Device Enrolment Using Flexible Authentication
Managed devices are already established in corporate environments. Small businesses and end users, however, rarely benefit from such complex systems and dedicated infrastructures.
This project compiled concepts for authenticating devices, with a focus on the initial authentication as part of enrolment processes as well as easy and convenient revocation of permissions. This initial authentication needs to be flexible in order to take the different characteristics and features of current devices into account and possible create device policies on-demand.
The actual communication between enrolled devices and a service, on the other hand, should be kept as simple as possible. This is feasible due to virtually all (client) devices supporting technologies like TLS. A demonstrator illustrates that an OS-independent implementation of the proposed concepts is possible.