BACKGROUND

[0001] A computing device (e.g., a laptop computing device, a desktop/workstation computing device, a smart/mobile phone, a tablet computing device, etc.) can execute applications for performing various tasks. The type of applications executable on a computing device can vary based on the particular computing device’s configuration. Computing devices can be located locally to users. In some cases, a user has a dedicated computing device. In other cases, computing devices are remotely accessible and can be shared by multiple users.

BRIEF DESCRIPTION OF THE DRAWINGS

[0002] FIG. 1 illustrates a block diagram of an example method for onboarding of a secondary device in a cloud computing network, in accordance with the present disclosure.

[0003] FIG. 2 illustrates an example apparatus for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure.

[0004] FIG. 3 illustrates a flow diagram of an example method for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure.

[0005] FIG. 4 illustrates a sequence diagram illustrating an example method for configuring a device announcement listener, in accordance with the present disclosure.

[0006] FIG. 5 illustrates a sequence diagram illustrating an example method for discovering devices for onboarding, in accordance with the present disclosure.

[0007] FIG. 6 illustrates a sequence diagram illustrating an example method for authenticating a secondary device, in accordance with the present disclosure. [0008] FIG. 7 illustrates a sequence diagram illustrating an example method for registering a device to the device interfacing platform component, in accordance with the present disclosure.

[0009] FIG. 8 illustrates a sequence diagram illustrating an example method for claiming a device to the network command center component, in accordance with the present disclosure.

[0010] FIG. 9 illustrates an example apparatus for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure.

DETAILED DESCRIPTION

[0011] In the following detailed description, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific examples in which the disclosure may be practiced. It is to be understood that other examples may be utilized and structural or logical changes may be made without departing from the scope of the present disclosure. The following detailed description, therefore, is not to be taken in a limiting sense, and the scope of the present disclosure is defined by the appended claims. It is to be understood that features of the various examples described herein may be combined, in part or whole, with each other, unless specifically noted otherwise.

[0012] Configuring networking devices is often a manual process including device or network specific input. Such processes typically involve some manual intervention, lack efficiency, and do not scale well for large enterprises. Even with the decreased cost for wireless data communication, however, the process of customer acquisition and on-boarding remains time-consuming and inefficient, requiring a significant amount of manual effort on the part of the prospective customer. Moreover, with increasing development in internet of things (loT) technologies, problems relating to configuring devices to access wireless networks have become more acute. In particular, existing mechanisms to configure devices to access wireless networks tend to suffer from various draw backs and limitations, which include a complex user experience, insufficient reliability, and security vulnerabilities, among other limitations. For example, configuring devices to access infrastructure-mode Wi-Fi networks and other similar wireless networks typically includes association and authentication of the device. However, if many devices need to be on-boarded (e.g., 100 devices), the process of connecting to each device, and have a Wi-Fi network connect, disconnect, and validate the devices is, at the very least, cumbersome. [0013] According to examples of the present disclosure, a method for onboarding of a secondary device in a cloud computing network with a primary device, includes receiving from a network command center component running on a cloud computing network, a selection of a secondary device to on-board to the cloud computing network. The method includes initiating, using the network command center component, an authentication of the secondary device via a device monitoring and management platform component running on the cloud computing network. The method further includes registering, by the device monitoring and management platform component, the secondary device with a device interfacing platform component running on the cloud computing network, using a primary device which is already on-boarded to the network. The method also includes, responsive to the device monitoring and management platform component obtaining an authentication token for the secondary device via the primary device, identifying with the network command center the secondary device as an on-boarded device of the network.

[0014] In various examples, a non-transitory computer-readable medium may store instructions that when executed cause a processor to on-board of a secondary device in a cloud computing network with a primary device. In such examples, the non-transitory computer-readable medium may store instructions that when executed cause the processor to, using a primary device which is already on-boarded to a cloud computing network, identify a secondary device available for on-boarding to the cloud computing network. The non-transitory computer-readable medium may store instructions that when executed cause the processor to provide to a network command center component running on the cloud computing network, a list of devices available for on-boarding to the cloud computing network including the secondary device. The non-transitory computer-readable medium may store instructions that when executed cause the processor to, responsive to selection of the secondary device for on- boarding to the cloud computing network, obtain an authentication token for the secondary device via the primary device. The non-transitory computer-readable medium may store instructions that when executed cause the processor to, responsive to obtaining the authentication token for the secondary device via the primary device, identify with the network command center the secondary device as an on-boarded device of the network.

[0015] In additional examples, the non-transitory computer-readable medium may store instructions that when executed cause the processor to identify a secondary device available for on-boarding to a cloud computing network, via a primary device which is on-boarded to a cloud computing network. The non- transitory computer-readable medium may store instructions that when executed cause the processor to obtain an authentication token for the secondary device via the primary device, responsive to selection of the secondary device for on-boarding to the cloud computing network. Moreover, the non-transitory computer-readable medium may store instructions that when executed cause the processor to register the secondary device with a device interfacing platform component running on the cloud computing network, using the primary device. Additionally, the non-transitory computer-readable medium may store instructions that when executed cause the processor to, responsive to obtaining the authentication token for the secondary device via the primary device, identify the secondary device as an on-boarded device of the network.

[0016] Turning now to the Figures, FIG. 1 illustrates a block diagram of an example method 100 for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure. As used herein, a cloud computing network refers to or includes a network of remote server computing devices and other computing resources that may be hosted on the Internet, to store, manage, and process data, in lieu of local server computing devices and other local computing resources. The cloud computing network may be a cloud computing network hosted by a cloud computing network provider.

[0017] A device to be connected to the cloud computing network may be at a local location. The local location may be a local network, for instance, of which the device is a part, and that is connected to the cloud computing network over the Internet or another type of network, such as an extranet. The device may reside at the local location outside the auspices of a local network, however, such as by being wirelessly or otherwise directly connected to the Internet so that the device can communicate with the cloud computing network. The device connected to the cloud computing network may be any object (e.g., an appliance, a sensor, etc.) that has an addressable interface (e.g., an Internet protocol (IP) address, a Bluetooth identifier (ID), a near-field communication (NFC) ID, etc.) and can transmit information to one or more other devices over a wired or wireless connection. The cloud computing network, by connecting many devices of different types, may in some instances be referred to as an loT network and the devices connected thereto may be referred to as loT devices.

[0018] In some examples, a device connected to the cloud computing network may have a passive communication interface. Non-limiting examples of a passive communication interface may include a quick response (QR) code, a radio-frequency identification (RFID) tag, an NFC tag, or the like. In some examples, a device connected to the cloud computing network may have an active communication interface. Non-limiting examples of an active communication interface include a modem, a transceiver, a transmitter-receiver, or the like. Non-limiting examples of a device connected to the cloud computing network may include a printing device, such as a standalone printer, or an all-in- one (AIO) or multifunction printer (MFP) device that includes functionality like scanning, copying, and/or faxing functionality in addition to printing functionality. Additional non-limiting examples of a device connected to the cloud computing network may include refrigerators, toasters, ovens, microwaves, freezers, dishwashers, dishes, hand tools, clothes washers, clothes dryers, furnaces, air conditioners, thermostats, televisions, light fixtures, vacuum cleaners, sprinklers, electricity meters, and gas meters, among others. As used herein, a device connected to or capable of connecting to the cloud computing network refers to or includes any device equipped with an addressable communications interface for communicating with the cloud computing network. A device may also include cell phones, desktop computers, laptop computers, tablet computers, personal digital assistants (PDAs), and other personal computing devices. Accordingly, the cloud computing network may be comprised of a combination of “legacy” Internet accessible devices (e.g., laptop or desktop computers, cell phones, etc.) in addition to devices that do not typically have Internet-connectivity (e.g., dishwashers, etc.).

[0019] As illustrated in FIG. 1 , the method 100 may include at 101 , receiving from a network command center component running on a cloud computing network, a selection of a secondary device to on-board to the cloud computing network. As used herein, a “primary device” and a “secondary device” both refer to a device connected to, or capable of connecting to, a cloud computing network as discussed herein. The designation of “primary” and “secondary” is used to distinguish one device from another device. As explained in further detail, the primary device may be used as a proxy to enable the secondary device to connect to the cloud computing network.

[0020] As used herein, a network command center refers to or includes a computing platform that operates in the cloud computing network and allows administrators to manage the devices on the computing network remotely. The network command center intermediates communication between the cloud computing network and each device. The network command center includes a network command center component, which refers to or includes instructions that execute on the hardware resources of the cloud computing network.

[0021] A secondary device may be selected using various mechanisms. For instance, a secondary device for on-boarding to the cloud computing network may be selected using a unicast process, and/or the secondary device for onboarding to the cloud computing network may be selected using a multicast process. Various secondary device discovery processes are discussed further with regards to FIG. 5. In some examples, various processes for designating a primary device (e.g., the proxy device) may be selected. For instance, in the primary device may be automatically selected by the network command center component. In some examples, selection of the primary device may be dynamic, in that the network command center component may select from a plurality of devices on-boarded to the cloud computing network, a device to be the primary device. The selection of the primary device may be based on various operating criteria, and the network command center component may change the designation of the primary device based on such operating criteria (e.g., if the previously-designated primary device is offline, a different primary device may be designated). As used herein, “on-boarding” refers to or includes a process in which devices that lack a user interface enabling connection to the cloud computing network, learn information about the cloud computing network to accomplish the admission and authentication processes to join the cloud computing network.

[0022] The method 100 may include initiating, using the network command center component, an authentication of the secondary device via a device monitoring and management platform component running on the cloud computing network at 103. As used herein, a device monitoring and management platform refers to or includes a portion of the cloud computing network that provides for monitoring and management of fleets of devices. The device monitoring and management platform component refers to or includes instructions that are executed on the hardware resources of the cloud computing network to perform monitoring and management of the fleet of devices. As discussed with regards to FIG. 3, the primary device may be registered and on-boarded to the cloud computing network via a 1 :1 on-boarding mechanism. This primary device may then be used as a proxy to discover, register, and on-board the secondary device(s). As such, initiation of the authentication of the secondary device via the device monitoring and management platform may be performed using the primary device as a proxy. The cloud computing network may utilize interfaces exposed via the first device's cloud connection to retrieve a cryptographic device identity from the secondary device(s), to exchange the cryptographic device identities for encryption and signing keys in the cloud computing network, and to put the keys on the secondary device(s). As discussed further with regards to FIG. 3 and FIG. 7, the method 100 may configuring the web proxy for the secondary device(s) via the primary device. [0023] Authentication of the secondary device(s) allows the cloud computing network to obtain an authentication token that is used to register and on-board the secondary device(s). This authentication token may be used to configure, register, and retrieve a device claim cryptographic identity for the secondary device(s). In some examples, obtaining the authentication token for the secondary device includes obtaining a device interfacing platform device cryptographic key from the device interfacing platform component.

[0024] The device claim cryptographic identity may then be used to complete the registration and on-boarding process for the secondary device(s). Accordingly, the method 100 further includes registering, by the device monitoring and management platform component, the secondary device with a device interfacing platform component running on the cloud computing network, using a primary device which is already on-boarded to the network at 105.

[0025] In various examples, the device interfacing component may be part of a device interfacing platform implemented on the cloud computing network, the device monitoring and management platform component may be part of a device monitoring and management platform implemented on the cloud computing network, and the device interfacing platform may be different than the device monitoring and management platform. Specifically, the device interfacing platform includes a device interfacing platform component, which includes instructions that are executed on the hardware resources of the cloud computing network.

[0026] In some examples, registering the secondary device with the device interfacing platform component includes registering the primary device as an onboarding proxy using the primary device. The cloud computing network may utilize interfaces exposed via the first device's network connection to retrieve a cryptographic device identity from the secondary device(s), exchange the identity for encryption and signing keys in the cloud system, and put these keys on the secondary devices. Non-limiting examples of such interfaces on the primary device include device web proxy, cloud registration, and device claiming. In some examples, registering the secondary device with the device interfacing platform component includes obtaining an identity device cryptographic identity for the secondary device using the primary device.

[0027] At 107, the method 100 includes, responsive to the device monitoring and management platform component obtaining an authentication token for the secondary device via the primary device, identifying with the network command center the secondary device as an on-boarded device of the network. In various examples, identifying with the network command center, the secondary device as an on-boarded device of the network may include the network command center component claiming the secondary device via the device monitoring and management platform component. As discussed more thoroughly with regards to FIG. 8, claiming the secondary device via the device monitoring and management platform component may be performed using the primary device as a proxy.

[0028] FIG. 2 illustrates an example apparatus 209 for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure. As illustrated in FIG. 2, the apparatus 209 may include a processor 213, and a computer-readable storage medium 211. The apparatus 209 may perform the method 100 illustrated in FIG. 1.

[0029] The processor 213 may be a central processing unit (CPU), a semiconductor-based microprocessor, and/or other hardware device suitable to control operations of the apparatus 209. Computer-readable storage medium 211 may be an electronic, magnetic, optical, or other physical storage device that contains or stores executable instructions. Thus, computer-readable storage medium 211 may be, for example, Random Access Memory (RAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a storage device, an optical disc, etc. In some examples, the computer-readable storage medium 211 may be a non-transitory storage medium, where the term ‘non- transitory’ does not encompass transitory propagating signals. As described in detail below, the computer-readable storage medium 211 may be encoded with a series of executable instructions 219-225.

[0030] In various examples, the non-transitory computer-readable medium 211 may store instructions that when executed cause the processor 213 to on-board a secondary device in a cloud computing network with a primary device, as discussed with regards to FIG. 1. For instance, the non-transitory computer- readable medium 211 may store instructions 219 that when executed cause the processor 213 to, using a primary device which is already on-boarded to a cloud computing network, identify a secondary device available for on-boarding to the cloud computing network. The first device, which is already on-boarded to the cloud computing network, may support interfaces to discover other devices using various mechanisms. The cloud computing network may configure the discovery mechanisms using the cloud computing network connections of the first device.

[0031] In some examples, the instructions 219 to identify the secondary device include instructions to perform a multicast discovery process. In the multicast discovery process, a discovery packet is sent to several devices at a same time. A discovery packet may be sent to devices via the device monitoring and management platform component, and the secondary devices may respond to the discovery packet.

[0032] In some examples, the instructions 219 to identify the secondary device include instructions to perform a unicast discovery process. In the unicast discovery process, devices have the ability to announce themselves to other devices in the cloud computing network. Using the unicast discovery process, devices in the cloud computing network have the ability to discover devices that work within different subnets.

[0033] The non-transitory computer-readable medium 211 may store instructions 221 that when executed cause the processor 213 to provide to a network command center component running on the cloud computing network, a list of devices available for on-boarding to the cloud computing network including the secondary device. For instance, the list of devices available for onboarding may be provided to a user of the cloud computing network. Responsive to presentation of the list of devices, the user may select a device or a plurality of devices for on-boarding. Put another way, the list of devices discovered via the discovery mechanism(s) may be retrieved by the cloud computing network via the first device's cloud connection. The cloud computing network may show the discovered devices to a user of the cloud computing network. The user can select which device(s) to register and on-board. In some examples, the non-transitory computer-readable medium 211 may store instructions to reflect the results of the device discovery to additional components running on the cloud computing network.

[0034] In some examples, the non-transitory computer-readable medium 211 may store instructions 223 that when executed cause the processor 213 to, responsive to selection of the secondary device for on-boarding to the cloud computing network, obtain an authentication token for the secondary device via the primary device. As discussed with regards to FIG. 1 , the cloud computing network may utilize interfaces exposed via the first device's connection to the cloud computing network to retrieve a cryptographic device identity from the secondary device(s), exchange the identity for encryption and signing keys in the cloud computing network, and put the keys on the secondary device(s). As discussed further with regards to FIG. 3 and FIG. 7, the non-transitory computer-readable medium 211 may store instructions to configure the web proxy for the secondary device(s) via the primary device.

[0035] The non-transitory computer-readable medium 211 may store instructions 225 that when executed cause the processor 213 to, responsive to obtaining the authentication token for the secondary device via the primary device, identify with the network command center the secondary device as an on-boarded device of the network.

[0036] FIG. 3 illustrates a flow diagram of an example method 300 for onboarding of a secondary device in a cloud computing network, in accordance with the present disclosure. The method 300 begins at 302, with a primary device on-boarding to a network command center component.

[0037] At 304, the discovery process is executed. As discussed with regards to FIG. 1 , discovery refers to or includes identifying an additional device or additional devices to on-board to the cloud computing network. Various processes may be used for discovery. A unicast process begins either at 304-1 or at 304-2. During the discovery process 304, an optional configuration process 304-1 may be executed in which a network command center component may configure a device announcement listener on a primary device via the device monitoring and management platform component. Device announcement provides a supported device the capability of “announcing” its presence to another device. This announcement process is handled through common DNS address resolve and dedicated TCP port communication (port 3329). The DAA model alleviates the need for manual intervention, is not chatty, and serves as an efficient device discovery mechanism. By configuring a device announcement listener on the primary device, the primary device serves as an agent to identify the devices announcing their presence.

[0038] At 304-2, the secondary device or devices announce themselves to the primary device via a device announcement protocol. After being configured at 304-1 , the primary device generates an announcement when power cycled, following a cold reset, after being assigned a different IP address and/or for other device specific conditions while on the cloud computing network. Responsive to receipt of the announcement from the primary device, the secondary device or secondary devices announce their presence to the primary device using the device announcement protocol.

[0039] At 304-3, the primary device stores announced devices to a device announcement agent discovered device list. The device announcement agent discovered device list refers to or includes a list of devices that have been discovered via the announcement protocol described above.

[0040] At 304-4, the network command center component retrieves the device announcement agent discovered device list via the device monitoring and management platform component. At 304-5, for each device included in the device announcement agent discovered device list, if the device is not already on-boarded, the network command center component adds the device to the network command center component discovered device list.

[0041] In some examples, a multicast process may be used to discover devices in the cloud computing network. The multicast discovery process begins at either 305-1 or 305-2. At 305-1 , the network command center component initiates an active discovery on the primary device via the device monitoring and management platform component. During the active discovery process, the network command center component performs local discovery to discover any device(s) that are reachable by a network broadcast discovery process by the primary device, such as multicast Domain Name System (mDNS) discovery (e.g., Bonjour discovery, etc.), Web Services Dynamic Discovery (WS- Discovery), or the like. In some examples, the local network for the computing device may include at least one of a LAN, local subnet, collection of local subnets under a single domain name system (DNS), or the like, or a combination thereof, that the primary device is connected to.

[0042] At 305-2 the secondary device(s) respond to the active discovery, and at 305-3 the primary device stores the discovered device(s) to a discovered device list. At 305-4, the network command center component retrieves the discovered device list via the device monitoring and management platform component, and at 305-5, for each device included in the discovered device list, if the device is not already on-boarded, the network command center component adds the device to the network command center component discovered device list.

[0043] The method 300 continues at 306. If there is a new device in the network command center component discovered device list, then at 307 the network command center component notifies a user of the network command center component, that there are newly discovered devices that may be onboarded to the cloud computing network. If there is not a new device or new devices in the network command center component discovered device list, 307 is skipped and the method 300 continues to 308.

[0044] At 310, the method 300 continues with an authentication process. As described with regard to FIG. 1 , the secondary device(s) may be authenticated via the primary device. To authenticate the secondary device(s), a handshake occurs between the cloud computing network, the primary device, and the secondary device to obtain a cryptographic identity for the secondary device. To authenticate the secondary device(s) the method 300 continues at 310-1 with the network command center component user selecting a device or a plurality of devices to on-board from the network command center component discovered devices. At 310-2, responsive to selection of a secondary device or secondary devices to on-board, the network command center component initiates onboarding of the selected device(s) via the device monitoring and management platform component. At 310-3, the device monitoring and management platform component registers the secondary device(s) with the device interfacing platform component as an on-boarding proxy via the primary device. At 310-4, the device monitoring and management platform component obtains an authentication token for the secondary device(s) via the primary device.

[0045] The method 300 continues at 311 , with the registration of the secondary device(s). At 311-1 , the method 300 includes the device monitoring and management platform component configuring the web proxy for the secondary device(s) via the primary device. At 311-2, the method 300 includes the device monitoring and management platform component initiating the secondary device(s) to register with the device interfacing platform component via the primary device, and at 311-3, the method 300 includes the device monitoring and management platform component waiting for the secondary device(s) to register with the device interfacing platform component via the primary device or the device interfacing platform component.

[0046] On-boarding of the secondary device(s) concludes with claiming of the secondary device(s) at 312. At 312-1 , the method 300 includes the device monitoring and management platform component retrieving a device claim cryptographic identify from the secondary device(s) via the primary device. The network command center component then retrieves the device claim cryptographic identify from the device monitoring and management platform component at 312-2. At 312-3, the method 300 concludes with the device monitoring and management platform component claiming the secondary device(s) as on-boarded devices via the device monitoring and management platform component.

[0047] FIG. 4 illustrates a sequence diagram illustrating an example method for configuring a device announcement listener, in accordance with the present disclosure. Configuration of the device announcement listener is also illustrated at 304-1 in FIG. 3. In the sequence diagram illustrated in FIG. 4, various components of the cloud computing network are illustrated as vertical boxes, and the sequence of communications between these components are illustrated by boxes and arrows. The components illustrated include a user 414-1 of the network command center component, the network command center component 414-2, an operating system component 414-3, the device monitoring and management platform component 414-4, and device firmware 414-5.

[0048] At 415-1 , the user 414-1 selects via a network command center component user interface, an option to configure on-boarding. At 415-2, the network command center component sends a command to the device registry 414-7 of the operating system component 414-3, to get the list of devices available for on-boarding. At 415-3, the device registry 414-7 responds to the network command center component 414-2 with the list of devices available for on-boarding. At 415-4, the network command center component 414-2 provides a display for the user 414-1 including the list of devices available for onboarding. At 415-5, a selection of a device or a plurality of devices selected by the user 414-1 is provided to the network command center component 414-2.

[0049] The process continues at 415-6 with the network command center component 414-2 providing to the user 414-1 with device announcement listener settings. As discussed with regards to FIG. 3, by configuring a device announcement listener on the primary device, the primary device may serve as an agent to identify the devices announcing their presence. At 415-7, the user 414-1 may provide device announcement listener settings to the network command center component 414-2. At 415-8 the device announcement listener configurations may be provided by the network command center component 414-2 to the device management component 414-8 of the operating system component 414-3. At 415-9, the device management component 414-8 of the operating system component 414-3 may provide the device announcement listener configurations to the device monitoring and management platform component 414-4. At 415-10, the device monitoring and management platform component 414-4 provides the device announcement listener configurations to the primary device 414-9 on the device firmware 414-5. At 415-11 , the primary device 414-9 responds to the device monitoring and management platform component 414-4 with acknowledgement of the device announcement listener configurations. At 415-12, the device monitoring and management platform component 414-4 provides the acknowledgement to the device management component 414-8 of the operating system component 414-3. At 415-13, the device management component 414-8 of the operating system component 414- 3 may provide the acknowledgement to the network command center component 414-2, and at 415-14, a notification is provided to the user 414-1 that the device announcement listener has been configured.

[0050] FIG. 5 illustrates a sequence diagram illustrating an example method for discovering devices for onboarding, in accordance with the present disclosure. The device discovery process is generally described at 304 in FIG. 3. In the sequence diagram illustrated in FIG. 5, various components of the cloud computing network are illustrated as vertical boxes, and the sequence of communications between these components are illustrated by boxes and arrows. The components illustrated include a user 514-1 of the network command center component, the network command center component 514-2, an operating system component 514-3, the device monitoring and management platform component 514-4, a domain name system (DNS) 514-6, and the device firmware 514-5.

[0051] At 516-1 , the network command center component 514-2 may send to the device management component 514-8 of the operating system component 514-3, a command to discover devices via a multicast process. At 516-2 the device management component 514-8 of the operating system component 514- 3 may send to the device monitoring and management platform component 514- 4, the command to discover devices via a multicast process. At 516-3, the device monitoring and management platform component 514-4 may send to the primary device 514-9 on the device firmware 514-5, the command to discover devices via a multicast process. At 516-4, the primary device 514-9 responds to the device monitoring and management platform component 514-4 with a discovery status link, and at 516-5, the device monitoring and management platform component 514-4 provides to the device management component 514-8 of the operating system component 514-3 with a status uniform resource locator (URL). At 516-6, the device management component 514-8 of the operating system component 514-3 may provide to the network command center component 514-2, the status URL.

[0052] The process continues at 516-7 with the primary device 514-9 sending to the secondary device 514-10, a packet according to the multicast discovery protocol. At 516-8, the secondary device 514-10 responds to the primary device 514-9 with a unicast packet including information about the secondary device 514-10. If the unicast packet received at 516-8 does not include identity information for the secondary device 514-10, then the primary device 514-9 sends a request 516-9 to the secondary device 514-10 for identity information including the product number, model name, IP address, serial number, hostname, universal unique identifier (UUID) for the secondary device 514-10. At 516-10, the secondary device 514-10 responds to the primary device 514-9 with the requested identity information. If, however, the unicast packet received at 516-8 includes the identity information for the secondary device 514-10, then 516-9 and 516-10 are skipped and the process continues at 516-11.

[0053] At 516-11 , the primary device 514-9 adds the discovered device (e.g., the secondary device 514-10) to the discovered device list. At 516-12, the device monitoring and management platform component 514-4 sends a request to the primary device 514-9 requesting the discovered device list, and at 516-13, the primary device 514-9 responds with the discovered device list. At 516-14, the device monitoring and management platform component 514-4 stores the discovered device list.

[0054] The discovery process continues at 516-15 with the device management component 514-8 of the operating system component 514-3 requesting the discovered device list from the device monitoring and management platform component 514-4. The device monitoring and management platform component 514-4 responds to the device management component 514-8 of the operating system component 514-3 at 516-16 with the discovered device list. At 516-17, the device management component 514-8 of the operating system component 514-3 sends to the device registry component 514-7 of the operating system component 514-3, the discovered device list. [0055] The discovered device list may be updated, beginning with 516-18. At

516-18, the device registry component 514-7 of the operating system component 514-3 performs a lookup to identify if the secondary device (e.g., 514-10) is in the discovered device list. If the secondary device 514-10 is not in the discovered device list, then at 516-19 the device registry component 514-7 of the operating system component 514-3 adds the secondary device 514-10 to the discovered device list. If the secondary device 514-10 is added to the discovered device list, then at 516-20 the device registry component 514-7 of the operating system component 514-3 sends a message to the network command center component 514-2 indicating that a new device was added to the discovered device list. At 516-21 the network command center component 514-2 responds to the device registry component 514-7 of the operating system component 514-3 with a message acknowledging that a new device has been added to the discovered device list, and at 516-22, the network command center component 514-2 sends a message (such as via email) to the user 514-1 indicating that a new device has been added to the discovered device list.

[0056] If the unicast discovery process is performed, the process begins at

517-1 with the secondary device 514-10 sending to the DNS server 514-6, a request to resolve the IP address, and the DNS server 514-6 responding to the secondary device 514-10 with the requested IP address at 517-2. The unicast discovery process continues at 517-3 with the secondary device 514-10 sending to the primary device 514-9, a device announcement message. At 517-3, the primary device 514-9 responds to the secondary device 514-10 with an acknowledgement of the device announcement message. If the device announcement message does not contain identity information for the secondary device 514-10, then the primary device 514-9 sends a request 517-5 to the secondary device 514-10 for identity information including the product number, model name, IP address, serial number, hostname, UIIID for the secondary device 514-10. At 517-6, the secondary device 514-10 responds to the primary device 514-9 with the requested identity information. If, however, the device announcement message received at 517-3 includes the identity information for the secondary device 514-10, then 517-5 and 517-6 are skipped and the process continues at 517-7. Methods for unicast device discovery are not limited to those discussed herein, and additional discovery mechanisms like IP range walk, specified IP or hostname lookup, Bonjour, service location protocol (SLP), etc. may be used for unicast device discovery.

[0057] At 517-7, the primary device 514-9 adds the discovered device (e.g., the secondary device 514-10) to the discovered device list. At 517-8, the device management component 514-8 of the operating system component 514-3 device monitoring and management platform component 514-4 sends a request to the device monitoring and management platform component 514-4 requesting the device announcement agent discovered device list. At 517-9, the device monitoring and management platform component 514-4 sends a request to the primary device 514-9 requesting the device announcement agent discovered device list. At 517-10, the primary device 514-9 responds to the device monitoring and management platform component 514-4 with the device announcement agent discovered device list. At 517-11 , the device monitoring and management platform component 514-4 sends the device announcement agent discovered device list to the device management component 514-8 of the operating system component 514-3. At 517-12, the device management component 514-8 of the operating system component 514-3 sends the device announcement agent discovered device list to the device registry component 514-7 of the operating system component 514-3.

[0058] The discovered device list may be updated, beginning with 517-13. At 517-13, the device registry component 514-7 of the operating system component 514-3 performs a lookup to identify if the secondary device (e.g., 514-10) is in the discovered device list. If the secondary device 514-10 is not in the discovered device list, then at 517-14 the device registry component 514-7 of the operating system component 514-3 adds the secondary device 514-10 to the discovered device list. If the secondary device 514-10 is added to the discovered device list, then at 517-15 the device registry component 514-7 of the operating system component 514-3 sends a message to the network command center component 514-2 indicating that a new device was added to the discovered device list. At 517-16 the network command center component 514-2 responds to the device registry component 514-7 of the operating system component 514-3 with a message acknowledging that a new device has been added to the discovered device list, and at 517-17, the network command center component 514-2 sends a message (such as via email) to the user 514-1 indicating that a new device has been added to the discovered device list.

[0059] FIG. 6 illustrates a sequence diagram illustrating an example method for authenticating a secondary device, in accordance with the present disclosure. The method of authenticating the secondary device is illustrated generally at 310 in FIG. 3. In the sequence diagram illustrated in FIG. 6, various components of the cloud computing network are illustrated as vertical boxes, and the sequence of communications between these components are illustrated by boxes and arrows. The components illustrated include a user 614-1 of the network command center component, the network command center component 614-2, an operating system component 614-3, the device monitoring and management platform component 614-4, a device interfacing platform component 614-11 , and the device firmware 614-5.

[0060] The process begins at 618-1 with the user 614-1 requesting to onboard secondary devices to the cloud computing network. At 618-1 , a request is sent to the network command center component 614-2 for the discovered device list. At 618-2 the network command center component 614-2 sends to the device registry component 614-7 of the operating system component 614-3, a request to retrieve the discovered device list. At 618-3, the device registry component 614-7 of the operating system component 614-3 responds to the network command center component 614-2 with the discovered device list. At 618-4, the network command center component 614-2 sends to the user interface of the user 614-1 , the discovered device list. At 618-5, a user selection of a device or plurality of devices to on-board are sent to the network command center component 614-2.

[0061] Next, a request is sent to the device monitoring and management platform component to on-board the selected device. During this process, a request is sent from the network command center component 614-2 to the device management component 614-8 of the operating system component 614-3 to on-board a device at 618-6. At 618-7, the device management component 614-8 of the operating system component 614-3 sends a request to the device monitoring and management platform component 614-4 to register the secondary device to the device interfacing platform component 614-11 and return a device claim cryptographic identity.

[0062] Next, the secondary device is registered with the device interfacing platform component 614-11. The registration process begins at 618-8 with the device monitoring and management platform component 614-4 sending a request to the primary device 614-9, a request for proxy endpoint information from the primary device 614-9. The proxy endpoint information may include the IP address of the device being proxied, an identification of the HTTP operation to proxy, the URL to proxy, headers to proxy, and a payload to proxy. At 618-9, the primary device 614-9 sends a request to the secondary device 614-10 to determine if the secondary device 614-10 is registered with the device interfacing platform component 614-11 or not. At 618-10, the secondary device 614-10 responds to the primary device 614-9 with an indication of whether the device is registered with the device interfacing platform component 614-11 or not. At 618-11 , the primary device 614-9 responds to the device monitoring and management platform component 614-4 with an indication of whether the device is registered with the device interfacing platform component 614-11 or not. If the device is not registered with the device interfacing platform component 614-11 , the process illustrated in FIG. 7 is performed. If the device is registered with the device interfacing platform component 614-11 , then the authentication process continues.

[0063] At 618-12, the process continues with the device monitoring and management platform component 614-4 sending a request to the primary device 614-9, for proxy endpoint information from the primary device 614-9. At 618-13, the primary device 614-9 sends a request to the secondary device 614-10 for the device cryptographic identity for the secondary device 614-10. At 618-14, the secondary device 614-10 responds to the primary device 614-9 with the device cryptographic identity for the secondary device 614-10. At 618-15, the primary device 614-9 sends to the device monitoring and management platform component 614-4, the device cryptographic identity for the secondary device 614-10.

[0064] Once device cryptographic identity for the secondary device 614-10 is obtained, the device identity may be exchanged for encryption and signing keys in the cloud computing network. As such, at 618-16, the device monitoring and management platform component 614-4 may send the device cryptographic identity for the secondary device 614-10 to the device interfacing platform component 614-11 , with a request for encryption and signing keys from the device interfacing platform component 614-11. At 618-17, the device interfacing platform component 614-11 may respond to the device monitoring and management platform component 614-4 with encryption and signing keys for the secondary device.

[0065] Next, the encryption and signing keys are shared with the secondary device 614-10. To that end, at 618-18, the device monitoring and management platform component 614-4 sends a message to the primary device 614-9 including the encryption and signing keys for the secondary device 614-10. At 618-19, the primary device 614-9 sends the encryption and signing keys for the secondary device 614-10 to the secondary device 614-10. At 618-20, the secondary device 614-10 saves the encryption and signing keys, and at 618-21 the secondary device 614-10 sets the cloud clock. At 618-22, the secondary device 614-10 sends a message to the primary device 614-9 indicating that the encryption and signing keys have been saved, and at 618-23, the primary device 614-9 in turn sends a message to the device monitoring and management platform component 614-4 indicating that the encryption and signing keys have been saved.

[0066] Once the encryption and signing keys have been saved by the secondary device 614-01 , the process continues with obtaining an authentication token. At 618-24 the device monitoring and management platform component 614-4 sends a request to the device interfacing platform component 614-11 to get an authentication token. At 618-25, the device interfacing platform component 614-11 responds to the device monitoring and management platform component 614-4 with the authentication token. At 618-26, the device monitoring and management platform component 614-4 sends the authentication token to the primary device 614-9, and at 618-27, the primary device 614-9 sends the authentication token to the secondary device 614-10. At 618-28, the secondary device 614-10 exchanges the authentication token for a second token. The token issued from the device interfacing platform component 614-11 may be verified by the secondary device 614-10 as originating from the device interfacing platform component 614-11 using the encryption and signing key (saved to the secondary device 614-10 at step 618- 20. Then the secondary device 614-10 exchanges the authentication token (e.g., received from the primary device 614-9 at step 618-27) for a token issued by the secondary device 614-10 with the encryption and signing keys. The token issued by the secondary device may be used by subsequent calls that require authentication (web proxy configuration, initiating registration, and retrieving device claim identity). Then at 618-29, the second token is sent from the second device 614-10 to the primary device 614-9. Finally, the second token is sent from the primary device 614-9 to the device monitoring and management platform component at 618-30.

[0067] FIG. 7 illustrates a sequence diagram illustrating an example method for registering a device to the device interfacing platform component, in accordance with the present disclosure. The registration process is generally illustrated at 311 in FIG. 3. In the sequence diagram illustrated in FIG. 7, various components of the cloud computing network are illustrated as vertical boxes, and the sequence of communications between these components are illustrated by boxes and arrows. The components illustrated include a user 714-1 of the network command center component, the network command center component 714-2, an operating system component 714-3, the device monitoring and management platform component 714-4, the device interfacing platform component 714-11 , and the device firmware 714-5.

[0068] Registration of the secondary device with the device interfacing platform component begins at 719-1. At 719-1 , the device monitoring and management platform component 714-4 sends a request to the primary device 714-9 to set the primary device’s web proxy configuration on the secondary device 714-10. At 719-2, the primary device 714-9 retrieves the web proxy configuration. At 719-3, the primary device 714-9 sends to the secondary device 714-10, the web proxy configuration for the secondary device 714-10. At 719-4, the secondary device 714-10 sends a message to the primary device 714-9 indicating that the web proxy configuration has been set. At 719-5, the primary device 714-9 sends a message to the device monitoring and management platform component 714-4 indicating that the web proxy configuration has been set.

[0069] The process continues at 719-6 with the device monitoring and management platform component 714-4 sending proxy endpoint information to the primary device 714-9. The proxy endpoint information may include the IP address of the device being proxied, the HTTP operation to proxy, a URL to proxy, headers to proxy, and a payload to proxy. At 719-7, the primary device 714-9 sends a message to the secondary device 714-10 to initiate device registration with the device interfacing platform component 714-11 . At 719-8, the secondary device 714-10 sends a message to the primary device 714-9 acknowledging the instructions to initiate device registration with the device interfacing platform component 714-11. At 719-9, the primary device 714-9 sends a message to the device monitoring and management platform component 714-4 acknowledging the instructions to initiate device registration with the device interfacing platform component 714-11.

[0070] At 719-10, the process continues with the secondary device 714-10 sending to the registration component 714-12 of the device interfacing platform component 714-11 , a request for entity configurations. At 719-11 , the registration component 714-12 of the device interfacing platform component 714-11 sends to the secondary device 714-10, the entity configurations. At 719-12, the secondary device 714-10 sends to the connectivity component 714-13 of the device interfacing platform component 714-11 , a request for connectivity configurations. At 719-13, the connectivity component of the device interfacing platform component 714-11 sends to the secondary device 714-10 the connectivity configurations. At 719-14, the secondary device 714-10 sends to the device configuration component 714-14 of the device interfacing platform component 714-11 , a request for device configurations. At 719-15, the device configuration component 714-14 of the device interfacing platform component 714-11 sends to the secondary device 714-10, the device configurations. At 719-16, the secondary device 714-10 sends to the signal component 714-15 of the device interfacing platform component 714-11 , a request for device configurations. At 719-17, the signal component 714-15 of the device interfacing platform component 714-11 sends to the secondary device 714-10, the cloud signals. At 719-18, the secondary device 714-10 sets the cloud clock as a delta between the system clock and the date time in the cloud signals.

[0071] If interleaved requests are received for multiple other devices to be enabled by the same primary device 714-9, then the process proceeds at 719-19. At 719-19, the device monitoring and management platform component 714-4 sends a request to the primary device 714-9 to identify if each respective secondary device is registered with the device interfacing platform component 714-11. At 719-20, the primary device 714-9 sends to each respective secondary device (e.g., 714-10) an inquiry if the secondary device is registered with the device interfacing platform component 714-11 or not. At 719-21 , each respective secondary device responds to the primary device 714-9 with an indication as to whether the device is registered with the device interfacing platform component 714-11. At 719-22, the primary device 714-9 sends a message to the device monitoring and management platform component 714-4 with an indication as to whether the secondary device(s) is registered with the device interfacing platform component 714-11. Next, at 719-23, the device monitoring and management platform component 714-4 sends a request to the device status component 714-16 of the device interfacing platform component 714-11 , to determine if the secondary device is online with the device interfacing platform component 714-11 or not. At 719-24, the device status component 714-16 of the device interfacing platform component 714-11 sends to the device monitoring and management platform component 714-4, a connection state for the secondary device and a timestamp associated with that connection state. At 719-25, if the connection state for the secondary device indicates that the secondary device is online, then the device registration is indicated as “true”, and at 719-26, the registration component 714-12 of the device interfacing component 714-11 sends a message to the device monitoring and management platform component 714-4 indicating that the secondary device is registered with the device interfacing component 714-11.

[0072] FIG. 8 illustrates a sequence diagram illustrating an example method for claiming a device to the network command center component, in accordance with the present disclosure. The device claiming process is illustrated generally at 312 in FIG. 3. In the sequence diagram illustrated in FIG. 8, various components of the cloud computing network are illustrated as vertical boxes, and the sequence of communications between these components are illustrated by boxes and arrows. The components illustrated include a user 814-1 of the network command center component, the network command center component 814-2, an operating system component 814-3, the device monitoring and management platform component 814-4, and the device firmware 814-5.

[0073] The device claiming process begins at 820-1 with the device monitoring and management platform component 814-4 sending a request to the primary device 814-9 for proxy information. The proxy information may include the IP address of the device being proxied, an identification of the HTTP operation to proxy, the URL to proxy, headers to proxy, and a payload to proxy. At 820-2, the primary device 814-9 sends to the secondary device 814-10, a request for a device claim cryptographic identity. At 820-3, the secondary device 814-10 sends to the primary device 814-9, the device claim cryptographic identity. At 820-4, the primary device 814-9 sends to the device monitoring and management platform component 814-4, the device claim cryptographic identity. At 820-5, the device monitoring and management platform component 814-4 stores the device claim cryptographic identity. At 820-6, the device management component 814-8 of the operating system component 814-3 sends to the device monitoring and management platform component 814-4, a request to check the status URL and retrieve the device claim cryptographic identity. At 820-7, the device claim cryptographic identity 814-4 responds to the device management component 814-8 of the operating system component 814-3, with the device claim cryptographic identity. At 820-8, the device management component 814-8 of the operating system component 814-3 sends a message to the device registry component 814-7 of the operating system component 814-3 with a request to claim the secondary device from the device interfacing platform component. At 820-9, the device registry component 814-7 of the operating system component 814-3 sends a request to the device monitoring and management platform component 814-4 with the device claim cryptographic identity, and at 820-10, the device monitoring and management platform component 814-4 responds to the device registry component 814-7 of the operating system component 814-3 acknowledging receipt of the device claim cryptographic identity. At 820-11 , the device registry component 814-7 of the operating system component 814-3 sends a message to the device management component 814-8 of the operating system component 814-3 acknowledging receipt of the device claim cryptographic identity. At 820-12, the device registry component 814-7 of the operating system component 814-3 sends a message to the network command center component 814-2 indicating that the secondary device has been on-boarded, and at 820-13, the network command center component 814-2 sends a message to the user 814-1 (such as via email) indicating that the secondary device(s) is on-boarded.

[0074] FIG. 9 illustrates an example apparatus 909 for on-boarding of a secondary device in a cloud computing network, in accordance with the present disclosure. In general, the apparatus 909 shown in FIG. 9 may include various components that are the same and/or substantially similar to the apparatus 209 shown in FIG. 2, which was described in greater detail above. As such, for brevity and ease of description, various details relating to certain components in the apparatus 909 shown in FIG. 9 may be omitted herein to the extent that the same or similar details have already been provided above in relation to the apparatus 209 illustrated in FIG. 2.

[0075] As illustrated FIG. 9, the non-transitory computer-readable medium 911 may store instructions that when executed cause the processor 913 to identify a secondary device available for on-boarding to a cloud computing network, via a primary device which is on-boarded to a cloud computing network. [0076] As illustrated, the non-transitory computer-readable medium 911 may store instructions 929 that when executed cause the processor 913 to obtain an authentication token for the secondary device via the primary device, responsive to selection of the secondary device for on-boarding to the cloud computing network.

[0077] In some examples, the instructions 929 to obtain the authentication token for the secondary device include instructions to retrieve a cryptographic device identity from the secondary device, using the primary device, exchange the cryptographic device identity from the secondary device for encryption and signing keys in the cloud computing network, and save the encryption and signing keys on the secondary device.

[0078] The non-transitory computer-readable medium 911 may store instructions 931 that when executed cause the processor 913 to register the secondary device with a device interfacing platform component running on the cloud computing network, using the primary device.

[0079] In some examples, the non-transitory computer-readable medium 911 may store instructions 933 that when executed cause the processor 913 to, responsive to obtaining the authentication token for the secondary device via the primary device, identify the secondary device as an on-boarded device of the network.

[0080] In some examples, the instructions 933 to identify the secondary device as an on-boarded device of the network include instructions to use the authentication token to retrieve a device claim cryptographic identity from the secondary device via the primary device. For instance, the instructions to identify the secondary device as an on-boarded device of the network may include instructions to claim the secondary device as an on-boarded device responsive to retrieval of the claim device cryptographic identity from the secondary device.

[0081] In some examples, the non-transitory computer-readable medium 911 may store instructions that when executed cause the processor 913 to, select the primary device from a plurality of devices on-boarded to the cloud computing network. [0082] In some examples, the non-transitory computer-readable medium 911 may store instructions that when executed cause the processor 913 to configure a device announcement listener on the primary device.

[0083] Although specific examples have been illustrated and described herein, a variety of alternate and/or equivalent implementations may be substituted for the specific examples shown and described without departing from the scope of the present disclosure. This application is intended to cover any adaptations or variations of the specific examples discussed herein. Therefore, it is intended that this disclosure be limited only by the claims and the equivalents thereof.