DOM Agent Security Details

A small agent application, and server certificates, will be installed on the device. The agent establishes a TLS 1.2 protected WebSocket connection to the DOM server. The agent verifies the TLS certificate of the server, and requests the server to enroll its device unique certificate and credentials.

When the device is allowed trough the DOMs Inbox, it is allowed to maintain a persistent connection used for transporting telemetry, configuration, commands, and other data to support the features of DOM.