Abstract: In one embodiment, a delegation engine automatically provisions a device connected to a network to securely identify and interact with external services. As a device boots in a deployment environment, the delegation engine generates a search domain name based on a manufacturer-supplied domain name and a domain name associated with the deployment environment. The delegation engine then searches a Domain Name System (DNS) to retrieve a delegation record stored at the search domain name. After verifying a manufacturer signature associated with the delegation record, the delegation engine configures the device based on service discovery information included in the delegation record. Because the delegation engine automates the provisioning process, the time required to provision devices is acceptable irrespective of the number of the devices. Further, because the delegation engine verifies the delegation record, the delegation engine does not expose the device to security risks during the provisioning process.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.

Abstract: In one embodiment, a delegation engine automatically provisions a device connected to a network to securely identify and interact with external services. As a device boots in a deployment environment, the delegation engine generates a search domain name based on a manufacturer-supplied domain name and a domain name associated with the deployment environment. The delegation engine then searches a Domain Name System (DNS) to retrieve a delegation record stored at the search domain name. After verifying a manufacturer signature associated with the delegation record, the delegation engine configures the device based on service discovery information included in the delegation record. Because the delegation engine automates the provisioning process, the time required to provision devices is acceptable irrespective of the number of the devices. Further, because the delegation engine verifies the delegation record, the delegation engine does not expose the device to security risks during the provisioning process.

Abstract: In one embodiment, a security provisioning service automatically establishes trust in a device. Upon receiving a provisioning request, a security provisioning service identifies a verification item that is associated with the provisioning request. The security provisioning service performs one or more verification operations based on the provisioning request to determine whether the provisioning request is authorized. If the provisioning request is authorized, then the provisioning service establishes a verifiable identification for the device that is assured by the secure provisioning service and then executes the provisioning request. By automatically performing the verification operations to establish trust in the device, the provisioning service eliminates manual identification assurance operations that are performed as part of a conventional security provisioning process.