System, Apparatus And Method For Scalable Internet Of Things (IOT) Device On-Boarding With Quarantine Capabilities
First Claim
1. A system comprising:
- an access point having at least one first hardware processor, the access point comprising a first layer of a remediation network, the remediation network to prevent network access by unknown devices;
a first server coupled to the access point, the first server having at least one second hardware processor, the first server to verify that a first unknown device is trusted based at least in part on a manufacturer credential of the first unknown device, the manufacturer credential to indicate a type of device; and
a domain controller coupled to the first server, the domain controller having at least one third hardware processor, the domain controller to manage a domain, the domain controller to communicate with the first server to provision the first unknown device into the domain, wherein the domain controller comprises a second layer of the remediation network and responsive to the provisioning of the first unknown device into the domain, the first unknown device is to be released from the first layer of the remediation network.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a domain controller includes: a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. Other embodiments are described and claimed.
43 Citations
20 Claims
-
1. A system comprising:
-
an access point having at least one first hardware processor, the access point comprising a first layer of a remediation network, the remediation network to prevent network access by unknown devices; a first server coupled to the access point, the first server having at least one second hardware processor, the first server to verify that a first unknown device is trusted based at least in part on a manufacturer credential of the first unknown device, the manufacturer credential to indicate a type of device; and a domain controller coupled to the first server, the domain controller having at least one third hardware processor, the domain controller to manage a domain, the domain controller to communicate with the first server to provision the first unknown device into the domain, wherein the domain controller comprises a second layer of the remediation network and responsive to the provisioning of the first unknown device into the domain, the first unknown device is to be released from the first layer of the remediation network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. At least one computer readable storage medium comprising instructions that when executed enable a system to:
-
receive, in a domain controller of a domain managed by the domain controller, a request from a first device to join the domain, the domain controller comprising a first quarantine point at a first layer of a multi-layer communication model; communicate with a domain name system (DNS) server to determine whether the first device is a first device type, based at least in part on a manufacturer certificate for the first device; and based on the determination, verify that the first device is authorized to be a member of the domain and communicate the verification to a second server coupled to the domain controller, wherein responsive to an authentication protocol performed between the second server and the first device, the first device is to be removed from a second quarantine point at a second layer of the multi-layer communication model, wherein the second layer is a lower layer of the multi-layer communication model than the first layer, the second quarantine point more restrictive than the first quarantine point. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A domain controller comprising:
-
a quarantine logic to quarantine unknown devices from unrestricted network access, the quarantine logic comprising a first quarantine point at a first layer of a multi-layer communication model; a first logic to communicate with a domain name system (DNS) service to self-allocate and register a domain name with the DNS service, the domain name associated with a domain to be managed by the domain controller; a second logic to manage a group of devices of the domain; and a third logic to receive a provisioning request for a first device via an access point, wherein the access point comprises a second quarantine point at a second layer of the multi-level communication model. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification