Method of transferring the control of a security module from a first entity to a second entity
First Claim
1. A method comprising:
- transferring the control of a security module from a first entity to a second entity, the security module having a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, said second security domain including both a certificate of a public key of a controlling authority and also a private key of the controlling authority, wherein transferring comprises the following steps performed by the security module;
the second security domain receiving a request to obtain a certificate, the request coming from the second entity;
the second security domain sending said certificate;
the first security domain receiving data from the second entity, which data has been encrypted by the public key certified by said certificate, the data including at least one second secret control key specific to the second entity;
the second security domain decrypting said data;
the first security domain verifying the data; and
if the verification is positive, the first security domain replacing the at least one first secret control key with said at least one second secret control key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for transferring control of a security module from a first entity to a second entity. The security module has a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, the second domain containing a private key and a certificate of a public key of a controlling authority. The method includes: receiving a request to obtain the certificate; sending the certificate; receiving data encrypted by the public key of the certificate, the data including at least one second secret control key specific to the second entity; decrypting the data; verifying the data; and if the verification is positive, replacing the at least one first secret control key by the at least one second secret control key.
-
Citations
11 Claims
-
1. A method comprising:
-
transferring the control of a security module from a first entity to a second entity, the security module having a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, said second security domain including both a certificate of a public key of a controlling authority and also a private key of the controlling authority, wherein transferring comprises the following steps performed by the security module; the second security domain receiving a request to obtain a certificate, the request coming from the second entity; the second security domain sending said certificate; the first security domain receiving data from the second entity, which data has been encrypted by the public key certified by said certificate, the data including at least one second secret control key specific to the second entity; the second security domain decrypting said data; the first security domain verifying the data; and if the verification is positive, the first security domain replacing the at least one first secret control key with said at least one second secret control key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A security module hardware device comprising:
-
a first security domain and a second security domain, said second security domain containing both a certificate of a public key of a controlling authority and also a secret key of the controlling authority, the first security domain being controlled by a first entity by means of at least one first control key specific to the first entity; at least one memory device; and a processing device configured by instructions stored in the at least one memory device to form the following elements; first reception means arranged to receive a request to obtain a certificate coming from a second entity; sender means arranged to send said certificate to the second entity; second reception means arranged to receive from the second entity data that has been encrypted by the public key certified by said certificate, the data including at least one second secret control key specific to the second entity; decryption means arranged to decrypt said data; verification means arranged to verify said data; and installation means arranged to install said at least one second secret control key, the second entity then controlling the first security domain.
-
-
11. A non-transitory data storage medium comprising a program stored thereon for installing in a security module, the program including instructions for configuring the security module to perform steps of a method of transferring control of the module from a first entity to a second entity when the program is executed by a processor, wherein the method comprises:
-
transferring the control of the security module from the first entity to the second entity, the security module having a first security domain controlled by the first entity by at least one first secret control key specific to the first entity, and a second security domain, said second security domain including both a certificate of a public key of a controlling authority and also a private key of the controlling authority, wherein transferring comprises the following steps; the second security domain receiving a request to obtain a certificate, the request coming from the second entity; the second security domain sending said certificate; the first security domain receiving data from the second entity, which data has been encrypted by the public key certified by said certificate, the data including at least one second secret control key specific to the second entity; the second security domain decrypting said data; the first security domain verifying the data; and if the verification is positive, the first security domain replacing the at least one first secret control key with said at least one second secret control key.
-
Specification