A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network. The remote, private, and secure network might be organization's in-house network or a cloud service. A Secure End Node solves/mitigates End Node Problem. This typically involves strong authentication of the computer's hardware and software plus strong user authentication. In the future, the device-user's environment (location, activity, other people, etc.) by means of its trusted sensors (camera, microphone, GPS, radio, etc.) could provide authenication (or cause for denial). The level of trust required and the probable threat dictate how far down into the computer, user, and environment trust must reach.
The common, but expensive, technique is for the network owner to issue known, trusted, unchangeable hardware to users. For example and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoD Software Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persitent, remote client that boots over the network.[1]
A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing) and higher software. An implementation of this is a Linux Live CD that creates a stateless, non-persistent client, for example Lightweight Portable Security.[2][3][4][5] A similar system could boot a computer from a flashdrive[6][7] or be an immutable operating system within a smartphone or tablet.