Abstract: In an aspect, an integrated tamper resistant device generates initial network credentials for accessing a network, wherein the initial network credentials enable the integrated tamper resistant device to be authenticated by a network solution provider before operational network credentials are provided securely by the network solution provider. The integrated tamper resistant device encrypts the initial network credentials and cryptographically signs the encrypted initial network credentials. The integrated tamper resistant device outputs the encrypted and signed initial network credentials for delivery to the network solution provider.

Abstract: In an aspect, an integrated tamper resistant device generates initial network credentials for accessing a network, wherein the initial network credentials enable the integrated tamper resistant device to be authenticated by a network solution provider before operational network credentials are provided securely by the network solution provider. The integrated tamper resistant device encrypts the initial network credentials and cryptographically signs the encrypted initial network credentials. The integrated tamper resistant device outputs the encrypted and signed initial network credentials for delivery to the network solution provider.

Abstract: A method of authenticating software of a peripheral device may include obtaining, with a secure processor, a cryptographic key for a peripheral device; storing, on the secure processor, the cryptographic key for the peripheral device; sending, by the secure processor, the cryptographic key to the peripheral device; obtaining, by the secure processor, a software for the peripheral device; authenticating, by the secure processor, the software of the peripheral device to provide authenticated software; and sending, by the secure processor, the authenticated software to the peripheral device based on the cryptographic key.

Abstract: Aspects may relate to a device that comprises a storage, an interface, and a processor. The processor coupled to the interface and operable in a secure mode may be configured to: command the transmission of a nonce through the interface to a server over a channel and receive through the interface a response from the server including an identifier and the nonce over the channel, in which, the response is signed with a private key of the server. Further, the processor operable in the secure mode may be configured to: verify the signature with a public key of the server; verify the nonce; store the identifier in the storage; and display the identifier on a secure display to initiate authentication with the server.

Abstract: Aspects may relate to a computing device that comprises a processor operable in a secure mode and a memory. The processor may be configured to: obtain a first layer of graphics that includes image elements; obtain a second layer of graphics that includes image elements; randomly select an image element from the first layer of graphics; randomly select an image element from the second layer of graphics; and compose the selected image elements from the first and second layer of graphics to create a composed random image. Further, the processor may command the memory to store the composed random image.

Abstract: Disclosed is a method for write restricted storage. In the method, a controller maintains an authorization list received over a control path. The authorization list includes at least one authorized data block digest, and each authorized data block digest is based on a corresponding authorized data block. The controller generates a calculated digest for a data block received over a data path. The controller determines if the calculated digest for the data block matches an authorized data block digest in the authorization list. The controller writes the data block to a storage if the calculated digest matches the authorized data block digest in the authorization list.

Abstract: Various embodiments of methods and systems for modification of instructions and/or data associated with one or more boot stages in a boot sequence are disclosed. The authenticity and integrity of the modified instructions and/or data in certain embodiments may be ensured by using a confidential key and a message authentication code (“MAC”) algorithm to generate a MAC output. The MAC output is compared to an expected MAC associated with the modified instructions and/or data. The confidential key is uniquely associated with the system on a chip (“SoC”) or a component of the SoC. In this way, embodiments of the solution guard against unauthorized modification or replacement of the OEM boot instructions.