Payment smart cards with hierarchical session key derivation providing security against differential power analysis and other attacks

What is claimed is: 1. A cryptographic device comprising: (a) at least one memory containing a value of a secret parameter; and (b) a processor configured to perform a plurality of cryptographic transactions, each said transaction involving a cryptographically processed datum, where: (i) each of said cryptographic transactions is secured using a secret parameter; (ii) said processor configured to reduce the usefulness of information gathered through external monitoring of said cryptographic device related to said secret parameter by performing a plurality of cryptographic update operations to derive an updated value of said secret parameter at a different level within a hierarchy of secret parameters, wherein deriving an updated value of said secret parameter comprises applying at least one invertible function to the value of said secret parameter before said plurality of cryptographic operations; and (iii) said processor configured to store the updated value of said secret parameter in said at least one memory for use in at least one subsequent transaction; and (c) an interface configured to output said datum to a cryptographic processing device. 2. The cryptographic device of claim 1 where said secret parameter is a cryptographic key. 3. The cryptographic device of claim 1 where said securing using said secret parameter includes deriving a cryptographic key from said secret parameter, and applying said cryptographic key for said transaction. 4. The cryptographic device of claim 1 where said hierarchy of secret parameters is characterized by: (a) each secret parameter being at least one of a parent in said hierarchy of secret parameters or a child in said hierarchy of secret parameters; (b) each parent secret parameter having multiple child secret parameters, each of which can be derived from a parent secret parameter in a cryptographic update operation from said parent secret parameter; and (c) each child secret parameter has a parent secret parameter from which said child secret parameter can be derived in a single cryptographic update operation. 5. The cryptographic device of claim 4 where: (a) each parent secret parameter has the same number of child secret parameters; and (b) said cryptographic processing device is configured to derive a particular secret parameter used by said cryptographic device to secure a particular transaction, by performing less than the total number of possible transactions performable by said device. 6. The cryptographic device of claim 4 where: (a) elements within said hierarchy are characterizable by corresponding index parameters; (b) said device is configured to receive an index parameter; and (c) said step (b)(ii) of claim 1 includes performing a plurality of said update operations to transition from a current secret parameter, corresponding to a current index parameter, to a final secret parameter corresponding to said index parameter. 7. The device of claim 6 where: (a) said update operation utilizes said current index parameter and said current secret parameter; and (b) said device replaces the value of the current secret parameter after each cryptographic update operation, so that secret parameter values from multiple transactions are not maintained. 8. The cryptographic device of claim 1 where said cryptographic device is a smartcard. 9. A system comprising the cryptographic device of claim 1 , wherein the cryptographic device comprises a smartcard, and said cryptographic processing device comprises a smartcard reader. 10. The cryptographic device of claim 1 where said device is configured to interface with said cryptographic processing device in a contactless manner. 11. A system comprising the cryptographic device of claim 1 , wherein the cryptographic device comprises a contactless transaction device, and said cryptographic processing device comprises a transaction verification device. 12. A computer-implemented method of performing a cryptographic transaction, using a secret parameter stored in a non-transitory computer readable memory, comprising: (a) performing a cryptographic transaction secured using said secret parameter; (b) applying a cryptographic update operation to said secret parameter by performing n cryptographic update operations using a processor to derive an updated value of said secret parameter within a hierarchy by applying an invertible function, such that after said n cryptographic update operations have been performed, a receiving party knowing the value of the secret parameter prior to said n cryptographic update operations derives the value of said updated secret parameter in less than n operations; where all of said secret parameters from said n cryptographic update operations are within said hierarchy of secret parameters; and (c) replacing said secret parameter with said updated secret parameter in said memory. 13. The method of claim 12 where said secret parameter is a cryptographic key. 14. The method of claim 12 where said securing using said secret parameter includes deriving a cryptographic key from said secret parameter, and applying said cryptographic key for said transaction. 15. The method of claim 12 where said hierarchy of secret parameters is characterized by: (a) each secret parameter being at least one of a parent in said hierarchy of secret parameters or a child in said hierarchy of secret parameters; (b) each parent secret parameter having multiple child secret parameters, each of which can be derived from a parent secret parameter in a single cryptographic update operation from said parent secret parameter; and (c) each child secret parameter has a parent secret parameter from which said child secret parameter can be derived in a single cryptographic key update operation. 16. The method of claim 15 where: (a) each parent secret parameter has the same number of child secret parameters; and (b) said receiving party is capable of deriving a particular secret parameter, used to secure a particular transaction by a party performing said method, by performing less than the total number of possible transactions performable by said party performing said method. 17. The method of claim 15 : (a) where elements within said hierarchy are characterizable by corresponding index parameters; and (b) further comprising successively iterating said update operations to transition from a current secret parameter corresponding to a current index parameter, through one or more intermediate secret parameters, to a final secret parameter corresponding to a desired an index parameter. 18. The method of claim 17 where: (a) said update operation utilizes said current index parameter and said current secret parameter; and (b) the value of the current secret parameter is replaced after each cryptographic update operation, so that only current secret parameter values are maintained. 19. The method of claim 12 where said method is performed using a smartcard, and said receiving party uses a smartcard reader. 20. The method of claim 19 where said smartcard is contactless. 21. The method of claim 12 implemented in a device that regulates access to an encrypted television signal. 22. The method of claim 12 implemented in a payment device.