| CPC H04L 9/088 (2013.01) [G06F 21/606 (2013.01)] | 20 Claims |
|
1. A method, comprising:
establishing, by a first computer system with a client computer system having a memory device, a secure authenticated connection, wherein the memory device is configured as part of the client computer system to at least store software running in the client computer system, wherein the memory device is further configured to store a unique device secret that is inaccessible from outside of the memory device after completion of manufacture of the memory device, wherein the unique device secret is never sent from the memory device to any device external to the memory device, and wherein a cryptographic key derived at least in part from the unique device secret is never sent from the memory device to any device external to the memory device;
receiving, in the first computer system over the secure authenticated connection from the client computer system, a request about the memory device remote from the first computer system;
determining, based on data stored in the first computer system, that the client computer system is eligible to operate the memory device; and
communicating, by the first computer system, with a second computer system secured behind the first computer system to generate a response to the request using at least the cryptographic key stored in the second computer system in association with an unique identification of the memory device, wherein the memory device is configured to control access to the memory device by the client computer system based on the cryptographic key, wherein after the response is generated and communicated to the client computer system the access to the memory device is permitted without communications between the client computer system and both of the first computer system and the second computer system.
|