公开(公告)号：EP3073773A2

公开(公告)日：2016-09-28

申请号：EP15201541.8

申请日：2015-12-21

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo

IPC: H04W8/18

Abstract: A method for performing a remote management of a multi-subscription SIM module (108a) is disclosed. The multi-subscription SIM module (108a) comprises at least one memory adapted to store a first (P1) and a second (P2) profile associated with a respective first (MNO1) and a second (MNO2) mobile network operator, such that a respective content may be associated with each profile (P1, P2).
Specifically, the method comprises receiving a remote management message from a remote host (30a, 30b), wherein the remote management message comprises a remote management command, and a sender address and/or a destination address. Next, the remote management message is processed in order to determine the sender address and/or the destination address and a target profile (P1; P2) of the remote management command is determined as a function of the sender address and/or the destination address. Accordingly, once having determined the target profile, the remote management command may be executed in order to interact with the content of the target profile (P1; P2).

Abstract translation: 一种用于执行多订阅SIM模块（108A）的远程管理方法是游离缺失盘。 多订阅SIM模块（108A）包括至少一个存储器angepasst以存储第一（P1）和具有respectivement第一（MNO1）和第二锰（MnO 2）的移动网络运营商相关联的第二（P2）轮廓，求做了 respectivement内容可以与每个简档（P1，P2）相关联。 具体而言，该方法包括从远程主机接收远程管理消息（30A，30B）worin远程管理消息包括远程管理命令，以及发送方地址和/或目的地地址。 接下来，远程管理消息，以便处理以确定性矿发送源地址和/或目的地地址和目标轮廓;远程管理命令的（P1 P2）是确定性的开采作为发送者地址的功能和/或目的地址 ， 因此，一旦具有确定性开采的目标简档，远程管理命令可以以与目标轮廓（; P2 P1）的内容交互时执行。

公开(公告)号：EP4280530A1

公开(公告)日：2023-11-22

申请号：EP23172237.2

申请日：2023-05-09

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo ,  PASCARIELLO, Vincenzo ,  TRAMONTANO, Alfonso

IPC: H04L9/00

Abstract: The present disclosure relates to a method comprising :
- the generation, by a computing device (400), of a first key ( K ) and a bootstrapping key ( b k );
- the provision of the first key and an identifier (id) of the bootstrapping key to an electronic device (100) and the provision of the bootstrapping key and the identifier to a server (102);
- the fully homomorphic encryption, by the electronic device, of a first data value, stored in the electronic device, by using the first key; and
- the provision, by the electronic device, of the encrypted first data value ( c 1 , ...,c N ) and of the identifier, to the server.

公开(公告)号：EP3789902A1

公开(公告)日：2021-03-10

申请号：EP20192085.7

申请日：2020-08-21

Applicant: STMicroelectronics S.r.l. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VENEROSO, Amedeo ,  VAN NIEUWENHUYZE, Olivier

IPC: G06F21/71 ,  G06F21/77 ,  H04W12/00

Abstract: A secure device (10) operating with a secure tamper-resistant platform including a tamper-resistant hardware platform (11) and a virtual primary platform (12, 1P) operating with a low level operating system performing an abstraction of resources of the hardware platform (11), and a secondary platform (2P) with a high level operating system providing a further abstraction of resources to applications (14) in which respective internal hosts (23) are embedded, said secure device (10) including an internal host domain (23) including said internal hosts (23),
said secure device (10) including a plurality of physical and/or logical input/output interfaces (25) through which externals hosts (311, 341) can access said internal hosts (23),
said virtual primary platform (12, 1P) being configured to set interactions between said externals hosts (311, 341) and said internal hosts (23),
wherein
said internal host domain (23) includes a further set of virtual hosts (24) each configured to operate as a proxy between an input/output interface (25) and an application (14), each input/output interface (25) being configured to address only one among the virtual hosts (24).

公开(公告)号：EP4261693A1

公开(公告)日：2023-10-18

申请号：EP23161676.4

申请日：2023-03-14

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo ,  CIMINO, Carlo

IPC: G06F12/02 ,  G06F12/10

Abstract: A method of managing memory (1084) in an integrated circuit card (108) using a Java Card platform, said integrated circuit card (108) comprising a non-volatile memory portion (51) and a RAM memory portion (52), said method comprising a procedure for the allocation of one or more transient arrays in said RAM memory portion (52), said procedure comprising
creating in a non-volatile memory heap (51) one or more array pointers (RA1, RA2, RA3), corresponding to one or more transient arrays (RB1, RB2, RB3) to be allocated, each array pointer (RA1, RA2, RA3) comprising a transient array size (BS) and a transient array address (LA; IA),
wherein
said creating (205) operation comprises
creating one or more array pointers (RA) comprising as transient array address a logical address (LA; IA) of the area of the RAM memory portion in which the respective transient array (RB1, RB2, RB3) is to be allocated
said procedure (200) further comprising
assigning (210) then in said RAM memory (52) area memory only to transient arrays (RB1, RB2, RB3), corresponding to said respective one or more array pointers (RA), which comprise at least a value different from zero.

公开(公告)号：EP4071642A1

公开(公告)日：2022-10-12

申请号：EP22162880.3

申请日：2022-03-18

Applicant: STMicroelectronics S.r.l.

Inventor： CASERTA, Francesco ,  VENEROSO, Amedeo

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

Abstract: Method for concealing a subscription identifier (SI), in particular Subscription Permanent Identifier (SUPI), at a user equipment (11) of a mobile communication network, comprising a mobile equipment (11a) and an integrated circuit card (12) which stores subscription data for accessing said mobile communication network including said subscription identifier (PI),
said method comprising, upon receiving at said user equipment (11) a corresponding request (RQT) by a server (13) to provide a corresponding subscription identifier (PI, CI), performing an Elliptical Curve encryption of said subscription identifier (PI) generating a concealed subscription identifier (CI), said concealing operation (100) comprising that said mobile equipment (11a) of the user equipment (11) sends an identity retrieve command, in particular a GET IDENTITY command (GI), to an integrated circuit card (12) in the mobile equipment (11a),
said Elliptical Curve encryption including performing at the integrated circuit card (12) the operations of:
generating an ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK), performing a first scalar multiplication (Eq. 1) of the ephemeral private key (ephPrK) by a generator value (G) to obtain said ephemeral public key (ephPuK),
generating a Shared secret key (ShS) performing a second scalar multiplication (Eq. 2) of the Ephemeral Private key (ephPrK) by a server public key (srvPuK);
using said shared secret key (ShS) to derive keys to encrypt the subscription identifier (SI), which is to be sent to said server (13) as concealed subscription identifier (CI) as response of said identity retrieve command (GI),

said scalar multiplication being performed iteratively performing and iteration (i) comprising a set of operations for each bit of the Ephemeral Private key (ephPrK),
said method comprising performing, before receiving said identity retrieve command (GI) at the card (12), a pre-calculation of said ephemeral key pair (ephPrK, ephPuK) comprising an ephemeral private key (ephPrK) and ephemeral public key (ephPuK) and said shared secret key (ShS),
said pre-calculation including
performing an interruptible calculation (100) of said first (Eq. 1) and second (Eq. 2) scalar multiplication during the execution time of given periodic commands, in particular APDU STATUS commands, sent by the mobile equipment (11) to the card (12), storing a respective state of completion (EPuKState, ShSState) of said calculation (100),
said interruptible calculation (100) including checking (110, 130) at the beginning of each of said execution time said respective state of completion (EPuKState, ShSState),
if said respective state of completion (EPuKState, ShSState) indicates that completion of the computation of a valid ephemeral key pair or shared secret (ShS),
storing the corresponding values of ephemeral private key (ephPrK), ephemeral public key (ephPuK) and shared secret (ShS) in a table in a memory, in particular a flash memory, of the integrated circuit card (12) at the user equipment (11).

公开(公告)号：EP3647975A1

公开(公告)日：2020-05-06

申请号：EP19203500.4

申请日：2019-10-16

Applicant: STMicroelectronics S.r.l.

Inventor： DI COSMO, Luca ,  VENEROSO, Amedeo

IPC: G06F21/10 ,  G06F21/71 ,  H04W12/08 ,  G06Q20/32 ,  H04L29/06 ,  H04W4/50 ,  H04W4/60 ,  H04W12/00

Abstract: A tamper resistant device (11; 21) implementing an embedded Universal Integrated Circuit Card (15) comprising at least a security domain (P0) in which at least a telecommunication profile (Pj) is stored, said device (21) comprising a physical interface (18) configured to allow access from a processor (13) configured to operate with at least a mobile telecommunications network to said at least a telecommunication profile (Pj. Said tamper resistant device (21) a further security domain (PS0) storing at least an application profile (Si; PSi) and a further physical interface (17) configured to allow access from an application processor (12) to said at least an application profile (Si; PSi) stored in said further security domain (PSO),
said single tamper resistant device (21) being configured to enable accessibility to the at least an application profile (PSi) if corresponding commands (C) are received in signals exchanged on the first interface (17) and to enable accessibility to the telecommunication profile (Pj) if corresponding commands (C) are received in signals exchanged on the second interface (18).

公开(公告)号：EP3267699B1

公开(公告)日：2019-01-23

申请号：EP17162796.1

申请日：2017-03-24

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo

IPC: H04W4/00

公开(公告)号：EP4276668A1

公开(公告)日：2023-11-15

申请号：EP23171635.8

申请日：2023-05-04

Applicant: STMicroelectronics S.r.l. ,  PROTON WORLD INTERNATIONAL N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F21/60 ,  G06F21/44 ,  G06F21/74 ,  G06F21/85 ,  H04L9/40 ,  H04W12/06 ,  G06F21/31 ,  G06F21/53

Abstract: La présente description concerne un procédé de communication, à un module tiers d'un premier dispositif électronique, de premières données (DATA4) échangées entre un premier module du premier dispositif électronique et un deuxième module, le module tiers étant différent du premier module et du deuxième module, le premier dispositif comprenant au moins un élément sécurisé (402) et un routeur (401) transmettant les premières données (DATA4) du premier module au deuxième module, le routeur (401) étant adapté à être mis dans un mode sécurisé dans lequel, lorsque le module tiers demande accès aux premières données (DATA4), un procédé d'authentification est mis en oeuvre pour vérifier si le module tiers est autorisé ou non à avoir accès aux premières données (DATA4).

公开(公告)号：EP4217864A1

公开(公告)日：2023-08-02

申请号：EP21770041.8

申请日：2021-09-20

Applicant: STMicroelectronics S.r.l. ,  Proton World International N.V.

Inventor： VAN NIEUWENHUYZE, Olivier ,  VENEROSO, Amedeo

IPC: G06F9/50 ,  G06F9/46 ,  G06F9/48 ,  G06F12/02 ,  G06F9/4401 ,  G06F21/78

公开(公告)号：EP3073773B1

公开(公告)日：2019-11-27

申请号：EP15201541.8

申请日：2015-12-21

Applicant: STMicroelectronics S.r.l.

Inventor： VENEROSO, Amedeo

IPC: H04W8/18 ,  H04W8/20 ,  H04L29/08 ,  H04B1/3816 ,  H04W12/06 ,  H04L29/12 ,  H04W12/00