Abstract: Systems, devices, and method for managing data processing systems are disclosed. The data processing systems may be capable of operating in various manners. To manage the data processing systems, onboarding processes may be performed to conform the operation of the data processing systems to meet the expectations of owners of the data processing systems. To facilitate onboarding, onboarding payloads may be generated in a domain in which data necessary for onboarding is available. The onboarding payloads may be transferred to data processing systems in domains in which the necessary data is not available to onboard the data processing systems.

Abstract: Systems, devices, and methods for managing operation of data processing systems are disclosed. To manage operation of the data processing systems, onboarding processes may be performed to conform the operation of the data processing systems to meet the expectations of owners of the data processing systems. During onboarding, keys usable to verify subsequently issued commands may be obtained by the data processing systems. The data processing systems may perform verifications processes for issued commands that rely on a root of trust established with the keys rather than identifies of entities that may issue the commands for command verification.

Abstract: Systems, devices, and methods for managing data processing systems are disclosed. The data processing systems may be capable of operating in various manners. To manage the data processing systems, onboarding processes may be performed to conform the operation of the data processing systems to meet the expectations of owners of the data processing systems. To manage security policies of the data processing systems during onboarding, ownership vouchers may be generated to provide data necessary for onboarding that defines security policies, hardware policies, and ownership of the data processing systems. The ownership voucher may be deployed to data processing systems during onboarding to reduce the likelihood of undesired use and/or interactions with the data processing systems.

Abstract: Methods and systems for managing the security of distributed systems that utilize certificates for command and control purposes are disclosed. The certificates may be used to delegate authority to various entities and attest public keys associated with the entities. To manage security using the certificates, the system may limit use of certificates and public keys to only those that have been attested. By doing so, the vulnerability to attacks through unauthorized use of keys of delegates may be reduced.

Abstract: Methods and systems for certificate management in a distributed system are disclosed. The distributed system may include data processing systems that utilize certificates issued by a certificate issuer. The data processing systems may be intermittently connected to the certificate issuer. The certificate issuer may, at any point in time, revoke any issued certificate. The certificate issuer may not notify other entities of the revocation. To determine whether a certificate should be treated as being valid, the data processing systems may apply a set of rules to the certificate that compensate for intermittent connectivity to the certificate issuer that may prevent determining whether a certificate has been revoked, while limiting risk due to the potential for a certificate to have been revoked but the revocation not being known.