公开(公告)号：US20170351849A1

公开(公告)日：2017-12-07

申请号：US15538841

申请日：2015-12-17

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Emmanuelle DOTTAX ,  Philippe MURESIANU ,  Michele SARTORI ,  Fabien CORDIER

IPC: G06F21/32 ,  H04L29/06 ,  H04L9/32 ,  H04W12/06

CPC classification number: G06F21/32 ,  G06F21/83 ,  G06F2221/2103 ,  H04L9/3231 ,  H04L63/0861 ,  H04W12/06

Abstract: Disclosed is a method for authenticating a user by using an electronic apparatus including an authentication module and a secure module, which includes the following steps: the authentication module transmits a recognition result to the secure module according to a process that allows the authentication module to be authenticated by the secure module; the secure module generates an authentication token by signing, with a private key stored in the secure module, data including data representing at least one feature of the authentication module; and transmitting the generated authentication token. Also disclosed is an associated secure module, electronic apparatus and system.

公开(公告)号：US20160335433A1

公开(公告)日：2016-11-17

申请号：US15032098

申请日：2014-10-27

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Guillaume DABOSVILLE ,  Michele SARTORI

IPC: G06F21/55 ,  G06F21/74

CPC classification number: G06F21/552 ,  G06F21/52 ,  G06F21/74 ,  H04L9/0618

Abstract: Intrusion detection systems dedicated to an operating system, and an intrusion detection system in a device implementing at least a first operating system and a second operating system. The intrusion detection systems includes: a listening module (1110) configured to be executed in the first operating system in order to listen to the activity of this first operating system; a collecting module (1120) configured to be executed in the first operating system in order to collect data characterizing the activity of the first operating system; and an analysis and detection module (1150) configured to be executed in the second operating system in order to analyze the data collected in the first operating system and detect a suspicious activity in the first operating system depending on the analysis.

Abstract translation: 专用于操作系统的入侵检测系统以及实现至少第一操作系统和第二操作系统的设备中的入侵检测系统。 入侵检测系统包括：侦听模块（1110），被配置为在第一操作系统中执行以监听该第一操作系统的活动; 收集模块（1120），被配置为在第一操作系统中执行，以便收集表征第一操作系统的活动的数据; 以及被配置为在所述第二操作系统中执行的分析和检测模块（1150），以便分析在所述第一操作系统中收集的数据，并根据所述分析来检测所述第一操作系统中的可疑活动。

公开(公告)号：US20160125186A1

公开(公告)日：2016-05-05

申请号：US14932347

申请日：2015-11-04

Applicant: Oberthur Technologies

Inventor： Axel FRANCOIS ,  Michele SARTORI

IPC: G06F21/57 ,  G06F21/62

CPC classification number: G06F21/57 ,  G06F21/6218 ,  G06F21/74 ,  G06F2221/034

Abstract: In an electronic device designed to function in a trusted execution environment (TEE), because of the execution of a trusted operating system by a processor of the electronic device, or in a rich execution environment (REE), a method of loading files into random access memory includes the following steps: reception (E10) by the trusted operating system of information (L1) identifying at least one file; verification (E11) by the trusted operating system of the conformance of the identified file to at least one given criterion; in the event of conformance, loading (E13) the identified file into an area (Z2) of random access memory accessible in read only mode when functioning in the rich execution environment (REE). An associated electronic device is also proposed.

Abstract translation: 在被设计为在可信执行环境（TEE）中运行的电子设备中，由于电子设备的处理器或富执行环境（REE）执行可信操作系统，所以将文件加载到随机 访问存储器包括以下步骤：由可信操作系统接收（E10）识​​别至少一个文件的信息（L1）; 可信操作系统对所识别的文件的一致性进行验证（E11）至少一个给定的标准; 在符合性的情况下，将识别的文件加载（E13）到在富执行环境（REE）中运行时以只读模式访问的随机存取存储器的区域（Z2）。 还提出了一种相关的电子设备。

公开(公告)号：US20140245005A1

公开(公告)日：2014-08-28

申请号：US14190236

申请日：2014-02-26

Applicant: Oberthur Technologies

Inventor： Emmanuelle DOTTAX ,  Michele SARTORI

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  G06F21/46 ,  G06F2221/2133

Abstract: A cryptographic processing method using a sensitive data item in a cryptographic processing system including in memory a test making it possible to tell a human and a computer apart and a reference value obtained by applying a cryptographic function to a pair of values P and R, where P is the sensitive data item and R is a solution to the memorized test, the method including the steps of: configuring the cryptographic processing system, including obtaining and memorizing the reference value in the cryptographic system; transmitting the memorized test to a user; obtaining the user's response to the transmitted test; a cryptographic processing step based on the sensitive data item, using the obtained response, the reference value and the cryptographic function. The reference value and memorized test are in the memory of the system and the solution is not in the memory of the system, during the transmission step.

Abstract translation: 一种在密码处理系统中使用敏感数据项的加密处理方法，该密码处理系统包括在存储器中，使得能够将人和计算机分开的测试和通过将密码函数应用于一对值P和R而获得的参考值，其中 P是敏感数据项，R是存储测试的解决方案，该方法包括以下步骤：配置加密处理系统，包括获取和存储加密系统中的参考值; 将记忆测试发送给用户; 获取用户对传输测试的响应; 使用获得的响应，参考值和密码函数，基于敏感数据项的密码处理步骤。 参考值和存储测试在系统的存储器中，并且解决方案不在系统的存储器中，在传输步骤期间。