Abstract: Apparatus and methods are provided for protecting network resources, particularly in association with automatic provisioning of new client devices. A global PKI (Public Key Infrastructure) scheme is rooted at a globally available server. Roots of PKIs for individual organizations also reside at this server or another globally available resource. To enable access to an organization's network, one or more authenticators are deployed, which may be co-located with access points or other network components. After a client device enabler (CDE) and an authenticator perform mutual authentication with certificates issued within the global PKI, the CDE is used to provision a new client device for the organization. After the client is provisioned, it and an authenticator use certificates issued within the per-organization PKI to allow the client access to the network.

Abstract: Apparatus and methods are provided for managing network resources. A central unified services and device management framework is operated to simultaneously manage various types of resources on behalf of multiple organizations. Within the framework, a common management layer provides services (e.g., account management, event logging) common to multiple different services and devices. Within a specific management layer, separate subsystems are implemented for different devices or types of devices. The device-specific subsystems invoke device-independent functional modules through primitives exposed by the common management layer. A given organization may establish tiered logical constructs to group resources deployed at different physical locations (e.g., cities, offices) or within different subdivisions of the organizations (e.g., subsidiaries, departments).

Abstract: Apparatus and methods are provided for protecting network resources, particularly in association with automatic provisioning of new client devices. A global PKI (Public Key Infrastructure) scheme is rooted at a globally available server. Roots of PKIs for individual organizations also reside at this server or another globally available resource. To enable access to an organization's network, one or more authenticators are deployed, which may be co-located with access points or other network components. After a client device enabler (CDE) and an authenticator perform mutual authentication with certificates issued within the global PKI, the CDE is used to provision a new client device for the organization. After the client is provisioned, it and an authenticator use certificates issued within the per-organization PKI to allow the client access to the network.

Abstract: Apparatus and methods are provided for managing network resources. A central unified services and device management framework is operated to simultaneously manage various types of resources on behalf of multiple organizations. Within the framework, a common management layer provides services (e.g., account management, event logging) common to multiple different services and devices. Within a specific management layer, separate subsystems are implemented for different devices or types of devices. The device-specific subsystems invoke device-independent functional modules through primitives exposed by the common management layer. A given organization may establish tiered logical constructs to group resources deployed at different physical locations (e.g., cities, offices) or within different subdivisions of the organizations (e.g., subsidiaries, departments).

Abstract: Apparatus and methods are provided for protecting network resources, particularly in association with automatic provisioning of new client devices. A global PKI (Public Key Infrastructure) scheme is rooted at a globally available server. Roots of PKIs for individual organizations also reside at this server or another globally available resource. To enable access to an organization's network, one or more authenticators are deployed, which may be co-located with access points or other network components. After a client device enabler (CDE) and an authenticator perform mutual authentication with certificates issued within the global PKI, the CDE is used to provision a new client device for the organization. After the client is provisioned, it and an authenticator use certificates issued within the per-organization PKI to allow the client access to the network.