Abstract: Various examples are directed to a system for configuring a host device. The host device may comprise a memory system and may be programmed to receive subscriber software for interfacing the host device to a subscription service. The host device may also be programmed to receive from a first assembler secure appliance, first trace data based at least in part on the subscriber software and generate trace-derived data using the first trace data and the memory system identification key. The host device may also be programmed to send a subscription request to a subscription server associated with the subscription service. The subscription request may comprise the trace-derived data. The host device may also be programmed to receive, from the subscription server, subscription data for accessing the subscription service.

Abstract: The present disclosure relates to a system, a method and to a memory device to ensure a secure memory access to a memory device. The memory device is structured and organized with: a first accessible data storage area configured to store data of a host device; a second accessible data storage area configured to store metadata. The second accessible data storage area is organized in groups of sub-fields including at least a first group of flags and at least another field of the same second accessible storage area selectable by the value of one of said flags.

Abstract: Methods, systems, and devices for authenticating software images are described. Software images may include different portions (e.g., different versions, different users) that may be authenticated using hashes associated with an underlying data structure of the portion of the software image. In some examples, hashes (e.g., first hashes) associated with the software image may be generated and stored using a tree structure, such that a previous hash may be used when calculating a hash associated with a new portion of the software image. To authenticate a portion of the software image, a command may be issued, and a second hash may be calculated using the current data structure of the software image. The second hash may be compared to the associated first hash, and the software image may be authenticated based on the hashes matching.

Abstract: A method is provided for synchronizing timing in phase and frequency of clocks associated with a plurality of radio nodes (RNs) in a small cell radio access network (RAN) having an access controller operatively coupled to each of the RNs. In accordance with the method, a donor list is generated for each given RN in the RAN. The donor list represents an ordered list of potential wireless access points that are able to serve as a source of a wireless sync signal for the given RN. The donor lists are distributed to the respective RNs. An access point is selected by each of the RNs from their respective donor lists to use as a sync signal source. Each of the RNs synchronize their respective clocks in phase and frequency using wireless sync signals received from the respective selected access points.

Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.

Abstract: Disclosed herein are methods, computer readable media, and devices for performing software updates. In one embodiment, a method is disclosed comprising initializing a storage space of a secure storage device into a plurality of portions; copying an update program to a first portion in the portions and copying update data to a second portion of the portions; generating a first golden measurement for the first portion and a second golden measurement for the second portion; measuring the first portion; updating or rolling back an update to the secure device in response to determining that the measuring of the first portion does not match the first golden measurement of the first portion; and verifying an update operation upon determining that the measuring of the first portion matches the first golden measurement of the first portion.

Abstract: Various examples are directed to systems and methods for providing a digital fingerprint of a selected portion of a memory device to a host device. A host device executing at a host device may send a to a driver a command to produce digital fingerprint data. The command may include an output pointer indicating a memory location of the local memory. The driver may generate a modified command that does not include the output pointer. The driver may send the modified command to a memory device. The driver may receive a reply comprising the digital fingerprint data and write the digital fingerprint data to a location at the memory location of local memory of the host device indicated by the output pointer.

Abstract: Apparatuses and methods related to concurrently measuring and executing images. An apparatus for concurrently measuring and executing images can include a memory device, a first processing resource and a second processing resource. The first processing resource can execute instructions stored in the memory device to execute a first portion of an image responsive to measuring the first portion of the image and execute a second portion of the image responsive to measuring the second portion of the image. The second processing resource can execute instructions stored in the memory device to measure the first portion of the image and measure the second portion of the image concurrently with an execution of the first portion of the image by the first processing resource.

Abstract: Methods, systems, and devices for a differential write operation are described. The operations described herein may be used to alter a portion of a program file from a first state to a second state. For example, a file (e.g., a patch file) that is associated with a signature may be received at a memory device. Based on an authentication process, the file may be used to alter the program file to the second state. In some examples, the program file may be altered to the second state using a buffer of the memory device. A host system may transmit a file that includes the difference between the first state and the second state. A signature may be associated with the file and may be used to authenticate the file.

Abstract: Systems, methods and apparatuses to configure a computing device for identification and authentication are described. For example, a key management server (KMS) has a certificate generator and is coupled to a registration portal. A copy of secret implemented into a secure component during its manufacture in a factory is stored in the KMS. After leaving the factory, the component can be assembled into the device. The portal receives registration of the component and a hash of software of the device. The certificate generator generates, independent of the device, public keys of the device, using the copy of the secret stored in the KMS and hashes of the software received via the registration portal, and then sign a digital certificate of the public key of the device. Authentication of the device can then be performed via the private key of the device and the certified public key.

Abstract: A method is provided for synchronizing timing in phase and frequency of clocks associated with a plurality of radio nodes (RNs) in a small cell radio access network (RAN) having an access controller operatively coupled to each of the RNs. In accordance with the method, a donor list is generated for each given RN in the RAN. The donor list represents an ordered list of potential wireless access points that are able to serve as a source of a wireless sync signal for the given RN. The donor lists are distributed to the respective RNs. An access point is selected by each of the RNs from their respective donor lists to use as a sync signal source. Each of the RNs synchronize their respective clocks in phase and frequency using wireless sync signals received from the respective selected access points.

Abstract: Disclosed herein are methods, computer readable media, and devices for performing software updates. In one embodiment, a method is disclosed comprising initializing a storage space of a secure storage device into a plurality of portions; copying an update program to a first portion in the portions and copying update data to a second portion of the portions; generating a first golden measurement for the first portion and a second golden measurement for the second portion; measuring the first portion; updating or rolling back an update to the secure device in response to determining that the measuring of the first portion does not match the first golden measurement of the first portion; and verifying an update operation upon determining that the measuring of the first portion matches the first golden measurement of the first portion.

Abstract: Methods, systems, and devices associated with techniques for secure writes by non-privileged users are described. A memory device may be configured with one or more blocks of memory operating in a secure write mode. The memory device may receive an append command from a non-privileged user. The append command may indicate data to write to the block of memory at an address determined by the memory device. The memory device may identify a pointer to the address for storing the data within the block of memory. The memory device may write the data to a portion of the block of memory based on identifying the pointer and may update the pointer associated with the block of memory based on writing the data.

Abstract: Apparatuses and methods related to concurrently measuring and executing images. An apparatus for concurrently measuring and executing images can include a memory device, a first processing resource and a second processing resource. The first processing resource can execute instructions stored in the memory device to execute a first portion of an image responsive to measuring the first portion of the image and execute a second portion of the image responsive to measuring the second portion of the image. The second processing resource can execute instructions stored in the memory device to measure the first portion of the image and measure the second portion of the image concurrently with an execution of the first portion of the image by the first processing resource.

Abstract: Disclosed herein are methods, computer readable media, and devices for performing software updates. In one embodiment, a method is disclosed comprising initializing a storage space of a secure storage device into a plurality of portions; copying an update program to a first portion in the portions and copying update data to a second portion of the portions; generating a first golden measurement for the first portion and a second golden measurement for the second portion; measuring the first portion; updating or rolling back an update to the secure device in response to determining that the measuring of the first portion does not match the first golden measurement of the first portion; and verifying an update operation upon determining that the measuring of the first portion matches the first golden measurement of the first portion.

Abstract: Methods, systems, and devices for a differential write operation are described. The operations described herein may be used to alter a portion of a program file from a first state to a second state. For example, a file (e.g., a patch file) that is associated with a signature may be received at a memory device. Based on an authentication process, the file may be used to alter the program file to the second state. In some examples, the program file may be altered to the second state using a buffer of the memory device. A host system may transmit a file that includes the difference between the first state and the second state. A signature may be associated with the file and may be used to authenticate the file.

Abstract: Methods, systems, and devices for authenticating a device using a remote host are described. In some systems, a management server may identify a software update for a device and transmit a notification that the software update is sent to the device. In some cases, the system may also include a field server. The field server may receive the notification and set a flag, in a memory, that indicates an association between the device and the software update. The field server may receive, from the device, a connection request that includes a certificate associated with a key for authenticating the device and accept the key as valid based on the flag indicating the update to the software.

Abstract: Various examples are directed to systems and methods for programming memory. A programming appliance may receive a command file comprising a first pre-generated digital signature. The first pre-generated digital signature may be associated with a memory system, with a first command and with a first memory system counter value. The programming appliance may send to a memory system a first command message. The first command system may comprise the first command and the first pre-generated digital signature.

Abstract: Methods, systems, and devices for security descriptor generation are described. An end device may be authenticated based on a certificate and a device key based on a security descriptor. The security descriptor may be generated based on publicly-available information such as time of day information, geographical information, or a default set of information. The security descriptor may be used for generation of a certificate accessible by a server used for authenticating the device and also may be used by an end device to generate a device key for verification by the server authenticating the device.

Abstract: Methods, systems, and devices for a differential write operation are described. The operations described herein may be used to alter a portion of a program file from a first state to a second state. For example, a file (e.g., a patch file) that is associated with a signature may be received at a memory device. Based on an authentication process, the file may be used to alter the program file to the second state. In some examples, the program file may be altered to the second state using a buffer of the memory device. A host system may transmit a file that includes the difference between the first state and the second state. A signature may be associated with the file and may be used to authenticate the file.