Security Profiling of System Firmware and Applications from an OOB Appliance at a Differentiated Trust Boundary

US 20200134192A1
Filed: 10/31/2018
Published: 04/30/2020
Est. Priority Date: 10/31/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method for performing a security vulnerability detection operation, comprising:

configuring a firmware security profiling environment with a trusted host and a trusted service processor;

receiving a firmware update file via the trusted service processor;

using the trusted service processor to identify a security vulnerability within the firmware update file; and

,installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer-readable medium for a security vulnerability detection operation. The security vulnerability operation includes configuring a firmware security profiling environment with a trusted host and a trusted service processor; receiving a firmware update file via the trusted service processor; using the trusted service processor to identify a security vulnerability within the firmware update file; and, installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.

10 Citations

20 Claims

1. A computer-implementable method for performing a security vulnerability detection operation, comprising:
- configuring a firmware security profiling environment with a trusted host and a trusted service processor;
  
  receiving a firmware update file via the trusted service processor;
  
  using the trusted service processor to identify a security vulnerability within the firmware update file; and
  
  ,installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein:
    - the firmware update file is used to update a sub-system of the information handling system.
  - 3. The method of claim 1, wherein:
    - the firmware update file is received via an externally provided firmware update package
  - 4. The method of claim 1, wherein:
    - the identifying the security vulnerabilities comprises using a malware scanning application file and a digital signature
  - 5. The method of claim 4, wherein:
    - the malware scanning application file and the digital signature are provided by the trusted host.
  - 6. The method of claim 1, further comprising:
    - mapping the firmware update file to a memory-mapped device contained within the trusted service processor.

7. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  configuring a firmware security profiling environment with a trusted host and a trusted service processor;
  
  receiving a firmware update file via the trusted service processor;
  
  using the trusted service processor to identify a security vulnerability within the firmware update file; and
  
  ,installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein:
    - the firmware update file is used to update a sub-system of the information handling system.
  - 9. The system of claim 7, wherein:
    - the firmware update file is received via an externally provided firmware update package
  - 10. The system of claim 7, wherein the instructions executable by the processor are further configured for:
    - the identifying the security vulnerabilities comprises using a malware scanning application file and a digital signature.
  - 11. The system of claim 10, wherein:
    - the malware scanning application file and the digital signature are provided by the trusted host.
  - 12. The system of claim 7, wherein the instructions executable by the processor are further configured for:
    - mapping the firmware update file to a memory-mapped device contained within the trusted service processor.

13. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- configuring a firmware security profiling environment with a trusted host and a trusted service processor;
  
  receiving a firmware update file via the trusted service processor;
  
  using the trusted service processor to identify a security vulnerability within the firmware update file; and
  
  ,installing the firmware update file to the information handling system only when no security vulnerability is identified by the trusted service processor, the installing being performed by the trusted host.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the firmware update file is used to update a sub-system of the information handling system.
  - 15. The non-transitory, computer-readable storage medium of claim 14, wherein:
    - the firmware update file is received via an externally provided firmware update package.
  - 16. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the identifying the security vulnerabilities comprises using a malware scanning application file and a digital signature.
  - 17. The non-transitory, computer-readable storage medium of claim 16, wherein:
    - the malware scanning application file and the digital signature are provided by the trusted host.
  - 18. The non-transitory, computer-readable storage medium of claim 13, wherein the computer executable instructions are further configured for:
    - mapping the firmware update file to a memory-mapped device contained within the trusted service processor.
  - 19. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are deployable to a client system from a server system at a remote location.
  - 20. The non-transitory, computer-readable storage medium of claim 13, wherein:
    - the computer executable instructions are provided by a service provider to a user on an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Gupta, Chitrak, Bisa, Rama Rao, Jreij, Elie A., Basavarajaiah, Sushma, Sampathkumar, Kala, Roy, Mainak

Granted Patent

US 11,409,884 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/564   by virus signature recognition

G06F 21/572   Secure firmware programming...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 8/65   Updates security arrangemen...

Security Profiling of System Firmware and Applications from an OOB Appliance at a Differentiated Trust Boundary

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security Profiling of System Firmware and Applications from an OOB Appliance at a Differentiated Trust Boundary

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links