Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to create a Module and executes a Module Template to generate the Module in response to the first command The RA device receives a second command to create a deployment authorization message. The Module and the deployment authorization message are deployed to an Appliance device. A set of instructions of the Module, when permitted by the deployment authorization message and executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: Pairing data associated with a second device may be received at a first device. The pairing data may be received from a server. A first authentication proof may be generated based on the pairing data received from the server. A second authentication proof may be received from the second device. Furthermore, an authentication status of the second device may be updated based on a comparison of the first authentication proof that is based on the pairing data received from the server and the second authentication proof that is received from the second device.

Abstract: The embodiments described herein describe technologies for Module management, including Module creation and Module deployment to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a command to create a Module and executes a Module Template to generate the Module in response to the command. The Module is deployed to an Appliance device. A set of instructions of the Module, when executed by the Appliance device, results in a secure construction of a sequence of operations to securely provision a data asset to the target device. The Appliance device is configured to distribute the data asset to a cryptographic manager (CM) core of the target device.

Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.

Abstract: A request associated with one or more privileges assigned to a first entity may be received. Each of the one or more privileges may correspond to an operation of an integrated circuit. Information corresponding to the first entity and stored in a memory that is associated with the integrated circuit may be identified. Furthermore, the memory may be programmed to modify the information stored in the memory that is associated with the integrated circuit in response to the request associated with the one or more privileges assigned to the first entity.

Abstract: A request associated with a revocation of a key may be received. A hash value corresponding to the key that is stored in a memory may be identified. Furthermore, the hash value that is stored in the memory may be corrupted in response to the request associated with the revocation of the key.

Abstract: A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID.

Abstract: Values and a sequence of operations associated with generating a key may be received. A determination may be made as to whether the sequence of operations associated with the key matches an authorized sequence of operations. The key may be outputted when the received sequence of operations matches the authorized sequence of operations and the key may not be outputted when the received sequence of operations does not match the authorized sequence of operations.

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract: A first key associated with a plurality of devices may be received. Furthermore, a second key associated with a single device may be received. The first key associated with the plurality of devices may be modified based on a device identification of the single device. Additionally, a primary key may be generated based on the modified first key and the second key.

Abstract: The embodiments described herein describe technologies for ticketing systems used in consumption and provisioning of data assets, such as a pre-computed (PCD) asset. A ticket may be a digital file or data that enables enforcement of usage count limits and uniqueness issuance ore sequential issuance of target device parameters. On implementation includes an Appliance device of a cryptographic manager (CM) system that receives a Module and a ticket over a network from a Service device. The Module is an application that securely provisions a data asset to a target device in an operation phase of a manufacturing lifecycle of the target device. The ticket is digital data that grants permission to the Appliance device to execute the Module. The Appliance device verifies the ticket to execute the Module. The Module, when executed, results in a secure construction of a sequence of operations to securely provision the data asset to the target device.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example method includes receiving, by a root authority system, data identifying a command that affects operation of an integrated circuit, singing, by the root authority system, the command using a root authority key to create a root signed block (RSB), and providing the RSB to a security manager of the integrated circuit.

Abstract: A first key associated with a plurality of devices may be received. Furthermore, a second key associated with a single device may be received. The first key associated with the plurality of devices may be modified based on a device identification of the single device. Additionally, a primary key may be generated based on the modified first key and the second key.

Abstract: The embodiments described herein describe technologies for pre-computed data (PCD) asset generation and secure deployment of the PCD asset to a target device in an operation phase of a manufacturing lifecycle of the target device in a cryptographic manager (CM) environment. One implementation includes a Root Authority (RA) device that receives a first command to generate a unique PCD asset for a target device. In response, the RA device generates the PCD asset and packages the PCD asset for secure deployment of the PCD asset to the target device and to be used exclusively by the target device. The RA device deploys the packaged PCD asset in a CM system for identification and tracking of the target device.