1. Field of the Invention
The present invention relates to the authentication of digital data by an authentication plug-in.
It finds a general application in the authentication of digital data distributed between a plurality of data segments linked to each other in accordance with a selected chaining relationship, in particular segmented digital data files.
It finds a particular application in the authentication of built-in software, for example built-in software in digital television receiver/decoder devices.
2. Description of the Prior Art
Built-in systems such as digital television receiver/decoder devices that require authentication of the software stored in memory in order to combat piracy are known in the art.
In practice, the authentication process uses an authentication library stored in non-rewritable memory and containing predetermined authentication functions.
For example, the authentication library contains signature calculation functions, decryption functions, public decryption keys and functions for verifying that the calculated signature conforms to an encrypted reference signature.
In practice, the encrypted reference signature forms a certificate that is placed in a rewritable and erasable portion of the memory of the receiver/decoder device.
The encrypted reference signature forming the certificate provides some degree of security. However, the use of a single certificate is a problem if the software to be authenticated is made up of a plurality of modules developed by different companies and managing access control, interactivity or other services, for example.
This is because only the holder of the private key is able to encrypt the reference signature, i.e. one of the elements for verifying the authenticity of the certificate.
This leads to conflicts of interest which may in turn lead to blocking that is a problem for the operator of the receiver/decoder device.
Moreover, the authentication library being held in non-rewritable memory, it is not possible to modify the authentication mechanisms on receiver/decoder device platforms that have already been deployed.
The present invention provides a solution to the above problems.