CPC G06F 9/4416 (2013.01) [G06F 16/955 (2019.01); H04L 63/0876 (2013.01)] | 16 Claims |
1. A computer implemented method of accessing a remote resource at a resource server by an internet-connectable device, the method performed at the device, comprising:
establishing secure communications with a bootstrap server;
performing a bootstrap process with the bootstrap server comprising:
receiving, from the bootstrap server, a first plurality of identifiers each identifier associated with one of a respective first plurality of connectivity servers, each connectivity server located at a respective address on the internet with which the device can communicate;
terminating communications with the bootstrap server when the bootstrap process is complete;
determining based on or in response to a rule or policy provisioned thereon during a factory provisioning process, a first identifier to select from the first plurality of identifiers;
selecting the first identifier from the first plurality of identifiers;
establishing secure end-to-end secure communications with a first connectivity server associated with the selected first identifier;
accessing the resource at the resource server via the first connectivity server, where the resource server is hosted on a private network accessible to the device only via the connectivity servers;
when access to the resource server becomes unavailable via the first connectivity server:
determining based on or in response to a rule or policy provisioned thereon during a factory provisioning process, a second identifier to select from the first plurality of identifiers;
selecting the second identifier;
establishing secure end-to-end secure communications with a second connectivity server associated with the selected second identifier;
accessing the resource at the resource server via the second connectivity server,
when access to all the connectivity servers of the first plurality of connectivity servers becomes unavailable:
establishing secure communications with the bootstrap server to perform a further bootstrap process to obtain a second plurality of identifiers each identifier of the second plurality associated with one of a respective second plurality of connectivity servers.
|