Device Enrolment Using Flexible Authentication
In order to provide solutions such as managed devices to end users, we compiled concepts for authenticating devices, with a focus on the initial authentication as part of enrolment processes as well as easy and convenient revocation of permissions. This initial authentication needs to be flexible in order to take the different characteristics and features of current devices into account and possiblly create device policies on-demand.
The actual communication between enrolled devices and a service, on the other hand, should be kept as simple as possible. This is feasible due to virtually all (client) devices supporting technologies like TLS. A demonstrator illustrates that an OS-independent implementation of the proposed concepts is possible.