公开(公告)号：US20170244691A1

公开(公告)日：2017-08-24

申请号：US15519669

申请日：2015-10-09

Applicant: GEMALTO SA

Inventor： Xavier BERARD ,  Antoine GALLAND

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04W4/50 ,  H04W4/70 ,  H04W12/0017 ,  H04W12/0023

Abstract: The invention is a method for managing a response from an application embedded in a secure token acting as an UICC, in response to a command requesting opening a proactive session. The command is sent by an applicative server to the secure token via an OTA server providing a security layer. The method comprises the steps of sending another command from the applicative server to the secure token using the security layer provided by the OTA server, and in response to this second command, the secure token send the response of the first command to the applicative server using the security layer provided by the OTA server.

公开(公告)号：US20170302650A1

公开(公告)日：2017-10-19

申请号：US15516136

申请日：2015-08-21

Applicant: GEMALTO SA

Inventor： Xavier BERARD ,  HongQian Karen LU

IPC: H04L29/06 ,  H04W4/00 ,  H04W12/06 ,  H04W12/04

CPC classification number: H04L63/083 ,  G06F21/35 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L63/0876 ,  H04L63/168 ,  H04W4/14 ,  H04W4/60 ,  H04W12/0023 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06

Abstract: The invention is a method for managing a response generated by an application embedded in a secure token in response to a command requesting opening a proactive session. An applicative server relies on an OTA server to securely send the command to the application. The method comprises the steps of: the application retrieves a data from the command and derives a key using a preset function, the application generates the response to the command, builds a secured response packet comprising the response secured with the derived key and sends the secured response packet to the applicative server.

公开(公告)号：US20150134958A1

公开(公告)日：2015-05-14

申请号：US14603889

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Lionel MERRIEN ,  Xavier BERARD ,  Pierre GIRARD ,  Philippe PROUST ,  Fabrice VERGNES ,  Frédéric FARIA ,  Franck IMOUCHA

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/04

CPC classification number: G06F21/6218 ,  G06F8/61 ,  H04B1/3816 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W4/70 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205 ,  H04W8/22 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/04

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract translation: 本发明提出了与安全元件的管理相关的若干改进，例如嵌入SIM应用的UICC，这些安全元件被固定地或不固定地安装在诸如移动电话的终端中。 在某些情况下，终端由与M2M（机器到机器）应用的其他机器通信的机器构成。

公开(公告)号：US20180219966A1

公开(公告)日：2018-08-02

申请号：US15503312

申请日：2015-08-05

Applicant: GEMALTO SA

Inventor： Xavier BERARD ,  Patrice AMIEL ,  Ludovic TRESSOL ,  Gregory VALLES

IPC: H04L29/08 ,  H04L29/06

CPC classification number: H04L67/2895 ,  H04L9/32 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/101 ,  H04L63/20 ,  H04L67/141 ,  H04L67/28 ,  H04L67/32 ,  H04L67/327 ,  H04W12/08

Abstract: A method for establishing OTA sessions between terminals and an OTA server in a telecommunications network, each of the terminals interacting with a security element capable of interrogating the OTA server to establish a secure session in order to download data from the OTA server via a reverse proxy server in order to update security elements. The method includes provision by an OTA server to reverse proxy server of a list of identifiers of security elements for which an update is available; only establishing a secure session between the security elements and the OTA server for the security elements having identifiers included in said list.

公开(公告)号：US20180027410A1

公开(公告)日：2018-01-25

申请号：US15549250

申请日：2016-02-05

Applicant: GEMALTO SA

Inventor： Xavier BERARD ,  Benjamin MAZET

IPC: H04W12/04 ,  H04W76/02 ,  G06F21/60 ,  H04W4/00 ,  H04L9/32 ,  H04W12/06

CPC classification number: H04W12/04 ,  G06F21/602 ,  H04L9/3263 ,  H04L2209/80 ,  H04W4/50 ,  H04W4/70 ,  H04W4/80 ,  H04W12/0023 ,  H04W12/00401 ,  H04W12/06 ,  H04W12/0609 ,  H04W76/10

Abstract: Remote subscription management of an eUICC comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the eUICC. The method includes: establishing a secure channel between the terminal and the subscription manager server by using the public certificate and dedicated cryptographic services of the eUICC; sendingto the subscription manager server a subscription management request; verifying, based on the information in the public certificate in the subscription manager server, whether the eUICC is entitled to be managed by the subscription manager server and, if yes: performing a key establishment procedure between the subscription manager server and the eUICC by using the eUICC public certificate; establishing between the subscription manager server and the eUICC a secure channel with the established keys; and, executing by the subscription manager server the subscription management request on the eUICC.

公开(公告)号：US20170171738A1

公开(公告)日：2017-06-15

申请号：US15117005

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Frédéric FAURE ,  Xavier BERARD

IPC: H04W8/18 ,  H04L29/08 ,  H04W12/06

CPC classification number: H04W4/60 ,  H04L67/306 ,  H04L67/34 ,  H04W8/183 ,  H04W12/04 ,  H04W12/06 ,  H04W88/06

Abstract: The invention is a method for managing communication between a secure element and a device. The secure element comprises a physical communication interface and first and second virtual profiles. It is configured to exchange data targeting the virtual profiles with the device through the physical communication interface. The method comprises the steps of: running simultaneously said first and second virtual profiles, demultiplex incoming data received through the physical communication interface and multiplex outgoing data sent through the physical communication interface, resetting one of said virtual profiles individually without affecting the other virtual profiles in response to receiving a specific signal sent by the device through the physical communication interface.

公开(公告)号：US20160234013A1

公开(公告)日：2016-08-11

申请号：US15022485

申请日：2014-09-09

Applicant: GEMALTO SA

Inventor： Abdellah EL-MAROUANI ,  André SINTZOFF ,  Julien GLOUSIEAU ,  Ilyas LANDIKOV ,  Christophe RONFARD-HARET ,  Xavier BERARD

IPC: H04L9/06 ,  H04L29/06 ,  H04W12/08

CPC classification number: H04L9/0643 ,  G06F9/445 ,  G06F9/44589 ,  H04L9/08 ,  H04L9/3271 ,  H04L63/0428 ,  H04W4/50 ,  H04W8/005 ,  H04W8/183 ,  H04W12/02 ,  H04W12/08

Abstract: The invention is a method of communicating between a server and a distant secure element through a point-to-point link. The server is provided with a set comprising a plurality of data and a plurality of identifiers, each of the data is associated with one of the identifiers. The plurality of data comprises a first data compatible with the distant secure element and a second data incompatible with the distant secure element. The whole set is sent from the server to the distant secure element through the point-to-point link. A control operation is run with respect to a reference value stored in the distant secure element for each identifier. The data associated with the identifiers for which the control operation failed is discarded.

Abstract translation: 本发明是一种通过点对点链路在服务器和远程安全元件之间进行通信的方法。 服务器设置有包括多个数据和多个标识符的集合，每个数据与标识符之一相关联。 多个数据包括与远程安全元件兼容的第一数据和与远程安全元件不兼容的第二数据。 整个集合通过点对点链接从服务器发送到远程安全元素。 对于每个标识符，相对于存储在远程安全元件中的参考值运行控制操作。 与控制操作失败的标识符相关联的数据被丢弃。

公开(公告)号：US20180176778A1

公开(公告)日：2018-06-21

申请号：US15737438

申请日：2016-06-23

Applicant: GEMALTO SA

Inventor： Patrice AMIEL ,  Michel ENDRUSCHAT ,  Sébastien PONARD ,  Gabriel PEREIRA ,  Jean-Yves FINE ,  Francois ZANNIN ,  Michel MARTIN ,  Caroline DURANT DINET ,  Xavier BERARD

IPC: H04W12/06 ,  H04W12/04

CPC classification number: H04W12/06 ,  H04W12/0023 ,  H04W12/04

Abstract: A method of replacing an authentication parameter for authenticating a security element co-operating with a terminal includes storing in the security element a first authentication parameter; transmitting to a mobile network operator the first authentication parameter for the operator to record it in its authentication system; on occurrence of an event, having a remote platform transmit to the security element an indicator informing the security element that it is authorized to replace the first authentication parameter with a second authentication parameter if its authentication fails; on occurrence of the event, having the entity transmit to the operator a second authentication parameter to replace the first authentication parameter; and in the event of subsequent failure of the security element to connect to the mobile network and if the indicator is present at the security element, replacing the first authentication parameter with the second authentication parameter at the security element.

公开(公告)号：US20170214524A1

公开(公告)日：2017-07-27

申请号：US15321251

申请日：2015-06-23

Applicant: GEMALTO SA

Inventor： Xavier BERARD ,  Frédéric PAILLART ,  Frédéric FAURE ,  Lionel MALLET

IPC: H04L9/08 ,  H04W12/06 ,  H04W8/24 ,  H04L29/06 ,  H04L12/24 ,  H04L29/08

Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.

公开(公告)号：US20160379006A1

公开(公告)日：2016-12-29

申请号：US15260899

申请日：2016-09-09

Applicant: GEMALTO SA

Inventor： Lionel MERRIEN ,  Xavier BERARD ,  Pierre GIRARD ,  Philippe PROUST ,  Fabrice VERGNES ,  Frédéric FARIA ,  Franck IMOUCHA

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F8/61 ,  H04B1/3816 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W4/70 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205 ,  H04W8/22 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/04

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract translation: 本发明提出了与安全元件的管理相关的若干改进，例如嵌入SIM应用的UICC，这些安全元件被固定地或不固定地安装在诸如移动电话的终端中。 在某些情况下，终端由与M2M（机器到机器）应用的其他机器通信的机器构成。