公开(公告)号：US20190057199A1

公开(公告)日：2019-02-21

申请号：US15678957

申请日：2017-08-16

申请人： GEMALTO INC

发明人： Michael HUTCHINSON

IPC分类号： G06F21/31 ,  H04W12/06 ,  H04L9/32

CPC分类号： G06F21/313 ,  G06F21/34 ,  G06F21/36 ,  G06F21/42 ,  H04L9/32 ,  H04L9/3271 ,  H04L9/3273 ,  H04L63/0853 ,  H04W12/00522 ,  H04W12/06

摘要： The invention relates to a method for authenticating a user. A server accesses an identifier relating to the user associated with an identifier relating to a second user device. The server accesses, for the user, at least one predetermined reference location within a reference table. The method comprises the following steps. Sending from a first user device to the server, through a first communication channel, a first message including the identifier relating to the user and a request to get a challenge table, as challenge user authentication data. Generating, by the server, a first challenge table including a first set of characters, the first challenge table being valid. Sending, thanks to the second user device identifier, from the server to the second user device, through a second communication channel, a second message including the first challenge table and a first request to display the first challenge table. Displaying, by or through the second user device, the first challenge table. Selecting, by a user, through a man machine interface relating to the first user device, at least one corresponding displayed character, as at least one selected character. Sending, from the first user device to the server, through the first communication channel, a third message, as a challenge response message, including the at least one selected character, as submitted user authentication data. Determining, by the server, based upon the at least one predetermined reference location within the first challenge table, as the reference table, at least one corresponding reference character, as reference user authentication data. Verifying, by the server, for the user, whether the submitted user authentication data does or does not match the reference user authentication data. And succeeding, by the server, in authenticating the user only if the submitted user authentication data matches the reference user authentication data. Or failing, by the server, to authenticate the user only if the submitted user authentication data does not match the reference user authentication data.The invention also relates to corresponding user devices, server and system.

公开(公告)号：US20180176223A1

公开(公告)日：2018-06-21

申请号：US15380204

申请日：2016-12-15

申请人： Gemalto Inc.

发明人： Michael Hutchinson ,  HongQian Karen Lu

IPC分类号： H04L29/06

摘要： The present invention relates to a method to authenticate a user using an authenticator at an access device using another registered device named personal device, said authenticator being stored by the access device after registration of the personal device comprising a double encryption using an access device's secret key and a personal device's public key to be retrieved at each request of authentication received from the personal device, encrypted using a session key and sent with the session key encrypted using the personal device's public key to the personal device for partial decryption using the decrypted session key and the personal device's private key, re-encryption using the session key and sending back to the access device for total decryption of the authenticator, using the session key and the access device's secret key, and use of the thus decrypted authenticator to authenticate at the access device.

公开(公告)号：US20170359721A1

公开(公告)日：2017-12-14

申请号：US15181969

申请日：2016-06-14

申请人： GEMALTO, INC.

发明人： Meijuan DING ,  Sebastien GRAVALLON

IPC分类号： H04W12/06 ,  H04W12/04 ,  H04B1/3827 ,  H04W76/02 ,  H04L29/06

CPC分类号： H04W12/06 ,  H04B1/3833 ,  H04L63/0227 ,  H04L63/06 ,  H04L63/083 ,  H04W4/50 ,  H04W8/18 ,  H04W8/205 ,  H04W12/04 ,  H04W12/08 ,  H04W76/10

摘要： A method for managing access to a first server comprises intercepting a message including a connection request, for connecting to the first server. The message is sent at an initiative of a secure element, to the first server. A filtering rule, based upon a predetermined threshold relating to a rate or a number of connection requests, as a first filtering criterion, is accessed. The filtering rule comprises a second filtering criterion. A counter is modified for each intercepted message. The counter is compared to the predetermined threshold and, if the counter is equal to or greater than the predetermined threshold and the second filtering criterion is satisfied, a message including predefined output data is sent to the secure element. The output data controls or filters a session between the secure element and the first server.

公开(公告)号：US20170032369A1

公开(公告)日：2017-02-02

申请号：US14815271

申请日：2015-07-31

申请人： GEMALTO, INC.

发明人： Didier HUGOT

IPC分类号： G06Q20/40

CPC分类号： G06Q20/401 ,  G06Q20/3223 ,  G06Q20/382 ,  G06Q20/3821 ,  G06Q20/3825 ,  G06Q20/4012 ,  G06Q20/425

摘要： To authorize a data transaction, a terminal reads user account information from a device. The terminal sends, through a payment network, to a first server a request for authorizing a transaction accompanied with the account information. The first server sends to a device a request for a user approval relating to a transaction. The device requests whether the user approves a requested transaction authorization. Only if the user approves the requested transaction authorization, the device sends to the first server a request for authorizing a transaction and an identifier relating to the device. The first server retrieves, based upon the at identifier relating to the device, the account information. The first server sends to a second server a request for authorizing a transaction and the account information. The second server sends, through the first server and the payment network, to the terminal, either a transaction authorization or a transaction refusal.

摘要翻译： 为了授权数据交易，终端从设备读取用户帐户信息。 终端通过支付网络向第一服务器发送伴随帐户信息的交易授权请求。 第一个服务器向设备发送与交易相关的用户批准请求。 设备会请求用户是否批准所请求的交易授权。 仅当用户批准所请求的交易授权时，设备向第一服务器发送授权交易的请求和与设备相关的标识符。 第一服务器基于与设备相关的at标识符来检索帐户信息。 第一个服务器向第二个服务器发送授权交易和帐户信息的请求。 第二服务器通过第一服务器和支付网络向终端发送交易授权或拒绝交易。

公开(公告)号：US20160314309A1

公开(公告)日：2016-10-27

申请号：US14693010

申请日：2015-04-22

申请人： GEMALTO INC.

发明人： Lionel ROZAK-DRAICCHIO

IPC分类号： G06F21/62 ,  G06F9/455

CPC分类号： G06F21/6218 ,  G06F9/45558 ,  G06F21/53 ,  G06F21/77 ,  G06F21/78 ,  G06F2009/45587

摘要： The invention is a system comprising a host device and a secure element including a plurality of virtual profiles and an execution component configured to run simultaneously several of said virtual profiles. The system comprises a discovery agent configured to provide a subset of the plurality of virtual profiles, configuration data for each virtual profile of said subset and capability data reflecting the maximum of logical channels handled by the host device. The system comprises an allocating agent configured to cooperate with the discovery agent to allocate a range of logical channels to each virtual profile of the subset based on the capability data and to determine in each of the ranges a main logical channel which remains permanently available when the virtual profile to which the range is allocated has been booted.

摘要翻译： 本发明是一种包括主机设备和包括多个虚拟简档的安全元件的系统，以及被配置为同时运行几个所述虚拟简档的执行组件。 该系统包括被配置为提供多个虚拟简档的子集的发现代理，用于所述子集的每个虚拟简档的配置数据以及反映由主机设备处理的最大逻辑信道的能力数据。 该系统包括配置代理，被配置为与发现代理协作以基于能力数据向该子集的每个虚拟简档分配一定范围的逻辑信道，并且在每个范围内确定当逻辑信道保持永久可用时的主逻辑信道 分配了范围的虚拟配置文件已启动。

公开(公告)号：US20100023777A1

公开(公告)日：2010-01-28

申请号：US11938769

申请日：2007-11-12

申请人： Sylvain Prevost ,  Ksheerabdhi Krishna ,  Ruchirkumar D. Shah ,  Mehdi Asnaashari

发明人： Sylvain Prevost ,  Ksheerabdhi Krishna ,  Ruchirkumar D. Shah ,  Mehdi Asnaashari

IPC分类号： G06F9/00 ,  G06F9/44 ,  H04L9/32 ,  G06F12/14

CPC分类号： G06F21/572

摘要： A system and method of operating a device to securely update the control firmware controlling the device. Downloading a firmware update package to a first microcontroller of the device. Determining a firmware update portion and an encrypted hash portion of the firmware update package wherein the encrypted hash portion is cryptographically signed by a signatory. Confirm that the encrypted hash portion conforms to the firmware update by independently computing the hash of the encrypted firmware update portion on the first microcontroller and comparing that value to the signed hash. Other systems and methods are disclosed.

摘要翻译： 一种操作设备以安全地更新控制设备的控制固件的系统和方法。 将固件更新包下载到设备的第一个微控制器。 确定固件更新部分和固件更新包的加密散列部分，其中加密散列部分由签名者进行密码签名。 通过独立地计算第一微控制器上的加密固件更新部分的散列，并将该值与经签名的散列进行比较，确认加密散列部分符合固件更新。 公开了其它系统和方法。

公开(公告)号：US20100023650A1

公开(公告)日：2010-01-28

申请号：US11938772

申请日：2007-11-12

申请人： Sylvain Prevost ,  Ksheerabdhi Krishna ,  Ruchirkumar D. Shah ,  Mehdi Asnaashari

发明人： Sylvain Prevost ,  Ksheerabdhi Krishna ,  Ruchirkumar D. Shah ,  Mehdi Asnaashari

IPC分类号： G06F3/00 ,  G06F12/00

CPC分类号： G06F21/34

摘要： A system and method of operating a device connected to a host computer in a manner to preserve knowledge of logon authentication status to the host computer. Upon initialization of the device perform a pattern matching operation of an instruction sequence received by the second microcontroller. When the instruction sequence matches a prestored sequence indicative of performance of a logon process on the host computer tracking a logon state by the second microcontroller. Exchanging the logon state between the second and first microcontrollers such that when the second microcontroller resets, the second microcontroller may recover the logon state from the first microcontroller. Other systems and methods are disclosed.

摘要翻译： 一种操作连接到主计算机的设备的方法，以便保持对主计算机登录认证状态的知识。 在初始化设备时，执行由第二微控制器接收的指令序列的模式匹配操作。 当指令序列与指示在主计算机上执行登录过程的性能的预先存储的序列匹配由第二微控制器跟踪登录状态时。 交换第二和第一微控制器之间的登录状态使得当第二微控制器复位时，第二微控制器可以从第一微控制器恢复登录状态。 公开了其它系统和方法。

公开(公告)号：US20090064301A1

公开(公告)日：2009-03-05

申请号：US11849117

申请日：2007-08-31

申请人： Kapil Sachdeva ,  Ksheerabdhi Krishna

发明人： Kapil Sachdeva ,  Ksheerabdhi Krishna

IPC分类号： G06F7/04

CPC分类号： G06F17/30896 ,  G06F9/468 ,  G06F21/33 ,  G06F21/34 ,  G06F2221/2119

摘要： A client-side application extension executable on a host computer from within a web-browser having the capability of executing at least one web-browser add-on to provide a user access to a smart card, connected to the host computer having a smart card resource manager, via the web-browser. The web-browser extension has instructions to direct the central processing unit to access data on the smart card via a web-browser and platform independent interface module and a web-browser and platform dependent wrapper module connected to the web-browser and platform independent interface module and to the smart card resource manager having a function processing module operable to receive a call to the at least one function for accessing data on the smart card and for transforming the function call into a corresponding call to the smart card resource manager.

摘要翻译： 客户端应用扩展在主机计算机上可在网络浏览器内执行，该网络浏览器具有执行至少一个网络浏览器附件的功能，以向用户提供连接到具有智能卡的主计算机的智能卡的用户访问 资源管理器，通过网络浏览器。 网络浏览器扩展具有指示中央处理单元通过网络浏览器和独立于平台的接口模块访问智能卡上的数据，以及连接到网络浏览器和平台独立接口的网络浏览器和平台依赖的包装器模块 模块和具有功能处理模块的智能卡资源管理器，所述功能处理模块可操作以接收对所述至少一个功能的呼叫以访问所述智能卡上的数据，并用于将所述功能呼叫转换为对所述智能卡资源管理器的对应呼叫。

公开(公告)号：US11177963B2

公开(公告)日：2021-11-16

申请号：US15839142

申请日：2017-12-12

申请人： GEMALTO, INC.

发明人： Benoît Famechon ,  Najam Siddiqui ,  Karen HongQian Lu ,  Asad Mahboob Ali

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06K9/62 ,  H04L9/14 ,  H04L9/30 ,  G06F21/42 ,  G06F21/36 ,  H04W12/06 ,  G06F21/78

摘要： A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.

公开(公告)号：US20190356487A1

公开(公告)日：2019-11-21

申请号：US15983233

申请日：2018-05-18

申请人： Gemalto Inc. ,  SafeNet Canada Inc.

发明人： HongQian Karen Lu ,  Michael Gardiner

IPC分类号： H04L9/16 ,  H04L9/08

摘要： A method for securing a system including a configuration subsystem and a production subsystem. The configuration subsystem is separate from the production subsystem that comprises a plurality of components, a gatekeeper and an entity secured with a first secret value. A generator hosted in the configuration subsystem selects a secret sharing scheme and generates, from an input parameter different from the first secret value, a set of secret shares using the secret sharing scheme. The generator uniquely assigns and securely sends a secret share extracted from the set to each of the components. The gatekeeper gets a subset of the secret shares from the components and constructs a second secret value from the subset using the secret sharing scheme. The gatekeeper computes the first secret value by applying a preset function to the second secret value, and then the gatekeeper unlocks access to the entity using the first secret value.