Abstract: In some implementations, a system for securely and automatically provisioning endpoint devices includes an administrative API that generates a token, an OS image repository that stores and makes available over a network an image of an operating system (“OS”) that includes the token, a central endpoint manager that provides the OS, a secure credential repository that securely maintain credentials, and an endpoint device. The endpoint device includes a current OS image and read-only boot code. The read-only boot code obtains and installs a new OS image from the OS image repository, generates a new password and a new fingerprint for the new OS image, and transmits new OS installation data for the endpoint device to the administrative API. The administrative API validates the new OS installation data and performs a write-only operation to store the new password in the secure credential repository.

Abstract: In some implementations, a computer system for providing a terminal device with a secure remote service connection can include the terminal device, an internet connection device, and a remote server. A temporary local wireless network and a sharable internet connection can be established by the internet connection device, and connection information can be output for the temporary local wireless network. The terminal device can detect the connection information and can connect to the temporary local wireless network. A secure connection can be established between the terminal device and the remote server. After establishing the secure connection, the remote server can receive operator credentials from the terminal device, and can transmit an access token to the terminal device. The terminal device can transmit a request to access a terminal device service hosted by the remote server, and the remote server can execute application code for the terminal device service.

Abstract: In some implementations, a system for securely and automatically provisioning endpoint devices includes an administrative API that generates a token, an OS image repository that stores and makes available over a network an image of an operating system (“OS”) that includes the token, a central endpoint manager that provides the OS, a secure credential repository that securely maintain credentials, and an endpoint device. The endpoint device includes a current OS image and read-only boot code. The read-only boot code obtains and installs a new OS image from the OS image repository, generates a new password and a new fingerprint for the new OS image, and transmits new OS installation data for the endpoint device to the administrative API. The administrative API validates the new OS installation data and performs a write-only operation to store the new password in the secure credential repository.

Abstract: In some implementations, a computer system for providing a terminal device with a secure remote service connection can include the terminal device, an internet connection device, and a remote server. A temporary local wireless network and a sharable internet connection can be established by the internet connection device, and connection information can be output for the temporary local wireless network. The terminal device can detect the connection information and can connect to the temporary local wireless network. A secure connection can be established between the terminal device and the remote server. After establishing the secure connection, the remote server can receive operator credentials from the terminal device, and can transmit an access token to the terminal device. The terminal device can transmit a request to access a terminal device service hosted by the remote server, and the remote server can execute application code for the terminal device service.

Abstract: In some implementations, a computer system for securely pairing a computing device with peripherals of a terminal device can include the computing device, the terminal device, and a facility server. The terminal device can output connection information that identifies the terminal device, and the computing device can detect the connection information. A trust negotiation protocol can be performed between the computing device, the terminal device, and the facility server to establish a secure connection between the computing device and the terminal device. The terminal device can receive, from the computing device over the secure connection, a request to access one or more peripherals of the terminal device, and a temporary pairing can be established between the computing device and the one or more peripherals of the terminal device.

Abstract: In some implementations, a computer system for providing a terminal device with a secure remote service connection can include the terminal device, an internet connection device, and a remote server. A temporary local wireless network and a sharable internet connection can be established by the internet connection device, and connection information can be output for the temporary local wireless network. The terminal device can detect the connection information and can connect to the temporary local wireless network. A secure connection can be established between the terminal device and the remote server. After establishing the secure connection, the remote server can receive operator credentials from the terminal device, and can transmit an access token to the terminal device. The terminal device can transmit a request to access a terminal device service hosted by the remote server, and the remote server can execute application code for the terminal device service.

Abstract: Devices, systems, methods, and computer program products for managing network access control with a build system are disclosed. The build system controls network filtering at retail stores based on identifiers of Point of Sale devices connected to the store's LAN (Local Area Network). This filtering places only authorized devices on a virtual LAN within the LAN that is reserved for POS terminals. The network access control is managed by a process built into the build system.

Abstract: Devices, systems, methods, and computer program products for managing network access control with a build system are disclosed. The build system controls network filtering at retail stores based on identifiers of Point of Sale devices connected to the store's LAN (Local Area Network). This filtering places only authorized devices on a virtual LAN within the LAN that is reserved for POS terminals. The network access control is managed by a process built into the build system.