公开(公告)号：US10587599B2

公开(公告)日：2020-03-10

申请号：US15519669

申请日：2015-10-09

Applicant: GEMALTO SA

Inventor： Xavier Berard ,  Antoine Galland

IPC: H04L29/06 ,  H04W4/50 ,  H04W12/00 ,  H04W4/70

Abstract: The invention is a method for managing a response from an application embedded in a secure token acting as an UICC, in response to a command requesting opening a proactive session. The command is sent by an applicative server to the secure token via an OTA server providing a security layer. The method comprises the steps of sending another command from the applicative server to the secure token using the security layer provided by the OTA server, and in response to this second command, the secure token send the response of the first command to the applicative server using the security layer provided by the OTA server.

公开(公告)号：US20200076614A1

公开(公告)日：2020-03-05

申请号：US16467957

申请日：2017-12-06

Applicant: GEMALTO SA

Inventor： Mariya GEORGIEVA ,  Aline GOUGET

IPC: H04L9/32 ,  H04L9/00 ,  H04L9/30 ,  H04L9/08

Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b−1)) with each key share component dj(i) in {0 . . . 2{circumflex over ( )}b−1} and i in [0, n/b−1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . . Su} generated such that: U{Ss}={(i,j) such that i in [0, n/b−1], j in [1, J]} and each said set among {S1, . . . Su} being associated with a Fully Homomorphic Encryption (FHE) secret key.

公开(公告)号：US10581836B2

公开(公告)日：2020-03-03

申请号：US15108600

申请日：2014-12-19

Applicant: GEMALTO SA

Inventor： Abdellah El Marouani ,  Christophe Franchi

IPC: H04L29/08 ,  H04L29/06 ,  G06F21/57 ,  H04W12/06

Abstract: To a method for accessing a service, at least one first user device executes a first application that communicates with a second user device application. The first user device sends to a remote server data relating to the first application execution, as a first user device report. The data relating to the first application execution includes information relating to either an incoming event or an outgoing event and at least one attribute relating to the first application execution. The remote server determines, based upon at least the first user device report, a trust level relating to the first user device. A third user device sends to the remote server a request for getting a trust level relating to the first user device. The remote server sends to the third user device, as a request response, the trust level relating to the first user device.

公开(公告)号：US20200036534A1

公开(公告)日：2020-01-30

申请号：US16469301

申请日：2017-12-12

Applicant: GEMALTO SA

Inventor： Alsasian ATMOPAWIRO ,  Thi Tra Giang DANG

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/12

Abstract: The present invention relates to a method of secure generation by a client device and a server device of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), wherein said client device stores a client device private exponent component dA, a client value, and a client dynamic offset, and said server device stores a server device private exponent component dB, where dB=d−dA modulo phi(N), a server value, a server dynamic offset and a failure counter, comprising: a. receiving from the client device a client part of said RSA signature (HS1) of said message to be signed, after incrementing its client value (pvA) by a first predetermined step E, from the client device private exponent component and from an updated client dynamic offset function of said client dynamic offset and of said client value, b. setting said failure counter to a first default value, c. incrementing said server value (pvB) by a second predetermined step (E′), d. generating a server part of said RSA signature (HS2) of said message to be signed, from the server device private exponent component and from an updated server dynamic offset function of said server dynamic offset and of said server value, e. generating said RSA signature by combining said client part of said RSA signature (HS1) and said server part of said RSA signature (HS2), f. checking if the generation of the RSA signature was a failure and when it was a failure, incrementing said failure counter and g\ iteratively repeating above steps c\ to f\, until said RSA signature is successfully generated or said failure counter reaches a first predetermined threshold S.

公开(公告)号：US10509433B2

公开(公告)日：2019-12-17

申请号：US15762894

申请日：2016-09-23

Applicant: Gemalto SA

Inventor： Philippe Loubet Moundi ,  Jean-Roch Coulon ,  Jorge Ernesto Perez Chamorro

IPC: G06F1/06 ,  G06F7/58 ,  H03K3/84 ,  G06F1/08 ,  G06F21/72

Abstract: The invention relates to a random clock generator comprising an input receiving a master clock signal MCIk, and a clock signal reduction circuit (101) receiving the master clock signal MCIk and a whole number N and supplying an output signal corresponding to a train of N pulses every M clock pulse, M being a whole number higher than 1 and N being a whole number higher than 1 and lower than or equal to M. A number generator (102) and (103) supplies a new number (N) to the clock signal reduction circuit every P pulse of a master clock signal, N and/or P being produced randomly.

公开(公告)号：US20190313258A1

公开(公告)日：2019-10-10

申请号：US16338595

申请日：2017-10-02

Applicant: GEMALTO SA

Inventor： Frédéric DAO ,  Frédéric CLEMENT-GONZALES ,  David HALLE ,  Jérôme DUPREZ ,  David HUGUENIN ,  Sébastien SCHMITT ,  Christine NERSESSIAN ,  Philippe ALLOUCHE ,  Thomas DANDELOT

IPC: H04W12/08 ,  H04W8/20 ,  H04L29/08 ,  H04L29/06

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

公开(公告)号：US20190311154A1

公开(公告)日：2019-10-10

申请号：US16315105

申请日：2017-06-14

Applicant: GEMALTO SA

Inventor： Nicholas Xing Long EU ,  Annus Bin Khalid SYED ,  Juan Manolo ALCASABAS

IPC: G06F21/72 ,  H04L9/00 ,  G06F21/60

Abstract: The present invention relates to a method to securely load set of sensitive data hardware registers with sensitive data on a chip supporting hardware cryptography operations, said method comprising the following steps monitored by software instructions, at each run of a software: select a set of available hardware registers listed in a predefined list listing, in the chip architecture, the unused hardware registers and other relevant hardware registers not handling sensitive data and not disrupting chip functionality when loaded, establish an indexible register list of the address of the sensitive data hardware registers and of the hardware registers in the set of available hardware registers, in a loop, write each hardware register in this register list with random data, a random number of times, in random order except the last writing in each of the sensitive data hardware registers where a part of the sensitive data is written.

公开(公告)号：US20190311110A1

公开(公告)日：2019-10-10

申请号：US16464709

申请日：2017-11-23

Applicant: GEMALTO SA

Inventor： Danny TABAK ,  Johan JOSEFSSON

IPC: G06F21/44 ,  H04L29/06 ,  G06F21/35 ,  G06F21/30

Abstract: The invention relates to a method for authenticating to a second device. A first device shares with the second device at least one session key. The first device sends to at least one third device at least one first session key. The at least one third device connects directly to the second device by using the at least one first session key. According to the invention, the method further comprises the following steps. The first device sends to the at least one third device a command for disconnecting from or switching to a non-connected mode with the second device. And the at least one third device disconnects from or switches to a non-connected mode with the second device based upon the received command. The invention also pertains to corresponding first device and system for authenticating to a second device.

公开(公告)号：US10419932B2

公开(公告)日：2019-09-17

申请号：US15780943

申请日：2016-11-04

Applicant: GEMALTO SA

Inventor： Daniel Mavrakis ,  François Zannin ,  Hervé Troadec ,  Jean-François Kuc ,  Pierre Girard

IPC: H04W12/06 ,  H04W4/70 ,  G06F21/31 ,  H04L9/32 ,  H04L29/06 ,  H04W12/08 ,  H04W12/04 ,  H04W4/80

Abstract: The invention relates to a method for authenticating to a mobile network. According to the invention, the method comprises the following steps. A device activates only a first temporary subscription identifier. The device sends to a first server the first temporary subscription identifier and first data. The first server sends to the device a first result message including an authentication failure based upon the first data. The device activates only a second temporary subscription identifier. The device sends to the first server the second temporary subscription identifier and second data. And the first server sends to the device a second result message including an authentication success based upon the associated first and second temporary subscription identifiers and the second data. The invention also relates to corresponding device and system and a server for authenticating devices to a mobile network.

公开(公告)号：US10402583B2

公开(公告)日：2019-09-03

申请号：US14903036

申请日：2014-07-04

Applicant: GEMALTO SA

Inventor： Mourad Faher

IPC: G06F21/62 ,  H04L29/06 ,  G09C5/00 ,  G07F7/10 ,  H04L9/32 ,  G06Q20/40 ,  G07F7/08 ,  H04L9/08

Abstract: The present invention relates to a method of privacy-preserving during an access to a restricted e-service requiring user private data from a smart card. The invention relates more particularly to the field of methods implemented so that the user has the guarantee that only the private data needed to access to the e-service are extracted from the smart card. It is to guarantee that the user has a perfect knowledge of his private data provided by his smart card to a requester. With the invention a message notifying to the user the very nature of the identity assertion is displayed on the screen of the smart card. By doing so, the card ensure 100% security with regard to user consent: the data read out of his card cannot differ comparing to the data requested by the service provider through the terminal.