-
公开(公告)号:EP3684088A1
公开(公告)日:2020-07-22
申请号:EP19305068.9
申请日:2019-01-18
申请人: Thales Dis France SA
发明人: PHAN, Ly-Thanh , PAULIAC, Mireille
摘要: The invention proposes a method for the authentication a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network, the telecommunication network comprising a SEAF and a AUSF/UDM/ARPF, the method consisting in generating an anchor key (K SEAF_SRT ) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (K SEAF_SRT ) is indirectly derived from a key (K SRT ) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI.
-
2.
公开(公告)号:EP3909279A1
公开(公告)日:2021-11-17
申请号:EP20700094.4
申请日:2020-01-02
申请人: Thales DIS France SA
发明人: PHAN, Ly Thanh , DANY, Vincent , PAULIAC, Mireille
-
公开(公告)号:EP3726873A1
公开(公告)日:2020-10-21
申请号:EP19305509.2
申请日:2019-04-18
申请人: Thales Dis France SA
发明人: PAULIAC, Mireille , PHAN, Ly Thanh
摘要: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SP) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SP) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SP), leading to a Diffie-Hellman session key (g xy ), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SP) by derivation from the Diffie-Hellman session key (g xy ) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or K AF ), the user authentication being performed through the use of the GBA or AKMA protocol.
-
公开(公告)号:EP3427505B1
公开(公告)日:2020-02-12
申请号:EP17720424.5
申请日:2017-04-24
-
5.
公开(公告)号:EP4109944A1
公开(公告)日:2022-12-28
申请号:EP21305861.3
申请日:2021-06-23
申请人: Thales DIS France SA
发明人: PHAN, Ly Thanh , PAULIAC, Mireille
IPC分类号: H04W12/00
摘要: The invention concerns a method for preventing transmission of hidden information in a communication channel during a telecommunication terminal authentication phase, said method comprising:
- Transmitting from a telecommunication terminal cooperating with a secure element 10 to a visited PLMN 11 a unique identifier of the secure element;
- Generating at the visited PLMN 11 a required information REQ_INFO and sending the unique identifier and the required information REQ_INFO to a home PLMN 12 identified by a MCC/MNC comprised in the unique identifier;
- At the home PLMN 12, generating a random value RAND2 and computing a cryptographic value RAND* based on the random value RAND2 and the required information REQ_INFO;
- At the home PLMN 12, generating an authentication vector AV based on the cryptographic value RAND* and the long term key of the secure element, the long term key being associated to the unique identifier, and sending the authentication vector AV and the random value RAND2 or only the authentication vector AV containing the random value RAND2 instead of the cryptographic value RAND* to the visited PLMN 11;
- At the visited PLMN 11:
○ If the home PLMN 12 has sent the authentication vector AV and the random value RAND2, computing a cryptographic value vRAND* from the required information REQ_INFO and the random value RAND2, verifying that the cryptographic value RAND* received in the authentication vector AV corresponds to the cryptographic value vRAND* computed at the visited PLMN 11 and, if yes, transmitting from the visited PLMN 11 to the telecommunication terminal 10 the cryptographic value RAND* and the authentication token AUTN retrieved from the authentication vector AV;
○ If the home PLMN 12 has sent only the authentication vector AV containing the random value RAND2 instead of the cryptographic value RAND*, computing another cryptographic value RAND* from the required information REQ_INFO and the random value RAND2, and transmitting from the visited PLMN 11 to the telecommunication terminal 10 the other cryptographic value RAND* and the authentication token AUTN retrieved from the authentication vector AV.-
公开(公告)号:EP3692697A1
公开(公告)日:2020-08-12
申请号:EP18783418.9
申请日:2018-10-02
申请人: THALES DIS FRANCE SA
发明人: BRADLEY, Paul , PAULIAC, Mireille
-
公开(公告)号:EP3912378A1
公开(公告)日:2021-11-24
申请号:EP20700414.4
申请日:2020-01-16
申请人: Thales DIS France SA
发明人: PHAN, Ly-Thanh , PAULIAC, Mireille
-
公开(公告)号:EP3957095A1
公开(公告)日:2022-02-23
申请号:EP20715418.8
申请日:2020-04-07
申请人: Thales Dis France SA
发明人: PAULIAC, Mireille , PHAN, Ly Thanh
-
9.
公开(公告)号:EP3678397A1
公开(公告)日:2020-07-08
申请号:EP19305014.3
申请日:2019-01-07
申请人: Thales Dis France SA
发明人: PHAN, Ly-Thanh , DANY, Vincent , PAULIAC, Mireille
摘要: The invention proposes a method for detecting at the level of a first device and at the level of a MNO server that a removable secure element has been temporarily disconnected from the first device with which the removable element is cooperating, the first device entering during a lap of time in a sleeping mode, the method comprising:
A- Providing by the secure element to the first device a Temporal Global Identity, called first Temporal Global Identity, on demand by the first device, before the first device enters in the sleeping mode and storing the first Temporal Global Identity in a memory of the first device;
B- Entering the first device in the sleeping mode;
C- If the secure element is inserted and used by a second device during the sleeping mode of the first device, the use consisting in an action different from a reading of the first Temporal Global Identity, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity different from the first Temporal Global Identity, providing the second Temporal Global Identity to the second device and storing the second Temporal Global Identity in a memory of the second device;
D- When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element;
E- If the Temporal Global Identity read at step -D- is not the same than the Temporal Global Identity stored at step -A-, sending by the first device to the MNO server a message in order to inform him that the secure element has been used by another device.
-
-
-
-
-
-
-
-