Generating a root key for decryption of a transmission key allowing secure communications
DCFirst Claim
1. Method for generating a root key implemented by a secure module comprising a central unit, a first conditional access memory zone containing all or part of a bootstrap program and at least one second memory zone containing a first portion and a second portion containing all or part of a user program, the method comprising:
- executing an initialisation program from the first conditional access memory zone;
reading and temporarily storing a secret information from the first conditional access memory zone into the first portion of second memory zone during the initialisation of the secure module;
reading all or part of the second portion of the second memory zone;
generating the root key based on an imprint of data of the second portion of the second memory zone and on the stored secret information, the imprint being generated based on the application of a unidirectional function to all or part of the data of the second portion of the second memory zone;
eliminating the secret information from the first portion of the second memory zone after the root key has been generated;
disabling access to the first conditional access memory zone, wherein at the time of execution by the central unit in the second memory zone, no access is granted to the first conditional access memory zonewherein the root key is used to allow decryption of transmission key, the transmission key allowing secure communication between the secure module and a management center.
2 Assignments
Litigations
1 Petition
Accused Products
Abstract
A method is used to restore the security of a secure assembly such as a chip card, after the contents of its second memory zone have been read by a third party. The method is for generating a security key implemented by a secure module comprising a central unit, a first conditional access memory zone and at least one second memory zone containing all or part of the user program. The method includes reading of all or part of the second memory zone, and generation of at least one root key based on all or part of the second zone data and on at least one item of secret information stored in the first memory zone.
-
Citations
12 Claims
-
1. Method for generating a root key implemented by a secure module comprising a central unit, a first conditional access memory zone containing all or part of a bootstrap program and at least one second memory zone containing a first portion and a second portion containing all or part of a user program, the method comprising:
-
executing an initialisation program from the first conditional access memory zone; reading and temporarily storing a secret information from the first conditional access memory zone into the first portion of second memory zone during the initialisation of the secure module; reading all or part of the second portion of the second memory zone; generating the root key based on an imprint of data of the second portion of the second memory zone and on the stored secret information, the imprint being generated based on the application of a unidirectional function to all or part of the data of the second portion of the second memory zone; eliminating the secret information from the first portion of the second memory zone after the root key has been generated; disabling access to the first conditional access memory zone, wherein at the time of execution by the central unit in the second memory zone, no access is granted to the first conditional access memory zone wherein the root key is used to allow decryption of transmission key, the transmission key allowing secure communication between the secure module and a management center. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification