公开(公告)号：WO2016108096A1

公开(公告)日：2016-07-07

申请号：PCT/IB2015/058635

申请日：2015-11-09

Applicant: STMICROELECTRONICS S.R.L.

Inventor： CASERTA, Francesco

IPC: H04W12/02 ,  H04W4/00

CPC classification number: H04W4/60 ,  G06F3/0659 ,  H04W4/14 ,  H04W12/02

Abstract: A method for providing, e.g. by means of an application (S_APPa) installed on an Universal Integrated Circuit Card (108a),a response to a SCP80 command is described. Initially, a first SMS message is received, e.g. by means of a mobile device (10), from a remote server (MNO) and decrypted according to the protocol SCP80. Specifically, this first SMS message contains a first command requesting the execution of a proactive command. Once, the proactive command has been executed and a respective response has been obtained,a second SMS message (SMS3) is transmitted to the remote server (MNO) indicating that the response has been obtained. Next, a third SMS message (SMS4) is received from the remote server (MNO)and decrypted according to the protocol SCP80. Specifically, this third SMS message (SMS4) contains a second command (C-APDU2) requesting the transmission of a response message determined as a function of the proactive command response(RSP1). Accordingly, the response message (R-APDU1)may be generated, encrypted according to the protocol SCP80 and transmitted(SMS5) the remote server (MNO).

Abstract translation: 一种提供 通过安装在通用集成电路卡（108a）上的应用（S_APPa），描述对SCP80命令的响应。 最初，接收到第一SMS消息，例如， 通过移动设备（10）从远程服务器（MNO）发送并根据协议SCP80进行解密。 具体来说，该第一SMS消息包含请求执行主动命令的第一命令。 一旦已经执行了主动命令并获得了相应的响应，则向远程服务器（MNO）发送指示已经获得响应的第二SMS消息（SMS3）。 接下来，从远程服务器（MNO）接收第三SMS消息（SMS4），并根据协议SCP80进行解密。 具体地说，该第三SMS消息（SMS4）包含请求发送作为主动命令响应（RSP1）的函数确定的响应消息的第二命令（C-APDU2）。 因此，可以根据协议SCP80生成响应消息（R-APDU1），并发送（SMS5）远程服务器（MNO）。

公开(公告)号：EP3241375A1

公开(公告)日：2017-11-08

申请号：EP15804974.2

申请日：2015-11-09

Applicant: STMicroelectronics S.r.l.

Inventor： CASERTA, Francesco

IPC: H04W12/02 ,  H04W4/00

CPC classification number: H04W4/60 ,  G06F3/0659 ,  H04W4/14 ,  H04W12/02

Abstract: A communication method includes receiving a first message of a Short Message Service containing a first command that requests execution of a proactive command. The first message is decrypted according to protocol SCP80 to extract the first command. The execution of the proactive command is requested in order to obtain a response to the proactive command. A second message of the Short Message Service is transmitted to the remote server and indicates that the response to the proactive command has been obtained. A third message of the Short Message Service is received and contains a second command from the remote server. The third message is decrypted according to the protocol SCP80. A response message is generated as a function of the response and encrypted according to the protocol SCP80 to generate a fourth message of the Short Message Service transmitted to the remote server.

公开(公告)号：EP3993314A1

公开(公告)日：2022-05-04

申请号：EP20425046.8

申请日：2020-10-30

Applicant: STMicroelectronics S.r.l. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： SIMON, Thierry ,  PEETERS, Michael ,  CASERTA, Francesco

IPC: H04L9/30 ,  H04L9/08

Abstract: The present disclosure relates to a method of generation of N first pairs of ECC keys for elliptic curve cryptography, wherein each first pair of keys is a linear combination of previously-generated second pairs of elliptic curve cryptography keys.

公开(公告)号：EP3241375B1

公开(公告)日：2019-04-24

申请号：EP15804974.2

申请日：2015-11-09

Applicant: STMicroelectronics S.r.l.

Inventor： CASERTA, Francesco

IPC: H04W12/02 ,  H04W4/14 ,  H04W4/60

公开(公告)号：EP4071642A1

公开(公告)日：2022-10-12

申请号：EP22162880.3

申请日：2022-03-18

Applicant: STMicroelectronics S.r.l.

Inventor： CASERTA, Francesco ,  VENEROSO, Amedeo

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: Method for concealing a subscription identifier (SI), in particular Subscription Permanent Identifier (SUPI), at a user equipment (11) of a mobile communication network, comprising a mobile equipment (11a) and an integrated circuit card (12) which stores subscription data for accessing said mobile communication network including said subscription identifier (PI),
said method comprising, upon receiving at said user equipment (11) a corresponding request (RQT) by a server (13) to provide a corresponding subscription identifier (PI, CI), performing an Elliptical Curve encryption of said subscription identifier (PI) generating a concealed subscription identifier (CI), said concealing operation (100) comprising that said mobile equipment (11a) of the user equipment (11) sends an identity retrieve command, in particular a GET IDENTITY command (GI), to an integrated circuit card (12) in the mobile equipment (11a),
said Elliptical Curve encryption including performing at the integrated circuit card (12) the operations of:
generating an ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK), performing a first scalar multiplication (Eq. 1) of the ephemeral private key (ephPrK) by a generator value (G) to obtain said ephemeral public key (ephPuK),
generating a Shared secret key (ShS) performing a second scalar multiplication (Eq. 2) of the Ephemeral Private key (ephPrK) by a server public key (srvPuK);
using said shared secret key (ShS) to derive keys to encrypt the subscription identifier (SI), which is to be sent to said server (13) as concealed subscription identifier (CI) as response of said identity retrieve command (GI),

said scalar multiplication being performed iteratively performing and iteration (i) comprising a set of operations for each bit of the Ephemeral Private key (ephPrK),
said method comprising performing, before receiving said identity retrieve command (GI) at the card (12), a pre-calculation of said ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK) and said shared secret key (ShS),
said pre-calculation including
performing an interruptible calculation (100) of said first (Eq. 1) and second (Eq. 2) scalar multiplication during the execution time of given periodic commands, in particular APDU STATUS commands, sent by the mobile equipment (11) to the card (12), storing a respective state of completion (EPuKState, ShSState) of said calculation (100),
said interruptible calculation (100) including checking (110, 130) at the beginning of each of said execution time said respective state of completion (EPuKState, ShSState),
if said respective state of completion (EPuKState, ShSState) indicates that completion of the computation of a valid ephemeral key pair or shared secret (ShS),
storing the corresponding values of ephemeral private key (ephPrK), ephemeral public key (ephPuK) and shared secret (ShS) in a table in a memory, in particular a flash memory, of the integrated circuit card (12) at the user equipment (11).