US 12,443,729 B2
Executing commands on air-gapped computer systems
Amihai Savir, Newton, MA (US); Stav Sapir, Beer Sheva (IL); Naor Radami, Beer Sheva (IL); and Jehuda Shemer, Kfar Saba (IL)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Feb. 9, 2022, as Appl. No. 17/667,899.
Prior Publication US 2023/0252169 A1, Aug. 10, 2023
Int. Cl. G06F 21/60 (2013.01); G06F 21/83 (2013.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/604 (2013.01) [G06F 21/83 (2013.01); H04L 9/0825 (2013.01); H04L 9/3263 (2013.01); G06F 2221/2141 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for access control for executing commands on air-gapped computer systems, comprising:
one or more processors; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to:
receive, by an air-gapped computer system using a simplex communication input device, while keeping an air gap open, which physically isolates the air-gapped computer system from external networks, an encoded message communicated by a simplex communication output device;
decode, by the air-gapped computer system, the encoded message;
verify, by the air-gapped computer system, that the decoded message, which was exclusively decoded by the air-gapped computer, indicates that a required number of approvers approved of a user executing a command;
extract, by the air-gapped computer system, the approved command from the decoded message that was exclusively decoded by the air-gapped computer; and
enable, by the air-gapped computer system, execution of the command by one of executing the command, or temporarily closing the air gap of the air-gapped computer system only long enough to provide the user, via an external network, with an access token, which enables the user to physically access the air-gapped computer system and execute the command.