CN115037495A

CN115037495A - Tracking activity of an endpoint having a secure memory device during authentication for secure operations

Info

Publication number: CN115037495A
Application number: CN202210199645.7A
Authority: CN
Inventors: J·C·夏纳; L·W·多弗; O·杜瓦尔
Original assignee: Micron Technology Inc
Current assignee: Micron Technology Inc
Priority date: 2021-03-03
Filing date: 2022-03-02
Publication date: 2022-09-09

Abstract

The present disclosure relates to tracking activity of an endpoint having a secure memory device for secure operations during authentication. The security server is configured to perform security operations based on activity data of an endpoint during authentication of the endpoint. For example, the server system stores data representing the preferences of the endpoints. After receiving a verification request containing identity data generated by a memory device configured in the endpoint, the server system may verify the identity data based at least in part on a secret of the memory device. If the identity data is valid, the server system may further determine whether an activity identified by the identity data and/or the authentication request satisfies a condition specified for the endpoint. If so, the server system may perform a security operation associated with the condition when providing an authentication response in response to the authentication request.

Description

Tracking activity of an endpoint having a secure memory device during authentication for secure operations

RELATED APPLICATIONS

The present application claims benefit of the filing date of provisional united states patent application No. 63/105,820, filed on 26.10.2020 and entitled "Virtual Subscriber Identity Module and Virtual Smart Card" (wherein the present application further claims the benefit of tracking the activity of Endpoints with Secure Memory Devices for Secure operation during authentication at 3.3.2021 (63/156,238 provisional united states patent application entitled "authentication of Secure access Devices for Secure Identification purposes"), the entire disclosure of which is hereby incorporated by reference herein.

This application is related to U.S. patent application No. 17/005,565 entitled Secure Memory System Programming for Host Device Verification, filed on 28.8.2020, which claims the benefit of the filing date of the following applications: provisional united states patent application No. 63/059,617 filed on 31/7/2020; U.S. patent application 17/080,684 entitled "Endpoint Authentication based on Binding of Multiple Components on Start Time" filed 26/10/2020; us patent application No. 16/374,905, entitled "login Software on Secure Device to Generate Device Identities for Authentication with Remote server" filed on 4/2019 and published as us patent application publication No. 2020/0322134/10/8/2020; and U.S. patent application No. 17/014,203 entitled Customer-Specific Activation of a function in a Semiconductor Device, filed on 8.9.2020, the entire disclosure of which is hereby incorporated by reference herein.

Technical Field

At least some embodiments disclosed herein relate generally to authentication, and more particularly, but not exclusively, to authentication of communication endpoints in a network having secure memory devices.

Background

The memory subsystem may include one or more memory devices that store data. The memory devices may be, for example, non-volatile memory devices and volatile memory devices. In general, a host system may utilize a memory subsystem to store data at and retrieve data from a memory device.

Standards for device identity synthesis engine (DICE) and robust internet of things (RIoT) have been developed for data computation based on cryptographic computation for computing device identification and authentication.

Disclosure of Invention

In one aspect, the present disclosure is directed to a method comprising: storing, in a server system, data representing one or more preferences of an endpoint; receiving, in the server system, an authentication request containing identity data generated by a memory device configured in the endpoint; verifying, by the server system, the identity data based at least in part on the secret of the memory device and at least a portion of the content stored in the memory device; and in response to determining that the identity data is valid, determining that an activity associated with the identity data satisfies a condition specified for the endpoint; and performing a security operation associated with the condition upon providing an authentication response in response to the authentication request.

In another aspect, the present disclosure is directed to a computing system comprising: a memory storing an encryption key of a memory device; and at least one processor configured, via a set of instructions, to: receiving an authentication request containing identity data generated by a memory device configured in an endpoint; and in response to the authentication request, determining that the identity data is valid based at least in part on a secret of the memory device; determining that an activity identified via the authentication request satisfies a condition specified for the endpoint; and upon providing an authentication response in response to the authentication request, performing a security operation associated with the condition.

In yet another aspect, the present disclosure is directed to a non-transitory computer storage medium storing instructions that, when executed by a server system, cause the server system to perform a method comprising: receiving an authentication request containing identity data generated by a memory device configured in an endpoint; and determining, in response to the authentication request, that the identity data is valid based at least in part on a secret of the memory device; determining that an activity identified via the authentication request satisfies a condition specified for the endpoint; and upon providing an authentication response in response to the authentication request, performing a security operation associated with the condition.

Drawings

Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.

FIG. 1 illustrates an example computing system in accordance with some embodiments of the present disclosure.

FIG. 2 illustrates generation of identity data in an integrated circuit memory device, according to one embodiment.

FIG. 3 illustrates a technique for controlling command execution in a memory device, according to one embodiment.

FIG. 4 illustrates a technique for verifying the integrity of data stored in a memory device, according to one embodiment.

FIG. 5 illustrates a security service of a security server provided to a client server based on security features implemented in a memory device, according to one embodiment.

Figure 6 illustrates a system and method for configuring and authenticating endpoints of a card-based service, according to one embodiment.

FIG. 7 illustrates a card profile of a virtual smart card according to one embodiment.

Fig. 8 illustrates a card profile of a virtual Subscriber Identity Module (SIM) according to one embodiment.

FIG. 9 illustrates a technique for authenticating a memory device, in accordance with one embodiment.

FIG. 10 illustrates a technique for generating commands that control secure operation of a memory device, according to one embodiment.

FIG. 11 illustrates a method of virtualizing a smart card according to one embodiment.

FIG. 12 illustrates a method of security services provided based on security features of a memory device, according to one embodiment.

Figure 13 illustrates a method of logging into an endpoint of a service to which an account is subscribed, according to one embodiment.

FIG. 14 illustrates a technique for endpoint customization using an online firmware store, according to one embodiment.

FIG. 15 illustrates a technique for directing services to endpoints via an online service store, according to one embodiment.

FIG. 16 illustrates a firmware update method using a firmware store and a security server according to one embodiment.

FIG. 17 illustrates an endpoint customization method using a service store and a security server, according to one embodiment.

Figure 18 illustrates a diagram of generating identity data to facilitate monitoring of integrity and/or endpoint activity, according to one embodiment.

Figure 19 illustrates a technique for maintaining the integrity of packets stored in an endpoint according to one embodiment.

FIG. 20 illustrates a system that implements security operations based on tracking endpoint activity, according to one embodiment.

FIG. 21 illustrates a method for updating or repairing packets stored in an endpoint, according to one embodiment.

Fig. 22 illustrates a method for performing a security operation based on one or more activities of an endpoint, according to one embodiment.

Fig. 23 and 24 illustrate a system configured to implement subscription sharing among a set of endpoints, according to one embodiment.

FIG. 25 illustrates a method for facilitating subscription sharing among a set of endpoints, according to one embodiment.

FIG. 26 illustrates a technique for managing endpoint identification, according to one embodiment.

FIG. 27 illustrates a method for managing endpoint identification, according to one embodiment.

FIG. 28 is a block diagram of an example computer system in which embodiments of the present disclosure may operate.

Detailed Description

At least some aspects of the present disclosure relate to a security server and a memory device having a security feature. The security server is configured to provide online security services in a computer network (e.g., the internet) based on the security features of the memory devices. A host system of the memory device may use memory and/or storage functions of the memory device to store instructions and/or data for processing and to store processing results.

In general, the memory subsystem may include storage devices and/or memory modules. A host system may use a memory subsystem that includes one or more components, such as memory devices that store data. The host system may provide data for storage in the memory subsystem and may request data for retrieval from the memory subsystem.

For example, a portion of the data stored in the memory device may be instructions, such as instructions programmed for software, firmware, a boot loader, an operating system, routines, device drivers, application packages, and so forth. The instructions may be stored for a computing device implemented using a host system connected to the memory device.

Another portion of the data stored in the memory device may provide operands or inputs to the instructions as they execute in one or more processing devices of the host system.

Yet another portion of the data stored in the memory device may include results generated from executing the instruction using the input and/or other input stored in the memory device.

Examples of such computing devices include personal computers, mobile computers, tablet computers, personal media players, smart phones, smart TVs, smart speakers, smart appliances, internet of things (IoT) devices, and so forth.

Security features implemented in the memory device may be used for secure communications between the memory device and a security server via a computer network. The communication path between the memory device and the secure server may not be secure. The identity of and/or control access to the memory device may be verified by communication between the security server and the memory device in order to prevent and detect counterfeiting, tampering, hacking and/or unsafe operation.

The combination of the security features of the memory device and the security services of the security server allows parties involved in the use of the memory device and/or computing device having the memory device to trust the authenticity of the computing device and/or memory device and to trust the integrity of data stored in the memory device, such as instructions to be executed in the computing device and the input of instructions.

For example, the security server and memory device may implement a Subscriber Identity Module (SIM) replacement in combination.

SIM cards are commonly used to represent subscriber identities for cellular services in telecommunications networks. When the SIM card is inserted into the cellular telephone, the cellular telephone may access cellular services provided to the subscriber account; and when the SIM card is inserted into the alternate cell phone, the subscriber may use the alternate cell phone to access the cellular service associated with the account.

The need for a physical SIM card can be eliminated when the identity of the memory device installed in the cellular telephone can be securely configured to represent the subscriber identity. The identity of the memory device may be configured and protected via the security features of the memory device and the security services of the security server.

In general, a security server may be deployed on the internet to provide security-related services to third-party computers and servers based on security features built into the memory devices. The security features are built and encapsulated into the memory device. Security features and security services may be used without trust in a secure implementation of a computing device in which the memory device is installed. Thus, the security implementation may be focused on the security features of the memory device and the design of the security server. By simply using a memory device with a security feature, the security of a computing device using the memory device may be improved without requiring much effort by the designer and/or manufacturer of the computing device.

The secure server may provide services to verify the identity and/or authenticity of the device, detect counterfeit and/or tampered devices, track and manage device ownership, facilitate transfer of device ownership/control, facilitate configuration of services for computing devices to access third party servers and/or services networks, and so forth.

The security features of the memory device may be implemented within an Integrated Circuit (IC) package of the memory device during fabrication of the memory device. A memory device may have logic circuits (or controllers) and memory units formed on one or more integrated circuit dies. At least some of the memory cells in the memory device may be non-volatile such that data may be stored in the non-volatile memory cells even if the memory device is powered down for a long period of time (e.g., days, months, or even years). The non-volatile memory of the memory device may be used to store instructions and data for the operation of the host system of the memory cells.

The memory device may have a Unique Device Secret (UDS). The unique device secret may be protected within the memory device such that, after manufacturing of the memory device is completed, the unique device secret is not communicated outside of the memory device and is not readable by the host system via any interface of the memory device.

The presence of the unique device secret in the memory device may be verified by the security server through cryptographic calculations, such as generation of an encryption key, generation of a message hash value using an encryption function, and generation of a message ciphertext encrypted with a message using the encryption key.

Cryptographic computation that encrypts a message using an encryption key involves computation of a ciphertext that represents the message. The message may be efficiently recovered from the ciphertext using the corresponding encryption key by performing a predefined decryption calculation. Recovering a message from a ciphertext is generally not feasible without having a corresponding encryption key for decryption. The difficulty level of recovering the message without knowledge of the corresponding encryption key used for decryption represents the security level of the cryptographic computation. The level of security depends in general on the length of the encryption key used for encryption and the algorithm used for encryption.

When symmetric encryption is used, the encryption key used for decryption and the encryption key used for encryption are the same. When asymmetric encryption is used, the decryption key and the encryption key are different and are generated in pairs. One of the pairs may be used as a private key, and thus as a secret; the other of the pair may be used as a public key. Computing the private key from the public key is generally not feasible. The level of difficulty in recovering the private key from the public key represents the level of security of the asymmetric encryption.

Cryptographic computation that hashes a message maps the message to a hash value representing the message. However, a certain amount of information is lost in the hash calculation, so that the message cannot be recovered from the hash value. Many messages may map to the same hash value. It is generally not feasible to generate a modified version of a message that can hash to the same hash value, particularly when the modified version is similar to the original message.

Cryptographic computation of key generation involves computing an encryption key for symmetric encryption or a pair of encryption keys for asymmetric encryption based on a set of data. The probability of generating the same key or the same key pair without having the same set of data is low. The probability level represents the strength of the cryptographic computation used for key generation.

In general, any cryptographic computation technique for encryption, hashing, and key generation may be used with the memory device and the security server. Accordingly, the present disclosure is not limited to particular encryption, hashing, and/or key generation techniques.

In addition to the unique device secret, the memory device may also store additional data to represent data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed. A portion of the extra data may or may not be kept secret to the memory device. The unique device secret and the additional data may be used to generate a secret encryption key representing an identity of the memory device and/or the computing device.

The logic circuits (or local controllers) of the memory device may implement an encryption engine, an identity engine, and an access controller. The encryption engine of the memory device is configured to perform cryptographic computations (e.g., hashing, encryption/decryption, key generation) within the memory device to support the operation of the identity engine and the access controller. Embodiments of the cryptographic engine in the memory device eliminate the need to rely on an external processor for secure computations of the memory device, and thus improve security by preventing the transfer of secrets out of the memory device and preventing tampering and hacking of the cryptographic computations. Optionally, at least part of the cryptographic computations involved in the security features of the memory device may be implemented via storing instructions in the memory device for execution by a host system of the memory device, while there is a level of trade-off between the security level and complexity of the logic circuits (or local controllers) of the memory device.

The encryption engine of the memory device may be used to apply a cryptographic hash function to a message to generate a hash value, to generate a symmetric encryption key or a pair of asymmetric encryption keys from a set of data, to generate a ciphertext of the message using the encryption key, and/or to recover the message from the ciphertext using the encryption key.

An access controller of the memory device is configured to control execution of commands received in the memory device using the encryption key. For example, permissions may be required to request that the memory device perform commands to read, write, delete, modify, etc., various portions of the non-volatile memory of the memory device. The rights may be represented by a corresponding encryption key. After receiving the permission command in the memory device for execution, the access controller may use the encryption engine to perform the calculation when determining whether the command is from a sender having an encryption key representing the permission. After the calculation indicates that the sender has the encryption key and thus the right, the access controller allows the command to be executed within the memory device. Otherwise, the access controller may reject, ignore, or discard the command. Such access control may prevent unauthorized access to data stored in the memory device, prevent unauthorized changes to the memory device, and prevent tampering and/or hacking of counterfeit and/or unsecure devices that form the memory device.

Generally, verifying whether the sender of the message has the encryption key involves verifying the authentication code of the message. The verification code may be in the form of a hash digest, a digital signature, a hash-based message authentication code (HMAC), a Cryptographic Message Authentication Code (CMAC), and the like. The passcode is generated using an encryption key and the message as input to a hash, encryption, and/or other computational encryption operation, such that generating the passcode without the encryption key and generating the passcode from a modified version of the message is generally not feasible. Thus, when the recipient confirms that the received authentication code is valid for the received message and the encryption key, the recipient can conclude that: the sender has a corresponding encryption key and the received message is the same as the message used to generate the received encryption key.

In some embodiments, the recipient performs the verification of the message authentication code using the same encryption key that was used by the sender to generate the authentication code. For example, the receiving party generates a validation code for the received message using the same encryption key and compares the generated validation code with the received validation code. If there is a match, then the received authentication code is valid for the received message; and the sender may be considered to have an encryption key. Otherwise, the received verification code is invalid to the received message; the received message has changed since the authentication code was generated, or the received authentication code was generated using a different encryption key, or both.

In some embodiments, the recipient performs verification of the message authentication code using a public encryption key of the key pair; and the sender generates the authentication code using the private encryption key of the key pair. For example, the verification code may be generated by applying a hash function to the message to generate a hash value for the message. A ciphertext of the hash value obtained by encrypting the hash value performed using the encryption key may be used as the authentication code. The receiver of the message and the authentication code performs authentication using a corresponding decryption key, which is the same as the encryption key when symmetric encryption is used and the other key of the key pair when asymmetric encryption is used. After recovering the hash value from the ciphertext using the decryption key, the recovered hash value may be compared to the hash value of the received message; if there is a match, then the received authentication code is valid for the received message; otherwise, the received authentication code is invalid for the received message. Alternatively, the receiving party may perform authentication using the encryption key without performing decryption. The recipient may use the encryption key to generate an authentication code for the message to compare with the received authentication code.

In some embodiments, the message and encryption key combination generates a hash value as the verification code, as in a hash-based message authentication code (HMAC) technique. For example, an encryption key may be used to generate both keys. After combining one of the two keys with the message to generate a message modified by the key, a cryptographic hash function may be applied to the key-modified message to generate a hash value, which is further combined with the other key to generate another message. After applying the cryptographic hash function (or another cryptographic hash function) to the other message, a hash-based message authentication code is generated. The message recipient may generate a hash-based message authentication code for the received message using the same encryption key to compare with the received hash-based message authentication code. If there is a match, the verification is successful; otherwise, the verification fails.

In general, any technique for generating and verifying an authentication code for a message from a sender and an encryption key for the sender to use to generate the authentication code may be used to determine whether the sender has an encryption key. The recipient will perform the authentication using an appropriate encryption key, which may be the same encryption key used to generate the authentication code, or in the same asymmetric encryption key pair. Accordingly, the present disclosure is not limited to a particular technique of hash digests, digital signatures, and/or hash-based message authentication codes.

For convenience, a passcode generated using a message whose encryption key is true to represent the message and the encryption key may be collectively referred to as a digital signature of the message signed using the encryption key, but it will be appreciated that the passcode may be generated using various techniques, such as a hash-based message authentication code.

The memory device may be configured to store an associated encryption key for verifying a verification code signed using an encryption key configured to represent a right to request the memory device to execute a command.

For example, the access controller may provide a set of permissions to an owner of the memory device such that the owner may activate or deactivate one or more security features of the memory device, change one or more security settings, parameters, configurations, or preferences of the memory device, and/or read data from a section of the memory device that is not readable by other users of the memory device.

For example, an access controller may provide an authorized user of a memory device with particular rights to read, write, erase, or modify particular sections of the memory device.

When a memory device receives a command that requires access to execute, the access controller may retrieve the corresponding encryption key to verify the authentication code or digital signature of the message containing the command. If the verification of the received authentication code for the received command is successful, the received command is considered to be from the sender of the encryption key having the authority to execute the command in the memory device. In response, the access controller allows execution of the command in the memory device. Otherwise, the access controller prevents execution of the command.

The memory device may be manufactured to be initially owned by the secure server. The security server may then provide and/or transfer some or all of the rights to one or more owners and users in a process from the memory device assembled to the computing device having the memory device used by the end user. The access controller may prevent tampering, hacking, and unauthorized access while providing flexibility to support different modes of rights transfer for different owners and users, such as the manufacturer of the component computing device in which the memory device is installed, the manufacturer of the computing device in which the component computing device is installed, a retailer, an enterprise user, an end user, and an alternate end user, among others.

The identity engine of the memory device is configured to generate data indicative of an identity of the memory device and/or an identity of a computing device on which the memory device is installed. To generate the identity data, the identity engine uses the encryption engine to generate a secret encryption key from the unique device secret and other data stored in and/or collected by the memory device (e.g., during a boot process of the computing device). The presence of a secret encryption key in a memory device may be viewed as proof that the memory device possesses a unique device secret and other data used to generate the secret encryption key. The presence of the secret encryption key in the memory device may be verified by the secure server via a verification code or digital signature signed using the secret encryption key.

During manufacture of the memory device, a copy of the unique device secret is hosted in a secure server and/or securely shared without exposure. The secure server is then configured to derive the same secret encryption key (and/or corresponding public key if asymmetric encryption is used) independent of the memory device, without the memory device having to transfer its unique device secret out of the memory device. Thus, the security server can verify that the memory device has a unique device secret by verifying that the memory device has the secret encryption key; and the secret encryption key that is the identity of the memory device may be changed in the process that the memory device is integrated into the component, device, system and transferred among the manufacturer, retailer, distributor, company and/or end user. The memory device entity represented by the secret encryption key may be updated to represent that the memory device is assembled into a component, device, system, customized and/or personalized and/or owned and/or operated by a different entity or user without changing the unique device secret.

Encryption operations and communications may be performed to allow the security server to verify that the memory device has a secret encryption key.

For example, identity data presented by a memory device for verification may include a message showing a public identification of the memory device. Common identification may be used to distinguish memory devices from other memory devices. The identity data may comprise a verification code or digital signature of the message in the identity data signed using the secret cryptographic key. The identity data comprises a copy of the message and a verification code or digital signature. Once the authentication code and message data are authenticated by the security server, the security server can conclude that: the public identification provided in the identity data is authentic and the identity data is from a memory device having a secret encryption key.

The secret encryption key of the memory device may be generated using not only the unique device secret of the memory device but also additional data representing some aspect of the memory device and/or the computing device in which the memory device is installed. The additional data may represent software, firmware, boot loaders, applications, trace data stored in a memory device, identifiers of components of the computing device in the computing device at a most recent boot time of the computing device. If the additional data has changed, the identity engine generates a changed secret encryption key. Therefore, the authentication code generated using the changed secret encryption key cannot pass the authentication performed at the secure server. Thus, verification of the verification code generated by the identity engine also verifies the integrity and authenticity of the hardware/software/data composition of the memory device and the computing device in which the memory device is installed.

Verification of the identity of the memory device and/or its host system can detect counterfeiting, tampering, and stolen/lost devices. Based on a request from the owner, the security server can configure the stolen/lost device to operate in one of several degraded modes, such as non-bootable, non-readable, encrypting/erasing data in non-volatile memory, self-destruction of the memory/storage function of the memory device, and so forth.

The security server is configured with an information database for verifying identity data generated by an identity engine of the memory device. The database allows the secure server to generate a corresponding secret encryption key for the memory device (and/or a corresponding public key if asymmetric encryption is used). The encryption key may be generated by the secure server without requiring the memory device to transfer its unique device secret outside of the memory device after manufacture of the memory device. The encryption key may be generated based at least in part on additional data available after manufacture of the memory device.

The security server may store an encryption key representing the owner's rights to the memory device. Using the encryption key, the secure server may generate a command that transfers ownership of the memory device and configures and/or transfers selected rights so that the selected command executes in the memory device. After reporting that the computing device is lost/stolen, the security server may detect the use of its memory device during memory device authentication, as well as requests for services by third party servers.

For example, when a third party server receives a request for a service from a computing device having a memory device, the third party server forwards identity data generated by the memory device from the computing device to the security server for verification. If the identity data is verified by the security server, the third party server may provide a service to the computing device; otherwise, the service request may be rejected, discarded or ignored.

When requested by an authorized party, the secure server may sign the command or generate an authentication code for the command to grant or revoke access to the non-volatile memory of the memory device. Commands that an authorized party may sign are forwarded to the memory device for execution. The signed command contains a message with the command and an authentication code of the message signed/generated using an encryption key representing the authority to execute the command in the memory device.

The memory device may be installed in the computing device as part of the computing device's identity and provide the computing device with main memory/storage capacity. For example, instructions and associated data to be executed in a computing device may be stored in a memory device and protected from damage, tampering, and/or hacking via security features of the memory device. Because the identity data generated by the identity engine of the memory device is based at least in part on the instructions/data stored in the memory device, the integrity and/or authenticity of the instructions and data to be used by the computing device is verified at least during the process of verifying the identity of the memory device and/or the computing device.

The security service provided by the security server removes the security protection of the operating and computing devices from the third party server. Services using memory devices and security servers may prevent unauthorized access without significant effort by the computing device manufacturer and the operator of the third party server. Thus, the third party server may operate with its core capabilities of providing the respective service without compromising security.

The third party server may provide services to its subscribers using the services provided by the security server without the subscriber performing manual operations to configure the computing device used by the subscriber. For example, a subscriber may use a computing device to access subscribed cellular services in a subscriber account without inserting a physical SIM card into the computing device and/or performing other operations to customize the computing device for access using the subscriber account.

The subscriber may be represented by an account identification. When a subscriber purchases a computing device, ownership of the computing device may be transferred to the subscriber through the secure server. Security features of a memory device configured in a computing device may be used to generate a device identity. When the computing device connects to a third party server to obtain a service, the third party server requests the security server to verify the device identity. Based on the ownership of the computing device and the ownership of the account, the computing device may dynamically link to the account such that the computing device can use the account to access services provided by the third party without requiring manual operations to configure the computing device.

For example, during authentication of the identity of the computing device, the owner/subscriber of the computing device is identified by an ownership management service of the secure server. Once the owner/subscriber is identified, the subscriber identification may be built into the device identity of the computing device or associated with the device identity in a database of the security server. Subsequently, when verifying the device identity, the services in the subscriber account may be provided to the computing device by a third party without requiring the subscriber to explicitly direct/request the services to the computing device.

Optionally, the computing device may establish a separate certificate with the third party server such that the third party server need not contact the secure server each time the computing device connects to the third party server to obtain service.

In FIG. 1, the integrated circuit memory device 130 has security features as discussed above.

The secure memory device 130 may store a unique device secret 101 for its authentication. In one example, the unique device secret 101 is injected into the memory device 130 in the secure facility and stored in a register of the memory device 130. In another example, the unique device secret 101 may be obtained from a Physically Unclonable Function (PUF) of the memory device 130. The unique device secret 101 may be obtained via a secure facility and registered in the secure server 140. For example, the secure facility may be part of a manufacturing facility for the memory device (e.g., 130). The unique device secret 101 in the memory device 130 is inaccessible via any interface of the memory device 130 (e.g., the host interface 147) after the memory device 130 is made and/or leaves the secure facility. Thus, after fabrication of memory device 130, unique device secrets 101 as in memory device 130 are sealed in the integrated circuit package of memory device 130. The copy of the unique device secret 101 is protected against theft and unauthorized access with strong security measures (e.g., using a Hardware Security Module (HSM)) within the secure server 140.

The memory device 130 includes logic circuits or local controllers that implement the encryption engine 107. The encryption engine 107 may perform cryptographic computations, such as hashing, key derivation, encryption, and/or decryption, without relying on processing capabilities outside of the memory device 130, such as the processing device 118 of the host system 120.

For example, the encryption key 105 may be generated at boot time based on a combination of the unique device secret 101 and the device information 121 stored and/or obtained in the memory unit 103 of the memory device 130, according to a method specified by the device identity synthesis engine (DICE) and the robust internet of things (RIoT) standard, or another method. Device information 121 may include non-secret data that may be obtained by an entity other than secure server 140 and memory device 130. To improve security, the device information 121 may include time-related information.

For example, the encryption key 105 may comprise two asymmetric encryption keys. The first asymmetric key is referred to as a device identification key; and the second pair of asymmetric keys is referred to as the alias key. The private device identification key is used to authenticate the authenticity of the alias key and thus reduce its use and risk. The alias key may be used for more transactions/communications; and the alias key may be replaced more frequently than the device identification key in order to improve security, as the alias key is used more frequently and therefore risks. For example, a private device identification key may be generated at boot time and used to sign a certificate, such as the certificate of the alias public key; then, the private device identification key is immediately deleted from the memory device 130 to protect its confidentiality.

Generally, one of the encryption keys 105 generated using the unique device secret 101 and the device information 121 may be used as a secret and an identity of the memory device 130 to be authenticated by the security server 140.

For example, authentication of memory device 130 may be performed by verifying that memory device 130 has secret encryption key 105. Having a secret encryption key 105 in memory device 130 may be viewed as proof that memory device 130 has a unique device secret 101 and stores an untampered version of the non-secret data.

Using the encryption engine 107, the memory device 130 can prove that the memory device 130 has the secret encryption key 105 without having to transfer the secret encryption key 105 and/or the unique device secret 101 outside of the memory device 130. For example, the memory device 130 may digitally sign a certificate or message using the secret encryption key 105 to provide an authentication code for the message and the secret encryption key 105. When the security server 140 verifies the verification code successfully, the security server 140 may conclude that: the memory device 130 has a secret encryption key 105 and thus an identity represented by the unique device secret 101.

Memory device 130 includes a host interface 147 that can be used to receive commands from host system 120. Controller 116 of the host system may send commands to memory device 130 to request data to be read from memory unit 103, data to be written into memory unit 103, data to be erased from a portion of memory unit 103, data in a portion of memory unit 103 to be modified, security features of memory device 130 to be activated, parameters related to security features in memory device 130 to be configured, and so on. At least some of the commands require rights represented by the encryption key 106 stored in the secure server 140. Having an encryption key 106 available to sign the command is considered to indicate that there is authority to request the memory device 130 to execute the command.

The memory device 130 contains an access controller 109 configured to verify, using the encryption engine 107, a verification code generated using the encryption key 106 representing the rights associated with the command. If the command is received with a valid authentication code, access controller 109 allows memory device 130 to execute the command; otherwise, the command may be rejected, ignored, or discarded.

When memory device 130 is manufactured, one or more relevant encryption keys 105 are stored in memory device 130 to provide owner rights to security server 140. Using owner permissions, security server 140 may sign commands for execution in memory device 130 to activate or deactivate security features, trigger replacement of a secret encryption key that is the identity of memory device 130, replace an encryption key used by access controller 109 to verify the permissions to execute one or more commands in memory device 130 for one or more regions of memory cells 103, and so on.

Optionally, after authenticating the identity of the authorized requestor, the security server 140 may sign the command using the encryption key to generate a verification code or digital signature of the command so that the requestor can send the command with the verification code to the host interface 147 of the memory device 130 so that the command can be executed within the memory device 130.

Optionally, the security server 140 may provide the entity with specific rights by replacing the encryption key 105 in the memory device 130, or provide the entity with a corresponding encryption key 106 representing the rights.

Typically, memory device 130 is connected to host system 120 to form an endpoint 150 in a communication network 110, such as the internet. In general, endpoint 150 is a computing device. Examples of endpoints 150 include personal computers, mobile computers, personal media players, tablet computers, smart phones, smart TVs, smart speakers, smart appliances, internet of things (IoT) devices, and so forth.

Memory unit 103 of memory device 130 may provide storage/memory capacity for host system 120 to store instructions and data for implementing the functions of endpoint 150. For example, processing device 118 of host system 120 is configured to execute instructions loaded from memory device 130 to initiate and perform operations.

The host system 120 may include a network interface 114 or another communication device to communicate with one or more of the client servers 141, …, 143 to receive services from the client servers 141, …, 143.

The service request sent from endpoint 150 to client server 141 may include identity data generated by encryption engine 107 of memory device 130. The client server 141 may request the security server 140 to verify the authentication code contained in the identity data.

In addition to services that authenticate the identity of memory device 130, security server 140 may also provide security services to manage the authority to operate memory device 130, configure or change security features or settings of memory device 130, detect lost/stolen devices, deactivate lost/stolen devices, and so forth.

Memory device 130 and/or endpoint 150 may have a non-secret unique identification 111. The unique identification 111 may be used to uniquely identify the memory device 130 and/or the endpoint 150 among a group of memory devices and/or endpoints.

For example, the unique identification 111 of the memory device 130 may include a Manufacturer Part Number (MPN) of the memory device 130 and/or a serial number of the memory device 130. For example, the unique identification 111 of the memory device 130 may comprise a public key in a pair of asymmetric encryption keys generated based at least in part on the unique device secret.

To authenticate the memory device 130 and/or the endpoint 150 as having an identity represented by the unique identification 111, the secure server 140 verifies the message containing the unique identification 111 (and other data 127) via the verification code of the message signed using the memory device's secret encryption key 105. The secret encryption key 105 in the memory device 130 is generated using the unique device secret 101 in the memory device; and a corresponding encryption key 106 for verifying a verification code signed using the secret encryption key 105 of the memory device 130 is generated in the secure server 140 from the corresponding unique device secret 101.

The secret encryption key 105 of the memory device 130 used to prove the identity of the memory device 130 may be generated based not only on the unique device secret 101 but also on device information 121 accessible to the memory device 130.

For example, device information 121 may include a hash value of instructions and/or data stored in memory unit 103. Furthermore, device information 121 may include tracking data stored into memory unit 103 for use in personalizing/personalizing memory device 130 and/or endpoint 150 during assembly of the components to build endpoint 150. Further, device information 121 may include identification information of other components in endpoint 150, such as an identification of controller 116, an identification of processing device 118, an identification of network interface 114, an identification of additional software or data packets of endpoint 150 not stored in memory device 130, and/or an identification and/or hash value of firmware configured to control/operate memory device 130. During boot time, the identification data may be collected as device information 121 used to generate the secret encryption key 105 for the memory device 130.

During the registration process, when memory device 130 is configured with device information 121, a copy of device information 121 is uploaded to security server 140 for association with unique identification 111 of memory device 130 and/or endpoint 150. The registration of the device information 121 allows the identity of the memory device 130 to be linked to the data, software, and/or hardware configuration represented by the combination of the unique device secret 101 and the device information 121.

FIG. 2 illustrates generation of identity data in an integrated circuit memory device, according to one embodiment. For example, the techniques of FIG. 2 may be implemented in the computing system of FIG. 1.

In fig. 2, the cryptographic engine 107 of the memory device 130 (e.g., as in fig. 1) is used to generate at least a secret key 137 using its unique device secret 101 and device information 121.

For example, when asymmetric encryption is used, secret key 137 is the private key of encryption key pair 135. The associated public key 139 is generated with the private key using the encryption engine 107.

Alternatively, when symmetric encryption is used, the secret key 137 may be generated and used without the public key 139 and without the key pair 135.

In some embodiments, multiple key pairs 135 are generated and used. For example, when using the device identity synthesis engine (DICE) and robust internet of things (RIoT) methods, the first asymmetric key is referred to as the device identification key; and the second pair of asymmetric keys is referred to as an alias key. The private device identification key may be used to authenticate the authenticity of the alias key and then immediately deleted and purged from the memory device 130 and/or the endpoint 150 to protect its confidentiality, particularly when the generation or use of the private device identification key occurs at least in part in the host system 120. The alias key may be used to authenticate other transactions and/or communications. For example, the private device identification key may be generated at boot time and used to sign a certificate, such as the certificate of the alias public key, and then deleted. After verifying or confirming the identity of the memory device 130 and the authenticity of the public alias key using the certificate signed using the private device identification key as the secret key 137, the private alias key may be used as the secret key 137 of the memory device 130 in subsequent operations until the endpoint 150 reboots.

For example, the data 123 of the device information 121 stored in the memory unit 103 may include a set of instructions (e.g., software, firmware, operating system, applications) to be executed by the processing device 118 of the host system 120 connected to the host interface 147 of the memory device 130.

For example, data 123 may include a cryptographic hash value of the set of instructions. For example, a known hash value of the set of instructions may be stored in memory unit 103; and a current hash value of the set of instructions may be calculated to compare with the known hash value. If the two hash values are consistent with each other, the integrity of the set of instructions is verified; and the hash value of the integrity of the set of instructions may be used as part of the device information 121 to calculate the secret key 137.

Alternatively, the current hash value of the set of instructions stored in memory unit 103 may be used directly in the calculation of secret key 137. If the instruction has changed (e.g., due to data corruption and/or tampering or hacking), then the authentication of the secret key 137 by the security server 140 will fail.

Optionally, the data 123 may include an identification of the set of instructions, such as a hash value of the source code of the instructions, the name of the software/firmware package represented by the instructions, the version number and/or release date of the package, and so forth.

Optionally, data 123 may include trace data stored into memory unit 103 during the process of building and/or customizing endpoint 150 including memory device 130. For example, when memory device 130 is assembled into a component device (e.g., a memory subsystem), a piece of trace data representing the manufacturer of the component device, the model number of the component device, and/or the serial number of the component device is stored into memory unit 103 as part of device information 121. Subsequently, when the component device is assembled into the endpoint 150, a piece of trace data is added to the memory unit as part of the device information 121. Other tracking data may be added to memory unit 103 as part of device information 121 to reflect the history of memory device 130 used to personalize the identity of memory device 130.

Optionally, the device information 121 may further include data 125 received from a host system 120 connected to a host interface 147 of the memory device 130.

For example, endpoint 150 may have host system 120 and memory device 130. Some components in the host system 120 may be removed or replaced. Upon booting endpoint 150, a portion of the instructions stored in memory unit 103 are executed to collect data 125 about components present in host system 120 at boot time. Thus, device information 121 may represent a particular configuration of a software/data and hardware combination of memory device 130 and/or endpoint 150. The secret key 137 generated based on the device information 121 and the unique device secret 101 represents the identity of the memory device 130 having the particular configuration.

To prove the identity of memory device 130 and/or endpoint 150, cryptographic engine 107 generates an authentication code 133 from message 131 and secret key 137.

As discussed above, secret key 137 and verification code 133 of message 131 may be constructed and/or verified using various techniques, such as a hash digest, a digital signature, or a hash-based message authentication code, symmetric encryption, and/or asymmetric encryption. Thus, the validation code 133 is not limited to a particular implementation.

Optionally, message 131 may contain a user identification, such as a name, an email address, a registered user name, or another identifier of the owner or authorized user of endpoint 150 in which identity data 113 was generated.

Optionally, portions of message 131 may provide the information in an encrypted form. For example, the information may be encrypted using the public key of the secure server 140 so that the information is not accessible to third parties.

Message 131 may be a certificate that presents the unique identification 111 of memory device 130 and/or endpoint 150. Message 131 may further present other data 127, such as a counter value maintained in memory device 130, a cryptographic nonce, and/or other information regarding the verification of identity data 113. Memory device 130 may monotonically increase the counter value to invalidate identity data with a lower counter value to prevent replay attacks.

In some implementations, the data 127 may include a portion of the device information 121 used to generate the secret key 137.

In some embodiments, the secret key 137 is a private alias key of a pair of asymmetric keys. Data 127 contains a certificate representing the corresponding public alias key in the pair of asymmetric keys. The certificate presenting the public alias key is signed using the device identification key of the memory device 130. The public alias key may be used to verify the authenticator 133 of the message 131 and the private alias key used as the secret key 137. Once the security server 140 verifies the certificate presenting the public alias key, signed using the device identification key of the memory device 130 and provided as part of the data 127, the security server 140 may verify the verification code 133 signed using the private alias key as the secret key 137 using the public alias key. In this embodiment, security server 140 may validate authenticator 133 using the public alias key provided in message 131 without having to regenerate the pair of alias keys; and memory device 130 may generate alias key pair 135 using data not already known to security server 140.

A certificate presenting a public alias key may be generated and verified in the manner in fig. 2, where the secret key 137 is a device identification key generated using the device information 121 and the unique device secret 101. Optionally, memory device 130 initially provides a certificate with the public alias key to secure server 140. Subsequently, the memory device 130 may use the private alias key as the secret key 137 and either the public alias key is not included in message 131 or the certificate of the public alias key is not included in message 131.

Data 127 in message 131 signed to generate verification code 133 may include a challenge. For example, to challenge memory device 130 to prove that it possesses secret key 137, a random data item may be presented as part of data 127 to be signed using secret key 137. In some embodiments, a monotonically increasing counter value may be used as the challenge.

Further, verifying the identity of the memory device 130 may include using a plurality of secret keys and a verification code signed with the secret keys. For example, the device identification secret key may be used to initially establish the authenticity of the alias secret key and the identity of the memory device 130; and subsequently, the alias secret key may be used to verify the authenticity of the identity of memory device 130. In general, the device identification secret key and the alias secret key may be based on asymmetric encryption or symmetric encryption, as the security server 140 may generate corresponding encryption keys generated by the memory device 130.

To improve security, memory device 130 does not use processing capabilities outside of memory device 130 to generate a copy of secret key 137 and does not transfer secret key 137 outside of memory device 130. The generation and use of the secret key 137 is performed using the logic of the encryption engine 107 sealed within the memory device 130.

Alternatively, portions of the operations to generate and use the secret key 137 may be implemented via a set of instructions stored in the memory unit 103 and loaded into the processing device 118 of the host system 120 for execution. To improve security, the secret key 137 is not transmitted in clear across the host interface 147; and the instructions may be configured to clear the secret key 137 from the host system 120 after generation and/or after use.

Identity data 113 may be generated in response to memory device 130 powering on, in response to a request received in host interface 147, and/or in response to endpoint 150 booting (e.g., by executing a boot loader stored in memory unit 103). Data 127 may include a count value maintained in memory device 130. When the operation of generating the identity data 113 is performed, the count value is increased. Thus, a version of identity data 113 having a count value invalidates a previous version of identity data 113 having a count value lower than the count value.

FIG. 3 illustrates a technique for controlling command execution in a memory device, according to one embodiment. For example, the technique of FIG. 3 may be implemented in the computing system of FIG. 1 and used with the technique of FIG. 2.

In FIG. 3, when the controller 116 of the host system 120 sends a command 155 to the host interface 147 of the memory device 130, the access controller 109 determines whether the sender of the command 155 has the right to request the memory device 130 to execute the command 155.

The encryption key 145 is configured to represent rights. The sender of command 155 can generate verification code 153 from encryption key 145 and message 151 containing command 155.

As discussed above, encryption key 145 and verification code 153 of message 151 may be constructed and/or verified using various techniques, such as a hash digest, a digital signature, or a hash-based message authentication code, symmetric encryption, and/or asymmetric encryption. Thus, the validation code 153 is not limited to a particular implementation.

The access controller 109 uses the corresponding access control key 149 to validate the validation code 153 of the command 155 submitted to the host interface 147. The access controller 109 uses the encryption engine 107 to generate a verification result 159 of the received message 151 and the received verification code 153. Based on the verification result 159, the access controller 109 may selectively allow the command 155 to execute within the memory device 130 or prevent execution of the command 155.

For example, the access control key 149 may be one of the encryption keys 105 stored in the memory device 130. Different access control keys may be used to control different rights for executing different commands and/or for executing commands acting on different sections of memory unit 103.

For example, the encryption key 145 may be stored in the secure server 140 to provide the associated rights to the secure server 140.

In one embodiment, security server 140 is configured to generate an authentication code 153 on behalf of an entity in response to the entity requesting authentication code 153 to execute command 155 in memory device 130.

Optionally, the encryption key 145 is generated during the verification of the identity data 113 generated using the secret key 137; and a secret known between memory device 130 and security server 140 (e.g., secret key 137) allows the session key to be generated as encryption key 145 to represent the right to execute the selected command in memory device 130 during the communication session with the time limit. Optionally, the period of device power-on may be used as a session delimiter, such that a new count value is generated during the next power cycle, thereby enabling generation of a new session key.

The encryption key 145 may be configured to be valid for a short time after the authentication of the identity data 113 and the establishment of the session key. After security server 140 verifies that the entity has the right to execute command 155 in memory device 130, security server 140 may generate verification code 153 and provide verification code 153 to the entity. The entity may then send message 151 and authentication code 153 to host interface 147. Once access controller 109 of memory device 130 determines, using encryption engine 107 and access control key 149, that authentication code 153 is valid, authentication result 159 permits memory device 130 to execute received command 155; otherwise, the access controller 109 may reject or ignore the received command 155.

In another embodiment, after security server 140 configures access control key 149 in memory device 130, security server 140 may provide entity with encryption key 145 representing the authority to execute command 155 in memory device 130.

Message 151 may contain data 157 that represents a restriction on the request to execute command 155.

For example, the data 157 may include an execution count value maintained within the memory device 130 such that the generated validation code for the lower count is invalid.

For example, the data 157 may include a cryptographic nonce established for a particular instance of the request to execute the command 155, such that the authentication code 153 cannot be reused for another instance.

For example, the data 157 may include a time window in which the verification code 153 is valid.

For example, the data 157 may include an identification of a memory region in which the command 155 is allowed to execute.

For example, data 157 may include the type of operation that allows command 155 to be executed in memory device 130.

FIG. 4 illustrates a technique for verifying the integrity of data stored in a memory device, according to one embodiment. For example, the techniques of FIG. 4 may be used for memory device 130 of FIG. 1, and used in conjunction with the techniques of FIG. 2 and/or FIG. 3.

In fig. 4, the memory device 130 stores not only the content 161 but also a hash value 163 of the content 161 in the memory unit 103. To determine the integrity status 165 of the content 161, the encryption engine 107 applies a cryptographic hash function to the content 161 to generate a current hash value of the content 161; and the encryption engine 107 compares the current hash value with the stored hash value 163 to determine whether they are the same. If so, the integrity of the content 161 required by the stored hash value 163 is confirmed.

The hash value 163 may be stored as part of the device information 121 used to generate the secret key 137 to verify the identity of the memory device 130.

Content 161 and hash value 163 are stored in different sections of memory device 130. The access controller 109 provides and/or enforces different levels of rights to access the content 161 and the hash value 163.

For example, the manufacturer of endpoint 150 may store content 161 into memory unit 103 such that processing device 118 of host system 120 in endpoint 150 may run programs or routines in content 161 to provide the designed functionality of endpoint 150. Further, the manufacturer and/or the secure server 140 may store the hash value 163 into a separate section for integrity checking. An end user of endpoint 150 may access and use content 161 in the memory unit, but may not access hash value 163. If content 161 is damaged or tampered with, encryption engine 107 may detect the change and generate integrity status 165, causing access controller 109 to prevent use of content 161. When the manufacturer has an updated version of the content 161 (or replacement), the manufacturer may perform the update in the memory unit 103 and issue a command 155 with the authentication code 153 to update the hash value 163. Optionally, the security server 140 may generate the verification code 153 in response to a request from the manufacturer.

The device information 121 and encryption key 105 in the memory device 130 may be stored in a secure section in the memory device 130 and protected by owner rights, represented as encryption key 106 stored in the secure server 140, via the access controller 109.

Different secrets (e.g., unique device secret 101, secret key 137) and content (e.g., device information 121, content 161) may be protected with different security levels and/or using different security policies to balance security and utility.

The unique device secret 101 may be protected in the memory device 130 at the highest level of security. For example, the unique device secret 101 may not be changed via a command to the host interface 147 (and/or any interface of the memory device 130) once the memory device 130 leaves the memory device's manufacturing security facility and/or after the memory device's 130 manufacturing operations are completed. Preferably, the unique device secret 101 is only accessible to the cryptographic engine 107 during generation of the secret key (e.g., 137) used to represent the identity of the memory device 130 and/or the endpoint 150. For example, the unique device secret 101 may be configured to be available only for a limited time upon startup of the endpoint 150.

For example, the device identification key may be protected by minimizing its use. The alias identification key is more secure than the device identification key and is replaced more frequently. Different operations and/or permissions may be used to replace the device identification key and the alias identification key.

For example, the security service shown in fig. 5 may be implemented in the computing system of fig. 1 based on the security features shown in fig. 2, 3, and/or 4.

In fig. 5, client server 141 is configured to provide services to a computing device, such as endpoint 150 in fig. 1 having memory device 130 connected to host system 120.

To request service from client server 141, host system 120 (e.g., executing instructions retrieved from memory device 130) requests identity data 113 of memory device 130. For example, identity data 113 may be generated in the manner shown in FIG. 2.

The host system 120 embeds the identity data 113 in a request 171 that is transmitted to the client server 141.

To determine whether endpoint 150 is authorized to be serviced, client server 141 extracts identity data 113 from request 171 and generates a request 173 for security server 140 to provide security services based on identity data 113.

Security server 140 may perform verification of identity data 113, determine the authenticity of memory device 130 and/or endpoint 150, and provide the results to client server 141 in response 174. Based on the results, client server 141 may provide response 172 to host system 120.

For example, response 174 may indicate whether identity data 113 is from a counterfeit device, or from a device in which data 123 or content 161 related to the identity of endpoint 150 and/or memory device 130 has been altered, damaged, changed, or tampered with, or from a lost or stolen device.

In some implementations, the request 173 can identify the command 155 to be executed in the memory device 130. After verifying the identity data 113 and verifying the authority of the client server 141 and/or endpoint 150 to request that the command 155 execute within the memory device 130, the security server 140 may generate a verification code 153 for the command 155 using the encryption key 145 and provide the verification code 153 to the client server 141 in a response 174. Using the security service, the client server 141 can be relieved from the security burden associated with the management of the rights and the encryption key 145 representing the rights.

Optionally, response 174 may include encryption key 145 representing the authority to execute command 155 in memory device 130. To reduce the security burden on the client server 141, the encryption key 145 may be configured to expire in a short time.

Optionally, when it is determined that identity data 113 is associated with a lost or stolen device, response 174 may include command 155 and/or authentication code 153 thereof such that when command 155 is executed in memory device 130, access controller 109 may disable at least some features accessible to host system 120 via host interface 147.

For example, after executing command 155 in memory device 130, access controller 109 may be configured to disable the boot loader stored in memory unit 103 of memory device 130.

For example, the command 155 may cause the access controller 109 to block access to one or more sections of the memory cells 103.

For example, the command 155 may cause the access controller 109 to require the right to access one or more sections of the memory unit 103, which is represented by the new encryption key 106 stored in the security server 140.

For example, the command 155 may cause the access controller 109 to corrupt data in one or more sections of the memory unit by clearing a decryption key used to decrypt data stored in the one or more sections.

For example, command 155 may cause memory device 130 to perform self-destruction and be irreversibly damaged.

The instructions retrieved from memory unit 103 for execution in host system 120 may include routines that can accept command 155 as a response to memory device 130 providing identity data 113. In some implementations, client server 141 may provide a connection that allows security server 140 to send commands 155 to memory device 130 for execution.

The techniques discussed above may be used to implement new ways of authenticating service subscribers.

For example, memory device 130 may be configured to generate a multi-factor device platform identity for endpoint 150 with improved security. The identity may be generated by combining: the unique device secret 101 of the memory device 130, platform source code identifying one or more applications running on the endpoint 150 to establish a secure connection to a service or network (e.g., client server 141 or 143), and a unique identifier of the network interface 114 or communication device. For example, the unique identifier may be an identifier of a modem installed on endpoint 150 to communicate over communication network 110. For example, the multi-factor device platform identity may be based at least in part on an International Mobile Equipment Identity (IMEI) number of the endpoint 150 configured to access cellular services. For example, when endpoint 150 relates to a vehicle, the multi-factor device platform identity may be based at least in part on a Vehicle Identification Number (VIN). Such powerful identities may be used in conjunction with cloud-based Subscriber Identity Module (SIM) functions in sign-on, network access and registration of cloud services (e.g., cellular subscription services).

The security features of the secure server 140 and the memory devices (e.g., 130) may provide a secure memory device technology platform. The platform may be configured to support authentication of endpoint 150 by measuring data stored in memory unit 103 of a secure memory device (e.g., 130). Additional network security protection of the endpoint may be achieved by controlling access to content 161 stored in a memory device (e.g., 130). Access control may be implemented by secure hardware manufacturing operations and password-based admission control, as discussed above in connection with fig. 1-5. A platform equipped with such memory devices (e.g., 130) may reach a sufficient level of network security protection to support a cloud-based virtual SIM solution and no longer require a physical SIM card on endpoint 150 to access the cellular connection.

The secure memory device technology platform may include a combination of a secure memory device (e.g., 130) and software meeting the DICE RIoT requirements for generating identity data 113 for endpoints (e.g., 150) that are initiated using the secure memory device. Such identity data 113 for endpoint 150 is generated based on the identity of the secure memory device 130 used to boot endpoint 150 and other factors. Such identity data 113 may be communicated to the client server 141 during login (e.g., registration service). Client server 141 may communicate with security server 140 to confirm the identity of endpoint 150. When identity data 113 is verified, client server 141 may trust endpoint 150 as authentic, and thus register service with endpoint 150.

For example, such a service may be a cellular connection that is typically registered with a physical SIM card. The identity data 113, which is verified by the secure memory device technology platform and protected by a secure login, may provide identification of the endpoint (e.g., 150) in as secure or more secure a way as identifying the endpoint using a physical SIM card. The cloud-based virtual SIM may be bound to identity data 113 that the secure memory device technology platform verifies during the service subscription lifecycle.

Typically, a service network (e.g., a payment card network, a cellular communication network) may identify a subscriber via a smart card. Conventional smart cards are configured as integrated circuit chips embedded in plastic cards. The integrated circuit chip in the smart card stores data identifying the customer account and may optionally store data relating to services provided to the account by the services network. The integrated circuit chip may be read through metal contacts disposed on a surface area of the plastic card and/or the wireless transceiver.

For example, a Subscriber Identity Module (SIM), also referred to as a SIM card, is a type of smart card. SIM cards are commonly used in mobile phones to identify an account for accessing cellular communication network services. When the SIM card is attached to the mobile phone, the cellular communication network provides services to the mobile phone according to the account identified by the SIM card. When the SIM card is attached to the replacement mobile phone, the replacement mobile phone may access the services configured for the account.

For example, the SIM card may store a mobile subscriber identity, such as an International Mobile Subscriber Identity (IMSI) number. The mobile/cellular network operator may assign authentication keys to the IMSI number and the SIM card. The SIM card stores an authentication key. The SIM card may be authenticated based on a digital signature signed using an authentication key. After authenticating the SIM card, the mobile phone with the SIM card may receive mobile/cellular services in an account associated with the mobile subscriber identity.

The Europay MasterCard Visa (EMV) card is another example of a smart card. EMV cards may be used to receive financial services in a payment card processing network to access bank accounts, such as debit accounts and credit accounts.

Integrated circuit memory device 130 may be configured to prevent unauthorized access to its memory cells 103 and to ensure a unique identity of the memory device 130 itself and/or the endpoint 150 in which the memory device 130 is installed. As shown in fig. 6, a secure memory device 130 having security features may be used to implement the functionality of smart cards, such as SIM cards and EMV cards, using data supplied remotely to the secure memory device and/or using data stored in a secure server.

For example, the system and method of fig. 6 may be implemented in the computing system of fig. 1 using the techniques of fig. 2 through 5.

In fig. 6, memory device 130 may be implemented using an integrated circuit memory device 130 having the security features of fig. 1-5. An access controller 109 of memory device 130 may use one or more access control keys 213 to control read and write operations that access at least some memory regions in memory device 130.

For example, memory device 130 is initially manufactured with access control key 213, allowing security server 140 to have full access to a memory region in memory device 130. Memory device 130 is further manufactured to include at least a portion of device identity data 211 that uniquely identifies memory device 130 among a population of memory devices.

For example, the device identity data 211 may be generated using the techniques illustrated in fig. 2.

For example, during manufacture of the memory device 130, the root secret (e.g., the unique device secret 101) of the memory device 130 is loaded into the security server 140 in the operation of the memory registration 231. The root secret may be a number generated by a Physically Unclonable Function (PUF) of the memory device 130 or a random number selected during manufacture of the memory device 130 and stored into the memory device 130. The secure server 140 may include a key management server configured to manage encryption keys for secure memory devices (e.g., 130). The root key may be considered and/or used as a secret encryption key. When memory device 130 is manufactured, the root secret may be obtained from memory device 130 or injected into memory device 130 for memory registration 231. Preferably, memory device 130 is manufactured such that after its manufacture, memory device 130 does not provide a root secret outside of memory device 130.

The device identity data 211 may be a root secret that is not disclosed, changed, or provided outside of the memory device 130.

After memory device 130 leaves the manufacturing facility, the root secret and other secrets in device identity data 211 are not available via the communication interface (e.g., host interface 147) of memory device 130. Because memory device 130 enforces a set of data access policies to prevent secret leakage and tampering of data stored in an access-protected area of memory device 130, memory device 130 may be considered a secure memory device. Security server 140 stores information that may mimic the computation performed by memory device 130 to generate a derived secret independent of memory device 130. Thus, the security server 140 can regenerate the derived secret for the memory device 130 without the memory device 130 transmitting the derived secret via its communication interface (e.g., the host interface 147).

For example, the root secret of the memory device 130 may be implemented via a Physically Unclonable Function (PUF). The root secret of memory device 130 may be retrieved from memory device 130 and stored into security server 140 for use in memory registration 231 during manufacture of memory device 130. The root secret may be used to generate a derived secret from the device identity data 211. For example, a PUF can be used to derive Diffie-Hellman (Diffie Hellman) key pairs; and the diffie-hellman key pair can be used to create a Unique Device Secret (UDS)101 that can be securely shared between the device and the secure server.

For example, device identity data 211 may be generated using the techniques of fig. 2.

The derived secret is generated in some manner (e.g., based on a cryptographic hash function, a random number, and/or a monotonic count value) such that the root secret cannot be computed from the derived secret and/or other information used to generate the derived secret. For example, the derived secret may comprise a private key of a pair of asymmetric encryption keys. For example, the derived secret may comprise a symmetric encryption key.

Device identity data 211 may include a non-secret public identification number of memory device 130, such as a serial number of memory device 130, a unique identification number of memory device 130, and/or a public key of a pair of asymmetric encryption keys, and so forth. Public identification numbers can be used to uniquely identify a memory device 130 among a group of memory devices without revealing the secret of the memory device 130; and the secret of memory device 130 may be used to authenticate/confirm that memory device 130 is identified by the public identification number.

The derived secret in device identity data 211 may be generated and/or replaced after memory device 130 leaves the manufacturing facility. The access control key 213 may be used to control the execution of operations to generate and/or replace derived secrets to prevent tampering. For example, the derived secret may include an encryption key and/or certificate generated according to the Device Identity Composition Engine (DICE) standard.

During memory registration 231, at least the root secret of memory device 130 is stored in security server 140 in association with the public identification number of memory device 130. During the manufacturing process of memory device 130, the root secret of memory device 130 is known between memory device 130 and security server 140 during memory registration 231 in the secure environment. Subsequently, the additional information used to generate the derived secret can be disclosed without compromising the confidentiality of the derived secret. The derived secret may be used for authentication of the memory device 130, and may optionally be replaced.

The access control key 213 is configured to prevent unauthorized access and/or manipulation of secrets in the device identity data 211. For example, once the access control key 213 is configured in the memory device 130, the secret is limited for use by the cryptographic engine 107 (e.g., to regenerate the derived secret and/or to generate the digital signature). For example, commands/requests received in the host interface 147 of the memory device 130 need to be digitally signed in a manner that can be verified using the access control key 213, as shown in FIG. 3. If the digital signature applied on the command/request is not valid according to the access control key 213, the command/request may be rejected and/or ignored.

For example, the access control key 213 may be used to authenticate a digital signature applied on a command to perform a particular operation related to the device identity data 211, such as replacing an encryption key or asymmetric encryption key pair.

Further, one or more additional access control keys 213 may be used to authenticate the owner of memory device 130 and/or a digital signature of an authorized user. Different authorized users may be limited to accessing different regions of the memory device for a particular operation (e.g., write, erase, read). Owners and other authorized users may have different scopes and/or rights to operate memory device 130.

Secure server 140 may be configured as the initial owner of memory device 130. For example, the public key of the secure server 140 may be initially stored in the memory device 130 as the owner access control key 213 to provide owner rights for commands signed using the private key of the secure server 140. After the memory device 130 is delivered to the customer, the customer's public key may be stored as a substitute for the owner access control key 213 to transfer owner rights to the customer.

Optionally, certain security functions of memory device 130 may be activated for the customer. Some aspects of the memory device 130 relating to the activation of security functions may be found in U.S. patent application No. 17/014,203, entitled "customer specific activation of functions in a semiconductor device," filed on 8.9.2020, the entire disclosure of which is hereby incorporated by reference herein.

Endpoint 150 may be configured to include memory device 130 and other components 187. During the construction 233 of the endpoint 150, the memory device 130 is installed/assembled into the endpoint 150; and the soft module 217 and the trace data 215 may be stored in the memory device 130.

For example, soft module 217 may include a boot loader of endpoint 150, firmware of memory device 130 and/or a memory subsystem containing memory device 130, or an operating system or software application of endpoint 150. The soft module 217 may include instructions and data configured to implement functions. The instructions may be executed by logic circuits of memory device 130, a controller of a memory subsystem in which memory device 130 is installed, and/or processing device 118 of host system 120 of memory device 130 and/or the memory subsystem.

During endpoint construction 233, endpoint registration 235 may be performed to store trace data 215 into security server 140 and/or memory device 130. Tracking data 215 may be part of the configuration and/or identity of endpoint 150.

For example, the trace data 215 may include a hash value of the soft module 217 calculated using a cryptographic hash function. For example, tracking data 215 may contain secrets assigned to endpoint 150.

A counterfeit of endpoint 150 that does not have tracking data 215 cannot pass endpoint authentication 239 that relies on tracking data 215. Therefore, the security of the system is improved. Additional details and examples of techniques related to tracking data 215 may be found in U.S. patent application No. 17/005,565, entitled "secure memory system programming for host device authentication," filed on 28/8/2020, the entire disclosure of which is hereby incorporated by reference herein.

Endpoint identity data 188 may be generated using the techniques of fig. 2 to represent the configuration of endpoint 150 at its boot time. For example, endpoint identity data 188 may include a certificate (e.g., message 131) generated based on a combination of identification data of a portion of device identity data 211, tracking data 215, and other components (e.g., network interface 114, processing device 118, controller 116) that are present at the time endpoint 150 is initiated.

Device identity data 211 and/or endpoint identity data 188 may include one or more certificates generated using a Device Identity Composition Engine (DICE) according to a standard developed by the Trusted Computing Group (TCG) that combines a hardware secret and source code to form a trusted identity. Additional details and examples of techniques for generating device identities may be found in U.S. patent application No. 16/374,905, entitled "login software on a secure device for generating device identities to authenticate with a remote server" filed on 4/2019 and published as U.S. patent application publication No. 2020/0322134 on 8/10/2020, the entire disclosure of which is hereby incorporated by reference herein.

The operations of virtual card registration 237 may be performed to configure endpoint 150 for a service of card-based services network 225, such as a mobile/cellular communications network, a bank card processing network, and the like.

For example, endpoint 150 may connect to card server 223 to request a card profile 219 for endpoint 150 represented by device identity data 211. To request the card profile 219, the endpoint 150 transmits the public portion of the endpoint identity data 188 to the card server 223. Card server 223 forwards endpoint identity data 188 to security server 140 for authentication 239 of endpoint 150. For example, the authentication techniques discussed in connection with FIG. 2 may be used.

Once the security server 140 verifies that the endpoint identity data 188 was formed using the correct combination of the device identity data 211, the tracking data 215, and other data of the endpoint 150 of the memory device 130 submitted and/or recorded in the security server 140 during endpoint registration 235, the card server 223 may assign and/or store the card profile 219 to the memory device 130 or associate the card profile 219 with the endpoint identity data 188.

Virtual card registration 237 may be performed via soft module 217 secured in memory device 130 and/or via a security manager such that card profile 219 stored in memory device 130 cannot be tampered with. Optionally, security server 140 may generate an authentication code for command 155 to write card profile 219 into the secure section of memory device 130. The write authority of the secure section may be controlled via an encryption key stored in the secure server 140. For example, the access controller 109 may control the storage and/or replacement of the card profile 219 in the memory device 130 using an access control key 213 corresponding to the card server 223 or the security server 140.

Further, the memory device 130 may verify the integrity of the card profile and/or the soft module 217 responsible for using the card profile 219 in the manner shown in FIG. 4.

When card profile 219 is secured in memory device 130 in endpoint 150, memory device 130 and/or endpoint 150 may function in an equivalent manner to a corresponding smart card installed in endpoint 150. The card profile 219 securely attached to the device identity data 211 may be considered a virtual smartcard.

In some embodiments, the soft module 217 is configured to use the encryption functions and/or processing capabilities of the logic of the integrated circuit memory device 130 to implement the encryption operations involved in the use of the card profile 219. For example, the card profile 219 may contain an authentication key; and the soft module 217 may be configured to generate a digital signature for authenticating/verifying that the card profile 219 contains an authentication key.

For example, the card profile 219 may be as shown in fig. 7 and 8.

In FIG. 7, the card profile 219 may include card data 241 and a soft card module 243. Optionally, the soft card module 243 may be installed as part of the soft module 217 stored in the memory device 130.

Card data 241 may include identification of a smart card (e.g., a virtual card), an account, and/or a subscriber. For example, the card data 241 may identify the type of smart card, the services to which the account/card is subscribed, and/or customer data related to the services (e.g., margins, transaction records, messages, etc.). In some embodiments, the card data 241 may include the same set of data stored in a physical smart card (e.g., an integrated circuit chip embedded in a plastic card configured according to the Universal Integrated Circuit Card (UICC) standard).

The soft card module 243 may contain instructions to operate on the card data 241 by the encryption engine 107 of the memory device 130. For example, the computing functionality of an integrated circuit chip for a particular type of smart card may be implemented by executing the soft card module 243 via the secure memory device 130. Soft card module 243 allows endpoint 150 to emulate the computational operations of a physical smart card.

In fig. 8, the card profile 245 contains card data 241 such as an Integrated Circuit Card Identifier (ICCI)251, a mobile equipment identity number 253, an international mobile subscriber identity number 255, an authentication key 257 assigned to the international mobile subscriber identity number 255, and service data 247 related to mobile/cellular communication services of the international mobile subscriber identity number 255.

In a conventional mobile phone using a conventional SIM card, an Integrated Circuit Card Identifier (ICCI)251 is used to identify the SIM card among a group of SIM cards. A mobile equipment identity number 253, for example in the form of an International Mobile Equipment Identity (IMEI) number or IMEI software version (IMEISV), is used to identify a mobile telephone among a group of mobile telephones. International Mobile Subscriber Identity (IMSI) numbers are used to identify subscribers/customers/accounts among a group. Such numbers in card profile 245 may be used for similar functions when card profile 245 is attached to endpoint 150. For example, when endpoint 150 is a mobile phone without a physical SIM card, card profile 245 may serve as a virtual SIM card to identify the card, subscriber, and endpoint/mobile phone. For example, an Integrated Circuit Card Identifier (ICCI)251 corresponds to and/or represents the device identity data 211 of the memory device 130; mobile device identity number 253 corresponds to and/or represents endpoint identity data 188 of endpoint 150; and, the international mobile subscriber identity number 255 represents a subscriber/customer/account in the mobile/cellular communication network.

For example, the authentication key 257 is a secret assigned to the international mobile subscriber identity number 255. When the endpoint 150 requests a connection in the mobile/cellular communications network using the international mobile subscriber identity number 255, the mobile/cellular network operator may look up the authentication key 257 from the database and challenge the endpoint 150 to prove that it is in possession of the authentication key 257. The security challenge may include digitally signing a message including a random number (RAND) using authentication key 257. The reply to the security challenge may include a portion of the digital signature for verification by the mobile/cellular network operator. The operator signs the message independently using the corresponding authentication key 257 associated with the international mobile subscriber identity number 255 in the database. If the reply is consistent with the mobile/cellular network operator calculated answer, the digital signature is verified; and thus, the endpoint 150 is considered to have an authentication key 257 assigned to the international mobile subscriber identity number 255 and is eligible to receive services associated with the international mobile subscriber identity number 255. In addition, a symmetric encryption key may be derived from the digital signature for securing communications between endpoint 150 and the mobile/cellular communication network in subsequent communication sessions.

For example, when card profile 245 is installed in endpoint 150, endpoint 150 may communicate with a mobile/cellular network operator to request a connection and respond to a security challenge using the same protocol used by a mobile phone with a physical SIM card. Thus, the mobile/cellular network does not have to distinguish between endpoints 150 having card profiles 245 as virtual SIM cards and other mobile phones having physical SIM cards.

Optionally, the card profile 245 may include an authentication module 259 configured to be executed by the encryption engine of the secure memory device 130 and/or the processing device 118 of the endpoint 150 to perform cryptographic calculations during use of the card profile 245, such as generating a reply to a security challenge and/or a symmetric cryptographic key for a communication session.

In fig. 6, after virtual card registration 237, endpoint 150 may receive services from card-based services network 225 using card profile 219 to identify a subscriber/customer/account. For example, the card-based services network 225, initially configured to provide services to legacy smart cards, may seamlessly further provide services to endpoints (e.g., 150) having virtual smart cards implemented by storing card profiles (e.g., 219) in secure memory devices (e.g., 130).

Optionally, endpoint 150 may be configured to perform communications with card-based services network 225 in the same manner as a mobile device having a physical smart card (e.g., a SIM card) or smart card (e.g., an EMV card).

For example, the endpoint 150 may function as a smart card for a card reader. The terminal 150 may include metal contacts for connecting to a card reader. For example, the endpoint 150 may include a transceiver comparable to a card reader of a wireless smart card. Alternatively, additional card readers may be configured in the card-based services network 225 to read virtual cards from the endpoints 150 using alternative communication connections. Examples of alternative connections may include Near Field Communication (NFC) connections, bluetooth connections, Wi-Fi connections, Universal Serial Bus (USB) connections, and so forth.

In another example, endpoint 150 may function as a mobile station having a built-in card reader to read a smart card inserted into the mobile station, such as a mobile phone having a SIM card. Endpoint 150 may communicate with card-based services network 225 to access services 227 using the same communication protocol of a mobile station having a physical SIM card.

Optionally, card profile 219 may be stored in card server 223 in association with endpoint identity data 188. Endpoint 150 may use endpoint identity data 188 to access services 227 in card-based services network 225. In response, the card-based services network 225 may communicate with the card server 223 to identify the card profile 219 based on the endpoint identity data 188. Further, based on endpoint identity data 188, card server 223 may communicate with security server 140 to perform endpoint authentication 239 to verify that endpoint 150 has secure memory device 130 at the time of virtual card registration and has the same configuration represented by the combination of tracking data 215, soft module 217, and component 187. When endpoint 150 is tampered with and/or modified, changes may be detected in status check 229 and/or endpoint authentication 239; in response, the card-based services network 225 may deny the request to access the service 227.

Optionally, the virtual card registration 237 may be performed in time in conjunction with a request to access the service 227. In response to the request, the endpoint identity data 188 is verified by endpoint authentication 239. After the endpoint verification is successful, the card profile 219 may associate and/or store the card profile 219 with the endpoint identity data 188 into the memory device 130.

In some embodiments, card server 223 is implemented as part of security server 140.

In some embodiments, the card server 223 is implemented as part of a network operator of the card-based services network 225.

For example, the system of fig. 6 may be used to simplify, protect, and accelerate large-scale global deployment of internet of things (IoT) devices and rich IoT service ecosystems. For example, a virtual Subscriber Identity Module (SIM) card may be used by an IoT device (e.g., endpoint 150) to connect to the internet over a mobile/cellular communication network.

The security server 140 may function as a memory-based security as a service platform for endpoints (e.g., 150) such as IoT edge devices. A card server may be used to provide a cellular connection solution for such endpoints. The combination as shown in fig. 6 may create one general end-to-end solution for zero-contact logging of cellular connected IoT devices onto a cloud service.

The complexity of enterprise IoT implementations presents challenges to large-scale global deployment of IoT devices. Challenges include implementation difficulties in cellular connectivity and network security. Cellular connectivity has significant advantages over wireless local area networks (e.g., Wi-Fi) in IoT deployment, such as greater distance, better outdoor performance, greater security, and existing global infrastructure. The requirement of a physical SIM card and contract with the mobile/cellular network operator slows the use of cellular connections by IoT devices. The solution as shown in fig. 6 solves such challenges.

A virtual SIM card implemented by securely associating the card profile 219 with the endpoint identity data 188 and/or the device identity data 211 may eliminate the need for a physical SIM card. The deployment of virtual SIM cards provides highly scalable IoT security, cloud-based SIM management, secure zero-contact device registration and IoT service sign-in, smooth global connectivity, instant SIM activation.

The solution as shown in fig. 6 is particularly advantageous for the industrial, infrastructure, automotive, aeronautical, transportation and logistics sectors, which need to provide borderless, long-range connectivity for portable devices, not limited by border and short-range Wi-Fi networks, even in the most remote locations.

The system as shown in fig. 6 can greatly simplify flexible global connections and offer rich possibilities for innovations in the IoT market.

The use of physical smart cards requires that the card identity and/or device identity be tightly paired with services provided by the network (e.g., 225) during manufacture in case the device is insecure, insecure to operate, fraudulent, and/or counterfeit.

The security server 140 may be used to implement zero-contact authentication of third party services and late binding of credentials, enabling end users to freely secure access to more diverse third party IoT services.

The security server 140 and/or the card server 223 may be used to securely install the soft modules to customize the IoT devices. For example, an online soft module store may be provided to allow soft modules to be stored into endpoint 150, whose functionality is customized in a manner similar to the functionality provisioning of different types of smart cards and/or SIM cards discussed above. This customization allows enterprises to access vendor-independent IoT services, leveraging and experimenting intelligent features and data insights in new ways.

With the complex misbehaving and hacking of devices ranging from IoT aquarium to baby monitors, and the like, threatening the environment becomes more and more dangerous, network security has always been a weak link in IoT adoption. Security server 140 may provide security as a service supported by security features implemented in the memory devices (e.g., 130) that control access and device identity data 211. Through its silicon root of trust, the secure memory device 130 provides a unique level of protection for the lowest layers of IoT software-starting from the boot process and with a strong cryptographic identity and security features that are owned in the memory device 130.

For example, security as a service implemented via a combination of security features embedded in the secure server 140 and the secure memory device (e.g., 130) may include verifying the authenticity of the memory device (e.g., 130) purporting to have a public identification number by verifying whether the memory device (e.g., 130) has the root secret recorded via the memory registration 231 performed during manufacture of the memory device 130.

For example, security as a service may optionally further include identifying the owner of memory device 130 based on an encryption key corresponding to access control key 213 implemented to provide owner privileges.

For example, security as a service may optionally further include identifying the service provider of the endpoint 150 having the memory device 130 based on the identity of the owner/manufacturer of the memory device 130 prior to distributing the endpoint 150 to end users/customers. Based on the service provider, security server 140 may download soft modules 217 relating to the services provided by the service provider to customize endpoint 150. For example, the customization may be performed during endpoint registration 235. Optionally, the end user or enterprise user may select a service provider; and security server 140 and/or card server 223 may push soft module 217 to memory device 130. Further, in response to the endpoint authentication 239, the security server 140 may automatically push the software update into the memory device. Thus, security vulnerabilities of a field endpoint (e.g., 150) may be automatically reduced and/or minimized without additional effort by the respective OEMs of the endpoints (e.g., 150).

For example, the security as a service may optionally further include tracking of lost/stolen devices. In response to endpoint authentication 239 of endpoint 150 registering in security server 140 as lost or stolen, security server 140 may request access controller 109 of memory device 130 to disable access to and/or erase data from a particular memory region. In some cases, access controller 109 may disable normal operation of endpoint 150 by restricting access to resources such as boot loaders, operating systems, applications, and the like. In some cases, access controller 109 may perform operations that irreversibly destroy the memory function of memory device 130.

For example, the security as a service may optionally further include an audit service of the integrity of endpoint 150. For example, memory device 130 may construct endpoint identity data 188 based on a cryptographic hash value of soft module 217 stored in memory device 130 such that when soft module 217 changes, security server 140 may verify whether the current soft module 217 is a valid distribution from the respective vendor of soft module 217. When the soft module 217 is found to be damaged, tampered with, and/or compromised, the secure server 140 may initiate an update operation to repair the soft module using a valid distribution from the online software store.

When an updated version of soft module 217 is available, security server 140 may recalculate endpoint identity data 188 for authentication of endpoint 150. Thus, when endpoint 150 has an outdated soft module 217, security server 140 may detect the existence of the outdated version and request/initiate an update of soft module 217 over the air. Optionally, security server 140 may track a history of configuration changes of endpoint 150 that affect endpoint identity data 188. For example, security server 140 may communicate with memory device 130 to restore a previous configuration when requested.

For example, the security as a service may optionally further include a device tracking service that may provide activity data corresponding to owner access control key 213 (or another authorized user corresponding to another access control key) to the owner of endpoint 150. For example, the activity data may include location data and the use of endpoint 150 in various services from card-based services network 225.

Endpoint identity data 188 may include a public identity of endpoint 150, such as an International Mobile Equipment Identity (IMEI) number (e.g., mobile equipment identity number 253). A subscription of a public identity of endpoint 150 to a service (e.g., a cellular connection) of card-based services network 225 may be pre-registered at card server (223) without using endpoint 150. For example, the IMEI number may be associated with the international mobile subscriber identity number 255 in the database of the card server 223.

When endpoint 150 attempts to connect to card-based services network 225, the public identity (e.g., IMEI number) of endpoint 150 is authenticated in endpoint authentication 239 using endpoint identity data 188. In response, a subscription registered with the international mobile subscriber identity number 255 is identified and used to generate the card profile 219 to bind the card profile 219 to the endpoint 150. The binding may be in the form of storing the card profile 219 into the secure memory device 130 in the endpoint 150. Alternatively, the binding may be in the form of the card profile 219 being associated with the endpoint identity data 188 in a database of the card server 223.

In some cases, a group of endpoints (e.g., owned by enterprise clients) may share a reduced number of virtual SIM cards to enable cellular connectivity. For example, the IoT devices of the enterprise clients may not need to be cellular connected at the same time. When the endpoint 150 of the enterprise client requires a cellular connection, the available card profile 219 representing the virtual SIM card is dynamically "installed" for the endpoint 150 and used for cellular services at that time after endpoint authentication 239 during the communication session. When the communication session ends, the virtual SIM card may be used by another endpoint of the enterprise client. The physical SIM card may be moved from one mobile phone to another to allow different mobile phones to access cellular services registered with the same SIM card. However, physically moving a SIM card from one mobile phone to another is inefficient and cannot be deployed on a large scale. The instant installation of the virtual SIM card may overcome the limitations of the physical SIM card and provide improved security via endpoint authentication 239 prior to installing the virtual SIM card.

For example, such instant installation of the virtual SIM card may be used to facilitate infrequent or one-time use of the cellular connection. For example, a cellular connection may be used to perform over-the-air firmware/software updates. For example, a cellular connection may be used to periodically report the status of endpoint 150 (e.g., once per day, week, or month). For example, endpoint 150 may report its health and/or location in relation to a warranty service based on the location of endpoint 150.

For example, security as a service may optionally further include an identity service that allows the public identity of endpoint 150 to be changed in a secure manner. For example, a group of endpoints of an enterprise client may share a reduced number of IMEI numbers. When endpoint 150 attempts to connect to card-based services network 225 using the alternate public identity number in endpoint identity data 188, card server 223 and/or security server 140 may perform endpoint authentication 239, assign an unused IMEI number to endpoint 150, and associate card profile 219 with the IMEI number assigned to endpoint 150 to enable endpoint 150 to obtain service from network 225 as a device represented by the IMEI number.

When such a secure memory device 130 is used with security as a service provided by the secure server 140, an Original Equipment Manufacturer (OEM) of an endpoint (e.g., 150) may provide security by assembling the secure memory device 130 into the endpoint (e.g., 150) without performing its separate security operations, such as secure key injection, designing and implementing secure elements, hardware components, or special system-on-a-chip (SoC) features. Thus, the security server 140 and the secure memory devices (e.g., 130) may provide plug-and-play security for OEMs of IoT devices (e.g., endpoint 150).

The services of the secure server 140 may be used to authenticate, activate, and manage secure memory devices (e.g., 130) at the edge after deployment. This capability can be extended throughout the life cycle from manufacturing supply chain to field installation and management for platform enhancement and device protection.

FIG. 9 illustrates a technique for authenticating a memory device, according to one embodiment. For example, the technique of FIG. 9 may be used to implement the security service of FIG. 5 using the identity data of FIG. 2.

With the authentication operation of fig. 9, a session key 263 may be established to protect communications between the security server 140 and the memory device 130 without trusting the client server 141 to handle security to protect the secrets of the memory device 130. Optionally, the session key 263 can be used by the access controller 109 to enforce the authority of the selected command 155 requesting execution in the memory device 130.

In FIG. 9, client server 141 may send a request 271 to memory device 130 for identity data 113 of memory device 130.

The request 271 may include a cryptographic nonce 267. For example, the cryptographic random number 267 may be generated by the secure server 140 in response to a request from the client server 141, or generated by the client server 141 and shared with the secure server 140 for the request 271. Alternatively, memory device 130 may generate a cryptographic random number 267 in response to request 271 and provide a corresponding response 273 that includes cryptographic random number 267.

In response to request 271 for identity data 113 of memory device 130, memory device 130 provides a response 273 comprising a message identifying unique identification 111 of memory device 130.

The secret key 137 of the memory device 130 is used to generate the authentication code 133 for the message provided in the response 273. As discussed above, the verification code 133 may be implemented using techniques such as a hash digest, a digital signature, and/or a hash-based message authentication code. The verification of the verification code 133 may be performed by the security server 140 using the corresponding encryption key 106 stored in association with the unique identification 111.

To protect the response 273 and/or the passcode 133 from security attacks (e.g., reuse of the response 273 and/or attempt to recover the key 137), the passcode 133 is generated for the message 131 containing the unique identification 111, the counter value 265, and the cryptographic nonce 267. Counter value 265 is obtained from counter 261 in memory device 130. The value of the counter 261 monotonically increases. For example, counter 261 may be used to store a value representing a count of requests received for identity data and/or other data items or operations related to security. Thus, a response containing a counter value 265 that is lower than the previously seen counter value may be deemed invalid. The cryptographic random number 267 is used once in the generation of the response 273 and is discarded by the memory device 130. When the cryptographic random number 267 has been previously provided to the secure server 140 or generated by the secure server 140, the response 273 does not necessarily explicitly include the cryptographic random number 267 in the response 273.

Client server 141 forwards response 273 to security server 140 to request authentication of memory device 130. Using the unique identification 111 provided in the response 273, the secure server 140 can locate the corresponding encryption key 106 to verify the passcode 133. For example, the corresponding encryption key 106 may be a secret key 137, or a corresponding public key when asymmetric encryption is used.

Upon verification of the passcode 133, the security server 140 provides the authenticity indicator 275 to the client server 141. Authenticity indicator 275 indicates whether memory device 130 is authentic. For example, the security server 140 may generate and provide a certificate signed by the security server 140 to extend the certificate chain of the memory device 130 back to the verifier (e.g., security server). Optionally, the secure server 140 may allow for the download of a Certificate Signing Request (CSR) that allows requesters to use a Certificate Authority (CA) of their choice (instead of the secure server 140).

With authentication of the memory device 130, the memory device 130 and the security server 140 may establish a session key 263 for communicating with each other in subsequent communication sessions. The session may be limited by a predetermined length of time period following verification of the response 273 or verification code 133. After the period of time, the session key 263 expires and thus may be destroyed or discarded. Further, a subsequent request for identity data may end a previous session that was started with a previous request for identity data.

The session key 263 may be generated based at least in part on a secret known between the secure server 140 and the memory device 130 but unavailable to the communication channel between the secure server 140 and the memory device 130.

For example, session key 263 may be derived based at least in part on secret key 137. Further, the session key 263 can be based at least in part on the counter value 265 and/or the cryptographic nonce 267. Optionally, the session key 263 may be based at least in part on the authentication code 133. For example, the passcode 133 and the secret key 137 may be combined to generate the session key 263.

In some embodiments, the session key 263 is independent of the authentication code 133; and the authentication code 133 may be generated using a session key 263 derived from the secret key 137 or another secret known between the security server 140 and the memory device 130.

FIG. 10 illustrates a technique for generating commands that control secure operation of a memory device, according to one embodiment. For example, the technique of fig. 9 may be used to implement the security service of fig. 5 using the techniques of fig. 3 and 10.

For example, after the client server 141 requests that the right to execute the command 155 in the memory device 130 be verified using the client rights data 283, the security server 140 may provide the client server 141 with the verification code 153 of the command 155 in response to the request 281 from the client server 141.

Some of the communications in fig. 9 and 10 may be combined. For example, in some cases, request 281 may include identity data 113 provided by memory device 130 as a response 273 to request 271 for memory device 130.

After client server 141 sends request 281 identifying command 155 and memory device 130, security server 140 may generate authentication code 153 for command 155 if it is determined that client server 141 has the authority to control or operate memory device 130 using command 155. Request 281 may include a unique identification 111 of memory device 130 in which command 155 is to be executed. For example, unique identification 111 may be extracted by client server 141 from a response 273 to request 271 for identity data of memory device 130 and/or authenticity indicator 275 provided by secure server 140.

As discussed above, the verification code 153 may be implemented using techniques such as a hash digest, a digital signature, and/or a hash-based message authentication code. The verification of the verification code 153 may be performed by the access controller 109 using the access control key 149 of the command 155. The authentication code 153 may be generated using an encryption key 277 stored in the secure server 140 that represents the authority to execute the command 155 in the memory device 130. For example, when encryption via asymmetric encryption is not used, encryption key 277 may be access control key 149; alternatively, when asymmetric encryption is used, access control key 149 is the public key of a key pair and encryption key 277 is the private key of the key pair.

In one embodiment, the access control key 149 and encryption key 277 are pre-configured for the authority of the command 155. In another embodiment, the access control key 149 and the encryption key 277 are based on the session key 263. For example, session key 263 may be used as access control key 149 and encryption key 277 for access control of commands 155. In some embodiments, session key 263 is a key in a pair of asymmetric keys that may be used to implement encryption key 277 and access control key 149 related to encryption performed using asymmetric encryption.

When the validation code 153 is based on the session key 263, the validation code 153 expires when the session key 263 expires, which prevents reuse of the validation code 153 outside of a session in which the session key 263 is valid.

Message 151 provided in request 285 may include command 155 and cryptographic random number 287. The cryptographic random number 287 is arranged for the command 155/request 285 and is therefore different from the cryptographic random number 267 used for transmitting the identity data of the memory device 130.

For example, in response to the request 281, the security server 140 may generate a cryptographic random number 287 and use it to generate the verification code 153. The cryptographic random number 287 may be provided with an authentication code 153 for the client server 141 to generate the request 285. Alternatively, the client server 141 may generate the cryptographic random number 287 and provide it to the security server 140 along with the request 281. Alternatively, to generate the request 281, the client server 141 may request the cryptographic random number 287 from the security server 140.

After client server 141 sends request 285 with authentication code 153 obtained from security server 140, memory device 130 authenticates authentication code 153 of message 151 contained in request 285 using access control key 149. If the authentication code 153 is valid, then the access controller 109 allows the memory device 130 to execute the command 155; otherwise, access controller 109 may prevent execution of command 155 in memory device 130.

For example, command 155 may be configured to activate a security feature of memory device 130.

For example, command 155 may be configured to replace access control key 149 or secret key 137 in memory device 130. For example, the new secret key 137 may be generated using additional non-secret data provided during the manufacture of the computing device on which the memory device 130 is installed, but the memory device 130 is not available at the time of its manufacture. For example, the new access control key 149 may be configured to provide a set of rights to the client server 141.

After executing command 155, memory device 130 provides response 289, which may be forwarded by client server 141 to security server 140. Security server 140 may determine whether response 289 is correct. For example, the memory device 130 may sign the response using the session key 263 for verification by the security server 140.

In some implementations, a replacement secret key for replacing the existing secret key 137 of the memory device 130 is independently generated by the memory device 130 and the security server 140 from the secret (e.g., unique device secret 101) and the additional data exchanged through the client server 141. Optionally, the additional data may be protected by encryption performed using session key 263.

In some implementations, the replacement secret key is transmitted from memory device 130 to security server 140 in an encrypted form of ciphertext generated using session key 263.

FIG. 11 illustrates a method of virtualizing a smart card according to one embodiment. For example, the method of fig. 11 may be implemented in the system shown in fig. 6 having the security features of security server 140 and memory device 130 discussed above in connection with fig. 1-5 using the techniques of fig. 9 and 10.

At block 301, device identity data 211 representing the memory device 130 is generated by a logic circuit or controller enclosed in an integrated circuit package of the memory device 130 based at least in part on a root secret of the memory device 130.

For example, the memory device 130 may have a Physical Unclonable Function (PUF) to generate a root secret.

For example, the logic circuit or controller may include a cryptographic engine configured to perform cryptographic calculations without using a processor external to the integrated circuit package.

At block 303, the memory device 130 stores device identity data 211 in a first memory area of integrated circuit memory units formed on one or more integrated circuit dies enclosed within an integrated circuit package.

At block 305, the logic controls access to the first memory region based on the access control key 213.

At block 307, memory device 130 stores an enable instruction in a second memory area of the integrated circuit memory unit that is executable by endpoint 150 having memory device 130 as one of a plurality of components of endpoint 150.

For example, device identity data 211 may be calculated and/or updated based on a hash value resulting from applying a cryptographic hash function to boot instructions stored in a second memory region of memory device 130. Thus, device identity data 211 may lock not only the hardware of memory device 130, but also boot instructions (and/or other data, such as tracking data 215) stored in the memory device.

At block 309, the card profile 219 is written to an integrated circuit memory unit of the memory device 130 to emulate the functionality of a smart card based on the card profile 219.

For example, endpoint 150 may be configured, via memory device 130, to generate endpoint identity data 188 that represents the configuration of components of endpoint 150 at its startup time. The endpoint identity data 188 may be calculated using: device identity data 211, trace data 215 stored into memory device 130 during construction 233 of endpoint 150, and identification data of components of endpoint 150 that are located outside of the integrated circuit package of memory device 130.

For example, card profile 219 may be identified, generated, and/or assigned to endpoint 150 based on the authentication of endpoint identity data 188.

For example, card profile 219 may include a soft module (e.g., soft card module 243, authentication module 259) having instructions executable by a logic circuit or a processor of endpoint 150, or any combination thereof, to emulate the functionality of a smart card.

For example, a card profile 219 may be stored in the memory device 130 to emulate a Subscriber Identity Module (SIM) card typically used to authenticate a mobile phone when accessing a cellular communication network. For example, the card profile 219 may include an international mobile subscriber identity number 255 and an authentication key 257 associated with the international mobile subscriber identity number 255.

For example, when the endpoint 150 requests a cellular connection to the international mobile subscriber identity number 255, the mobile/cellular network operator may present a security challenge to authenticate the endpoint 150. In response, the card profile 219 may be used to generate a response to the security challenge by signing a message with a random number using authentication key 257 to prove that the endpoint is in possession of authentication key 257. For example, a message with a random number may be signed using authentication key 257. The response to the security challenge may include a portion of the digital signature for authentication; another portion of the digital signature may be used as a symmetric encryption key for encrypting a communication session associated with the cellular connection.

FIG. 12 illustrates a method of providing security services based on security features of a memory device, according to one embodiment. For example, the method of fig. 12 may be implemented in the computing system of fig. 1 using the techniques of fig. 9 and 10 based on the security features of memory device 130 discussed above in connection with fig. 1-5.

At block 321, security server 140 receives a request (e.g., 173 and/or 281) from client server 141. The request contains identity data 113 of the memory device 130 with the access controller 109.

At block 323, the security server 140 determines the authenticity of the memory device 130 based on the secret of the memory device 130 and the identity data 113.

For example, the secret may be the only device secret 101 that is not transferred outside of the memory device 130 after the manufacture of the memory device 130 is completed in the secure facility. The identity data 113 is based on a secret key 137 generated based at least in part on the unique device secret 101. During manufacture of the memory device in the secure facility, the secret is registered in the secure server 140 to generate the encryption key 106 that verifies the identity data 113 based at least in part on the secret. The encryption key 106 used to verify the identity data 113 may be further generated based on data 125 received from the host system 120 during a boot time of the host system 120 of the memory device 130. After the manufacture of memory device 130 is completed in the secure facility, memory device 130 may be assembled into endpoint 150 of host system 120 having host interface 147 connected to memory device 130. At least a portion of the instructions configured to be executed in processing device 118 of host system 120 are stored in memory device 130.

At block 325, the secure server 140 generates the verification code 153 for the command 155.

For example, upon determining that the client server 141 has the authority to execute the command 155 in the memory device 130 based on the client authority data 283 stored in the security server 140, the verification code 153 may be generated for the client server 141 and provided in the response 174 based on the authority 153.

For example, upon determining that memory device 130 is in an endpoint 150 that has reported lost or stolen, an authentication code 153 may be generated for a command 155 to deactivate memory device 130.

At block 327, the security server 140 transmits a response 174 containing the verification code 153 to the client server 141.

For example, response 174 may be based on determining that memory device 130 has a secret when identity data 113 contains passcode 133 that was generated using the secret.

At block 329, client server 141 transmits command 155 and authentication code 153 to memory device 130.

At block 331, access controller 109 of memory device 130 verifies authentication code 153 to determine whether to prevent execution of command 155 in memory device 130.

For example, when executed in memory device 130, command 155 changes access control key 149 for use by access controller 109 to verify a verification code (e.g., 153) generated using encryption key 145, which represents the authority to execute one or more commands in memory device 130.

For example, when executed in memory device 130, command 155 causes the setting of the security features of memory device 130 to change. For example, the change may include activation of a security feature of memory device 130 or deactivation of a security feature.

For example, after endpoint 150 containing memory device 130 has reported lost or stolen, when executed in memory device 130, command 155 causes memory device 130 to disable the boot loader stored in memory device 130.

For example, when executed in memory device 130, command 155 causes access controller 116 to block access to one or more sections of memory cells 103 in memory device 130.

For example, when executed in memory device 130, command 155 causes memory device 130 to clear the decryption key for the data stored in memory device 130.

For example, when executed in memory device 130, command 155 causes memory device 130 to irreversibly destroy at least one aspect of memory device 130.

For example, based on the verification of the identity data 113, the session key 263 may be established and known between the secure server 140 and the memory device 130 without the need to transfer the session key 263 over the connection between the secure server 140 and the memory device 130. The access control key 149 used by the access controller 109 to authenticate the authentication code 153 of the command 155 may be based on the session key 263.

Optionally, security server 140 may cause commands 155 and authentication codes 153 to be transmitted to memory device 130 based on instructions loaded from memory device 130 and executed in host system 120.

Figure 13 illustrates a method of logging into an endpoint of a service of an account subscription, according to one embodiment. For example, the method of fig. 13 may be implemented in the computing system of fig. 1 using the techniques of fig. 9 and 10 based on the security features of memory device 130 discussed above in connection with fig. 1-5.

At block 341, the server system receives a request (e.g., 171 and/or 173) associated with a service from endpoint 150. The service is provided via a computer network (e.g., network 110) that serves multiple subscribers represented by different accounts. The request includes identity data 113 generated by memory device 130 configured in endpoint 150.

For example, the server system may include the security server 140 and/or the card server 223. Optionally, the server system may further include a client server 141 in communication with the security server 140.

For example, the service may be a cellular connection service, a payment card service, a video surveillance service, a cloud-based storage or computing service, and so forth.

At block 343, the server system determines the authenticity of the endpoint 150 in response to the request and based on the secret of the memory device 130 and the identity data 113. For example, the operations in block 343 may be performed in a manner similar to the operations performed in block 323.

At block 345, a subscriber is identified among the plurality of subscribers based on the ownership data of endpoint 150 based on the identity data 113.

For example, during manufacture of endpoint 150 in the facility of the manufacturer of the endpoint (e.g., 150), memory device 130 is connected to host system 120; and installs the software package for the operation of endpoint 150 in memory device 130. The endpoint 150 is tested. In the endpoint registration 235, the memory device 130 is configured to generate a key 137, the key 137 representing not only the memory device 130 with the unique device secret 101, but also the endpoint 150 with the memory device 130, the memory device 130 having data 123 in the memory unit 103 and data 125 from the host system 120 at boot time.

When the endpoint 150 is transferred from the manufacturer to the dealer and end user or subscriber, data associating the public identification of the endpoint 150 with the identity of the subscriber is stored in the server system. The ownership data may be stored in the server system without physically operating the endpoint 150 (e.g., without opening an enclosure that was manufactured from the endpoint 150 to enclose the endpoint 150). For example, the common identification of the endpoint 150 may include a unique identification 111 of the endpoint 150 and/or data 127 identifying the make, model, and serial number of the endpoint 150 as known by the manufacturer of the endpoint 150.

When a subscriber opens an account for a service provided to endpoint 150, the identity of the subscriber may be associated with the account.

For example, client rights data 283 may include ownership data for endpoint 150 and/or subscriber data that exposes subscriber accounts.

At block 347, an account of the identified subscriber is determined in response to the request received in block 341.

For example, an account may be identified by matching a subscriber identity associated with the identity data 113 in the ownership data with a subscriber identity associated with the account in the subscriber data.

At block 349, the server system causes the service to be provided to endpoint 150 based on the account.

In some embodiments, the client rights data 283 stored in the security server 140 indicates an association between the identity data 113 of the subscriber and the account. Thus, during verification of the authenticity of the endpoint 150 based on the received identity data 113, the account may be identified from the client rights data 283.

In an alternative embodiment, the client rights data 283 stored in the security server 140 indicates the association between the identity data 113 and the identity of the subscriber as owner. Thus, during the verification of the authenticity of the endpoint 150 based on the received identity data 113, the subscriber may be identified from the client rights data 283. Another server, such as client server 141 or card server 223, stores the subscriber data to identify an account based on the subscriber identified by security server 140.

Using the method of fig. 13, services of an account subscription may be provided/directed to endpoint 150 without having to customize endpoint 150 itself for the subscriber and/or the subscriber's account. For example, a subscriber may simply open a package enclosing endpoint 150 during manufacture of endpoint 150 and use endpoint 150 to access services subscribed to by a subscriber account without inserting a card (e.g., a SIM card) to identify the subscriber or account and/or without interacting with an application or utility running in endpoint 150 to identify the subscriber or account.

For example, after manufacture of the endpoint 150, the endpoint 150 has no customization for the subscriber nor the account prior to the request received in block 341. Endpoint 150 is made available to any one of a plurality of subscribers. In response to the request received in block 341, endpoint 150 automatically links to a particular account of the subscriber obtaining the service.

For example, endpoint 150 does not contain hardware components inserted into endpoint 150 to represent a subscriber, an account, or any combination thereof, before and/or after receiving service for a subscriber account.

For example, at least prior to the request received in block 341, endpoint 150 does not contain data stored into endpoint 150 to represent a subscriber, an account, or any combination thereof.

For example, at least prior to the request received in block 341, endpoint 150 does not have an indication of a subscriber, account, or any combination thereof, and does not have ownership data for endpoint 150; and the ownership data is stored in the server system and not in the endpoint 150.

Optionally, in response to the request received in block 341, the server system and/or endpoint 150 may store an association of identity data of endpoint 150 with a subscriber account.

For example, the security server 140 may generate the authentication code 153 for the command 155 using the encryption key 145. The server system may cause memory device 130 to receive command 155 and authentication code 153. Prior to executing command 155 in memory device 130, access controller 109 of memory device 130 is configured to validate authentication code 153 based on access control key 149. Optionally, the access control key 149 and encryption key 145 may be based on a session key established in the manner discussed in fig. 9.

When executed in memory device 130, commands 155 cause memory device 130 to store additional data identifying the account. For example, the additional data may be part of the device information 121 used to generate the secret key 137 when generating the updated identity data 113. For example, the additional data is included in data 127 of message 131 in updated identity data 113, updated identity data 113 being generated by memory device 130 after execution of the command. For example, the additional data may include a card profile 219 identifying a subscriber account.

Alternatively, data associating the identity data 113 of the memory device 130 and/or the endpoint 150 may be stored in the server system (e.g., as part of the client rights data 283 and/or the card profile 219) without changing the secret key 137 used to sign the identity data 113.

Since no operations need to be performed on the endpoint 150 to direct the services of the subscriber's account to the endpoint 150, the endpoint 150 may be configured as a cellular connection capable IoT device without requiring a user interface for its customization to receive cellular connection services. For example, endpoint 150 may be configured without a slot for inserting a card to identify a subscriber. For example, endpoint 150 may be configured without a user interface for receiving input from an end user to identify a subscriber.

In some embodiments, endpoint 150 has a general purpose hardware configuration that can run different firmware to provide different functionality. Additionally, updated versions of firmware may be installed in endpoints 150 to correct bugs or errors in endpoints 150 running previous versions of firmware to improve performance and/or provide new functionality. Optionally, a firmware application may be run on the base version of firmware to add functions, features, and/or services.

For example, different client servers 141, …, 143 may provide different services using the same hardware of endpoint 150 running different firmware. For example, the different client servers 141, …, 143 may provide similar services using the same hardware of endpoint 150, but perform different processes implemented using different firmware.

After the endpoint 150 is assembled and shipped to an end user or subscriber by installing different firmware, the endpoint 150 may be customized for different client servers 141, …, 143.

For example, an online firmware store may be configured on the communication network 110 to allow an end user to purchase a version of firmware. Installing the selected version of firmware may or may not include installing a firmware application that runs using the baseline version of firmware. After installation of the selected version of firmware, endpoint 150 is customized to be different in at least one respect from endpoint 150 running the previous firmware.

In some cases, the updated firmware represents services of endpoint 150 requested by a user of endpoint 150. The services of endpoint 150 may or may not be dependent on services provided by a client server or service provider.

The functionality of endpoint 150 may be defined, at least in part, by its firmware. For example, when endpoint 150 runs a version of firmware, endpoint 150 may provide a function to a user of endpoint 150; and endpoint 150 may provide different functionality to a user of endpoint 150 when endpoint 150 runs another version of firmware.

For example, different third party service providers may provide software/firmware solutions for IoT devices based on a common general hardware platform. For example, firmware provided in an online store may be programmed to enable a generic IoT device to cooperate with a third party server to provide a particular type of service. Optionally, a firmware application provided in the online store may run on a generic version of firmware and provide a specific type of service using the basic services provided by the generic firmware. The combination of the baseline version of firmware and the firmware application may be considered an enhanced version of firmware. When the baseline version of firmware for different endpoint hardware platforms provides standardized services, the firmware application may be device independent and support a class of IoT devices from different vendors. Alternatively, the firmware application may be device dependent and use different hardware capabilities of different vendors.

The security server 140 may be coupled to an online firmware store to provide firmware updates to endpoints (e.g., 150) in response to verifying the authenticity of the endpoints.

For example, when endpoint 150 initially connects to client server 141, client server 141 communicates with security server 140 to verify the identity and/or authenticity of endpoint 150. The owner of endpoint 150 may be determined during the verification process. After the subscription service of endpoint 150 is identified, the associated firmware application may be downloaded from an online firmware store and installed into endpoint 150 via over-the-air (OTA) updates.

For example, secure server 140 may generate an authentication code 153 for command 155 to install a firmware application into memory device 130. After executing command 155, the firmware application becomes part of data 123 stored in memory unit 103 of memory device 130 and serves as part of device information 121 in generating updated secret key 137 for updated identity data 113 of memory device 130 and endpoint 150.

Subsequently, when an update of the firmware application exists in the online firmware store, an outdated firmware application in endpoint 150 may be detected during verification of identity data 113; and security server 140 may initiate over-the-air (OTA) updates for endpoints 150 to reduce security risks.

For example, an online service store may provide cloud-based services, such as internet of things (IoT) devices, provided via endpoints (e.g., 150). The same endpoint 150 may be customized via firmware updates used with different service providers that may operate different client servers 141, …, 143.

For example, a user of endpoint 150 may visit an online store to subscribe to services of a service provider, change subscribed services, and/or move subscriptions from one service provider to another service provider. Subscriptions subscribed by a user for endpoint 150 may be tracked as part of client rights data 283 associated with the identity of endpoint 150. When security server 140 verifies identity data 113 of endpoint 150, security server 140 may check whether endpoint 150 requires a firmware update for subscribing to the service and/or replacing an outdated version of firmware. If so, the security server 140 may customize and/or update the firmware update to the endpoint 150 via the online store before the endpoint 150 receives the subscribed services from the service provider. Optionally, the security server 140 communicates with the endpoint 150 to direct the endpoint 150 to the service provider's current client server 141. Instead, the updated firmware connects the endpoint 150 to the service provider's current client server 141.

In general, the security server 140 may be connected to or include an online service store and/or an online firmware store. The server system may have a security server 140, an online service store, and/or an online firmware store. The server system may track accounts for subscribing to services of different service providers and track firmware customizations selected/purchased by users of endpoints (e.g., 150).

An account of a user of endpoint 150 and a service provider subscribed for endpoint 150 may be tracked using the identity of the user and associated with the identity of the user as the owner of endpoint 150 for automatic firmware updates. Through correlation, firmware and/or service selections made by a user in an online service store and/or online firmware store may be mapped to the user's endpoint 150. Alternatively, a user of endpoint 150 may explicitly select firmware and/or services for endpoint 150 using a public identification of endpoint 150 as part of identity data 113 of endpoint 150.

In some embodiments, endpoint 150 initially connects to security server 140 for the service. The security server 140 may identify the current provider of the subscription service registered in the online service store based on the client rights data 283. After verifying the authenticity of the endpoint 150 and determining the service provider, the security server 140 configures the firmware of the endpoint 150 for the service provider (e.g., using an online firmware store) and directs the endpoint 150 to the service provider's client server (e.g., 141, …, or 143). Thus, endpoint 150 may seamlessly provide services ordered from an online service store with minimal user effort.

FIG. 14 illustrates an endpoint customization technique using an online firmware store, according to one embodiment. For example, the technique of fig. 14 may be implemented in the computing systems of fig. 1 and/or 6 with the security services and features discussed with reference to fig. 1-5. The technique of fig. 14 may be used in combination with the techniques of fig. 9 through 13.

In fig. 14, an online firmware store 170 is configured to facilitate selection of firmware and/or firmware applications for endpoint (e.g., 150) customization and/or updating, and verification of the identity of the endpoint (e.g., 150) by the security server 140.

Endpoint 150 has a set of hardware including host system 120 and memory device 130 with security features. The functions of endpoint 150 may be defined, customized, and updated by firmware 363 stored in memory device 130 and executing in host system 120 of endpoint 150.

The manufacturer of the endpoint 150 may install a baseline version of firmware 363 that is programmed to allow the endpoint 150 to generate and submit identity data 113 for verification by the security server 140. The baseline version of firmware 363 is further configured to facilitate updating of the firmware via the firmware store 170 and verification of the identity data 113 by the security server 140.

In general, a firmware update for endpoint 150 may be to replace the entire firmware 363 executing in host system 120, or to add and/or replace one or more firmware applications (e.g., applications 367, …, 369).

Endpoint platform 361 may be used to represent a type of endpoint hardware. Each endpoint (e.g., 150) in the category may run a different version of firmware (e.g., 363, …, 365) to provide different functions and/or services.

In some embodiments, firmware 363 may be customized via one or more firmware applications (e.g., applications 367, …, 369). For example, endpoint 150 running firmware 363 may further run optional applications (e.g., applications 367, …, or 369) to provide new functionality not present in firmware 363, to disable existing functionality in firmware 363, to change or customize existing functionality in firmware 363, and so forth.

For example, when a firmware application (e.g., application 367) is run on firmware 363 in endpoint 150, endpoint 150 is customized to communicate with a service provider's client server 141 to implement services or functions and/or receive services from the service provider. When another firmware application (e.g., application 369) runs on firmware 363 in endpoint 150, endpoint 150 is customized differently to communicate with another client server 143 of a different service provider to implement and/or receive alternative or similar services from the different service provider.

For example, firmware applications (e.g., application 367) may be programmed to implement a communication protocol specific to client server 141.

For example, a firmware application (e.g., application 367) may be programmed to perform new computing functions that generate new types of results.

For example, a firmware application (e.g., application 367) may be programmed to communicate with client server 141 to obtain services provided via client server 141. Examples of services of the client server 141 include computing resources of the client server 141 processing data of the endpoint 150, data storage facilities of the client server 141 for data generated by the endpoint 150, messaging facilities for notifications and/or alerts for one or more other devices associated with the endpoint 150, connections via the client server 141 and one or more other devices associated with the endpoint 150, internet access of the endpoint 150 via Wi-Fi access points, communication satellites, and/or communication connections or equipment controlled by the client server 141, and so forth.

In general, different service providers may provide different versions of firmware and/or different firmware applications to customize endpoints (e.g., 150) in the same endpoint platform 361. The endpoints in the platform 361 may be manufactured and/or assembled by the same manufacturer or different manufacturers.

Optionally, a baseline version of firmware (e.g., 363) may provide a standardized set of functions upon which firmware applications (e.g., applications 367, …, 369) may run. Thus, the same firmware application (e.g., application 367) may be installed to customize endpoints (e.g., 150) with different hardware configurations and/or different baseline versions of firmware (e.g., 363, …, 365). Alternatively, different firmware applications may be programmed for different baseline versions of firmware (e.g., 363, …, 365) running on endpoints with different hardware implementations to provide the same custom functionality of the respective endpoint and/or the same service of client server 141.

The use of firmware applications (e.g., applications 367, …, 369) may reduce the size of data to be downloaded from firmware store 170 to endpoint 150 when performing firmware updates. Alternatively, different sets of firmware functions may be implemented using different firmware (e.g., 363, …, 365) without the need for additional firmware applications. In general, a firmware update in endpoint 150 may involve replacing the entire existing firmware 363 or installing a firmware application (e.g., application 367).

Optionally, firmware store 170 is configured to allow a user of endpoint 150 to select and/or order 371 using computer 180 for customizing the firmware of endpoint 150. In some cases, the purchase of a selected version of firmware (e.g., 363) and/or firmware application (e.g., 367) represents a request for a certain service from a service provider and/or client server (e.g., 141). In response, firmware store 170 and/or security server 140 may store data indicating the required firmware configuration and/or requested services for endpoint 150. For example, the client rights data 283 may be updated to reflect firmware and/or service selections made using the user computer 180.

In general, user computer 180 may be distinct and separate from endpoint 150. Thus, there is no need for a hardware and/or software interface that is accessible to a user of endpoint 150 to customize endpoint 150 for use with an account and/or service provider. Optionally, some embodiments and/or categories of endpoint 150 may include a user interface that allows it to be used as a user computer 180 to order 371 firmware for endpoint 150.

For example, an owner or user of endpoint 150 may access online firmware store 170 using user computer 180 to order 371 firmware for endpoint 150 by selecting a firmware application (e.g., application 367), an alternate version of firmware, or a combination of an alternate version of firmware and a firmware application. The user's order may be identified as a service subscriber and/or endpoint 150 is identified as a pending device.

For example, endpoint 150 may be identified via a public identification of endpoint 150, such as a model number and serial number of endpoint 150, mobile equipment identity number 253, international mobile subscriber identity number 255, unique identification 111, and/or another identifier included in data 127 of identity data 113.

For example, the identity of the user or subscriber may be identified via an account identifier and/or a piece of personally identifiable information, such as an email address, telephone number, name and address, and so forth.

The security server 140 may verify 373 the identity data 113 submitted from the endpoint 150 and/or its memory device 130, as discussed above in connection with fig. 2, 5, and 9.

In general, identity data 113 may be submitted to security server 140 via a client server (e.g., 141 or 143), via firmware store 170, via another server or gateway, or without going through any of client servers 141, …, 143 and firmware store 170.

For example, endpoint 150 may be configured via existing firmware 363 to automatically access firmware store 170 and/or security server 140 for authentication, firmware updates, and/or service customization. Thus, identity data 113 may be submitted to security server 140 via firmware store 170 in some cases, and directly to security server 140 in other cases.

For example, when a server (e.g.,

client server

141 or 143, firmware store 170, or another server) receives identity data 113 of request 171 from endpoint 150, server (e.g., 141) provides identity data 113 to security server 140 in request 173 for verification. In response to such a request 173, the security server 140 may communicate with the firmware store 170 to identify 375 whether a firmware update exists for the endpoint 150. If so, the security server 140 may cause the firmware store 170 to update 377 the firmware of the endpoint 150. For example, after executing a firmware download to store a new version of firmware and/or firmware application (e.g., application 367) in memory device 130, command 155 signed using encryption key 145 is executed in memory device 130 to cause the new version of firmware and/or firmware application (e.g., application 367) to execute in memory device 130 and become part of the identity of memory device 130 and/or endpoint 150.

For example, firmware 363 may be initially installed in endpoint 150 (e.g., by the manufacturer of endpoint 150) to provide services via client server 141. After a new version of firmware 363 is provided in firmware store 170 for accessing the same services of client server 141, security server 140 may initiate installation of the new version in response to successful verification of identity data 113. Optionally, update 377 may be implemented via installation of a firmware application (e.g., application 367) running on existing firmware 363, or via installation of new firmware (e.g., 365).

For example, after a user of firmware 363 accesses firmware store 170 to order 371 an alternate version of firmware 365 to customize endpoint 150, firmware store 170 may update 377 the firmware of endpoint 150 according to order 371 when identity data 113 of endpoint 150 is successfully verified in secure server 140.

In some cases, endpoint 150 first accesses security server 140. After the security server 140 verifies 373 the identity of the endpoint 150, the security server 140 may communicate with the online firmware store 170 to identify 375 a firmware update for the endpoint 150.

In general, a firmware update may include installing a firmware application (e.g., application 367), replacing an existing firmware application with another firmware application, and/or installing new firmware 365.

After identifying a desirable firmware update, the firmware store 170 communicates with the endpoint 150 to update 377 the endpoint 150.

The access controller of memory device 130 is configured to require authentication of the authority requesting memory device 130 to execute command 155 to change the firmware stored in memory device 130.

For example, after data needed for a firmware update is stored into a section of memory device 130, command 155 may be sent to host interface 147 to perform the operation of the firmware update in memory device 130. The authority to execute command 155 in memory device 130 may be represented by encryption key 145. The encryption key 145 may be previously configured or generated in response to verifying the identity data 113 from the memory device 130 of the endpoint 150. For example, the encryption key 145 may be a session key 263 generated in a manner similar to fig. 9 based on verifying the authenticity of the endpoint 150; and the security server 140 may use the encryption key 145 to generate the commanded authentication code 153 for the firmware store 170 to update the endpoint 150. Alternatively, the security server 140 may provide the session key 263 and/or the encryption key 145 to the firmware store 170 to update 377 the firmware of the endpoint 150.

After a successful firmware update, the device information 121 used to generate the secret key 137 is updated to reflect the installed firmware and/or firmware application. For example, hash values 163 of installed firmware and/or firmware applications may be stored as part of device information 121 for verifying their integrity, as shown in FIG. 4. Subsequently, the identity data 113 generated by the memory device 130 of the endpoint 150 is based on the updated device information 121 and reflects the configuration of the endpoint 150 with the updated firmware functionality or configuration.

In some embodiments, firmware store 170 is part of a server system that implements security server 140. In another embodiment, firmware store 170 is hosted on a separate server computer.

In some embodiments, the update 377 of the firmware may be performed automatically based on the services subscribed to for endpoint 150, as discussed further below in connection with fig. 15.

FIG. 15 illustrates a technique for directing services to endpoints via an online service store, according to one embodiment. For example, the technique of FIG. 15 may be used in combination with the technique of FIG. 14.

In fig. 15, an online service store 190 is configured to facilitate selection of a service for an endpoint 150 from a plurality of services provided by one or more service providers (e.g., 381). Services of a service provider (e.g., 381) may be implemented via one or more endpoint platforms (e.g., 361, …, 362).

For example, a user of endpoint 150 may use computer 180 to access online service store 190 to order 391 services to service provider 381 using computer 180. The services provided by service provider 381 may be used with endpoints of multiple endpoint platforms (e.g., 361, …, 362). Endpoints (e.g., 150) in the endpoint platforms (e.g., 361, …, 362) run different firmware to obtain services of the service provider 381. The service store 190 has subscription data 387 that identifies the services and/or endpoints (e.g., 150) subscribed to by the subscriber.

For example, services provided by service providers 381 may be implemented via client server 141; and the subscription data 387 can identify servers that are connected to the endpoint to correspondingly receive the services subscribed to for the endpoint.

For example, endpoint 150 may be explicitly subscribed to services with reference to a public identification of endpoint 150, a model and serial number of endpoint 150, a mobile equipment identity number 253, an international mobile subscriber identity number 255, a unique identification 111, and/or another identifier included in data 127 of identity data 113.

Alternatively or in combination, the service may be ordered with reference to the identity of the user or subscriber, which may be identified by an account identifier and/or a piece of personally identifiable information, such as an email address, telephone number, name and address, and so forth.

As in fig. 14, user computer 180 is typically distinct and separate from endpoint 150. In some cases, endpoint 150 may include a user interface that allows it to function as a computer 180 in order to subscribe 391 service to endpoint 150.

When implicitly subscribing to services for endpoint 150, the identity of the subscriber may be used to determine the services of the subscriber's endpoint based on a match of the identity of the subscriber for subscribing to services with the identity of the owner of endpoint 150.

For example, to subscribe 391 to a service from service provider 381, a user (or a representative of the user) of endpoint 150 may access service store 190 to establish an account for subscribing to the service of service provider 381.

In response to a service being subscribed to or changed, or in response to the identity data 113 of endpoint 150 being verified, security server 140 and service store 190 may communicate with each other to identify 393 the service subscribed to for endpoint 150.

In response to the service request 171 from the endpoint 150, the security server 140 verifies 373 the identity data 113 of the endpoint 150 provided in the service request 171.

In general, the service request 171 may be initially received in a client server (e.g., 141 or 143) or in the service store 190 or firmware store 170 or directly in the security server 140.

After the security server 140 verifies 373 the identity and authenticity of the endpoint 150, the security server 140 may identify 393 the services subscribed to for the endpoint 150 based on the client rights data 283 stored in the security server 140 and/or based on the subscription data 387 in the service store 190.

Based on the identified service, the security server 140 may communicate with the firmware store 170 to identify 375 a firmware update of the endpoint 150. For example, endpoint 150 may be updated via replacing firmware or installing a firmware application (e.g., application 367) to customize endpoint 150 for the subscribed service. Firmware updates may be performed and protected in the manner discussed above in connection with fig. 14.

For example, endpoint 150 may be manufactured using a generic version of firmware 363, such firmware 363 being unable to receive services from service provider 381, being unaware of client server 141 with respect to services provided by service provider 381, and/or not implementing a communication protocol for communicating with client server 141. Firmware applications (e.g., application 367) may be installed to run on generic firmware 363 to customize endpoint 150 for services subscribed to endpoint 150. Once customized via a firmware application (e.g., application 367), endpoint 150 may receive services of service provider 381 from client server 141. For example, after installing a firmware application (e.g., application 367) to update 377 the firmware, endpoint 150 has knowledge about client server 141, communication capabilities to communicate with client server 141 according to the communication protocol used by client server 141, and processing routines for using services provided by client server 141.

For example, the services subscribed to for operation of the endpoint 150 may include computations performed by the client server 141 to process data of the endpoint 150, storing data generated by the endpoint 150 in the client server 141, sending notifications and/or alerts to one or more other devices associated with the endpoint 150, connecting the endpoint 150 to one or more other devices associated with the endpoint 150 via the client server 141, connecting the endpoint 150 to a computer network or the internet using a cellular base station, a Wi-Fi access point, a communications satellite, and/or a communications connection or apparatus controlled by the client server 141, and so forth.

Optionally, after firmware update 377, endpoint 150, via its firmware 363 and/or firmware applications (e.g., application 367), is configured to automatically access client server 141 to obtain subscribed services. Alternatively, security server 140 may redirect endpoint 150 to client server 141 to access 379 subscribed services after verifying identity data 113 of endpoint 150 with updated firmware.

In general, the service store 190 may be used by a user (or a representative of the user) to subscribe to the services of the service providers 381 for the endpoint 150, to change the subscribed services, and to move the subscription from one service provider 381 to another. Firmware 363 of endpoint 150 is automatically updated to support the currently subscribed services without requiring a user of endpoint 150 to operate endpoint 150 to customize endpoint 150 for the subscribed services.

FIG. 16 illustrates a firmware update method using a firmware store and a security server, according to one embodiment. For example, the method of fig. 16 may be implemented using the technique of fig. 14.

At block 401, the server system receives a request from an endpoint 150 with identity data 113 generated by a memory device 130 configured in the endpoint 150.

For example, the server system may include a secure server 140. Optionally, the server system may further include an online firmware store 170 and/or one or more client servers (e.g., 141, …, 143).

For example, the endpoint 150 may be in a state shipped from the endpoint (e.g., 150) manufacturer without being customized for a particular server and/or service provider.

At block 403, the server system determines the authenticity of the endpoint 150 in response to the request received in block 401 and based on the secret of the memory device 130 and the identity data 113. For example, the operations in block 403 may be performed in a manner similar to the operations performed in block 323 and/or block 343.

For example, identity data 113 contains a verification code 133 for message 131 presented in identity data 113. Security server 140 may verify that passcode 133 was generated using secret key 137 of memory device 130 and message 131 without the endpoint presenting secret key 137. The secret key 137 is generated using the unique device secret 101 of the memory device 130 and the device information 121 representing the software and hardware configuration of the endpoint 150.

At block 405, an update of the first firmware 363 is determined based on the online firmware store 170. The first firmware is stored in memory device 130 and executed in endpoint 150 to generate the request received in block 401.

For example, prior to receiving the request in block 401, the firmware store 170 may receive an order 391 for firmware for the endpoint 150. An order 391 may be made to customize the functionality of endpoint 150 using user computer 180 without going through endpoint 150. The order 391 received in the firmware store 170 may be used to identify 375 an update 377.

For example, the public identification of endpoint 150 may be used to identify order 391 for endpoint 150. Identity data 113 can contain the public identification in message 131 signed using secret key 137 to generate verification code 133 provided in identity data 113. After verifying that message 131 has not changed, security server 140 may instruct online firmware store 170 and/or endpoint 150 to update 377 firmware 363 of endpoint 150.

At block 407, in response to determining that endpoint 150 is authentic, the server system generates verification code 153 for command 155 executable in memory device 130 to perform the update.

At block 409, the server system provides the verification code 153 to execute the command 155 in the memory device 130 for a firmware update.

For example, in response to determining that the endpoint is authentic, security server 140 may communicate with online firmware store 170 to download data into memory device 130. When command 155 is executed in memory device 130, memory device 130 performs a firmware update using the data.

For example, the data downloaded to memory device 130 may include second firmware that, after executing command 155 for a firmware update, replaces the first firmware executed to generate the request received in block 401.

For example, the data downloaded to memory device 130 may include a firmware application (e.g., application 367) that runs with the first firmware executed to generate the request after executing command 155 for a firmware update. The combination of the firmware application (e.g., application 367) and the first firmware provides a second firmware for endpoint 150.

For example, after executing command 155 for a firmware update, endpoint 150 is configured via the second firmware to provide functionality not present in the endpoint running the first firmware prior to the update.

After executing command 155 for a firmware update, the second firmware may become part of the identity of memory device 130 and endpoint 150. For example, based on device information 121, memory device 130 is configured to generate a secret key 137 representing the identity of memory device 130 and endpoint 150. After executing command 155 to update 377 the firmware, device information 121 is updated to include hash value 163 of the second firmware stored as content 161 in memory unit 103. Subsequently, the memory device 130 is configured to generate the identity data 113 of the endpoint 150 using the encryption key generated based at least in part on the memory device's secret (e.g., the unique device secret 101) and the second firmware stored in the memory device 130.

FIG. 17 illustrates an endpoint customization method using a service store and a security server, according to one embodiment. For example, the method of fig. 17 may be implemented using the techniques of fig. 14 and 15.

At block 421, the server system receives a request from endpoint 150 with identity data 113 generated by memory device 130 configured in endpoint 150, similar to block 401.

For example, the server system may include the security server 140 and/or the service store 190.

At block 423, security server 140 verifies identity data 113 in response to the request received in block 421 and based on information about endpoint 150 stored in security server 140. Such information includes a secret of the memory device 130, such as the unique device secret 101. Such information may further include device information 121 representative of the software/hardware configuration of endpoint 150. Verification may be performed in the manner discussed above in connection with fig. 2.

In response to determining that the identity data 113 in the request received in block 421 is valid, at block 425 the server system identifies the service ordered for endpoint 150 in online service store 190.

At block 427, a client server 141 configured to provide a service is identified.

For example, the online service store 190 may receive an order 391 for the service of the endpoint 150 prior to receiving the request in block 421. The client server 141 may be identified based on the order 391.

For example, the order 391 may be received in the online service store 190 through the user computer 180 and thus not through the endpoint 150. The order 391 for the endpoint 150 may be identified/placed using the public identification of the endpoint 150. Identity data 113 may include public identification. Alternatively, the order 391 may be associated with the identity of the user that is the owner of the endpoint 150 in the client rights data 283 of the secure server.

At block 429, the server system directs the endpoint 150 to the client server 141.

For example, in response to determining that the identity data 113 in the request received in block 421 is valid, the server system may configure the endpoint 150 for the service ordered in the online service store 190.

For example, to configure endpoint 150 for a service, a server system may update the firmware of endpoint 150. For example, the firmware update may be performed in the manner discussed above in connection with fig. 14-16.

For example, endpoint 150 may not receive services from client server 141 until firmware update 377, and may not have knowledge of client server 141. For example, an endpoint 150 initially configured by the manufacturer of the endpoint (e.g., 150) is programmed to access the service store 190, the firmware store 170, the security server 140, or another gatekeeper, so that the endpoint 150 can be properly configured and/or updated for use without requiring the end user to customize the operation of the endpoint 150.

For example, after the firmware update 377, the second firmware is stored in the memory device 130 to replace the first firmware used to generate the request received in block 421. When endpoint 150 runs the second firmware, the endpoint has functionality that was not present in the endpoint running the first firmware prior to firmware update 377. For example, the second firmware may contain an identification of the client server 141 for directing the endpoint to access the client server 141 for the service ordered in the online service store 190. In a certain embodiment, the second firmware is a combination of the first firmware and the added firmware application. After firmware update 377, memory device 130 is configured to generate updated identity data 113 for endpoint 150 using secret key 137 generated based at least in part on the secret (e.g., unique device secret 101) and the second firmware stored in memory device 130.

Optionally, to configure endpoint 150 for a service subscribed in service store 190, the server system identifies an account for subscribing to the service for endpoint 150. Memory device 130 is configured to store an identifier for the account and include the identifier in updated identity data 113 as part of message 131.

For example, to perform the firmware update 377, the server system may generate the authentication code 153 for the command 155 using the encryption key 145 that represents the authority to execute the command 155 in the memory device 130. When executed in memory device 130, command 155 causes the first firmware to be replaced with the second firmware. After memory device 130 receives command 155 and authentication code 153, memory device 130 verifies authentication code 153 for the rights before executing command 155.

Security server 140 may be used not only to verify the identity of endpoint 150 based on the security features of memory device 130 configured in endpoint 150, but may also be used to monitor the integrity of packets stored in memory device 130 and/or endpoint 150. For example, a package stored in endpoint 150 may be at least a portion of a boot loader, firmware, software, a module, an operating system or application, a set of files that specify resources, configuration parameters, and/or other data for a program or routine, and so forth. When a packet is found to be corrupted, modified, tampered with, or outdated, security server 140 may initiate an over-the-air (OTA) update to maintain the integrity of endpoint 150.

Memory device 130 may store content 161 in memory unit 103 and separately store hash value 163 as part of device information 121, as shown in FIG. 4. When the current hash value calculated from content 161 stored in memory unit 103 does not match expected hash value 163 stored as part of device information 121, memory device 130 may detect the modification or corruption of content 161 and initiate content repair.

For example, content 161 may include a core package for endpoint 150. In verifying 373 the identity of the endpoint 150, the integrity of the core package may affect the operation of the endpoint 150 when communicating with the security server 140. An example of a core package may include at least a portion of the boot loader, firmware, and/or operating system of endpoint 150. When the core package is modified, damaged, or tampered with, the security of the operations of endpoint 150 performed for authentication may not be trusted. When integrity status 165 generated by encryption engine 107 indicates a core package change, access controller 109 may prevent host system 120 from accessing content 161 until the core package is repaired.

For example, memory device 130 may store a reliable backup copy of the core package in a separate section; and when the hash value of the core packet stored in content 161 in memory unit 103 is different from the corresponding hash value 163 of stored device information 121, memory device 130 may replace the core packet stored in memory unit 103 with the copy stored in the separate section. Optionally, execution of the replacement copy in endpoint 150 may be configured to begin a recovery process to obtain the latest version of the package from a trusted source (e.g., firmware store 170). Alternatively, the security server 140 may initiate the update (e.g., using the firmware store 170) after verifying the identity data 113 of the memory device 130 and/or the endpoint 150 submitted via the replacement copy.

Some packets stored in the memory unit 103 have no impact on the security of the initial operation of verifying 373 the endpoint's 150 identity data 113 and the subsequent operation of updating the endpoint 150. Thus, it is not necessary to store a recovered copy of such packets in memory device 130. Repair and/or update of such packages may be performed via the secure server 140. For example, when integrity status 165 indicates that a non-core packet has changed, access controller 109 may prevent host system 120 from accessing the corrupted or changed packet until endpoint 150 communicates with security server 140 to repair or recover the corrupted packet.

Optionally, data 127 provided in identity data 113 may include the current hash value of the packet in content 161 stored in memory unit 103. During the operation of verifying 373 the identity data 113 of the endpoint 150, the security server 140 may check the current hash value of the packet provided in the identity data 113. The security server 140 may initiate repair or restoration of the packet if the current hash value of the packet indicates that the packet has been changed, corrupted, or outdated.

Further, some packets of endpoint 150 may be stored in another device that does not have the security features of memory device 130. Executing the core packet in host system 120 may generate the current hash value of the packet as a health indicator of the packet. The health indicator may be provided as part of data 127 embedded in identity data 113 of endpoint 150 to allow secure server 140 to monitor the integrity of the packet.

In general, identity data 113 may include data indicating the health of packets in endpoint 150. As part of the operation of verifying 373 the identity data 113 of the endpoint 150, the security server 140 may determine whether any packages are to be repaired and/or updated. The repair or update may be performed before the security server 140 confirms the authenticity of the endpoint 150.

Further, in response to verifying 373 the identity data 113 of the endpoint 150 to access the services of the client servers (e.g., 141, …, 143), the security server 140 may be configured to track and/or monitor the activities of the endpoint 150 while accessing the services to perform further security operations.

For example, an owner or user of endpoint 150 may request that security server 140 track the activity of endpoint 150. Aspects of the activity of the endpoint 150 may be presented by the endpoint 150 and/or a client server (e.g., 141, …, 143) in the identity data 113 and/or the request 173 to verify the identity data 113.

For example, the information about tracked activity may include location information of endpoint 150 and/or the type of service requested by endpoint 150 via submission of identity data 113.

For example, to generate identity data 113 from a service of client server 141, endpoint 150 may include in message 131 of identity data 113 not only unique identification 111 of endpoint 150, but also a context and/or aspect of the service, such as the identification of client server 141, the location of endpoint 150, the date and time of the request, the category/type of service, parameters of the service, and so forth.

For example, when endpoint 150 sends a request 171 for a service to client server 141, client server 141 may provide security server 140 with not only identity data 113 for endpoint 150 in the request, but also information about request 171 for the service of client server 141.

For example, in response to request 171 from endpoint 150, client server 141 may estimate the location of endpoint 150 based on a wireless communication connection to one or more access points connected to client server 141 and provide the location and request 173 to security server 140 to authenticate identity data 113.

Optionally, the owner or user of endpoint 150 may access a portal of secure server 140 to view the tracked activity. For example, based on the tracked activity, an owner or user may determine whether endpoint 150 was stolen or lost based on one or more recent locations of endpoint 150.

Optionally, the parent may use the portal of the security server 140 to set parental control preferences to limit the activities of the endpoint 150; and security server 140 may enforce a restriction preference in conjunction with authenticating the identity of endpoint 150.

For example, the techniques of fig. 18 may be used with the computing systems of fig. 1 and/or 6 having the security services and features discussed with respect to fig. 1-5. The technique of fig. 18 may be used in combination with the techniques of fig. 9 through 17.

In fig. 18, endpoint 150 stores packet 167 with hash value 169. The packet 167 may be stored in memory device 130 having the security features discussed above, or in another memory device of endpoint 150 that may or may not have the security features of memory device 130. When packet 167 is stored in memory device 130, encryption engine 107 of memory device 130 may calculate hash value 169 of packet 167 without relying on processing device 118 of host system 120 in endpoint 150. When the packet 167 is stored outside of the memory device 130, the hash value 169 may be obtained by the processing device 118 of the host system 120 executing a routine that is stored in the memory device 130 and that has verified that it has not changed (e.g., as in FIG. 4).

In general, the packet 167 may include instructions and/or data, e.g., may be the same resource for a set of endpoints (e.g., 150), may be different configuration parameters for different endpoints (e.g., 150).

The hash value 169 of the packet 167 indicates the health of the packet 167.

In fig. 18, the secret key 137 used to generate the verification code 133 of the identity data 113 is independent of the hash value 169 of the package 167. To facilitate monitoring of the integrity of packet 167 by secure server 140, hash value 169 is provided as part of message 131 in identity data 113.

After security server 140 determines that identity data 113 is valid, security server 140 may extract hash value 169 provided in identity data 113 to determine whether packet 167 in endpoint 150 has changed and/or whether packet 167 is outdated.

For example, a healthy and up-to-date copy of package 167 may be stored in a server (e.g., secure server 140, firmware store 170, or another server) to facilitate repair or recovery of package 167 in endpoint 150. If the hash value 169 extracted from the identity data 113 is different from the hash value of the healthy and up-to-date copy, the security server 140 may initiate an update in a manner similar to the update 377 of the firmware 363 of the endpoint 150 discussed in connection with FIGS. 14-17.

The package 167 may be individualized for the endpoint 150. For example, when package 167 includes configuration parameters that are specific to endpoint 150 in platform 361 but not applicable to other endpoints in platform 361, a healthy copy of package 167 may be uploaded to a server (e.g., security server 140, firmware store 170, or another server) immediately upon successful configuration of package 167 in endpoint 150.

In some embodiments, the memory device 130 and/or the endpoint 150 may be configured to store hash values of the healthy individualized copies of the package 167. For example, the health hash value may be stored as part of the device information 121 used to create the secret key 137. Message 131 in identity data 113 may contain an indication of whether the current packet 167 is healthy, but does not have the current hash value 169 of packet 167.

To improve security and/or privacy protection, a healthy copy of the individualized package 167 may be uploaded and stored in encrypted form in the server using the encryption key of the memory device 130. To re-install the package 167 with a healthy copy, the memory device 130 decrypts the encrypted version using the corresponding secret encryption key of the memory device 130.

For example, upon successful configuration of an individualized package 167 in endpoint 150, endpoint 150 and/or memory device 130 may calculate a hash value of a healthy copy of individualized package 167 and encrypt individualized package 167 using public key 139. Endpoint 150 may submit hash values and encrypted packets 167 for storage in the server to facilitate monitoring and/or recovery. During recovery, the secret key 137 in the key pair 135 will be used to decrypt the encrypted packet. Optionally, the encryption engine 107 may generate a separate key pair to protect the individualized package 167.

Alternatively, a secret key may be used with symmetric encryption to protect the individualized bag 167. For example, a session key 263 generated during verification of the identity data 113 of the endpoint 150 upon successful configuration of the individualized package 167 in the endpoint 150 may be used to encrypt the individualized package 167 for transmission to and/or storage at a server (e.g., the secure server 140, the firmware store 170, or another server).

In fig. 18, identity data 113 includes not only the current hash value 169 of packet 167, but also activity information 177 identifying some aspect of the context in which identity data 113 is used. For example, activity information 177 may be generated by host system 120 executing or running a package (e.g., 167 or another package, such as firmware, an application, a routine).

For example, activity information 177 may contain the current location of endpoint 150 where identity data 113 was generated.

For example, activity information 177 may include a date and time of generation of identity data 113.

For example, activity information 177 may include an identification of client server 141 to which identity data 113 was submitted to request 171 for service.

For example, activity information 177 may include one or more attributes of the requested service, such as a category of the service, an identification of another party involved in the service, a quantity or volume involved in the service, and so forth.

For example, when submitting identity data 113 for a communication connection, the attributes may include an identification of the connection type, an indication of the connection, and so forth.

For example, when submitting identity data 113 for payment, the attributes may include an identification of the purchase category, the payee, the payment amount, and the like.

The activity information 177 may be used by the security server 140 to detect fraudulent activities, unauthorized use of endpoints, and enforce activity restrictions (e.g., as specified in parental control preferences), and so forth.

To improve security and/or privacy protection, activity information 177 can be included in message 131 in encrypted form. For example, session key 263 associated with the verification of identity data 113 may be used to generate a ciphertext of activity information 177; and upon successful verification of the authentication code 133 of the identity data 113, the secure server 140 may recover the activity information 177 from the ciphertext using the session key 263.

In fig. 19, the endpoint 150 stores a plurality of

packages

441, 443, …, 445. Some packets are stored in a memory device 130 having a security feature. Some packets may be stored outside of memory device 130.

Core package 441 stored in memory device 130 may be executed in processing device 118 of host system 120 connected to memory device 130 in endpoint 150. The package 441 controls the operation of the endpoint 150 when submitting the endpoint's 150 identity data 113 to the secure server 140 and for communicating with the package repository 191 to repair and/or update the

packages

441, 443, …, 445. For example, the package store 191 may contain the firmware store 170 of fig. 14 and 15.

The security features of memory device 130 ensure that endpoint 150 runs a valid version of package 441 to avoid tampering and/or corruption in the operations of verifying 373 endpoint 150's identity and repairing 385 the package.

For example, memory device 130 may store a backup version of core package 441 in a secure section of memory device 130. If the package 441 is found to have changed, the memory device 130 may replace the changed version of the package 441 with a backup version to at least protect the identity of the endpoint 150 that verifies 373 and repair 385 and/or update 377 the operation of the package.

After the endpoint 150 generates the identity data 113, the endpoint 150 executing the package 441 transmits the identity data 113 to the security server 140 for verification 373. For example, identity data 113 may be generated using the techniques of fig. 18.

The identity data 113 may include package health information 447, such as the current hash value of the

package

441, 443, …, 445, and/or an indication of whether any of the packages 443, …, 445 are corrupt based on comparing the current hash value of the healthy version of the respective package to the stored hash values.

Optionally, portions of message 131 may be provided using ciphertext generated by session key 263. For example, the encrypted portion of the message may include packet health information 447 and/or activity information 177. The session key 263 may be generated to be shared between the memory device 130 and the security server in the manner discussed with respect to fig. 9 and used to verify 373 the identity of the endpoint 150.

In general, identity data 113 may be transmitted from endpoint 150 to security server 140 directly via a communication connection or indirectly via an intermediate server (e.g., client server 141 in fig. 5, 9, or 10, firmware store 170 in fig. 14 or 15, service store 190 in fig. 15, or packet store 191 of fig. 19).

After verifying 373 the identity data 113, the secure server 140 may communicate with the package repository 191 to check 383 the integrity of the

packages

441, 443, …, 445 based on the package health information 447 provided in the identity data 113.

For example, the packet 441 may be valid in the endpoint 150. However, because the new version of the package 441 has been published in the package store 191, the package 441 may be outdated. Thus, updating package 441 may improve the security of the operation of endpoint 150 and the integrity of the system.

For example, a packet 443 or 445 may have changed in endpoint 150 and thus become corrupted. The health data 195 of the corresponding packet 193 in the repository 191 may be compared to the packet health information 447 provided in the identity data 113 to detect the change.

If a package (e.g., 441, 443, …, 445) is found to be out of date or corrupted, the security server 140 may instruct the endpoint 150 and/or the package repository 191 to repair 385 or update 377 the package.

Operations to repair 385 or update 377 the package may include secure server 140 generating an authentication code 153 for command 155 to write data into memory device 130. When a packet contains sensitive information (e.g., configuration parameters customized for endpoint 150), the replacement packet may be provided to memory device 130 using session key 263 or another secret key generated cipher text.

After repairing 385 or updating 377, endpoint 150 may submit update identity data 113. When the security server 140 determines that the identity data 113 is valid and that the package health information 447 in the identity data 113 indicates that the

packages

441, 443, …, 445 in the endpoint 150 are healthy and up-to-date, the security server 140 may authenticate the authenticity of the endpoint 150.

For example, the security operations of fig. 20 may be implemented using the security features of the memory devices discussed in connection with fig. 1-5 in connection with the techniques of fig. 9, 10, 14, 15, and/or 19 in connection with the systems of fig. 1 and/or 6.

In fig. 20, user computer 180 may be used to access activity tracker 451 to set preferences 455 and/or to examine tracked activity records 453 of endpoint 150 with unique identification 111.

As in fig. 14 and 15, user computer 180 is typically distinct and separate from endpoint 150. In some cases, endpoint 150 may include a user interface that allows it to function as computer 180 to set preferences 455 and/or check activity records 453.

Activity tracker 451 is coupled to security server 140 to store activity record 453 about the activity of endpoint 150, where identity data 113 of endpoint 150 is verified by security server 140.

Preferences 455 may include security settings for activities of endpoint 150. For example, security settings may be used to implement parental controls, detect fraudulent use of the endpoint 150, track the location of the endpoint 150, and so forth.

For example, reference 455 may identify a geographic region of endpoint 150. When endpoint 150 sends identity data 113 from a location outside of a geographic area, activity tracker 451 may generate a security alert to a registered owner or user of endpoint 150.

For example, the security alert may be transmitted to the owner or user's mobile device, an email address or phone number identified in the preferences, and/or an application running in the user computer 180, a personal media player, a mobile phone, a smart phone, and so forth.

For example, the preferences 455 may include a user-selected selection scheme associated with a predetermined condition specified in the preferences 455. When the activity associated with the submission of identity data 113 is eligible, the selected selection scheme causes the security server 140 and/or client server 141 to generate a denial of access response 172 to the corresponding access request 171. Alternatively or in combination, the selection scheme may trigger a security alert for contacts registered in preferences 455.

Endpoint 150 may transmit access request 171 to client server 141 to request a service. For example, a service may provide endpoint 150 with a cellular communication connection, an internet connection, a connection to user computer 180, an online storage facility, an online computing resource, and so on. For example, a service may include the processing of payments, transactions, messages, and the like.

Identity data 113 provided in access request 171 may include activity information 177, as shown in FIG. 18. Alternatively or in combination, the client server 141 may provide similar or separate activity information in the authentication request 173 transmitted to the security server 140. For example, client server 141 may specify access attribute 449 in authentication request 173. Access attribute 449 identifies some aspect of the current activity of endpoint 150 in which the identity of endpoint 150 is to be authenticated by security server 140. The client server 141 transmits an authentication request 173 to the security server 140, which verifies the identity data 113 to determine the authenticity of the identity of the endpoint 150.

After verifying 373 the identity data 113 provided in the authentication request 173, the security server 140 may generate an activity record 453 of the activity tracker 451. Activity record 453 can contain activity information 177 extracted from identity data 113 and/or access attributes 449 of the current activity of endpoint 150 extracted from authentication request 173.

Based on activity record 453, activity tracker 451 determines whether the current activity satisfies any of the conditions specified in preferences 455. If the condition in preferences 455 is satisfied, activity tracker 451 may perform a security operation to implement the selection scheme selected for the condition.

For example, the security operation may include a notification to a registered owner or user of endpoint 150.

For example, the security operation may include instructing security server 140 to provide authentication response 174 indicating security restrictions, security issues, unauthorized use of endpoint 150, and so on.

Optionally, activity tracker 451 may identify an activity pattern of endpoint 150 from records 453 of past activities.

For example, a pattern may include a geographic area or zone of endpoint 150 in which endpoint 150 has operated in the past. For example, a pattern may include a time period of a day or week during which endpoint 150 has not been active in the past. For example, a pattern may include a range of access attributes 449 of past activities of endpoint 150.

When the current activity deviates from the pattern, the activity tracker 451 may generate a notification and, optionally, cause the security server 140 and/or the client server 141 to deny the access request 171.

Optionally, security server 140 may examine activity information 177 provided in identity data 113 to detect security risks.

For example, the date and time and/or location specified in activity information 177 may be compared to corresponding information in access attribute 449 to detect a mismatch. A mismatch may be an indication that stolen identity data 113 is used or endpoint 150 is tampered with or otherwise not operating securely.

FIG. 21 illustrates a method for updating or repairing packets stored in an endpoint, according to one embodiment. For example, the method of fig. 21 may be implemented using the techniques of fig. 18 and 19.

At block 461, the server system receives from endpoint 150 identity data 113 generated by memory device 130 configured in endpoint 150.

For example, the server system may include a secure server 140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as the package store 191, the firmware store 170, and/or another server.

At block 463, security server 140 verifies the identity data based on information stored in security server 140 about endpoint 150, including the secret of memory device 130.

For example, the operations in block 463 may be performed in a manner similar to the operations performed in block 323, block 343, block 403, and/or block 423.

At block 465, the security server 140 extracts the health information 447 for the package (e.g., 167, 441, 443, …, 445) stored in the endpoint 150 from the authenticated identity data 113.

For example, the health information 447 may contain the current hash value 169 of the packet 167 stored in the endpoint 150. The secure server 140 may compare the current hash value 169 extracted from the identity data 113 with the hash value of the healthy, latest version of the package 167 stored in the server system (e.g., repository 191, firmware store 170).

For example, the receipt of identity data in block 461 may be the result of endpoint 150 executing packet 167 stored in endpoint 150. Packet 167 may include firmware 363 or at least a portion of the operating system of endpoint 150. The health information 447 may be used to determine if the package 167 is out of date.

In another example, the receipt of the identity data in block 461 may be the result of endpoint 150 executing the first package 441 stored in endpoint 150. The first packet 441 may include the firmware 363 or at least a portion of the operating system of the endpoint 150. The health information 447 may be used to determine whether a second packet (e.g., 443 or 445) is outdated, corrupted, or changed.

When a second package (e.g., 443 or 445) contains data that is customized for endpoint 150, the server system may obtain a copy of the second package (e.g., 443 or 445) when the second package (e.g., 443 or 445) in endpoint 150 is successfully configured. For example, the second packet (e.g., 443 or 445) may include one or more configuration parameters of endpoint 150. In response to successfully configuring the second packet (e.g., 443 or 445), the server system may receive a healthy version of the second packet (e.g., 443 or 445) from the endpoint 150. Subsequently, if the health information 447 extracted at block 465 indicates that the second packet (e.g., 443 or 445) needs to be repaired, the health version stored in the repository 191 may be used.

In some implementations, extracting health information 447 from identity data 113 includes decrypting a portion of message 131 provided in identity data 113 (e.g., using session key 263).

The identity data 113 comprises a first verification code 133. Security server 140 verifies identity data 113 by determining whether first verification code 133 was generated from message 131 and the secret of memory device 130. For example, the secret may be the unique device secret 101 and/or the secret key 137 of the memory device 130. After memory device 130 is assembled into endpoint 150, the secrets for memory device 130 are not transmitted outside of memory device 130.

At block 467, based at least in part on the health information 447, the security server 140 determines that the package stored in the endpoint 150 needs to be updated or repaired.

At block 469, security server 140 initiates operations to perform updates or repairs of packets stored in endpoint 150.

For example, to replace or repair a packet stored in memory device 130, security server 140 generates second authentication code 153 for command 155 using an encryption key that represents the authority to execute command 155 in memory device 130. For example, when executed in memory device 130, command 155 causes a packet (e.g., 441 or 443) in memory device 130 to be replaced.

In some implementations, to repair a packet 445 stored outside of memory device 130, a replacement of packet 445 is initially stored into memory device 130. After the memory device verifies the integrity of the replacement, the packet 445 may be replaced via execution of the instructions in the packet 441 loaded from the memory device 130. Optionally, a second verification code 153 may be generated to write the replacement into memory device 130 and/or to allow repair or replacement of packet 445 to be performed.

Fig. 22 illustrates a method of performing a security operation based on one or more activities of an endpoint, according to one embodiment. For example, the method of fig. 22 may be implemented using the techniques of fig. 18 and 20.

At block 481, the server system stores data representing one or more preferences 455 of the endpoint 150.

For example, the server system may include a secure server 140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as activity tracker 451, package store 191, firmware store 170, and/or another server.

At block 483, the server system receives an authentication request 173 containing identity data 113 generated by a memory device 130 configured in the endpoint 150.

At block 485, the server system determines that the identity data 113 is valid based at least in part on the secret of the memory device.

For example, the operations in block 485 may be performed in a manner similar to the operations performed in block 323, block 343, block 403, block 423, and/or block 463.

At block 487, the server system determines that the activity associated with identity data 113 satisfies the conditions specified for endpoint 150.

For example, the condition may be specified in preferences 455 of endpoint 150.

At block 489, upon providing the authentication response 174 in response to the authentication request 173, the server system performs a security operation associated with the condition.

For example, the security operation may include transmitting an alert or notification to a contact registered in the one or more references 455.

For example, the security operation may include identifying a security risk or restriction in the validation response 174. Optionally, in view of the secret key 137 of the memory device 130 and the message 131 provided in the identity data 113, the security server 140 may provide a verification response 174 that does not confirm the authenticity of the endpoint 150 even when the identity data 113 has a valid passcode 133. When the activity associated with identity data 113 satisfies the condition, authentication response 174 may be configured to cause the client server to reject request 171 for service to endpoint 150 identified by identity data 113.

The conditions may be evaluated for activity based on activity information 177 embedded in identity data 113 by memory device 130 and/or access attributes 449 provided in authentication request 173 by client server 141.

For example, after the security server 140 determines that the verification code 133 in the identity data 113 is valid, the security server 140 may trust that the activity information 177 embedded in the identity data 113 has not changed after the verification code 133 was generated by the memory device 130. Thus, activity information 177 can be extracted from identity data 113 to evaluate conditions. Optionally, activity information 177 may be provided in the message in the form of ciphertext to be decrypted using session key 263 or another secret encryption key of memory device 130 generated in the manner discussed in fig. 9.

Alternatively or in combination, the security server 140 may extract the access attribute 449 from the authentication request 173. For example, after client server 141 receives access request 171 for a service provided by client server 141, client server 141 may generate authentication request 173 to security server 140. Authentication request 173 is generated to include identity data 113 from access request 171. Further, in the context of requesting the services of client server 141, client server 141 may add access attribute 449 to provide information about the activities of endpoint 150.

For example, a condition may include a mismatch of activity information 177 and access attribute 449; and a mismatch may trigger a denial of access request 171 and/or a denial of identity data 113 in authentication response 174 even when identity data 113 has a valid passcode 133.

In some implementations, the server system communicates with the user computer 180 to receive data representing the one or more preferences 455 of the endpoint 150.

Alternatively or in combination, the server system may infer preferences 455 from records 453 of past activities.

For example, activity tracker 451 of the server system may store a plurality of records 453 of the activities of endpoint 150. Based on the plurality of records 453, activity tracker 451 may determine an activity pattern of endpoint 150. The pattern may include a geographic area, a time period of a day or week, or a range of activity attributes, or any combination thereof. The conditions that trigger the safe operation of block 489 may be met by out-of-mode activity.

Optionally, activity tracker 451 may present the activities of endpoint 150 to the owner or authorized user of endpoint 150 based on record 453. For example, based on a review of past activities, an owner or authorized user may specify conditions under which parental controls, access restrictions, and the like are implemented.

The identity of endpoint 150 authenticated by security server 140 may be dynamically associated with the subscription account represented by the account identifier to receive services provided to the account by client server 141. When an endpoint 150 is not using a service, the association between the identity of the endpoint 150 and the subscription account may be removed to allow another endpoint to use the subscription account. Thus, a group of endpoints (e.g., 150) may be configured to share subscription accounts and use the subscription accounts one at a time.

For example, a group of endpoints may be configured to make a cellular connection using the services of client server 141. Traditionally, a Subscriber Identity Module (SIM) card would be used to represent the subscriber/subscription account. The group of endpoints may use the subscription account represented by the SIM card by physically installing the SIM card in one endpoint in the group at a time. To enable another endpoint in the group to use the subscription account, the SIM card will be physically moved from one endpoint to the other.

The system as discussed above in connection with fig. 6 allows attachment to an endpoint (e.g., 150) through virtual card registration 237 using a virtual subscriber identity module (vSIM) and based on authentication or endpoint authentication 239 performed using the security server 140. The system of fig. 6 may be further configured to disassociate an endpoint (e.g., 150) from a card profile 219 representative of a subscription account, such that virtual card registration 237 may be performed for use of the subscription account by another endpoint.

For example, a subscription service (e.g., a cellular connection) provided to a subscription account may be shared among a group of endpoints owned by an enterprise (or another entity). Endpoints (e.g., 150) in this group may not need the services of the account at the same time. Thus, it may be advantageous to configure endpoints in this group to share one or more subscription accounts. When more than one subscription account is configured to be shared by a group of endpoints (e.g., internet of things (IoT) devices), a small portion of the group may use the services of the subscription accounts at the same time.

For example, the server system may be configured to track the current usage state of endpoints in a community. An endpoint may dynamically bind to a subscription account when the endpoint communicates with a client server to request a service. The subscription account may be released from the endpoint when the endpoint is not using the service. When the number of endpoints that are using the services provided to the subscription account is greater than the number of subscription accounts that can be shared, active endpoints may use the services of the account at the same time. When a subscription account is currently bound to and being used by a portion of the community, requests for services from another endpoint may be denied until one of the subscription accounts is not used and thus becomes available for sharing.

For example, in response to an enterprise's internet of things (IoT) device requesting a cellular connection, a virtual subscriber identity module (vSIM) may bind to the IoT device. The cellular connection may be disconnected when the cellular connection is idle for a period of time longer than a threshold; and a virtual subscriber identity module (vSIM) may be released from the IoT device and available to bind with another IoT device of the enterprise. Thus, an enterprise may subscribe to a reduced number of vsims; and when these vSIMs are all in use, a request for a cellular connection from another device may be on hold until one of the connections is broken and the vSIM is released for allocation to the on-hold device.

Optionally, the security server 140 may be configured to suppress and/or schedule forwarding of connection requests to manage the use of a limited number of subscribed cellular connections.

In fig. 23 and 24, the service store 190 has subscription data 387 that associates the endpoint group 501 with the subscriber group 503.

The endpoint group 501 has a plurality of unique identifications 111, …, 112. Each of the unique identifications (e.g., 111) represents a memory device (e.g., 130) installed in a respective endpoint (e.g., 150) of the set of endpoints.

The subscriber group 503 has one or more subscriber identity numbers (e.g., 505). Each subscriber identity number (e.g., 505) in subscriber group 503 represents a subscriber of the services of client server 141. For example, each subscriber identity number (e.g., 505) may be used to identify a unique subscription account for one subscriber at a time.

For example, subscriber identity number 505 may be used to represent a unique subscriber in the same manner that a Subscriber Identification Module (SIM) represents a subscriber in a cellular communication network.

When the SIM card is inserted in the cellular phone, a communication with the subscriber is connected to the cellular phone; and the cell phone has the service in the subscriber account. When the SIM card is inserted into an alternate cellular telephone, the communication with the subscriber connects to the alternate cellular telephone that currently has the SIM card.

Similarly, when subscriber identity number 505 is associated with unique identification 111, the service provided to the subscriber account represented by subscriber identity number 505 is provided to endpoint 150 having unique identification 111. When subscriber identity number 505 is associated with alternate unique identification 112, the service provided to the subscriber account represented by subscriber identity number 505 is provided to the alternate endpoint with unique identification 112.

In fig. 23, the security server 140 is configured to dynamically link the subscriber identity number 505 in the subscriber group 503 and the unique identification 111 in the endpoint group 501.

For example, in response to an authentication request 173 from client server 141 with identity data 113, security server 140 may determine whether identity data 113 has a valid authentication code 133 for memory device 130 with unique identification 111. If the identity data 113 is valid, the security server 140 may determine whether the subscriber group 503 currently has a subscriber identity number 505 that is free for use by the memory device 130 and/or endpoint 150 having the unique identification 111. If so, the security server 140 may provide a verification response 174 confirming the authenticity of the identity data 113 and its association with the subscriber identity number 505. In response, client server 141 may provide the service to endpoint 150 that is provided to the account identified by subscriber identity number 505.

In some implementations, if no subscriber identity number 505 is currently available to endpoint 150 in subscriber group 503, authentication response 174 does not recognize the subscriber identity number of identity data 113, which may cause client server 141 to deny the service request from endpoint 150.

Authentication request 173 in fig. 23 may include an access attribute 449 indicating a requested time period for associating unique identification 111 identified in identity data 113 with a subscriber identity number (e.g., 505) available to endpoint 150 having unique identification 111.

In some embodiments, the system is configured to associate unique identification 111 with subscriber identity number 505 within a predetermined time period after verification response 174 identifying unique identification 111 and/or subscriber identity number 505 of identity data 113. After the predetermined period of time, the service store 190 removes the assignment of the subscriber identity number 505 to the unique identification 111 so that the subscriber identity number 505 is available to another endpoint in the endpoint group 501 having a different unique identification (e.g., 112). After the predetermined period of time, client server 141 does not provide the service provided to the account represented by subscriber identity number 505 to any of the endpoints (e.g., 150) in the group of endpoints 501 having unique identifications 111, …, 112 until another verification response 174 is received from security server 140 that associates subscriber identity number 505 with one of the unique identifications 111, …, 112 in the group of endpoints 501.

When endpoints with unique identifications 111, …, 112 compete for use of subscriber identity numbers (e.g., 505) in subscriber group 503, service store 190 may control allocation of use of subscriber identity numbers (e.g., 505) in subscriber group 503.

For example, the service store 190 may track endpoints in the group 501 that have denied access requests because there is no available subscriber identity number 505, and prioritize subsequent allocations of available subscriber identity numbers 505 based on the tracked priorities.

For example, when subscriber identity number 505 is available, service store 190 may open a time window in which access requests from different endpoints may be received; when multiple access requests of the group 501 are received, the endpoint with the earliest request rejected before the time window may have the highest priority to get an opportunity to use the subscriber identity number 505.

In some implementations, endpoints in the endpoint group 501 with unique identifications 111, …, 112 may compete for opportunities to use subscriber identity numbers (e.g., 505) in the subscriber group 503 based on one or more predefined rules. For example, after receiving a denial of service request, an endpoint (e.g., 150) may wait a random period of time for a subsequent request to be made. By denying the randomness of the waiting period after, opportunities to gain access to services using the subscriber group 503 may be assigned to endpoints that need services.

In some embodiments, endpoint 150, which is temporarily assigned subscriber identity number 505, may notify client server 141 and/or security server 140 to release subscriber identity number 505 from the assignment to endpoint 150. For example, after endpoint 150 completes a communication using the service provided to subscriber identity number 505, endpoint 150 may return subscriber identity number 505 to the pool of subscriber identity numbers in group 503, which may be assigned to and/or used by another endpoint in group 501 having unique identification 112.

In some implementations, the system can track active activity of endpoint 150 using subscriber identity number 505. After the inactive period, the service shop 190 may remove the assignment of the subscriber identity number 505 from the unique identification 111.

Fig. 23 shows a configuration in which the assignment of a subscriber identity number 505 to a unique identification 111 is controlled by the security server 140 in conjunction with an authentication request 173 and/or an authentication response 174. Alternatively and/or in combination, the client server 141 may connect to the service store 190 to implement the assignment and/or provide the service using the assignment, as shown in FIG. 24.

In FIG. 24, a client server 141 is coupled to the service store 190 and the activity tracker 451. Based on the verification response 174 indicating the authenticity of the endpoint 150 with the unique identification 111 and the availability of the subscriber identity number 505 for the group of endpoints 501, the client server 141 may cause the service store 190 to store data indicating the temporary assignment of the subscriber identity number 505 to the unique identification 111.

Subsequently, client server 141 may use activity tracker 451 to determine whether to remove the assignment of subscriber identity number 505 from unique identification 111.

For example, after a predetermined length of inactive time period in which endpoint 150 is not using services provided to the account represented by subscriber identity number 505, client server 141 may cause service store 190 to update subscription data 387 and terminate the assignment of subscriber identity number 505 to unique identification 111.

For example, after receiving an indication or notification from endpoint 150, client server 141 may cause service store 190 to terminate the assignment of subscriber identity number 505 to unique identification 111.

In some embodiments, the client server 141 may cause the service store 190 to terminate the assignment of the subscriber identity number 505 to the unique identification 111 some period of time after the subscriber identity number 505 is assigned to the unique identification 111. The time period may be predetermined or determined based on access request 171 received from endpoint 150.

FIG. 25 illustrates a method for facilitating subscription sharing among a set of endpoints, according to one embodiment. For example, the method of fig. 25 may be implemented in a system having the security features discussed in connection with fig. 1-19 using the techniques discussed above in connection with fig. 23 and 24.

At block 521, the server system stores data associating the endpoint group 501 with at least one subscriber identifier (e.g., identity number 505). The endpoint group 501 may have multiple endpoints (e.g., 150) identified by unique identifications 111, …, 112.

For example, the server system may include a secure server 140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as the service store 190, the activity tracker 451, the package store 191, the firmware store 170, and/or another server. The server system may further include the client server 141 and/or the card server 223 shown in fig. 6.

At block 523, the server system receives authentication request 173 containing identity data 113 generated by memory device 130 configured in endpoint 150. Identity data 113 identifies endpoint 150 using its unique identification 111 in endpoint group 501.

At block 525, in response to the authentication request 173, the server system determines that the identity data 113 is valid based at least in part on the secret of the memory device 130.

For example, the operations in block 525 may be performed in a manner similar to the operations performed in block 323, block 343, block 403, block 423, block 463, and/or block 485.

At block 527, the server system determines that a subscriber identifier (e.g., identity number 505) is not currently assigned to any endpoint in the endpoint group 501.

At block 529, the server system assigns a subscriber identifier to the endpoint 150 based on the data associating the endpoint group 501 with the subscriber identifier (e.g., identity number 505). The assignment enables services provided to an account represented by and/or associated with a subscriber identifier (e.g., identity number 505) to be provided to an endpoint.

For example, the subscriber identifier (e.g., identity number 505) represents a unique subscriber of a service provided in a network (e.g., 225) having a plurality of endpoints (e.g., 150) including a plurality of endpoints in the endpoint group 501 and other endpoints not in the endpoint group 501.

For example, the services network (e.g., 225) may be configured to provide services to the endpoint, such as a cellular communication connection, an internet connection, a connection to a user computer, an online storage facility, an online computing resource, a payment, a transaction, or a message, or any combination thereof.

For example, assigning a subscriber identifier (e.g., identity number 505) to endpoint 150 includes configuring endpoint 150 to have a unique identity represented by the subscriber identifier (e.g., identity number 505) in a services network (e.g., 225).

For example, a serving network (e.g., 225) may require different endpoints in the network (e.g., 225) to have different identities represented by different subscriber identifiers (e.g., identity number 505). Identity data 113 generated by memory device 130 does not contain a subscriber identifier. Identity data 113 and/or unique identification 111 of memory device 130 and/or endpoint 150 may be dynamically assigned to or associated with a subscriber identifier (e.g., identity number 505) to configure endpoint 150 for a serving network (e.g., 225).

For example, assigning a subscriber identifier (e.g., identity number 505) to an endpoint 150 comprises storing data representing the assignment of the subscriber identifier to the endpoint over a period of time.

For example, the server system may remove data representing the assignment of the subscriber identifier to the endpoint after the period of time to interrupt service in the network that endpoint 150 receives as a subscriber. After data removal, endpoint 150 no longer has a subscriber identity represented by a subscriber identifier (e.g., identity number 505) in the serving network (e.g., 225).

For example, the service system may monitor activity of endpoint 150 in receiving services as subscribers in a services network (e.g., 225); and in response to detecting an inactive period when endpoint 150 receives service as a subscriber in a network (e.g., 225), the server system may remove the data to reconfigure endpoint 150 to not have a subscriber identity represented by a subscriber identifier (e.g., identity number 505) in the services network (e.g., 225).

Alternatively, configuring endpoint 150 from the serving network (e.g., 225) to release the subscriber identifier (e.g., identity number 505) may be performed in response to a message or request from endpoint 150.

Alternatively, the length of the time period after the release of the subscriber identifier (e.g., identity number 505) from binding to endpoint 150 may be a predetermined length from the time the subscriber identifier (e.g., identity number 505) is assigned to endpoint 150.

Alternatively, the length of the time period may be specified in the authentication request 173.

For example, the authentication request 173 is received from a client server 141 in a services network (e.g., 225). To configure endpoint 150 to have a subscriber identity represented by a subscriber identifier (e.g., identity number 505), security server 140 may transmit authentication response 174 to client server 141 in response to authentication request 173. The validation response 174 is configured to indicate the validity of the identity data 113 and the association of the identity data 113 with a subscriber identifier (e.g., identity number 505).

In general, endpoints 150 may be identified using different identifications of different services, in different networks, and/or in different contexts. Each identification of an endpoint 150 may be used to represent the endpoint 150 as a member, subscriber, account, authorized device, and/or entity of many of a group specific to a certain type of service, connection, communication, etc.

For example, the endpoint 150 may be configured to communicate with different client servers 141, …, 143, respectively, for its services. The endpoint 150 may be identified with different client servers 141, …, 143 using different subscriber identifications. Each subscriber identification of an endpoint 150 represents a unique subscriber and/or account recognized by a respective client server (e.g., 141, …, 143) for its services to a subscriber population.

For example, endpoint 150 may be configured to communicate with client server 141 to obtain different types of services. Different identifications of endpoints 150 may be used to represent endpoints 150 as subscribers of different service types.

For example, endpoint 150 may be assigned an integrated circuit card identifier 251 to function as a smart card, a mobile equipment identity number 253 to function as a cellular communication device, a mobile subscriber identity number 255 to function as a subscriber to a cellular connectivity service, and so on.

Security server 140 may be configured to manage the identity of endpoint 150 using the security features of memory devices 130 configured in endpoint 150.

For example, a third party may request that security server 140 bind a subscription service in an account to the public identity of endpoint 150. Since the identification may be publicly known, there is a potential risk of fraudulent use of the public identification. Identity data 113 of endpoint 150 may be configured to contain public identification. Based on the Unique Device Secret (UDS)101 of the memory device 130 configured in the endpoint 150, the security server 140 can verify that the identity data 113 received from the endpoint 150 is authentic; thus, endpoint 150 has an identity represented by the public identity contained in identity data 113. Fraudulent use of public identities as identities may be detected by authentication performed by the security server 140.

Security server 140 may be configured to manage secure, dynamic binding of public identities to endpoints 150. For example, in response to a request from an authorized party in the application domain, security server 140 may bind the unique public identification to endpoint 150 of the application domain. For example, an authorized party may be authenticated based on tracking ownership rights of memory devices configured in an endpoint (e.g., 150). Each application domain may have multiple public identities representing individual identities in the application domain. The security server 140 binds the unique public identity to one endpoint at a time.

For example, in response to a request to bind the public identification to the endpoint 150, the security server 140 may verify that the public identification is not currently bound to another endpoint and may operate the memory device 130 using an encryption key generation command representing the owner's rights, storing the public identification in the memory device 130 as part of the device information 121 used to generate the identity data 113 for the memory device 130 and/or the endpoint 150.

Alternatively, security server 140 may store data in the application domain that associates endpoint 150 with a public identification of endpoint 150. In response to the authentication request 173 in the application domain, the security server 140 authenticates the identity data 113 provided in the endpoint 150 and looks up the public identification of the endpoint 150 in the application domain. The public identification may be provided in the authentication response 174.

Secure, dynamic binding of public identification to endpoint 150 may be used to facilitate secure operations. For example, when endpoint 150 is lost/stolen, the owner of endpoint 150 may request that security server 140 bind the public identity of lost/stolen endpoint 150 to a replacement endpoint. Once the security server 140 binds the public identity of the lost/stolen endpoint 150 to the replacement endpoint, the services subscribed to the lost/stolen endpoint 150 are transferred to the replacement endpoint. Optionally, the owner of the lost/stolen endpoint 150 may request that data be transferred from the lost/stolen endpoint 150 to a replacement device; and after the transfer, the owner may request that lost/stolen endpoint 150 be disabled to minimize the loss/impact of endpoint 150.

For example, the technique of fig. 26 may be used in the systems of fig. 1 and/or 6 using the security features of the memory devices discussed in conjunction with fig. 1-5 and 9-10. For example, the technique of fig. 26 may be used with the services of the firmware store of fig. 14 and 15, the service store 190 of fig. 15, 23, and 24, and/or the activity tracker 451 of fig. 20.

In fig. 26, the security server 140 stores the unique identification 111 of the memory device 130 and its unique device secret 101. In addition, security server 140 stores device information 121 characterizing the hardware, software, and/or data configuration of endpoint 150 in which memory device 130 is installed. As in fig. 2, the secret key 137 is based on the unique device secret 101 and the device information 121. Secret key 137 is used by memory device 130 to generate verification code 133 of identity data 113; and the security server 140 verifies that the passcode 133 was generated using the secret key 137, which indicates that the identity data 113 was generated by the memory device 130 having the unique device secret 101.

In fig. 26, security server 140 may bind unique identification 111 to public identification 541 of endpoint 150. For example, after the public identification 541 is assigned to the endpoint 150 in the application domain, the security server 140 may store the public identification 541 as part of the device information 121 associated with the unique identification of the memory device 130 and/or the endpoint 150.

For example, the application domain may be configured for cellular connectivity, smart card processing, services of the client server 141, and so on. The identification 541 may be used to represent the endpoint 150 in a group of endpoints in the application domain. Identification 541 may be used to represent endpoint 150 as a device, member, service subscriber, account, contact, etc.

For example, a client server 141 operating in the application domain may request that the security server 140 bind the public identity 541 to the endpoint 150 having the unique identity 111. In request 549, client server 141 may provide identity data 113 received from endpoint 150 and public identity 541 to be bound to endpoint 150. In response to the request 549, the security server 140 verifies the identity data 113 by determining whether the verification code 133 in the identity data 113 was generated using the secret key 137 of the memory device 130 having the unique identification 111.

After verification of the identity data 113, the security server 140 may add the public identity 541 to the device information 121 and cause the memory device 130 in the endpoint 150 to update 543 the device information 121. After the update 543, the memory device 130 has a new secret key for its generation of new identity data 113 containing the public identity 541. For example, message 131 in new identity data 113 may contain public identification 541 in addition to unique identification 111. The security features of memory device 130 configured to prevent fraudulent use of unique identification 111 may also prevent fraudulent use of public identification 541. For example, when client server 141 receives new identity data 113 containing public identity 541, client server 141 may request security server 140 to verify the new identity data 113. If the new identity data 113 has a valid passcode 133, it is generated by the endpoint 150 assigned a public identity 541.

Security server 140 may update 543 device information 121 in a manner similar to an update 377 of firmware of endpoint 150 and/or a repair 385 of a package installed in endpoint 150. For example, secure server 140 may generate authentication code 153 for command 155 to store public identification 541 in memory unit 103 of memory device 130. The authentication code 153 is generated using an encryption key 145 representing the owner's right to operate the memory device 130, including the right to execute the command 155 in the memory device 130 controlled by the access controller 109 of the memory device 130.

Optionally, the association of public identity 541 with endpoint 150 does not require the generation of a new secret key to represent memory device 130 and/or endpoint 150. Public identity 541 may be included in message 131 used to generate verification code 133 signed using secret key 137. The verification of the verification code 133 indicates that the public identity 541 provided in the message 131 has not changed; and the authentication code 133 is signed by the memory device 130 installed in the endpoint 150.

Optionally, skip update 543; and memory device 130 and/or endpoint 150 do not store common identification 541. Secure server 140 stores data associating unique identification 111 with public identification 541. After the security server 140 verifies the identity data 113 provided in the verification request, the security server 140 may look up the public identification 541 associated with the application domain, look up the unique identification 111 identified in the message 131 of the identity data 113, and provide the public identification 541 in the verification response, in a manner similar to the manner in which the subscriber identity number 505 is presented in the verification response 174 shown in fig. 23.

Optionally, security server 140 has a portal 545 that allows computer 180 to submit a request 547 to associate public identification 541 with endpoint 150 having unique identification 111. After the portal 545 verifies that the computer 180 is operated by the authorized owner or user of the endpoint 150, the portal 545 may communicate with the security server 140 to update the device information 121 of the unique identification 111.

In one embodiment, endpoint 150 has packets stored in memory device 130. When a packet is loaded from memory device 130 and executed in host system 120, endpoint 150 may communicate with server 140 to obtain update 543. Communication between endpoint 150 and server 140 may be through a client server (e.g., 141), firmware store 170, service store 190, activity tracker 451, or another server (e.g., portal 545), or may not be through any intermediate servers.

For example, a manufacturer of an endpoint (e.g., 150) may use computer 180 to configure the endpoint (e.g., 150) and request that an identification (e.g., 541) assigned by the manufacturer be bound to the endpoint (e.g., 150). Such a common identification may be, for example, a mobile equipment identity number (e.g., 253) representing each device in the communication network.

For example, a service provider may assign a subscriber identity number (e.g., 255) to a subscriber of a service provided by the provider. When an owner or user of endpoint 150 registers for the provider's service, the service provider may request, using computer 180, that subscriber identity number 255 be bound to endpoint 150.

FIG. 27 illustrates a method for managing identification of endpoints, according to one embodiment. For example, the method of fig. 27 may be implemented in a system having the security features discussed in connection with fig. 1-19 using the techniques discussed above in connection with fig. 26.

At block 561, the server system stores data associating the secret (e.g., 101) of the memory device 130 configured in the endpoint 150, the first identification 111 of the endpoint 150, and the device information 121.

For example, the server system may include a secure server 140. Optionally, the server system may further include a portal 545, firmware store 170, service store 190, activity tracker 451, package store 191, and/or another server. In some implementations, the server system may further include the client server 141 and/or the card server 223 shown in fig. 6.

At block 563, the server system receives a request (e.g., 547 or 549) to bind the second identity 541 to the endpoint 150 identified by the first identity 111.

For example, a request (e.g., 547 or 549) to bind the second identification 541 to the endpoint 150 may be received in a server system from and/or initiated in a computer (e.g., 180 or server 141) separate from the endpoint 150. The server system is configured to determine whether the computer has the right to attach such second identification 541 to the endpoint 150. If so, server system 140 may store data associating first identification 111 and second identification 541.

In one embodiment, the authority to attach such second identification 541 to the endpoint 150 is an entity associated with operating the computer and having ownership of the memory device 130 (e.g., as a manufacturer, retailer, service provider, end user of the endpoint 150).

For example, an entity may use a computer to communicate with endpoint 150 and/or memory device 130 to retrieve current identity data 113 generated by memory device 130. The current identity data 113 contains the first identification 111 and can be verified by the server system as to whether the current identity data 113 from the memory means 130 is authentic.

For example, in response to a request, the server system may store data associating the first identification 111 with the second identification 541.

For example, the server system may update the device information 121 of the first identification 111 to include the second identification 541.

For example, the server system may communicate with endpoint 150 to update data stored in memory device 130 and/or store second identification 541 in memory device 130.

Optionally, second identification 541 may be used as part of device information 121 in memory device 130 for generating secret key 137, where secret key 137 is used to generate authentication code 133 for identity data 113 of memory device 130 and/or endpoint 150.

Optionally, second identification 541 does not alter the generation of secret key 137. However, second identification 541 is stored into an access-controlled area of memory device 130 and is included in message 131 presented in identity data 113 (e.g., as part of data C127).

For example, in response to a request to bind the second identification 541 to the endpoint 150, the server system may generate an authentication code 153 for the command 155 and cause the memory device 130 to execute the command 155 in accordance with the authentication code 153. Upon receiving the command 155 and the authentication code 153 of the command 155, the access controller 109 of the memory device 130 is configured to authenticate the authentication code 153 of the command 155 using an encryption key (e.g., the access control key 149) representing the authority to execute the command 155 in the memory device 130. Memory device 130 is configured to execute command 155 in response to determining that the authentication code 153 of command 155 is valid; executing command 155 in memory device 130 may store second identification 541 in memory device 130 for subsequent generation of identity data 113. For example, second identification 541 may be stored as part of device information 121 and/or for presentation in message 131 of identity data 113.

For example, the memory device stores an executable set of instructions in endpoint 150. The set of instructions may be part of the content 161 or a package 441 of the firmware or operating system of the endpoint. Memory device 130 is configured to verify the integrity of the set of instructions before allowing endpoint 150 to load the set of instructions for execution. Because the set of instructions is protected via memory device 130, the server system can reliably communicate with endpoint 150 executing the set of instructions to cause memory device 130 to execute commands 155. The communication path between endpoint 150 and the server system may optionally be protected by client server 141 and/or optionally via session key 263 and symmetric encryption.

At block 565, the server system receives the authentication request 173 containing the identity data 113 generated by the memory device 130. Identity data 113 contains a verification code 133 generated from a message 131 presented in identity data 113 and an encryption key (e.g., secret key 137) derived at least in part from a secret (e.g., 101).

For example, in some embodiments, message 131 presented in the identity data contains second identification 541. Optionally, when the second identification 541 is configured as part of the device information 121, an encryption key (e.g., secret key 137) for signing the message 131 in the form of the passcode 133 may be further derived based on the second identification 541; alternatively, the encryption key is independent of the second identification 541.

In some embodiments, message 131 presented in identity data 113 does not include second recognition 541.

At block 567, the server system verifies the validity of the identity data 113 based at least in part on the secret (e.g., 101) of the memory device 130.

For example, the operations in block 567 may be performed in a manner similar to the operations performed in block 323, block 343, block 403, block 423, block 463, block 485, and/or block 525.

At block 569, the server system provides an authentication response 174 to the authentication request 173 in response to determining that the identity data 113 is valid. Authentication response 174 is configured to indicate that identity data 113 was generated by endpoint 150 with second identification 541.

For example, the server system may identify second identification 541 in verification response 174 by looking up second identification 541 associated with the first identification in data stored in secure server 140 or extracting second identification 541 from identity data 113. Alternatively, the server system may indicate that identity data 113 is valid, including second identification 541 presented in message 131 contained in identity data 113.

Fig. 28 illustrates an example machine of a computer system 600 within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed. In some embodiments, computer system 600 may correspond to a host system that includes, is coupled to, or uses a memory subsystem, or may be used to perform operations of security manager 160 (e.g., execute instructions to perform operations corresponding to the security features of security server 140 and/or memory device 130 described with reference to fig. 1-27). In alternative embodiments, the machine may be connected (e.g., networked) to other machines in a LAN, an intranet, an extranet, and/or the internet. The machine may operate in the capacity of a server or a client machine in a client-server network environment, as a peer machine in a peer-to-peer (or distributed) network environment, or as a server or a client machine in a cloud computing infrastructure or environment.

The machine may be a Personal Computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Additionally, while a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

Example computer system 600 includes a processing device 602, a main memory 604 (e.g., Read Only Memory (ROM), flash memory, Dynamic Random Access Memory (DRAM), such as synchronous DRAM (sdram) or Rambus DRAM (RDRAM), Static Random Access Memory (SRAM), etc.), and a data storage system 618, which communicate with each other via a bus 630 (which may include multiple buses).

The processing device 602 represents one or more general-purpose processing devices such as a microprocessor, central processing unit, or the like. More specifically, the processing device may be a Complex Instruction Set Computing (CISC) microprocessor, Reduced Instruction Set Computing (RISC) microprocessor, Very Long Instruction Word (VLIW) microprocessor, or a processor implementing other instruction sets or processors implementing a combination of instruction sets. The processing device 602 may also be one or more special-purpose processing devices such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), network processor, or the like. The processing device 602 is configured to execute instructions 626 for performing the operations and steps discussed herein. The computer system 600 may further include a network interface device 608 that communicates over a network 620.

The data storage system 618 may include a machine-readable medium 624 (also referred to as a computer-readable medium) on which is stored one or more sets of instructions 626 or software embodying any one or more of the methodologies or functions described herein. The instructions 626 may also reside, completely or at least partially, within the main memory 604 and/or within the processing device 602 during execution thereof by the computer system 600, the main memory 604, and the processing device 602, which also constitute machine-readable storage media. Machine-readable medium 624, data storage system 618, and/or main memory 604 may correspond to a memory subsystem.

In one embodiment, instructions 626 include instructions to implement functionality corresponding to security manager 160 (e.g., operation of security features of security server 140 and/or memory device 130 described with reference to fig. 1-27). While the machine-readable storage medium 624 is shown in an example embodiment to be a single medium, the term "machine-readable storage medium" should be taken to include a single medium or multiple media that store the one or more sets of instructions. The term "machine-readable storage medium" shall also be taken to include any medium that is capable of storing or encoding a set of instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present disclosure. The term "machine-readable storage medium" shall accordingly be taken to include, but not be limited to, solid-state memories, optical media, and magnetic media.

In general, an endpoint 150, a server (e.g., security server 140,

client server

141 or 143, or card server 223) may be a computing system having a host system 120 and a memory subsystem. The memory subsystem may include media such as one or more volatile memory devices, one or more non-volatile memory devices (e.g., memory device 130), or a combination of these.

The memory subsystem may be a memory device, a memory module, or a mixture of memory devices and memory modules. Examples of storage devices include Solid State Drives (SSDs), flash drives, Universal Serial Bus (USB) flash drives, embedded multimedia controller (eMMC) drives, Universal Flash Storage (UFS) drives, Secure Digital (SD) cards, and Hard Disk Drives (HDDs). Examples of memory modules include dual in-line memory modules (DIMMs), small outline DIMMs (SO-DIMMs), and various types of non-volatile dual in-line memory modules (NVDIMMs).

For example, the computing system may be a computing device, such as a desktop computer, a laptop computer, a network server, a mobile device, a vehicle (e.g., an aircraft, drone, train, automobile, or other vehicle), an internet of things (IoT) -enabled device, an embedded computer (e.g., an embedded computer included in a vehicle, industrial equipment, or networked business device), or such computing device including memory and processing devices.

A host system 120 of the computing system is coupled to one or more memory subsystems. As used herein, "coupled to" or "coupled with … …" generally refers to a connection between components that may be an indirect communicative connection or a direct communicative connection (e.g., without intervening components), whether wired or wireless, including electrical, optical, magnetic, etc. connections.

Host system 120 may include a processor chipset (e.g., processing device 118) and a software stack executed by the processor chipset. The processor chipset may include one or more cores, one or more caches, a memory controller (e.g., controller 116) (e.g., NVDIMM controller), and a storage protocol controller (e.g., PCIe controller, SATA controller). The host system 120 uses the memory subsystem, for example, to write data to and read data from the memory subsystem.

The host system 120 may be coupled to the memory subsystem via a physical host interface. Examples of physical host interfaces include, but are not limited to, a Serial Advanced Technology Attachment (SATA) interface, a peripheral component interconnect express (PCIe) interface, a Universal Serial Bus (USB) interface, a fibre channel, a serial attached SCSI (sas) interface, a Double Data Rate (DDR) memory bus interface, a Small Computer System Interface (SCSI), a dual in-line memory module (DIMM) interface (e.g., a DIMM socket interface supporting Double Data Rate (DDR)), an Open NAND Flash Interface (ONFI), a Double Data Rate (DDR) interface, a Low Power Double Data Rate (LPDDR) interface, or any other interface. The physical host interface may be used to transfer data between the host system 120 and the memory subsystem. The host system 120 may further utilize an NVM express (NVMe) interface to access components (e.g., memory device 130) when the memory subsystem is coupled with the host system 120 over a PCIe interface. The physical host interface may provide an interface for passing control, address, data, and other signals between the memory subsystem and the host system 120. In general, the host system 120 may access one or more memory subsystems via the same communication connection, multiple separate communication connections, and/or a combination of communication connections.

The processing device 118 of the host system 120 may be, for example, a microprocessor, a Central Processing Unit (CPU), a processing core of a processor, an execution unit, or the like. In some cases, the controller 116 may be referred to as a memory controller, a memory management unit, and/or an initiator. In one example, the controller 116 controls communication over a bus coupled between the host system 120 and the memory subsystem. In general, controller 116 may send commands or requests to the memory subsystem desiring access to memory device 130. The controller 116 may further include interface circuitry for communicating with the memory subsystem. The interface circuitry may convert responses received from the memory subsystem into information for the host system 120.

The controller 116 of the host system 120 may communicate with the controller of the memory subsystem to perform operations such as reading data, writing data, or erasing data at the memory device 130, among other such operations. In some cases, the controller 116 is integrated within the same package as the processing device 118. In other cases, the controller 116 is separate from the packaging of the processing device 118. The controller 116 and/or the processing device 118 may include hardware, such as one or more Integrated Circuits (ICs) and/or discrete components, cache memory, or a combination thereof. The controller 116 and/or the processing device 118 may be a microcontroller, special purpose logic circuitry (e.g., a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), etc.), or another suitable processor.

Memory device 130 may include different types of non-volatile memory components and/or any combination of volatile memory components. Volatile memory devices may be, but are not limited to, Random Access Memory (RAM), such as Dynamic Random Access Memory (DRAM) and Synchronous Dynamic Random Access Memory (SDRAM).

Some examples of non-volatile memory components include NAND (or NOT AND) (NAND) type flash memory AND write-in-place memory, such as three-dimensional cross-point ("3D cross-point") memory. A non-volatile memory cross-point array may perform bit storage based on changes in body resistance in conjunction with a stackable cross-meshed data access array. In addition, in contrast to many flash-based memories, cross-point non-volatile memories can perform in-place write operations in which non-volatile memory cells can be programmed if they have been previously erased. The NAND type flash memory includes, for example, two-dimensional NAND (2D NAND) and three-dimensional NAND (3D NAND).

Each of memory devices 130 may include one or more arrays of memory cells. One type of memory cell, such as a Single Level Cell (SLC), can store one bit per cell. Other types of memory cells, such as multi-level cells (MLC), three-level cells (TLC), four-level cells (QLC), and five-level cells (PLC), may store multiple bits per cell. In some embodiments, each of the memory devices 130 may include one or more arrays such as SLC, MLC, TLC, QLC, PLC, or any combination thereof. In some embodiments, a particular memory device may include an SLC portion, an MLC portion, a TLC portion, a QLC portion, and/or a PLC portion of a memory cell. The memory cells of memory device 130 may be grouped into pages, which may refer to logical units of the memory device for storing data. In some types of memory (e.g., NAND), pages may be grouped to form blocks.

Although non-volatile memory devices are described, such as 3D cross-point and NAND type memories (e.g., 2DNAND, 3D NAND), memory device 130 may be based on any other type of non-volatile memory, such as Read Only Memory (ROM), Phase Change Memory (PCM), self-selection memory, other chalcogenide based memories, ferroelectric transistor random access memory (FeTRAM), ferroelectric random access memory (FeRAM), Magnetic Random Access Memory (MRAM), Spin Transfer Torque (STT) -MRAM, conductive bridge ram (cbram), Resistive Random Access Memory (RRAM), oxide based RRAM (oxram), NOR (NOR) flash memory, and Electrically Erasable Programmable Read Only Memory (EEPROM).

The memory subsystem controller may communicate with memory device 130 to perform operations such as reading data, writing data, or erasing data at memory device 130 and other such operations (e.g., in response to commands scheduled by controller 116 on a command bus). The memory subsystem controller may include hardware such as one or more Integrated Circuits (ICs) and/or discrete components, cache memory, or a combination thereof. The hardware may comprise digital circuitry with dedicated (e.g., hard-coded) logic to perform the operations described herein. The memory subsystem controller may be a microcontroller, special purpose logic circuitry (e.g., a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), etc.), or another suitable processor.

The memory subsystem controller may include a processing device (e.g., a processor) configured to execute instructions stored in a local memory. In the example shown, the local memory of the memory subsystem controller includes embedded memory configured to store instructions for performing various processes, operations, logic flows, and routines that control the operation of the memory subsystem, including handling communications between the memory subsystem and the host system 120.

In some embodiments, the local memory may include memory registers that store memory pointers, fetched data, and the like. The local memory may also include Read Only Memory (ROM) for storing microcode. While some memory subsystems have a memory subsystem controller, other memory subsystems do not contain a memory subsystem controller, but may rely on external control (e.g., provided by an external host or by a processor or controller separate from the memory subsystem).

In general, a memory subsystem controller may receive commands or operations from host system 120 and may convert the commands or operations into instructions or appropriate commands to achieve a desired access to memory device 130. The memory subsystem controller may be responsible for other operations, such as wear leveling operations, garbage data collection operations, error detection and Error Correction Code (ECC) operations, encryption operations, cache operations, and address translation between logical addresses (e.g., Logical Block Addresses (LBAs), namespaces) and physical addresses (e.g., physical block addresses) associated with the memory device 130. The memory subsystem controller may further include host interface circuitry for communicating with the host system 120 via a physical host interface. Host interface circuitry may convert commands received from the host system into command instructions to access memory device 130 and convert responses associated with memory device 130 into information for host system 120.

The memory subsystem may also include additional circuitry or components not shown. In some embodiments, the memory subsystem may include a cache or buffer (e.g., DRAM) and address circuitry (e.g., row decoder and column decoder) that may receive addresses from the memory subsystem controller and decode the addresses to access the memory devices 130.

In some embodiments, memory device 130 includes a local media controller for performing operations on one or more memory units 103 of memory device 130 in conjunction with a memory subsystem controller of the memory subsystem. The local media controller may be used to implement the encryption engine 107 and/or the access controller 109. An external controller (e.g., a memory subsystem controller or controller 116 of host system 120) may manage memory device 130 externally (e.g., perform media management operations on memory device 130). In some embodiments, memory device 130 is a managed memory device, which is a raw memory device that is combined with a local media controller for media management within the same memory device package. An example of a managed memory device is a managed nand (mnand) device.

Memory subsystem controller and/or memory device 130 may include a security manager 160 configured to provide the security features discussed above. In some embodiments, the memory subsystem controller and/or a local media controller in the memory subsystem may contain at least a portion of the security manager 160. In other embodiments, or in combination, the controller 116 in the host system 120 may include at least a portion of the security manager 160. For example, memory subsystem controller, controller 116, and/or security server 140 may include logic circuitry and/or execute instructions when implementing security manager 160. For example, the processing device 118 (e.g., a processor) of the memory subsystem controller or host system 120 may be configured to execute instructions stored in the memory device 130 for performing the operations of the security manager 160 described herein. In some embodiments, security manager 160 is implemented in an integrated circuit chip disposed in the memory subsystem. In other embodiments, security manager 160 may be part of the firmware of the memory subsystem, the operating system of host system 120, a device driver or application, or any combination thereof.

Some portions of the preceding detailed description have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the most effective means used by those skilled in the data processing arts to convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of operations leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.

It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. The present disclosure may refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage systems.

The present disclosure also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), Random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.

The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the method. The structure for a variety of these systems will appear from the description below. In addition, the present disclosure is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the disclosure as described herein.

The present disclosure may be provided as a computer program product or software which may include a machine-readable medium having stored thereon instructions which may be used to program a computer system (or other electronic devices) to perform a process according to the present disclosure. A machine-readable medium includes any mechanism for storing information in a form readable by a machine (e.g., a computer). In some embodiments, a machine-readable (e.g., computer-readable) medium includes a machine (e.g., computer) -readable storage medium, such as read only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory components, and so forth.

In this specification, various functions and operations are described as being performed by or caused by computer instructions for simplicity of description. However, those skilled in the art will recognize that the intent of such expressions is that the functions result from execution of computer instructions by one or more controllers or processors (e.g., microprocessors). Alternatively or in combination, the functions and operations may be implemented using special purpose circuitry, with or without software instructions, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA). Embodiments may be implemented using hardwired circuitry without software instructions or in combination with software instructions. Thus, the techniques are not limited to any specific combination of hardware circuitry and software nor to any particular source for the instructions executed by the data processing system.

In the foregoing specification, embodiments of the disclosure have been described with reference to specific example embodiments thereof. It will be evident that various modifications may be made thereto without departing from the broader spirit and scope of embodiments of the disclosure as set forth in the following claims. The specification and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense.

Claims

1. A method, comprising:

storing, in a server system, data representing one or more preferences of an endpoint;

receiving, in the server system, an authentication request containing identity data generated by a memory device configured in the endpoint;

verifying, by the server system, the identity data based at least in part on the secret of the memory device and at least a portion of the content stored in the memory device; and

in response to determining that the identity data is valid,

determining that an activity associated with the identity data satisfies a condition specified for the endpoint; and

upon providing an authentication response in response to the authentication request, performing a security operation associated with the condition.

2. The method of claim 1, wherein the security operation includes transmitting an alert or notification to a contact registered in the one or more references.

3. The method of claim 1, wherein the security operation includes identifying a security risk or restriction in the authentication response.

4. The method of claim 1, further comprising:

extracting information about the activity from the identity data in response to determining that the identity data is valid, wherein the condition is determined to be satisfied based at least in part on the information about the activity extracted from the identity data.

5. The method of claim 4, wherein extracting the information about the activity comprises decrypting a portion of a message provided in the identity data.

6. The method of claim 5, further comprising:

establishing a session key based on the verification of the identity data, wherein the decryption of the portion of the message provided in the identity data is performed using the session key.

7. The method of claim 1, further comprising:

storing, in the server system, a plurality of records of activities of the endpoint;

determining a pattern of the activity of the endpoint based on the plurality of records; and

based on the pattern, the condition is identified.

8. The method of claim 7, wherein the pattern includes a geographic area, a time period of a day or week, a range of activity attributes, or any combination thereof.

9. The method of claim 8, further comprising:

communicating, by the server system, with a user computer to receive the data representing the one or more preferences of the endpoint; and

presenting, by the server system, the activity of the endpoint based on the record.

10. The method of claim 1, wherein the authentication request is received from a client server; and the method further comprises:

extracting one or more attributes identified by the client server for the activity from the authentication request, wherein the condition is determined to be satisfied based at least in part on the one or more attributes.

11. The method of claim 10, further comprising:

in response to determining that the identity data is valid, extracting information about the activity from a message in the identity data, wherein the condition is determined to be satisfied based on a mismatch between the information about the activity and the one or more attributes.

12. The method of claim 11, wherein verifying the identity data comprises determining whether a verification code provided in the identity data was generated from the message and the secret of the memory device.

13. The method of claim 12, wherein the memory device does not transfer the secret out of the memory device after fabrication of the memory device is completed in a secure facility.

14. The method of claim 13, further comprising:

registering the secret during manufacture of the memory device in the secure facility; and

generating an encryption key to verify the identity data based at least in part on the secret.

15. The method of claim 14, wherein the encryption key used to verify the identity data is further generated based on data received from a host system of the memory device at a boot time of the endpoint.

16. A computing system, comprising:

a memory storing an encryption key of a memory device; and

at least one processor configured, via a set of instructions, to:

receiving an authentication request containing identity data generated by a memory device configured in an endpoint; and is

In response to the request for authentication,

determining that the identity data is valid based at least in part on a secret of the memory device;

determining that an activity identified via the authentication request satisfies a condition specified for the endpoint; and is

17. The computing system of claim 16, wherein the computing system is configured to store data representing one or more preferences received from a user computer of the endpoint; the data representing the one or more preferences specifies the condition; and determining that the activity satisfies the condition based on first data embedded in the identity data by the memory device and second data provided in the authentication request by a client server; and wherein the client server is configured to receive an access request from the endpoint, submit the authentication request to the computing system, and provide a service related to the activity.

18. The computing system of claim 17, wherein the memory device has logic circuitry implementing a cryptographic engine and is configured to use the cryptographic engine to:

Generating an encryption key representing an identity of the endpoint based at least in part on the secret of the memory device and firmware currently configured in the memory device for execution by the endpoint; and

commands executed in the memory device are controlled based on the rights represented by the encryption key.

19. A non-transitory computer storage medium storing instructions that, when executed by a server system, cause the server system to perform a method, the method comprising:

receiving an authentication request containing identity data generated by a memory device configured in an endpoint; and

in response to the request for authentication,

20. The non-transitory computer storage medium of claim 19, wherein the method further comprises:

receiving data representing one or more preferences of the endpoint from a user computer to specify the condition;

Extracting first data about the activity from the identity data, the first data being embedded in the identity data by the memory device; and

extracting second data about the activity from the validation request, the second data provided by a client server in the validation request, wherein the client server is configured to receive an access request from the endpoint and submit the validation request to the computing system, and wherein determining whether the condition is satisfied is based on the first data about the activity or the second data about the activity, or any combination thereof.