A chipset as used in the present invention is a set of electronic circuitry allowing a processor to manage data exchanges between different components of a device or a user unit. The execution of operations at the chipset level aims to prevent all material attack consisting in analyzing the exchanged signals in order to discover the keys specific to the device or user unit. Thereby, the chipset key is not accessible outside the chipset.
In some of the existing secure chipsets, a unique key is introduced in the chipset during manufacturing. The chipset key can be stored in a chipset memory and can be hard coded so that it is not possible to modify this key fraudulently. Additional keys can also be calculated from such a chipset key so that, on the one hand, the hard coded chipset key cannot be modified and on the other hand, different keys could be obtained by modifying the calculation of the key. The calculation of the key could be done by a concatenation, an encryption or any other combination of the chipset key and a number that can be random or not.
All the keys that are introduced later in the chipset or in the device depend one way or another from this initial chipset key. As an example in the field of conditional access TV, the rights that are used to control the access to an encrypted content are encrypted by a decoder key pertaining to this decoder. This decoder key is sent to the concerned decoder encrypted by the initial chipset key. Thus, if the initial chipset key is compromised, the decoder key is also compromised, as well as the content itself.
This initial chipset key cannot be changed during the lifetime of the chipset. Thus, it is important that the chipset key be introduced in a perfectly secure environment. If this chipset key is not introduced under strict security conditions, the security of the chipset and of the user unit cannot be, guaranteed. As the chipset key cannot be changed, if the chipset key is not perfectly secure, it is not possible to enhance the security afterwards.
The initial key is usually introduced at the manufacturing of the chipset or at least has to be known from the manufacturer. However, this key should be activated if specific conditions are fulfilled in particular with regard to the configuration of the chipset. In practice, immediately after the manufacturing of the chipset or during its manufacturing, configuration tests must be passed by the chipset to check if the configuration corresponds to specific requirements, in particular requirements related to security issues. These configuration tests are carried out by the chipset manufacturer which is the only one who can control them. It is thus possible that the initial key is activated although not all the configuration tests were successful. Failure to comply with all the requirements can be made fraudulently or by mistake and can lead to security breaches. In any case, there is no solution for preventing such an incorrect activation of the key if all tests were not passed. In such a case, the security of the user unit cannot be guaranteed.
In the secure chipsets of the prior art, as the configuration tests can be carried out only by the chipset manufacturer, either the tests are passed and specific functions are activated or the tests are not passed and the corresponding functions are not activated. It is not possible to add new features once the manufacturing process is completed.
The U.S. Pat. No. 5,883,956 describes a secure processing unit (SPU) in which functions can be dynamically configured after the chipset has been installed in a device, said device being at a user's premises. A trusted authority reconfigures the secure processing unit, using a capability table and a digital signature. Said capability table is formed in a headend and is hashed to obtain a message digest. The message digest is encrypted with the private key of the secure processing unit to obtain a signature. The capability table and the digital signature are sent to the intended secure processing unit. In the SPU, the message digest is decrypted with the trusted authority public key.
In this secure device, a private key is required to exchange data between the headend and the secure processing unit. This private key is either introduced in the SPU during the manufacturing or derived from a key that is introduced during the manufacturing. Therefore, if the private key or the key that is derived from that private key is compromised, the rights may also be compromised.
Thus, the solution described in U.S. Pat. No. 5,883,956 provides means for adding or removing rights or functions on a chipset, but the security of the operations on the chipset depends on the security of the initial key. This initial key is set by one entity, usually the manufacturer of the chipset, who can set the key even if all the requirements are not fulfilled. As only one entity sets the key from which all the other keys derive, no other entity can check and confirm that all the requirements are fulfilled.
The publication WO 2006/091304 concerns a system and a method for preparing and transmitting to at least one chipset, keys or rights depending on both a geographic region and a time zone. Said method is used to provide blackout functions. These keys or rights depend on an initial key contained in the concerned chipset. Thus, if the initial key is compromised, the security of the whole chipset is also compromised.