A method of securely downloading at least one of conditional access
software (CAS), Digital Rights Management software (DRMS), Trusted Domain
Software (TDS), and Gaming Security Software (GSS) includes presenting a
specialized entitlement management message (EMM) to initiate the download
to a receiver security device using a supervisory logon key (SLK) split
to logon with a second split contained inside the receiver security
device, presenting a receiver digitally signed random challenge from the
receiver security device to a sender security server to establish
authentication of the receiver security device to the sender security
server, and signing and returning the receiver random challenge from the
sender security server to the receiver security device with a sender
random challenge to establish authentication of the sender security
server to the receiver security device.