Abstract: A risk management system (RMS) device includes a RMS database and a RMS processor. The RMS processor includes a prescriber module to receive a request to enroll a patient in a RMS program of a therapeutic agent associated with multiple indications. The request includes a specification of at least one indication, and a confirmation of a diagnostic test conducted on the patient. The RMS processor also includes a patient module configured to generate a patient profile. The RMS processor also includes a database module configured to store the patient profile in the RMS database. The RMS processor also includes an authorization module configured to generate an authorization code indicating whether the patient is authorized to receive the therapeutic agent. The RMS processor also includes a communication module configured to transmit the authorization code to a pharmacy or a prescriber.

Abstract: A security server to validate identity data of computing devices having secure memory devices and track activities of components in the computing devices. The server system is configured to store data representative of a unique device secret sealed in the memory device. The server system can generate a first cryptographic key independently from the memory device generating a second cryptographic key. The memory device uses the second cryptographic key to generate identity data including a message and a verification code generated via cryptographic operations combining the message and the second cryptographic key. The server system can use the first cryptographic key to determine whether the verification code is valid for the message. If so, the security server can generate an activity record associating the activity of the computing device with identifications of respective components of the computing device confirmed via validation of the identity data.

Abstract: An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server.

Abstract: A security server to provide security services over a computer network based on security features of memory devices connected to host systems. For example, the security features of a memory device can include a unique device secret, a cryptographic engine, and an access controller to implement access privileges represented by cryptographic keys. After receiving identity data that is generated by the memory device and represented by a cryptographic key, the security server can determine authenticity of the memory device based on its copy of the unique device secret of the memory device. The security server can generate a verification code for a command and cause the command and the verification code to be communicated to the memory device, where the access controller of the memory device validates the verification code in determining whether to block execution of the command in the memory device.

Abstract: A security server to implement security operations during validation of the identity of an endpoint based on activity data of the endpoint. For example, a server system stores data representative of preferences for the endpoint. After receiving, a validation request containing identity data generated by a memory device configured in the endpoint, the server system can validate the identity data based at least in part on a secret of the memory device. If the identity data is valid, the server system can further determine whether an activity, as identified by the identity data and/or the validation request, satisfies a condition specified for the endpoint. If so, the server system can perform a security operation associated with the condition in providing a validation response in responding to the validation request.

Abstract: A server system configured to allow a group of endpoints to share a subscription. For example, data can be stored to associate the endpoint group with at least one subscriber identifier. After receiving a validation request containing identity data generated by a memory device configured in an endpoint in the group, the server system can validate the identity data based at least in part on a secret of the memory device. In response to a determination that the identity data is valid, the system can determine that the subscriber identifier is not currently assigned to any endpoint in the group and thus assign, based on the data associating the endpoint group with the subscriber identifier, the subscriber identifier to the endpoint to cause a service offered to an account represented by the subscriber identifier to be provided to the endpoint.

Abstract: A server system to customize firmware of an endpoint via an online firmware store in connection with validating authenticity of the endpoint. For example, a customized version of firmware can be ordered for the endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, the server system can determine, based on a secret of the memory device, the authenticity of the endpoint having the current firmware. An update to firmware stored in the memory device and executed in the endpoint to generate the request is identified. The server system generates a verification code for a command executable in the memory device to perform the update. After receiving the command and the verification code, the memory device validates the verification code to determine whether to execute the command for firmware update.

Abstract: A server system to onboard an endpoint having a host system connected to a host interface of a memory device for a cloud service without prior customization of the endpoint to identify an account for accessing the cloud service. For example, after receiving a request associated with the service and containing identity data generated by the memory device, the server system determines authenticity of the memory device and the endpoint based on a secret of the memory device and the identity data. In response to the request, the server system further identifies, based on the identity data, a subscriber among a plurality of subscribers based on ownership data of the endpoint. As a result of the identifying of the subscriber based on the identity data, the server system determines an account of the subscriber to provide the service to the endpoint based on the account.

Abstract: A security server to manage integrity of packages stored in an endpoint based on identity authentication implemented using security features of a memory device configured in the endpoint. For example, the security server validates identity data generated by the memory device based at least in part on a secret of the memory device. The server can extract, from the identity data, health information of a package stored in the endpoint and determined, based at least in part on the health information, whether or not to update or repair the package currently stored in the endpoint.

Abstract: A system, method and apparatus to authenticate an endpoint having a secure memory device. For example, a card profile can be selected, configured, and/or stored into the secure memory device based on endpoint identity data representative of a component configuration of the endpoint, including the device identity representative of the memory device and other components. The card profile can be used by the endpoint to emulate a physical smart card and can be viewed a virtual smart card, such as a virtual subscriber identification module (SIM) card for accessing a cellular connection.

Abstract: An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server.

Abstract: A server system stores data associating a secret of the memory device configured in an endpoint, a first identification, and device information of the endpoint. After receiving a request to bind a second identification to the endpoint, the server system can tie identity data of the endpoint to the second identification. For example, after receiving a validation request containing identity data generated by the memory device, the server system can verify a verification code in the identity data based at least in part on the secret of the memory device. The verification code is generated from a message presented in the identity data and a cryptographic key derived at least in part from the secret. Based on validating the identity data, the server system can provide a validation response to indicate that the identity data is generated by the endpoint having the second identification.

Abstract: A risk management system (RMS) device includes a RMS database and a RMS processor. The RMS processor includes a prescriber module to receive a request to enroll a patient in a RMS program of a therapeutic agent associated with multiple indications. The request includes a specification of at least one indication, and a confirmation of a diagnostic test conducted on the patient. The RMS processor also includes a patient module configured to generate a patient profile. The RMS processor also includes a database module configured to store the patient profile in the RMS database. The RMS processor also includes an authorization module configured to generate an authorization code indicating whether the patient is authorized to receive the therapeutic agent. The RMS processor also includes a communication module configured to transmit the authorization code to a pharmacy or a prescriber.

Abstract: A risk management system (RMS) device includes a RMS database and a RMS processor. The RMS processor includes a prescriber module to receive a request to enroll a patient in a RMS program of a therapeutic agent associated with multiple indications. The request includes a specification of at least one indication, and a confirmation of a diagnostic test conducted on the patient. The RMS processor also includes a patient module configured to generate a patient profile. The RMS processor also includes a database module configured to store the patient profile in the RMS database. The RMS processor also includes an authorization module configured to generate an authorization code indicating whether the patient is authorized to receive the therapeutic agent. The RMS processor also includes a communication module configured to transmit the authorization code to a pharmacy or a prescriber.

Abstract: A risk management system (RMS) device includes a RMS database and a RMS processor. The RMS processor includes a prescriber module to receive a request to enroll a patient in a RMS program of a therapeutic agent associated with multiple indications. The request includes a specification of at least one indication, and a confirmation of a diagnostic test conducted on the patient. The RMS processor also includes a patient module configured to generate a patient profile. The RMS processor also includes a database module configured to store the patient profile in the RMS database. The RMS processor also includes an authorization module configured to generate an authorization code indicating whether the patient is authorized to receive the therapeutic agent. The RMS processor also includes a communication module configured to transmit the authorization code to a pharmacy or a prescriber.