Air gapped data storage devices and systems
US-2023032300-A1 · Feb 2, 2023 · US
Executing commands on air-gapped computer systems
US12443729B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12443729-B2 |
| Application number | US-202217667899-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 9, 2022 |
| Priority date | Feb 9, 2022 |
| Publication date | Oct 14, 2025 |
| Grant date | Oct 14, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An air-gapped computer receives, from a simplex communication input device, an encoded message communicated by a simplex communication output device. The air-gapped computer system can use a private key to decrypt an encrypted message which was encrypted by a corresponding public key. The air-gapped computer system decodes the encoded message. The air-gapped computer system verifies that the decoded message indicates that a required number of approvers have approved of a user executing a command. The air-gapped computer system extracts the approved command from the decoded message. The air-gapped computer system enables execution of the command by executing the command, or by providing the user with an access token which enables the user to physically access the air-gapped computer system and execute the command.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for access control for executing commands on air-gapped computer systems, comprising: one or more processors; and a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to: receive, by an air-gapped computer system using a simplex communication input device, while keeping an air gap open, which physically isolates the air-gapped computer system from external networks, an encoded message communicated by a simplex communication output device; decode, by the air-gapped computer system, the encoded message; verify, by the air-gapped computer system, that the decoded message, which was exclusively decoded by the air-gapped computer, indicates that a required number of approvers approved of a user executing a command; extract, by the air-gapped computer system, the approved command from the decoded message that was exclusively decoded by the air-gapped computer; and enable, by the air-gapped computer system, execution of the command by one of executing the command, or temporarily closing the air gap of the air-gapped computer system only long enough to provide the user, via an external network, with an access token, which enables the user to physically access the air-gapped computer system and execute the command. 2. The system of claim 1 , wherein the encoded message contains an identifier of the user, a list of commands that the user is approved to execute, and a time for executing the command. 3. The system of claim 1 , wherein the encoded command is formatted as a visual code, the simplex communication output device comprises a display monitor, and the simplex communication input device comprises a camera. 4. The system of claim 1 , wherein a public key enables the air-gapped computer system to verify that an approver used a corresponding private key to sign a digital certificate to approve of the user executing the command. 5. The system of claim 1 , wherein the plurality of instructions further causes the processor to enable, by a private key, the air-gapped computer system to decrypt an encrypted command which was encrypted by a corresponding public key. 6. The system of claim 1 , wherein executing the extracted command comprises the air-gapped computer system comparing decoded information against information that the user entered to authenticate the user and enable the user to execute the command during a specified time. 7. The system of claim 1 , wherein executing the extracted command comprises the air-gapped computer system providing an access token which enables the user to physically access the air-gapped computer system and execute the command. 8. A computer-implemented method for access control for executing commands on air-gapped computer systems, the computer-implemented method comprising: receiving, by an air-gapped computer system using a simplex communication input device, while keeping an air gap open, which physically isolates the air-gapped computer system from external networks, an encoded message communicated by a simplex communication output device; decoding, by the air-gapped computer system, the encoded message; verifying, by the air-gapped computer system, that the decoded message, which was exclusively decoded by the air-gapped computer, indicates that a required number of approvers have approved of a user executing a command; extracting, by the air-gapped computer system, the approved command from the decoded message that was exclusively decoded by the air-gapped computer; and enabling, by the air-gapped computer system, execution of the command by one of executing the command, or temporarily closing the air gap of the air-gapped computer system only long enough to provide the user, via an external network, with an access token which enables the user to physically access the air-gapped computer system and execute the command. 9. The computer-implemented method of claim 8 , wherein the encoded message contains an identifier of the user, a list of commands that the user is approved to execute, and a time for executing the command. 10. The computer-implemented method of claim 8 , wherein the encoded message is formatted as a visual code, the simplex communication output device comprises a display monitor, and the simplex communication input device comprises a camera. 11. The computer-implemented method of claim 8 , wherein a public key enables the air-gapped computer system to verify that an approver used a corresponding private key to sign a digital certificate to approve of the user executing the command. 12. The computer-implemented method of claim 8 , wherein the computer-implemented method further comprises enabling, by a private key, the air-gapped computer system to decrypt an encrypted command which was encrypted by a corresponding public key. 13. The computer-implemented method of claim 8 , wherein executing the extracted command comprises the air-gapped computer system comparing decoded information against information that the user entered to authenticate the user and enable the user to execute the command during a specified time. 14. The computer-implemented method of claim 8 , wherein executing the extracted command comprises the air-gapped computer system providing an access token which enables the user to physically access the air-gapped computer system and execute the command. 15. A computer program product, comprising a non-transitory computer-readable medium having a computer-readable program code embodied therein to be executed by one or more processors, the program code including instructions to: receive, by an air-gapped computer system using a simplex communication input device, while keeping an air gap open, which physically isolates the air-gapped computer system from external networks, an encoded message communicated by a simplex communication output device; decode, by the air-gapped computer system, the encoded message; verify, by the air-gapped computer system, that the decoded message, which was exclusively decoded by the air-gapped computer, indicates that a required number of approvers approved of a user executing a command; extract, by the air-gapped computer system, the approved command from the decoded message that was exclusively decoded by the air-gapped computer; and enable, by the air-gapped computer system, execution of the command by one of executing the command, or temporarily closing the air gap of the air-gapped computer system only long enough to provide the user, via an external network, with an access token which enables the user to physically access the air-gapped computer system and execute the command. 16. The computer program product of claim 15 , wherein the encoded message contains an identifier of the user, a list of commands that the user is approved to execute, and a time for executing the command. 17. The computer program product of claim 15 , wherein the encoded message is formatted as a visual code, the simplex communication output device comprises a display monitor, and the simplex communication input device comprises a camera. 18. The computer program product of claim 15 , wherein a public key enables the air-gapped computer system to verify that an approver used a corresponding private key to sign a digital certificate to approve of the user executing the command. 19. The computer program product of claim 15 , wherein the program code includes further instructions to enable, by a private key, the air-gapped computer system to decrypt an encry
Assignees
Inventors
Classifications
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
input devices, e.g. keyboards, mice or controllers thereof · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
Ciphering apparatus or methods not provided for in the preceding groups, e.g. involving the concealment or deformation of graphic data such as designs, written or printed messages · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12443729B2 cover?
- An air-gapped computer receives, from a simplex communication input device, an encoded message communicated by a simplex communication output device. The air-gapped computer system can use a private key to decrypt an encrypted message which was encrypted by a corresponding public key. The air-gapped computer system decodes the encoded message. The air-gapped computer system verifies that the de…
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/604. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).