Method and system for configuring and securing a device or apparatus, a device or apparatus, and a computer program product

摘要

A method for configuring and securing a first device, including: performing a first check 101 of the first device to determine the presence of unauthorised components or modules in a memory of the first device; performing a second check 102 of the device to compare hardware components of the first device against a predetermined list of authorised components; initiating an encrypted virtual private network (VPN) tunnel 103 between the first device and a remote second device by transmitting a request from the first device to the second device including data representing multiple parameters associated with the first device; the second device determining 105 whether the multiple parameters correspond to a known and trusted device; and accordingly establishing 107 the encrypted VPN tunnel between the first and second devices; transmitting data representing a first acknowledgement message 109, on the basis of the first and second checks, from the first device to a second device using the VPN; on receipt of the first acknowledgement message at the second device, transmitting encrypted data packets representing respective portions of an operating system (OS) 111 for the first device from the second device using the VPN; for a predefined task, conforming operations of the hardware components of the first device according to a set of preferred hardware operations and behaviours for the task; performing a third check 113 of the first device, using the OS, to compare hardware components of the first device against a predetermined list of authorised components, whereby to approve the hardware components of the first device; transmitting, on the basis of the third check, data representing an application request message 115 from the first device to the second device using the VPN; and on receipt of the application request message at the second device, transmitting encrypted data packets representing respective portions of application data 118 for an application for performing the predefined task from the second device to the first device using the VPN.