公开(公告)号：US20170032230A1

公开(公告)日：2017-02-02

申请号：US15292291

申请日：2016-10-13

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Francois LAUNAY ,  Gregory SIMONNEAUX ,  Franck GEFFRAY

IPC: G06K19/02 ,  B41M5/382 ,  G06K19/04

CPC classification number: G06K19/022 ,  B41F15/0881 ,  B41F15/089 ,  B41F15/0895 ,  B41F17/24 ,  B41F17/28 ,  B41F17/30 ,  B41M3/00 ,  B41M5/382 ,  B42D25/00 ,  B42D25/30 ,  B42D25/405 ,  B42D2035/24 ,  G06K19/00 ,  G06K19/042 ,  G06Q20/355

Abstract: A method of personalization for at least two cards (10), each card including a first side, a second side, and a peripheral surface, includes the following steps: forming a pile (20) of at least two cards by stacking the first side or the second side of an article (n) such that the first surface or the second surface of the following card (n+1) is in contact with the first side or the second side of the card (n); aligning, via an alignment device (32, 34) at least one element of the peripheral surface of the card (n) with at least one element of the peripheral surface of the following card (n+1) such that at least one element of the set of peripheral surfaces of each card forms at least one uniform surface; applying, via an application device, at least one product on at least one element of the uniform surface.

Abstract translation: 一种用于至少两张卡片（10）的个性化方法，包括第一侧面，第二侧面和周边表面的每个卡片包括以下步骤：通过堆叠第一面来形成至少两张卡片的绒头（20） 或物品（n）的第二面，使得下一卡（n + 1）的第一表面或第二表面与卡（n）的第一面或第二面接触; 通过对准装置（32,34）将卡（n）的周边表面的至少一个元件与随后卡（n + 1）的外围表面的至少一个元件对准，使得至少一个元件 每个卡片的外围表面的集合形成至少一个均匀的表面; 通过应用装置施加至少一个产品在均匀表面的至少一个元件上。

公开(公告)号：US20160379203A1

公开(公告)日：2016-12-29

申请号：US14753431

申请日：2015-06-29

Applicant: OBERTHUR TECHNOLOGIES OF AMERICA CORP.

Inventor： Mehdi Elhaoussine ,  Eric Lassouaoui ,  Julien Traisnel

IPC: G06Q20/32 ,  G06Q20/38 ,  G06Q20/40 ,  G06Q20/36

CPC classification number: G06Q20/3227 ,  G06Q20/3223 ,  G06Q20/3226 ,  G06Q20/327 ,  G06Q20/3672 ,  G06Q20/3674 ,  G06Q20/382 ,  G06Q20/38215 ,  G06Q20/3829 ,  G06Q20/401 ,  G06Q2220/00

Abstract: The invention provides a method of generating a bank transaction request and a mobile payment terminal hosting a payment application using a secure token for the transaction request and including a secure module. The method comprises the payment application executing a payment protocol with a trader application in order to generate the transaction request, and the payment application requesting an authorization cryptogram from an encryption application hosted in the secure module for verifying authorization of the transaction request in compliance with the payment protocol. The invention also provides the mobile terminal hosting the payment application and including a secure module hosting the encryption application.

Abstract translation: 本发明提供了一种生成银行交易请求的方法和使用用于交易请求的安全令牌并且包括安全模块托管支付应用的移动支付终端。 该方法包括支付应用程序与交易者应用程序执行支付协议以便生成交易请求，并且支付应用程序从承载在安全模块中的加密应用程序请求授权密码，以验证交易请求的授权是否符合 支付协议。 本发明还提供托管支付应用的移动终端，并且包括承载加密应用的安全模块。

公开(公告)号：US20160300077A1

公开(公告)日：2016-10-13

申请号：US15185870

申请日：2016-06-17

Applicant: OBERTHUR TECHNOLOGIES DENMARK A/S

Inventor： Peter K. AAGE ,  Carsten TIMM

IPC: G06F21/62 ,  G06Q20/40 ,  G06Q20/34 ,  G06F21/43 ,  H04L29/06

CPC classification number: G06F21/6245 ,  G06F21/42 ,  G06F21/43 ,  G06Q20/3558 ,  G06Q20/382 ,  G06Q20/4012 ,  G06Q20/425 ,  G06Q40/00 ,  G06Q40/02 ,  G06Q2220/10 ,  G07F7/1008 ,  H04L63/0435 ,  H04L63/062 ,  H04L69/14

Abstract: The method of distributing a personal identification number to a user of a financial instrument associated with the personal code includes: a step of sending to a user, via a first channel, a request code associated with the financial instrument; a step of receiving the request code via a second channel; a step of matching the request code with one personal code; and a step of sending the matched personal code via a third channel to the user. In particular embodiments, the financial instrument is sent to a user via the first channel together with the corresponding request code. In particular embodiments, the step of matching the request code with one personal code includes a step of checking the user mobile phone number and the method further includes a step of decrypting the personal code using the request code as a decryption key.

Abstract translation: 将个人识别号码分发给与个人代码相关联的金融工具的用户的方法包括：经由第一渠道向用户发送与该金融工具相关联的请求代码的步骤; 经由第二信道接收请求代码的步骤; 将请求代码与一个个人代码进行匹配的步骤; 以及通过第三频道将匹配的个人代码发送给用户的步骤。 在特定实施例中，经由第一通道将金融工具与相应的请求代码一起发送给用户。 在特定实施例中，将请求代码与一个个人代码进行匹配的步骤包括检查用户移动电话号码的步骤，并且该方法还包括使用请求代码作为解密密钥解密个人代码的步骤。

公开(公告)号：US20160105411A1

公开(公告)日：2016-04-14

申请号：US14879449

申请日：2015-10-09

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Jean-Philippe VALLIERES ,  Sebastien NEROT

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L9/0838 ,  H04L9/12 ,  H04L9/32 ,  H04L63/06 ,  H04L67/42

Abstract: An intermediary third-party receives, from a master device, a batch of pre-generated secure commands; plays it so as to send sequentially, to a slave device, the commands. The batch includes an initial command indicating the establishment of a channel secured with a session key dependent on a sequence counter, and second commands protected by a MAC code that is a function of the session key. An update of the sequence counter in non-volatile memory of the slave on each new establishment of a secure channel renders the pre-generated batch obsolete by virtue of a new session key. In order to allow the batch to be replayed, the invention provides for each update value of the counter to be temporarily stored in volatile memory, and for the current value to be overwritten in non-volatile memory on predefined events, including a test counter reaching a maximum number of replays.

Abstract translation: 中间第三方从主设备接收一批预先生成的安全命令; 播放它，以顺序地发送到从设备的命令。 批量包括指示依赖于序列计数器的用会话密钥保护的信道的建立的初始命令，以及由作为会话密钥的函数的MAC代码保护的第二命令。 在安全通道的每个新建立上，从属装置的非易失性存储器中的顺序计数器的更新使得通过新的会话密钥使预生成的批处理过期。 为了允许批量重播，本发明提供了暂时存储在易失性存储器中的计数器的每个更新值，并且为在预定义事件上在非易失性存储器中覆盖当前值，包括到达的测试计数器 最大重播次数。

公开(公告)号：US09210134B2

公开(公告)日：2015-12-08

申请号：US14190236

申请日：2014-02-26

Applicant: Oberthur Technologies

Inventor： Emmanuelle Dottax ,  Michele Sartori

IPC: H04L29/06 ,  G06F21/46

CPC classification number: H04L63/0428 ,  G06F21/46 ,  G06F2221/2133

Abstract: A cryptographic processing method using a sensitive data item in a cryptographic processing system including in memory a test making it possible to tell a human and a computer apart and a reference value obtained by applying a cryptographic function to a pair of values P and R, where P is the sensitive data item and R is a solution to the memorized test, the method including the steps of: configuring the cryptographic processing system, including obtaining and memorizing the reference value in the cryptographic system; transmitting the memorized test to a user; obtaining the user's response to the transmitted test; a cryptographic processing step based on the sensitive data item, using the obtained response, the reference value and the cryptographic function. The reference value and memorized test are in the memory of the system and the solution is not in the memory of the system, during the transmission step.

Abstract translation: 一种在密码处理系统中使用敏感数据项的加密处理方法，该密码处理系统包括在存储器中，使得能够将人和计算机分开的测试和通过将密码函数应用于一对值P和R而获得的参考值，其中 P是敏感数据项，R是存储测试的解决方案，该方法包括以下步骤：配置加密处理系统，包括获取和存储加密系统中的参考值; 将记忆测试发送给用户; 获取用户对传输测试的响应; 使用获得的响应，参考值和密码函数，基于敏感数据项的密码处理步骤。 参考值和存储测试在系统的存储器中，并且解决方案不在系统的存储器中，在传输步骤期间。

公开(公告)号：US20150101051A1

公开(公告)日：2015-04-09

申请号：US14509144

申请日：2014-10-08

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Olivier CHAMLEY

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/554 ,  G06K19/07363 ,  H04L63/1441

Abstract: A method for the performance of a function by a microcircuit, includes: at least one step of determining (205) whether an anomaly is detected or whether the operation of the microcircuit is normal; when it is determined that an anomaly is detected, a step of performing (210) a protection function; when it is determined that the operation of the microcircuit is normal, a step of performing (215) a decoy function simulating the protection function by being perceptible, from the outside of the microcircuit, in a manner more or less identical to the protection function; the method being characterized in that it includes an interruption (250) of the performance of the decoy function by a timer.

Abstract translation: 一种用于通过微电路执行功能的方法，包括：确定（205）是否检测到异常或者微型电路的操作是否正常的至少一个步骤; 当确定检测到异常时，执行（210）保护功能的步骤; 当确定微电路的操作正常时，以与保护功能大致相同的方式，从微电路外部以可感知的方式执行（215）模拟保护功能的诱饵功能; 该方法的特征在于它包括由定时器执行诱饵功能的中断（250）。

公开(公告)号：US20140158764A1

公开(公告)日：2014-06-12

申请号：US13712843

申请日：2012-12-12

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Nicolas MORIN ,  Christophe GIRAUD

IPC: G06K7/00

CPC classification number: G06K7/0008 ,  G06F21/755 ,  G06K7/0095

Abstract: A smart card reader (1) capable of transmitting a power signal to a smart card (2) to determine a duration WT called Waiting Time in keeping with the standard ISO 7816 and sending commands to said smart card (2), the reader (1) comprising a detector for detecting a malfunctioning condition of the smart card (2) and being configured to cut said power signal when the malfunctioning condition is fulfilled. This reader is remarkable in that said malfunctioning condition is different to reaching, by a counter configured to be incremented with the time from the sending of a command to the smart card (2), of a value corresponding to the duration WT elapsed from the sending of the command or reinitialisation of the counter in response to the receipt of a protocol message of the smart card (2).

Abstract translation: 一种智能卡读卡器（1），其能够将功率信号发送到智能卡（2）以根据标准ISO 7816确定称为等待时间的持续时间WT，并向所述智能卡（2）发送命令，读取器（1） ）包括用于检测智能卡（2）的故障状况的检测器，并且被配置为当满足故障条件时切断所述电力信号。 该读取器是显着的，因为所述故障条件不同于通过配置为随着从发送命令到智能卡（2）的时间递增的计数器与对应于从发送所经过的持续时间WT相对应的值 响应于接收到智能卡（2）的协议消息，计数器的命令或重新初始化。

公开(公告)号：US20140150110A1

公开(公告)日：2014-05-29

申请号：US14089838

申请日：2013-11-26

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Nicolas Bousquet

IPC: G06F21/60

CPC classification number: G06F21/606 ,  G06F9/544 ,  G06F21/53 ,  G06F21/554 ,  G06F21/556 ,  G06F2221/2149 ,  H04W12/08

Abstract: A method for routing at least one message, this method being implementation-dependent on a trusted operating system of an electronic device comprising an electronic assembly on which the trusted operating system and a Rich-OS operating system are executed. The method may include operations for consulting a trusted memory of a terminal, which may be called a first memory, and when the first memory contains a message, determining the operating system targeted by the message from among at least the Rich-OS operating system and the trusted operating system. And when the message targets the Rich-OS system, transferring the message from the first memory to a memory accessible to the Rich-OS system, which may be called a second memory.

Abstract translation: 一种用于路由至少一个消息的方法，该方法取决于电子设备的可信操作系统，该电子设备包括执行可信操作系统和Rich-OS操作系统的电子组件。 该方法可以包括用于咨询终端的可信存储器的操作，其可以被称为第一存储器，并且当第一存储器包含消息时，从至少Rich-OS操作系统中确定消息所针对的操作系统，以及 可信的操作系统。 并且当消息指向Rich-OS系统时，将消息从第一个存储器传送到可以被称为第二个存储器的Rich-OS系统可访问的存储器。

公开(公告)号：US20140146747A1

公开(公告)日：2014-05-29

申请号：US14087160

申请日：2013-11-22

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Vujcic DRAGAN ,  Fabien CORDIER

IPC: H04L29/12

CPC classification number: H04L61/106 ,  H04L61/1511 ,  H04L61/3075 ,  H04W12/00

Abstract: The disclosure relates to the field of wireless communications, and more particularly a method of establishing an IP connection through a 3GPP mobile network, at least partially of IP type, a network equipment item, MME or PDN-GW, of that mobile network, a mobile network infrastructure, a mobile terminal and a corresponding system. The method includes the following steps, on a first equipment item, MME or PDN-GW, of the mobile network other than a mobile equipment item UE of the mobile network: receiving a fully qualified domain name, FQDN, sent by a mobile equipment item, UE, of the mobile network, the FQDN identifying a target data server; and on reception of the FQDN, triggering the resolution of the FQDN into an IP address of the target data server. Thus, a mobile user equipment item provided with a UICC card may be produced at low cost without incorporating DNS resolution mechanisms.

Abstract translation: 本公开涉及无线通信领域，更具体地，涉及通过3GPP移动网络，至少部分地由该移动网络的IP类型，网络设备项，MME或PDN-GW建立IP连接的方法， 移动网络基础设施，移动终端和相应的系统。 该方法包括以下步骤：在移动网络的除移动网络的移动设备项UE之外的移动网络的第一设备项目MME或PDN-GW上：接收由移动设备项目发送的完全限定域名FQDN ，UE，移动网络的FQDN标识目标数据服务器; 并且在接收到FQDN时，触发FQDN的解析成目标数据服务器的IP地址。 因此，可以以低成本制造设置有UICC卡的移动用户设备项目，而不需要结合DNS解析机制。

公开(公告)号：US20140026229A1

公开(公告)日：2014-01-23

申请号：US13946606

申请日：2013-07-19

Applicant: OBERTHUR TECHNOLOGIES

Inventor： Marc Bertin

IPC: G06F21/60

CPC classification number: G06F21/60 ,  G06F21/604 ,  G06F21/6218

Abstract: A management process for access to secure data includes: storing secure data associated with a first user and authentication data of said first user, managing access to the secure data of the first user, as a function of the authentication data of this first user. The process includes: storing, in the secure data of the first user, a heritage rule and a list of at least one second user and, for each second user of said list, an rule for access to secure data of the first user, storing authentication data for each second user of said list, and when the heritage rule is satisfied, managing access, by said at least one second user, to the secure data of the first user, as a function of the authentication data of the second user and of the rule for access of the second user.

Abstract translation: 用于访问安全数据的管理过程包括：存储与第一用户相关联的安全数据和所述第一用户的认证数据，根据该第一用户的认证数据管理对第一用户的安全数据的访问。 该过程包括：在第一用户的安全数据中存储遗产规则和至少一个第二用户的列表，并且对于所述列表的每个第二用户，存储用于访问第一用户的安全数据的规则，存储 所述列表的每个第二用户的认证数据，以及当满足遗产规则时，根据所述第二用户的认证数据来管理所述至少一个第二用户对所述第一用户的安全数据的访问，以及 的第二用户的访问规则。