| 摘要 |
Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application. |
| 主权项 |
1. An authentication method of at least one application working in a Pay-TV decoder connected by a network to a control server, said Pay-TV decoder being locally connected to a security module, said application being at least one of loadable and executable via an application execution environment of the Pay-TV decoder and the at least one application being configured to use resources stored in the security module, the method comprising:
receiving by the control server, via the network, identification data including at least an identifier of the Pay-TV decoder and an identifier of the security module; analyzing and verifying, by the control server, said identification data and, based on the analysis and verification, the control server creating a protection profile defining resources of the security module that can be used by the at least one application, the protection profile being created based on at least one of,
an updating of a version of a software installed in the Pay-TV decoder,a downloading of a new application in the Pay-TV decoder,an updating period of the protection profile,a number of connection of the Pay-TV decoder to the network, anda technology used for accessing the network; generating, by the control server, a cryptogram, the cryptogram including a digest of the at least one application, the identification data, the protection profile and at least one of an identifier of the at least one application and an identifier of security module resources; and transmitting the at least one application and the cryptogram by the control server, via the network and the Pay-TV decoder, to the security module, wherein, when the at least one application and cryptogram are transmitted at a same time, the method includes,
verifying, by the security module, the at least one application by comparing the digest extracted from the received cryptogram with a digest determined by the security module, the verification occurring periodically at a rate given by the control server, during at least one of a first initialization of the at least one application, a first use of the at least one application, and each initialization of the at least one application, the security module performs at least one of releasing and blocking access of certain resources of said security module to the at least one application based on the received protection profile, andwhen the at least one application and the cryptogram are not transmitted at a same time, the method includes,requesting by the at least one application, once loaded into the Pay-TV decoder from the control server via the network, the cryptogram from the server at the time of an initialization of the at least one application and transmitting the cryptogram to the security module, a confirmation message of acceptance or refusal of the cryptogram being transmitted by the security module to the server via the at least one application; and performing the verifying by the security module when the cryptogram is accepted. |
