Contemporary enterprises have many managed devices, e.g., computing machines. Each such device needs to be securely provisioned with various data and the like (e.g. a trust relationship, policy settings, and certificates), referred to as state information, or simply states, so that the device can join with and be securely managed from a centralized authority. For example, if the centralized authority is a domain controller (e.g. based upon Active Directory®), a managed device needs the appropriate states to join and be part of the domain.
Securely establishing states of arbitrary type between a managed device and a centralized authority heretofore depended on secure network connectivity between the managed device and the central authority at the time such states are established, e.g., the device needed to be coupled directly to the private enterprise network corresponding to the central authority. Further, the managed device needed to be running (booted).
This causes problems, in part because securely establishing states of arbitrary type for large sets of managed devices generates a heavy load on the centralized authority. Further, securely establishing such states is also prone to failures due to transient network states.