公开(公告)号：WO2009003957A1

公开(公告)日：2009-01-08

申请号：PCT/EP2008/058312

申请日：2008-06-27

Applicant: AXALTO SA ,  BALSAN, Gilles

Inventor： BALSAN, Gilles

IPC: H04N7/16

CPC classification number: H04N7/17318 ,  H04N21/2541 ,  H04N21/4126 ,  H04N21/4627 ,  H04N21/835 ,  H04N21/8355

Abstract: The invention relates to a method and a device for management of multimedia data. More particularly, the invention relates to a method and a device to allow an end-user to manage and keep with him his personal multimedia video and music Library. This method is based on a purchase of multimedia content step made using a first portable device of the end-user (10, 20, 30), and a multimedia content playing step on a distinct second device (70) used for displaying the multimedia content (40), this distinct second device (70) being a portable communication device.

Abstract translation: 本发明涉及一种管理多媒体数据的方法和装置。 更具体地说，本发明涉及允许终端用户管理和保持他的个人多媒体视频和音乐库的方法和设备。 该方法基于购买使用最终用户（10,20,30）的第一便携式设备进行的多媒体内容步骤，以及在用于显示多媒体内容的不同的第二设备（70）上的多媒体内容播放步骤 （40），所述不同的第二装置（70）是便携式通信装置。

公开(公告)号：WO2008035174A3

公开(公告)日：2008-08-07

申请号：PCT/IB2007002707

申请日：2007-09-18

Applicant: AXALTO SA ,  GANEM HERVE ,  SJARIF KRISHNA

Inventor： GANEM HERVE ,  SJARIF KRISHNA

IPC: G06F21/00 ,  G07F7/10 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L29/06027 ,  G06Q20/341 ,  G06Q20/40975 ,  H04L63/029 ,  H04L65/1006 ,  H04L67/02 ,  H04L67/14

Abstract: The invention relates to a method for communicating with a personal token (10) over an IP network, in which method a request is made to the personal token and the personal token provides a response to this request, the method being characterized in that it comprises the step which consists in encapsulating (20) the said request to the personal token inside a message which is a response to a prior request emitted by the personal token for the purpose of such encapsulation.

Abstract translation: 本发明涉及一种用于通过IP网络与个人令牌（10）通信的方法，在该方法中，向个人令牌发出请求并且个人令牌向该请求提供响应，该方法的特征在于其包括： 包括将所述请求封装（20）到个人令牌内的步骤，所述消息是对个人令牌为了这种封装而发出的在先请求的响应。

公开(公告)号：WO2008044112A3

公开(公告)日：2008-06-12

申请号：PCT/IB2007002928

申请日：2007-10-03

Applicant: AXALTO SA ,  SALGADO STEPHANIE ,  VIGILANT DAVID ,  FUMAROLI GUILLAUME

Inventor： SALGADO STEPHANIE ,  VIGILANT DAVID ,  FUMAROLI GUILLAUME

IPC: H04L1/00

CPC classification number: H04L1/0061

Abstract: The invention relates to a method for checking the integrity of a set of data packets received by a receiving communication device from a sending communication device, the data packets of the set being received in unpredictable order. The invention also relates to a communication device implementing a method according to the invention, in particular to a smart card.

Abstract translation: 本发明涉及一种用于检查由接收通信设备从发送通信设备接收的一组数据分组的完整性的方法，该组的数据分组以不可预知的顺序被接收。 本发明还涉及实现根据本发明的方法的通信设备，具体涉及智能卡。

公开(公告)号：WO2007138488A3

公开(公告)日：2008-05-08

申请号：PCT/IB2007002911

申请日：2007-05-25

Applicant: AXALTO SA ,  LU HONGQIAN KAREN ,  ALI ASAD ,  VASSILEV APOSTOL

Inventor： LU HONGQIAN KAREN ,  ALI ASAD ,  VASSILEV APOSTOL

IPC: G06F9/445

CPC classification number: G07F7/1008 ,  G06F8/65 ,  G06F21/57 ,  G06F2221/2153 ,  G06Q20/3552

Abstract: Patching of software application. A software application is stored on a smart card as partitions and is loaded from the smart card into the memory of a host computer to which the smart card is connected. The software application is executed on the host computer; which using the instructions of the software application establishes a communications channel between the software application and a remote patch server containing a patch for at least one partition of the software application. Upon detecting that a patch is available for the at least one partition of the software application, downloading the at least one partition from the remote server into volatile memory allocated to the software application on the host computer via the first communications channel, and uploading the at least one partition from the volatile memory allocated to the software application to the smart card. Other systems and methods are disclosed.

Abstract translation: 修补软件应用程序。 软件应用程序作为分区存储在智能卡上，并从智能卡加载到智能卡连接到的主机的存储器中。 软件应用程序在主机上执行; 其使用软件应用程序的指令在软件应用程序和包含用于软件应用程序的至少一个分区的补丁的远程补丁服务器之间建立通信通道。 在检测到补丁可用于软件应用程序的至少一个分区时，经由第一通信信道将至少一个分区从远程服务器下载到分配给主计算机上的软件应用程序的易失性存储器中， 从分配给软件应用程序的易失性存储器到智能卡的至少一个分区。 公开了其它系统和方法。

公开(公告)号：WO2007107829A3

公开(公告)日：2007-12-06

申请号：PCT/IB2007000626

申请日：2007-03-02

Applicant: AXALTO SA ,  YANG BAOZHU

Inventor： YANG BAOZHU

IPC: G06F21/62

CPC classification number: G06F21/6218 ,  G06F2221/2141

Abstract: The inventions relates to a personal security token (10) for a mobile telecommunicaction terminal (20) said personal security token (10) comprising a memory and a processor, said memory storing a content file (11), an access condition list (ACL) to such file (11) under a first security environment and an access condition list (ACL) to such file (11) under a second security environment, the two access condition lists being both stored in a given file (12) which is divided into records, characterized in that the access condition list (ACL) under the first security environment and the access condition list (ACL) under the second security environment are stored in the same record (13) of the said given file (12), and the token (10) stores and runs a program for identifying wether the token (10) is currently actuated under the first security environment or under the second security environment and reading only the access condition list which corresponds to the current security environment.

Abstract translation: 本发明涉及一种用于移动电信终端（20）的个人安全令牌（10），所述个人安全令牌（10）包括存储器和处理器，所述存储器存储内容文件（11），访问条件列表（ACL） 在第一安全环境下的这种文件（11）和在第二安全环境下的这种文件（11）的访问条件列表（ACL），两个访问条件列表都存储在给定的文件（12）中，该文件被分成 记录，其特征在于，所述第一安全环境下的访问条件列表（ACL）和所述第二安全环境下的访问条件列表（ACL）存储在所述给定文件（12）的同一记录（13）中，并且 令牌（10）存储并运行用于识别令牌（10）当前在第一安全环境下或在第二安全环境下被激活的程序，并且仅读取与当前安全环境对应的访问条件列表。

公开(公告)号：WO2007072157A3

公开(公告)日：2007-10-04

申请号：PCT/IB2006003650

申请日：2006-12-13

Applicant: AXALTO SA ,  LU HONGQIAN KAREN

Inventor： LU HONGQIAN KAREN

IPC: G06F21/00 ,  H04L29/06

CPC classification number: H04L63/0227 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1458

Abstract: A system and method for detecting network-based attacks on an electronic device. The system and method operable to detect network-based attacks on the electronic device comprising receiving data packets on the electronic device, tracking disposition of the data packets by the electronic device by recording one or more paths through a finite state machine model of the processing of data packets by the electronic device, and raising an alert that the electronic device is under a network-based attack based on patterns of the one or more recorded paths

Abstract translation: 一种用于检测电子设备上基于网络的攻击的系统和方法。 该系统和方法可操作以检测对电子设备的基于网络的攻击，包括在电子设备上接收数据分组，通过记录通过有限状态机模型处理的一个或多个路径跟踪电子设备对数据分组的处理 电子设备的数据分组，并且基于一个或多个记录路径的模式提高电子设备处于基于网络的攻击的警报

公开(公告)号：WO2007105098A2

公开(公告)日：2007-09-20

申请号：PCT/IB2007/000656

申请日：2007-03-12

Applicant: AXALTO SA ,  MONTGOMERY, Michael ,  MAO, Yi

Inventor： MONTGOMERY, Michael ,  MAO, Yi

IPC: G06F21/20

CPC classification number: G06F21/6218

Abstract: Role-based hierarchical access control system and method. A computer system having a data storage capacity and a central processing unit and at least one resource has an access control data structure defining role-based access control lists for the resource, wherein the access control list defines based on the role of a user the types of access that the user may have to the at least one resource. A hierarchy of roles having at least a first role and a second role wherein the second role inherits the permissions granted to the first role for the at least one resource. Access to the resource is determined by comparing roles defined to have access privileges to the resource and the permissions granted to such roles to the role of an entity seeking access to the resource.

Abstract translation: 基于角色的分级访问控制系统和方法。 具有数据存储容量的计算机系统和中央处理单元以及至少一个资源具有定义用于资源的基于角色的访问控制列表的访问控制数据结构，其中访问控制列表基于用户的角色定义类型 用户可能对至少一个资源的访问。 具有至少第一角色和第二角色的角色层次结构，其中所述第二角色继承对所述至少一个资源授予所述第一角色的所述权限。 通过将被定义为具有对资源的访问权限的角色和授予这些角色的权限与寻求资源访问的实体的角色进行比较来确定对资源的访问。

公开(公告)号：WO2007010363A3

公开(公告)日：2007-03-29

申请号：PCT/IB2006001971

申请日：2006-07-18

Applicant: AXALTO SA ,  SEIF JACQUES

Inventor： SEIF JACQUES

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/1441 ,  H04W12/04 ,  H04W12/06 ,  H04W12/12

Abstract: The invention relates to a personal token (PT) for a hosting telecommunication terminal (T) such personal token (PT) storing a secret master key and comprising a microprocessor and a software equipment for interpreting at least one incoming command so as to generate first derived key material on the basis of the stored secret master key and on the basis of the content of said incoming at least one command, said software equipment controlling interpretation of said command so as to determine whether said command indicates that the first derived key material should be delivered to the hosting terminal (T) or not, characterized in that the software equipment performs a checking task as to whether the command comprises a content which complies with a predetermined content format and refuses to proceed to delivery of the first derived key material in case said content does not comply with said content format.

Abstract translation: 本发明涉及用于托管电信终端（T）的个人令牌（T），该个人令牌（T）存储秘密主密钥并包括微处理器和用于解释至少一个输入命令的软件设备，以便生成第一派生 密钥材料，基于所存储的秘密主密钥，并且基于所述进入的至少一个命令的内容，所述软件设备控制所述命令的解释，以便确定所述命令是否指示所述第一导出密钥材料应该是 传送到主机终端（T），其特征在于，软件设备执行关于该命令是否包括符合预定内容格式的内容并且拒绝继续传送第一派生密钥材料的检查任务，以防万一 所述内容不符合所述内容格式。

公开(公告)号：WO2006032993A3

公开(公告)日：2006-06-22

申请号：PCT/IB2005002818

申请日：2005-09-23

Applicant: AXALTO SA

Inventor： HONGQIAN KAREN LU ,  NGUYEN BINH HOA

IPC: H04W92/08 ,  H04L29/06 ,  H04L29/08 ,  H04W80/06

CPC classification number: H04W92/08 ,  H04L67/02 ,  H04L69/16 ,  H04L69/168 ,  H04W80/06

Abstract: A mobile device and UICC communication using standard Internet protocols. Such communication allows users access to their UICC information using standard web browsers and allows use of the UICCs to communicate with remote servers and thereby provide secure services for Internet transactions. The mobile device has a communications module to selectively communicate with the UICC processor or with at least one node on a network, the mobile device communications module has an Internet protocol module operable to receive messages issued from a first Internet application as Internet protocol packets, and to transmit the packets to target IP addresses; and operable to receive Internet protocol packets, to process the packets, and to send the messages contained in the packets to the first Internet application.

Abstract translation: 使用标准互联网协议的移动设备和UICC通信。 这种通信允许用户使用标准网页浏览器访问他们的UICC信息，并允许使用UICC与远程服务器进行通信，从而为互联网交易提供安全服务。 移动设备具有用于选择性地与UICC处理器或与网络上的至少一个节点通信的通信模块，移动设备通信模块具有互联网协议模块，该互联网协议模块可操作以接收从第一互联网应用发布的作为互联网协议分组的消息，以及 将分组传输到目标IP地址; 并且可操作来接收因特网协议分组，处理分组并且将分组中包含的消息发送到第一互联网应用。

公开(公告)号：WO2005062236A3

公开(公告)日：2006-04-06

申请号：PCT/IB2004004156

申请日：2004-12-16

Applicant: AXALTO SA ,  RHELIMI ALAIN

Inventor： RHELIMI ALAIN

IPC: G07C9/00 ,  H04B13/00

CPC classification number: G07C9/00087 ,  G07C9/00563 ,  G07C2009/00095 ,  G07C2209/62

Abstract: The system comprises a terminal (10, 12), an independent portable device (20) including a data processing means, and a wireless coupling means (RF COMMUNICATION) for exchanging individual-identification data between said terminal and said portable device. A body-medium communication means (OSC COMMUNICATION) including a transmitter in the terminal and a receiver in the portable device is provided to transmit from the terminal to the portable device a connection code (CONNECTION CODE) at the onset of a transaction upon physical contact established by the individual between the terminal and the portable device. A control means in the portable device checks said connection code received and conditionally issues to the terminal through said wireless coupling means (RF COMMUNICATION) a signal for enabling further execution of said transaction in response to said connection code complying with predetermined criteria.

Abstract translation: 该系统包括终端（10,12），包括数据处理装置的独立便携式设备（20）和用于在所述终端和所述便携式设备之间交换个人识别数据的无线耦合装置（RF COMMUNICATION）。 提供一种包括终端中的发射机和便携式设备中的接收机的体媒介通信装置（OSC通信），用于在物理接触交易开始时从终端向便携式设备发送连接码（连接码） 由个人在终端和便携式设备之间建立。 便携式设备中的控制装置通过所述无线耦合装置（RF COMMUNICATION）检查接收到的所述连接码并有条件地向终端发出一个用于响应于符合预定标准的所述连接码进一步执行所述交易的信号。