公开(公告)号：US20170364711A1

公开(公告)日：2017-12-21

申请号：US15541000

申请日：2015-12-16

Applicant: GEMALTO SA

Inventor： Alain RHELIMI

IPC: G06F21/77 ,  G06F21/44 ,  G06F21/57 ,  G06F21/60

CPC classification number: G06F21/77 ,  G06F21/44 ,  G06F21/575 ,  G06F21/602 ,  G06F21/71 ,  G06F2221/2143

Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

公开(公告)号：US20170346642A1

公开(公告)日：2017-11-30

申请号：US15536387

申请日：2015-12-09

Applicant: GEMALTO SA

Inventor： Alain RHELIMI

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3265 ,  H04L9/0637 ,  H04L9/3213 ,  H04L29/06 ,  H04L63/065 ,  H04L63/0823 ,  H04L63/104 ,  H04L2209/42

Abstract: The present invention relates to a method, for a provider entity belonging to a provider group, to authenticate its belonging to an attribute provider group to a verification entity in a non-traceable manner without necessitating to share secret or large constants compromising privacy. Both entities comprise at least one attribute group arborescence, this attribute group arborescence being shared by the provider entity and the verification entity when the provider entity has the attribute. According to the invention, when a verification is triggered, the verification entity calculates a certificate from the attribute group arborescence, said certificate being calculated from the authentication tokens of the groups along the arborescence from the attribute verification group's token to the consumer group's token.

公开(公告)号：US20170019256A1

公开(公告)日：2017-01-19

申请号：US15121910

申请日：2015-02-20

Applicant: GEMALTO SA

Inventor： Alain RHELIMI

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3213 ,  H04L9/0833 ,  H04L9/0838 ,  H04L63/0428 ,  H04L63/065 ,  H04L63/0838 ,  H04L63/0846 ,  H04L2209/24

Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

Abstract translation: 本发明涉及一种验证两个设备来建立安全通道的方法，一个属于第一组设备的第二设备，第二设备属于第二组设备，不需要共享秘密， 每个组由被授权在其授权的设备中存储组密钥的机构进行认证。 该方法使用一组认证令牌，一组用于设备与之通信的其他组中的每一个，所述认证令牌至少包含随机数和至少该随机数的密码，该密码由每个的秘密密钥 这些其他组，所述认证令牌在与来自另一组的设备的每次通信时进一步更新。

公开(公告)号：US20180109943A1

公开(公告)日：2018-04-19

申请号：US15568479

申请日：2016-04-13

Applicant: GEMALTO SA

Inventor： Alain RHELIMI ,  Lionel MERRIEN

IPC: H04W8/26 ,  G07C5/00 ,  H04L29/06 ,  H04W12/06

CPC classification number: H04W8/265 ,  G06F9/451 ,  G06Q10/10 ,  G06Q30/012 ,  G07C5/008 ,  H04L61/6054 ,  H04L63/083 ,  H04W12/06

Abstract: A device is intended for controlling access of a communication equipment of a user to virtual stores of network operators accessible into servers. This device comprises a control means arranged, when this user provides the communication equipment of the user equipment with an access code associated to a virtual store of a network operator, for determining a communication identifier of a virtual store page corresponding to this access code and to data defining a context of the communication equipment into a table establishing correspondences between access codes and communication identifiers of pages of virtual stores providing offers corresponding to communication equipment contexts, then for triggering access by the communication equipment to the virtual store page associated to the determined communication identifier to allow the user to select an offer contained into this virtual store page.

公开(公告)号：US20180144137A1

公开(公告)日：2018-05-24

申请号：US15572118

申请日：2016-04-18

Applicant: GEMALTO SA

Inventor： Alain RHELIMI ,  Serge BARBE

IPC: G06F21/57 ,  G06F21/77

CPC classification number: G06F21/575 ,  G06F9/4401 ,  G06F21/76 ,  G06F21/77

Abstract: A secure element equips a device usable by N image owners, and comprises a first non-volatile memory divided into N parts storing image owner data, a second non-volatile memory storing a primary boot loader, a third non-volatile memory divided into N parts storing image owner session private data, a first random access memory divided into N parts associated to the N first non-volatile memory parts, a second random access memory for temporarily storing image owner data during an access session, and a controller activated by the primary boot loader when the device starts an access session, and then controlling accesses to the non-volatile memories and random access memories according to rules, and erasing the second random access memory each time the device starts an access session.

公开(公告)号：US20180139612A1

公开(公告)日：2018-05-17

申请号：US15567075

申请日：2015-12-29

Applicant: GEMALTO SA

Inventor： Alain RHELIMI ,  Lionel MERRIEN

IPC: H04W12/08 ,  H04L9/32 ,  H04W12/04 ,  H04W8/20

CPC classification number: H04W12/08 ,  H04L9/3247 ,  H04L9/3268 ,  H04L2209/127 ,  H04W8/20 ,  H04W12/0023 ,  H04W12/04

Abstract: This invention relates to a method for controlling remotely the rights of a target secure element to an execute an operation, said target secure element being configured to load a profile image and to store a first set of at least one parameter indicating if the secure element is locked or unlocked and, in case it is locked, who is the locker of said secure element. The method is operated by an image delivery server, said method and comprises the following steps: receiving a second set of at least one parameter and an operation code OP defining a requested operation to be performed by the target secure element, receiving a profile image to be transmitted to the secure element; generating a security scheme descriptor (SSD) file adapted to bind the profile image with the target secure element and further comprising the second set of at least one parameter and the operation code OP; sending the received image profile and the associated security scheme descriptor (SSD) file to the target secure element.

公开(公告)号：US20180097781A1

公开(公告)日：2018-04-05

申请号：US15567346

申请日：2016-04-13

Applicant: GEMALTO SA

Inventor： Alain RHELIMI

IPC: H04L29/06 ,  G06F21/74 ,  G06F12/14 ,  G06F21/79 ,  G06F21/85

Abstract: A device for managing multiple accesses to a secure module of a system on chip of an apparatus, and comprises a stream ciphering means arranged for computing on the fly and in a single pass an integrity check for data to be transferred between secure and non secure modules of the system on chip with a seed and an encryption key, and for encrypting/decrypting on the fly and in this single pass these data with the encryption key, and a control means for providing the encryption key and seed to the stream ciphering means and for requesting data transfer and retrieving status to the secure and non secure modules for allowing the transfer of encrypted/decrypted data between the secure and non secure modules.