FR2892259A1 - Conditional access system for use in television multimedia service access field, has segmenting module segmenting entitlement management message into sequence, and concatenation module concatenating segments for reconstituting message - Google Patents

Abstract

The system has a terminal (52) including a reception module (521) receiving a signal comprising entitlement management messages (EMM) for controlling specific access. A transmission module (522) transmits the messages to a security processor (53) of a chip card. A segmenting module (523) segments each EMM message into a sequence (54) comprising several segments. A concatenation module (532) of the processor concatenates the received segments for reconstituting the EMM message comprising a signature generated using a private key. Independent claims are also included for the following: (1) a terminal of a conditional access system including reception and transmission modules (2) a security processor of a conditional access system including a concatenation module (3) a conditional access method implemented in a conditional access system (4) a signal comprising an entitlement management message (EMM) that contains a control for selecting a symmetric or asymmetric cryptographic functioning of a conditional access system.

Description

Improved conditional access system for increased security

  The present invention is in the field of access to multimedia television services. The content protection solutions concerned are access control systems or "CAS" ("Conditional Access Systems") in the context of connected or broadcast networks (television networks broadcast by satellite, on the Internet, or other). This invention aims to improve the security of the content protection system, particularly by preventing an unauthorized third party from generating content access rights management messages and / or cryptographic secrets to a receiving system. . The present access control systems operate according to the architectural principles and kinematics illustrated in FIG. 1. The protection of a program (or a program component) during its transport and the control of its access by a subscriber implement, on the one hand, a program scrambling / descrambling function (11a, 11b), on the other hand, a subscriber access authorization control function (10, 12, 13, PS) relying on a distribution of access titles managed remotely by the operator The following describes the general principles of scrambling: scrambling 11a makes the program unintelligible during its transport, when it can be picked up without restriction Various scrambling / descrambling solutions can be implemented These are proprietary or standardized encryption / decryption algorithms, chosen according to the context In order to make the scrambling impredict and therefore fortuitous descrambling is almost impossible, the encryption / decryption algorithms use a key commonly called "control word" or "CW" below (for "Control Word"). It is customary to modify the value of the control word randomly, according to variable strategies chosen according to the context. For example, a control word can be modified every ten seconds, in a conventional manner, in broadcast television or, in the extreme, in each film only in particular in context of video on demand (or "Video On Demand") with particularization individual per subscriber.

  The conditional access system may not include a scrambling / descrambling solution, but may still be compatible with a scrambling solution as long as it can be initialized by a control word. The access control procedure for scrambling / descrambling is described below. The implementation of the scrambling / descrambling particularized by dynamic control word requires that the scrambler and the descrambler are synchronized with precision as to the value of the current control word and as to the moment of the change thereof . In addition, the control by the operator of access to a program by a user is made by conditioning access to the control word to the availability of a "commercial" authorization. The operator attaches to the program an access condition which must be fulfilled by the subscriber in order to descramble this program. The transmission of the control words and the description of an access condition may be two of the functionalities of a conditional access system. They are materialized by specific access control messages, called "ECM" messages (for "Entitlement Control Message"), calculated by an operating subsystem 10 of FIG. 1, and intended to be processed by the user. PS security processor of the terminal part, typically the subscriber's smart card. In the terminal part, an ECM message is checked as to its security and the access condition is compared to the access credentials present in the non-volatile memory of the security processor. If the security processor holds an access ticket satisfying the access condition, it restores the CW control word by decryption and provides it to a terminal (commonly called a "decoder", by abuse) available to a user, thus allowing the o descrambling 11 b. The management of access titles is described below. The subscriber can satisfy a condition of access to a program if he has an access title corresponding to this condition, for example a title is subscription, the reference of a program acquired in advance or in real time, or whatever. Other criteria may be involved in the subscriber's satisfaction with a condition of access, such as the possession of a particular geographical reference, the respect of a moral level, or other. The access titles or the means of acquiring them (such as purchase tokens) are remotely managed and registered by the operator in the non-volatile memory of the subscriber's security processor. The remote actions by the operator on the access titles of a subscriber constitute a third set of functionalities of the conditional access system of FIG. 1. They are materialized by specific access control messages, called "EMM" messages (for "Entitlement Management Message"), calculated by the "Management" subsystem of Figure 1, and processed by the PS security processor of the terminal part.

  Of course, an access control system as described above only fulfills its role if it is not compromised or diverted. In particular, the messages intended for the reception system (ECM and EMM messages) must only be generated and exploited by devices duly authorized by a service operator. This fundamental restriction is ensured by the module 13 of FIG. 1, protecting the messages intended for the reception system by cryptographic modalities guaranteeing the integrity of these messages, their authenticity and the confidentiality of the sensitive data that they can carry. In particular, authenticity and integrity of messages are protected by associating each message with its own cryptographic redundancy. These cryptographic methods implement specific algorithms parameterized by keys. Changing key values is a complementary way to enhance system security. The update of these keys is ensured by EMM management messages specific to security. The processing of the EMM messages by the receiving system is described below. The majority of operational solutions for access control systems rely on a two-part reception system. A terminal part (comprising a receiver called here "terminaf") provides in particular: o the reception of the signal containing in particular the service chosen by the user, o its demultiplexing, o the descrambling of the components of the chosen service, and 25 o their A security processor PS, which is frequently embodied by a smart card, supports the access control functions with the associated cryptographic processing, and in particular the security processor processes the EMM and ECM messages. : to control the access to the services, - to memorize, to manage and to check the rights of access to these services, to memorize, to manage and to exploit the cryptographic secrets and to apply to the received messages the cryptographic treatments and controls of security. the smart card can communicate via an interface known per se, for example in accordance with ISO 7816. In this architecture, some Access control functions can be handled by the terminal in collaboration with the security processor. These include ECM and EMM message selection functions to be processed, user dialogue functions and communication with the descrambler. This architecture context, in which the present invention is placed, also applies when an external decoder access and descrambling module is used, such as in accordance with the standard interface module defined by DVB according to the standard. European EN50221. In what follows, such a module is considered to be part of the terminal.

  In the state of the art of conditional access systems, the cryptography chosen to protect the ECM and EMM messages is in the majority of cases a symmetric cryptography. In particular, for the redundancy that guarantees the integrity and authenticity of a message, the main characteristic of this cryptography is that the same key value is used to generate the redundancy on transmission and to verify it in the same way. security processor. Thus, a malicious user who knows the syntax of EMM messages and who would know the key in his card could generate his own EMM messages himself.

  The choice to apply to EMM messages symmetric cryptography was initially chosen because its level of security was considered sufficient, and it allowed a more economical implementation in terms of resources consumed (computing power and memory space).

  This choice nevertheless constitutes a security weakness. It does not prevent one of the modes of piracy of access control systems consisting in providing users with the means to have valid EMM messages destined for their reception system, essentially for fraudulently registering rights in their card. official chip. Thus, it is desirable to be able to implement cryptography resistant to this type of diversion.

  In addition, the EMM messages are short messages, typically less than 255 bytes. This is a common limitation in various chip interface specifications or standards, such as ISO 7816-3 (although the 7816-4 standard removes this restriction by a specific logical level). This limited length is compatible with the features, usually simple, carried by an EMM message. This length limit is on the other hand compatible with symmetric cryptography which generates redundancies of a few bytes. Since it is desired to apply to the EMM messages more powerful security mechanisms such as a signature that can occupy several tens, or even a few hundred bytes, or enrich the functionality of the EMM messages, which results in the two cases by increasing the length of the message, the limit to 255 bytes commonly imposed by the various interfaces standardized to these messages becomes binding. Thus, it is furthermore desirable to be able to implement protocols capable of transferring EMM messages of great length to the smart card. In addition, a conditional access system generally applies a single cryptographic solution. This restriction induces heavy operating constraints when it comes to changing the cryptographic solution during a transitional period, especially when it is necessary to coexist for a certain time on a fleet of smart cards the two cryptographic solutions, one symmetrical, the other asymmetrical, while guaranteeing the irreversible transition to the new solution. Thus, it is desirable to be able to implement a mechanism allowing a gradual, controllable but irreversible transition of each security processor from one cryptographic system to another. The present invention improves the situation. An object of the present invention is to provide a coherent functional set applied to the EMM messages transiting between a terminal and a smart card and capable of both: - to ensure a resistant cryptography, to transfer to the smart card EMM messages of great length, to ensure a gradual transition from one cryptographic system to another.

  To this end, it proposes a conditional access system comprising: a terminal receiving a signal comprising specific access control EMM messages and a security processor cooperating with the terminal to process said EMM messages. In this system, the terminal: • splits each EMM message into a succession comprising one or more segments, • and transmits each segment to the security processor, and the security processor concatenates the received segments to reconstruct the EMM message to be processed.

  Advantageously, the EMM messages received by the terminal are protected in asymmetric cryptography, the implementation of the invention making it possible to transmit a large signature (in asymmetric cryptography) from the terminal to the processor, in successive segments, each segment. comprising at most a limit number of bytes, in a realization to advantageous. Preferably, the terminal transmits the segments with a position indicator of the segment in the aforementioned succession, this indicator making it possible to identify, for example, at least: a segment corresponding to a complete EMM message, and a segment corresponding to a fraction only of an EMM message, and, in the latter case, to identify, again in an exemplary embodiment, at least: - a segment corresponding to an EMM message start, - a segment corresponding to an end of an EMM message and an intermediate segment in said succession of segments. Other features and advantages of the invention will appear on examining the detailed description below, and the appended drawings in which, in addition to FIG. 1 described above: FIG. 2 schematically represents the fields of a EMM message, FIGS. 3A and 3B illustrate the transmission to a security processor respectively of a short EMM message without fragmentation into segments and a long EMM message with fragmentation into segments, FIG. 4 illustrates the steps of a method advantageous for the irreversible locking of the asymmetric cryptographic access system; FIG. 5 diagrammatically illustrates a conditional access system within the meaning of the invention. The object of the invention is to prevent hackers from calculating valid EMM messages to an official receiving system, in particular rights registration EMM messages, whether in response to a situation of piracy proven, or a priori, to prevent such a situation of piracy. The improvement proposed by the invention, based on the exploitation of new 1s modes of calculation and taking into account of the EMM messages, applies a passage, for example irreversible, of the initial processing mode of the EMM messages, identical to a mode conventional of the prior art, to a new mode within the meaning of the invention. This passage consists itself in the combination of: - a change in the operating mode of the security processor, 20 - the activation at the head end of the new mode of calculating the EMM messages, - and its taking into account automatic by the receiving system.

  The proposed improvement can be implemented: advantageously in the event of piracy of the system by providing the users of the means with valid EMM messages to their reception system, more advantageously, before an occurrence of the piracy above, but after an operation of the system, io even more advantageously, before the system is put into operation, that is to say during the personalization of the cards (during the production phase of the system) .

  The new mode of calculating the EMM messages is preferably based on the signature of the EMM messages by an asymmetric cryptographic algorithm. In such an algorithm, the signature of the message is calculated by means of a key (owned by the only head of the network, and called "private"), different from the so-called "public key", necessary for its verification (which must therefore to be available to the security processors of receiving receiving systems). In other words, in such a context, the knowledge of the contents of the security processor, including public service keys that it can hold, does not allow the hacker to calculate valid EMM messages for modifying this content, and in particular for register rights is usurped. Since the size of such a signature may be of the order of forty or more bytes, that of the resulting EMM messages may exceed the limit of 255 bytes. This is called "long" EMM messages, whose size exceeds this limit.

  For long EMM messages, which were not treated in the prior art, provision is then made for: a splitting of the EMM message by the terminal, so as to submit it in segments to its security processor; and a chaining of the segments resulting from the above fractionation by the terminal, so that the security processor can reconstitute the original EMM message prior to its processing, this processing itself nevertheless remaining similar to the conventional treatments of the prior art .

  Exemplary embodiments are described below.

  In the following description, it is placed in the context of hacking of the access control system, in which hackers have succeeded in: s - knowing the messaging implemented by the access control system; and knowing how to read the contents of a system smart card. In the prior art, the smart card implements a single cryptographic system and a conditional access message EMM is usually: protected in symmetric cryptography, with a maximum length of 255 bytes; - When received, transmitted without being split by the terminal to the card, and directly processed by the card. More particularly, the symmetrical nature of the cryptography usually applied implies that an EMM access message: at the head of the network, is the object of the calculation of a cryptographic redundancy using a secret key KS own in the service ; and, in the map, its cryptographic redundancy is verified using the same secret key K. In the piracy situation mentioned above, it is assumed that the hackers can read the contents of the smart card, in particular, the key KS necessary for calculating the cryptographic redundancy of a rights registration EMM 25 whose syntax they know. They are therefore able to autonomously calculate such an EMM message.

  The improvement proposed in the sense of the present invention is based on the ability of the smart card to support two cryptographic systems and it allows to pass irreversibly (of course for a security reason) from one to another, that is to say, the conventional mode of taking into account the EMM messages explained above, the mode in the sense of the second invention described below.

  After passing the system to the new mode of taking into account these messages, a conditional access message EMM: 10 is protected in asymmetric cryptography, that is to say, in particular: • at the head of the network, it is the subject of the calculation of a signature using a private key KPR specific to the service, • and in the card, its signature is verified by the public key Kpu associated with the private key KPR, 15 • the keys KPR and KPU being different, in particular the private key not being deductible from the public key; - may be longer than 255 bytes; - can be split by the terminal into segments of 255 bytes, except possibly the last segment (less than 255 bytes); 20 may be submitted to the map in segments (the segments from the splitting above), each segment having a mention indicating that it is: o either the first and last segment (a single segment simply corresponds to the EMM message itself ) O the first segment of the splitting of the original EMM message o either an intermediate segment of the splitting of the original EMM message o the last splitting segment of the original EMM message; can be reconstructed by the card by concatenation of the segments received from its previous split; can finally be processed by the card. It will be noted here that asymmetric cryptography, although advantageous in the context of the invention, is not the only possible embodiment. It may indeed be desirable to process long EMM messages in a protection context by simply symmetric cryptography. In the piracy situation mentioned above, the hackers could therefore read in the card only the public key Kpu, which does not allow to find the private key KPR required to calculate the signature of a registration message 15 EMM rights. This signature can only be generated at the head of the network, which alone has the private key KPR. If they therefore remain, by hypothesis, able to read the contents of the card, the information read, nevertheless, are insufficient to allow them to calculate messages for modifying this content. Some particular embodiments are described below. With reference to FIG. 2, an EMM message includes the following functional fields: ADDRESS: address of the terminal part, typically of the security processor, concerned by the EMM message (the message can be addressed to a terminal part, to several terminal parts of the same group, to all terminal parts, some parts of the address can be made confidential by specific encryption), 20 • SOID: identification of the cryptographic context applied to the EMM message (this parameter specifies in particular the key system implemented in the cryptography applied to the message, indicating the keys used and where to find them), • PARAM: set of parameters transported by the EMM message (these parameters are representative of the role assigned to the EMM message such as the inscription and the key update, registration, erasure and law update, private data management, or others), • RE DUND: cryptographic redundancy of the EMM message. A preferred implementation of the functional parameters above, including the parameters present in PARAM, is the combination of these parameters by structure "TLV" (for "Type ù Length - Value"). These parameters can be in an order depending on the implementation chosen.

  In addition, all or part of the set of parameters PARAM can be confidential by encryption, according to implicit terms or defined in PARAM or in SOID. In the case of the proposed method of asymmetric signature cryptographic redundancy, within the meaning of the invention, the organization of the EMM messages as described above remains unchanged: • ADDRESS: no modification 25 • SOID: the identification of the cryptographic context further specifies which are and where are the keys used in the message, including the key used for the signature. However, it is indicated here that the robustness of the asymmetric cryptography can dispense with having several public keys necessary for the verification of the signature, in which case the designation of the signature key in the SOID context can be implicit. The cryptographic context then specifies only the other keys used in the message (encryption for confidentiality), which induces no change in the structure of the SOID parameter compared to the previous situation. • PARAM: no modification • REDUND: no functional modification, only the value and the length of the redundancy are different because generated by a different algorithm (asymmetrical instead of symmetric). Io The identification of the parameter REDUND in the syntax of the message EMM (typically, the identifier T of the parameter T L V) can differentiate the two cases symmetrical and asymmetrical. However, advantageously, this identification of the REDUND parameter can remain the same because if the smart card is designed to apply only, for example, a symmetric algorithm, while the algorithm to be applied normally is asymmetric, the smart card can not, in any case, conclude that the redundancy is correct.

  Depending on the implementation chosen, the registration and updating of a public key in the smart card, by ad hoc data present in the PARAM field, may be a new dedicated command, within the meaning of the invention. , or be done in the same way as for a usual secret key, to the length of the value of the key close. In the latter case, an EMM registering or updating message is therefore similar to an EMM registration or update of a conventional secret key. The fragmentation of a message transmitted to the smart card is described below. An EMM message received in the signal is first formatted by the terminal to extract a significant portion and to add some data relating to the exchange protocol with the smart card. It is then noted below as "global EMM message".

  With reference to FIG. 3A, a global EMM message 31 of conventional size is sufficiently short for the message transmitted (arrow F-31) from the terminal TER to the smart card PS to be smaller than the limit of 255 bytes and can be transmitted from a single exchange to the card. A field 32 identifying, in the sense of the invention, the type of segment resulting from a possible fragmentation of the EMM message indicates that the segment read is the first and last segment (a single segment corresponding to the EMM message itself and of size less than 255 bytes). The card can then read the content 33 of the global EMM message directly.

  For the purposes of the invention, the global EMM message to be transmitted to the card may however be too long to be able to be transmitted to the card in a single message. It is then transmitted by the terminal to the card in consecutive segments according to a specific protocol illustrated in FIG. 3B. With reference to FIG. 3B, the terminal TER cuts the global EMM message 35, which it receives in the signal, into as many short segments 351, 352, 353 as necessary before transmitting them to the PS card (with a format of ad hoc transport). Each segment transmitted to the card is associated with a BLOCKTYPE indicator taking one of the following four functional values: • FIRST & LAST: this segment constitutes a global EMM message, this EMM message being sufficiently short (as in Figure 3A). • FIRST: this segment is the first resulting from the division into several segments by the terminal of a long global EMM message (case of the segment 351 and its indicator 371). • LAST: this segment is the last resulting from the division into several segments by the terminal of a long global EMM message (case of the segment 353 and its indicator 373). • INTERMEDIATE: intermediate segment resulting from the division into several segments by the terminal of a global long EMM message (case of the segment 352 and its indicator 372). By interpretation of the BLOCKTYPE indicator associated with each segment, the map locates the beginning, the course and the end of an EMM message and can thus reconstitute the global EMM message with the contents 361, 362, 363 of the 10 successive segments received before to process this message.

  The coding of the different values of this indicator depends on the implementation chosen. Advantageously, the coding of the value FIRST & LAST can be chosen such that the message transmitted to the card in this case is similar to the case of a message in the sense of the prior art (of conventional size) to the card.

  An exemplary encoding of the BLOCKTYPE flag is as follows, described in the message exchange framework, between terminal and card, in accordance with the ISO 7816-4: 18 APDU commands. 18 CLA instruction class' CA Instruction code INS '18 (submitting an EMM message, specific to the conditional access system described here) Parameter 1 P1 00xxxxxx FIRST & LAST Olxxxxxx FIRST 10xxxxxx INTERMEDIATE 11 xxxxxx LAST (xxxxxx: other data specific to the EMM message) to Parameter 2 P2 decryption key index Data body of an EMM message segment The irreversible activation of the asymmetric signature is described below. Usually, the smart card has a single cryptographic system, including symmetric cryptography redundancy. For the purposes of the invention, the smart card has two cryptographic systems, dealing with the redundancy of the message, one by symmetric cryptography, the other by asymmetric cryptography. The coexistence of these two cryptographic systems makes it possible, for each EMM message for which it must verify the redundancy, that the smart card selects the symmetric or asymmetric cryptographic system according to selection information present in the EMM message itself. However, this embodiment leads to particularize, by adding this information, each EMM message according to the cryptography to be applied. Also, in the selection of message-by-message cryptography, it is preferred that the smart card also has an internal state specifying the current cryptographic system (symmetrical or asymmetric) to be applied to check the redundancy of the EMM messages and the message. a mechanism for positioning this internal state allowing it to move from one cryptographic system, symmetrical or asymmetrical, to another. This internal state, advantageously remanent, is then positioned by an explicit selection command, typically by a specific EMM message, to the personalization of the card or during its use. Thus it is no longer necessary to particularise each EMM message by a cryptography selection information to be applied. Finally, it is advantageous in terms of security that the transition to asymmetric cryptography is irreversible, in particular to permanently prevent fraudulent use of EMM message in symmetric cryptography. Thus, according to the flowchart shown in FIG. 4, the implementation retained in the smart card makes the transition to asymmetric cryptography irreversible, whether this system is activated as soon as the card is initialized (branch A) or by message EMM command (branch B). In general terms, the method, the steps of which are illustrated in FIG. 4, according to an advantageous aspect of the invention, provides a transition from the conditional access system of operation in symmetric cryptography to operation in asymmetric cryptography. For this purpose, a transmission equipment (not shown) generates a specific EMM message for the terminal, for the irreversible selection of operation in asymmetric cryptography. In the security processor, the cryptography may already have been activated in asymmetric mode. (step 40A) to the personalization of the card or following an earlier selection, or in symmetrical mode (step 40B) to the personalization of the card. The security processor processes the selection specific EMM message (step 41) and tests (step 42) whether the current cryptography is symmetric cryptography. If asymmetric cryptography is already selected (branch N of step 42), the selection of asymmetric cryptography is confirmed (step 45). If the current cryptography is symmetric cryptography (branch Y of step 42), asymmetric cryptography is enabled (steps 43 and 45). It is thus clear that this automaton no longer makes it possible to return to symmetric cryptography and the selection EMM message can specify only to change cryptography, implicitly from symmetric to asymmetric, or explicitly to switch to asymmetric cryptography, a selection EMM message explicitly specifying to switch to symmetric cryptography would be ineffective anyway. Note however that it is easy to adapt the automaton of Figure 4 if it is desired in a particular implementation to be able to return to symmetric cryptography. It will be understood that the present invention also relates to the signal comprising the EMM message for selecting a symmetric cryptographic operation or in asymmetric cryptography and involved in the above method. This signal is then intended to be transmitted by a transmitting equipment and contains in particular an operation selection command, for implementing the selection method between operation in symmetric cryptography and operation in asymmetric cryptography. This selection between these two operations is particularly advantageous, even outside the context of splitting EMM messages within the meaning of the invention. As such, it could, where appropriate, be subject to separate protection. The general method in the sense of the invention can be implemented in a conditional access system as illustrated in FIG. 5 and comprising: a transmission equipment 51 (for example a headend of the broadcaster or another) of a signal containing in particular specific access control EMM messages, a terminal 52 receiving the EMM messages in the signal, and a security processor 53 cooperating with the terminal to process the EMM messages. The present invention aims at such a system, but also, separately, the terminal and the security processor of the system as shown in Figure 5.

  On the one hand, the terminal within the meaning of the invention comprises: a receiver module 521 of a signal comprising specific access control EMM messages; a transmission module 522 of these EMM messages intended for the purpose of the invention; security processor 53, and, in particular, a fractionation module 523 of each EMM message in a succession 54 comprising one or more segments. The transmission module 522 then transmits each EMM message in the form of succession 54 above. On the other hand, the security processor 53 within the meaning of the invention (for example the processor of a smart card as represented in FIG. 5) comprises: a reception module 531 of EMM messages for control of specific accesses, from the terminal 52, in the form of a succession comprising one or more segments of the same EMM message, a concatenation module 532 of the segments received to reconstitute each EMM message to be subsequently applied to a processing module 533 included in the security processor 53.

  Advantageously, in asymmetric cryptography context, the EMM message reconstituted by the concatenation module 532 includes a signature generated using a private key Kpr (for example at the transmission equipment), while the module processing 533 of the security processor verifies this signature using a public key Kp ,. Of course, the present invention is not limited to the embodiment described above by way of example; it extends to other variants.

  ~ o It will be understood, for example, that the segment type identifiers (FIRST & LAST, FIRST, LAST, INTERMEDIATE) are, of course, given here as examples and are subject to variations or even to the addition of identifiers not indicated here. .

  There is described here a security processor as a smart card that can cooperate with the terminal. Any other variant of the formatting of the security processor does not affect the principles of the invention described above.

Claims (15)

claims   A conditional access system comprising: a terminal receiving a signal comprising specific access control EMM messages and a security processor cooperating with the terminal to process said EMM messages, wherein the terminal: splits each EMM message in a succession comprising one or more segments, and • transmits each segment to the security processor, and wherein the security processor concatenates the received segments to reconstruct the EMM message to be processed. 15   2. System according to claim 1, wherein the EMM messages received by the terminal are protected in asymmetric cryptography.   3. System according to claim 2, wherein the protection of said EMM messages comprises a signature generated using a private key and verified by the security processor using a public key.   4. System according to one of the preceding claims, wherein each segment has, at most, a limit number of bytes. 23   5. System according to one of the preceding claims, wherein the terminal transmits the segments with a position indicator of the segment in said succession.   The system of claim 5, wherein the indicator identifies at least: a segment corresponding to a complete EMM message (FIRST & LAST), and - a segment corresponding to only a fraction of an EMM message (FIRST, INTERMEDIATE , LAST).   7. System according to one of claims 5 and 6, wherein the indicator identifies at least: - a segment corresponding to a start of EMM message (FIRST), a segment corresponding to an end of EMM message (LAST ), and an intermediate segment in said succession of segments (INTERMEDIATE).   8. Terminal of a system according to one of the preceding claims, comprising: a signal receiving module comprising specific access control EMM messages, and a transmission module of said EMM messages intended for a processor. security device, characterized in that it further comprises a fractionation module of each EMM message in a succession comprising one or more segments, and in that the transmission module transmits each EMM message in the form of said succession.   The security processor of a system according to one of claims 1 to 7, comprising: a module for receiving specific access control EMM messages, originating from a terminal, and a module for processing said messages. EMM, characterized in that the receiving module receives each EMM message 10 in the form of a succession comprising one or more segments of the same EMM message, and in that the security processor comprises a concatenation module of the received segments to reconstruct each EMM message to be applied to the processing module.   10. Security processor according to claim 9, characterized in that: an EMM message reconstituted by the concatenation module comprises a signature generated using a private key, and the processing module verifies said signature at the using a public key, 20 in asymmetric cryptography context.   11. Conditional access method, implemented in a system comprising. an equipment for transmitting a signal containing, in particular, specific access control EMM messages, a terminal receiving said EMM messages in said signal, and a security processor cooperating with the terminal to process said EMM messages wherein the terminal: splits each EMM message into a sequence of one or more segments, and transmits each segment to the security processor, and wherein the security processor concatenates the received segments to reconstruct the EMM message to be processed. io   The method according to claim 11, wherein a system transition is provided between symmetric cryptographic operation and asymmetric cryptographic operation, and wherein: the transmitting equipment generates a command for the terminal in an EMM message for selecting operation in symmetric cryptography or in asymmetric cryptography, the security processor processes said command and selects operation in symmetric cryptography or operation in asymmetric cryptography as a function of the selection of operation present in said EMM message.   13. The method of claim 12, wherein the selection in the security processor between operation in symmetric cryptography and operation in asymmetric cryptography is remanent. 25   The method of claim 13, wherein the operation transition in symmetric cryptography to asymmetric cryptographic operation is irreversible.   15. Signal comprising an EMM message containing a command for selecting an operation in symmetric cryptography or in asymmetric cryptography of a conditional access system, and intended to be transmitted by a transmission equipment for the implementation of the method according to one of claims 12 to 14.