BRW, the cloning of the firmware and spoofing the uuid will not work if the server blacklists that uuid. Which it will if more then one device with different ip adresses contact it.
Easily defeated by providing a proxy / gateway server. Then we get into rate detection which gets defeated by caching. Etc.
Gateway is kind of an interesting idea, but ultimately easily detectable. I'd see any amount of abuse on the server side. If one chip was hooked to a machine so as to legit access the server then pass on data for a different series of devices, I'd see too high of usage on that serial, a cool-down for important functions (ones a legit user would only need once or twice anyhow) would fix this at least in a way it wouldn't be profitable to abuse our server. I really think we're in a whole different level of hacker at this point.
Interestingly, same goes for if someone DID hack my ROM. All they would really get is a way to feed my server data (ask my server's public key and be able to package the right data to it, but then all they've done is exactly what the original does), but again, I have all sorts of monitoring and ability to blacklist on the server, plus I'd only ever give the answers to a device, not the equation to generate them.
Honestly I was a little apprehensive about moving my product to an online interface, but now, I just don't see any other secure way (that I can afford).
The interesting theme of this thread is really:
How much do you trust your chip? Some of you guys think decapping and side channel attacks are more difficult than they are. $5,000-$10,000 to pull my stack that will have cost $20,000 is a pretty great deal I think.