公开(公告)号：WO2022063721A1

公开(公告)日：2022-03-31

申请号：PCT/EP2021/075780

申请日：2021-09-20

Applicant: STMICROELECTRONICS S.R.L. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F9/50 ,  G06F9/46 ,  G06F9/48 ,  G06F12/02 ,  G06F9/4401 ,  G06F21/78

Abstract: Embedded secure element The present description concerns an embedded electronic system or a method implemented by such a system, including: at least one volatile memory (RAM); and at least one low-level operating system managing the allocation of areas of the volatile memory to a plurality of high-level operating system, each including one or a plurality of applications, wherein said volatile memory includes: at least a first portion (PRAM30) reserved to execution data of a first application (App30); and at least a second portion intended to store execution data of at least a second application (App31), the execution data of the first application remaining in the volatile memory in case of a deactivation or of a setting to standby of this first application.

公开(公告)号：WO2020193663A1

公开(公告)日：2020-10-01

申请号：PCT/EP2020/058432

申请日：2020-03-25

Applicant: STMICROELECTRONICS S.R.L. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F9/445 ,  G06F12/02 ,  G06F12/0842 ,  G06F12/126 ,  G06F21/57 ,  G06F21/60 ,  G06F21/77

Abstract: La présente description concerne un élément sécurisé embarqué (E) comprenant une mémoire virtuelle (VRAM), et étant configuré pour mettre en oeuvre au moins une partie d'une première application (App20) adaptée à être miseen oeuvre par au moins un systèmed'exploitation de bas niveau (113) de l'élément sécurisé embarqué (E), dans lequel des données d'exécution relatives à une ou plusieurs tâches secondaires de ladite première application (App20) sont stockées dans une partie de ladite mémoire virtuelle (VRAM) lorsque que l'exécution de ladite partie de la première application (App20) est interrompue par l'exécution d'au moins une partie d'une deuxième application (App21).

公开(公告)号：WO2022063720A1

公开(公告)日：2022-03-31

申请号：PCT/EP2021/075778

申请日：2021-09-20

Applicant: STMICROELECTRONICS S.R.L. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F9/46 ,  G06F9/50 ,  G06F21/78 ,  G06F9/4401 ,  G06F12/02 ,  G06F21/53 ,  G06F21/74

Abstract: The present description concerns an embedded electronic system or a method implemented by such a system including: at least one volatile memory (RAM); at least one low-level operating system managing the allocation of areas of the volatile memory to a plurality of high-level operating systems, each including one or a plurality of applications (App20, App21), wherein data of execution of one or a plurality of tasks of said first application (App20) are partly transferred by the low-level operating system from said volatile memory to a non-volatile memory (WM) when the execution of said task of the first application is interrupted by the execution of at least one task of a second application (App21).

公开(公告)号：WO2020193664A1

公开(公告)日：2020-10-01

申请号：PCT/EP2020/058434

申请日：2020-03-25

Applicant: STMICROELECTRONICS S.R.L. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F9/445 ,  G06F12/02 ,  G06F12/0842 ,  G06F12/126 ,  G06F21/57 ,  G06F21/60 ,  G06F21/77

Abstract: La présente description concerne un élément sécurisé embarqué (E) comprenant une mémoire volatile (PRAM), et étant configuré pour mettre en oeuvre au moins une partie d'une première application (App30) et au moins une partie d'une ou plusieurs deuxièmes applications (App31) adaptées à être mises en oeuvre par au moins un système d'exploitation de bas niveau (113) de l'élément sécurisé embarqué (E), dans lequel: - des données d'exécution de ladite première application (App30) sont stockées dans une première partie réservée de ladite mémoire volatile (PRAM) configurée pour stocker uniquement des données d'exécution de ladite première application (App30); et - des données d'exécution desdites deuxièmes applications sont stockées dans une deuxième partie de ladite mémoire volatile (PRAM) distincte de la première partie réservée de ladite mémoire volatile (PRAM).

公开(公告)号：WO2013097938A1

公开(公告)日：2013-07-04

申请号：PCT/EP2012/005311

申请日：2012-12-20

Applicant: STMICROELECTRONICS S.R.L.

Inventor： VENEROSO, Amedeo ,  VARONE, Francesco ,  FRALLICCIARDI, Paolo

IPC: H01Q1/38 ,  H01Q1/22 ,  H04B1/38 ,  G06K19/077

CPC classification number: H01Q1/38 ,  H01Q1/2208

Abstract: The present invention relates to a flexible antenna for NFC communication with SIM card of a mobile device, comprising a RF pad for establishing radio communication with another device. Each projection extending from the RF pad comprises on its end a SIM pad with a different orientation with respect to the orientation of the other SIM pads on the other projections.

Abstract translation: 本发明涉及一种用于与移动设备的SIM卡进行NFC通信的柔性天线，包括用于与另一设备建立无线电通信的RF焊盘。 从RF焊盘延伸的每个突起在其端部上包括相对于其它突起上的其它SIM焊盘的取向具有不同取向的SIM焊盘。

公开(公告)号：EP3073773A2

公开(公告)日：2016-09-28

申请号：EP15201541.8

申请日：2015-12-21

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo

IPC: H04W8/18

Abstract: A method for performing a remote management of a multi-subscription SIM module (108a) is disclosed. The multi-subscription SIM module (108a) comprises at least one memory adapted to store a first (P1) and a second (P2) profile associated with a respective first (MNO1) and a second (MNO2) mobile network operator, such that a respective content may be associated with each profile (P1, P2).
Specifically, the method comprises receiving a remote management message from a remote host (30a, 30b), wherein the remote management message comprises a remote management command, and a sender address and/or a destination address. Next, the remote management message is processed in order to determine the sender address and/or the destination address and a target profile (P1; P2) of the remote management command is determined as a function of the sender address and/or the destination address. Accordingly, once having determined the target profile, the remote management command may be executed in order to interact with the content of the target profile (P1; P2).

Abstract translation: 一种用于执行多订阅SIM模块（108A）的远程管理方法是游离缺失盘。 多订阅SIM模块（108A）包括至少一个存储器angepasst以存储第一（P1）和具有respectivement第一（MNO1）和第二锰（MnO 2）的移动网络运营商相关联的第二（P2）轮廓，求做了 respectivement内容可以与每个简档（P1，P2）相关联。 具体而言，该方法包括从远程主机接收远程管理消息（30A，30B）worin远程管理消息包括远程管理命令，以及发送方地址和/或目的地地址。 接下来，远程管理消息，以便处理以确定性矿发送源地址和/或目的地地址和目标轮廓;远程管理命令的（P1 P2）是确定性的开采作为发送者地址的功能和/或目的地址 ， 因此，一旦具有确定性开采的目标简档，远程管理命令可以以与目标轮廓（; P2 P1）的内容交互时执行。

公开(公告)号：EP4280530A1

公开(公告)日：2023-11-22

申请号：EP23172237.2

申请日：2023-05-09

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo ,  PASCARIELLO, Vincenzo ,  TRAMONTANO, Alfonso

IPC: H04L9/00

Abstract: The present disclosure relates to a method comprising :
- the generation, by a computing device (400), of a first key ( K ) and a bootstrapping key ( b k );
- the provision of the first key and an identifier (id) of the bootstrapping key to an electronic device (100) and the provision of the bootstrapping key and the identifier to a server (102);
- the fully homomorphic encryption, by the electronic device, of a first data value, stored in the electronic device, by using the first key; and
- the provision, by the electronic device, of the encrypted first data value ( c 1 , ...,c N ) and of the identifier, to the server.

公开(公告)号：EP3789902A1

公开(公告)日：2021-03-10

申请号：EP20192085.7

申请日：2020-08-21

Applicant: STMicroelectronics S.r.l. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VENEROSO, Amedeo ,  VAN NIEUWENHUYZE, Olivier

IPC: G06F21/71 ,  G06F21/77 ,  H04W12/00

Abstract: A secure device (10) operating with a secure tamper-resistant platform including a tamper-resistant hardware platform (11) and a virtual primary platform (12, 1P) operating with a low level operating system performing an abstraction of resources of the hardware platform (11), and a secondary platform (2P) with a high level operating system providing a further abstraction of resources to applications (14) in which respective internal hosts (23) are embedded, said secure device (10) including an internal host domain (23) including said internal hosts (23),
said secure device (10) including a plurality of physical and/or logical input/output interfaces (25) through which externals hosts (311, 341) can access said internal hosts (23),
said virtual primary platform (12, 1P) being configured to set interactions between said externals hosts (311, 341) and said internal hosts (23),
wherein
said internal host domain (23) includes a further set of virtual hosts (24) each configured to operate as a proxy between an input/output interface (25) and an application (14), each input/output interface (25) being configured to address only one among the virtual hosts (24).

公开(公告)号：EP4261693A1

公开(公告)日：2023-10-18

申请号：EP23161676.4

申请日：2023-03-14

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo ,  CIMINO, Carlo

IPC: G06F12/02 ,  G06F12/10

Abstract: A method of managing memory (1084) in an integrated circuit card (108) using a Java Card platform, said integrated circuit card (108) comprising a non-volatile memory portion (51) and a RAM memory portion (52), said method comprising a procedure for the allocation of one or more transient arrays in said RAM memory portion (52), said procedure comprising
creating in a non-volatile memory heap (51) one or more array pointers (RA1, RA2, RA3), corresponding to one or more transient arrays (RB1, RB2, RB3) to be allocated, each array pointer (RA1, RA2, RA3) comprising a transient array size (BS) and a transient array address (LA; IA),
wherein
said creating (205) operation comprises
creating one or more array pointers (RA) comprising as transient array address a logical address (LA; IA) of the area of the RAM memory portion in which the respective transient array (RB1, RB2, RB3) is to be allocated
said procedure (200) further comprising
assigning (210) then in said RAM memory (52) area memory only to transient arrays (RB1, RB2, RB3), corresponding to said respective one or more array pointers (RA), which comprise at least a value different from zero.

公开(公告)号：EP4071642A1

公开(公告)日：2022-10-12

申请号：EP22162880.3

申请日：2022-03-18

Applicant: STMicroelectronics S.r.l.

Inventor： CASERTA, Francesco ,  VENEROSO, Amedeo

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: Method for concealing a subscription identifier (SI), in particular Subscription Permanent Identifier (SUPI), at a user equipment (11) of a mobile communication network, comprising a mobile equipment (11a) and an integrated circuit card (12) which stores subscription data for accessing said mobile communication network including said subscription identifier (PI),
said method comprising, upon receiving at said user equipment (11) a corresponding request (RQT) by a server (13) to provide a corresponding subscription identifier (PI, CI), performing an Elliptical Curve encryption of said subscription identifier (PI) generating a concealed subscription identifier (CI), said concealing operation (100) comprising that said mobile equipment (11a) of the user equipment (11) sends an identity retrieve command, in particular a GET IDENTITY command (GI), to an integrated circuit card (12) in the mobile equipment (11a),
said Elliptical Curve encryption including performing at the integrated circuit card (12) the operations of:
generating an ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK), performing a first scalar multiplication (Eq. 1) of the ephemeral private key (ephPrK) by a generator value (G) to obtain said ephemeral public key (ephPuK),
generating a Shared secret key (ShS) performing a second scalar multiplication (Eq. 2) of the Ephemeral Private key (ephPrK) by a server public key (srvPuK);
using said shared secret key (ShS) to derive keys to encrypt the subscription identifier (SI), which is to be sent to said server (13) as concealed subscription identifier (CI) as response of said identity retrieve command (GI),

said scalar multiplication being performed iteratively performing and iteration (i) comprising a set of operations for each bit of the Ephemeral Private key (ephPrK),
said method comprising performing, before receiving said identity retrieve command (GI) at the card (12), a pre-calculation of said ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK) and said shared secret key (ShS),
said pre-calculation including
performing an interruptible calculation (100) of said first (Eq. 1) and second (Eq. 2) scalar multiplication during the execution time of given periodic commands, in particular APDU STATUS commands, sent by the mobile equipment (11) to the card (12), storing a respective state of completion (EPuKState, ShSState) of said calculation (100),
said interruptible calculation (100) including checking (110, 130) at the beginning of each of said execution time said respective state of completion (EPuKState, ShSState),
if said respective state of completion (EPuKState, ShSState) indicates that completion of the computation of a valid ephemeral key pair or shared secret (ShS),
storing the corresponding values of ephemeral private key (ephPrK), ephemeral public key (ephPuK) and shared secret (ShS) in a table in a memory, in particular a flash memory, of the integrated circuit card (12) at the user equipment (11).