A security server to validate identity data of computing devices having secure memory devices and track activities of components in the computing devices. The server system is configured to store data representative of a unique device secret sealed in the memory device. The server system can generate a first cryptographic key independently from the memory device generating a second cryptographic key. The memory device uses the second cryptographic key to generate identity data including a message and a verification code generated via cryptographic operations combining the message and the second cryptographic key. The server system can use the first cryptographic key to determine whether the verification code is valid for the message. If so, the security server can generate an activity record associating the activity of the computing device with identifications of respective components of the computing device confirmed via validation of the identity data.