There are known applications which can be used in the device after an access right has been acquired for the application. In systems of prior art, such an access right can be acquired, for example, in such a manner that the user loads an application via a data network into the device. In the same context, the user gives his/her contact data, wherein the application provider sends information necessary for opening the access right, for example via mail. The user can pay for the access right of the application advantageously in connection with the loading by giving his/her credit card number. Thus, the payment is charged through a credit card company. On the other hand, the payment can also be made in cash on delivery, wherein the user makes the payment when he/she claims the access right data sent via mail. It is possible to start using the application after the user has entered the access right data he/she has received. Such data may include, for example, a user identification and a password, a registration code, etc. Advantageously, the access rights contain information on the identification of the user's device or other individualizing information, by means of which different users are prevented from using the same application with the access rights of one user.
As electronic devices are becoming more versatile, a need has arisen to protect certain functions of the electronic devices in such a manner that access to the functions can only be attained through authorized programs. For example, mobile phones have been developed into communication devices suitable for versatile data processing, in which it is also possible to execute programs other than those necessary for implementing phone calls. It is also possible to install new programs in such devices afterwards, and to update already installed programs with newer versions. However, for example mobile phone functions require certain security that not just any program can, for example, determine information stored on the SIM card or make phone calls to the mobile communication network with counterfeit identification data so that another mobile subscriber is charged for the calls. In a corresponding manner, in devices containing for example functions relating to monetary transactions, such as the use of the device as a means of payment, it must be secured that a defective or unauthorized program is not allowed to affect the monetary transactions or to change for example the data on the amount of money stored in the device. Furthermore, the use of some digital recordings in the device may involve limited access rights. For example, the user has subscribed to music, software or other digital recordings and installed them in his/her device. In some cases, the access rights of such digital recordings is limited; for example, the digital recording can only be installed in a given device, the number of times or duration of use of the digital recording may have been limited, or a payment must be made, for example, for each time when the digital recording is used. For situations of the above kind, the software of the device is provided with a protected part in which the necessary safety checkings and functions relating to encoding and decoding are executed. Furthermore, such devices typically contain an operating system which is used e.g. for controlling the functional blocks of the device and for transmission of data between different blocks. An interface is implemented for the transmission of information between the operating system and the protected part. For example, an encrypted message received in the device is transferred to the protected part for decryption, after which the decrypted message can be transferred to the operating system for further processing.
The programs to be executed in the device can be divided into various levels of access rights. The programs can be divided, for example, into such programs which do not have any access right to functions requiring safety, and into such programs which have the possibility to process at least some of the functions requiring safety. Thus, when the program is started, the operating system or the protected part checks the access rights of the programs and prevents or allows the access of the program to certain functions. The act of determining the access rights may be based, for example, on the origin of the program, wherein it is possible to provide, for example, a program produced by the manufacturer of the device with wider access rights than a program produced by a third party. On the other hand, for example the manufacturer of the device can provide a particular program manufacturer with wider authorizations (greater reliability) than others, wherein it is possible to provide programs of more reliable program manufactures with more access rights than programs having a lower or undetermined manufacturer reliability level.
At present, keys for different uses have been stored in many devices. The keys can be used, among other things, to validate information, to check access rights, to authenticate software, and to encrypt and decrypt information. Such keys may have been stored either in such a part of the device to which ordinary software has no access, or the keys have been stored in encrypted format, wherein the program using the key comprises another key for decrypting this key. Thus, this second key must be stored in a memory which is inaccessible by ordinary programs.
One problem in the devices of the above kind is that in the development of new programs or in the further development of existing programs, it should be possible to test the programs in an environment which is as authentic as possible. The program to be tested should also have the necessary keys available. With the tools used for testing the program, such as a debugger program and/or device, it is possible to examine such areas of the device which contain information to be kept secret, such as the above-mentioned keys. Part of this information may be such that its disclosure is not very harmful. However, a part is likely to contain such keys which must remain inaccessible even in a test situation. These keys relate, for example, to various payment applications, the management of access rights to digital recordings (DRM, Digital Rights Management), the transmission of confidential information in encrypted format, and other corresponding functions.
In some arrangements of the prior art, at least all the important keys to be kept secret have been replaced with test keys which are deleted after the use. In this way, the programs can be tested by using these test keys. However, the test keys must be replaced with new keys in the device after the testing has been completed.