Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: A network service may be identified. One or more attributes of the network service may be determined. An attribute manifest for the network service may be generated based on the determined one or more attributes of the network service. Furthermore, the attribute manifest may be transmitted based on the determined one or more attributes to the network service.

Abstract: A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.

Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

Abstract: A cryptographic key may be received or generated at a self-encrypting key management service application where the cryptographic key is received from another application provided on a server associated with the self-encrypting key management service application. The cryptographic key may be stored at a secure enclave corresponding to the self-encrypting key management service application. A request for a performance of a cryptographic operation associated with the cryptographic key may be received from the other application provided on the server. The cryptographic key at the secure enclave corresponding to the self-encrypting key management service application may be retrieved. The cryptographic operation may be performed with the cryptographic key to generate an output that is provided to the other application.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: A virtual memory including virtual addresses may be generated. A first virtual address of the virtual memory may be mapped to a first physical address of a one-time programmable (OTP) memory of a device. Furthermore, a second virtual address of the virtual memory may be mapped to a second physical address of a static memory of the device. The virtual memory that is mapped to the OTP memory and the static memory may be provided for accessing of the data of the OTP memory of the device.

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.

Abstract: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: A virtual memory including virtual addresses may be generated. A first virtual address of the virtual memory may be mapped to a first physical address of a one-time programmable (OTP) memory of a device. Furthermore, a second virtual address of the virtual memory may be mapped to a second physical address of a static memory of the device. The virtual memory that is mapped to the OTP memory and the static memory may be provided for accessing of the data of the OTP memory of the device.

Abstract: A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Abstract: A request may be received from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave. A plugin of the secure enclave may be identified from the request for performance of the operation. The operation associated with the cryptographic key may be performed by using the plugin of the secure enclave to generate an output within the secure enclave. The output generated within the secure enclave and based on the plugin may be provided to the application.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: A container from a first root of trust associated with a first root entity may be received. The container may correspond to a mapping of a resource of an integrated circuit that is associated with the first root entity. The container may be verified based on a key that corresponds to the first root of trust and that is stored in the integrated circuit at manufacturing of the integrated circuit. An identification may be made that an assignment of the resource from the container corresponds to assigning the resource from the first root of trust to a new root of trust. A new key corresponding to the new root of trust may be generated. Information corresponding to the new key may be stored into a memory of the integrated circuit. Furthermore, the new key may be used to delegate the resource to a subsequent container.

Abstract: Authentication information at a first portion of encrypted data may be identified. A cryptographic key may be derived based on a combination of an identification of the first portion of the received encrypted data and a master key. Additional authentication information may be generated based on a combination of the derived cryptographic key and another portion of the received encrypted data. The encrypted data may be verified by comparing the authentication information at the first portion of the received encrypted data with the generated additional authentication information. In response to verifying the received encrypted data, a second cryptographic key may be derived based on a combination of an identification of the another portion of the encrypted data and the master key. The other portion of the received encrypted data may be decrypted by using the second cryptographic key.

Abstract: A secret key value that is inaccessible to software is scrambled according to registers consisting of one-time programmable (OTP) bits. A first OTP register is used to change the scrambling of the secret key value whenever a lifecycle event occurs. A second OTP register is used to undo the change in the scrambling of the secret key. A third OTP register is used to affect a permanent change to the scrambling of the secret key. The scrambled values of the secret key (whether changed or unchanged) are used as seeds to produce keys for cryptographic operations by a device.