| CPC G06F 21/32 (2013.01) [G06F 8/63 (2013.01)] | 20 Claims |
|
1. A system for securely and automatically provisioning endpoint devices, wherein the system comprises:
an administrative API that is configured to generate a token;
an OS image repository that is configured to store and make available an immutable image of an operating system (“OS”) that includes the token generated by the administrative API accessible over a network;
a central endpoint manager that is configured to manage access to and provisioning of the OS;
a secure credential repository that is configured to securely maintain credentials; and
an endpoint device that includes memory and one or more processors, wherein the memory includes (i) a current OS image and (ii) read-only boot code, wherein the read-only boot code is configured to be executed automatically on booting of the endpoint device and that, when executed, performs operations comprising:
obtaining a new OS image from the OS image repository, wherein the new OS image includes an associated token;
installing the new OS image, including replacing the current OS image with the new OS image in the memory;
generating a new password and a new fingerprint for the new OS image installed on the endpoint device, wherein the new fingerprint replaces a current fingerprint in the memory; and
transmitting new OS installation data for the endpoint device to the administrative API, wherein the new OS installation data includes the new password, the associated token, and a unique identifier for the endpoint device;
wherein the administrative API is configured (i) to validate the new OS installation data with the OS image repository and (ii) to perform a write-only operation to store the new password in the secure credential repository upon validation by the OS image repository.
|