CN115021950A - Online service store for endpoints - Google Patents
Online service store for endpoints Download PDFInfo
- Publication number
- CN115021950A CN115021950A CN202210197979.0A CN202210197979A CN115021950A CN 115021950 A CN115021950 A CN 115021950A CN 202210197979 A CN202210197979 A CN 202210197979A CN 115021950 A CN115021950 A CN 115021950A
- Authority
- CN
- China
- Prior art keywords
- endpoint
- memory device
- server
- identity
- firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
 
- 
        - G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
 
- 
        - H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
 
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Mathematical Physics (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
Embodiments of the present application relate to an online service store for endpoints. The online service store may configure services for endpoints and verify the authenticity of the endpoints. For example, an endpoint may be subscribed to a service before the endpoint is used. After receiving a request with identity data generated by a memory device configured in the endpoint, a server system may determine the validity of the identity data, and thus the authenticity of the endpoint, based on the secret of the memory device and other data stored about the endpoint. Based on the service subscribed to for the endpoint, the server system connects the endpoint to a client server to receive the service. The server system may cause a firmware update of the endpoint so that the endpoint can receive the service from the client server.
    Description
      RELATED APPLICATIONS
    
    The present application claims benefit of the filing date of provisional united states patent application No. 63/105,820 entitled "Virtual Subscriber identity Module and Virtual Smart Card (Virtual Subscriber identity Module and Virtual Smart Card)" filed on 26.10.2020, wherein the present application also claims benefit of the filing date of provisional united states patent application No. 63/156,232 entitled "Online Service Store for Endpoints" filed on 3.2021, 3.3.3.3.3.3.3.3.3.3.3, the entire disclosure of which is hereby incorporated by reference. 
    This application is related to U.S. patent application No. 17/005,565 entitled Secure Memory System Programming for Host Device Verification, filed on 28.8.2020, which claims benefit of the filing date of the following applications: provisional united states patent application No. 63/059,617 filed on 31/7/2020; U.S. patent application No. 17/080,684 entitled "Endpoint Authentication based on Multi-component Boot-Time Binding of Multi-Components", filed 26.10.2020; us patent application No. 16/374,905, entitled "login Software on Secure Device to Generate Device Identities for Authentication with Remote server" filed on 4/2019 and published as us patent application publication No. 2020/0322134/10/8/2020; and U.S. patent application No. 17/014,203 entitled Customer-Specific Activation of a function in a Semiconductor Device, filed on 8.9.2020, the entire disclosure of which is hereby incorporated by reference. 
    Technical Field
      At least some embodiments disclosed herein relate generally to authentication, and more particularly, but not exclusively, to authentication of communication endpoints in a network having secure memory devices.
    Background
      The memory subsystem may include one or more memory devices that store data. The memory devices may be, for example, non-volatile memory devices and volatile memory devices. In general, a host system may utilize a memory subsystem to store data at and retrieve data from a memory device.
      Standards for device identity synthesis engines (DICE) and robust internet of things (RIoT) have been developed for cryptographic computation-based data computation for computing device identity recognition and authentication.
    Disclosure of Invention
      One embodiment of the present application provides a method, comprising: receiving, in a server system, a request from an endpoint with identity data generated by a memory device configured in the endpoint; verifying, by the server system, the identity data in response to the request and based on information about the endpoint stored in the server, the information including a secret of the memory device; and in response to determining that the identity data is valid, identifying a service ordered for the endpoint in an online service store; identifying a client server configured to provide the service; and direct the endpoint to the client server. 
      Another embodiment of the present application provides a computing system, comprising: a memory storing an encryption key of a memory device; and at least one processor configured, via a set of instructions, to: receiving, from an endpoint, a request having identity data generated by a memory device configured in the endpoint; and in response to the request: verifying the identity data in response to the request and based on information stored in memory about the endpoint, the information including a secret of the memory device; identifying a service ordered for the endpoint in an online service store; and direct the endpoint to a client server configured to provide the service.
      Another embodiment of the present application provides a non-transitory computer storage medium storing instructions that, when executed by a server, cause the server to perform a method comprising: receiving, from an endpoint, a request having identity data generated by a memory device configured in the endpoint; verifying the identity data in response to the request and based on information about the endpoint, the information including a secret of the memory device; and in response to determining that the identity data is valid, identifying a service ordered for the endpoint in an online service store; and direct the endpoint to a client server configured to provide the service. 
    Drawings
      Embodiments are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings in which like reference numerals refer to similar elements.
      FIG. 1 illustrates an example computing system in accordance with some embodiments of the present disclosure.
      FIG. 2 illustrates generation of identity data in an integrated circuit memory device, according to one embodiment.
      FIG. 3 illustrates a technique for controlling command execution in a memory device, according to one embodiment.
      FIG. 4 illustrates a technique for verifying the integrity of data stored in a memory device, according to one embodiment.
      FIG. 5 illustrates a security service of a security server provided to a client server based on security features implemented in a memory device, according to one embodiment.
      Figure 6 illustrates a system and method for configuring and authenticating endpoints of a card-based service, according to one embodiment.
      FIG. 7 illustrates a card profile of a virtual smart card according to one embodiment.
      Fig. 8 illustrates a card profile of a virtual Subscriber Identity Module (SIM) according to one embodiment.
      FIG. 9 illustrates a technique for authenticating a memory device, according to one embodiment.
      FIG. 10 illustrates a technique for generating commands that control secure operation of a memory device, according to one embodiment. 
      FIG. 11 illustrates a method of virtualizing a smart card according to one embodiment.
      FIG. 12 illustrates a method of providing security services based on security features of a memory device, according to one embodiment.
      Figure 13 illustrates a method of logging into an endpoint of a service to which an account is subscribed, according to one embodiment.
      FIG. 14 illustrates a technique for endpoint customization using an online firmware store, according to one embodiment.
      FIG. 15 illustrates a technique for directing services to endpoints via an online service store, according to one embodiment.
      FIG. 16 illustrates a firmware update method using a firmware store and a security server, according to one embodiment.
      FIG. 17 illustrates an endpoint customization method using a service store and a security server, according to one embodiment.
      Figure 18 illustrates a diagram of generating identity data to facilitate monitoring of integrity and/or endpoint activity, according to one embodiment.
      Figure 19 illustrates a technique for maintaining the integrity of packets stored in an endpoint according to one embodiment.
      FIG. 20 illustrates a system that implements security operations based on tracking endpoint activity, according to one embodiment.
      FIG. 21 illustrates a method for updating or repairing a packet stored in an endpoint, according to one embodiment.
      Fig. 22 illustrates a method for performing a security operation based on one or more activities of an endpoint, in accordance with one embodiment. 
      Figures 23 and 24 illustrate a system configured to implement subscription sharing among a set of endpoints, according to one embodiment.
      FIG. 25 illustrates a method for facilitating subscription sharing among a set of endpoints, according to one embodiment.
      FIG. 26 illustrates a technique for managing endpoint identification, according to one embodiment.
      FIG. 27 illustrates a method for managing endpoint identification, according to one embodiment.
      FIG. 28 is a block diagram of an example computer system in which embodiments of the present disclosure may operate.
    Detailed Description
      At least some aspects of the present disclosure relate to a security server and a memory device having a security feature. The security server is configured to provide online security services in a computer network (e.g., the internet) based on the security features of the memory devices. A host system of the memory device may use memory and/or storage functions of the memory device to store instructions and/or data for processing and to store processing results.
      In general, the memory subsystem may include storage devices and/or memory modules. A host system may use a memory subsystem that includes one or more components, such as memory devices that store data. The host system may provide data for storage in the memory subsystem and may request data for retrieval from the memory subsystem. 
      For example, a portion of the data stored in the memory device may be instructions, such as instructions programmed for software, firmware, a boot loader, an operating system, routines, device drivers, application packages, and so forth. The instructions may be stored for a computing device implemented using a host system connected to the memory device.
      Another portion of the data stored in the memory device may provide an operand or input to the instruction as the instruction executes in one or more processing devices of the host system.
      Yet another portion of the data stored in the memory device may include results generated from executing the instruction using the input and/or other input stored in the memory device.
      Examples of such computing devices include personal computers, mobile computers, tablet computers, personal media players, smart phones, smart TVs, smart speakers, smart appliances, internet of things (IoT) devices, and so forth.
      Security features implemented in the memory device may be used for secure communications between the memory device and a security server via a computer network. The communication path between the memory device and the secure server may not be secure. The identity of and/or control access to the memory device may be verified by communication between the security server and the memory device in order to prevent and detect counterfeiting, tampering, hacking and/or unsafe operation. 
      The combination of the security features of the memory device and the security services of the security server allows parties involved in the use of the memory device and/or computing device having the memory device to trust the authenticity of the computing device and/or memory device and to trust the integrity of data stored in the memory device, such as instructions to be executed in the computing device and the input of instructions.
      For example, the security server and memory device may implement a Subscriber Identity Module (SIM) replacement in combination.
      SIM cards are commonly used to represent subscriber identities for cellular services in telecommunications networks. When the SIM card is inserted into the cellular telephone, the cellular telephone may access cellular services provided to the subscriber account; and when the SIM card is inserted into the alternate cell phone, the subscriber may use the alternate cell phone to access the cellular service associated with the account.
      The need for a physical SIM card can be eliminated when the identity of the memory device installed in the cellular telephone can be securely configured to represent the subscriber identity. The identity of the memory device may be configured and protected via the security features of the memory device and the security services of the security server.
      In general, a security server may be deployed on the internet to provide security-related services to third-party computers and servers based on security features built into the memory devices. The security features are built and packaged into the memory device. Security features and security services may be used without trust in a secure implementation of a computing device in which the memory device is installed. Thus, the security implementation may be focused on the security features of the memory device and the design of the security server. By simply using a memory device with a security feature, the security of a computing device using the memory device may be improved without requiring much effort by the designer and/or manufacturer of the computing device. 
      The security server may provide services to verify the identity and/or authenticity of the device, detect counterfeit and/or tampered devices, track and manage device ownership, facilitate transfer of device ownership/control, facilitate configuration of services for a computing device to access third party servers and/or services networks, and the like.
      The security features of the memory device may be implemented within an Integrated Circuit (IC) package of the memory device during fabrication of the memory device. A memory device may have logic circuits (or controllers) and memory units formed on one or more integrated circuit dies. At least some of the memory cells in the memory device may be non-volatile such that data may be stored in the non-volatile memory cells even if the memory device is powered down for a long period of time (e.g., days, months, or even years). The non-volatile memory of the memory device may be used to store instructions and data for the operation of the host system of the memory cells.
      The memory device may have a Unique Device Secret (UDS). The unique device secret may be protected within the memory device such that, after manufacturing of the memory device is completed, the unique device secret is not communicated outside of the memory device and is not readable by the host system via any interface of the memory device. 
      The presence of the unique device secret in the memory device may be verified by the security server through cryptographic calculations, such as generation of an encryption key, generation of a message hash value using an encryption function, and generation of a message ciphertext encrypted with a message using the encryption key.
      Cryptographic computation that encrypts a message using an encryption key involves computation of a ciphertext that represents the message. The message may be efficiently recovered from the ciphertext using the corresponding encryption key by performing a predefined decryption calculation. Recovering a message from a ciphertext is generally not feasible without having a corresponding encryption key for decryption. The difficulty level of recovering the message without knowledge of the corresponding encryption key used for decryption represents the security level of the cryptographic computation. The level of security depends in general on the length of the encryption key used for encryption and the algorithm used for encryption.
      When symmetric encryption is used, the encryption key used for decryption and the encryption key used for encryption are the same. When asymmetric encryption is used, the decryption key and the encryption key are different and are generated in pairs. One of the pairs may be used as a private key, and thus as a secret; the other of the pair may be used as a public key. Computing the private key from the public key is generally not feasible. The level of difficulty in recovering the private key from the public key represents the level of security of the asymmetric encryption. 
      Cryptographic computation that hashes a message maps the message to a hash value representing the message. However, a certain amount of information is lost in the hash calculation, so that the message cannot be recovered from the hash value. Many messages may map to the same hash value. Generating a modified version of a message that can hash to the same hash value is generally not feasible, particularly when the modified version is similar to the original message.
      Cryptographic calculation of key generation involves calculating an encryption key for symmetric encryption or a pair of encryption keys for asymmetric encryption based on a set of data. The probability of generating the same key or the same key pair without having the same set of data is low. The probability level represents the strength of the cryptographic computation used for key generation.
      In general, any cryptographic computation technique for encryption, hashing, and key generation may be used with the memory device and the security server. Accordingly, the present disclosure is not limited to particular encryption, hashing, and/or key generation techniques.
      In addition to the unique device secret, the memory device may also store additional data to represent data and/or hardware configuration of the memory device and/or the computing device in which the memory device is installed. A portion of the extra data may or may not be kept secret to the memory device. The unique device secret and the additional data may be used to generate a secret encryption key representing an identity of the memory device and/or the computing device. 
      The logic circuits (or local controllers) of the memory device may implement an encryption engine, an identity engine, and an access controller. The encryption engine of the memory device is configured to perform cryptographic computations (e.g., hashing, encryption/decryption, key generation) within the memory device to support the operation of the identity engine and the access controller. Embodiments of the cryptographic engine in the memory device eliminate the need to rely on an external processor for secure computations of the memory device, and thus improve security by preventing the transfer of secrets out of the memory device and preventing tampering and hacking of the cryptographic computations. Optionally, at least part of the cryptographic computations involved in the security features of the memory device may be implemented via storing instructions in the memory device for execution by a host system of the memory device, while there is a level of trade-off between the security level and complexity of the logic circuits (or local controllers) of the memory device.
      The encryption engine of the memory device may be used to apply a cryptographic hash function to a message to generate a hash value, to generate a symmetric encryption key or a pair of asymmetric encryption keys from a set of data, to generate a ciphertext of the message using the encryption key, and/or to recover the message from the ciphertext using the encryption key. 
      An access controller of the memory device is configured to control execution of commands received in the memory device using the encryption key. For example, permissions may be required to request that the memory device perform commands to read, write, delete, modify, etc., various portions of the non-volatile memory of the memory device. The rights may be represented by a corresponding encryption key. After receiving the permission command in the memory device for execution, the access controller may use the encryption engine to perform the calculation when determining whether the command is from a sender having an encryption key representing the permission. After the calculation indicates that the sender has the encryption key and thus the right, the access controller allows the command to be executed within the memory device. Otherwise, the access controller may reject, ignore, or discard the command. Such access control may prevent unauthorized access to data stored in the memory device, prevent unauthorized changes to the memory device, and prevent tampering and/or hacking of counterfeit and/or unsecure devices that form the memory device.
      Generally, verifying whether the sender of the message has the encryption key involves verifying the authentication code of the message. The verification code may be in the form of a hash digest, a digital signature, a hash-based message authentication code (HMAC), a Cryptographic Message Authentication Code (CMAC), and the like. The passcode is generated using an encryption key and the message as input to a hash, encryption, and/or other computational encryption operation, such that generating the passcode without the encryption key and generating the passcode from a modified version of the message is generally not feasible. Thus, when the recipient confirms that the received authentication code is valid for the received message and the encryption key, the recipient can conclude that: the sender has a corresponding encryption key and the received message is the same as the message used to generate the received encryption key. 
      In some embodiments, the recipient performs the verification of the message authentication code using the same encryption key that was used by the sender to generate the authentication code. For example, the recipient generates an authentication code for the received message using the same encryption key and compares the generated authentication code with the received authentication code. If there is a match, then the received authentication code is valid for the received message; and the sender may be considered to have an encryption key. Otherwise, the received verification code is invalid to the received message; the received message has changed since the generation of the authentication code, or the received authentication code was generated using a different encryption key, or both.
      In some embodiments, the recipient performs verification of the message authentication code using a public encryption key of the key pair; and the sender generates the authentication code using the private encryption key of the key pair. For example, the authentication code may be generated by applying a hash function to the message to generate a hash value for the message. A ciphertext of the hash value obtained by hash value encryption performed using the encryption key may be used as the authentication code. The receiver of the message and the authentication code performs authentication using a corresponding decryption key, which is the same as the encryption key when symmetric encryption is used and the other key of the key pair when asymmetric encryption is used. After recovering the hash value from the ciphertext using the decryption key, the recovered hash value may be compared to the hash value of the received message; if there is a match, then the received authentication code is valid for the received message; otherwise, the received authentication code is invalid for the received message. Alternatively, the receiving party may perform authentication using the encryption key without performing decryption. The recipient may use the encryption key to generate an authentication code for the message to compare with the received authentication code. 
      In some embodiments, the message and encryption key combination generates a hash value as the verification code, as in a hash-based message authentication code (HMAC) technique. For example, an encryption key may be used to generate both keys. After combining one of the two keys with the message to generate a message modified by the key, a cryptographic hash function may be applied to the key-modified message to generate a hash value, which is further combined with the other key to generate another message. After applying the cryptographic hash function (or another cryptographic hash function) to the other message, a hash-based message authentication code is generated. The message recipient may generate a hash-based message authentication code for the received message using the same encryption key to compare with the received hash-based message authentication code. If there is a match, the verification is successful; otherwise, the verification fails.
      In general, any technique for generating and verifying an authentication code for a message from a sender and an encryption key for use by the sender in generating the authentication code may be used to determine whether the sender has an encryption key. The recipient will perform the authentication using an appropriate encryption key, which may be the same encryption key used to generate the authentication code, or in the same asymmetric encryption key pair. Accordingly, the present disclosure is not limited to a particular technique of hash digests, digital signatures, and/or hash-based message authentication codes. 
      For convenience, a passcode generated using a message whose encryption key is true to represent the message and the encryption key may be collectively referred to as a digital signature of the message signed using the encryption key, but it will be appreciated that the passcode may be generated using various techniques, such as a hash-based message authentication code.
      The memory device may be configured to store an associated encryption key for verifying a verification code signed using an encryption key configured to represent a right to request the memory device to execute a command.
      For example, the access controller may provide a set of permissions to an owner of the memory device such that the owner may activate or deactivate one or more security features of the memory device, change one or more security settings, parameters, configurations, or preferences of the memory device, and/or read data from a section of the memory device that is not readable by other users of the memory device.
      For example, an access controller may provide an authorized user of a memory device with particular rights to read, write, erase, or modify particular sections of the memory device.
      When a memory device receives a command that requires access to execute, the access controller may retrieve the corresponding encryption key to verify the authentication code or digital signature of the message containing the command. If the verification of the received authentication code for the received command is successful, the received command is considered to be from the sender of the encryption key having the authority to execute the command in the memory device. In response, the access controller allows execution of the command in the memory device. Otherwise, the access controller prevents execution of the command. 
      The memory device may be manufactured to be initially owned by the secure server. The security server may then provide and/or transfer some or all of the rights to one or more owners and users in a process from the memory device assembled to the computing device having the memory device used by the end user. The access controller may prevent tampering, hacking, and unauthorized access while providing flexibility to support different modes of rights transfer for different owners and users, such as the manufacturer of the component computing device in which the memory device is installed, the manufacturer of the computing device in which the component computing device is installed, a retailer, an enterprise user, an end user, and an alternate end user, among others.
      The identity engine of the memory device is configured to generate data indicative of an identity of the memory device and/or an identity of a computing device on which the memory device is installed. To generate the identity data, the identity engine uses the encryption engine to generate a secret encryption key from the unique device secret and other data stored in and/or collected by the memory device (e.g., during a boot process of the computing device). The presence of a secret encryption key in a memory device may be viewed as proof that the memory device possesses a unique device secret and other data for generating the secret encryption key. The presence of the secret encryption key in the memory device may be verified by the secure server via a verification code or digital signature signed using the secret encryption key. 
      During manufacture of the memory device, a copy of the unique device secret is hosted in a secure server and/or securely shared without exposure. The secure server is then configured to derive the same secret encryption key (and/or corresponding public key if asymmetric encryption is used) independent of the memory device, without the memory device having to transfer its unique device secret out of the memory device. Thus, the security server can verify that the memory device has a unique device secret by verifying that the memory device has the secret encryption key; and the secret encryption key that is the identity of the memory device may be changed in the process that the memory device is integrated into the component, device, system and transferred among the manufacturer, retailer, distributor, company and/or end user. The memory device entity represented by the secret encryption key may be updated to represent that the memory device is assembled into a component, device, system, customized and/or personalized and/or owned and/or operated by a different entity or user without changing the unique device secret.
      Encryption operations and communications may be performed to allow the security server to verify that the memory device has a secret encryption key. 
      For example, identity data presented by a memory device for verification may include a message showing public identification of the memory device. Common identification may be used to distinguish memory devices from other memory devices. The identity data may comprise a verification code or digital signature of the message in the identity data signed using the secret cryptographic key. The identity data comprises a copy of the message and an authentication code or digital signature. Once the authentication code and message data are authenticated by the security server, the security server can conclude that: the public identification provided in the identity data is authentic and the identity data is from a memory device having a secret encryption key.
      The secret encryption key of the memory device may be generated using not only the unique device secret of the memory device but also additional data representing some aspect of the memory device and/or the computing device in which the memory device is installed. The additional data may represent software, firmware, a boot loader, an application, trace data stored in a memory device, an identifier of a computing device component in the computing device at a most recent boot time of the computing device. If the additional data has changed, the identity engine generates a changed secret encryption key. Therefore, the authentication code generated using the changed secret encryption key cannot pass the authentication performed at the secure server. Thus, verification of the verification code generated by the identity engine also verifies the integrity and authenticity of the hardware/software/data composition of the memory device and the computing device in which the memory device is installed. 
      Verification of the identity of the memory device and/or its host system can detect counterfeiting, tampering, and stolen/lost devices. Based on a request from the owner, the security server can configure the stolen/lost device to operate in one of several degraded modes, such as non-bootable, non-readable, encrypting/erasing data in non-volatile memory, self-destruction of the memory/storage function of the memory device, and so forth.
      The security server is configured with an information database for verifying identity data generated by an identity engine of the memory device. The database allows the secure server to generate a corresponding secret encryption key for the memory device (and/or a corresponding public key if asymmetric encryption is used). The encryption key may be generated by the secure server without the memory device having to transfer its unique device secret outside the memory device after manufacture of the memory device. The encryption key may be generated based at least in part on additional data available after manufacture of the memory device.
      The security server may store an encryption key representing the owner's rights to the memory device. Using the encryption key, the secure server may generate a command that transfers ownership of the memory device and configures and/or transfers selected rights so that the selected command executes in the memory device. After reporting that the computing device is lost/stolen, the security server may detect the use of its memory device during memory device authentication, as well as requests for services by third party servers. 
      For example, when a third party server receives a request for a service from a computing device having a memory device, the third party server forwards identity data generated by the memory device from the computing device to the security server for verification. If the identity data is verified by the security server, the third party server may provide a service to the computing device; otherwise, the service request may be rejected, discarded or ignored.
      When requested by an authorized party, the security server may sign the command or generate a verification code for the command to grant or revoke access to the non-volatile memory of the memory device. Commands that an authorized party may sign are forwarded to the memory device for execution. The signed command contains a message with the command and an authentication code of the message signed/generated using an encryption key representing the authority to execute the command in the memory device.
      The memory device may be installed in the computing device as part of the computing device's identity and provide the computing device with main memory/storage capacity. For example, instructions and associated data to be executed in a computing device may be stored in a memory device and protected from damage, tampering, and/or hacking via security features of the memory device. Because the identity data generated by the identity engine of the memory device is based at least in part on the instructions/data stored in the memory device, the integrity and/or authenticity of the instructions and data to be used by the computing device is verified at least during the process of verifying the identity of the memory device and/or the computing device. 
      The security service provided by the security server removes the security protection of the operating and computing devices from the third party server. Services using memory devices and security servers may prevent unauthorized access without significant effort by the computing device manufacturer and the operator of the third party server. Thus, the third party server may operate with its core capabilities of providing the respective service without compromising security.
      The third party server may provide services to its subscribers using the services provided by the security server without the subscriber performing manual operations to configure the computing device used by the subscriber. For example, a subscriber may use a computing device to access subscribed cellular services in a subscriber account without inserting a physical SIM card into the computing device and/or performing other operations to customize the computing device to use the subscriber account for access.
      The subscriber may be represented by an account identification. When a subscriber purchases a computing device, ownership of the computing device may be transferred to the subscriber through the secure server. Security features of a memory device configured in a computing device may be used to generate a device identity. When the computing device connects to a third party server to obtain a service, the third party server requests the security server to verify the device identity. Based on ownership of the computing device and ownership of the account, the computing device may dynamically link to the account such that the computing device can use the account to access services provided by third parties without requiring manual operations to configure the computing device. 
      For example, during authentication of the identity of the computing device, the owner/subscriber of the computing device is identified by an ownership management service of the secure server. Once the owner/subscriber is identified, the subscriber identification may be built into the device identity of the computing device or associated with the device identity in a database of the security server. Subsequently, when verifying the device identity, the services in the subscriber account may be provided to the computing device by a third party without requiring the subscriber to explicitly direct/request the services to the computing device.
      Optionally, the computing device may establish a separate certificate with the third party server such that the third party server need not contact the secure server each time the computing device connects to the third party server to obtain the service.
      FIG. 1 illustrates an example computing system in accordance with some embodiments of the present disclosure.
      In FIG. 1, the integrated circuit memory device  130 has security features as discussed above.
      The secure memory device  130 may store the unique device secret 101 for authentication thereof. In one example, the unique device secret 101 is injected into the memory device  130 in the secure facility and stored in a register of the memory device  130. In another example, the unique device secret 101 may be obtained from a Physically Unclonable Function (PUF) of the memory device  130. The unique device secret 101 may be obtained via a secure facility and registered in the secure server  140. For example, the secure facility may be part of a manufacturing facility for the memory device (e.g., 130). The unique device secret 101 in the memory device  130 is not accessible via any interface of the memory device 130 (e.g., the host interface 147) after the memory device  130 is made and/or leaves the secure facility. Thus, after fabrication of memory device  130, unique device secrets 101 as in memory device  130 are sealed in the integrated circuit package of memory device  130. The copy of the unique device secret 101 is protected against theft and unauthorized access with strong security measures (e.g., using a Hardware Security Module (HSM)) within the secure server  140. 
      The memory device  130 includes logic circuits or local controllers that implement the encryption engine  107. The encryption engine  107 may perform cryptographic computations, such as hashing, key derivation, encryption, and/or decryption, without relying on processing capabilities outside of the memory device  130, such as the processing device 118 of the host system  120.
      For example, the encryption key 105 may be generated at boot time based on a combination of the unique device secret 101 and the device information  121 stored and/or obtained in the memory unit 103 of the memory device  130, according to a method specified by the device identity synthesis engine (DICE) and the robust internet of things (RIoT) standard, or another method. Device information  121 may include non-secret data that may be obtained by an entity other than secure server  140 and memory device  130. To improve security, the device information  121 may include time-related information.
      For example, the encryption key 105 may comprise two asymmetric encryption keys. The first asymmetric key is referred to as a device identification key; and the second pair of asymmetric keys is referred to as an alias key. The private device identification key is used to authenticate the authenticity of the alias key and thus reduce its use and risk. The alias key may be used for more transactions/communications; and the alias key may be replaced more frequently than the device identification key in order to improve security, as the alias key is used more frequently and therefore risks. For example, a private device identification key may be generated at boot time and used to sign a certificate, such as the certificate of the alias public key; then, the private device identification key is immediately deleted from the memory device  130 to protect its confidentiality. 
      Generally, one of the encryption keys 105 generated using the unique device secret 101 and the device information  121 may be used as a secret and an identity of the memory device  130 to be authenticated by the security server  140.
      For example, authentication of memory device  130 may be performed by verifying that memory device  130 has secret encryption key 105. Having a secret encryption key 105 in memory device  130 may be viewed as proof that memory device  130 has a unique device secret 101 and stores an untampered version of the non-secret data.
      Using the encryption engine  107, the memory device  130 can prove that the memory device  130 has the secret encryption key 105 without having to transfer the secret encryption key 105 and/or the unique device secret 101 outside of the memory device  130. For example, the memory device  130 may digitally sign a certificate or message using the secret encryption key 105 to provide an authentication code for the message and the secret encryption key 105. When the security server  140 verifies the verification code successfully, the security server  140 may conclude that: the memory device  130 has a secret encryption key 105 and thus an identity represented by the unique device secret 101.
      The memory device  130 contains an access controller  109 configured to verify, using the encryption engine  107, a verification code generated using the encryption key  106 representing the rights associated with the command. If the command is received with a valid authentication code, access controller  109 allows memory device  130 to execute the command; otherwise, the command may be rejected, ignored, or discarded.
      When memory device  130 is manufactured, one or more relevant encryption keys 105 are stored in memory device  130 to provide owner rights to security server  140. Using owner permissions, security server  140 may sign commands for execution in memory device  130 to activate or deactivate security features, trigger replacement of a secret encryption key that is the identity of memory device  130, replace an encryption key used by access controller  109 to verify the permissions to execute one or more commands in memory device  130 for one or more regions of memory cells 103, and so on.
      Optionally, after authenticating the identity of the authorized requestor, the security server  140 may sign the command using the encryption key to generate a verification code or digital signature of the command so that the requestor can send the command with the verification code to the host interface  147 of the memory device  130 so that the command can be executed within the memory device  130. 
      Optionally, the security server  140 may provide the entity with specific rights by replacing the encryption key 105 in the memory device  130, or provide the entity with a corresponding encryption key  106 representing the rights.
      Typically, memory device  130 is connected to host system  120 to form an endpoint 150 in a communication network  110, such as the internet. In general, endpoint 150 is a computing device. Examples of endpoints 150 include personal computers, mobile computers, personal media players, tablet computers, smart phones, smart TVs, smart speakers, smart appliances, internet of things (IoT) devices, and so forth.
      Memory unit 103 of memory device  130 may provide storage/memory capacity for host system  120 to store instructions and data for implementing the functions of endpoint 150. For example, processing device 118 of host system  120 is configured to execute instructions loaded from memory device  130 to initiate and perform operations.
      The host system  120 may include a network interface  114 or another communication device to communicate with one or more of the client servers  141, …, 143 to receive services from the client servers  141, …, 143.
      The service request sent from endpoint 150 to client server  141 may include identity data generated by encryption engine  107 of memory device  130. The client server  141 may request the security server  140 to verify the passcode contained in the identity data. 
      In addition to services that authenticate the identity of memory device  130, security server  140 may also provide security services to manage the authority to operate memory device  130, configure or change security features or settings of memory device  130, detect lost/stolen devices, deactivate lost/stolen devices, and so forth.
      For example, the unique identification  111 of the memory device  130 may include a Manufacturer Part Number (MPN) of the memory device  130 and/or a serial number of the memory device  130. For example, the unique identification  111 of the memory device  130 may comprise a public key in a pair of asymmetric encryption keys generated based at least in part on a unique device secret.
      To authenticate the memory device  130 and/or the endpoint 150 as having an identity represented by the unique identification  111, the secure server  140 verifies the message containing the unique identification 111 (and other data 127) via the verification code of the message signed using the memory device's secret encryption key 105. The secret encryption key 105 in the memory device  130 is generated using the unique device secret 101 in the memory device; and a corresponding encryption key  106 for verifying a verification code signed using the secret encryption key 105 of the memory device  130 is generated in the secure server  140 from the corresponding unique device secret 101. 
      The secret encryption key 105 for the memory device  130 used to prove the identity of the memory device  130 may be generated based not only on the unique device secret 101 but also on device information  121 accessible to the memory device  130.
      For example, device information  121 may include a hash value of instructions and/or data stored in memory unit 103. Further, device information  121 may include tracking data stored into memory unit 103 for personalizing/personalizing memory device  130 and/or endpoint 150 during assembly of the components to build endpoint 150. Further, device information  121 may include identification information of other components in endpoint 150, such as an identification of controller  116, an identification of processing device 118, an identification of network interface  114, an identification of additional software or data packets of endpoint 150 not stored in memory device  130, and/or an identification and/or hash value of firmware configured to control/operate memory device  130. During boot time, the identification data may be collected as device information  121 used to generate the secret encryption key 105 for the memory device  130.
      During the registration process, when memory device  130 is configured with device information  121, a copy of device information  121 is uploaded to security server  140 for association with unique identification  111 of memory device  130 and/or endpoint 150. The registration of the device information  121 allows the identity of the memory device  130 to be linked to the data, software and/or hardware configuration represented by the combination of the unique device secret 101 and the device information  121. 
      FIG. 2 illustrates generation of identity data in an integrated circuit memory device, according to one embodiment. For example, the techniques of FIG. 2 may be implemented in the computing system of FIG. 1.
      In fig. 2, the cryptographic engine  107 of the memory device 130 (e.g., as in fig. 1) is used to generate at least a secret key  137 using its unique device secret 101 and device information  121.
      For example, when asymmetric encryption is used, secret key  137 is the private key of encryption key pair 135. The associated public key  139 is generated with the private key using the encryption engine  107.
      Alternatively, when symmetric encryption is used, the secret key  137 may be generated and used without the public key  139 and without the key pair 135.
      In some embodiments, multiple key pairs 135 are generated and used. For example, when using the device identity synthesis engine (DICE) and robust internet of things (RIoT) methods, the first asymmetric key is referred to as the device identification key; and the second pair of asymmetric keys is referred to as an alias key. The private device identification key may be used to authenticate the authenticity of the alias key and then immediately deleted and purged from the memory device  130 and/or the endpoint 150 to protect its confidentiality, particularly when the generation or use of the private device identification key occurs at least in part in the host system  120. The alias key may be used to authenticate other transactions and/or communications. For example, the private device identification key may be generated at boot time and used to sign a certificate, such as the certificate of the alias public key, and then deleted. After verifying or confirming the identity of the memory device  130 and the authenticity of the public alias key using the certificate signed using the private device identification key as the secret key  137, the private alias key may be used as the secret key  137 of the memory device  130 in subsequent operations until the endpoint 150 reboots. 
      For example, the data  123 of the device information  121 stored in the memory unit 103 may include a set of instructions (e.g., software, firmware, operating system, applications) to be executed by the processing device 118 of the host system  120 connected to the host interface  147 of the memory device  130.
      For example, data  123 may include a cryptographic hash value of the set of instructions. For example, a known hash value of the set of instructions may be stored in memory unit 103; and a current hash value of the set of instructions may be calculated to compare with the known hash value. If the two hash values are consistent with each other, the integrity of the set of instructions is verified; and the hash value of the integrity of the set of instructions may be used as part of the device information  121 to calculate the secret key  137.
      Alternatively, the current hash value of the set of instructions stored in memory unit 103 may be used directly in the calculation of secret key  137. If the instruction has changed (e.g., due to data corruption and/or tampering or hacking), then the authentication of the secret key  137 by the security server  140 will fail.
      Optionally, the data  123 may include an identification of the set of instructions, such as a hash value of the source code of the instructions, the name of the software/firmware package represented by the instructions, the version number and/or release date of the package, and so forth. 
      Optionally, data  123 may include trace data stored into memory unit 103 during the process of building and/or customizing endpoint 150 including memory device  130. For example, when memory device  130 is assembled into a component device (e.g., a memory subsystem), a piece of trace data representing the manufacturer of the component device, the model number of the component device, and/or the serial number of the component device is stored into memory unit 103 as part of device information  121. Subsequently, when the component device is assembled into the endpoint 150, a piece of trace data is added to the memory unit as part of the device information  121. Other tracking data may be added to memory unit 103 as part of device information  121 to reflect the history of memory device  130 used to personalize the identity of memory device  130.
      Optionally, the device information  121 may further include data  125 received from a host system  120 connected to a host interface  147 of the memory device  130.
      For example, endpoint 150 may have host system  120 and memory device  130. Some components in the host system  120 may be removed or replaced. Upon booting endpoint 150, a portion of the instructions stored in memory unit 103 are executed to collect data  125 about components present in host system  120 at boot time. Thus, device information  121 may represent a particular configuration of a software/data and hardware combination of memory device  130 and/or endpoint 150. The secret key  137 generated based on the device information  121 and the unique device secret 101 represents the identity of the memory device  130 having the particular configuration. 
      To prove the identity of memory device  130 and/or endpoint 150, cryptographic engine  107 generates an authentication code  133 from message 131 and secret key  137.
      As discussed above, secret key  137 and verification code  133 of message 131 may be constructed and/or verified using various techniques, such as a hash digest, a digital signature, or a hash-based message authentication code, symmetric encryption, and/or asymmetric encryption. Thus, the validation code  133 is not limited to a particular implementation.
      Optionally, message 131 may contain a user identification, such as a name, an email address, a registered user name, or another identifier of the owner or authorized user of endpoint 150 in which identity data  113 was generated.
      Optionally, portions of message 131 may provide the information in encrypted form. For example, the information may be encrypted using the public key of the secure server  140 so that the information is not accessible to third parties.
      Message 131 may be a certificate that presents the unique identification  111 of memory device  130 and/or endpoint 150. Message 131 may further present other data  127, such as a counter value maintained in memory device  130, a cryptographic nonce, and/or other information regarding the verification of identity data  113. Memory device  130 may monotonically increase the counter value to invalidate identity data with a lower counter value to prevent replay attacks. 
      In some implementations, the data  127 may include a portion of the device information  121 used to generate the secret key  137.
      In some embodiments, the secret key  137 is a private alias key of a pair of asymmetric keys. Data  127 contains a certificate representing the corresponding public alias key in the pair of asymmetric keys. The certificate presenting the public alias key is signed using the device identification key of the memory device  130. The public alias key may be used to verify the authentication code  133 of the message 131 and the private alias key used as the secret key  137. Once the security server  140 verifies the certificate presenting the public alias key, signed using the device identification key of the memory device  130 and provided as part of the data  127, the security server  140 may verify the verification code  133 signed using the private alias key as the secret key  137 using the public alias key. In this embodiment, security server  140 may validate authenticator  133 using the public alias key provided in message 131 without having to regenerate the pair of alias keys; and memory device  130 may generate alias key pair 135 using data not already known to security server  140.
      A certificate presenting a public alias key may be generated and verified in the manner in fig. 2, where the secret key  137 is a device identification key generated using the device information  121 and the unique device secret 101. Optionally, memory device  130 initially provides a certificate with the public alias key to secure server  140. Subsequently, the memory device  130 may use the private alias key as the secret key  137 and either the public alias key is not included in message 131 or the certificate of the public alias key is not included in message 131. 
      Further, verifying the identity of the memory device  130 may include using a plurality of secret keys and a verification code signed with the secret keys. For example, the device identification secret key may be used to initially establish the authenticity of the alias secret key and the identity of the memory device  130; and subsequently, the alias secret key may be used to verify the authenticity of the identity of the memory device  130. In general, the device identification secret key and the alias secret key may be based on asymmetric encryption or symmetric encryption, as the security server  140 may generate corresponding encryption keys generated by the memory device  130.
      To improve security, memory device  130 does not use processing capabilities outside of memory device  130 to generate a copy of secret key  137 and does not transfer secret key  137 outside of memory device  130. The generation and use of secret key  137 is performed using the logic of encryption engine  107 that is sealed within memory device  130. 
      Alternatively, portions of the operations to generate and use the secret key  137 may be implemented via a set of instructions stored in the memory unit 103 and loaded into the processing device 118 of the host system  120 for execution. To improve security, the secret key  137 is not transmitted in clear across the host interface  147; and the instructions may be configured to clear the secret key 137 from the host system  120 after generation and/or after use.
      FIG. 3 illustrates a technique for controlling command execution in a memory device, according to one embodiment. For example, the technique of FIG. 3 may be implemented in the computing system of FIG. 1 and used with the technique of FIG. 2. 
      In FIG. 3, when the controller  116 of the host system  120 sends a command  155 to the host interface  147 of the memory device  130, the access controller  109 determines whether the sender of the command  155 has the right to request the memory device  130 to execute the command  155.
      The encryption key  145 is configured to represent rights. The sender of command  155 can generate verification code  153 from encryption key  145 and message 151 containing command  155.
      As discussed above, encryption key  145 and verification code  153 of message 151 may be constructed and/or verified using various techniques, such as a hash digest, a digital signature, or a hash-based message authentication code, symmetric encryption, and/or asymmetric encryption. Thus, the validation code  153 is not limited to a particular implementation.
      The access controller  109 authenticates the authentication code  153 of the command  155 submitted to the host interface  147 using the corresponding access control key 149. The access controller  109 uses the encryption engine  107 to generate a verification result  159 of the received message 151 and the received verification code  153. Based on the verification result  159, the access controller  109 may selectively allow the command  155 to execute within the memory device  130 or prevent execution of the command  155.
      For example, the access control key 149 may be one of the encryption keys 105 stored in the memory device  130. Different access control keys may be used to control different rights for executing different commands and/or for executing commands acting on different sections of memory unit 103. 
      For example, the encryption key  145 may be stored in the secure server  140 to provide the associated rights to the secure server  140.
      In one embodiment, security server  140 is configured to generate an authentication code  153 on behalf of an entity in response to the entity requesting authentication code  153 to execute command  155 in memory device  130.
      Optionally, the encryption key  145 is generated during the verification of the identity data  113 generated using the secret key  137; and a secret known between memory device  130 and security server 140 (e.g., secret key 137) allows the session key to be generated as encryption key  145 to represent the right to execute the selected command in memory device  130 during the communication session with the time limit. Optionally, the period of device power-on may be used as a session delimiter, such that a new count value is generated during the next power cycle, thereby enabling generation of a new session key.
      The encryption key  145 may be configured to be valid for a short time after the authentication of the identity data  113 and the establishment of the session key. After security server  140 verifies that the entity has the right to execute command  155 in memory device  130, security server  140 may generate verification code  153 and provide verification code  153 to the entity. The entity may then send message 151 and authentication code  153 to host interface  147. Once access controller  109 of memory device  130 determines, using encryption engine  107 and access control key 149, that authentication code  153 is valid, authentication result 159 permits memory device  130 to execute received command  155; otherwise, the access controller  109 may reject or ignore the received command  155. 
      In another embodiment, after security server  140 configures access control key 149 in memory device  130, security server  140 may provide entity with encryption key  145 representing the authority to execute command  155 in memory device  130.
      Message 151 may contain data  157 that represents a restriction on the request to execute command  155.
      For example, the data  157 may include an execution count value maintained within the memory device  130 such that the generated validation code for the lower count is invalid.
      For example, the data  157 may include a cryptographic nonce established for a particular instance of the request to execute the command  155, such that the authentication code  153 cannot be reused for another instance.
      For example, the data  157 may include a time window in which the verification code  153 is valid.
      For example, the data  157 may include an identification of the memory region in which the command  155 is allowed to execute.
      For example, data  157 may include the type of operation that allows command  155 to be executed in memory device  130.
      FIG. 4 illustrates a technique for verifying the integrity of data stored in a memory device, according to one embodiment. For example, the techniques of FIG. 4 may be used for memory device  130 of FIG. 1, and used in conjunction with the techniques of FIG. 2 and/or FIG. 3. 
      In fig. 4, the memory device  130 stores not only the content  161 but also a hash value  163 of the content  161 in the memory unit 103. To determine the integrity status  165 of the content  161, the cryptographic engine  107 applies a cryptographic hash function to the content  161 to generate a current hash value of the content  161; and the encryption engine  107 compares the current hash value with the stored hash value  163 to determine whether they are the same. If so, the integrity of the content  161 required by the stored hash value  163 is confirmed.
      The hash value  163 may be stored as part of the device information  121 used to generate the secret key  137 to verify the identity of the memory device  130.
      For example, a manufacturer of endpoint 150 may store content  161 in memory unit 103 such that processing device 118 of host system  120 in endpoint 150 may run programs or routines in content  161 to provide the designed functionality of endpoint 150. Further, the manufacturer and/or the secure server  140 may store the hash value  163 into a separate section for integrity checking. An end user of endpoint 150 may access and use content  161 in the memory unit, but may not access hash value  163. If content  161 is damaged or tampered with, encryption engine  107 may detect the change and generate integrity status  165, causing access controller  109 to prevent use of content  161. When the manufacturer has an updated version of the content 161 (or replacement), the manufacturer may perform the update in the memory unit 103 and issue a command  155 with the authentication code  153 to update the hash value  163. Optionally, the security server  140 may generate the verification code  153 in response to a request from the manufacturer. 
      The device information  121 and encryption key 105 in the memory device  130 may be stored in a secure section in the memory device  130 and protected by owner rights, represented as encryption key  106 stored in the secure server  140, via the access controller  109.
      Different secrets (e.g., unique device secret 101, secret key 137) and content (e.g., device information  121, content 161) may be protected with different security levels and/or using different security policies to balance security and utility.
      The unique device secret 101 may be protected in the memory device  130 at the highest level of security. For example, the unique device secret 101 may not be changed via a command to the host interface 147 (and/or any interface of the memory device 130) once the memory device  130 leaves the memory device's manufacturing security facility and/or after the memory device's 130 manufacturing operations are completed. Preferably, the unique device secret 101 is only accessible to the cryptographic engine  107 during generation of the secret key (e.g., 137) used to represent the identity of the memory device  130 and/or the endpoint 150. For example, the unique device secret 101 may be configured to be available only for a limited time upon startup of the endpoint 150. 
      For example, the device identification key may be protected by minimizing its use. The alias identification key is more secure than the device identification key and is replaced more frequently. Different operations and/or permissions may be used to replace the device identification key and the alias identification key.
      Fig. 5 illustrates a security service of a security server provided to a client server based on security features implemented in a memory device, according to one embodiment.
      For example, the security service shown in fig. 5 may be implemented in the computing system of fig. 1 based on the security features shown in fig. 2, 3, and/or 4.
      In FIG. 5, client server  141 is configured to provide services to a computing device, such as endpoint 150 in FIG. 1 having memory device  130 connected to host system  120.
      To request service from client server  141, host system 120 (e.g., executing instructions retrieved from memory device 130) requests identity data  113 of memory device  130. For example, identity data  113 may be generated in the manner shown in FIG. 2.
      The host system  120 embeds the identity data  113 in a request 171 that is transmitted to the client server  141.
      To determine whether endpoint 150 is authorized to be serviced, client server  141 extracts identity data  113 from request 171 and generates a request 173 for security server  140 to provide security services based on identity data  113. 
      For example, response  174 may indicate whether identity data  113 is from a counterfeit device, or from a device in which data  123 or content  161 related to the identity of endpoint 150 and/or memory device  130 has been altered, damaged, changed, or tampered with, or from a lost or stolen device.
      In some implementations, request 173 can identify command  155 to be executed in memory device  130. After verifying the identity data  113 and verifying the authority of the client server  141 and/or endpoint 150 to request that the command  155 execute within the memory device  130, the security server  140 may generate a verification code  153 for the command  155 using the encryption key  145 and provide the verification code  153 to the client server  141 in a response  174. Using the security service, the client server  141 can be relieved from the security burden associated with the management of the rights and the encryption key  145 representing the rights.
      Optionally, response  174 may include encryption key  145 representing the authority to execute command  155 in memory device  130. To reduce the security burden on the client server  141, the encryption key  145 may be configured to expire in a short time. 
      Optionally, when it is determined that identity data  113 is associated with a lost or stolen device, response  174 may include command  155 and/or authentication code  153 thereof, such that when command  155 is executed in memory device  130, access controller  109 may disable at least some features accessible to host system  120 via host interface  147.
      For example, after executing command  155 in memory device  130, access controller  109 may be configured to disable the boot loader stored in memory unit 103 of memory device  130.
      For example, the command  155 may cause the access controller  109 to block access to one or more sections of the memory cells 103.
      For example, the command  155 may cause the access controller  109 to require the right to access one or more sections of the memory unit 103, which is represented by the new encryption key  106 stored in the security server  140.
      For example, the command  155 may cause the access controller  109 to corrupt data in one or more sections of the memory unit by clearing a decryption key used to decrypt data stored in the one or more sections.
      For example, command  155 may cause memory device  130 to perform self-destruction and be irreversibly damaged.
      The instructions retrieved from memory unit 103 for execution in host system  120 may include routines that can accept command  155 as a response to memory device  130 providing identity data  113. In some implementations, client server  141 may provide a connection that allows security server  140 to send commands  155 to memory device  130 for execution. 
      The techniques discussed above may be used to implement new ways of authenticating service subscribers.
      For example, memory device  130 may be configured to generate a multi-factor device platform identity for endpoint 150 with improved security. The identity may be generated by combining: the unique device secret 101 of the memory device  130, platform source code identifying one or more applications running on the endpoint 150 to establish a secure connection to a service or network (e.g., client server  141 or 143), and a unique identifier of the network interface  114 or communication device. For example, the unique identifier may be an identifier of a modem installed on endpoint 150 to communicate over communication network  110. For example, the multi-factor device platform identity may be based at least in part on an International Mobile Equipment Identity (IMEI) number of the endpoint 150 configured to access cellular services. For example, when endpoint 150 relates to a vehicle, the multi-factor device platform identity may be based at least in part on a Vehicle Identification Number (VIN). Such powerful identities may be used in conjunction with cloud-based Subscriber Identity Module (SIM) functions in sign-on, network access and registration of cloud services (e.g., cellular subscription services).
      The security features of the secure server  140 and the memory devices (e.g., 130) may provide a secure memory device technology platform. The platform may be configured to support authentication of endpoint 150 by measuring data stored in memory unit 103 of a secure memory device (e.g., 130). Additional network security protection of the endpoint may be achieved by controlling access to content  161 stored in a memory device (e.g., 130). Access control may be implemented by secure hardware manufacturing operations and password-based admission control, as discussed above in connection with fig. 1-5. A platform equipped with such memory devices (e.g., 130) may reach a sufficient level of network security protection to support a cloud-based virtual SIM solution and no longer require a physical SIM card on endpoint 150 to access the cellular connection. 
      The secure memory device technology platform may include a combination of a secure memory device (e.g., 130) and software that satisfies the DICE RIoT requirements for generating identity data  113 for endpoints (e.g., 150) that are initiated using the secure memory device. Such identity data  113 for endpoint 150 is generated based on the identity of the secure memory device  130 used to boot endpoint 150 and other factors. Such identity data  113 may be passed on to the client server  141 during login (e.g., registration service). Client server  141 may communicate with security server  140 to confirm the identity of endpoint 150. When identity data  113 is verified, client server  141 may trust endpoint 150 as authentic, and thus register service with endpoint 150.
      For example, such a service may be a cellular connection that is typically registered with a physical SIM card. The identity data  113 that is verified by the secure memory device technology platform and protected by a secure login may provide identification of the endpoint (e.g., 150) in as secure or more secure a manner as identifying the endpoint using a physical SIM card. The cloud-based virtual SIM may be bound to identity data  113 that the secure memory device technology platform verifies during the service subscription lifecycle. 
      Typically, a service network (e.g., a payment card network, a cellular communication network) may identify a subscriber via a smart card. Conventional smart cards are configured as integrated circuit chips embedded in plastic cards. The integrated circuit chip in the smart card stores data identifying the customer account and may optionally store data relating to services provided to the account by the services network. The integrated circuit chip may be read through metal contacts disposed on a surface area of the plastic card and/or the wireless transceiver.
      For example, a Subscriber Identity Module (SIM), also referred to as a SIM card, is a type of smart card. SIM cards are commonly used in mobile phones to identify accounts for accessing cellular communication network services. When the SIM card is attached to the mobile phone, the cellular communication network provides services to the mobile phone according to the account identified by the SIM card. When the SIM card is attached to a replacement mobile phone, the replacement mobile phone may access the services configured for the account.
      For example, the SIM card may store a mobile subscriber identity, such as an International Mobile Subscriber Identity (IMSI) number. The mobile/cellular network operator may assign authentication keys to the IMSI number and the SIM card. The SIM card stores an authentication key. The SIM card may be authenticated based on a digital signature signed using an authentication key. After authenticating the SIM card, the mobile phone with the SIM card may receive mobile/cellular services in an account associated with the mobile subscriber identity. 
      The Europay MasterCard Visa (EMV) card is another example of a smart card. EMV cards may be used to receive financial services in a payment card processing network to access bank accounts, such as debit accounts and credit accounts.
      Integrated circuit memory device  130 may be configured to prevent unauthorized access to its memory cells 103 and to ensure a unique identity of the memory device  130 itself and/or the endpoint 150 in which the memory device  130 is installed. As shown in fig. 6, a secure memory device  130 having security features may be used to implement the functionality of smart cards, such as SIM cards and EMV cards, using data supplied remotely to the secure memory device and/or using data stored in a secure server.
      Figure 6 illustrates a system and method for configuring and authenticating endpoints of a card-based service, according to one embodiment.
      For example, the system and method of fig. 6 may be implemented in the computing system of fig. 1 using the techniques of fig. 2 through 5.
      In fig. 6, memory device  130 may be implemented using an integrated circuit memory device  130 having the security features of fig. 1-5. An access controller  109 of memory device  130 may use one or more access control keys  213 to control read and write operations that access at least some memory regions in memory device  130. 
      For example, memory device  130 is initially manufactured with access control key  213, allowing security server  140 to have full access to a memory region in memory device  130. Memory device  130 is further manufactured to include at least a portion of device identity data 211 that uniquely identifies memory device  130 among a population of memory devices.
      For example, the device identity data 211 may be generated using the techniques illustrated in fig. 2.
      For example, during manufacture of the memory device  130, the root secret (e.g., the unique device secret 101) of the memory device  130 is loaded into the security server  140 in the operation of the memory registration  231. The root secret may be a number generated by a Physically Unclonable Function (PUF) of the memory device  130 or a random number selected during manufacture of the memory device  130 and stored into the memory device  130. The secure server  140 may include a key management server configured to manage encryption keys for secure memory devices (e.g., 130). The root key may be considered and/or used as a secret encryption key. When memory device  130 is manufactured, the root secret may be obtained from memory device  130 or injected into memory device  130 for memory registration  231. Preferably, memory device  130 is manufactured such that after its manufacture, memory device  130 does not provide a root secret outside of memory device  130. 
      The device identity data 211 may be a root secret that is not disclosed, changed, or provided outside of the memory device  130.
      After memory device  130 leaves the manufacturing facility, the root secret and other secrets in device identity data 211 are not available via the communication interface (e.g., host interface 147) of memory device  130. Because memory device  130 enforces a set of data access policies to prevent secret leakage and tampering of data stored in an access-protected area of memory device  130, memory device  130 may be considered a secure memory device. Security server  140 stores information that may mimic the computation performed by memory device  130 to generate a derived secret independent of memory device  130. Thus, the security server  140 can regenerate the derived secret for the memory device  130 without the memory device  130 transmitting the derived secret via its communication interface (e.g., the host interface 147).
      For example, the root secret of the memory device  130 may be implemented via a Physically Unclonable Function (PUF). The root secret of memory device  130 may be retrieved from memory device  130 and stored into security server  140 for memory registration  231 during manufacture of memory device  130. The root secret may be used to generate a derived secret from the device identity data 211. For example, a PUF can be used to derive Diffie-Hellman (Diffie Hellman) key pairs; and the diffie-hellman key pair can be used to create a Unique Device Secret (UDS)101 that can be securely shared between the device and the secure server. 
      For example, device identity data 211 may be generated using the techniques of fig. 2.
      The derived secret is generated in some manner (e.g., based on a cryptographic hash function, a random number, and/or a monotonic count value) such that the root secret cannot be computed from the derived secret and/or other information used to generate the derived secret. For example, the derived secret may comprise a private key of a pair of asymmetric encryption keys. For example, the derived secret may comprise a symmetric encryption key.
      Device identity data 211 may include a non-secret public identification number of memory device  130, such as a serial number of memory device  130, a unique identification number of memory device  130, and/or a public key of a pair of asymmetric encryption keys, and so forth. Public identification numbers can be used to uniquely identify a memory device  130 among a group of memory devices without revealing the secret of the memory device  130; and the secret of memory device  130 may be used to authenticate/confirm that memory device  130 is identified by the public identification number.
      The derived secret in the device identity data 211 may be generated and/or replaced after the memory device  130 leaves the manufacturing facility. The access control key  213 may be used to control the execution of operations to generate and/or replace derived secrets to prevent tampering. For example, the derived secret may include an encryption key and/or certificate generated in accordance with the Device Identity Composition Engine (DICE) standard. 
      During memory registration  231, at least the root secret of memory device  130 is stored in security server  140 in association with the public identification number of memory device  130. During the manufacturing process of memory device  130, the root secret of memory device  130 is known between memory device  130 and security server  140 during memory registration  231 in the secure environment. The additional information used to generate the derived secret can then be disclosed without compromising the confidentiality of the derived secret. The derived secret may be used for authentication of the memory device  130, and may optionally be replaced.
      The access control key  213 is configured to prevent unauthorized access and/or manipulation of secrets in the device identity data 211. For example, once the access control key  213 is configured in the memory device  130, the secret is limited for use by the cryptographic engine 107 (e.g., to regenerate the derived secret and/or to generate the digital signature). For example, commands/requests received in the host interface  147 of the memory device  130 need to be digitally signed in a manner that can be verified using the access control key  213, as shown in FIG. 3. If the digital signature applied on the command/request is not valid according to the access control key  213, the command/request may be rejected and/or ignored. 
      For example, the access control key  213 may be used to authenticate a digital signature applied on a command to perform a particular operation related to the device identity data 211, such as replacing an encryption key or asymmetric encryption key pair.
      Further, one or more additional access control keys  213 may be used to authenticate the owner of memory device  130 and/or a digital signature of an authorized user. Different authorized users may be limited to accessing different regions of the memory device for a particular operation (e.g., write, erase, read). Owners and other authorized users may have different scopes and/or rights to operate memory device  130.
      Optionally, certain security functions of memory device  130 may be activated for the customer. Some aspects of the memory device  130 relating to the activation of security functions may be found in U.S. patent application No. 17/014,203, filed on 8.9.2020 and entitled "customer specific activation of functions in a semiconductor device," the entire disclosure of which is hereby incorporated by reference herein. 
      Endpoint 150 may be configured to include memory device  130 and other components  187. During the construction  233 of the endpoint 150, the memory device  130 is installed/assembled into the endpoint 150; and the soft module  217 and the trace data 215 may be stored in the memory device  130.
      For example, soft module  217 may include a boot loader of endpoint 150, firmware of memory device  130 and/or a memory subsystem containing memory device  130, or an operating system or software application of endpoint 150. The soft module  217 may contain instructions and data configured to implement functions. The instructions may be executed by logic circuits of memory device  130, a controller of a memory subsystem in which memory device  130 is installed, and/or processing device 118 of host system  120 of memory device  130 and/or the memory subsystem.
      During endpoint construction  233, endpoint registration  235 may be performed to store trace data 215 into security server  140 and/or memory device  130. Tracking data 215 may be part of the configuration and/or identity of endpoint 150.
      For example, the trace data 215 may include a hash value of the soft module  217 calculated using a cryptographic hash function. For example, tracking data 215 may contain a secret assigned to endpoint 150. 
      A counterfeit of endpoint 150 that does not have tracking data 215 cannot pass endpoint authentication  239 that relies on tracking data 215. Therefore, the security of the system is improved. Additional details and examples of techniques related to tracking data 215 may be found in U.S. patent application No. 17/005,565, entitled "secure memory system programming for host device authentication," filed on 28/8/2020, the entire disclosure of which is hereby incorporated by reference herein.
      Endpoint identity data 188 may be generated using the techniques of fig. 2 to represent the configuration of endpoint 150 at its boot time. For example, endpoint identity data 188 may include a certificate (e.g., message 131) generated based on a combination of identification data of a portion of device identity data 211, tracking data 215, and other components (e.g., network interface  114, processing device 118, controller 116) that are present at the time endpoint 150 is initiated.
      Device identity data 211 and/or endpoint identity data 188 may include one or more certificates generated using a Device Identity Composition Engine (DICE) according to a standard developed by the Trusted Computing Group (TCG) that combines a hardware secret and source code to form a trusted identity. Additional details and examples of techniques for generating device identities may be found in U.S. patent application No. 16/374,905, entitled "login software on a secure device for generating device identities to authenticate with a remote server" filed on 4.4.2019 and published as U.S. patent application publication No. 2020/0322134 on 8.10.8.2020, the entire disclosure of which is hereby incorporated by reference herein. 
      The operations of virtual card registration  237 may be performed to configure endpoint 150 for services of card-based services network  225, such as a mobile/cellular communications network, a bank card processing network, and the like.
      For example, endpoint 150 may connect to card server 223 to request the card profile  219 of endpoint 150 represented by device identity data 211. To request the card profile  219, the endpoint 150 transmits the public portion of the endpoint identity data 188 to the card server 223. Card server 223 forwards endpoint identity data 188 to security server  140 for authentication  239 of endpoint 150. For example, the authentication techniques discussed in connection with FIG. 2 may be used.
      Once the security server  140 verifies that the endpoint identity data 188 was formed using the correct combination of the device identity data 211, the tracking data 215, and other data of the endpoint 150 of the memory device  130 submitted and/or recorded in the security server  140 during endpoint registration  235, the card server 223 may assign and/or store the card profile  219 to the memory device  130 or associate the card profile  219 with the endpoint identity data 188.
      Further, the memory device  130 may verify the integrity of the card profile and/or the soft module  217 responsible for using the card profile  219 in the manner shown in FIG. 4.
      When the card profile  219 is secured in the memory device  130 in the endpoint 150, the memory device  130 and/or the endpoint 150 may function in an equivalent manner to a corresponding smart card installed in the endpoint 150. The card profile  219 securely attached to the device identity data 211 may be considered a virtual smartcard.
      In some embodiments, the soft module  217 is configured to use the encryption functions and/or processing capabilities of the logic of the integrated circuit memory device  130 to implement the encryption operations involved in the use of the card profile  219. For example, the card profile  219 may contain an authentication key; and the soft module  217 may be configured to generate a digital signature for authenticating/verifying that the card profile  219 contains an authentication key.
      For example, the card profile  219 may be as shown in fig. 7 and 8.
      FIG. 7 illustrates a card profile of a virtual smart card according to one embodiment.
      In FIG. 7, the card profile  219 may include card data  241 and a soft card module  243. Optionally, the soft card module  243 may be installed as part of the soft module  217 stored in the memory device  130.
      The card data  241 may include identification of a smart card (e.g., a virtual card), an account, and/or a subscriber. For example, the card data  241 may identify the type of smart card, the services to which the account/card is subscribed, and/or customer data related to the services (e.g., balance, transaction records, messages, etc.). In some embodiments, the card data  241 may include the same set of data stored in a physical smart card (e.g., an integrated circuit chip embedded in a plastic card configured according to the Universal Integrated Circuit Card (UICC) standard). 
      The soft card module  243 may contain instructions to operate on the card data  241 by the encryption engine  107 of the memory device  130. For example, the computing functionality of an integrated circuit chip for a particular type of smart card may be implemented by executing the soft card module  243 via the secure memory device  130. Soft card module  243 allows endpoint 150 to emulate the computational operations of a physical smart card.
      Fig. 8 illustrates a card profile of a virtual Subscriber Identity Module (SIM) according to one embodiment.
      In fig. 8, the card profile 245 contains card data  241 such as an Integrated Circuit Card Identifier (ICCI)251, a mobile equipment identity number 253, an international mobile subscriber identity number 255, an authentication key  257 assigned to the international mobile subscriber identity number 255, and service data  247 related to mobile/cellular communication services of the international mobile subscriber identity number 255.
      In a conventional mobile phone using a conventional SIM card, an Integrated Circuit Card Identifier (ICCI)251 is used to identify the SIM card among a group of SIM cards. A mobile equipment identity number 253, for example in the form of an International Mobile Equipment Identity (IMEI) number or IMEI software version (IMEISV), is used to identify a mobile phone among a group of mobile phones. An International Mobile Subscriber Identity (IMSI) number is used to identify a subscriber/customer/account among a group. Such numbers in card profile 245 may be used for similar functions when card profile 245 is attached to endpoint 150. For example, when endpoint 150 is a mobile phone without a physical SIM card, card profile 245 may serve as a virtual SIM card to identify the card, subscriber, and endpoint/mobile phone. For example, an Integrated Circuit Card Identifier (ICCI)251 corresponds to and/or represents the device identity data 211 of the memory device  130; mobile device identity number 253 corresponds to and/or represents endpoint identity data 188 of endpoint 150; and, the international mobile subscriber identity number 255 represents a subscriber/customer/account in the mobile/cellular communication network. 
      For example, the authentication key  257 is a secret assigned to the international mobile subscriber identity number 255. When the endpoint 150 requests a connection in the mobile/cellular communications network using the international mobile subscriber identity number 255, the mobile/cellular network operator may look up the authentication key  257 from the database and challenge the endpoint 150 to prove that it is in possession of the authentication key  257. The security challenge may include digitally signing a message including a random number (RAND) using authentication key  257. The reply to the security challenge may include a portion of the digital signature for verification by the mobile/cellular network operator. The operator signs the message independently using the corresponding authentication key  257 associated with the international mobile subscriber identity number 255 in the database. If the reply is consistent with the mobile/cellular network operator calculated answer, the digital signature is verified; and thus, the endpoint 150 is considered to have an authentication key  257 assigned to the international mobile subscriber identity number 255 and is eligible to receive services associated with the international mobile subscriber identity number 255. In addition, a symmetric encryption key may be derived from the digital signature for securing communications between endpoint 150 and the mobile/cellular communication network in subsequent communication sessions. 
      For example, when card profile 245 is installed in endpoint 150, endpoint 150 may communicate with a mobile/cellular network operator to request a connection and respond to a security challenge using the same protocol used by a mobile phone with a physical SIM card. Thus, the mobile/cellular network does not have to distinguish between endpoints 150 having card profiles 245 as virtual SIM cards and other mobile phones having physical SIM cards.
      Optionally, the card profile 245 may include an authentication module  259 configured to be executed by the encryption engine of the secure memory device  130 and/or the processing device 118 of the endpoint 150 to perform cryptographic calculations during use of the card profile 245, such as generating a reply to a security challenge and/or a symmetric cryptographic key for a communication session.
      In fig. 6, after virtual card registration  237, endpoint 150 may receive services from card-based services network  225 using card profile  219 to identify a subscriber/customer/account. For example, the card-based services network  225, initially configured to provide services to legacy smart cards, may seamlessly further provide services to endpoints (e.g., 150) having virtual smart cards implemented by storing card profiles (e.g., 219) in secure memory devices (e.g., 130). 
      Optionally, endpoint 150 may be configured to perform communications with card-based services network  225 in the same manner as a mobile device having a physical smart card (e.g., a SIM card) or smart card (e.g., an EMV card).
      For example, the endpoint 150 may function as a smart card for a card reader. The terminal 150 may include metal contacts for connecting to a card reader. For example, the endpoint 150 may include a transceiver comparable to a card reader of a wireless smart card. Alternatively, additional card readers may be configured in the card-based services network  225 to read virtual cards from the endpoints 150 using alternative communication connections. Examples of alternative connections may include Near Field Communication (NFC) connections, bluetooth connections, Wi-Fi connections, Universal Serial Bus (USB) connections, and so forth.
      In another example, endpoint 150 may function as a mobile station having a built-in card reader to read a smart card inserted into the mobile station, such as a mobile phone having a SIM card. Endpoint 150 may communicate with card-based services network  225 to access services  227 using the same communication protocol of a mobile station having a physical SIM card.
      Optionally, card profile  219 may be stored in card server 223 in association with endpoint identity data 188. Endpoint 150 may use endpoint identity data 188 to access services  227 in card-based services network  225. In response, the card-based services network  225 may communicate with the card server 223 to identify the card profile  219 based on the endpoint identity data 188. Further, based on endpoint identity data 188, card server 223 may communicate with security server  140 to perform endpoint authentication  239 to verify that endpoint 150 has secure memory device  130 at the time of virtual card registration and has the same configuration represented by the combination of tracking data 215, soft module  217, and component  187. When endpoint 150 is tampered with and/or modified, changes may be detected in status check  229 and/or endpoint authentication  239; in response, the card-based services network  225 may deny the request to access the service  227. 
      Optionally, virtual card registration  237 may be performed in time in conjunction with a request to access service  227. In response to the request, the endpoint identity data 188 is verified by endpoint authentication  239. After endpoint authentication is successful, card profile  219 may associate and/or store card profile  219 with endpoint identity data 188 into memory device  130.
      In some embodiments, card server 223 is implemented as part of security server  140.
      In some embodiments, the card server 223 is implemented as part of a network operator of the card-based services network  225.
      For example, the system of fig. 6 may be used to simplify, protect, and accelerate large-scale global deployment of internet of things (IoT) devices and rich IoT service ecosystems. For example, a virtual Subscriber Identity Module (SIM) card may be used by an IoT device (e.g., endpoint 150) to connect to the internet over a mobile/cellular communication network.
      The security server  140 may function as a memory-based security as a service platform, such as an endpoint (e.g., 150) of an IoT edge device. A card server may be used to provide a cellular connection solution for such endpoints. The combination as shown in fig. 6 may create one common end-to-end solution for zero-contact logging of cellular connected IoT devices onto a cloud service. 
      The complexity of enterprise IoT implementations presents challenges to large-scale global deployment of IoT devices. Challenges include implementation difficulties in cellular connectivity and network security. Cellular connectivity has significant advantages over wireless local area networks (e.g., Wi-Fi) in IoT deployment, such as greater distance, better outdoor performance, greater security, and existing global infrastructure. The requirement of physical SIM cards and contracts with mobile/cellular network operators have slowed the use of cellular connections by IoT devices. The solution as shown in fig. 6 addresses such challenges.
      A virtual SIM card implemented by securely associating the card profile  219 with the endpoint identity data 188 and/or the device identity data 211 may eliminate the need for a physical SIM card. The deployment of virtual SIM cards provides highly scalable IoT security, cloud-based SIM management, secure zero-contact device registration and IoT service sign-in, smooth global connectivity, instant SIM activation.
      The solution shown in fig. 6 is particularly advantageous for the industrial, infrastructure, automotive, aviation, transportation and logistics sectors, which require the provision of borderless, long-range connections for portable devices, even at the most remote locations, without the constraints of a border and short-range Wi-Fi network. 
      The system as shown in fig. 6 can greatly simplify flexible global connections and offer rich possibilities for innovations in the IoT market.
      The use of physical smart cards requires that the card identity and/or device identity be tightly paired with services provided by the network (e.g., 225) during manufacture in case the device is insecure, insecure to operate, fraudulent, and/or counterfeit.
      The security server  140 may be used to implement zero-contact authentication of third party services and late binding of credentials, enabling end users to freely secure access to more diverse third party IoT services.
      The security server  140 and/or the card server 223 may be used to securely install soft modules to customize IoT devices. For example, an online soft module store may be provided to allow soft modules to be stored into endpoint 150, whose functionality is customized in a manner similar to the functionality provisioning of different types of smart cards and/or SIM cards discussed above. This customization allows enterprises to access vendor-independent IoT services, leveraging and experimenting intelligent features and data insights in new ways.
      With the complex misbehaving and hacking of devices ranging from IoT aquarium to baby monitors, and the like, threatening the environment becomes more and more dangerous, network security has always been a weak link in IoT adoption. Security server  140 may provide security as a service supported by security features implemented in the memory devices (e.g., 130) that control access and device identity data 211. Through its silicon root of trust, the secure memory device  130 provides a unique level of protection for the lowest layers of IoT software-starting from the boot process and with a strong cryptographic identity and security features that are owned in the memory device  130. 
      For example, security as a service implemented via a combination of security features embedded in secure server  140 and secure memory devices (e.g., 130) may include verifying the authenticity of a memory device (e.g., 130) purporting to have a public identification number by verifying whether the memory device (e.g., 130) has a root secret recorded via memory registration  231 that was executed during manufacture of the memory device  130.
      For example, security as a service may optionally further include identifying the owner of memory device  130 based on an encryption key corresponding to access control key  213 implemented to provide owner privileges.
      For example, security as a service may also optionally further include identifying the service provider of the endpoint 150 having the memory device  130 based on the identity of the owner/manufacturer of the memory device  130 prior to distributing the endpoint 150 to the end user/customer. Based on the service provider, security server  140 may download soft modules  217 relating to the services provided by the service provider to customize endpoint 150. For example, the customization may be performed during endpoint registration  235. Optionally, the end user or enterprise user may select a service provider; and security server  140 and/or card server 223 may push soft module  217 to memory device  130. Further, in response to the endpoint authentication  239, the security server  140 may automatically push the software update into the memory device. Thus, security vulnerabilities of a field endpoint (e.g., 150) may be automatically reduced and/or minimized without additional effort by the respective OEMs of the endpoints (e.g., 150). 
      For example, security as a service may optionally further include tracking of lost/stolen devices. In response to the endpoint authentication  239 of the endpoint 150 registered as lost or stolen in the security server  140, the security server  140 may request the access controller  109 of the memory device  130 to disable access to and/or erase data from a particular memory region. In some cases, access controller  109 may disable normal operation of endpoint 150 by restricting access to resources such as boot loaders, operating systems, applications, and the like. In some cases, access controller  109 may perform operations that irreversibly destroy the memory function of memory device  130.
      For example, the security as a service may optionally further include an audit service of the integrity of endpoint 150. For example, memory device  130 may construct endpoint identity data 188 based on cryptographic hash values of soft modules  217 stored in memory device  130, such that when a soft module  217 changes, security server  140 may verify whether the current soft module  217 is a valid distribution from the respective vendor of soft module  217. When the soft module  217 is found to be damaged, tampered with, and/or compromised, the secure server  140 may initiate an update operation to repair the soft module using a valid distribution from the online software store. 
      When an updated version of soft module  217 is available, security server  140 may recalculate endpoint identity data 188 for authentication of endpoint 150. Thus, when endpoint 150 has an outdated soft module  217, security server  140 may detect the existence of the outdated version and request/initiate an update of soft module  217 over the air. Optionally, security server  140 may track a history of configuration changes of endpoint 150 that affect endpoint identity data 188. For example, security server  140 may communicate with memory device  130 to restore to a previous configuration when requested.
      For example, the security as a service may optionally further include a device tracking service that may provide activity data corresponding to owner access control key 213 (or another authorized user corresponding to another access control key) to the owner of endpoint 150. For example, the activity data may include location data and the use of endpoint 150 in various services from card-based services network  225.
      Endpoint identity data 188 may include a public identity of endpoint 150, such as an International Mobile Equipment Identity (IMEI) number (e.g., mobile equipment identity number 253). A subscription of a public identity of endpoint 150 to a service (e.g., a cellular connection) of card-based services network  225 may be pre-registered at card server (223) without using endpoint 150. For example, the IMEI number may be associated with the international mobile subscriber identity number 255 in the database of the card server 223. 
      When endpoint 150 attempts to connect to card-based services network  225, the public identity (e.g., IMEI number) of endpoint 150 is authenticated in endpoint authentication  239 using endpoint identity data 188. In response, a subscription registered to the international mobile subscriber identity number 255 is identified and used to generate the card profile  219 to bind the card profile  219 to the endpoint 150. The binding may be in the form of storing the card profile  219 into the secure memory device  130 in the endpoint 150. Alternatively, the binding may be in the form of the card profile  219 being associated with the endpoint identity data 188 in a database of the card server 223.
      In some cases, a group of endpoints (e.g., owned by enterprise clients) may share a reduced number of virtual SIM cards to enable cellular connectivity. For example, the IoT devices of the enterprise clients may not need to be cellular connected at the same time. When the endpoint 150 of the enterprise client requires a cellular connection, the available card profile  219 representing the virtual SIM card is dynamically "installed" for the endpoint 150 and used for cellular services at that time after endpoint authentication  239 during the communication session. When the communication session ends, the virtual SIM card may be used by another endpoint of the enterprise client. The physical SIM card may be moved from one mobile phone to another to allow different mobile phones to access cellular services registered with the same SIM card. However, physically moving a SIM card from one mobile phone to another is inefficient and cannot be deployed on a large scale. The instant installation of the virtual SIM card may overcome the limitations of the physical SIM card and provide improved security via endpoint authentication  239 prior to installing the virtual SIM card. 
      For example, such instant installation of the virtual SIM card may be used to facilitate infrequent or one-time use of the cellular connection. For example, a cellular connection may be used to perform over-the-air firmware/software updates. For example, a cellular connection may be used to periodically report the status of endpoint 150 (e.g., once per day, week, or month). For example, endpoint 150 may report its health and/or location in relation to a warranty service based on the location of endpoint 150.
      For example, security as a service may optionally further include an identity service that allows public identities of endpoints 150 to be changed in a secure manner. For example, a group of endpoints of an enterprise client may share a reduced number of IMEI numbers. When endpoint 150 attempts to connect to card-based services network  225 using the alternate public identity number in endpoint identity data 188, card server 223 and/or security server  140 may perform endpoint authentication  239, assign an unused IMEI number to endpoint 150, and associate card profile  219 with the IMEI number assigned to endpoint 150 to enable endpoint 150 to obtain service from network  225 as a device represented by the IMEI number.
      When such a secure memory device  130 is used with security as a service provided by the secure server  140, an Original Equipment Manufacturer (OEM) of an endpoint (e.g., 150) may provide security by assembling the secure memory device  130 into the endpoint (e.g., 150) without performing its separate security operations, such as secure key injection, designing and implementing secure elements, hardware components, or special system-on-a-chip (SoC) features. Thus, the security server  140 and the secure memory devices (e.g., 130) may provide plug-and-play security for OEMs of IoT devices (e.g., endpoint 150). 
      The services of the secure server  140 may be used to authenticate, activate, and manage secure memory devices (e.g., 130) at the edge after deployment. This capability can be extended throughout the life cycle from manufacturing supply chain to field installation and management for platform enhancement and device protection.
      FIG. 9 illustrates a technique for authenticating a memory device, according to one embodiment. For example, the technique of FIG. 9 may be used to implement the security service of FIG. 5 using the identity data of FIG. 2.
      With the authentication operation of fig. 9, a session key  263 may be established to protect communications between the security server  140 and the memory device  130 without trusting the client server  141 to handle security to protect the secrets of the memory device  130. Optionally, the session key  263 can be used by the access controller  109 to enforce the authority of the selected command  155 requesting execution in the memory device  130.
      In FIG. 9, client server  141 may send a request 271 to memory device  130 for identity data  113 of memory device  130.
      The request 271 may include a cryptographic nonce  267. For example, the cryptographic random number  267 may be generated by the secure server  140 in response to a request from the client server  141, or generated by the client server  141 and shared with the secure server  140 for the request 271. Alternatively, memory device  130 may generate a cryptographic random number  267 in response to request 271 and provide a corresponding response  273 that includes cryptographic random number  267. 
      In response to request 271 for identity data  113 of memory device  130, memory device  130 provides a response  273 that includes a message identifying unique identification  111 of memory device  130.
      The authentication code  133 is generated for the message provided in response  273 using the secret key  137 of the memory device  130. As discussed above, the verification code  133 may be implemented using techniques such as a hash digest, a digital signature, and/or a hash-based message authentication code. The verification of the verification code  133 may be performed by the security server  140 using the corresponding encryption key  106 stored in association with the unique identification  111.
      To protect the response  273 and/or the passcode  133 from security attacks (e.g., reuse of the response  273 and/or attempt to recover the key 137), the passcode  133 is generated for the message 131 containing the unique identification  111, the counter value 265, and the cryptographic nonce  267. Counter value 265 is obtained from counter  261 in memory device  130. The value of the counter  261 monotonically increases. For example, counter 261 may be used to store a value representing a count of requests received for identity data and/or other data items or operations related to security. Thus, a response containing a counter value 265 that is lower than the previously seen counter value may be deemed invalid. The cryptographic random number  267 is used once in the generation of the response  273 and is discarded by the memory device  130. When the cryptographic random number  267 has been previously provided to the secure server  140 or generated by the secure server  140, the response  273 does not necessarily explicitly include the cryptographic random number  267 in the response  273. 
      Upon verification of the passcode  133, the security server  140 provides the authenticity indicator 275 to the client server  141. Authenticity indicator 275 indicates whether memory device  130 is authentic. For example, the security server  140 may generate and provide a certificate signed by the security server  140 to extend the certificate chain of the memory device  130 back to the verifier (e.g., security server). Optionally, the secure server  140 may allow for the download of a Certificate Signing Request (CSR) that allows requesters to use a Certificate Authority (CA) of their choice (instead of the secure server 140).
      With authentication of the memory device  130, the memory device  130 and the security server  140 may establish a session key  263 for communicating with each other in subsequent communication sessions. The session may be limited by a predetermined length of time period following verification of the response  273 or verification code  133. After the period of time, the session key  263 expires and thus may be destroyed or discarded. Further, a subsequent request for identity data may end a previous session that was started with a previous request for identity data. 
      The session key  263 may be generated based at least in part on a secret known between the secure server  140 and the memory device  130 but unavailable to the communication channel between the secure server  140 and the memory device  130.
      For example, session key  263 may be derived based at least in part on secret key  137. Further, the session key  263 can be based at least in part on the counter value 265 and/or the cryptographic nonce  267. Optionally, the session key  263 may be based at least in part on the authentication code  133. For example, the passcode  133 and the secret key  137 may be combined to generate the session key  263.
      In some embodiments, the session key  263 is independent of the authentication code  133; and the authentication code  133 may be generated using a session key  263 derived from the secret key  137 or another secret known between the security server  140 and the memory device  130.
      FIG. 10 illustrates a technique for generating commands that control secure operation of a memory device, according to one embodiment. For example, the technique of fig. 9 may be used to implement the security service of fig. 5 using the techniques of fig. 3 and 10.
      For example, after the client server  141 requests that the right to execute the command  155 in the memory device  130 be verified using the client rights data  283, the security server  140 may provide the client server  141 with the verification code  153 of the command  155 in response to the request  281 from the client server  141. 
      Some of the communications in fig. 9 and 10 may be combined. For example, in some cases, request  281 may include identity data  113 provided by memory device  130 as a response  273 to request 271 for memory device  130.
      After client server  141 sends request  281 identifying command  155 and memory device  130, security server  140 may generate authentication code  153 for command  155 if it is determined that client server  141 has the authority to control or operate memory device  130 using command  155. Request  281 may include a unique identification  111 of memory device  130 in which command 155 is to be executed. For example, the unique identification  111 may be extracted by the client server  141 from the response  273 to the request 271 for identity data of the memory device  130 and/or the authenticity indicator 275 provided by the security server  140.
      As discussed above, the verification code  153 may be implemented using techniques such as a hash digest, a digital signature, and/or a hash-based message authentication code. The verification of the verification code  153 may be performed by the access controller  109 using the access control key 149 of the command  155. The authentication code  153 may be generated using an encryption key  277 stored in the secure server  140 that represents the authority to execute the command  155 in the memory device  130. For example, when encryption via asymmetric encryption is not used, encryption key  277 may be access control key 149; alternatively, when asymmetric encryption is used, access control key 149 is the public key of a key pair and encryption key  277 is the private key of the key pair. 
      In one embodiment, the access control key 149 and encryption key  277 are pre-configured for the authority of the command  155. In another embodiment, the access control key 149 and the encryption key  277 are based on the session key  263. For example, session key  263 may be used as access control key 149 and encryption key  277 for access control of commands  155. In some embodiments, session key  263 is a key in a pair of asymmetric keys that may be used to implement encryption key  277 and access control key 149 related to encryption performed using asymmetric encryption.
      When the authentication code  153 is based on the session key  263, the authentication code  153 expires when the session key  263 expires, which prevents reuse of the authentication code  153 outside of a session for which the session key  263 is valid.
      Message 151 provided in request 285 may include command  155 and cryptographic random number 287. The cryptographic random number 287 is arranged for the command  155/request 285 and is therefore different from the cryptographic random number  267 used for transmitting the identity data of the memory device  130.
      For example, in response to the request  281, the security server  140 may generate a cryptographic random number 287 and use it to generate the verification code  153. The cryptographic random number 287 may be provided with an authentication code  153 for the client server  141 to generate the request 285. Alternatively, the client server  141 may generate the cryptographic random number 287 and provide it to the security server  140 along with the request  281. Alternatively, to generate the request  281, the client server  141 may request the cryptographic random number 287 from the security server  140. 
      After client server  141 sends request 285 with authentication code  153 obtained from security server  140, memory device  130 authenticates authentication code  153 of message 151 contained in request 285 using access control key 149. If the authentication code  153 is valid, then the access controller  109 allows the memory device  130 to execute the command  155; otherwise, access controller  109 may prevent execution of command  155 in memory device  130.
      For example, command  155 may be configured to activate a security feature of memory device  130.
      For example, command  155 may be configured to replace access control key 149 or secret key  137 in memory device  130. For example, the new secret key  137 may be generated using additional non-secret data provided during the manufacture of the computing device on which the memory device  130 is installed, but the memory device  130 is not available at the time of its manufacture. For example, the new access control key 149 may be configured to provide a set of rights to the client server  141.
      After executing command  155, memory device  130 provides response  289, which may be forwarded by client server  141 to security server  140. Security server  140 may determine whether response  289 is correct. For example, the memory device  130 may sign the response using the session key  263 for verification by the security server  140. 
      In some implementations, a replacement secret key for replacing the existing secret key  137 of the memory device  130 is independently generated by the memory device  130 and the security server  140 from the secret (e.g., unique device secret 101) and the additional data exchanged through the client server  141. Optionally, the additional data may be protected by encryption performed using session key  263.
      In some implementations, the replacement secret key is transmitted from memory device  130 to security server  140 in an encrypted form of ciphertext generated using session key  263.
      FIG. 11 illustrates a method of virtualizing a smart card according to one embodiment. For example, the method of fig. 11 may be implemented in the system shown in fig. 6 having the security features of security server  140 and memory device  130 discussed above in connection with fig. 1-5 using the techniques of fig. 9 and 10.
      At block 301, device identity data 211 representing the memory device  130 is generated by a logic circuit or controller enclosed in an integrated circuit package of the memory device  130 based at least in part on a root secret of the memory device  130.
      For example, the memory device  130 may have a Physical Unclonable Function (PUF) to generate a root secret. 
      For example, the logic circuit or controller may include a cryptographic engine configured to perform cryptographic calculations without using a processor external to the integrated circuit package.
      At block 303, the memory device  130 stores device identity data 211 in a first memory area of integrated circuit memory units formed on one or more integrated circuit dies enclosed within an integrated circuit package.
      At block 305, logic controls access to the first memory region based on the access control key  213.
      At block  307, memory device  130 stores an enable instruction in a second memory area of the integrated circuit memory unit that is executable by endpoint 150 having memory device  130 as one of the plurality of components of endpoint 150.
      For example, device identity data 211 may be calculated and/or updated based on a hash value resulting from applying a cryptographic hash function to boot instructions stored in a second memory region of memory device  130. Thus, the device identity data 211 may lock not only the hardware of the memory device  130, but also boot instructions (and/or other data, such as the tracking data 215) stored in the memory device.
      At block 309, the card profile  219 is written to an integrated circuit memory unit of the memory device  130 to emulate the functionality of a smart card based on the card profile  219. 
      For example, endpoint 150 may be configured, via memory device  130, to generate endpoint identity data 188 that represents the configuration of components of endpoint 150 at its startup time. The endpoint identity data 188 may be calculated using: device identity data 211, trace data 215 stored into memory device  130 during construction  233 of endpoint 150, and identification data of components of endpoint 150 that are located outside of the integrated circuit package of memory device  130.
      For example, card profile  219 may be identified, generated, and/or assigned to endpoint 150 based on the authentication of endpoint identity data 188.
      For example, card profile  219 may include a soft module (e.g., soft card module  243, authentication module 259) having instructions executable by a logic circuit or a processor of endpoint 150, or any combination thereof, to emulate the functionality of a smart card.
      For example, a card profile  219 may be stored in the memory device  130 to emulate a Subscriber Identity Module (SIM) card typically used to authenticate a mobile phone when accessing a cellular communication network. For example, the card profile  219 may include an international mobile subscriber identity number 255 and an authentication key  257 associated with the international mobile subscriber identity number 255.
      For example, when the endpoint 150 requests a cellular connection to the international mobile subscriber identity number 255, the mobile/cellular network operator may present a security challenge to authenticate the endpoint 150. In response, the card profile  219 may be used to generate a response to the security challenge by signing a message with a random number using the authentication key  257 to prove that the endpoint is in possession of the authentication key  257. For example, a message with a random number may be signed using authentication key  257. The response to the security challenge may include a portion of the digital signature for authentication; another portion of the digital signature may be used as a symmetric encryption key for encrypting a communication session associated with the cellular connection. 
      FIG. 12 illustrates a method of providing security services based on security features of a memory device, according to one embodiment. For example, the method of fig. 12 may be implemented in the computing system of fig. 1 using the techniques of fig. 9 and 10 based on the security features of memory device  130 discussed above in connection with fig. 1-5.
      At block 321, security server  140 receives a request (e.g., 173 and/or 281) from client server  141. The request contains identity data  113 for the memory device  130 having the access controller  109.
      At block  323, the security server  140 determines the authenticity of the memory device  130 based on the secret of the memory device  130 and the identity data  113.
      For example, the secret may be the only device secret 101 that is not transferred outside of the memory device  130 after the manufacture of the memory device  130 is completed in the secure facility. The identity data  113 is based on a secret key  137 generated based at least in part on the unique device secret 101. During manufacture of the memory device in the secure facility, the secret is registered in the secure server  140 to generate the encryption key  106 that verifies the identity data  113 based at least in part on the secret. The encryption key  106 used to verify the identity data  113 may be further generated based on data  125 received from the host system  120 during a boot time of the host system  120 of the memory device  130. After the manufacture of memory device  130 is completed in the secure facility, memory device  130 may be assembled into endpoint 150 of host system  120 having host interface  147 connected to memory device  130. At least a portion of the instructions configured to be executed in processing device 118 of host system  120 are stored in memory device  130. 
      At block  325, the secure server  140 generates the verification code  153 for the command  155.
      For example, upon determining that the client server  141 has the right to execute the command  155 in the memory device  130 based on the client rights data  283 stored in the security server  140, the verification code  153 may be generated for the client server  141 and provided in the response  174 based on the rights.
      For example, upon determining that memory device  130 is in an endpoint 150 that has reported lost or stolen, an authentication code  153 may be generated for a command  155 to deactivate memory device  130.
      At block  327, the security server  140 transmits a response  174 containing the verification code  153 to the client server  141.
      For example, response  174 may be based on determining that memory device  130 has a secret when identity data  113 contains verification code  133 generated using the secret.
      At block  329, client server  141 transmits command  155 and authentication code  153 to memory device  130.
      At block 331, access controller  109 of memory device  130 verifies authentication code  153 to determine whether to prevent execution of command  155 in memory device  130.
      For example, when executed in memory device  130, command 155 changes access control key 149 that access controller  109 uses to verify an authentication code (e.g., 153) generated using encryption key  145, which represents the authority to execute one or more commands in memory device  130. 
      For example, when executed in memory device  130, command  155 causes the setting of security features of memory device  130 to change. For example, the change may include activation of a security feature or deactivation of a security feature of memory device  130.
      For example, after endpoint 150 containing memory device  130 has reported lost or stolen, when executed in memory device  130, command  155 causes memory device  130 to disable the boot loader stored in memory device  130.
      For example, when executed in memory device  130, command  155 causes access controller  116 to block access to one or more sections of memory cells 103 in memory device  130.
      For example, when executed in memory device  130, command  155 causes memory device  130 to clear the decryption key for the data stored in memory device  130.
      For example, when executed in memory device  130, command  155 causes memory device  130 to irreversibly destroy at least one aspect of memory device  130.
      For example, based on the verification of the identity data  113, the session key  263 may be established and known between the security server  140 and the memory device  130 without the session key  263 being transferred via the connection between the security server  140 and the memory device  130. The access control key 149 used by the access controller  109 to authenticate the authentication code  153 of the command  155 may be based on the session key  263. 
      Optionally, security server  140 may cause commands  155 and authentication codes  153 to be transmitted to memory device  130 based on instructions loaded from memory device  130 and executed in host system  120.
      Figure 13 illustrates a method of logging into an endpoint of a service to which an account is subscribed, according to one embodiment. For example, the method of fig. 13 may be implemented in the computing system of fig. 1 using the techniques of fig. 9 and 10 based on the security features of memory device  130 discussed above in connection with fig. 1-5.
      At block  341, the server system receives a request (e.g., 171 and/or 173) associated with a service from endpoint 150. The service is provided via a computer network (e.g., network 110) that serves multiple subscribers represented by different accounts. The request includes identity data  113 generated by memory device  130 configured in endpoint 150.
      For example, the server system may include the security server  140 and/or the card server 223. Optionally, the server system may further include a client server  141 in communication with the security server  140.
      For example, the service may be a cellular connection service, a payment card service, a video surveillance service, a cloud-based storage or computing service, and so forth.
      At block 343, the server system determines the authenticity of the endpoint 150 in response to the request and based on the secret of the memory device  130 and the identity data  113. For example, the operations in block 343 may be performed in a manner similar to the operations performed in block  323. 
      At block 345, a subscriber is identified among the plurality of subscribers based on the ownership data of endpoint 150 based on the identity data  113.
      For example, during manufacture of endpoint 150 in the facility of the manufacturer of the endpoint (e.g., 150), memory device  130 is connected to host system  120; and installs the software package for the operation of endpoint 150 in memory device  130. The endpoint 150 is tested. In the endpoint registration  235, the memory device  130 is configured to generate a key 137, the key 137 representing not only the memory device  130 with the unique device secret 101, but also the endpoint 150 with the memory device  130, the memory device  130 having data  123 in the memory unit 103 and data  125 from the host system  120 at boot time.
      When the endpoint 150 is transferred from the manufacturer to the dealer and end user or subscriber, data associating the public identification of the endpoint 150 with the identity of the subscriber is stored in the server system. The ownership data may be stored in the server system without physically operating the endpoint 150 (e.g., without opening an enclosure that was manufactured from the endpoint 150 to enclose the endpoint 150). For example, the common identification of the endpoint 150 may include a unique identification  111 of the endpoint 150 and/or data  127 identifying the make, model, and serial number of the endpoint 150 as known by the manufacturer of the endpoint 150. 
      When a subscriber opens an account for a service provided to endpoint 150, the identity of the subscriber may be associated with the account.
      For example, client rights data  283 may include ownership data for endpoint 150 and/or subscriber data to expose a subscriber account.
      At block  347, an account of the identified subscriber is determined in response to the request received in block  341.
      For example, an account may be identified by matching a subscriber identity associated with the identity data  113 in the ownership data with a subscriber identity associated with the account in the subscriber data.
      At block 349, the server system causes the service to be provided to endpoint 150 based on the account.
      In some embodiments, the client rights data  283 stored in the security server  140 indicates an association between the subscriber's identity data  113 and the account. Thus, during verification of the authenticity of the endpoint 150 based on the received identity data  113, the account may be identified from the client rights data  283.
      In an alternative embodiment, the client rights data  283 stored in the security server  140 indicates the association between the identity data  113 and the identity of the subscriber as owner. Thus, during the verification of the authenticity of the endpoint 150 based on the received identity data  113, the subscriber may be identified from the client rights data  283. Another server, such as client server  141 or card server 223, stores the subscriber data to identify an account based on the subscriber identified by security server  140. 
      Using the method of fig. 13, services of an account subscription may be provided/directed to endpoint 150 without the need to customize endpoint 150 itself for the subscriber and/or the subscriber's account. For example, a subscriber may simply open a package enclosing endpoint 150 during manufacture of endpoint 150 and use endpoint 150 to access services subscribed to by a subscriber account without inserting a card (e.g., a SIM card) to identify the subscriber or account and/or without interacting with an application or utility running in endpoint 150 to identify the subscriber or account.
      For example, after manufacture of the endpoint 150, the endpoint 150 has no customization for the subscriber nor the account prior to the request received in block  341. Endpoint 150 is made available to any one of a number of subscribers. In response to the request received in block  341, endpoint 150 automatically links to a particular account of the subscriber obtaining the service.
      For example, endpoint 150 does not contain hardware components inserted into endpoint 150 to represent a subscriber, an account, or any combination thereof, before and/or after receiving service for a subscriber account.
      For example, at least prior to the request received in block  341, endpoint 150 does not contain data stored into endpoint 150 to represent a subscriber, an account, or any combination thereof. 
      For example, at least prior to the request received in block  341, endpoint 150 does not have an indication of a subscriber, account, or any combination thereof, and does not have ownership data for endpoint 150; and the ownership data is stored in the server system and not in the endpoint 150.
      Optionally, in response to the request received in block  341, the server system and/or endpoint 150 may store an association of identity data of endpoint 150 with a subscriber account.
      For example, the security server  140 may generate the authentication code  153 for the command  155 using the encryption key  145. The server system may cause memory device  130 to receive command  155 and authentication code  153. Prior to executing command  155 in memory device  130, access controller  109 of memory device  130 is configured to validate authentication code  153 based on access control key 149. Optionally, the access control key 149 and encryption key  145 may be based on a session key established in the manner discussed in fig. 9.
      When executed in memory device  130, commands 155 cause memory device  130 to store additional data identifying the account. For example, the additional data may be part of the device information  121 used to generate the secret key  137 when generating the updated identity data  113. For example, the additional data is included in data  127 of message 131 in updated identity data  113, updated identity data  113 being generated by memory device  130 after execution of the command. For example, the additional data may include a card profile  219 identifying a subscriber account. 
      Alternatively, data associating the identity data  113 of the memory device  130 and/or the endpoint 150 may be stored in the server system (e.g., as part of the client rights data  283 and/or the card profile 219) without changing the secret key  137 used to sign the identity data  113.
      Since no operations need to be performed on the endpoint 150 to direct the services of the subscriber's account to the endpoint 150, the endpoint 150 may be configured as a cellular connection capable IoT device without requiring a user interface for its customization to receive cellular connection services. For example, endpoint 150 may be configured without a slot for inserting a card to identify a subscriber. For example, endpoint 150 may be configured without a user interface for receiving input from an end user to identify a subscriber.
      In some embodiments, endpoint 150 has a general purpose hardware configuration that can run different firmware to provide different functionality. Additionally, updated versions of firmware may be installed in endpoints 150 to correct bugs or errors in endpoints 150 running previous versions of firmware to improve performance and/or provide new functionality. Optionally, a firmware application may be run on the base version of firmware to add functions, features, and/or services. 
      For example, different client servers  141, …, 143 may provide different services using the same hardware of endpoint 150 running different firmware. For example, the different client servers  141, …, 143 may provide similar services using the same hardware of endpoint 150, but perform different processes implemented using different firmware.
      After the endpoint 150 is assembled and shipped to an end user or subscriber by installing different firmware, the endpoint 150 may be customized for different client servers  141, …, 143.
      For example, an online firmware store may be configured on the communication network  110 to allow an end user to purchase a certain version of firmware. Installing the selected version of firmware may or may not include installing a firmware application that runs using the baseline version of firmware. After installation of the selected version of firmware, endpoint 150 is customized to be different in at least one respect from endpoint 150 running the previous firmware.
      In some cases, the updated firmware represents services of endpoint 150 requested by a user of endpoint 150. The services of endpoint 150 may or may not be dependent on services provided by a client server or service provider.
      The functionality of endpoint 150 may be defined, at least in part, by its firmware. For example, when endpoint 150 runs a version of firmware, endpoint 150 may provide a function to a user of endpoint 150; and endpoint 150 may provide different functionality to a user of endpoint 150 when endpoint 150 runs another version of firmware. 
      For example, different third party service providers may provide software/firmware solutions for IoT devices based on a common general hardware platform. For example, firmware provided in an online store may be programmed to enable a generic IoT device to cooperate with a third party server to provide a particular type of service. Optionally, a firmware application provided in the online store may run on a generic version of firmware and provide a specific type of service using the basic services provided by the generic firmware. The combination of the baseline version of firmware and the firmware application may be considered an enhanced version of firmware. When the baseline version of firmware for different endpoint hardware platforms provides standardized services, the firmware application may be device independent and support a class of IoT devices from different vendors. Alternatively, the firmware application may be device dependent and use different hardware capabilities of different vendors.
      The security server  140 may be coupled to an online firmware store to provide firmware updates to endpoints (e.g., 150) in response to verifying the authenticity of the endpoints.
      For example, when endpoint 150 initially connects to client server  141, client server  141 communicates with security server  140 to verify the identity and/or authenticity of endpoint 150. The owner of endpoint 150 may be determined during the verification process. After the subscription service of endpoint 150 is identified, the associated firmware application may be downloaded from an online firmware store and installed into endpoint 150 via over-the-air (OTA) updates. 
      For example, secure server  140 may generate an authentication code  153 for command  155 to install a firmware application into memory device  130. After executing command  155, the firmware application becomes part of data  123 stored in memory unit 103 of memory device  130 and serves as part of device information  121 in generating updated secret key  137 for updated identity data  113 of memory device  130 and endpoint 150.
      Subsequently, when an update of the firmware application exists in the online firmware store, an outdated firmware application in endpoint 150 may be detected during verification of identity data  113; and security server  140 may initiate over-the-air (OTA) updates for endpoints 150 to reduce security risks.
      For example, an online service store may provide cloud-based services, such as internet of things (IoT) devices, provided via endpoints (e.g., 150). The same endpoint 150 may be customized via firmware updates used with different service providers that may operate different client servers  141, …, 143.
      For example, a user of endpoint 150 may visit an online store to subscribe to services of a service provider, change subscribed services, and/or move subscriptions from one service provider to another service provider. Subscriptions subscribed by a user for endpoint 150 may be tracked as part of client rights data  283 associated with the identity of endpoint 150. When security server  140 verifies identity data  113 of endpoint 150, security server  140 may check whether endpoint 150 requires a firmware update for subscribing to the service and/or replacing an outdated version of firmware. If so, the security server  140 may customize and/or update the firmware update to the endpoint 150 via the online store before the endpoint 150 receives the subscribed services from the service provider. Optionally, the security server  140 communicates with the endpoint 150 to direct the endpoint 150 to the service provider's current client server  141. Instead, the updated firmware connects the endpoint 150 to the service provider's current client server  141. 
      In general, the security server  140 may be connected to or include an online service store and/or an online firmware store. The server system may have a security server  140, an online service store, and/or an online firmware store. The server system may track accounts for subscribing to services of different service providers and track firmware customizations selected/purchased by users of endpoints (e.g., 150).
      An account of a user of endpoint 150 and a service provider subscribed for endpoint 150 may be tracked using the identity of the user and associated with the identity of the user as the owner of endpoint 150 for automatic firmware updates. Through correlation, firmware and/or service selections made by a user in an online service store and/or online firmware store may be mapped to the user's endpoint 150. Alternatively, a user of endpoint 150 may explicitly select firmware and/or services for endpoint 150 using a public identification of endpoint 150 as part of identity data  113 of endpoint 150.
      In some embodiments, endpoint 150 initially connects to security server  140 for the service. The security server  140 may identify the current provider of the subscription service registered in the online service store based on the client rights data  283. After verifying the authenticity of the endpoint 150 and determining the service provider, the security server  140 configures the firmware of the endpoint 150 for the service provider (e.g., using an online firmware store) and directs the endpoint 150 to the service provider's client server (e.g., 141, …, or 143). Thus, endpoint 150 may seamlessly provide services ordered from an online service store with minimal user effort. 
      FIG. 14 illustrates an endpoint customization technique using an online firmware store, according to one embodiment. For example, the technique of fig. 14 may be implemented in the computing systems of fig. 1 and/or 6 with the security services and features discussed with reference to fig. 1-5. The technique of fig. 14 may be used in combination with the techniques of fig. 9 through 13.
      In fig. 14, an online firmware store  170 is configured to facilitate selection of firmware and/or firmware applications for endpoint (e.g., 150) customization and/or updating, and verification of the identity of the endpoint (e.g., 150) by the security server  140.
      Endpoint 150 has a set of hardware including host system  120 and memory device  130 with security features. The functions of endpoint 150 may be defined, customized, and updated by firmware  363 stored in memory device  130 and executing in host system  120 of endpoint 150.
      The manufacturer of the endpoint 150 may install a baseline version of firmware  363 that is programmed to allow the endpoint 150 to generate and submit identity data  113 for verification by the security server  140. The baseline version of firmware  363 is further configured to facilitate updating of firmware via the firmware store  170 and verification of the identity data  113 by the security server  140.
      In general, a firmware update for endpoint 150 may be to replace the entire firmware  363 executing in host system  120, or to add and/or replace one or more firmware applications (e.g., applications  367, …, 369). 
      In some embodiments, firmware  363 may be customized via one or more firmware applications (e.g., applications  367, …, 369). For example, endpoint 150 running firmware  363 may further run optional applications (e.g., applications  367, …, or 369) to provide new functionality not present in firmware  363, to disable existing functionality in firmware  363, to change or customize existing functionality in firmware  363, and so forth.
      For example, when a firmware application (e.g., application 367) is run on firmware  363 in endpoint 150, endpoint 150 is customized to communicate with a service provider's client server  141 to implement services or functions and/or receive services from the service provider. When another firmware application (e.g., application 369) runs on firmware  363 in endpoint 150, endpoint 150 is customized differently to communicate with another client server  143 of a different service provider to implement and/or receive alternative or similar services from the different service provider. 
      For example, firmware applications (e.g., application 367) may be programmed to implement a communication protocol specific to client server  141.
      For example, a firmware application (e.g., application 367) may be programmed to perform new computing functions that generate new types of results.
      For example, a firmware application (e.g., application 367) may be programmed to communicate with client server  141 to obtain services provided via client server  141. Examples of services of the client server  141 include computing resources of the client server  141 processing data of the endpoint 150, data storage facilities of the client server  141 for data generated by the endpoint 150, messaging facilities for notifications and/or alerts for one or more other devices associated with the endpoint 150, connections via the client server  141 and one or more other devices associated with the endpoint 150, internet access of the endpoint 150 via Wi-Fi access points, communication satellites, and/or communication connections or equipment controlled by the client server  141, and so forth.
      In general, different service providers may provide different versions of firmware and/or different firmware applications to customize endpoints (e.g., 150) in the same endpoint platform  361. The endpoints in the platform  361 may be manufactured and/or assembled by the same manufacturer or different manufacturers. 
      Optionally, a baseline version of firmware (e.g., 363) may provide a standardized set of functions upon which firmware applications (e.g., applications  367, …, 369) may run. Thus, the same firmware application (e.g., application 367) may be installed to customize endpoints (e.g., 150) with different hardware configurations and/or different baseline versions of firmware (e.g., 363, …, 365). Alternatively, different firmware applications may be programmed for different baseline versions of firmware (e.g., 363, …, 365) running on endpoints with different hardware implementations to provide the same custom functionality of the respective endpoint and/or the same service of client server  141.
      The use of firmware applications (e.g., applications  367, …, 369) may reduce the size of data to be downloaded from firmware store  170 to endpoint 150 when performing firmware updates. Alternatively, different sets of firmware functions may be implemented using different firmware (e.g., 363, …, 365) without the need for additional firmware applications. In general, a firmware update in endpoint 150 may involve replacing the entire existing firmware  363 or installing a firmware application (e.g., application 367). 
      Optionally, firmware store  170 is configured to allow a user of endpoint 150 to select and/or order  371 firmware for customizing endpoint 150 using computer  180. In some cases, the purchase of a selected version of firmware (e.g., 363) and/or firmware application (e.g., 367) represents a request for a certain service from a service provider and/or client server (e.g., 141). In response, firmware store  170 and/or security server  140 may store data indicating the required firmware configuration and/or requested services for endpoint 150. For example, the client rights data  283 may be updated to reflect firmware and/or service selections made using the user computer  180.
      In general, user computer  180 may be distinct and separate from endpoint 150. Thus, there is no need for a hardware and/or software interface that is accessible to a user of endpoint 150 to customize endpoint 150 for use with an account and/or service provider. Optionally, some embodiments and/or categories of endpoint 150 may include a user interface that allows it to be used as a user computer  180 to order 371 firmware for endpoint 150.
      For example, an owner or user of endpoint 150 may access online firmware store  170 using user computer  180 to order 371 firmware for endpoint 150 by selecting a firmware application (e.g., application 367), an alternate version of firmware, or a combination of an alternate version of firmware and a firmware application. The user's order may be identified as a service subscriber and/or endpoint 150 is identified as a pending device. 
      For example, endpoint 150 may be identified via a public identification of endpoint 150, such as a model number and serial number of endpoint 150, mobile equipment identity number 253, international mobile subscriber identity number 255, unique identification  111, and/or another identifier included in data  127 of identity data  113.
      For example, the identity of the user or subscriber may be identified via an account identifier and/or a piece of personally identifiable information, such as an email address, telephone number, name and address, and so forth.
      The security server  140 may verify 373 the identity data  113 submitted from the endpoint 150 and/or its memory device  130, as discussed above in connection with fig. 2, 5, and 9.
      In general, identity data  113 may be submitted to security server  140 via a client server (e.g., 141 or 143), via firmware store  170, via another server or gateway, or without going through any of client servers  141, …, 143 and firmware store  170.
      For example, endpoint 150 may be configured via existing firmware  363 to automatically access firmware store  170 and/or security server  140 for authentication, firmware updates, and/or service customization. Thus, identity data  113 may be submitted to security server  140 via firmware store  170 in some cases, and directly to security server  140 in other cases. 
      For example, when a server (e.g.,  client server    141 or 143, firmware store  170, or another server) receives identity data  113 of request 171 from endpoint 150, server (e.g., 141) provides identity data  113 to security server  140 in request 173 for verification. In response to such a request 173, the security server  140 may communicate with the firmware store  170 to identify 375 whether a firmware update exists for the endpoint 150. If so, the security server  140 may cause the firmware store  170 to update 377 the firmware of the endpoint 150. For example, after executing a firmware download to store a new version of firmware and/or firmware application (e.g., application 367) in memory device  130, command  155 signed using encryption key  145 is executed in memory device  130 to cause the new version of firmware and/or firmware application (e.g., application 367) to execute in memory device  130 and become part of the identity of memory device  130 and/or endpoint 150.
      For example, firmware  363 may be initially installed in endpoint 150 (e.g., by the manufacturer of endpoint 150) to provide services via client server  141. After a new version of firmware  363 is provided in firmware store  170 for accessing the same services of client server  141, security server  140 may initiate installation of the new version in response to successful verification of identity data  113. Optionally, update 377 may be implemented via installation of a firmware application (e.g., application 367) running on existing firmware  363, or via installation of new firmware (e.g., 365). 
      For example, after a user of firmware  363 accesses firmware store  170 to order 371 an alternate version of firmware  365 to customize endpoint 150, firmware store  170 may update 377 the firmware of endpoint 150 according to order  371 when identity data  113 of endpoint 150 is successfully verified in secure server  140.
      In some cases, endpoint 150 first accesses security server  140. After the security server  140 verifies 373 the identity of the endpoint 150, the security server  140 may communicate with the online firmware store  170 to identify 375 a firmware update of the endpoint 150.
      In general, a firmware update may include installing a firmware application (e.g., application 367), replacing an existing firmware application with another firmware application, and/or installing new firmware  365.
      After identifying a desirable firmware update, the firmware store  170 communicates with the endpoint 150 to update 377 the endpoint 150.
      The access controller of memory device  130 is configured to require authentication of the authority requesting memory device  130 to execute command  155 to change the firmware stored in memory device  130.
      For example, after data needed for a firmware update is stored into a section of memory device  130, command  155 may be sent to host interface  147 to perform the operation of the firmware update in memory device  130. The authority to execute command  155 in memory device  130 may be represented by encryption key  145. The encryption key  145 may be previously configured or generated in response to verifying the identity data  113 from the memory device  130 of the endpoint 150. For example, the encryption key  145 may be a session key  263 generated in a manner similar to fig. 9 based on verifying the authenticity of the endpoint 150; and the security server  140 may use the encryption key  145 to generate the commanded authentication code  153 for the firmware store  170 to update the endpoint 150. Alternatively, the security server  140 may provide the session key  263 and/or the encryption key  145 to the firmware store  170 to update 377 the firmware of the endpoint 150. 
      After a successful firmware update, the device information  121 used to generate the secret key  137 is updated to reflect the installed firmware and/or firmware application. For example, hash values 163 of installed firmware and/or firmware applications may be stored as part of device information  121 for verifying their integrity, as shown in FIG. 4. Subsequently, the identity data  113 generated by the memory device  130 of the endpoint 150 is based on the updated device information  121 and reflects the configuration of the endpoint 150 with the updated firmware functionality or configuration.
      In some embodiments, the firmware store  170 is part of a server system that implements the security server  140. In another embodiment, firmware store  170 is hosted on a separate server computer.
      In some embodiments, the update  377 of the firmware may be performed automatically based on the services subscribed to for endpoint 150, as discussed further below in connection with fig. 15.
      FIG. 15 illustrates a technique for directing services to endpoints via an online service store, according to one embodiment. For example, the technique of FIG. 15 may be used in combination with the technique of FIG. 14.
      In fig. 15, an online service store 190 is configured to facilitate selection of a service for endpoint 150 from a plurality of services provided by one or more service providers (e.g., 381). Services of a service provider (e.g., 381) may be implemented via one or more endpoint platforms (e.g., 361, …, 362). 
      For example, a user of endpoint 150 may use computer  180 to access online service store 190 to order 391 services to service provider  381 using computer  180. Services provided by service provider  381 may be used with endpoints of multiple endpoint platforms (e.g., 361, …, 362). Endpoints (e.g., 150) in the endpoint platforms (e.g., 361, …, 362) run different firmware to obtain services of the service provider  381. The service store 190 has subscription data  387 that identifies the services and/or endpoints (e.g., 150) subscribed to by the subscriber.
      For example, services provided by service provider  381 may be implemented via client server  141; and the subscription data  387 can identify servers connected to the endpoint to correspondingly receive services subscribed to for the endpoint.
      For example, endpoint 150 may be explicitly subscribed to services with reference to a public identification of endpoint 150, a model number and serial number of endpoint 150, mobile device identity number 253, international mobile subscriber identity number 255, unique identification  111, and/or another identifier included in data  127 of identity data  113.
      Alternatively or in combination, the service may be ordered with reference to the identity of the user or subscriber, which may be identified by an account identifier and/or a piece of personally identifiable information, such as an email address, telephone number, name and address, and so forth. 
      As in fig. 14, user computer  180 is typically distinct and separate from endpoint 150. In some cases, endpoint 150 may include a user interface that allows it to function as a computer  180 in order to subscribe 391 service to endpoint 150.
      When implicitly subscribing to services for endpoint 150, the identity of the subscriber may be used to determine the services of the subscriber's endpoint based on a match of the identity of the subscriber for subscribing to services with the identity of the owner of endpoint 150.
      For example, to subscribe 391 to a service from service provider  381, a user (or a representative of the user) of endpoint 150 may access service store 190 to establish an account for subscribing to the service of service provider  381.
      In response to a service being subscribed to or changed, or in response to the identity data  113 of endpoint 150 being verified, security server  140 and service store 190 may communicate with each other to identify 393 the service subscribed to for endpoint 150.
      In response to the service request 171 from the endpoint 150, the security server  140 verifies 373 the identity data  113 of the endpoint 150 provided in the service request 171.
      In general, the service request 171 may be initially received in a client server (e.g., 141 or 143) or in the service store 190 or firmware store  170 or directly in the security server  140. 
      After the security server  140 verifies 373 the identity and authenticity of the endpoint 150, the security server  140 may identify 393 the services subscribed to for the endpoint 150 based on the client rights data  283 stored in the security server  140 and/or based on the subscription data  387 in the service store 190.
      Based on the identified service, the security server  140 may communicate with the firmware store  170 to identify 375 a firmware update of the endpoint 150. For example, endpoint 150 may be updated via replacing firmware or installing a firmware application (e.g., application 367) to customize endpoint 150 for the subscribed service. Firmware updates may be performed and protected in the manner discussed above in connection with fig. 14.
      For example, endpoint 150 may be manufactured using a generic version of firmware  363, such firmware  363 being unable to receive services from service provider  381, being unaware of client server  141 with respect to services provided by service provider  381, and/or not implementing a communication protocol for communicating with client server  141. Firmware applications (e.g., application 367) may be installed to run on generic firmware  363 to customize endpoint 150 for services subscribed to endpoint 150. Once customized via a firmware application (e.g., application 367), endpoint 150 may receive services of service provider  381 from client server  141. For example, after installing a firmware application (e.g., application 367) to update 377 the firmware, endpoint 150 has knowledge about client server  141, communication capabilities to communicate with client server  141 according to the communication protocol used by client server  141, and processing routines for using services provided by client server  141. 
      For example, the services subscribed to for the operation of endpoint 150 may include computations performed by client server  141 to process data of endpoint 150, storing data generated by endpoint 150 in client server  141, sending notifications and/or alerts to one or more other devices associated with endpoint 150, connecting endpoint 150 via client server  141 and one or more other devices associated with endpoint 150, connecting endpoint 150 to a computer network or the internet using a cellular base station, a Wi-Fi access point, a communications satellite, and/or a communications connection or apparatus controlled by client server  141, and so forth.
      Optionally, after firmware update  377, endpoint 150, via its firmware  363 and/or firmware applications (e.g., application 367), is configured to automatically access client server  141 to obtain subscribed services. Alternatively, security server  140 may redirect endpoint 150 to client server  141 to access 379 subscribed services after verifying identity data  113 of endpoint 150 with updated firmware.
      In general, the service store 190 may be used by a user (or a representative of the user) to subscribe to the services of the service providers  381 for the endpoint 150, to change the subscribed services, and to move the subscription from one service provider  381 to another. Firmware  363 of endpoint 150 is automatically updated to support the currently subscribed services without requiring a user of endpoint 150 to operate endpoint 150 to customize endpoint 150 for the subscribed services. 
      FIG. 16 illustrates a firmware update method using a firmware store and a security server according to one embodiment. For example, the method of fig. 16 may be implemented using the technique of fig. 14.
      At block 401, the server system receives a request from an endpoint 150 with identity data  113 generated by a memory device  130 configured in the endpoint 150.
      For example, the server system may include a secure server  140. Optionally, the server system may further include an online firmware store  170 and/or one or more client servers (e.g., 141, …, 143).
      For example, the endpoint 150 may be in a state shipped from the endpoint (e.g., 150) manufacturer without being customized for a particular server and/or service provider.
      At block 403, the server system determines the authenticity of the endpoint 150 in response to the request received in block 401 and based on the secret of the memory device  130 and the identity data  113. For example, the operations in block 403 may be performed in a manner similar to the operations performed in block  323 and/or block 343.
      For example, identity data  113 contains a verification code  133 for message 131 presented in identity data  113. Security server  140 may verify that passcode  133 was generated using secret key  137 of memory device  130 and message 131 without the endpoint presenting secret key  137. The secret key  137 is generated using the unique device secret 101 of the memory device  130 and the device information  121 representing the software and hardware configuration of the endpoint 150. 
      At block 405, an update of the first firmware  363 is determined based on the online firmware store  170. The first firmware is stored in memory device  130 and executed in endpoint 150 to generate the request received in block 401.
      For example, prior to receiving the request in block 401, firmware store  170 may receive an order  391 for firmware for endpoint 150. An order  391 may be made to customize the functionality of the endpoint 150 using the user computer  180 without going through the endpoint 150. The order  391 received in the firmware store  170 may be used to identify 375 an update  377.
      For example, the public identification of endpoint 150 may be used to identify an order  391 for endpoint 150. Identity data  113 can contain the public identification in message 131 signed using secret key  137 to generate verification code  133 provided in identity data  113. After verifying that message 131 has not changed, security server  140 may instruct online firmware store  170 and/or endpoint 150 to update 377 firmware  363 of endpoint 150.
      At block 407, in response to determining that endpoint 150 is authentic, the server system generates a validation code  153 for a command  155 executable in memory device  130 to perform the update.
      At block 409, the server system provides the verification code  153 to execute the command  155 in the memory device  130 for a firmware update. 
      For example, in response to determining that the endpoint is authentic, security server  140 may communicate with online firmware store  170 to download data into memory device  130. When command  155 is executed in memory device  130, memory device  130 performs a firmware update using the data.
      For example, the data downloaded to memory device  130 may include second firmware that, after executing command  155 for a firmware update, replaces the first firmware executed to generate the request received in block 401.
      For example, the data downloaded to memory device  130 may include a firmware application (e.g., application 367) that runs with the first firmware executed to generate the request after executing command  155 for a firmware update. The combination of the firmware application (e.g., application 367) and the first firmware provides a second firmware for endpoint 150.
      For example, after executing command  155 for a firmware update, endpoint 150 is configured via the second firmware to provide functionality not present in the endpoint running the first firmware prior to the update.
      After executing command  155 for a firmware update, the second firmware may become part of the identity of memory device  130 and endpoint 150. For example, based on device information  121, memory device  130 is configured to generate a secret key  137 representing the identity of memory device  130 and endpoint 150. After executing command  155 to update 377 the firmware, device information  121 is updated to include hash value  163 of the second firmware stored as content  161 in memory unit 103. Subsequently, the memory device  130 is configured to generate the identity data  113 of the endpoint 150 using the encryption key generated based at least in part on the memory device's secret (e.g., the unique device secret 101) and the second firmware stored in the memory device  130. 
      FIG. 17 illustrates an endpoint customization method using a service store and a security server, according to one embodiment. For example, the method of fig. 17 may be implemented using the techniques of fig. 14 and 15.
      At block 421, the server system receives a request from endpoint 150 with identity data  113 generated by memory device  130 configured in endpoint 150, similar to block 401.
      For example, the server system may include the security server  140 and/or the service store 190.
      At block 423, security server  140 verifies identity data  113 in response to the request received in block 421 and based on information about endpoint 150 stored in security server  140. Such information includes a secret of the memory device  130, such as the unique device secret 101. Such information may further include device information  121 representing the software/hardware configuration of endpoint 150. Verification may be performed in the manner discussed above in connection with fig. 2.
      In response to determining that the identity data  113 in the request received in block 421 is valid, at block  425 the server system identifies the service ordered for endpoint 150 in online service store 190.
      At block 427, a client server  141 configured to provide a service is identified.
      For example, the online service store 190 may receive an order  391 for the service of the endpoint 150 prior to receiving the request in block 421. The client server  141 may be identified based on the order  391. 
      For example, the order  391 may be received in the online service store 190 through the user computer  180 and thus not through the endpoint 150. The order  391 for the endpoint 150 may be identified/placed using the public identification of the endpoint 150. Identity data  113 may include public identification. Alternatively, the order  391 may be associated with the identity of the user that is the owner of the endpoint 150 in the client rights data  283 of the secure server.
      At block 429, the server system directs the endpoint 150 to the client server  141.
      For example, in response to determining that the identity data  113 in the request received in block 421 is valid, the server system may configure the endpoint 150 for the service ordered in the online service store 190.
      For example, to configure endpoint 150 for a service, a server system may update the firmware of endpoint 150. For example, the firmware update may be performed in the manner discussed above in connection with fig. 14-16.
      For example, the endpoint 150 may not receive service from the client server  141 until the firmware update  377, and has no knowledge of the client server  141. For example, an endpoint 150 initially configured by the manufacturer of the endpoint (e.g., 150) is programmed to access the service store 190, the firmware store  170, the security server  140, or another gatekeeper, so that the endpoint 150 can be properly configured and/or updated for use without requiring the end user to customize the operation of the endpoint 150. 
      For example, after the firmware update  377, the second firmware is stored in the memory device  130 to replace the first firmware used to generate the request received in block 421. When endpoint 150 runs the second firmware, the endpoint has functionality that was not present in the endpoint running the first firmware prior to firmware update  377. For example, the second firmware may contain an identification of the client server  141 for directing the endpoint to access the client server  141 for the service ordered in the online service store 190. In a certain embodiment, the second firmware is a combination of the first firmware and the added firmware application. After firmware update  377, memory device  130 is configured to generate updated identity data  113 for endpoint 150 using secret key  137 generated based at least in part on the secret (e.g., unique device secret 101) and the second firmware stored in memory device  130.
      Optionally, to configure endpoint 150 for a service subscribed in service store 190, the server system identifies an account for subscribing to the service for endpoint 150. Memory device  130 is configured to store an identifier for the account and include the identifier in updated identity data  113 as part of message 131. 
      For example, to perform the firmware update  377, the server system may generate the authentication code  153 for the command  155 using the encryption key  145 that represents the authority to execute the command  155 in the memory device  130. When executed in memory device  130, command  155 causes the first firmware to be replaced with the second firmware. After memory device  130 receives command  155 and authentication code  153, memory device  130 verifies authentication code  153 for the rights before executing command  155.
      For example, content  161 may include a core package for endpoint 150. In verifying 373 the identity of the endpoint 150, the integrity of the core package may affect the operation of the endpoint 150 when communicating with the security server  140. An example of a core package may include at least a portion of the boot loader, firmware, and/or operating system of endpoint 150. When the core package is modified, damaged, or tampered with, the security of the operations of endpoint 150 performed for authentication may not be trusted. When integrity status  165 generated by encryption engine  107 indicates a core package change, access controller  109 may prevent host system  120 from accessing content  161 until the core package is repaired.
      For example, memory device  130 may store a reliable backup copy of the core package in a separate section; and when the hash value of the core packet stored in content  161 in memory unit 103 is different from the corresponding hash value  163 of stored device information  121, memory device  130 may replace the core packet stored in memory unit 103 with the copy stored in the separate section. Optionally, execution of the replacement copy in endpoint 150 may be configured to begin a recovery process to obtain the latest version of the package from a trusted source (e.g., firmware store 170). Alternatively, the security server  140 may initiate the update (e.g., using the firmware store 170) after verifying the identity data  113 of the memory device  130 and/or the endpoint 150 submitted via the replacement copy. 
      Some packets stored in the memory unit 103 have no impact on the security of the initial operation of verifying 373 the endpoint's 150 identity data  113 and the subsequent operation of updating the endpoint 150. Thus, it is not necessary to store a recovered copy of such packets in memory device  130. Repair and/or update of such packages may be performed via the secure server  140. For example, when integrity status  165 indicates that a non-core packet has changed, access controller  109 may prevent host system  120 from accessing the corrupted or changed packet until endpoint 150 communicates with security server  140 to repair or recover the corrupted packet.
      Optionally, data  127 provided in identity data  113 may include the current hash value of the packet in content  161 stored in memory unit 103. During the operation of verifying 373 the identity data  113 of the endpoint 150, the security server  140 may check the current hash value of the packet provided in the identity data  113. The security server  140 may initiate repair or restoration of the packet if the current hash value of the packet indicates that the packet has been changed, corrupted, or outdated.
      Further, some packets of endpoint 150 may be stored in another device that does not have the security features of memory device  130. Executing the core packet in host system  120 may generate the current hash value of the packet as a health indicator of the packet. The health indicator may be provided as part of data  127 embedded in identity data  113 of endpoint 150 to allow secure server  140 to monitor the integrity of the packet. 
      In general, identity data  113 may include data indicating the health of packets in endpoint 150. As part of the operation of verifying 373 the identity data  113 of the endpoint 150, the security server  140 may determine whether any packages are to be repaired and/or updated. The repair or update may be performed before the security server  140 confirms the authenticity of the endpoint 150.
      Further, in response to verifying 373 the identity data  113 of the endpoint 150 to access the services of the client servers (e.g., 141, …, 143), the security server  140 may be configured to track and/or monitor the activities of the endpoint 150 while accessing the services to perform further security operations.
      For example, an owner or user of endpoint 150 may request that security server  140 track the activity of endpoint 150. Aspects of the activities of the endpoint 150 may be presented by the endpoint 150 and/or a client server (e.g., 141, …, 143) in the identity data  113 and/or the request 173 to verify the identity data  113.
      For example, the information about tracked activity may include location information of endpoint 150 and/or the type of service requested by endpoint 150 via submission of identity data  113.
      For example, to generate identity data  113 from a service of client server  141, endpoint 150 may include in message 131 of identity data  113 not only unique identification  111 of endpoint 150, but also a context and/or aspect of the service, such as the identification of client server  141, the location of endpoint 150, the date and time of the request, the category/type of service, parameters of the service, and so forth. 
      For example, when endpoint 150 sends a request 171 for a service to client server  141, client server  141 may provide security server  140 with not only identity data  113 of endpoint 150 in the request, but also information about request 171 for the service of client server  141.
      For example, in response to request 171 from endpoint 150, client server  141 may estimate the location of endpoint 150 based on a wireless communication connection to one or more access points connected to client server  141 and provide the location and request 173 to security server  140 to authenticate identity data  113.
      Optionally, the owner or user of endpoint 150 may access a portal of secure server  140 to view the tracked activity. For example, based on the tracked activity, an owner or user may determine whether endpoint 150 was stolen or lost based on one or more recent locations of endpoint 150.
      Optionally, the parent may use the portal of the security server  140 to set parental control preferences to limit the activities of the endpoint 150; and security server  140 may enforce a restriction preference in conjunction with authenticating the identity of endpoint 150.
      Figure 18 illustrates a diagram of generating identity data to facilitate monitoring of integrity and/or endpoint activity, according to one embodiment. 
      For example, the techniques of fig. 18 may be used with the computing systems of fig. 1 and/or 6 having the security services and features discussed with respect to fig. 1-5. The technique of fig. 18 may be used in combination with the techniques of fig. 9 through 17.
      In fig. 18, endpoint 150 stores packet  167 with hash value  169. The packet  167 may be stored in memory device  130 having the security features discussed above, or in another memory device of endpoint 150 that may or may not have the security features of memory device  130. When packet  167 is stored in memory device  130, encryption engine  107 of memory device  130 may calculate hash value  169 of packet  167 without relying on processing device 118 of host system  120 in endpoint 150. When the packet  167 is stored outside of the memory device  130, the hash value  169 may be obtained by the processing device 118 of the host system  120 executing a routine that is stored in the memory device  130 and that has verified that it has not changed (e.g., as in FIG. 4).
      In general, the packet  167 may include instructions and/or data, e.g., may be the same resource for a set of endpoints (e.g., 150), may be different configuration parameters for different endpoints (e.g., 150).
      The hash value  169 of the packet  167 indicates the health of the packet  167. 
      In fig. 18, the secret key  137 used to generate the verification code  133 of the identity data  113 is independent of the hash value  169 of the package  167. To facilitate monitoring of the integrity of the package  167 by the security server  140, a hash value  169 is provided as part of message 131 in identity data  113.
      After security server  140 determines that identity data  113 is valid, security server  140 may extract hash value  169 provided in identity data  113 to determine whether packet  167 in endpoint 150 has changed and/or whether packet  167 is outdated.
      For example, a healthy and up-to-date copy of the packet  167 may be stored in a server (e.g., the security server  140, the firmware store  170, or another server) to facilitate repair or recovery of the packet  167 in the endpoint 150. If the hash value  169 extracted from the identity data  113 is different from the hash value of the healthy and up-to-date copy, the security server  140 may initiate an update in a manner similar to the update  377 of the firmware  363 of the endpoint 150 discussed in connection with FIGS. 14-17.
      The package  167 may be individualized for the endpoint 150. For example, when package  167 includes configuration parameters that are specific to endpoint 150 in platform  361 but not applicable to other endpoints in platform  361, a healthy copy of package  167 may be uploaded to a server (e.g., security server  140, firmware store  170, or another server) immediately upon successful configuration of package  167 in endpoint 150. 
      In some embodiments, the memory device  130 and/or the endpoint 150 may be configured to store hash values of the healthy individualized copies of the package  167. For example, the health hash value may be stored as part of the device information  121 used to create the secret key  137. Message 131 in identity data  113 may contain an indication of whether the current packet  167 is healthy, but does not have the current hash value  169 of packet  167.
      To improve security and/or privacy protection, the healthy copy of the individualized package  167 may be uploaded and stored in encrypted form in the server using the encryption key of the memory device  130. To re-install the package  167 with a healthy copy, the memory device  130 decrypts the encrypted version using the corresponding secret encryption key of the memory device  130.
      For example, upon successfully configuring the individualized package  167 in the endpoint 150, the endpoint 150 and/or the memory device  130 may calculate a hash value of a healthy copy of the individualized package  167 and encrypt the individualized package  167 using the public key  139. Endpoint 150 may submit hash values and encrypted packets  167 for storage in the server to facilitate monitoring and/or recovery. During recovery, the secret key  137 in the key pair 135 will be used to decrypt the encrypted packets. Optionally, the encryption engine  107 may generate a separate key pair to protect the individualized package  167. 
      Alternatively, a secret key may be used with symmetric encryption to protect the individualized bag  167. For example, a session key  263 generated during verification of the identity data  113 of the endpoint 150 upon successful configuration of the individualized package  167 in the endpoint 150 may be used to encrypt the individualized package  167 for transmission to and/or storage at a server (e.g., the secure server  140, the firmware store  170, or another server).
      In fig. 18, identity data  113 includes not only the current hash value  169 of packet  167, but also activity information  177 identifying some aspect of the context in which identity data  113 is used. For example, activity information  177 may be generated by host system  120 executing or running a package (e.g., 167 or another package, such as firmware, an application, a routine).
      For example, activity information  177 may contain the current location of endpoint 150 where identity data  113 was generated.
      For example, activity information  177 may include a date and time of generation of identity data  113.
      For example, activity information  177 may include an identification of client server  141 to which identity data  113 was submitted to request 171 for service.
      For example, activity information  177 may include one or more attributes of the requested service, such as a category of the service, an identification of another party involved in the service, a quantity or volume involved in the service, and so forth. 
      For example, when submitting identity data  113 for a communication connection, the attributes may include an identification of the connection type, an indication of the connection, and so forth.
      For example, when submitting identity data  113 for payment, the attributes may include an identification of the purchase category, the payee, the payment amount, and the like.
      The activity information  177 may be used by the security server  140 to detect fraudulent activities, unauthorized use of endpoints, and enforce activity restrictions (e.g., as specified in parental control preferences), and so forth.
      To improve security and/or privacy protection, activity information  177 can be included in message 131 in encrypted form. For example, session key  263 associated with verification of identity data  113 may be used to generate ciphertext of activity information  177; and upon successful verification of the authentication code  133 of the identity data  113, the secure server  140 may recover the activity information  177 from the ciphertext using the session key  263.
      Figure 19 illustrates a technique for maintaining the integrity of packets stored in an endpoint according to one embodiment.
      In fig. 19, the endpoint 150 stores a plurality of  packages    441, 443, …, 445. Some packets are stored in a memory device  130 having a security feature. Some packets may be stored outside of memory device  130. 
      The security features of the memory device  130 ensure that the endpoint 150 runs a valid version of the package  441 to prevent tampering and/or corruption in the operations of verifying 373 the identity of the endpoint 150 and repairing 385 the package.
      For example, memory device  130 may store a backup version of core package  441 in a secure section of memory device  130. If the package  441 is found to have changed, the memory device  130 may replace the changed version of the package  441 with a backup version to at least protect the identity of the endpoint 150 verified 373 and operations to repair 385 and/or update 377 the package.
      After the endpoint 150 generates the identity data  113, the endpoint 150 executing the package  441 transmits the identity data  113 to the security server  140 for verification  373. For example, identity data  113 may be generated using the techniques of fig. 18. 
      The identity data  113 may include package health information  447, such as the current hash value of the  package    441, 443, …, 445, and/or an indication of whether any of the packages  443, …, 445 are corrupt based on comparing the current hash value of the healthy version of the respective package to the stored hash value.
      Optionally, portions of message 131 may be provided using ciphertext generated by session key  263. For example, the encrypted portion of the message may include packet health information  447 and/or activity information  177. The session key  263 may be generated to be shared between the memory device  130 and the secure server in the manner discussed with respect to fig. 9 and used to verify 373 the identity of the endpoint 150.
      In general, identity data  113 may be transmitted from endpoint 150 to security server  140 directly via a communication connection or indirectly via an intermediate server (e.g., client server  141 in fig. 5, 9, or 10, firmware store  170 in fig. 14 or 15, service store 190 in fig. 15, or packet store 191 of fig. 19).
      After verifying 373 the identity data  113, the secure server  140 may communicate with the package repository 191 to check 383 the integrity of the  packages    441, 443, …, 445 based on the package health information  447 provided in the identity data  113. 
      For example, the package  441 may be valid in the endpoint 150. However, because the new version of the package  441 has been published in the package store 191, the package  441 may be outdated. Thus, update package  441 may improve the security of the operation of endpoint 150 and the integrity of the system.
      For example, a packet  443 or 445 may have changed in endpoint 150 and thus become corrupted. The health data  195 of the corresponding packet  193 in the repository 191 may be compared to the packet health information  447 provided in the identity data  113 to detect the change.
      If a package (e.g., 441, 443, …, 445) is found to be out of date or corrupt, the security server  140 may instruct the endpoint 150 and/or the package repository 191 to repair 385 or update 377 the package.
      The operation of repairing 385 or updating 377 the package may include secure server  140 generating an authentication code  153 for command  155 to write data into memory device  130. When the packet contains sensitive information (e.g., configuration parameters customized for endpoint 150), the replacement packet may be provided to memory device  130 using session key  263 or another secret key generated ciphertext.
      After repair  385 or update 377, endpoint 150 may submit update identity data  113. When the security server  140 determines that the identity data  113 is valid and that the package health information  447 in the identity data  113 indicates that the  packages    441, 443, …, 445 in the endpoint 150 are healthy and up-to-date, the security server  140 may authenticate the authenticity of the endpoint 150. 
      FIG. 20 illustrates a system that implements security operations based on tracking endpoint activity, according to one embodiment.
      For example, the security operations of fig. 20 may be implemented using the security features of the memory devices discussed in connection with fig. 1-5 in connection with the techniques of fig. 9, 10, 14, 15, and/or 19 in connection with the systems of fig. 1 and/or 6.
      In fig. 20, user computer  180 may be used to access activity tracker 451 to set preferences  455 and/or to examine tracked activity records  453 of endpoint 150 with unique identification  111.
      As in fig. 14 and 15, user computer  180 is typically distinct and separate from endpoint 150. In some cases, endpoint 150 may include a user interface that allows it to function as computer  180 to set preferences  455 and/or check activity records 453.
      The activity tracker 451 is coupled with the security server  140 to store activity records 453 about the activities of the endpoint 150, where the identity data  113 of the endpoint 150 is verified by the security server  140.
      For example, reference  455 may identify a geographic region of endpoint 150. When endpoint 150 sends identity data  113 from a location outside of a geographic area, activity tracker 451 may generate a security alert to a registered owner or user of endpoint 150. 
      For example, the security alert may be transmitted to the owner or user's mobile device, an email address or phone number identified in the preferences, and/or an application running in the user computer  180, a personal media player, a mobile phone, a smart phone, and so forth.
      For example, the preferences  455 may include a user-selected selection scheme associated with a predetermined condition specified in the preferences  455. When the activity associated with the submission of identity data  113 is eligible, the selected selection scheme causes security server  140 and/or client server  141 to generate a denial of access response  172 to the corresponding access request 171. Alternatively or in combination, the selection scheme may trigger a security alert for contacts registered in preferences  455.
      Endpoint 150 may transmit access request 171 to client server  141 to request a service. For example, a service may provide endpoint 150 with a cellular communication connection, an internet connection, a connection to user computer  180, an online storage facility, an online computing resource, and so on. For example, a service may include the processing of payments, transactions, messages, and the like.
      After verifying 373 the identity data  113 provided in the verification request 173, the security server  140 may generate an activity record  453 for the activity tracker 451. Activity record  453 can contain activity information  177 extracted from identity data  113 and/or access attributes 449 of the current activity of endpoint 150 extracted from authentication request 173.
      Based on activity record  453, activity tracker 451 determines whether the current activity satisfies any of the conditions specified in preferences  455. If the condition in preferences  455 is satisfied, activity tracker 451 may perform a security operation to implement the selection scheme selected for the condition.
      For example, the security operation may include a notification to a registered owner or user of endpoint 150.
      For example, the security operation may include instructing security server  140 to provide authentication response  174 indicating security restrictions, security issues, unauthorized use of endpoint 150, and so forth.
      Optionally, activity tracker 451 may identify an activity pattern of endpoint 150 from records  453 of past activities.
      For example, a pattern may include a geographic area or zone of endpoint 150 in which endpoint 150 has operated in the past. For example, a pattern may include a time period of a day or week during which endpoint 150 has not been active in the past. For example, a pattern may contain a range of access attributes 449 of past activities of endpoint 150. 
      When the current activity deviates from the pattern, activity tracker 451 may generate a notification and optionally cause security server  140 and/or client server  141 to deny access request 171.
      Optionally, security server  140 may examine activity information  177 provided in identity data  113 to detect security risks.
      For example, the date and time and/or location specified in activity information  177 may be compared to corresponding information in access attribute  449 to detect a mismatch. A mismatch may be an indication that stolen identity data  113 is used or that endpoint 150 is tampered with or otherwise unsafe to operate.
      FIG. 21 illustrates a method for updating or repairing a packet stored in an endpoint, according to one embodiment. For example, the method of fig. 21 may be implemented using the techniques of fig. 18 and 19.
      At block  461, the server system receives from endpoint 150 identity data  113 generated by memory device  130 configured in endpoint 150.
      For example, the server system may include a secure server  140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as the package store 191, the firmware store  170, and/or another server.
      At block  463, security server  140 verifies the identity data based on information stored in security server  140 about endpoint 150, including the secret of memory device  130. 
      For example, the operations in block  463 may be performed in a manner similar to the operations performed in block  323, block 343, block 403, and/or block 423.
      At block  465, the security server  140 extracts the health information  447 for the package (e.g., 167, 441, 443, …, 445) stored in the endpoint 150 from the authenticated identity data  113.
      For example, the health information  447 may contain the current hash value  169 of the packet  167 stored in the endpoint 150. The secure server  140 may compare the current hash value  169 extracted from the identity data  113 with the hash value of the healthy, latest version of the package  167 stored in the server system (e.g., repository 191, firmware store 170).
      For example, the receipt of identity data in block  461 may be the result of endpoint 150 executing packet  167 stored in endpoint 150. Packet  167 may include firmware  363 or at least a portion of the operating system of endpoint 150. The health information  447 may be used to determine if the package  167 is out of date.
      In another example, the receipt of the identity data in block  461 may be the result of endpoint 150 executing the first package  441 stored in endpoint 150. The first packet  441 may comprise firmware  363 or at least a portion of the operating system of endpoint 150. The health information  447 may be used to determine whether a second packet (e.g., 443 or 445) is outdated, corrupted, or changed. 
      When a second package (e.g., 443 or 445) contains data that is customized for endpoint 150, the server system may obtain a copy of the second package (e.g., 443 or 445) when the second package (e.g., 443 or 445) in endpoint 150 is successfully configured. For example, the second packet (e.g., 443 or 445) may include one or more configuration parameters of endpoint 150. In response to successfully configuring the second packet (e.g., 443 or 445), the server system may receive a healthy version of the second packet (e.g., 443 or 445) from the endpoint 150. Subsequently, if the health information  447 extracted at block  465 indicates that the second packet (e.g., 443 or 445) needs to be repaired, the health version stored in the repository 191 may be used.
      In some implementations, extracting health information  447 from identity data  113 includes decrypting a portion of message 131 provided in identity data 113 (e.g., using session key 263).
      The identity data  113 comprises a first verification code  133. Security server  140 verifies identity data  113 by determining whether first verification code  133 was generated from message 131 and the secret of memory device  130. For example, the secret may be the unique device secret 101 and/or the secret key  137 of the memory device  130. After memory device  130 is assembled into endpoint 150, the secrets for memory device  130 are not transmitted outside of memory device  130. 
      At block 467, based at least in part on the health information  447, the security server  140 determines that the package stored in the endpoint 150 needs to be updated or repaired.
      At block 469, security server  140 initiates operations to perform updates or repairs of packets stored in endpoint 150.
      For example, to replace or repair a packet stored in memory device  130, security server  140 generates second authentication code  153 for command  155 using an encryption key that represents the authority to execute command  155 in memory device  130. For example, when executed in memory device  130, command  155 causes a packet (e.g., 441 or 443) in memory device  130 to be replaced.
      In some implementations, to repair a packet 445 stored outside of memory device  130, a replacement for packet 445 is initially stored into memory device  130. After the memory device verifies the integrity of the replacement, the packet 445 may be replaced via execution of the instructions in the packet  441 loaded from the memory device  130. Optionally, a second verification code  153 may be generated to write the replacement into memory device  130 and/or to allow repair or replacement of packet 445 to be performed.
      Fig. 22 illustrates a method of performing a security operation based on one or more activities of an endpoint, according to one embodiment. For example, the method of fig. 22 may be implemented using the techniques of fig. 18 and 20. 
      At block 481, the server system stores data representing one or more preferences  455 of the endpoint 150.
      For example, the server system may include a secure server  140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as activity tracker 451, package store 191, firmware store  170, and/or another server.
      At block 483, the server system receives an authentication request 173 containing identity data  113 generated by a memory device  130 configured in the endpoint 150.
      At block 485, the server system determines that the identity data  113 is valid based at least in part on the secret of the memory device.
      For example, the operations in block 485 may be performed in a manner similar to the operations performed in block  323, block 343, block 403, block 423, and/or block 463.
      At block  487, the server system determines that the activity associated with identity data  113 satisfies the conditions specified for endpoint 150.
      For example, the condition may be specified in preferences  455 of endpoint 150.
      At block  489, upon providing the authentication response  174 in response to the authentication request 173, the server system performs a security operation associated with the condition.
      For example, the security operation may include transmitting an alert or notification to a contact registered in the one or more references  455. 
      For example, the security operation may include identifying a security risk or restriction in the validation response  174. Optionally, in view of the secret key  137 of the memory device  130 and the message 131 provided in the identity data  113, the security server  140 may provide a verification response  174 that does not confirm the authenticity of the endpoint 150 even when the identity data  113 has a valid passcode  133. When the activity associated with identity data  113 satisfies the condition, authentication response  174 may be configured to cause the client server to reject request 171 for service to endpoint 150 identified by identity data  113.
      The condition may be evaluated for the activity based on activity information  177 embedded in identity data  113 by memory device  130 and/or access attributes 449 provided in authentication request 173 by client server  141.
      For example, after security server  140 determines that verification code  133 in identity data  113 is valid, security server  140 may trust that activity information  177 embedded in identity data  113 has not changed after verification code  133 was generated by memory device  130. Thus, activity information  177 can be extracted from identity data  113 to evaluate conditions. Optionally, activity information  177 may be provided in the message in the form of ciphertext to be decrypted using session key  263 or another secret encryption key of memory device  130 generated in the manner discussed in fig. 9. 
      Alternatively or in combination, the security server  140 may extract the access attribute  449 from the authentication request 173. For example, after client server  141 receives access request 171 for a service provided by client server  141, client server  141 may generate authentication request 173 to security server  140. Authentication request 173 is generated to include identity data  113 from access request 171. Further, in the context of requesting the services of client server  141, client server  141 may add access attribute  449 to provide information about the activities of endpoint 150.
      For example, a condition may include a mismatch of activity information  177 and access attribute  449; and a mismatch may trigger a denial of access request 171 and/or a denial of identity data  113 in authentication response  174 even when identity data  113 has a valid passcode  133.
      In some implementations, the server system communicates with the user computer  180 to receive data representing the one or more preferences  455 of the endpoint 150.
      Alternatively or in combination, the server system may infer preferences  455 from records  453 of past activities.
      For example, activity tracker 451 of the server system may store a plurality of records  453 of the activities of endpoint 150. Based on the plurality of records  453, activity tracker 451 may determine an activity pattern of endpoint 150. The pattern may include a geographic area, a time period of a day or week, or a range of activity attributes, or any combination thereof. The conditions that trigger the safe operation of block  489 may be met by activities that deviate from the pattern. 
      Optionally, activity tracker 451 may present the activities of endpoint 150 to the owner or authorized user of endpoint 150 based on record  453. For example, based on a review of past activities, an owner or authorized user may specify conditions under which parental controls, access restrictions, and the like are implemented.
      The identity of the endpoint 150 authenticated by the security server  140 may be dynamically associated with the subscription account represented by the account identifier to receive services provided to the account by the client server  141. When an endpoint 150 is not using a service, the association between the identity of the endpoint 150 and the subscription account may be removed to allow another endpoint to use the subscription account. Thus, a group of endpoints (e.g., 150) may be configured to share subscription accounts and use the subscription accounts one at a time.
      For example, a group of endpoints may be configured to make a cellular connection using the services of client server  141. Traditionally, a Subscriber Identity Module (SIM) card would be used to represent the subscriber/subscription account. The group of endpoints may use the subscription account represented by the SIM card by physically installing the SIM card in one endpoint in the group at a time. To enable another endpoint in the group to use the subscription account, the SIM card will be physically moved from one endpoint to the other. 
      The system as discussed above in connection with fig. 6 allows attachment to an endpoint (e.g., 150) through virtual card registration  237 and based on authentication or endpoint authentication  239 performed using the security server  140 using a virtual subscriber identity module (vSIM). The system of fig. 6 may be further configured to disassociate an endpoint (e.g., 150) from a card profile  219 representative of a subscription account, such that virtual card registration  237 may be performed for use of the subscription account by another endpoint.
      For example, a subscription service (e.g., a cellular connection) provided to a subscription account may be shared among a group of endpoints owned by an enterprise (or another entity). Endpoints (e.g., 150) in this group may not need the services of the account at the same time. Thus, it may be advantageous to configure endpoints in this group to share one or more subscription accounts. When more than one subscription account is configured to be shared by a group of endpoints (e.g., internet of things (IoT) devices), a small portion of the group may use the services of the subscription accounts simultaneously.
      For example, the server system may be configured to track the current usage state of endpoints in a community. An endpoint may dynamically bind to a subscription account when the endpoint communicates with a client server to request a service. When an endpoint is not using a service, the subscription account may be released from the endpoint. Active endpoints may use the services of an account simultaneously when the number of endpoints that are using the services provided to the subscription account is greater than the number of subscription accounts that can be shared. When a subscription account is currently bound to and being used by a portion of the community, a request for service from another endpoint may be denied until one of the subscription accounts is not used and thus becomes available for sharing. 
      For example, in response to an enterprise's internet of things (IoT) device requesting a cellular connection, a virtual subscriber identity module (vSIM) may bind to the IoT device. The cellular connection may be disconnected when the cellular connection is idle for a period of time longer than a threshold; and a virtual subscriber identity module (vSIM) may be released from the IoT device and available to bind with another IoT device of the enterprise. Thus, an enterprise may subscribe to a reduced number of vsims; and when these vSIMs are all in use, a request for a cellular connection from another device may be on hold until one of the connections is broken and the vSIM is released for allocation to the on-hold device.
      Optionally, the security server  140 may be configured to suppress and/or schedule forwarding of connection requests to manage the use of a limited number of subscribed cellular connections.
      Figures 23 and 24 illustrate a system configured to implement subscription sharing among a set of endpoints, according to one embodiment.
      In fig. 23 and 24, the service store 190 has subscription data  387 associating the endpoint group 501 with the subscriber group 503.
      The endpoint group 501 has a plurality of unique identifications  111, …, 112. Each of the unique identifications (e.g., 111) represents a memory device (e.g., 130) installed in a respective endpoint (e.g., 150) of the set of endpoints. 
      The subscriber group 503 has one or more subscriber identity numbers (e.g., 505). Each subscriber identity number (e.g., 505) in subscriber group 503 represents a subscriber of the services of client server  141. For example, each subscriber identity number (e.g., 505) may be used to identify a unique subscription account for one subscriber at a time.
      For example, subscriber identity number  505 may be used to represent a unique subscriber in the same manner that a Subscriber Identity Module (SIM) represents a subscriber in a cellular communication network.
      When the SIM card is inserted in the cellular phone, a communication with the subscriber is connected to the cellular phone; and the cell phone has the service in the subscriber account. When the SIM card is inserted into an alternative cellular telephone, the communication with the subscriber connects to the alternative cellular telephone currently having the SIM card.
      Similarly, when subscriber identity number  505 is associated with unique identification  111, services provided to the subscriber account represented by subscriber identity number  505 are provided to endpoint 150 having unique identification  111. When the subscriber identity number  505 is associated with the alternative unique identification  112, the service provided to the subscriber account represented by the subscriber identity number  505 is provided to the alternative endpoint having the unique identification  112. 
      In fig. 23, the security server  140 is configured to dynamically link the subscriber identity number  505 in the subscriber group 503 and the unique identification  111 in the endpoint group 501.
      For example, in response to an authentication request 173 from client server  141 with identity data  113, security server  140 may determine whether identity data  113 has a valid authentication code  133 for memory device  130 with unique identification  111. If the identity data  113 is valid, the security server  140 may determine whether the subscriber group 503 currently has a subscriber identity number  505 that is free for use by the memory device  130 and/or endpoint 150 having the unique identification  111. If so, the security server  140 may provide a verification response  174 confirming the authenticity of the identity data  113 and its association with the subscriber identity number  505. In response, client server  141 may provide the service to endpoint 150 that is provided to the account identified by subscriber identity number  505.
      In some implementations, if no subscriber identity number  505 is currently available to endpoint 150 in subscriber group 503, authentication response  174 does not recognize the subscriber identity number of identity data  113, which may cause client server  141 to deny the service request from endpoint 150. 
      Authentication request 173 in fig. 23 may include an access attribute  449 indicating a requested time period for associating unique identification  111 identified in identity data  113 with a subscriber identity number (e.g., 505) available to endpoint 150 having unique identification  111.
      In some embodiments, the system is configured to associate the unique identification  111 with the subscriber identity number  505 within a predetermined period of time after the validation response  174 identifying the unique identification  111 and/or the subscriber identity number  505 of the identity data  113. After the predetermined period of time, the service store 190 removes the assignment of the subscriber identity number  505 to the unique identification  111 so that the subscriber identity number  505 is available to another endpoint in the endpoint group 501 having a different unique identification (e.g., 112). After the predetermined period of time, client server  141 does not provide the service provided to the account represented by subscriber identity number  505 to any of the endpoints (e.g., 150) in the group of endpoints 501 having unique identifications  111, …, 112 until another verification response  174 is received from security server  140 that associates subscriber identity number  505 with one of the unique identifications  111, …, 112 in the group of endpoints 501. 
      When endpoints with unique identifications  111, …, 112 compete for use of subscriber identity numbers (e.g., 505) in subscriber group 503, service store 190 may control allocation of use of subscriber identity numbers (e.g., 505) in subscriber group 503.
      For example, the service store 190 may track endpoints in the group 501 that deny access requests because there are no available subscriber identity numbers  505 and prioritize subsequent allocations of available subscriber identity numbers  505 based on the tracked priorities.
      For example, when subscriber identity number  505 is available, service store 190 may open a time window in which access requests from different endpoints may be received; when multiple access requests for the group 501 are received, the endpoint with the earliest request rejected before the time window may have the highest priority to get an opportunity to use the subscriber identity number  505.
      In some implementations, endpoints in the endpoint group 501 having unique identifications  111, …, 112 may compete for opportunities to use subscriber identity numbers (e.g., 505) in the subscriber group 503 based on one or more predefined rules. For example, after receiving a denial of service request, an endpoint (e.g., 150) may wait a random period of time for a subsequent request to be made. By denying the randomness of the waiting period after, opportunities to gain access to services using the subscriber group 503 may be assigned to endpoints that need services. 
      In some embodiments, endpoint 150, which is temporarily assigned subscriber identity number  505, may notify client server  141 and/or security server  140 to release subscriber identity number  505 from the assignment to endpoint 150. For example, after endpoint 150 completes a communication using the service provided to subscriber identity number  505, endpoint 150 may return subscriber identity number  505 to the pool of subscriber identity numbers in group 503, which may be assigned to and/or used by another endpoint in group 501 having unique identification  112.
      In some embodiments, the system may track active activity of endpoint 150 using subscriber identity number  505. After the inactive period, the service shop 190 may remove the assignment of the subscriber identity number  505 from the unique identification  111.
      Fig. 23 shows a configuration in which the assignment of a subscriber identity number  505 to a unique identification  111 is controlled by the security server  140 in conjunction with an authentication request 173 and/or an authentication response  174. Alternatively and/or in combination, the client server  141 may connect to the service store 190 to implement the assignment and/or provide the service using the assignment, as shown in FIG. 24.
      In FIG. 24, a client server  141 is coupled to the service store 190 and the activity tracker 451. Based on the verification response  174 indicating the authenticity of the endpoint 150 with the unique identification  111 and the availability of the subscriber identity number  505 for the group of endpoints 501, the client server  141 may cause the service store 190 to store data indicating the temporary assignment of the subscriber identity number  505 to the unique identification  111. 
      Subsequently, client server  141 may use activity tracker 451 to determine whether to remove the assignment of subscriber identity number  505 from unique identification  111.
      For example, after a predetermined length of inactive time period in which endpoint 150 is not using services provided to the account represented by subscriber identity number  505, client server  141 may cause service store 190 to update subscription data  387 and terminate the assignment of subscriber identity number  505 to unique identification  111.
      For example, after receiving an indication or notification from endpoint 150, client server  141 may cause service store 190 to terminate the assignment of subscriber identity number  505 to unique identification  111.
      In some embodiments, the client server  141 may cause the service store 190 to terminate the assignment of the subscriber identity number  505 to the unique identification  111 some period of time after the subscriber identity number  505 is assigned to the unique identification  111. The time period may be predetermined or determined based on access request 171 received from endpoint 150.
      FIG. 25 illustrates a method for facilitating subscription sharing among a set of endpoints, according to one embodiment. For example, the method of fig. 25 may be implemented in a system having the security features discussed in connection with fig. 1-19 using the techniques discussed above in connection with fig. 23 and 24. 
      At block 521, the server system stores data associating the endpoint group 501 with at least one subscriber identifier (e.g., identity number 505). The endpoint group 501 may have multiple endpoints (e.g., 150) identified by unique identifications  111, …, 112.
      For example, the server system may include a secure server  140 that stores secrets for the memory device (e.g., 130) and/or other servers, such as the service store 190, the activity tracker 451, the package store 191, the firmware store  170, and/or another server. The server system may further include the client server  141 and/or the card server 223 shown in fig. 6.
      At block 523, the server system receives authentication request 173 containing identity data  113 generated by memory device  130 configured in endpoint 150. Identity data  113 identifies endpoint 150 using its unique identification  111 in endpoint group 501.
      At block 525, in response to the authentication request 173, the server system determines that the identity data  113 is valid based at least in part on the secret of the memory device  130.
      For example, the operations in block 525 may be performed in a manner similar to the operations performed in block  323, block 343, block 403, block 423, block 463, and/or block 485. 
      At block 527, the server system determines that a subscriber identifier (e.g., identity number 505) is not currently assigned to any endpoint in the endpoint group 501.
      At block 529, the server system assigns a subscriber identifier to the endpoint 150 based on the data associating the endpoint group 501 with the subscriber identifier (e.g., identity number 505). The assignment enables services provided to an account represented by and/or associated with a subscriber identifier (e.g., identity number 505) to be provided to an endpoint.
      For example, the subscriber identifier (e.g., identity number 505) represents a unique subscriber of a service provided in a network (e.g., 225) having a plurality of endpoints (e.g., 150) including a plurality of endpoints in the endpoint group 501 and other endpoints not in the endpoint group 501.
      For example, the services network (e.g., 225) may be configured to provide services to the endpoint, such as a cellular communication connection, an internet connection, a connection to a user computer, an online storage facility, an online computing resource, a payment, a transaction, or a message, or any combination thereof.
      For example, assigning a subscriber identifier (e.g., identity number 505) to endpoint 150 includes configuring endpoint 150 to have a unique identity represented by the subscriber identifier (e.g., identity number 505) in a services network (e.g., 225). 
      For example, a serving network (e.g., 225) may require different endpoints in the network (e.g., 225) to have different identities represented by different subscriber identifiers (e.g., identity number 505). Identity data  113 generated by memory device  130 does not contain a subscriber identifier. Identity data  113 and/or unique identification  111 of memory device  130 and/or endpoint 150 may be dynamically assigned to or associated with a subscriber identifier (e.g., identity number 505) to configure endpoint 150 for a serving network (e.g., 225).
      For example, assigning a subscriber identifier (e.g., identity number 505) to an endpoint 150 comprises storing data representing the assignment of the subscriber identifier to the endpoint over a period of time.
      For example, the server system may remove data representing the assignment of the subscriber identifier to the endpoint after the period of time to discontinue service in the network for endpoint 150 to receive as a subscriber. After data removal, endpoint 150 no longer has a subscriber identity represented by a subscriber identifier (e.g., identity number 505) in the serving network (e.g., 225).
      For example, the service system may monitor the activity of endpoint 150 in receiving services as subscribers in a services network (e.g., 225); and in response to detecting an inactive period when endpoint 150 receives service as a subscriber in a network (e.g., 225), the server system may remove the data to reconfigure endpoint 150 to not have the subscriber identity represented by the subscriber identifier (e.g., identity number 505) in the serving network (e.g., 225). 
      Alternatively, releasing endpoint 150 from the service network (e.g., 225) as a subscriber identifier (e.g., identity number 505) may be performed in response to a message or request from endpoint 150.
      Alternatively, the length of the time period after the release of the subscriber identifier (e.g., identity number 505) from binding to endpoint 150 may be a predetermined length from the time the subscriber identifier (e.g., identity number 505) is assigned to endpoint 150.
      Alternatively, the length of the time period may be specified in the authentication request 173.
      For example, the authentication request 173 is received from a client server  141 in a services network (e.g., 225). To configure endpoint 150 to have a subscriber identity represented by a subscriber identifier (e.g., identity number 505), security server  140 may transmit an authentication response  174 to client server  141 in response to authentication request 173. The validation response  174 is configured to indicate the validity of the identity data  113 and the association of the identity data  113 with the subscriber identifier (e.g., identity number 505).
      In general, endpoints 150 may be identified using different identifications of different services, in different networks, and/or in different contexts. Each identification of an endpoint 150 may be used to represent endpoint 150 as a member, subscriber, account, authorized device, and/or entity of many of a group specific to a certain type of service, connection, communication, etc. 
      For example, the endpoint 150 may be configured to communicate with different client servers  141, …, 143, respectively, for its services. The endpoint 150 may be identified with different client servers  141, …, 143 using different subscriber identifications. Each subscriber identification of an endpoint 150 represents a unique subscriber and/or account recognized by a respective client server (e.g., 141, …, 143) for its services to a population of subscribers.
      For example, endpoint 150 may be configured to communicate with client server  141 to obtain different types of services. Different identifications of endpoints 150 may be used to represent endpoints 150 as subscribers of different service types.
      For example, endpoint 150 may be assigned an integrated circuit card identifier 251 to function as a smart card, a mobile equipment identity number 253 to function as a cellular communication device, a mobile subscriber identity number 255 to function as a subscriber to a cellular connectivity service, and so on.
      For example, a third party may request that security server  140 bind a subscription service in an account to the public identity of endpoint 150. Since the identification is publicly known, there is a potential risk of fraudulent use of the public identification. Identity data  113 of endpoint 150 may be configured to contain public identification. Based on the Unique Device Secret (UDS)101 of the memory device  130 configured in the endpoint 150, the security server  140 can verify that the identity data  113 received from the endpoint 150 is authentic; thus, endpoint 150 has an identity represented by a public identity contained in identity data  113. Fraudulent use of public identities as identities can be detected by the authentication performed by the security server  140. 
      For example, in response to a request to bind the public identification to the endpoint 150, the security server  140 may verify that the public identification is not currently bound to another endpoint and may operate the memory device  130 using an encryption key generation command representing the owner's rights, storing the public identification in the memory device  130 as part of the device information  121 used to generate the identity data  113 for the memory device  130 and/or the endpoint 150.
      Alternatively, security server  140 may store data in the application domain that associates endpoint 150 with a public identification of endpoint 150. In response to the authentication request 173 in the application domain, the security server  140 authenticates the identity data  113 provided in the endpoint 150 and looks up the public identification of the endpoint 150 in the application domain. The public identity may be provided in the authentication response  174. 
      Secure, dynamic binding of public identification to endpoint 150 may be used to facilitate secure operations. For example, when endpoint 150 is lost/stolen, the owner of endpoint 150 may request that security server  140 bind the public identity of lost/stolen endpoint 150 to a replacement endpoint. Once the security server  140 binds the public identity of the lost/stolen endpoint 150 to the replacement endpoint, the services subscribed to the lost/stolen endpoint 150 are transferred to the replacement endpoint. Optionally, the owner of the lost/stolen endpoint 150 may request that data be transferred from the lost/stolen endpoint 150 to a replacement device; and after the transfer, the owner may request that the lost/stolen endpoint 150 be deactivated to minimize the loss/impact of the endpoint 150.
      FIG. 26 illustrates a technique for managing endpoint identification, according to one embodiment.
      For example, the technique of fig. 26 may be used in the systems of fig. 1 and/or 6 using the security features of the memory devices discussed in conjunction with fig. 1-5 and 9-10. For example, the technique of fig. 26 may be used with the services of the firmware store of fig. 14 and 15, the service store 190 of fig. 15, 23, and 24, and/or the activity tracker 451 of fig. 20.
      In fig. 26, the security server  140 stores the unique identification  111 of the memory device  130 and its unique device secret 101. In addition, security server  140 stores device information  121 characterizing the hardware, software, and/or data configuration of endpoint 150 in which memory device  130 is installed. As in fig. 2, the secret key  137 is based on the unique device secret 101 and the device information  121. Secret key  137 is used by memory device  130 to generate verification code  133 of identity data  113; and the security server  140 verifies that the passcode  133 was generated using the secret key  137, which indicates that the identity data  113 was generated by the memory device  130 having the unique device secret 101. 
      In fig. 26, security server  140 may bind unique identification  111 to public identification  541 of endpoint 150. For example, after the public identification  541 is assigned to the endpoint 150 in the application domain, the security server  140 may store the public identification  541 as part of the device information  121 associated with the unique identification of the memory device  130 and/or the endpoint 150.
      For example, the application domain may be configured for cellular connectivity, smart card processing, services of the client server  141, and so on. The identification  541 may be used to represent the endpoint 150 in a group of endpoints in the application domain. Identification  541 may be used to represent endpoint 150 as a device, member, service subscriber, account, contact, etc.
      For example, a client server  141 operating in the application domain may request that the security server  140 bind the public identity  541 to the endpoint 150 having the unique identity  111. In request 549, client server  141 may provide identity data  113 received from endpoint 150 and public identity  541 to be bound to endpoint 150. In response to the request 549, the security server  140 verifies the identity data  113 by determining whether the verification code  133 in the identity data  113 was generated using the secret key  137 of the memory device  130 having the unique identification  111. 
      After verification of the identity data  113, the security server  140 may add the public identity  541 to the device information  121 and cause the memory device  130 in the endpoint 150 to update 543 the device information  121. After the update  543, the memory device  130 has a new secret key for its generation of new identity data  113 containing the public identity  541. For example, message 131 in new identity data  113 may contain public identification  541 in addition to unique identification  111. The security features of memory device  130 configured to prevent fraudulent use of unique identification  111 may also prevent fraudulent use of public identification  541. For example, when client server  141 receives new identity data  113 containing public identity  541, client server  141 may request security server  140 to verify the new identity data  113. If the new identity data  113 has a valid passcode  133, it is generated by the endpoint 150 assigned a public identity  541.
      Optionally, the association of public identity  541 with endpoint 150 does not require the generation of a new secret key to represent memory device  130 and/or endpoint 150. Public identity  541 may be included in message 131 used to generate verification code  133 signed using secret key  137. The verification of the verification code  133 indicates that the public identity  541 provided in the message 131 has not changed; and the authentication code  133 is signed by the memory device  130 installed in the endpoint 150.
      Optionally, skip update  543; and memory device  130 and/or endpoint 150 do not store common identification  541. Secure server  140 stores data associating unique identification  111 with public identification  541. After the security server  140 verifies the identity data  113 provided in the verification request, the security server  140 may look up the public identity  541 associated with the application domain, to look up the unique identity  111 identified in the message 131 of the identity data  113, and provide the public identity  541 in the verification response, in a manner similar to the manner in which the subscriber identity number  505 is presented in the verification response  174 shown in fig. 23.
      Optionally, security server  140 has a portal 545 that allows computer  180 to submit a request 547 to associate public identification  541 with endpoint 150 having unique identification  111. After the portal 545 verifies that the computer  180 is operated by an authorized owner or user of the endpoint 150, the portal 545 may communicate with the security server  140 to update the device information  121 of the unique identification  111. 
      In one embodiment, endpoint 150 has packets stored in memory device  130. When a packet is loaded from memory device  130 and executed in host system  120, endpoint 150 may communicate with server  140 to obtain update  543. Communication between endpoint 150 and server  140 may be through a client server (e.g., 141), firmware store  170, service store 190, activity tracker 451, or another server (e.g., portal 545), or may not be through any intermediate servers.
      For example, a manufacturer of an endpoint (e.g., 150) may use computer  180 to configure the endpoint (e.g., 150) and request that an identification (e.g., 541) assigned by the manufacturer be bound to the endpoint (e.g., 150). Such a common identification may be, for example, a mobile equipment identity number (e.g., 253) representing each device in the communication network.
      For example, a service provider may assign a subscriber identity number (e.g., 255) to a subscriber of a service provided by the provider. When an owner or user of endpoint 150 registers for the provider's service, the service provider may request, using computer  180, that subscriber identity number 255 be bound to endpoint 150.
      FIG. 27 illustrates a method for managing identification of endpoints, according to one embodiment. For example, the method of fig. 27 may be implemented in a system having the security features discussed in connection with fig. 1-19 using the techniques discussed above in connection with fig. 26. 
      At block 561, the server system stores data associating the secret (e.g., 101) of the memory device  130 configured in the endpoint 150, the first identification  111 of the endpoint 150, and the device information  121.
      For example, the server system may include a secure server  140. Optionally, the server system may further include a portal 545, firmware store  170, service store 190, activity tracker 451, package store 191, and/or another server. In some implementations, the server system may further include the client server  141 and/or the card server 223 shown in fig. 6.
      At block 563, the server system receives a request (e.g., 547 or 549) to bind the second identification  541 to the endpoint 150 identified by the first identification  111.
      For example, a request (e.g., 547 or 549) to bind the second identification  541 to the endpoint 150 may be received in a server system from and/or initiated in a computer (e.g., 180 or server 141) separate from the endpoint 150. The server system is configured to determine whether the computer has the right to attach such second identification  541 to the endpoint 150. If so, server system  140 may store data associating first identification  111 and second identification  541. 
      In one embodiment, the authority to attach such second identification  541 to the endpoint 150 is an entity associated with operating the computer and having ownership of the memory device 130 (e.g., as a manufacturer, retailer, service provider, end user of the endpoint 150).
      For example, an entity may use a computer to communicate with endpoint 150 and/or memory device  130 to retrieve current identity data  113 generated by memory device  130. The current identity data  113 contains the first identification  111 and can be verified by the server system as to whether the current identity data  113 from the memory means 130 is authentic.
      For example, in response to a request, the server system may store data associating the first identification  111 with the second identification  541.
      For example, the server system may update the device information  121 of the first identification  111 to include the second identification  541.
      For example, the server system may communicate with endpoint 150 to update data stored in memory device  130 and/or store second identification  541 in memory device  130.
      Optionally, second identification  541 may be used as part of device information  121 in memory device  130 for generating secret key  137, where secret key  137 is used to generate authentication code  133 for identity data  113 of memory device  130 and/or endpoint 150. 
      Optionally, second identification  541 does not alter the generation of secret key  137. However, second identification  541 is stored into an access-controlled area of memory device  130 and is included in message 131 presented in identity data 113 (e.g., as part of data C127).
      For example, in response to a request to bind the second identification  541 to the endpoint 150, the server system may generate an authentication code  153 for the command  155 and cause the memory device  130 to execute the command  155 in accordance with the authentication code  153. Upon receiving the command  155 and the authentication code  153 of the command  155, the access controller  109 of the memory device  130 is configured to authenticate the authentication code  153 of the command  155 using an encryption key (e.g., the access control key 149) representing the authority to execute the command  155 in the memory device  130. Memory device  130 is configured to execute command  155 in response to determining that the authentication code  153 of command  155 is valid; executing command  155 in memory device  130 may store second identification  541 in memory device  130 for subsequent generation of identity data  113. For example, second identification  541 may be stored as part of device information  121 and/or for presentation in message 131 of identity data  113.
      For example, the memory device stores an executable set of instructions in endpoint 150. The set of instructions may be part of the content  161 or a package  441 of the firmware or operating system of the endpoint. Memory device  130 is configured to verify the integrity of the set of instructions before allowing endpoint 150 to load the set of instructions for execution. Because the set of instructions is protected via memory device  130, the server system can reliably communicate with endpoint 150 executing the set of instructions to cause memory device  130 to execute commands 155. The communication path between endpoint 150 and the server system may optionally be protected by client server  141 and/or optionally via session key  263 and symmetric encryption. 
      At block 565, the server system receives the authentication request 173 containing the identity data  113 generated by the memory device  130. Identity data  113 contains a verification code  133 generated from a message 131 presented in identity data  113 and an encryption key (e.g., secret key 137) derived at least in part from a secret (e.g., 101).
      For example, in some embodiments, message 131 presented in the identity data contains second identification  541. Optionally, when the second identification  541 is configured as part of the device information  121, an encryption key (e.g., secret key 137) for signing the message 131 in the form of the passcode  133 may be further derived based on the second identification  541; alternatively, the encryption key is independent of the second identification  541.
      In some embodiments, message 131 presented in identity data  113 does not include second recognition  541.
      At block 567, the server system verifies the validity of the identity data  113 based at least in part on the secret (e.g., 101) of the memory device  130.
      For example, the operations in block 567 may be performed in a manner similar to the operations performed in block  323, block 343, block 403, block 423, block 463, block 485, and/or block 525.
      At block 569, the server system provides an authentication response  174 to the authentication request 173 in response to determining that the identity data  113 is valid. Authentication response  174 is configured to indicate that identity data  113 was generated by endpoint 150 with second identification  541. 
      For example, the server system may identify second identification  541 in verification response  174 by looking up second identification  541 associated with the first identification in data stored in secure server  140 or extracting second identification  541 from identity data  113. Alternatively, the server system may indicate that identity data  113 is valid, including second identification  541 presented in message 131 contained in identity data  113.
      Fig. 28 illustrates an example machine of a computer system  600 within which a set of instructions, for causing the machine to perform any one or more of the methodologies discussed herein, may be executed. In some embodiments, computer system  600 may correspond to a host system that includes, is coupled to, or uses a memory subsystem, or may be used to perform operations of security manager 160 (e.g., execute instructions to perform operations corresponding to the security features of security server  140 and/or memory device  130 described with reference to fig. 1-27). In alternative embodiments, the machine may be connected (e.g., networked) to other machines in a LAN, an intranet, an extranet, and/or the internet. The machine may operate in the capacity of a server or a client machine in a client-server network environment, as a peer machine in a peer-to-peer (or distributed) network environment, or as a server or a client machine in a cloud computing infrastructure or environment. 
      The machine may be a Personal Computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Additionally, while a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
      The processing device 602 represents one or more general-purpose processing devices such as a microprocessor, central processing unit, or the like. More specifically, the processing device may be a Complex Instruction Set Computing (CISC) microprocessor, Reduced Instruction Set Computing (RISC) microprocessor, Very Long Instruction Word (VLIW) microprocessor, or processor implementing other instruction sets, or processors implementing a combination of instruction sets. The processing device 602 may also be one or more special-purpose processing devices such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), network processor, or the like. The processing device 602 is configured to execute instructions 626 for performing the operations and steps discussed herein. The computer system  600 may further include a network interface device  608 that communicates over a network  620. 
      The data storage system 618 may include a machine-readable medium 624 (also referred to as a computer-readable medium) on which is stored one or more sets of instructions 626 or software embodying any one or more of the methodologies or functions described herein. The instructions 626 may also reside, completely or at least partially, within the main memory 604 and/or within the processing device 602 during execution thereof by the computer system  600, the main memory 604, and the processing device 602, which also constitute machine-readable storage media. Machine-readable medium 624, data storage system 618, and/or main memory 604 may correspond to a memory subsystem.
      In one embodiment, instructions 626 include instructions to implement functionality corresponding to security manager 160 (e.g., the operation of security features of security server  140 and/or memory device  130 described with reference to fig. 1-27). While the machine-readable storage medium 624 is shown in an example embodiment to be a single medium, the term "machine-readable storage medium" should be taken to include a single medium or multiple media that store the one or more sets of instructions. The term "machine-readable storage medium" shall also be taken to include any medium that is capable of storing or encoding a set of instructions for execution by the machine and that cause the machine to perform any one or more of the methodologies of the present disclosure. The term "machine-readable storage medium" shall accordingly be taken to include, but not be limited to, solid-state memories, optical media, and magnetic media. 
      In general, an endpoint 150, a server (e.g., security server  140,  client server    141 or 143, or card server 223) may be a computing system having a host system  120 and a memory subsystem. The memory subsystem may include media such as one or more volatile memory devices, one or more non-volatile memory devices (e.g., memory device 130), or a combination of these.
      The memory subsystem may be a memory device, a memory module, or a mixture of memory devices and memory modules. Examples of storage devices include Solid State Drives (SSDs), flash drives, Universal Serial Bus (USB) flash drives, embedded multimedia controller (eMMC) drives, Universal Flash Storage (UFS) drives, Secure Digital (SD) cards, and Hard Disk Drives (HDDs). Examples of memory modules include dual in-line memory modules (DIMMs), small outline DIMMs (SO-DIMMs), and various types of non-volatile dual in-line memory modules (NVDIMMs).
      For example, the computing system may be a computing device, such as a desktop computer, a laptop computer, a network server, a mobile device, a vehicle (e.g., an aircraft, drone, train, automobile, or other vehicle), an internet of things (IoT) -enabled device, an embedded computer (e.g., an embedded computer included in a vehicle, industrial equipment, or networked business device), or such computing device including memory and processing devices. 
      A host system  120 of the computing system is coupled to one or more memory subsystems. As used herein, "coupled to" or "coupled with … …" generally refers to a connection between components that may be an indirect communicative connection or a direct communicative connection (e.g., without intervening components), whether wired or wireless, including electrical, optical, magnetic, etc. connections.
      The host system  120 may be coupled to the memory subsystem via a physical host interface. Examples of physical host interfaces include, but are not limited to, a Serial Advanced Technology Attachment (SATA) interface, a peripheral component interconnect express (PCIe) interface, a Universal Serial Bus (USB) interface, a fibre channel, a serial attached SCSI (sas) interface, a Double Data Rate (DDR) memory bus interface, a Small Computer System Interface (SCSI), a dual in-line memory module (DIMM) interface (e.g., a DIMM socket interface supporting Double Data Rate (DDR)), an Open NAND Flash Interface (ONFI), a Double Data Rate (DDR) interface, a Low Power Double Data Rate (LPDDR) interface, or any other interface. The physical host interface may be used to transfer data between the host system  120 and the memory subsystem. The host system  120 may further utilize an NVM express (NVMe) interface to access components (e.g., memory device 130) when the memory subsystem is coupled with the host system  120 over a PCIe interface. The physical host interface may provide an interface for passing control, address, data, and other signals between the memory subsystem and the host system  120. In general, the host system  120 may access one or more memory subsystems via the same communication connection, multiple separate communication connections, and/or a combination of communication connections. 
      The processing device 118 of the host system  120 may be, for example, a microprocessor, a Central Processing Unit (CPU), a processing core of a processor, an execution unit, or the like. In some cases, the controller  116 may be referred to as a memory controller, a memory management unit, and/or an initiator. In one example, the controller  116 controls communication over a bus coupled between the host system  120 and the memory subsystem. In general, controller  116 may send commands or requests to the memory subsystem desiring access to memory device  130. The controller  116 may further include interface circuitry for communicating with the memory subsystem. The interface circuitry may convert the response received from the memory subsystem into information for the host system  120.
      The controller  116 of the host system  120 may communicate with the controller of the memory subsystem to perform operations such as reading data, writing data, or erasing data at the memory device  130, among other such operations. In some cases, the controller  116 is integrated within the same package as the processing device 118. In other cases, the controller  116 is separate from the packaging of the processing device 118. The controller  116 and/or the processing device 118 may include hardware, such as one or more Integrated Circuits (ICs) and/or discrete components, cache memory, or a combination thereof. The controller  116 and/or processing device 118 may be a microcontroller, special purpose logic circuitry (e.g., a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), etc.), or another suitable processor. 
      Some examples of non-volatile memory components include NAND (or NOT AND) (NAND) type flash memory AND write-in-place memory, such as three-dimensional cross-point ("3D cross-point") memory. A non-volatile memory cross-point array may perform bit storage based on changes in body resistance in conjunction with a stackable cross-meshed data access array. In addition, in contrast to many flash-based memories, cross-point non-volatile memories can perform in-place write operations in which non-volatile memory cells can be programmed if they have been previously erased. The NAND type flash memory includes, for example, two-dimensional NAND (2D NAND) and three-dimensional NAND (3D NAND).
      Each of memory devices  130 may include one or more arrays of memory cells. One type of memory cell, such as a Single Level Cell (SLC), can store one bit per cell. Other types of memory cells, such as multi-level cells (MLC), three-level cells (TLC), four-level cells (QLC), and five-level cells (PLC), may store multiple bits per cell. In some embodiments, each of memory devices  130 may include one or more arrays such as SLC, MLC, TLC, QLC, PLC, or any combination thereof. In some embodiments, a particular memory device may include an SLC portion, an MLC portion, a TLC portion, a QLC portion, and/or a PLC portion of a memory cell. The memory cells of memory device  130 may be grouped into pages, which may refer to logical units of the memory device for storing data. In some types of memory (e.g., NAND), pages may be grouped to form blocks. 
      Although non-volatile memory devices are described, such as 3D cross-point and NAND type memories (e.g., 2D NAND, 3D NAND), memory device  130 may be based on any other type of non-volatile memory, such as Read Only Memory (ROM), Phase Change Memory (PCM), self-selection memory, other chalcogenide based memories, ferroelectric transistor random access memory (FeTRAM), ferroelectric random access memory (FeRAM), Magnetic Random Access Memory (MRAM), Spin Transfer Torque (STT) -MRAM, conductive bridge ram (cbram), Resistive Random Access Memory (RRAM), oxide based RRAM (oxram), NOR (NOR) flash memory, and Electrically Erasable Programmable Read Only Memory (EEPROM).
      The memory subsystem controller may communicate with memory device  130 to perform operations such as reading data, writing data, or erasing data at memory device  130 and other such operations (e.g., in response to commands scheduled by controller  116 on a command bus). The memory subsystem controller may include hardware such as one or more Integrated Circuits (ICs) and/or discrete components, cache memory, or a combination thereof. The hardware may comprise digital circuitry with dedicated (e.g., hard-coded) logic to perform the operations described herein. The memory subsystem controller may be a microcontroller, special purpose logic circuitry (e.g., a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), etc.), or another suitable processor. 
      The memory subsystem controller may include a processing device (e.g., a processor) configured to execute instructions stored in a local memory. In the example shown, the local memory of the memory subsystem controller includes embedded memory configured to store instructions for performing various processes, operations, logic flows, and routines that control the operation of the memory subsystem, including handling communications between the memory subsystem and the host system  120.
      In some embodiments, the local memory may include memory registers that store memory pointers, fetched data, and the like. The local memory may also include Read Only Memory (ROM) for storing microcode. While some memory subsystems have a memory subsystem controller, other memory subsystems do not contain a memory subsystem controller, but may rely on external control (e.g., provided by an external host or by a processor or controller separate from the memory subsystem).
      In general, the memory subsystem controller may receive commands or operations from the host system  120 and may convert the commands or operations into instructions or appropriate commands to achieve the desired access to the memory device  130. The memory subsystem controller may be responsible for other operations such as wear leveling operations, garbage collection operations, error detection and Error Correction Code (ECC) operations, encryption operations, cache operations, and address translation between logical addresses (e.g., Logical Block Addresses (LBAs), namespaces) and physical addresses (e.g., physical block addresses) associated with the memory device  130. The memory subsystem controller may further include host interface circuitry for communicating with the host system  120 via a physical host interface. Host interface circuitry may convert commands received from the host system into command instructions to access memory device  130 and convert responses associated with memory device  130 into information for host system  120. 
      The memory subsystem may also include additional circuitry or components not shown. In some embodiments, the memory subsystem may include a cache or buffer (e.g., DRAM) and address circuitry (e.g., row decoder and column decoder) that may receive an address from the memory subsystem controller and decode the address to access the memory device  130.
      In some embodiments, memory device  130 includes a local media controller for performing operations on one or more memory units 103 of memory device  130 in conjunction with a memory subsystem controller of the memory subsystem. The local media controller may be used to implement the encryption engine  107 and/or the access controller  109. An external controller (e.g., a memory subsystem controller or controller  116 of host system 120) may manage memory device  130 externally (e.g., perform media management operations on memory device 130). In some embodiments, memory device  130 is a managed memory device, which is the original memory device combined with a local media controller for media management within the same memory device package. An example of a managed memory device is a managed nand (mnand) device. 
      Memory subsystem controller and/or memory device  130 may include a security manager  160 configured to provide the security features discussed above. In some embodiments, the memory subsystem controller and/or a local media controller in the memory subsystem may contain at least a portion of the security manager  160. In other embodiments, or in combination, the controller  116 in the host system  120 may include at least a portion of the security manager  160. For example, memory subsystem controller, controller  116, and/or security server  140 may include logic circuitry and/or execute instructions when implementing security manager  160. For example, the processing device 118 (e.g., a processor) of the memory subsystem controller or host system  120 may be configured to execute instructions stored in the memory device  130 for performing the operations of the security manager  160 described herein. In some embodiments, security manager  160 is implemented in an integrated circuit chip disposed in the memory subsystem. In other embodiments, security manager  160 may be part of the firmware of the memory subsystem, the operating system of host system  120, a device driver or application, or any combination thereof. 
      Some portions of the preceding detailed description have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the most effective means used by those skilled in the data processing arts to convey the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of operations leading to a desired result. The operations are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, combined, compared, and otherwise manipulated. It has proven convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, elements, symbols, characters, terms, numbers, or the like.
      It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. The present disclosure may refer to the action and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage systems. 
      The present disclosure also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the required purposes, or it may comprise a general-purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), Random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.
      The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various general-purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the method. The structure for a variety of these systems will appear from the description below. In addition, the present disclosure is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the disclosure as described herein. 
      The present disclosure may be provided as a computer program product or software which may include a machine-readable medium having stored thereon instructions which may be used to program a computer system (or other electronic devices) to perform a process according to the present disclosure. A machine-readable medium includes any mechanism for storing information in a form readable by a machine (e.g., a computer). In some embodiments, a machine-readable (e.g., computer-readable) medium includes a machine (e.g., computer) -readable storage medium, such as read only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory components, and so forth.
      In this specification, various functions and operations are described as being performed by or caused by computer instructions for simplicity of description. However, those skilled in the art will recognize that the intent of such expressions is that the functions result from execution of computer instructions by one or more controllers or processors (e.g., microprocessors). Alternatively or in combination, the functions and operations may be implemented using special purpose circuitry, with or without software instructions, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA). Embodiments may be implemented using hardwired circuitry without software instructions or in combination with software instructions. Thus, the techniques are not limited to any specific combination of hardware circuitry and software nor to any particular source for the instructions executed by the data processing system. 
      In the foregoing specification, embodiments of the disclosure have been described with reference to specific example embodiments thereof. It will be evident that various modifications may be made thereto without departing from the broader spirit and scope of embodiments of the disclosure as set forth in the following claims. The specification and drawings are, accordingly, to be regarded in an illustrative sense rather than a restrictive sense.
    Claims (20)
1. A method, comprising:
      receiving, in a server system, a request from an endpoint with identity data generated by a memory device configured in the endpoint;
      verifying, by the server system, the identity data in response to the request and based on information about the endpoint stored in the server, the information including a secret of the memory device; and
      in response to determining that the identity data is valid,
      identifying a service ordered for the endpoint in an online service store;
      identifying a client server configured to provide the service; and is
      Directing the endpoint to the client server.
    2. The method of claim 1, further comprising:
      receiving, in the online service store, an order for the service of the endpoint prior to the request; wherein the client server is identified based on the order. 
    3. The method of claim 2, wherein the order is received in the online service store without passing through the endpoint; the order is directed to the endpoint identification using the common identification of the endpoint; and the identity data comprises the public identity.
    4. The method of claim 3, further comprising:
      configuring, by the server system, the endpoint for the service in response to determining that the identity data is valid.
    5. The method of claim 4, wherein the configuration of the endpoint comprises:
      updating first firmware stored in the memory device and executed in the endpoint to generate the request.
    6. The method of claim 5, wherein the endpoint is unable to receive the service from the client server prior to the update.
    7. The method of claim 6, wherein after the update, a second firmware is stored in the memory device and executed in the endpoint to provide functionality not found in the endpoint running the first firmware prior to the update.
    8. The method of claim 7, wherein the second firmware includes an identification of the client server. 
    9. The method of claim 5, further comprising:
      identifying an account for subscribing to the service for the endpoint;
      wherein the configuration of the endpoint comprises configuring the memory device to generate updated identity data containing an identifier of the account; and is
      Wherein after the update, the memory device is configured to generate the updated identity data of the endpoint using an encryption key generated based at least in part on the secret and a second firmware stored in the memory device.
    10. The method of claim 9, further comprising:
      generating a verification code for a command using an encryption key representing a permission to cause the command to execute in the memory device, wherein the command causes the first firmware to be replaced with the second firmware when executed in the memory device, and wherein the memory device is configured to receive the command and the verification code and verify the verification code for the permission before executing the command.
    11. The method of claim 10, wherein the memory device does not transfer the secret out of the memory device after fabrication of the memory device is completed in a secure facility. 
    12. The method of claim 11, further comprising:
      based on the verification of the identity data, a session key is established.
    13. The method of claim 12, wherein the memory device is configured to verify the passcode based on an access control key configured based on the session key.
    14. The method of claim 13, further comprising:
      registering the secret during manufacture of the memory device in the secure facility; and
      generating an encryption key to verify the identity data based at least in part on the secret.
    15. The method of claim 14, wherein the encryption key used to verify the identity data is further generated based on data received from a host system of the memory device at a boot time of the endpoint.
    16. A computing system, comprising:
      a memory storing an encryption key of a memory device; and
      at least one processor configured, via a set of instructions, to:
      receiving, from an endpoint, a request having identity data generated by a memory device configured in the endpoint; and is
      In response to the request:
      verifying the identity data in response to the request and based on information stored in memory about the endpoint, the information including a secret of the memory device; 
      Identifying a service ordered for the endpoint in an online service store; and is
      Directing the endpoint to a client server configured to provide the service.
    17. The computing system of claim 16, wherein the authenticity of the endpoint is determined based on a validity of the identity data and a security feature of the memory device; and wherein the security feature comprises:
      generating an encryption key representing an identity of the endpoint based at least in part on the secret of the memory device and firmware currently configured in the memory device for execution by the endpoint; and
      commands executed in the memory device are controlled based on the rights represented by the encryption key.
    18. The computing system of claim 17, wherein the endpoint is directed to the client server via a firmware update of the endpoint; and wherein the security feature further includes a cryptographic engine implemented via logic circuitry in the memory device.
    19. A non-transitory computer storage medium storing instructions that, when executed by a server, cause the server to perform a method, the method comprising: 
      Receiving, from an endpoint, a request having identity data generated by a memory device configured in the endpoint;
      verifying the identity data in response to the request and based on information about the endpoint, the information including a secret of the memory device; and
      in response to determining that the identity data is valid,
      identifying a service subscribed to for the endpoint in an online service store; and is provided with
      Directing the endpoint to a client server configured to provide the service.
    20. The non-transitory computer storage medium of claim 19, wherein directing the endpoint to the client server comprises:
      configuring firmware of the endpoint to connect the endpoint to the client server to obtain the service.
    Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title | 
|---|---|---|---|
| US202163156232P | 2021-03-03 | 2021-03-03 | |
| US63/156,232 | 2021-03-03 | ||
| US17/485,204 | 2021-09-24 | ||
| US17/485,204 US11811743B2 (en) | 2020-10-26 | 2021-09-24 | Online service store for endpoints | 
Publications (2)
| Publication Number | Publication Date | 
|---|---|
| CN115021950A true CN115021950A (en) | 2022-09-06 | 
| CN115021950B CN115021950B (en) | 2024-10-01 | 
Family
ID=83067990
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date | 
|---|---|---|---|
| CN202210197979.0A Active CN115021950B (en) | 2021-03-03 | 2022-03-02 | Online service store for endpoints | 
Country Status (1)
| Country | Link | 
|---|---|
| CN (1) | CN115021950B (en) | 
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20050108534A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Providing services to an open platform implementing subscriber identity module (SIM) capabilities | 
| CN104604275A (en) * | 2012-09-03 | 2015-05-06 | 阿尔卡特朗讯公司 | Smart card personnalization with local generation of keys | 
| WO2016024893A1 (en) * | 2014-08-15 | 2016-02-18 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and nodes for mapping subscription to service user identity | 
| CN107409137A (en) * | 2015-03-17 | 2017-11-28 | 高通股份有限公司 | For the apparatus and method connective by guarantee using application specific network insertion voucher to wireless network | 
| CN107431701A (en) * | 2015-03-06 | 2017-12-01 | 高通股份有限公司 | Sponsored connectivity to cellular networks using existing credentials | 
| US20190268149A1 (en) * | 2018-02-28 | 2019-08-29 | Vmware, Inc. | Methods and systems that efficiently and securely store encryption keys | 
| US20190288995A1 (en) * | 2018-03-14 | 2019-09-19 | Microsoft Technology Licensing, Llc | Autonomous secrets management for a managed service identity | 
| CN111819555A (en) * | 2018-03-07 | 2020-10-23 | 维萨国际服务协会 | Secure remote token issuance with online authentication | 
- 
        2022
        - 2022-03-02 CN CN202210197979.0A patent/CN115021950B/en active Active
 
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title | 
|---|---|---|---|---|
| US20050108534A1 (en) * | 2003-11-19 | 2005-05-19 | Bajikar Sundeep M. | Providing services to an open platform implementing subscriber identity module (SIM) capabilities | 
| CN104604275A (en) * | 2012-09-03 | 2015-05-06 | 阿尔卡特朗讯公司 | Smart card personnalization with local generation of keys | 
| WO2016024893A1 (en) * | 2014-08-15 | 2016-02-18 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and nodes for mapping subscription to service user identity | 
| CN107431701A (en) * | 2015-03-06 | 2017-12-01 | 高通股份有限公司 | Sponsored connectivity to cellular networks using existing credentials | 
| CN107409137A (en) * | 2015-03-17 | 2017-11-28 | 高通股份有限公司 | For the apparatus and method connective by guarantee using application specific network insertion voucher to wireless network | 
| US20190268149A1 (en) * | 2018-02-28 | 2019-08-29 | Vmware, Inc. | Methods and systems that efficiently and securely store encryption keys | 
| CN111819555A (en) * | 2018-03-07 | 2020-10-23 | 维萨国际服务协会 | Secure remote token issuance with online authentication | 
| US20190288995A1 (en) * | 2018-03-14 | 2019-09-19 | Microsoft Technology Licensing, Llc | Autonomous secrets management for a managed service identity | 
Also Published As
| Publication number | Publication date | 
|---|---|
| CN115021950B (en) | 2024-10-01 | 
Similar Documents
| Publication | Publication Date | Title | 
|---|---|---|
| US12149517B2 (en) | Management of identifications of an endpoint having a memory device secured for reliable identity validation | |
| US12089049B2 (en) | Virtual subscriber identification module and virtual smart card | |
| US12298917B2 (en) | Online security services based on security features implemented in memory devices | |
| JP2022527757A (en) | Generating the ID of a computing device using a physical duplication difficulty function | |
| TW202038123A (en) | Verification of identity using a secret key | |
| US12075520B2 (en) | Cloud-service on-boarding without prior customization of endpoints | |
| US12039318B2 (en) | Endpoint customization via online firmware store | |
| CN110326266B (en) | A method and device for data processing | |
| US20220131847A1 (en) | Subscription Sharing among a Group of Endpoints having Memory Devices Secured for Reliable Identity Validation | |
| US20220129390A1 (en) | Monitor Integrity of Endpoints having Secure Memory Devices for Identity Authentication | |
| US11811743B2 (en) | Online service store for endpoints | |
| US11917059B2 (en) | Batch transfer of control of memory devices over computer networks | |
| CN116783593A (en) | Server system for controlling memory devices via a computer network | |
| US20220129391A1 (en) | Track Activities of Endpoints having Secure Memory Devices for Security Operations during Identity Validation | |
| US20240430253A1 (en) | Track Activities of components in Endpoints having Secure Memory Devices via Identity Validation | |
| CN115037496B (en) | Method and computing system for providing security services and related computer storage media | |
| CN115037495B (en) | Track activity of endpoints with secure storage devices during authentication for security operations | |
| CN115037492B (en) | Method, system and computer storage medium for memory authentication | |
| CN115021950B (en) | Online service store for endpoints | |
| CN115037491B (en) | Subscription sharing in a group of endpoints with storage devices protected for reliable authentication | |
| CN115037493B (en) | Monitoring the integrity of endpoints with secure memory devices for authentication | |
| CN115021949B (en) | Method and system for identity management of endpoints having memory devices protected for reliable authentication | |
| CN115037494A (en) | Cloud service login without pre-customization of endpoints | 
Legal Events
| Date | Code | Title | Description | 
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |