公开(公告)号：US09872167B2

公开(公告)日：2018-01-16

申请号：US15117005

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Frédéric Faure ,  Xavier Berard

IPC: H04W8/18 ,  H04W12/06 ,  H04L29/08 ,  H04W88/06

CPC classification number: H04W4/60 ,  H04L67/306 ,  H04L67/34 ,  H04W8/183 ,  H04W12/04 ,  H04W12/06 ,  H04W88/06

Abstract: The invention is a method for managing communication between a secure element and a device. The secure element comprises a physical communication interface and first and second virtual profiles. It is configured to exchange data targeting the virtual profiles with the device through the physical communication interface. The method comprises the steps of: running simultaneously said first and second virtual profiles, demultiplex incoming data received through the physical communication interface and multiplex outgoing data sent through the physical communication interface, resetting one of said virtual profiles individually without affecting the other virtual profiles in response to receiving a specific signal sent by the device through the physical communication interface.

公开(公告)号：US10601587B2

公开(公告)日：2020-03-24

申请号：US15321251

申请日：2015-06-23

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Frédéric Paillart ,  Frédéric Faure ,  Lionel Mallet

IPC: H04L9/08 ,  H04W8/24 ,  H04W12/06 ,  H04L29/06 ,  H04W12/00 ,  H04L12/24 ,  H04L29/08 ,  H04W12/04 ,  H04W84/12

Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.

公开(公告)号：US09817993B2

公开(公告)日：2017-11-14

申请号：US15260899

申请日：2016-09-09

Applicant: GEMALTO SA

Inventor： Lionel Merrien ,  Xavier Berard ,  Pierre Girard ,  Philippe Proust ,  Fabrice Vergnes ,  Frédéric Faria ,  Franck Imoucha

IPC: G06F21/43 ,  G06F21/62 ,  H04W8/24 ,  H04W12/10 ,  G06F9/445 ,  H04W4/00 ,  H04W8/20 ,  H04W12/04 ,  H04L29/06 ,  H04W12/06 ,  H04L29/08 ,  H04L9/08 ,  H04W8/22 ,  H04B1/3816 ,  H04W12/08 ,  H04W8/18 ,  H04W84/04

CPC classification number: G06F21/6218 ,  G06F8/61 ,  H04B1/3816 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W4/70 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205 ,  H04W8/22 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/04

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

公开(公告)号：US20150289135A1

公开(公告)日：2015-10-08

申请号：US14439167

申请日：2013-10-25

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Richard Pico ,  Frederic Faure ,  Benoit Gonzalvo

IPC: H04W12/06 ,  H04L29/06

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0869 ,  H04W4/60

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R′ signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R′ from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract translation: （i）与安全元件协作的用户终端和与服务注册的应用相互认证，以及（ii）通过第三方门户提供服务的远程服务器包括：i）发送 通过门户到远程服务器，使得能够在远程服务器中验证安全元素的签名信息R; ii）验证远程服务器中的安全元素; iii）通过门户传输由远程服务器签名的值R'到应用程序; iv）从所述应用向所述安全元件发送对所述签名值R'的验证请求; v）在安全元素中验证远程服务器的签名以及所请求的服务是否已被远程服务器许可; vi）使用安全元件与远程服务器建立安全连接，并请求执行该服务。

公开(公告)号：US10033528B2

公开(公告)日：2018-07-24

申请号：US15022485

申请日：2014-09-09

Applicant: GEMALTO SA

Inventor： Abdellah El-Marouani ,  André Sintzoff ,  Julien Glousieau ,  Ilyas Landikov ,  Christophe Ronfard-Haret ,  Xavier Berard

IPC: H04L9/32 ,  H04L9/06 ,  H04W4/50 ,  H04L29/06 ,  H04W12/08 ,  H04W8/00 ,  H04W8/18 ,  G06F9/445 ,  H04L9/08 ,  H04W12/02

Abstract: The invention is a method of communicating between a server and a distant secure element through a point-to-point link. The server is provided with a set comprising a plurality of data and a plurality of identifiers, each of the data is associated with one of the identifiers. The plurality of data comprises a first data compatible with the distant secure element and a second data incompatible with the distant secure element. The whole set is sent from the server to the distant secure element through the point-to-point link. A control operation is run with respect to a reference value stored in the distant secure element for each identifier. The data associated with the identifiers for which the control operation failed is discarded.

公开(公告)号：US20140250501A1

公开(公告)日：2014-09-04

申请号：US14349047

申请日：2012-09-18

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Nicolas Roussel ,  Richard Pico ,  Frédéric Faure ,  Benoît Gonzalvo

IPC: G06F21/62 ,  G06F9/455

CPC classification number: G06F21/62 ,  G06F9/455 ,  G06F21/6218 ,  G06F21/77 ,  G06F2221/2141 ,  H04W12/08

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract translation: 本发明是一种安全元件，包括能够以管理模式和运行时模式工作的虚拟机。 安全元件包括两个增强的容器。 所述增强容器中的每一个可以处于激活状态或处于禁用状态。 在任何给定的时间，只有一个增强的容器可以处于激活状态。 虚拟机适用于在管理模式下工作时访问每个增强型容器。 虚拟机无法访问在运行时模式下处于禁用状态的增强型容器。

公开(公告)号：US10587599B2

公开(公告)日：2020-03-10

申请号：US15519669

申请日：2015-10-09

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Antoine Galland

IPC: H04L29/06 ,  H04W4/50 ,  H04W12/00 ,  H04W4/70

Abstract: The invention is a method for managing a response from an application embedded in a secure token acting as an UICC, in response to a command requesting opening a proactive session. The command is sent by an applicative server to the secure token via an OTA server providing a security layer. The method comprises the steps of sending another command from the applicative server to the secure token using the security layer provided by the OTA server, and in response to this second command, the secure token send the response of the first command to the applicative server using the security layer provided by the OTA server.

公开(公告)号：US09462475B2

公开(公告)日：2016-10-04

申请号：US14603889

申请日：2015-01-23

Applicant: GEMALTO SA

Inventor： Lionel Merrien ,  Xavier Berard ,  Pierre Girard ,  Philippe Proust ,  Fabrice Vergnes ,  Frédéric Faria ,  Franck Imoucha

IPC: H04W12/06 ,  H04W12/08 ,  H04W4/00 ,  H04W12/04 ,  H04L29/08 ,  H04L9/08 ,  H04W8/22 ,  H04B1/3816 ,  H04W8/18 ,  H04W8/20 ,  H04L29/06 ,  H04W84/04

CPC classification number: G06F21/6218 ,  G06F8/61 ,  H04B1/3816 ,  H04L9/0825 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L67/34 ,  H04W4/50 ,  H04W4/60 ,  H04W4/70 ,  H04W8/18 ,  H04W8/183 ,  H04W8/205 ,  H04W8/22 ,  H04W8/245 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W12/10 ,  H04W84/04

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract translation: 本发明提出了与安全元件的管理相关的若干改进，例如嵌入SIM应用的UICC，这些安全元件被固定地或不固定地安装在诸如移动电话的终端中。 在某些情况下，终端由与M2M（机器到机器）应用的其他机器通信的机器构成。

公开(公告)号：US09361470B2

公开(公告)日：2016-06-07

申请号：US14349047

申请日：2012-09-18

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Nicolas Roussel ,  Richard Pico ,  Frédéric Faure ,  Benoît Gonzalvo

IPC: G06F15/16 ,  G06F21/62 ,  G06F21/77 ,  G06F9/455 ,  G06F21/54 ,  H04W12/08

CPC classification number: G06F21/62 ,  G06F9/455 ,  G06F21/6218 ,  G06F21/77 ,  G06F2221/2141 ,  H04W12/08

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract translation: 本发明是一种安全元件，包括能够以管理模式和运行时模式工作的虚拟机。 安全元件包括两个增强的容器。 所述增强容器中的每一个可以处于激活状态或处于禁用状态。 在任何给定的时间，只有一个增强的容器可以处于激活状态。 虚拟机适用于在管理模式下工作时访问每个增强型容器。 虚拟机无法访问在运行时模式下处于禁用状态的增强型容器。

公开(公告)号：US09319882B2

公开(公告)日：2016-04-19

申请号：US14439167

申请日：2013-10-25

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Richard Pico ,  Frederic Faure ,  Benoit Gonzalvo

IPC: G06F7/04 ,  H04W12/06 ,  H04L29/06 ,  H04W4/00

CPC classification number: H04W12/06 ,  H04L63/0853 ,  H04L63/0869 ,  H04W4/60

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R′ signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R′ from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract translation: （i）与安全元件协作的用户终端和与服务注册的应用相互认证，以及（ii）通过第三方门户提供服务的远程服务器包括：i）发送 通过门户到远程服务器，使得能够在远程服务器中验证安全元素的签名信息R; ii）验证远程服务器中的安全元素; iii）通过门户传输由远程服务器签名的值R'到应用程序; iv）从所述应用向所述安全元件发送对所述签名值R'的验证请求; v）在安全元素中验证远程服务器的签名以及所请求的服务是否已被远程服务器许可; vi）使用安全元件与远程服务器建立安全连接，并请求执行该服务。