公开(公告)号：US20140250501A1

公开(公告)日：2014-09-04

申请号：US14349047

申请日：2012-09-18

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Nicolas Roussel ,  Richard Pico ,  Frédéric Faure ,  Benoît Gonzalvo

IPC: G06F21/62 ,  G06F9/455

CPC classification number: G06F21/62 ,  G06F9/455 ,  G06F21/6218 ,  G06F21/77 ,  G06F2221/2141 ,  H04W12/08

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract translation: 本发明是一种安全元件，包括能够以管理模式和运行时模式工作的虚拟机。 安全元件包括两个增强的容器。 所述增强容器中的每一个可以处于激活状态或处于禁用状态。 在任何给定的时间，只有一个增强的容器可以处于激活状态。 虚拟机适用于在管理模式下工作时访问每个增强型容器。 虚拟机无法访问在运行时模式下处于禁用状态的增强型容器。

公开(公告)号：US09872167B2

公开(公告)日：2018-01-16

申请号：US15117005

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Frédéric Faure ,  Xavier Berard

IPC: H04W8/18 ,  H04W12/06 ,  H04L29/08 ,  H04W88/06

CPC classification number: H04W4/60 ,  H04L67/306 ,  H04L67/34 ,  H04W8/183 ,  H04W12/04 ,  H04W12/06 ,  H04W88/06

Abstract: The invention is a method for managing communication between a secure element and a device. The secure element comprises a physical communication interface and first and second virtual profiles. It is configured to exchange data targeting the virtual profiles with the device through the physical communication interface. The method comprises the steps of: running simultaneously said first and second virtual profiles, demultiplex incoming data received through the physical communication interface and multiplex outgoing data sent through the physical communication interface, resetting one of said virtual profiles individually without affecting the other virtual profiles in response to receiving a specific signal sent by the device through the physical communication interface.

公开(公告)号：US09361470B2

公开(公告)日：2016-06-07

申请号：US14349047

申请日：2012-09-18

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Nicolas Roussel ,  Richard Pico ,  Frédéric Faure ,  Benoît Gonzalvo

IPC: G06F15/16 ,  G06F21/62 ,  G06F21/77 ,  G06F9/455 ,  G06F21/54 ,  H04W12/08

CPC classification number: G06F21/62 ,  G06F9/455 ,  G06F21/6218 ,  G06F21/77 ,  G06F2221/2141 ,  H04W12/08

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract translation: 本发明是一种安全元件，包括能够以管理模式和运行时模式工作的虚拟机。 安全元件包括两个增强的容器。 所述增强容器中的每一个可以处于激活状态或处于禁用状态。 在任何给定的时间，只有一个增强的容器可以处于激活状态。 虚拟机适用于在管理模式下工作时访问每个增强型容器。 虚拟机无法访问在运行时模式下处于禁用状态的增强型容器。

公开(公告)号：US10601587B2

公开(公告)日：2020-03-24

申请号：US15321251

申请日：2015-06-23

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Frédéric Paillart ,  Frédéric Faure ,  Lionel Mallet

IPC: H04L9/08 ,  H04W8/24 ,  H04W12/06 ,  H04L29/06 ,  H04W12/00 ,  H04L12/24 ,  H04L29/08 ,  H04W12/04 ,  H04W84/12

Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.

公开(公告)号：US09615244B2

公开(公告)日：2017-04-04

申请号：US15107412

申请日：2014-12-17

Applicant: GEMALTO SA

Inventor： Nicolas Roussel ,  Nicolas Joubert ,  Florent Labourie ,  Jérôme Duprez ,  Frédéric Faure

IPC: H04W8/20 ,  H04L29/08 ,  H04B1/38 ,  H04B1/3816

CPC classification number: H04W8/20 ,  H04B1/3816 ,  H04L67/02 ,  H04W8/18 ,  H04W92/08

Abstract: A first device stores a subscription manager and at least two subscriptions. A first subscription is active and a second subscription is non-active. A second device sends a request for switching to the second subscription. The subscription manager sets a first variable relating to a next active subscription to the second subscription. The subscription manager sends to the first device a message requesting the first device to re-launch an execution of the subscription manager and to read data. The first device sends to the subscription manager a message including a command for re-launching an execution of the subscription manager. The subscription manager de-activates, based upon the first variable value, the first subscription. The subscription manager activates, based upon the first variable value, the second subscription, and sends to the first device operating system data relating to the second subscription, as a current active subscription.