Abstract: A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

Abstract: Systems, apparatuses, and methods for signing, and verifying the signature of, code to be executed by a target device. An example method of determining a verification hash of a code image to be executed by a target device comprises receiving a header and code image, determining an image hash based on metadata and the code image, determining a fuses hash based on values of hardware fuses of the target device, determining an information hash based on information stored in memory, determining a verification hash based on the image hash, the fuses hash, and the information hash, verifying the verification hash against a code signature in the header, obtaining an unlock constant based on the verification hash, comparing the unlock constant with a stored predetermined value to unlock a memory region of the target device, and executing the code in the code image on the target device.

Abstract: A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

Abstract: A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

Abstract: Systems, apparatuses, and methods for signing, and verifying the signature of, code to be executed by a target device. An example method of determining a verification hash of a code image to be executed by a target device comprises receiving a header and code image, determining an image hash based on metadata and the code image, determining a fuses hash based on values of hardware fuses of the target device, determining an information hash based on information stored in memory, determining a verification hash based on the image hash, the fuses hash, and the information hash, verifying the verification hash against a code signature in the header, obtaining an unlock constant based on the verification hash, comparing the unlock constant with a stored predetermined value to unlock a memory region of the target device, and executing the code in the code image on the target device.

Abstract: A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

Abstract: A server receives a request from the client. The request includes a cryptographically protected object that includes a respective user identifier and validation value. When the respective user identifier is valid, the validation value fails a first requirement in a predefined manner, and a count of consecutively received cryptographically protected objects whose validation value has failed the first validation requirement is less than a threshold value that is greater than one, the server returns to the client a response to the request in accordance with the respective user identifier, the response including an updated cryptographically protected object that includes the respective user identifier and an updated validation value, and updates the count. When the respective user identifier is valid, the validation value fails a first requirement in the predefined manner, and the count is equal to or exceeds the threshold value, the server performs a predefined remedial action.

Abstract: A first server associated with a first URL receives a request from a client, including a first object having a respective user identifier and validation value. The server evaluates the validation value of the received first object with respect to a first validation requirement. When the validation value of the first object fails the first validation requirement, the server sends a response to the client that causes the client to send a second request to a second URL that is distinct from the first URL. A second server associated with the second URL receives a request from the client that includes a second object, distinct from the first object. The second server evaluates the received second object with respect to a second validation requirement, and when the second object fails the second validation requirement, the second server invalidates the respective user identifier.

Abstract: One or more servers receive requests from clients and send responses. At least a subset of the responses including cookies produced by the one or more servers, and at least a subset of the received requests including cookies that were previously produced by the one or more servers and sent to the clients with responses to previously processed requests. Each of the cookies includes a respective user identifier. The one or more servers analyzing the received cookies to detect a first condition, which indicates that a respective plurality of clients may be using cookies that have a shared user identifier. Upon detecting the first condition, the one or more servers send at least one of the clients of the respective plurality of clients a response that includes a new cookie having a user identifier that is distinct from the shared user identifier.

Abstract: One or more servers receive requests from clients and send responses. At least a subset of the responses including cookies produced by the one or more servers, and at least a subset of the received requests including cookies that were previously produced by the one or more servers and sent to the clients with responses to previously processed requests. Each of the cookies includes a respective user identifier. The one or more servers analyzing the received cookies to detect a first condition, which indicates that a respective plurality of clients may be using cookies that have a shared user identifier. Upon detecting the first condition, the one or more servers send at least one of the clients of the respective plurality of clients a response that includes a new cookie having a user identifier that is distinct from the shared user identifier.