Disclosed are a system and a method for transferring with improved
security root keys from a key provider system to a customer system via an
information network that is other than secure. The key provider provides
a secure module having a super-root key stored therein within the
customer system. The super-root key is accessible internally to the
module only by program code executable on a processor internal to the
module, and only in response to a request from a corresponding module of
the key provider system. The super-root key is only for use in decrypting
encrypted root keys that are provided from the key provider system, which
decrypted root keys are stored internally to the secure module.