公开(公告)号：US20150289135A1

公开(公告)日：2015-10-08

申请号：US14439167

申请日：2013-10-25

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Richard Pico ,  Frederic Faure ,  Benoit Gonzalvo

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0869 ,  H04W4/60

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R′ signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R′ from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract translation: （i）与安全元件协作的用户终端和与服务注册的应用相互认证，以及（ii）通过第三方门户提供服务的远程服务器包括：i）发送 通过门户到远程服务器，使得能够在远程服务器中验证安全元素的签名信息R; ii）验证远程服务器中的安全元素; iii）通过门户传输由远程服务器签名的值R'到应用程序; iv）从所述应用向所述安全元件发送对所述签名值R'的验证请求; v）在安全元素中验证远程服务器的签名以及所请求的服务是否已被远程服务器许可; vi）使用安全元件与远程服务器建立安全连接，并请求执行该服务。

公开(公告)号：US09319882B2

公开(公告)日：2016-04-19

申请号：US14439167

申请日：2013-10-25

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Richard Pico ,  Frederic Faure ,  Benoit Gonzalvo

IPC: G06F7/04 ,  H04W12/06 ,  H04L29/06 ,  H04W4/00

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0869 ,  H04W4/60

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R′ signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R′ from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract translation: （i）与安全元件协作的用户终端和与服务注册的应用相互认证，以及（ii）通过第三方门户提供服务的远程服务器包括：i）发送 通过门户到远程服务器，使得能够在远程服务器中验证安全元素的签名信息R; ii）验证远程服务器中的安全元素; iii）通过门户传输由远程服务器签名的值R'到应用程序; iv）从所述应用向所述安全元件发送对所述签名值R'的验证请求; v）在安全元素中验证远程服务器的签名以及所请求的服务是否已被远程服务器许可; vi）使用安全元件与远程服务器建立安全连接，并请求执行该服务。

公开(公告)号：US10939265B2

公开(公告)日：2021-03-02

申请号：US15768211

申请日：2016-09-06

Applicant: GEMALTO SA

Inventor： Milas Fokle ,  Benoit Gonzalvo ,  Guillaume Huysmans

IPC: H04W4/50 ,  H04W4/60 ,  H04W12/02 ,  H04W12/06 ,  H04W12/00 ,  G06F21/12 ,  G06F21/31 ,  G06F21/44 ,  G06F21/60 ,  H04L9/32 ,  H04L29/06 ,  H04L29/08

Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.