`Case 5:l5—cv—O2008—EJD Document 81-4 Filed 03/29/16 Page 1 of 8
`
`
`
`EXHIBIT 3
`
`EXHIBIT 3
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 2 of 8
`
`US007725740B2
`
`(12) Ulllted States Patent
`Kudelski et a].
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 7,725,740 B2
`May 25, 2010
`
`(54) GENERATINGA ROOT KEY FOR
`DECRYPTION OF A TRANSMISSION KEY
`ALLOWING SECURE COMMUNICATIONS
`
`6,415,371 B1 *
`6,625,729 B1 *
`6,684,326 B1 *
`
`7/2002 Nakamura et a1. ........ .. 711/164
`9/2003 Angelo et a1. ................ .. 713/2
`1/2004 Cromer et a1. ............... .. 713/2
`
`(75) Inventors: Henri Kudelski, Grandvaux (CH);
`Serge Gaumain, Yverdon (CH)
`
`(73) Assignee: Nagravision S.A.,
`Cheseaux-sur-Lausanne (CH)
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 1022 days.
`
`(21) Appl.No.: 10/848,014
`
`(22) Filed:
`
`May 19, 2004
`
`6,907,522 B2 *
`6,920,566 B2 *
`6,938,164 Bl *
`
`
`
`6/2005 Morais et a1. 7/2005 Lewis ............. ..
`
`.
`
`8/2005 England et a1. ........... .. 7l3/l93
`
`6,986,052 Bl *
`
`l/2006 Mittal ...................... .. 7l3/l90
`
`7,013,384 B2 *
`
`3/2006 Challener et a1. ............ .. 7l3/2
`
`7,036,023 B2 *
`
`4/2006 Fries et a1. .................. .. 726/2l
`
`7,069,442 B2 *
`
`6/2006 Sutton et a1. .............. .. 7l3/l79
`
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`Prior Publication Data
`
`EP
`
`0280035 Bl
`
`8/1988
`
`(65)
`
`(30)
`
`US 2004/0236959 A1
`
`Nov. 25, 2004
`
`Foreign Application Priority Data
`
`May 28, 2003
`
`(CH) ................................... .. 0953/03
`
`(51) Int. Cl.
`(2006.01)
`G06F 11/30
`(2006.01)
`G06F 12/14
`(52) US. Cl. ............................ .. 713/194; 726/4; 380/44
`(58) Field of Classi?cation Search ............... .. 713/194;
`726/9; 380/44
`See application ?le for complete search history.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,786,790 A 11/1988 Kruse etal.
`5,067,156 A 11/1991 Martin
`5,177,790 A *
`1/1993 Hazard ...................... .. 380/28
`5,191,608 A
`3/1993 Geronimi
`380/30
`5,201,000 A *
`4/1993 Matyasetal.
`5,774,058 A *
`6/1998 Henry et a1. ............... .. 340/55
`5,944,821 A
`8/1999 Angelo
`6,141,756 A * 10/2000 Brightet a1. ................ .. 726/22
`6,327,652 131* 12/2001 Englandetal. .............. .. 713/2
`
`(Continued)
`Primary ExamineriEdan Orgad
`Assistant Examinerilames Turchen
`(74) Attorney, Agent, or FirmiHarness, Dickey & Pierce,
`P.L.C.
`
`(57)
`
`ABSTRACT
`
`A method is used to restore the security of a secure assembly
`such as a chip card, after the contents of its second memory
`Zone have been read by a third party. The method is for
`generating a security key implemented by a secure module
`comprising a central unit, a ?rst conditional access memory
`Zone and at least one second memory Zone containing all or
`part of the user program. The method includes reading of all
`or part of the second memory Zone, and generation of at least
`one root key based on all or part of the second Zone data and
`on at least one item of secret information stored in the ?rst
`memory Zone'
`
`12 Claims, 1 Drawing Sheet
`
`21
`
`22A
`
`228
`
`MOD
`
`CPU
`
`V
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 3 of 8
`
`US 7,725,740 B2
`Page 2
`
`US. PATENT DOCUMENTS
`
`6/2006 Cheston et a1. ........... .. 713/187
`7,069,445 B2 *
`7,117,376 B2 * 10/2006 Grawrock
`380/277
`2002/0087877 A1* 7/2002 Grawrock ................. .. 713/200
`
`EP
`
`FR
`W0
`
`0 475 837 B1
`
`3/1992
`
`2 829 645
`W0 01/86601 A1
`
`3/2003
`11/2001
`
`EP
`
`FOREIGN PATENT DOCUMENTS
`0 434 551 B1
`6/1991
`
`* cited by examiner
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 4 of 8
`
`US. Patent
`
`May 25, 2010
`
`US 7,725,740 B2
`
`Z1
`
`22A
`
`22B
`
`MOD
`
`CPU
`
`I/O
`
`7.’).
`
`Fig. 1
`
`PA
`
`PI PB
`
`PI PC
`
`DES
`
`Fig. 2
`
`DTA
`
`Z2
`
`Z1
`
`MKl
`
`MK2
`
`V
`
`V
`ENC
`
`RK
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 5 of 8
`
`US 7,725,740 B2
`
`1
`GENERATING A ROOT KEY FOR
`DECRYPTION OF A TRANSMISSION KEY
`ALLOWING SECURE COMMUNICATIONS
`
`The present application hereby claims priority under 35
`U.S.C. §1 19 on Swiss patent application number CH 0953/03
`?led May 28, 2003, the entire contents of Which are hereby
`incorporated herein by reference.
`
`FIELD OF THE INVENTION
`
`This invention generally concerns the domain of security
`modules, preferably those including at least one central unit
`and tWo memory areas.
`
`BACKGROUND OF THE INVENTION
`
`20
`
`Units are used in operations implementing cryptographic
`systems and are given in monolithic form. They are either
`produced on the same silicon chip or they are assembled on a
`support and embedded in a resin or protected by a sheet
`covering the different elements and acting as a fuse in the case
`of an attempted intrusion.
`These security processors have a ?rst memory Zone called
`a bootstrap that is executed during the activation of the pro
`25
`ces sor or at each resetting to Zero. This memory is of the ROM
`type, namely that it is Read Only Memory.
`During the execution of the start-up program, this program
`veri?es the second memory Zone that is of the reWritable type,
`usually of the EEPROM, NVRAM or Flash type. This veri
`?cation is important as it serves to ensure that the data in this
`second Zone is valid, namely that it is de?nitely a program (at
`least in part). This veri?cation can be carried out in various
`Ways such as the calculation of an imprint (CRC, Hash) and
`the comparison of this imprint With a value stored in the same
`Zone.
`Once the master program that has been initially started
`completes its veri?cation, it connects With the second Zone
`and begins the execution of the user program at a conventional
`address.
`The particularity of this type of processor is that at the time
`of the execution of the program in the second Zone, it does not
`have free access to the memory of the ?rst Zone. This access
`is either de?nitively prohibited or is subject to a veri?cation
`mechanism (passWord for example).
`This offers important security because the veri?cation
`means, as Well as the start-up data, are not accessible to the
`user program. All the data contained in the ?rst Zone is thus
`protected from any intrusion.
`It is possible that this ?rst bootstrap Zone, in addition to
`having a part in read-only memory (ROM), includes a reWrit
`able part of memory that is subjected to the same security
`conditions.
`When the ?rst Zone is of a very limited siZe, the execution
`of the veri?cation program can be carried out from the second
`Zone. The latter is divided into a veri?cation part and a user
`part.
`Therefore, the veri?cation of the user program is carried
`out on the basis of the data of the ?rst Zone. Namely, it is
`carried out on the basis of a ?rst key that is generally stored in
`the ?rst Zone and Which alloWs the veri?cation of the data
`imprint of the second Zone.
`The second Zone contains data constituting the program
`and a signature that is encrypted by this ?rst key.
`The veri?cation program that can either be in the ?rst Zone,
`or in a veri?cation part of the second Zone, calculates a unique
`imprint (Hash, CRC) on the data to be veri?ed.
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`To verify that the data is correctly validated, the second
`Zone contains the imprint encrypted by a key that is initially
`stored in the ?rst Zone. This key is used to decrypt the
`encrypted imprint and the result obtained is compared With
`the calculated imprint.
`This key can be in the ?rst Zone either in a de?nitive form
`(ROM) or in the programmed form (EEPROM or Flash for
`example). In this second case, programming is carried out in
`a machine or in an authoriZed centre for example. The pro
`gram of the ?rst Zone accepts this program as long as no other
`key is already found in this memory location.
`This key can be of the symmetrical type and thus secret or
`it can be of the asymmetrical type. In this second variant, this
`key can be found in a memory Zone other than the ?rst Zone
`because even if a third party discovered this key, the third
`party Would not be able to identify a modi?ed data set because
`he must have the corresponding private key to identify the
`data. Obviously, this key is not issued from the management
`centre that is responsible for preparing the updating of the
`data.
`The data of the second memory Zone can represent either
`one or several programs, either important data such as rights
`or decryption keys, or a combination of both.
`One of the knoWn types of attacks used to discover the
`contents of the second Zone is to search a security defect such
`as a memory over?oW that alloWs control to be taken of the
`processor. Once control has successfully been taken, a third
`party transfers the contents of the second Zone toWards the
`exterior and is able to analyse the security mechanism and the
`keys used.
`Using the knoWledge of the contents of the second memory
`Zone, the third party has the keys serving to manage the
`different rights and access to services that control this pro
`cessor.
`Therefore, if a change of keys takes place, managed by the
`management centre, this change command Will be encrypted
`by a key present in the second memory Zone. The third party,
`Who has knoWledge of this key, can decrypt this message and
`also update the contents of this neW key.
`Therefore, it is apparent that While a secure mechanism has
`been used to verify the contents of the program Zone (second
`Zone), once security has been violated, none of the changes
`initiated by the management centre have an effect on security
`because the changing means (neW transmission key for
`example) use keys that the third party already has in his
`possession. He can thus decipher the updating message and
`also change its transmission key. The breach cannot be
`stopped even if the security breach has been corrected in the
`application.
`
`SUMMARY OF THE INVENTION
`
`An object of an embodiment of this invention is to propose
`a method to restore the security of this type of security assem
`bly once the contents of the second memory Zone have been
`read by a third party.
`This aim may be achieved using a method for generating a
`security key carried out by a security module including a
`central unit, a ?rst conditional access memory Zone and at
`least one second memory Zone containing all or part of the
`user program, Wherein it includes the folloWing steps:
`reading all or part of the second memory Zone,
`generation of at least one root key based on all orpart of the
`data of the second Zone and on at least some secret
`information stored in the ?rst memory Zone.
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 6 of 8
`
`US 7,725,740 B2
`
`3
`Therefore, thanks to the generation of this neW root key, it
`Will be possible to secure the replacement of the transmission
`key and in the same Way, of all the keys transmitted subse
`quently.
`It is important that this root key is never constant and must
`for that reason be different from any key stored in the ?rst
`memory Zone such as the factory key. For this reason the root
`key is generated as a variable using the neW data transmitted
`by the management centre.
`In a ?rst version, this neW key is generated Without the data
`of the second Zone necessarily being veri?ed. If this data has
`been modi?ed, the root key Will simply be false and the future
`decryption of a transmission key With this key Will not give
`the correct result.
`This root key thus depends on one hand on the doWnload
`ing or contents of the second memory (or data) and on the
`other hand on a key stored in a location inaccessible to a third
`party
`According to another embodiment, the factory key is
`replaced by a secret program stored in the ?rst Zone that
`calculates, according to a secret algorithm, an imprint on all
`or part of the second Zone data. The manipulation of the data
`(combination, multiplication, division, EXOR etc.) of the
`second Zone according to a particular algorithm alloWs the
`root key to be determined.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The invention Will be better understood thanks to the fol
`loWing detailed description and Which refers to the enclosed
`draWings that are given as a non-limitative example, namely:
`FIG. 1 describes the organization of a secure processor set,
`FIG. 2 shoWs a division of the second Zone,
`FIG. 3 describes the mechanism for generating the root
`key.
`
`DETAILED DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`20
`
`25
`
`30
`
`35
`
`40
`
`In FIG. 1, the module MOD is a secure processor module.
`For this reason, it disposes of at least tWo memory areas
`namely the ?rst Zone Z1 and the second Zone Z2. The ?rst
`Zone is made up of all or part ROM memory and is thus not
`reWritable. It is possible for a part to comprise of memories in
`RAM or EEPROM for variables among other things. This is
`called conditional access due to the fact that it is not freely
`accessible, in particular during the execution of a program in
`the second Zone.
`The second Zone Z2 contains the processing program and
`the data. This Zone is made up of a non-volatile memory but
`With the possibility of Writing such the EEPROM. Zone Z2
`can also contain a volatile memory such as the RAM. In fact,
`this Zone is not generally homogeneous and can comprise
`several memories of the ROM, RAM, EEPROM, NVRAM
`and FLASH type.
`55
`In our example, a ?rst part of Zone 2 called a Work Zone
`Z2A is taken into consideration that serves to carry out opera
`tions related to the generation of the root key.
`User area Z2B is a schematic vieW of the part containing
`the processing program(s). According to the implementation
`method, it is possible to include variables such as security
`keys for example.
`The processor CPU is automatically managed in the ?rst
`Zone Z1 during implementation or resetting. It is at this point
`that the ?rst security operations are carried out.
`These operations use the ?rst memory Zone, but also the
`Work Zone Z2A if necessary. Due to the limited area of the
`
`45
`
`50
`
`60
`
`65
`
`4
`?rst Zone, messages are sent to the Work Zone to carry out the
`calculation of the imprint for example. The routine that alloWs
`the calculation of this imprint can be found in the second
`Zone. Nothing impedes this routine forming part of the data
`that Will be veri?ed. This program is called the system pro
`gram
`The initialisation program launched at the start, calculates
`an imprint on the conventional part of the data to be veri?ed.
`This part is de?ned by pointers contained in the second
`memory Zone. An illustration of the portion mechanism of the
`user Zone Z2B is contained in FIG. 2.
`The taking into account of data forming the imprint can be
`made on all or on a part of the user Zone. In practice, this
`imprint Will preferably be calculated on the program part and
`not on the data part (visualization rights for example) since
`the latter are susceptible to modi?cation during the use of the
`user program. The identi?cation program of the imprint ini
`tialised at the start, calculates the imprint on the conventional
`part of the data to be veri?ed. This part is de?ned by pointers
`contained in the second memory Zone, in particular in the
`portion DES in FIG. 2.
`Within the scope of the invention, this imprint is carried out
`by a unidirectional operation Which is a mathematical appli
`cation H of a source set toWards a destination object, in Which
`each element x of the source set is attributed With an image
`H(x). These functions are particularly useful When they are
`functions of the Hash type, such as that Which is de?ned in
`page 27 of the Work RSA Laboratories’ Frequently Asked
`Questions About Today's s Cryptography, v4.0. Element x
`can be of any length but H(x) is alWays a ?xed length of
`characters, namely a ?xed-siZe string. This type of function is
`dif?cult to invert, that is to say that the knowledge of H(x)
`does not in general alloW the discovery of x. Furthermore, it is
`collision free When it is inj ective, that is to say that H(y):H(x)
`necessarily leads to yq, similarly H(y)_H(x) necessarily
`leads to y_x.
`It is considered impossible to reproduce the same control
`information H as soon as a single value of the set x has been
`modi?ed even if other values are modi?ed With the aim of
`invalidating the modi?cation generated by the ?rst modi?ca
`tion.
`In FIG. 2, the user Zone Z2B in FIG. 1 is divided into
`several portions PA, PB and PC. These portions are not adja
`cent in this example and are separated by portions PI that do
`not affect the calculation of the imprint. The information
`describing these different portions is contained in portion
`DES that also forms part of the user Zone Z2B. It contains the
`indications of memory locations involved in the calculation
`of the control information. These indications can be either in
`the form of a “start pointer” and “length” or “start pointer”
`and “end pointer”.
`Furthermore, it is possible to have not just one but several
`items of control information, each item of information H1,
`H2, Hn is applied on a portion PA, PB or PC. This alloWs the
`generation of not only one root key but several keys.
`In FIG. 1 the I/ O block illustrates the form of communica
`tion toWards the exterior of the module MOD, method(s)/
`device(s) for using the cryptographic functions and the rights
`stored in the memory Z2B. It is also in this Way that the data
`is accidentally extracted from the Zone Z2 by a defect such as
`that described previously.
`In FIG. 3, the generation of the root key is schematiZed.
`The data DTA that, according to the example in FIG. 2, is
`made up of portions PA, PB and PC, serves to calculate With
`the processor the imprint that is in our case control informa
`tion Hash. To calculate the root key RK, this control informa
`tion H and a factory key MK2 are used to obtain the root key
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 7 of 8
`
`US 7,725,740 B2
`
`5
`RK by the intermediary of an encryption module ENC. This
`secret key Will be of the symmetrical type (or used symmetri
`cally by the managing centre) since in the contrary case it
`Would not be the same resultant root key in the managing
`centre and in the module MOD.
`It should be noted that if the contents of the user part Z2B
`already have an established imprint When the conformity of
`the program stored is veri?ed, it is possible to use the imprint
`in place of the control information H. The important factor in
`this operation is the use of data that represents all orpart of the
`data DTA. In a variant, it is possible to select one from three
`octets, for example, to identify the data that Will be encrypted
`by the factory key MK2.
`According to another embodiment, the factory key is
`replaced by a secret algorithm (RTN) that is stored in the ?rst
`Zone Z1. The algorithm can be copied from this ?rst Zone
`toWards the Work Zone Z2A during the initialisation phase if
`necessary.
`According to a particular method this algorithm combines
`all or part of the data DTA in order to obtain a unique result
`depending on the data. This combination can implement dif
`ferent arithmetical operations such as multiplication, Exor
`etc.
`Once this root key has been calculated, it is stored in a
`memory Zone of the second Zone Z2.
`The location of the execution of these method steps is not
`identi?ed. The program in the bootstrap Zone can simply copy
`the factory key in a temporary memory Zone and the root key
`generation program, called the system program, can be con
`tained in the Work Zone Z2A. The important factor is the
`storage of this factory key in the ?rst Zone Z1 in order to
`render it inaccessible during the normal execution of the user
`program.
`Once the root key has been generated, the factory key is
`eliminated from the temporary memory.
`According to one of the practical applications, the manage
`ment centre that is responsible for security, prepares neW
`softWare in order to avoid a knoWn defect such as an attack by
`a counterfeiter aiming to extract the data of the Zone Z2. This
`neW softWare is signed, that is to say that the Hash function is
`calculated on the data and the result is encrypted With the
`private key MK1.
`All is then encrypted by transmission keys and transmitted
`in the form of messages to security modules MOD.
`The program existing in the user Zone Z2B processes the
`incoming data and decrypts the messages by Way of one or
`several system transmission keys. The data is then stored in
`locations provided for that purpose. Once this doWnloading
`has been completed the processor activates a re-start function.
`This alloWs all the neWly stored data to be veri?ed.
`This veri?cation in general refers to the set of stored pro
`grams and the veri?cation is carried out according to the steps
`described above. If the hypothesis of a third party With an
`insecure module MOD is considered, the ?rst memory Zone
`Z1 does not exist (or is blank) and the processor immediately
`starts in the second Zone Z2. The neW program received from
`the management centre is decrypted by the third party and the
`user Zone is therefore identical to that of a secure processor
`With double memory Zones.
`During the start-up of the secure processor, the root key is
`generated and is used to decrypt the neW transmission key.
`The ?ctitious module does not have this root key and cannot
`decrypt the transmission key. At this point, the messages
`exchanged betWeen the management centre and the security
`module are no longer accessible to the ?ctitious module. If the
`latter attempts to rediscover the root key by Way of an attack
`of the type that Would alloW it to obtain the contents of the
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`second Zone, this attack Would no longer Work since the aim
`of this neW softWare is precisely to avoid this type of fraud.
`The secure module rediscovers the security level preceding
`the attack that had alloWed the data extraction.
`Therefore, this method alloWs a security defect to be rec
`ti?ed remotely and the original security to be reset Without
`having to exchange all the modules as Was often the case.
`As indicated above, access to the ?rst Zone Z1 is carried out
`at the start-up of the microprocessor or after a veri?cation
`mechanism. During the scenario described above, it is pos
`sible not to activate the resetting of the microprocessor and
`request access to the ?rst Zone by means of a gateWay. Once
`the entrance has taken place by Way of this requested gateWay
`(by the introduction of a passWord for example), the execu
`tion of the program is no longer visible since the second Zone
`is thus unknoWn to a third party having recopied this Zone.
`The program initiated in this Way starts the generation of the
`root key.
`The conditional access memory Zone Z1 cannot supply the
`necessary secret data to form the root key. In this con?gura
`tion, the program of the user Zone Z2, only has access to the
`?rst Zone Z1 to read the data for the calculation of the root key.
`During these operations, the visibility duration of the ?rst
`Zone Will be limited to the time necessary for reading, this
`Zone Will then be made inaccessible.
`According to one embodiment, the factory key makes a set
`of keys. At each generation of a root key, a factory key is
`deactivated. The selection of the key to be used can be carried
`out in different Ways, namely:
`on the command of the management centre, that is to say by
`a descriptor in the de?nition data DES,
`by using the n last bits of the imprint (for example 3 bits)
`that alloWs the bits to choose from among the keys (for
`example 8 keys) stored.
`A storage medium is adapted to store information of any of
`the aforementioned programs and is adapted to interact With
`a data processing facility (such as a computer or computer
`device) to perform the method of any of the above mentioned
`embodiments. The storage medium can be offered to the user
`in the form of a computer-readable storage medium. The
`storage medium may be a built-in medium installed inside a
`computer main body or removable medium arranged so that it
`can be separated from the computer main body. Examples of
`the built-in medium include, but are not limited to, reWrite
`able involatile memories, such as ROMs and ?ash memories,
`and hard disks. Examples of the removable medium include,
`but are not limited to, optical storage media such as CD
`ROMs and DVDs; magneto-optical storage media, such as
`MOs; magnetism storage media, such as ?oppy disks (trade
`mark), cassette tapes, and removable hard disks; media With
`a built-in reWriteable involatile memory, such as memory
`cards; and media With a built-in ROM, such as ROM cas
`settes.
`Exemplary embodiments being thus described, it Will be
`obvious that the same may be varied in many Ways. Such
`variations are not to be regarded as a departure from the spirit
`and scope of the present invention, and all such modi?cations
`as Would be obvious to one skilled in the art are intended to be
`included Within the scope of the folloWing claims.
`
`What is claimed is:
`1. Method for generating a root key implemented by a
`secure module comprising a central unit, a ?rst conditional
`access memory Zone containing all or part of a bootstrap
`program and at least one second memory Zone containing a
`?rst portion and a second portion containing all or part of a
`user program, the method comprising:
`
`
`
`Case 5:15-cv-02008-EJD Document 81-4 Filed 03/29/16 Page 8 of 8
`
`US 7,725,740 B2
`
`7
`executing an initialisation program from the ?rst condi
`tional access memory Zone;
`reading and temporarily storing a secret information from
`the ?rst conditional access memory Zone into the ?rst
`portion of second memory Zone during the initialisation
`of the secure module;
`reading all or part of the second portion of the second
`memory Zone;
`generating the root key based on an imprint of data of the
`second portion of the second memory Zone and on the
`stored secret information, the imprint being generated
`based on the application of a unidirectional function to
`all or part of the data of the second portion of the second
`memory Zone;
`eliminating the secret information from the ?rst portion of
`the second memory Zone after the root key has been
`generated;
`disabling access to the ?rst conditional access memory
`Zone, Wherein at the time of execution by the central unit
`in the second memory Zone, no access is granted to the
`?rst conditional access memory Zone
`Wherein the root key is used to alloW decryption of trans
`mission key, the transmission key alloWing secure com
`munication betWeen the secure module and a manage
`ment center.
`2. Method according to claim 1, Wherein the secret infor
`mation is a factory key.
`3. Method according to claim 1, Wherein the secret infor
`mation is an algorithm describing the use of data to generate
`the root key.
`4. Method according to claim 1, Wherein the method fur
`ther includes calculating at least one item of control informa
`
`20
`
`25
`
`30
`
`8
`tion representative of all or part of the data of the second
`memory Zone, this control information being used for the
`generation of the root key.
`5. Method according to claim 4, Wherein the control infor
`mation is calculated based on a function (Hash) called unidi
`rectional and Without collision, executed on all or part of the
`data of the second memory Zone.
`6. Method according to claim 1, Wherein the second
`memory Zone further includes a description part including a
`location of one or more portions of the second memory Zone,
`Where the portions of the second memory Zone are used in
`calculating control information.
`7. Method according to claim 6, Wherein this description
`part includes a plurality of location information for each part
`of a user memory Zone corresponding to partial control infor
`mation.
`8. Method according to claim 2, Wherein the factory key is
`of a symmetrical type.
`9. Method according to claim 1, Wherein the second
`memory Zone includes a Veri?cation Zone and a user Zone,
`programs contained in the Veri?cation Zone being in charge of
`the Veri?cation of the data in a user Zone, the program system
`of the ?rst Zone transferring the necessary data from this ?rst
`Zone toWards the Veri?cation Zone.
`10. Method according to claim 9, Wherein the secret infor
`mation is a factory key copied from the ?rst conditional
`access memory Zone toWards the Veri?cation Zone by a sys
`tem program.
`11. Method according to claim 10, Wherein the factory key
`is eliminated When the root key is generated.
`12. Method according to claim 1, Wherein the root key is
`used as a transmission key to decrypt messages originating
`from a management centre.
`
`*
`
`*
`
`*
`
`*
`
`*