公开(公告)号：EP1548976B1

公开(公告)日：2007-08-22

申请号：EP03425824.4

申请日：2003-12-24

Applicant: STMicroelectronics S.r.l.

Inventor： Sannino, Roberto Valerio ,  Sozzani, Fabio ,  Bertoni, Guido Marco ,  Pelosi, Gerardo ,  Fragneto, Pasqualina

IPC: H04L9/30

CPC classification number: H04L9/083 ,  H04L9/3073 ,  H04L9/3213

公开(公告)号：EP1675300B1

公开(公告)日：2008-10-01

申请号：EP05103305.8

申请日：2005-04-22

Applicant: Hewlett-Packard Development Company, L.P. ,  STMicroelectronics S.r.l.

Inventor： Harrison, Keith Alexander ,  Chen, Liqun ,  Bertoni, Guido Marco ,  Fragneto, Pasqualina ,  Pelosi, Gerardo

IPC: H04L9/32 ,  H04L9/30 ,  G06F7/72

CPC classification number: H04L9/08 ,  H04L9/3073 ,  H04L9/321 ,  H04L2209/80 ,  H04W12/06

公开(公告)号：EP1548976A1

公开(公告)日：2005-06-29

申请号：EP03425824.4

申请日：2003-12-24

Applicant: STMicroelectronics S.r.l.

Inventor： Sannino, Roberto Valerio ,  Sozzani, Fabio ,  Bertoni, Guido Marco ,  Pelosi, Gerardo ,  Fragneto, Pasqualina

IPC: H04L9/30

CPC classification number: H04L9/083 ,  H04L9/3073 ,  H04L9/3213

Abstract: A method for decrypting the encrypted messages sent by a transmission device to a first electronic device (SIM) associated with a first trusted authority (TA-SIM) and to a second electronic device (ME). The method comprises the steps of:

a) associating a single joint identity with the first (SIM) and the second (ME) devices which is identificative of a common entity comprising the first (SIM) and the second (ME) devices;
b) carrying out a single encryption operation of a message by the transmission device, by using the joint identity and transmitting the encrypted message to both devices;
c) generating first (W SIM ) and second (W ME ) decryption tokens by the first (SIM) and the second (ME) devices, respectively;
d) providing said first token to the second device and said second token to the first device;
e) generating, by starting from said tokens, by the first and second devices, of a joint decryption key (W) in order to decrypt the encrypted message.

Abstract translation: 一种用于将由传输设备发送的加密消息解密到与第一可信管理机构（TA-SIM）和第二电子设备（ME））相关联的第一电子设备（SIM）的方法。 该方法包括以下步骤：a）将单个联合身份与第一（SIM）和第二（ME）设备相关联，其与包括第一（SIM）和第二（ME）设备的公共实体相同） b）通过使用联合身份并将加密的消息发送到两个设备，由传输设备执行消息的单一加密操作; c）分别由第一（SIM）和第二（ME）设备产生第一（WSIM）和第二（WME）解密令牌） d）向所述第一设备提供所述第一令牌给所述第二设备和所述第二令牌; e）通过第一和第二设备从所述令牌开始，通过联合解密密钥（W）生成以解密加密的消息。

公开(公告)号：EP1675300A1

公开(公告)日：2006-06-28

申请号：EP05103305.8

申请日：2005-04-22

Applicant: Hewlett-Packard Development Company, L.P. ,  STMicroelectronics S.r.l.

Inventor： Harrison, Keith Alexander ,  Chen, Liqun ,  Bertoni, Guido Marco ,  Fragneto, Pasqualina ,  Pelosi, Gerardo

IPC: H04L9/32 ,  H04L9/30 ,  G06F7/72

CPC classification number: H04L9/08 ,  H04L9/3073 ,  H04L9/321 ,  H04L2209/80 ,  H04W12/06

Abstract: Cryptographic methods are known that involve the computation of a non-degenerate bilinear mapping of first and second elements (P 1 , Q 1 ) one of which comprises a secret of a first entity (A). For a mapping implemented as, for example, a Tate pairing, the mapping is computable by applying a predetermined function (f) to the first and second elements (P 1 , Q 1 ) and then exponentiating the result with a known exponent (e pub ). Improvements in respect of computational loading, size of output, and security are enabled for the first party (A) by arranging for the first entity to carry out (12) only part of the mapping, a second entity (B) being used to complete computation (13) of the mapping. Cryptographic applications using these improvements are also disclosed.

Abstract translation: 已知密码学方法涉及第一和第二元素（P 1，Q 1）的非简并双线性映射的计算，其中之一包括第一实体（A）的秘密。 对于实现为例如Tate配对的映射，可以通过将预定函数（f）应用于第一和第二元素（P 1，Q 1）然后用已知指数（e pub）对结果进行指数来计算该映射 ）。 对于第一方（A），通过安排第一实体仅执行部分映射（12）来实现计算负载，输出大小和安全性的改进，第二实体（B）用于完成 映射的计算（13）。 还公开了使用这些改进的加密应用。

公开(公告)号：EP1775880A1

公开(公告)日：2007-04-18

申请号：EP05425713.4

申请日：2005-10-11

Applicant: STMicroelectronics S.r.l.

Inventor： Bertoni, Guido Marco ,  Fragneto, Pasqualina ,  Pelosi, Gerardo ,  Harrison, Keith ,  Chen, Liqun

IPC: H04L9/30 ,  G06F7/72

CPC classification number: G06F7/725 ,  H04L9/3073 ,  H04L2209/08

Abstract: A method of processing information (INFO) to be confidentially transmitted from a first module (C) to a second module (D) provides that a first scalar multiplication (SCAL-MLTr) may be carried out in order to obtain a first result [r]P) . This first scalar - multiplication comprises a plurality of generation steps of ordered factors (Q 0 , Q 1 ) from which a plurality of first partial sums (SUM1r, SUM2r) are required to be built.
The method also comprises the carrying out of a second scalar multiplication (SCAL-MLTm) in order to obtain a second result ([m]P). This second multiplication provides that a plurality of second partial sums (SUM1m, SUM2m) may be built.
A piece of encrypted information is obtained by processing the information (INFO) based on the results of said scalar multiplications.
The method is characterized in that in order to build the second partial sums of the second scalar multiplication the same ordered factors being obtained by the generation step of the first scalar multiplication are employed.

Abstract translation: 一种处理从第一模块（C）到第二模块（D）保密地发送的信息（INFO）的方法，可以执行第一标量乘法（SCAL-MLTr），以获得第一结果[r ] P）。 该第一标量乘法包括要求构建多个第一部分和（SUM1r，SUM2r）的有序因子（Q 0，Q 1）的多个生成步骤。 该方法还包括执行第二标量乘法（SCAL-MLTm）以获得第二结果（[m] P））。 该第二乘法规定可以构建多个第二部分和（SUM1m，SUM2m）。 通过基于所述标量乘法的结果处理信息（INFO）来获得加密信息。 该方法的特征在于，为了构建第二标量乘法的第二部分和，采用通过第一标量乘法的生成步骤获得的相同有序因子。

公开(公告)号：EP1533971A1

公开(公告)日：2005-05-25

申请号：EP03425738.6

申请日：2003-11-18

Applicant: STMicroelectronics S.r.l.

Inventor： Sozzani, Fabio ,  Sannino, Roberto Valerio ,  Bertoni, Guido Marco ,  Pelosi, Gerardo ,  Fragneto, Pasqualina

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/0442 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/3073 ,  H04L63/062 ,  H04L63/0853 ,  H04L2209/80

Abstract: A method for establishing a communication between a first electronic device (SIM) associated with a first Trusted Authority (TA-SIM) and a second electronic device (ME).
The method comprises the steps of:

making a first key (Ksyk SIM ) available to the first device for the communication between the first Authority and the first device;
providing a second Trusted Authority (TA-ME), associated with the second device and distinct and autonomous with respect to said first Authority; such second Authority may generate a second key (Ksyk ME ) in order to communicate with the second device.

Furthermore, the method comprises the steps of:

making the second key available to the second device;
providing the first and second device with a communication key (Ks) to be used in said communication, through at least one of said first and second Authorities.

Abstract translation: 一种用于建立与第一信任授权（TA-SIM）和第二电子设备（ME）相关联的第一电子设备（SIM）之间的通信的方法。 该方法包括以下步骤：使第一密钥（KsykSIM）可用于第一设备用于第一权限和第一设备之间的通信; 提供与所述第二设备相关联的第二可信管理机构（TA-ME），并且针对所述第一机构具有不同且自主的; 这样的第二权限可以生成第二密钥（KsykME）以便与第二设备进行通信。 此外，该方法包括以下步骤：使第二密钥可用于第二设备; 通过所述第一和第二权限中的至少一个向所述第一和第二设备提供要在所述通信中使用的通信密钥（Ks）。

公开(公告)号：EP1519530A1

公开(公告)日：2005-03-30

申请号：EP03425626.3

申请日：2003-09-29

Applicant: STMicroelectronics S.r.l.

Inventor： Sozzani, Fabio ,  Sannino, Roberto Valerio ,  Bertoni, Guido Marco ,  Pelosi, Gerardo ,  Fragneto, Pasqualina

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/083 ,  H04L9/0847 ,  H04L63/0853 ,  H04L63/0869 ,  H04L2209/76 ,  H04L2209/80

Abstract: Method of establishing an encrypted communication by means of keys between a first electronic device (SIM) associated to a first trusted authority (TA-SIM) and a second electronic device (ME).
The method comprises the steps of:

generating a first secret key (Ks) associated to the first device for the management of said communication;
generating, at least in part by means of said first authority, a second secret key (Ks) associated to the second device for the management of said communication.

The method is characterised in that the step of generation of the first key is performed at least in part by means of a second trusted authority (TA-ME) associated to the second device that is distinct and autonomous from said first authority. Or, the generation of the first key is performed, at least in part, by the second device passing through the second trusted authority.

Abstract translation: 通过与第一信任机构（TA-SIM）和第二电子设备（ME）相关联的第一电子设备（SIM）之间的密钥建立加密通信的方法。 该方法包括以下步骤：产生与第一设备相关联的用于管理所述通信的第一密钥（Ks）; 至少部分地通过所述第一权限产生与所述第二设备相关联的用于管理所述通信的第二秘密密钥（Ks）。 该方法的特征在于，生成第一密钥的步骤至少部分地通过与第二设备相关联的第二可信管理机构（TA-ME）执行，所述第二可信管理机构（TA-ME）与所述第一授权机构是不同的和自主的 。 或者，至少部分地由第二设备通过第二可信管理机构来执行第一密钥的生成。

公开(公告)号：EP1845442A1

公开(公告)日：2007-10-17

申请号：EP06112507.6

申请日：2006-04-11

Applicant: STMicroelectronics S.r.l. ,  STMicroelectronics Limited

Inventor： Bertoni, Guido Marco ,  Fragneto, Pasqualina ,  Marsh, Andrew ,  Pelosi, Gerardo ,  Ravasio, Moris

IPC: G06F7/72

CPC classification number: G06F7/728 ,  G06F7/722

Abstract: The invention concerns a computing method performed by an electronic circuit and an electronic circuit for computing a modular operation with at least one operand (R) having a binary representation, at least comprising iteratively for each bit of this operand: doubling (33) the value of an intermediate result (Z) stored in a first memory element by shifting the bits of the intermediate result towards the most significant bit; and while (34) the most significant bit of the intermediate result is one, updating this intermediate result by subtracting the modulus (n) stored in a second memory element.

Abstract translation: 本发明涉及一种由电子电路和电子电路执行的计算方法，该电子电路用至少一个具有二进制表示的操作数（R）来计算模块化操作，至少包括对该操作数的每一位进行迭代：将该值加倍（33） 通过将中间结果的位移向最高有效位来存储在第一存储元件中的中间结果（Z）; 而当（34）中间结果的最高有效位为1时，通过减去存储在第二存储元件中的模数（n）来更新该中间结果。

公开(公告)号：EP1675299A1

公开(公告)日：2006-06-28

申请号：EP05103298.5

申请日：2005-04-22

Applicant: Hewlett-Packard Development Company, L.P. ,  STMicroelectronics S.r.l.

Inventor： Chen, Liqun ,  Harrison, Keith ,  Bertoni, Guido Marco ,  Fragneto, Pasqualina ,  Pelosi, Gerardo

IPC: H04L9/32

CPC classification number: H04L9/08 ,  H04L9/3073 ,  H04L9/321 ,  H04L2209/80 ,  H04W12/06

Abstract: An authentication method of a first module (A) by a second module (B). This method comprises the steps of:

generating, by the second module (B), a first random datum (U) to be sent to the first module (A);
generating by the first module (A) a first number (v; v') starting from said first datum (U) and by means of a private key ([s]Q_A; [1/(a+s)]Q 1 ) of the first module (A);
generating by the second module (B) a second number (n; n') to be compared with the first number, such as to authenticate the first module (A). Furthermore, the step of generating the second number (n; n') is performed starting from public parameters and is independent of the step of generating the first number.

Abstract translation: 第二模块（B）的第一模块（A）的认证方法。 该方法包括以下步骤：由第二模块（B）产生要发送到第一模块（A）的第一随机数据（U）; 由所述第一模块（A）从所述第一数据（U）开始并通过私钥（[s] Q_A; [1 /（a + s）] Q 1）产生第一数字（v; v' 的第一模块（A）; 由所述第二模块（B）生成与所述第一号码进行比较的第二号码（n; n'），以便认证所述第一模块（A）。 此外，从公共参数开始执行产生第二数目（n; n'）的步骤，并且与生成第一数字的步骤无关。