A method of securing data transport between an endpoint device, without an IP address and connected to a gateway device, and a connected service using a discovery agent, a discovery service, and an enrollment service. The method includes: sending to the discovery service on the gateway device, an authenticated identity beacon with a device profile of the endpoint device; verifying authentication of the endpoint device and the device profile and generating a certificate request for the endpoint device; processing, by the enrollment service, the certificate request for the endpoint device to translate the certificate request for a certificate authority and receiving a certificate for the endpoint device issued by the certificate authority; processing the received certificate for the endpoint device to translate the received certificate for the endpoint device to represent a privacy certificate authority; and performing cryptographic operations on data using the certificate for the endpoint device.