What technology area does this patent fall under?

Primary CPC classification H04L63/08. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods to orchestrate trusted enrollment

US12101306B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12101306-B2
Application number	US-202117458088-A
Country	US
Kind code	B2
Filing date	Aug 26, 2021
Priority date	Aug 26, 2021
Publication date	Sep 24, 2024
Grant date	Sep 24, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package before proceeding to use other information contained in the enrollment package to contact a registration server to enroll the endpoint client system.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising operating an endpoint client system coupled in communication with one or more networks, the method comprising performing the following in the endpoint client system: receiving an enrollment package in the endpoint client system from across at least one of the one or more networks, the enrollment package comprising a payload that includes enrollment information comprising a designated network location of a remote registration server; attempting to verify a signature of the signed enrollment package payload; and then performing the following only if the signed enrollment package payload is successfully verified: contacting the remote registration server across at least one of the one or more networks at the designated network location, and providing at least a portion of data from the enrollment package payload across at least one of the one or more networks to the registration server; where the method further comprises receiving an enrollment request in a server from across the one or more networks, the enrollment request including enrollment information including an identity of the endpoint client system and the designated network location of the remote registration server; and in response to the enrollment request: provisioning the payload of the enrollment package to comprise at least a portion of the enrollment information that comprises the identity of the endpoint client system and the designated network location of the remote registration server, signing the enrollment package, and deploying the signed enrollment package across at least one of the one or more networks directly or through an intermediary system to the endpoint client system. 2. The method of claim 1 , further comprising attempting to verify one or more credentials presented by an originator of the enrollment request; and then only performing the provisioning, signing and deploying if the one or more credentials presented by the originator of the enrollment request are verified. 3. The method of claim 1 , where the enrollment information comprises an email domain of the enrollment request originator and an email domain of the endpoint client system; and where the method further comprises: authenticating the email domain of the enrollment request originator; comparing the email domain of the endpoint client system to the authenticated email domain of the enrollment request originator; and then only performing the provisioning, signing and deploying if the email domain of the endpoint client system is the same as the authenticated email domain of the enrollment request originator. 4. The method of claim 1 , further comprising provisioning a private key that is unique to the enrollment request originator; where the provisioning further comprises including a public key in the enrollment package that corresponds to the private key that is unique to the enrollment request originator; and where the signing of the enrollment package further comprises signing the enrollment package with the private key that is unique to the enrollment request originator. 5. The method of claim 1 , where the provisioning further comprises including a public key in the enrollment package that is unique to a software provider that deploys the signed enrollment package from the server. 6. The method of claim 1 , where the provisioning comprises provisioning the enrollment package having the payload comprising at least a portion of the enrollment information that further comprises at least one of a uniform resource locator (URL) of the registration server, a tenant name for the endpoint client system, email domain of an originator of the enrollment package, or a secure sockets layer (SSL) certificate of the registration server. 7. The method of claim 1 , where an originator of the enrollment request is an enterprise software customer; and where a software vendor receives the enrollment request in the server and performs the provisioning, signing and deploying of the signed enrollment package from the server. 8. The method of claim 1 , where the enrollment package payload is signed with a private key; where the attempting to verify a signature of the signed enrollment package payload comprises comparing a hash value obtained from the signature of the enrollment package payload to a calculated hash value of data of the enrollment package; and where the signed enrollment package payload is successfully verified only if the hash value obtained from the signature of the enrollment package payload is the same as the calculated hash value of the data of the enrollment package. 9. The method of claim 1 , where the enrollment information comprises at least one of a uniform resource locator (URL) of the registration server, a tenant name for the endpoint client system, email domain of an originator of the enrollment request, or a secure sockets layer (SSL) certificate of the registration server. 10. A method comprising operating an endpoint client system coupled in communication with one or more networks, the method comprising performing the following in the endpoint client system: receiving an enrollment package in the endpoint client system from across at least one of the one or more networks, the enrollment package comprising a payload that includes enrollment information comprising a designated network location of a remote registration server; attempting to verify a signature of the signed enrollment package payload; and then performing the following only if the signed enrollment package payload is successfully verified: contacting the remote registration server across at least one of the one or more networks at the designated network location, and providing at least a portion of data from the enrollment package payload across at least one of the one or more networks to the registration server; where the received enrollment package further comprises a public key unique to a provider of the enrollment package, and where the method further comprises executing an agent on a programmable integrated circuit of the endpoint client system to: compare the public key unique to a software provider of the enrollment package to a public key that is embedded in a binary code of the agent to determine if they are the same, and then perform the contacting of the remote registration server and the providing of the at least a portion of data from the enrollment package payload across the at least one of the one or more networks to the registration server only if both: the public key that is embedded in a binary code of the agent is determined to be the same as the public key unique to the software provider of the enrollment package, and if the signed enrollment package payload is successfully verified. 11. A method comprising operating an endpoint client system coupled in communication with one or more networks, the method comprising performing the following in the endpoint client system: receiving an enrollment package in the endpoint client system from across at least one of the one or more networks, the enrollment package comprising a payload that includes enrollment information comprising a designated network location of a remote registration server; attempting to verify a signature of the signed enrollment package payload; and then performing the following only if the signed enrollment package payload is successfully verified: contacting the remote registration server across at least one of the one or more networks at the designated network location, and providing at least a portion of data from the enrollment package payload across at least one of the one or more networks to the registration server; wh

Assignees

Dell Products Lp

Inventors

Classifications

H04L9/3263
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04L63/126
the source of the received data · CPC title
H04L9/3247Primary
involving digital signatures · CPC title
H04L9/30
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title

Patent family

Related publications grouped by family.

View patent family 85288936

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12101306B2 cover?: Systems and methods are provided that may be implemented to orchestrate trusted enrollment of an endpoint client information handling system by deploying a signed payload of an enrollment package to the endpoint client system, and by using a client software agent executing on the endpoint client system to first verify the distribution chain and/or signature of the deployed enrollment package be…
Who is the assignee on this patent?: Dell Products Lp
What technology area does this patent fall under?: Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).