 4, 2021
    Applicant: DELL PRODUCTS L.P.
    Inventors: Michael Emery Brown, Nagendra Varma Totakura, Marshal F. Savage
  • Patent number: 11157060
    Abstract: A method may include, in a chassis configured to provide a common hardware infrastructure to one or more modular information handling systems inserted into the chassis: determining if a save operation is occurring at a time when one or more power supply units are capable of delivering power to the chassis; and delaying power sequencing of the one or more power supply units until the save operation has completed.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: October 26, 2021
    Assignee: Dell Products L.P.
    Inventors: Michael E. Brown, Marshal F. Savage, Aaron M. Rhinehart, Kyle E. Cross, Michael W. Daniele, Jitendra G. Jagasia
  • Patent number: 11153102
    Abstract: A method includes generating a secure management mode public-private key pair; generating a certificate signing request, the certificate signing request including the secure management mode public key of the secure management mode public-private key pair, the certificate signing request including a common name associated with a trusted root certificate authority; sending the secure management mode certificate signing request to a signing server; receiving a signed certificate signed by a factory certificate authority, a public key certificate for the factory certificate authority, and a trust chain signed by the trusted root certificate authority; validating the signed certificate; and enabling a secure management mode.
    Type: Grant
    Filed: March 16, 2020
    Date of Patent: October 19, 2021
    Assignee: Dell Products L.P.
    Inventors: Jason M. Young, Marshal F. Savage
  • Patent number: 11151255
    Abstract: In one or more embodiments, one or more systems, methods, and/or process may allow a customer to install and boot their own firmware securely, without compromising secure boot. A baseboard management controller (BMC) may include a BMC firmware stored via a BMC partition of a non-volatile storage, a customer firmware image including a customer firmware and a signed customer boot block (CBB) file including a CBB, a hidden root key (HRK) hash of the CBB based on a HRK, and a manufacturer signature. The BMC firmware may, when an alternate path to boot the CBB is detected, verify the manufacturer signature on the CBB and the HRK hash, verify the HRK hash based on the unique HRK, and when the manufacturer signature and the HRK hash have been verified, hardware lock the BMC partition, disable the HRK, and transfer control to the CBB.
    Type: Grant
    Filed: October 26, 2018
    Date of Patent: October 19, 2021
    Assignee: Dell Products L.P.
    Inventors: Eugene David Cho, Michael Emery Brown, Marshal F. Savage
  • Patent number: 11153165
    Abstract: A system for distributing firmware, comprising a group controller operating on a processor and configured to perform an algorithmic process of sending an update task with a download host to one of two or more group members. A group member operating on a processor and configured to perform an algorithmic process of receiving the update task with the download host and to request a payload file from the download host.
    Type: Grant
    Filed: November 6, 2019
    Date of Patent: October 19, 2021
    Assignee: Dell Products L.P.
    Inventors: Cyril Jose, Yee Ja, Marshal F. Savage, Chandrasekhar Puthillathe, Choudary Akkiah Maddukuri
  • Publication number: 20210288821
    Abstract: A method includes generating a secure management mode public-private key pair; generating a certificate signing request, the certificate signing request including the secure management mode public key of the secure management mode public-private key pair, the certificate signing request including a common name associated with a trusted root certificate authority; sending the secure management mode certificate signing request to a signing server; receiving a signed certificate signed by a factory certificate authority, a public key certificate for the factory certificate authority, and a trust chain signed by the trusted root certificate authority; validating the signed certificate; and enabling a secure management mode.
    Type: Application
    Filed: March 16, 2020
    Publication date: September 16, 2021
    Inventors: Jason M. Young, Marshal F. Savage
  • Patent number: 11068598
    Abstract: Methods, systems, and computer programs encoded on computer storage medium, for verifying, by a mask ROM of a CPU of a first computing device and with fused keys included by the CPU, a boot loader that is included by a flash memory of the first computing device, in response to verifying the boot loader, verifying, by the boot loader and with boot loader keys included by the flash memory, a kernel included by the a memory device of the first computing device, in response to verifying the kernel, decrypting, by the kernel using a hidden root key (HRK) included by the CPU of the first computing device, a device unique certification (DUC) included by the flash memory, in response to decrypting the DUC, generating, by the first computing device, a proof-of-possession of the DUC.
    Type: Grant
    Filed: November 1, 2018
    Date of Patent: July 20, 2021
    Assignee: Dell Products L.P.
    Inventors: Michael Emery Brown, Josh M. Pennell, Jacob R. Hutcheson, Marshal F. Savage, Nikhil Swarnakumar, Rhushabh Bhandari