公开(公告)号：US10965657B2

公开(公告)日：2021-03-30

申请号：US15756700

申请日：2016-07-05

Applicant: GEMALTO SA

Inventor： Mireille Pauliac ,  Anne-Marie Praden

IPC: H04W12/06 ,  H04L29/06 ,  H04W12/04

Abstract: The present invention relates to a method to authenticate a subscriber (IMSIi) within a local network (LNj) comprising preliminary step of deriving a subscriber key (SMKi) in local keys (LKi), one local key (LKiLNj) for each local network (LNj) the subscriber (IMSIi) is authorized to access, provisioning each local network (LNj) the subscriber (IMSIi) is authorized to access with its own local key (LKiLNj). When an authentication is required in a given local network (LNj), an UICC application derives a local key (LKiLNj) in the UICC application of the subscriber (IMSIi) using the network identifier (LNj), the key derivation function (KDF) and the subscriber key (SMKi) and use the derived local key (LKiLNj) in the algorithm to perform local authentication in the local network (LNj).

公开(公告)号：US10966082B2

公开(公告)日：2021-03-30

申请号：US16097411

申请日：2017-04-24

Applicant: Gemalto M2M GmbH ,  GEMALTO SA

Inventor： Volker Breuer ,  Lars Wehmeier ,  Mireille Pauliac

IPC: H04W12/00 ,  H04W8/18 ,  H04W52/02 ,  H04L29/06 ,  H04W12/12 ,  H04B1/3816 ,  H04W12/06 ,  H04W88/02

Abstract: The present invention relates to a mobile communication device for communicating with a cellular network by means of a serving base node, the mobile communication device further being connected to a subscriber identity module, the mobile communication device being configured to operate in a power optimization mode wherein the power optimization mode comprises extended paging periods, and the mobile communication device is further configured to set up a communication context with the base node using authentication means of the subscriber identity module, wherein the mobile communication device is further configured, in case of detection of a removal of the subscriber identity module and when the power optimization mode is activated: to send an removal alert message to the serving base node by means of said communication context, afterwards to terminate the communication context.

公开(公告)号：US11177951B2

公开(公告)日：2021-11-16

申请号：US16320291

申请日：2017-03-30

Applicant: GEMALTO SA

Inventor： Mireille Pauliac ,  Michel Endruschat ,  Ly Thanh Phan ,  Jean-Yves Fine

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/30

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K″, the wireless network being adapted to generate a first random number R1 and a second random number R2; receiving by the second communication device a response from the wireless network comprising R1 and R2; generating K′ by the second communication device using R1 and K; transmitting by the second communication device to the first communication device K′ and R2 to generate K″ using R2 and K′.

公开(公告)号：US20150149765A1

公开(公告)日：2015-05-28

申请号：US14406205

申请日：2013-06-06

Applicant: GEMALTO SA

Inventor： Mireille Pauliac ,  Beatrice Peirani ,  Anne-Marie Praden

IPC: G06F21/62 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F21/6254 ,  H04L63/0471 ,  H04L67/22 ,  H04L67/306 ,  H04W4/21 ,  H04W12/0013

Abstract: This invention is aimed at a method for the anonymisation of data that could help identify the user while a profile of said user is collected by a targeting data collection server. To implement such anonymisation, an anonymisation server is placed between a user terminal and the collections server. The profile data collected are encrypted by the terminal using a secret key shared with the data collection server. Those profile data supplemented with data that could help identify the user are then sent to the anonymisation server. The anonymisation server encrypts the data that could help identify the user with an anonymisation key of said anonymisation server before sending on the encrypted collected data and the anonymised identification data to said collection server.

Abstract translation: 本发明的目的在于一种用于匿名化数据的方法，该方法可以帮助识别用户，同时由目标数据收集服务器收集所述用户的简档。 为了实现这种匿名化，将匿名化服务器放置在用户终端和收集服务器之间。 所收集的简档数据由终端使用与数据收集服务器共享的秘密密钥进行加密。 补充有可以帮助识别用户的数据的那些简档数据然后被发送到匿名化服务器。 匿名化服务器在将加密的收集数据和匿名识别数据发送到所述收集服务器之前，加密可以帮助用匿名化服务器的匿名密钥识别用户的数据。