利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

9 条记录 (耗时 0.008 秒)

    METHOD TO AUTHENTICATE A USER AT A SERVICE PROVIDER
    3.
    发明公开
    METHOD TO AUTHENTICATE A USER AT A SERVICE PROVIDER 审中-公开

    公开(公告)号:EP3726873A1

    公开(公告)日:2020-10-21

    申请号:EP19305509.2

    申请日:2019-04-18

    申请人: Thales Dis France SA

    发明人: PAULIAC, Mireille PHAN, Ly Thanh

    IPC分类号: H04W12/06 H04L9/08

    摘要: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SP) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SP) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SP), leading to a Diffie-Hellman session key (g xy ), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SP) by derivation from the Diffie-Hellman session key (g xy ) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or K AF ), the user authentication being performed through the use of the GBA or AKMA protocol.

    METHOD TO PREVENT HIDDEN COMMUNICATION ON A CHANNEL DURING DEVICE AUTHENTICATION, CORRESPONDING VPLMN AND HPLMN
    5.
    发明公开
    METHOD TO PREVENT HIDDEN COMMUNICATION ON A CHANNEL DURING DEVICE AUTHENTICATION, CORRESPONDING VPLMN AND HPLMN 审中-公开

    公开(公告)号:EP4109944A1

    公开(公告)日:2022-12-28

    申请号:EP21305861.3

    申请日:2021-06-23

    申请人: Thales DIS France SA

    发明人: PHAN, Ly Thanh PAULIAC, Mireille

    IPC分类号: H04W12/00

    摘要: The invention concerns a method for preventing transmission of hidden information in a communication channel during a telecommunication terminal authentication phase, said method comprising:
    - Transmitting from a telecommunication terminal cooperating with a secure element 10 to a visited PLMN 11 a unique identifier of the secure element;
    - Generating at the visited PLMN 11 a required information REQ_INFO and sending the unique identifier and the required information REQ_INFO to a home PLMN 12 identified by a MCC/MNC comprised in the unique identifier;
    - At the home PLMN 12, generating a random value RAND2 and computing a cryptographic value RAND* based on the random value RAND2 and the required information REQ_INFO;
    - At the home PLMN 12, generating an authentication vector AV based on the cryptographic value RAND* and the long term key of the secure element, the long term key being associated to the unique identifier, and sending the authentication vector AV and the random value RAND2 or only the authentication vector AV containing the random value RAND2 instead of the cryptographic value RAND* to the visited PLMN 11;
    - At the visited PLMN 11:
    ○ If the home PLMN 12 has sent the authentication vector AV and the random value RAND2, computing a cryptographic value vRAND* from the required information REQ_INFO and the random value RAND2, verifying that the cryptographic value RAND* received in the authentication vector AV corresponds to the cryptographic value vRAND* computed at the visited PLMN 11 and, if yes, transmitting from the visited PLMN 11 to the telecommunication terminal 10 the cryptographic value RAND* and the authentication token AUTN retrieved from the authentication vector AV;
    ○ If the home PLMN 12 has sent only the authentication vector AV containing the random value RAND2 instead of the cryptographic value RAND*, computing another cryptographic value RAND* from the required information REQ_INFO and the random value RAND2, and transmitting from the visited PLMN 11 to the telecommunication terminal 10 the other cryptographic value RAND* and the authentication token AUTN retrieved from the authentication vector AV.

    METHOD FOR DETECTING THAT A SECURE ELEMENT HAS BEEN TEMPORARILY DISCONNECTED FROM A DEVICE AND CORRESPONDING DEVICE
    9.
    发明公开
    METHOD FOR DETECTING THAT A SECURE ELEMENT HAS BEEN TEMPORARILY DISCONNECTED FROM A DEVICE AND CORRESPONDING DEVICE 审中-公开

    公开(公告)号:EP3678397A1

    公开(公告)日:2020-07-08

    申请号:EP19305014.3

    申请日:2019-01-07

    申请人: Thales Dis France SA

    发明人: PHAN, Ly-Thanh DANY, Vincent PAULIAC, Mireille

    IPC分类号: H04W12/12 H04W4/70 H04W12/00

    摘要: The invention proposes a method for detecting at the level of a first device and at the level of a MNO server that a removable secure element has been temporarily disconnected from the first device with which the removable element is cooperating, the first device entering during a lap of time in a sleeping mode, the method comprising:
    A- Providing by the secure element to the first device a Temporal Global Identity, called first Temporal Global Identity, on demand by the first device, before the first device enters in the sleeping mode and storing the first Temporal Global Identity in a memory of the first device;
    B- Entering the first device in the sleeping mode;
    C- If the secure element is inserted and used by a second device during the sleeping mode of the first device, the use consisting in an action different from a reading of the first Temporal Global Identity, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity different from the first Temporal Global Identity, providing the second Temporal Global Identity to the second device and storing the second Temporal Global Identity in a memory of the second device;
    D- When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element;
    E- If the Temporal Global Identity read at step -D- is not the same than the Temporal Global Identity stored at step -A-, sending by the first device to the MNO server a message in order to inform him that the secure element has been used by another device.