主权项 |
1. Non-transitory computer storage medium storing computer-executable instructions that, when executed by a computing device, cause the computing device to:
establish a network connection with the networked device; receive, from the networked device, a fully qualified domain name and a public key for the networked device; register the fully qualified domain name and the public key with a domain name server that stores records mapping fully qualified device names to public keys for respective networked devices; and transmit configuration data, including data corresponding to a username, to the networked device, where the username enables the networked device to establish an authorized connection with a data collection server that is accessible, via a network, to the networked device; in response to receiving credentials from the networked device:
deducing, from the credentials, the username, the fully qualified domain name for the networked device, and an encrypted password, where the encrypted password was computed by the networked device using a private key of the networked device;query the domain name server for a public key mapped to the fully qualified domain name;receive, from the domain name server, the public key mapped to the fully qualified domain name;decrypt the encrypted password based, at least in part, on the public key;attempt to verify the decrypted password;when a public key for the device is returned by the domain name server and the decrypted password is verified, providing the username to a data collection server to authorize a network connection between the computing device and the data collection server; andwhen the domain name server does not have a record recording a public key for the fully qualified domain name or the decrypted password is not verified, refraining from providing the username to the data collection server. |