Apparatus and method for signature verification

摘要

A receiver comprises a security processor and a first memory that stores software code or second stage authentication key and a signature for the software or the second stage key. The receiver also stores a plurality of verification keys (PUAK). When the receiver is switched on or reset, the software or second stage key and the signature are loaded from the first memory. The security processor then loads a PUAK and uses it to verify the signature. In case of successful verification, the software code or second stage key is used and the verification method ends; it is then possible to activate CA specific functions in the receiver. However, if the verification is unsuccessful, then it is verified if there are untried PUAKs. If there are no untried signatures, then the verification has failed and the software cannot be verified; the verification method ends. If there are untried signatures, then the next PUAK is loaded.

主权项

1. An apparatus for verifying a digital signature for a digital data, the apparatus comprising:
a first memory configured to store a first verification key; a second memory configured to store the digital data, the digital data comprising at least one of a boot code for the apparatus and a second stage authentication key to be used to further authenticate the digital data; a processor configured to, upon a power up or a reset of the apparatus, receive the digital data and a digital signature, and to verify the digital signature by processing the digital signature with the first verification key; wherein the first memory is further configured to store a second verification key, wherein the first verification key and the second verification key respectively correspond to a key of a first signatory entity and a key of a second signatory entity; and wherein the processor is further configured to verify the digital signature by processing the digital data with the second verification key.