公开(公告)号：US20170104739A1

公开(公告)日：2017-04-13

申请号：US15128185

申请日：2015-03-25

Applicant: GEMALTO SA

Inventor： Martin LANSLER ,  Sébastien PETIT ,  Guillaume PIERQUIN

IPC: H04L29/06 ,  H04L9/32 ,  G06F21/60

CPC classification number: H04L63/067 ,  G06F21/602 ,  H04L9/0863 ,  H04L9/0869 ,  H04L9/12 ,  H04L9/3226 ,  H04L9/3228 ,  H04L63/0838

Abstract: The present invention relates to a method to manage a One Time Password key, referenced OTP key, used in an OTP algorithm in a user device having access to an unsafe storage including the steps of retrieving a Personal Identification Number, named PIN, of a user of the user device, deriving a symmetric key from the PIN, encrypting the OTP key using the derived symmetric key, storing the encrypted OTP key in the unsafe storage, decrypting the OTP key using the derived symmetric key, and generating a next OTP key using an incremental parameter, wherein the start value of the incremental parameter of the OTP key generation is random.

公开(公告)号：US09571583B2

公开(公告)日：2017-02-14

申请号：US15028321

申请日：2014-10-07

Applicant: GEMALTO SA

Inventor： Julien Delsuc ,  Sylvain Chafer

IPC: G06F15/177 ,  H04L29/08 ,  H04W4/00

CPC classification number: H04L67/125 ,  H04L67/2838 ,  H04L67/34 ,  H04W4/70

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract translation: 本发明是一种在呼叫者设备和执行器设备之间通信的方法，其中执行器设备包括具有定义用于在存储器中存储数据的格式和地址的布局的存储器。 所述执行器设备包括包括服务的应用，所述方法包括以下步骤： - 在所述握手阶段期间向所述呼叫者设备提供所述布局和反映所述服务的指示符， - 向所述执行器设备发送与命令定位相对应的数据块 所述服务，其中所述数据块符合所述布局并且没有元数据， - 向所述呼叫者设备发送符合所述布局的响应块，并且对应于通过执行所述命令而产生的结果。

公开(公告)号：US20170019256A1

公开(公告)日：2017-01-19

申请号：US15121910

申请日：2015-02-20

Applicant: GEMALTO SA

Inventor： Alain RHELIMI

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3213 ,  H04L9/0833 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/0838 ,  H04L63/0846 ,  H04L2209/24

Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

Abstract translation: 本发明涉及一种验证两个设备来建立安全通道的方法，一个属于第一组设备的第二设备，第二设备属于第二组设备，不需要共享秘密， 每个组由被授权在其授权的设备中存储组密钥的机构进行认证。 该方法使用一组认证令牌，一组用于设备与之通信的其他组中的每一个，所述认证令牌至少包含随机数和至少该随机数的密码，该密码由每个的秘密密钥 这些其他组，所述认证令牌在与来自另一组的设备的每次通信时进一步更新。

公开(公告)号：US20160321533A1

公开(公告)日：2016-11-03

申请号：US15105561

申请日：2014-12-03

Applicant: GEMALTO SA

Inventor： Michel THILL

IPC: G06K19/077 ,  G06K19/07

CPC classification number: G06K19/07769 ,  G06K19/0705 ,  G06K19/07707 ,  G06K19/07709

Abstract: The invention relates to a payment device 100 comprising a secure integrated circuit SE with a dual interface. A connector 110 is connected to the contact type interface in order to communicate with an external reader. An antenna 140 is connected to the contactless interface. The device also comprises a reader circuit 120, 130, 150 compatible with the secure integrated circuit SE, wherein the reader circuit is connected in parallel to the connector 110. An independent battery BAT is used to power the reader circuit. A power switching circuit 160 connected to a communication field detection circuit 170, wherein said power switching circuit is capable of powering the reader circuit after a communication field is detected.

Abstract translation: 本发明涉及支付设备100，支付设备100包括具有双接口的安全集成电路SE。 连接器110连接到接触型接口以与外部读取器通信。 天线140连接到非接触式接口。 该装置还包括与安全集成电路SE兼容的读取器电路120,130,150，其中读取器电路与连接器110并联连接。独立电池BAT用于为读取器电路供电。 连接到通信场检测电路170的电源切换电路160，其中所述电源切换电路能够在检测到通信字段之后为读取器电路供电。

公开(公告)号：US20160294791A1

公开(公告)日：2016-10-06

申请号：US15036171

申请日：2014-10-31

Applicant: GEMALTO SA

Inventor： Frank DETCHEVERRY ,  Thomas GEMPP ,  Fabien COURTIADE

IPC: H04L29/06 ,  G06F21/62

CPC classification number: H04L63/0435 ,  G06F21/6209 ,  H04L63/0428 ,  H04L63/061

Abstract: The present invention relates to a method to protect, in a secured container using an encryption key, a set of mixed sensitive and public data to be transferred to an entity. The method includes the steps of: generating a random key, ciphering the set of mixed sensitive and public data using said random key to obtain a ciphered set of data, generating an initialization value, and defining configuration information for the secured container. The initialization value, the configuration information and random key form a preamble. The preamble and the ciphered set of data are encrypted. The initialization value renders the resulting encrypted data variable from a secured container to another even in case of repetitive configuration information in the preamble.

Abstract translation: 本发明涉及一种在使用加密密钥的安全容器中保护要传送到实体的一组混合敏感和公共数据的方法。 该方法包括以下步骤：产生随机密钥，使用所述随机密钥对混合敏感和公共数据集进行加密，以获得加密数据集，生成初始化值并定义安全容器的配置信息。 初始化值，配置信息和随机密钥形成前导码。 前导码和加密的数据集被加密。 即使在前序部分中重复配置信息的情况下，初始化值也将生成的加密数据变量从安全的容器转换到另一个容器。

公开(公告)号：US09462475B2

公开(公告)日：2016-10-04

申请号：US14603889

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Lionel Merrien ,  Xavier Berard ,  Pierre Girard ,  Philippe Proust ,  Fabrice Vergnes ,  Frédéric Faria ,  Franck Imoucha

IPC: H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  H04W12/04 ,  H04L29/08 ,  H04L9/08 ,  H04W8/22 ,  H04B1/3816 ,  H04W8/18 ,  H04W8/20 ,  H04L29/06 ,  H04W84/04

CPC classification number: G06F21/6218 ,  G06F8/61 ,  H04B1/3816 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W4/70 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205 ,  H04W8/22 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/04

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract translation: 本发明提出了与安全元件的管理相关的若干改进，例如嵌入SIM应用的UICC，这些安全元件被固定地或不固定地安装在诸如移动电话的终端中。 在某些情况下，终端由与M2M（机器到机器）应用的其他机器通信的机器构成。

公开(公告)号：US09444815B2

公开(公告)日：2016-09-13

申请号：US14647269

申请日：2013-11-27

Applicant: GEMALTO SA

Inventor： Julien Delsuc ,  Sylvain Chafer ,  Sébastien Hecart

IPC: G06F7/04 ,  H04L29/06

CPC classification number: H04L63/0853 ,  H04L63/0815 ,  H04L63/0884 ,  H04L63/18

Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract translation: 为了访问服务，每个用户设备存储一个第一密钥。 用户设备连接到第一服务器。 终端向第二台服务器发送连接请求。 第二服务器响应与事务标识符和相关联的挑战相关的第一数据。 终端根据第一数据和第一密钥确定第一结果。 终端向第一台服务器发送第一个结果和用户设备数据。 第一服务器基于用户设备数据识别用户设备，并向设备发送第一个结果。 设备基于第一结果和第一密钥来确定挑战和交易标识符，并向第二服务器发送质询和交易标识符。 第二服务器验证从设备接收的数据是否与第一数据匹配，如果是，则授权终端连接。

公开(公告)号：US20160183377A1

公开(公告)日：2016-06-23

申请号：US14903770

申请日：2014-06-19

Applicant: GEMALTO SA

Inventor： Stéphane OTTOBON ,  Lucile DOSSETTO ,  Line DEGEILH

IPC: H05K1/18 ,  H05K3/40 ,  H05K3/32 ,  H05K1/11

CPC classification number: H05K1/181 ,  G06K19/07747 ,  H01L21/4821 ,  H01L23/495 ,  H01L23/49541 ,  H01L23/49579 ,  H01L23/49866 ,  H01L33/62 ,  H01L2224/45144 ,  H01L2224/48091 ,  H01L2224/48228 ,  H01L2224/49171 ,  H01L2924/181 ,  H05K1/032 ,  H05K1/0393 ,  H05K1/112 ,  H05K1/189 ,  H05K3/32 ,  H05K3/4007 ,  H01L2924/00012 ,  H01L2924/00014 ,  H01L2924/00

Abstract: The invention relates to an electronic module comprising a first metal layer including at least one contact pad or a conductive pad for connection or interconnection, an insulating layer that is electrically connected to the metal layer via a first surface, a second metal layer connected to the insulating layer on the opposite surface thereof, a chip location or an electronic chip electrically connected to the at least one contact pad through openings in the insulating layer, characterized in that the insulating layer is an adhesive.

Abstract translation: 本发明涉及一种包括第一金属层的电子模块，该第一金属层包括用于连接或互连的至少一个接触焊盘或导电焊盘，经由第一表面与金属层电连接的绝缘层，连接到第二金属层的第二金属层 绝缘层，芯片位置或通过绝缘层中的开口与至少一个接触焊盘电连接的电子芯片，其特征在于绝缘层是粘合剂。

公开(公告)号：US09361470B2

公开(公告)日：2016-06-07

申请号：US14349047

申请日：2012-09-18

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Nicolas Roussel ,  Richard Pico ,  Frédéric Faure ,  Benoît Gonzalvo

IPC: G06F15/16 ,  G06F21/62 ,  G06F21/77 ,  G06F9/455 ,  G06F21/54 ,  H04W12/08

CPC classification number: G06F21/62 ,  G06F9/455 ,  G06F21/6218 ,  G06F21/77 ,  G06F2221/2141 ,  H04W12/08

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract translation: 本发明是一种安全元件，包括能够以管理模式和运行时模式工作的虚拟机。 安全元件包括两个增强的容器。 所述增强容器中的每一个可以处于激活状态或处于禁用状态。 在任何给定的时间，只有一个增强的容器可以处于激活状态。 虚拟机适用于在管理模式下工作时访问每个增强型容器。 虚拟机无法访问在运行时模式下处于禁用状态的增强型容器。

公开(公告)号：US20160125284A1

公开(公告)日：2016-05-05

申请号：US14896094

申请日：2014-06-03

Applicant: GEMALTO SA

Inventor： Francis ALLOT ,  Sophie LOMBARDO ,  Mikko LANKINEN ,  Youssiph KAMAGATE ,  Frédéric BLACHON

IPC: G06K19/077

CPC classification number: G06K19/07728 ,  G06K19/077 ,  G06K19/07722 ,  G06K19/07747 ,  G06K19/0775 ,  H01L2224/48091 ,  H01L2224/48227 ,  H01L2924/181 ,  H01L2924/00012 ,  H01L2924/00014

Abstract: A method for making an intermediate electronic device, wherein said device is coated or is to be coated with a cover sheet or layer, the method comprising the step of forming a carrier-body comprising: a cavity provided in the carrier-body; an electric circuit comprising at least one electric interconnection area inside the cavity; an electronic module comprising at least one connection pad connecting said interconnection area and arranged in the cavity; a space or gap provided at the interface between the module and the carrier-body, substantially perpendicular to a main surface of the carrier-body, in communication with the surface of the carrier-body, and intended to be covered with a cover sheet or layer; the method is characterized in that a flexible or elastic material is arranged in the device so as to fill the space or gap between the module and the body-carrier or at least partially cover same.

Abstract translation: 一种制造中间电子器件的方法，其中所述器件被涂覆或将被覆盖片或层，该方法包括形成载体的步骤，包括：设置在载体中的腔体; 电路，其包括所述腔内的至少一个电互连区域; 电子模块，包括连接所述互连区域并布置在空腔中的至少一个连接焊盘; 设置在模块和载体之间的界面处的空间或间隙，其基本上垂直于载体主体的主表面，与载体主体的表面连通，并且旨在被覆盖片或 层; 该方法的特征在于，在装置中布置柔性或弹性材料，以便填充模块和身体载体之间的空间或间隙，或至少部分地覆盖其上。