| 摘要 |
A technique is introduced that enables a server to establish trust of and a secure channel of communication with an unverified client computer, which can be on a different insecure network. To establish trust, the server needs to ensure that the client computer is legitimate, and the client computer similarly needs to ensure that the server is legitimate. With mutual trust established, a secure channel of communication is established between the server and the client computer. With mutual trust and a secure channel of communication established, the client computer can safely communicate with the server, for example, to download software that enables the client computer to join a central management system at the server. |
| 主权项 |
1. A method comprising:
receiving a request, by a server and from an unverified storage node computer, for software to enable the unverified storage node computer to generate a first unique identifier to facilitate the server being able to uniquely identify the unverified storage node computer; in response to the request for the software, sending, by the server, client node software to the unverified storage node computer for installation at the unverified storage node computer, wherein the client node software enables the unverified storage node computer to generate signature data, the signature data being a unique identifier; receiving, by the server, first signature data after the unverified storage node computer generates the first signature data via the client node software; in response to said receiving of the first signature data, generating a security key and a second unique identifier to:
enable the unverified storage node computer to generate a claim uniform resource locator (URL), wherein the claim URL enables the server to establish trust of the unverified storage node computer, and enables a user to securely claim a storage node; andenable the unverified storage node computer to generate a certificate URL, wherein the certificate URL enables the server to send a certificate bundle to the unverified storage node computer; sending, by the server, the security key and the second unique identifier to the unverified storage node computer; receiving the claim URL, by the server and from a user computer, after the claim URL was generated based on the security key and the second unique identifier, wherein said receiving of the claim URL enables the server to establish trust of the unverified storage node computer; when the certificate URL is received from a first computer prior to the server establishing trust of the unverified storage node computer, sending, by the server and to the first computer, a message that indicates that the server could not find data associated with the certificate URL; receiving, by the server and from a user computer, a login request of the user; in response to the login request, facilitating a login of the user at the server; based on the login of the user at the server and said receiving of the claim URL, linking the user and the unverified storage node computer via a database thereby indicating that the server established trust of the unverified storage node computer; and when the certificate URL is received after the server establishes trust of the unverified storage node computer, facilitating the claiming of the storage node by the user. |
