-
公开(公告)号:US11604857B2
公开(公告)日:2023-03-14
申请号:US17266930
申请日:2019-07-16
申请人: THALES DIS FRANCE SA
发明人: Michael Adjedj , Aline Gouget , Stéphane Grellier , Sylvain Leveque , Jan Vacek
摘要: Protection of a data file to be used by a white-box cryptography software application installed in memory of a device to prevent the malevolent use of a digital copy of the data file by a white-box cryptography (WBC) software application installed in memory of another device. The mechanism includes extracting an unique identifier for the device from the environment of the device and modifying data in the data file according to the unique identifier, the available white-box cryptography software application includes a software security layer to retrieve the unique identifier from the environment of the device in which the software application is installed and to use this unique identifier in combination with the stored data file when executing, the result of the execution being correct only in case where the correct unique identifier has been extracted by the executed WBC software application.
-
公开(公告)号:US11528123B2
公开(公告)日:2022-12-13
申请号:US16625529
申请日:2018-06-20
申请人: Thales Dis France SA
发明人: Steven Madec , David Vigilant
摘要: The present invention relates to a computing device for executing a first cryptographic operation of a cryptographic process on useful input data, said computing device comprising a first processor, a second processor and a selection circuit wherein: —said selection circuit is configured: —for receiving, from an input bus, expanded input data obtained by interleaving dummy input data with said useful input data, —for determining positions of the dummy input data in said expanded input data, —and for extracting said dummy input data and said useful input data from the expanded input data based on said determined positions, —said first processor is configured for executing said first cryptographic operation of said cryptographic process on said extracted useful input data to obtain useful output data, —said second processor is configured for executing a second operation on said extracted dummy input data to obtain dummy output data, said computing device being configured for having said operations executed such that leakage generated by said first cryptographic operation is jammed by leakage generated by the second operation.
-
公开(公告)号:US11385893B2
公开(公告)日:2022-07-12
申请号:US17048262
申请日:2019-04-16
申请人: THALES DIS FRANCE SA
发明人: David Vigilant
摘要: The present invention relates to a method secured against side channel attacks performing an arithmetic operation of a cryptographic algorithm mixing Boolean and arithmetic operations, wherein said method is performed by a cryptographic device comprising a processing system having at least one hardware processor, and said operation has a first value (x) and a second value (y) as operands, comprising: —obtaining (S1) a first masked value (x′), a second masked value (y′), a first Boolean mask (rx), a second Boolean mask (ry), said first masked value (x′) resulting from masking said first value (x) by said first Boolean mask (rx) by performing a Boolean exclusive OR (XOR) operation between said first value (x) and said first Boolean mask (rx), and said second masked value (y′) resulting from masking said second value (y) by said second Boolean mask (ry) by performing a Boolean exclusive OR (XOR) operation between said second value (y) and said second Boolean mask (ry), —performing (S2) in any order a plurality of computing steps combining values among said first masked value (x′), said second masked value (y′), said first Boolean mask (rx) and said second Boolean mask (ry) to obtain a boolean masked result equal to the result of the arithmetic operation having said first value (x) and said second value (y) as operands, masked by a third boolean mask (rx xor ry) resulting from performing said Boolean exclusive OR (XOR) operation between said first Boolean mask (rx) and said second Boolean mask (ry) ((x+y) xor (rx xor ry)), wherein said computing steps perform Boolean exclusive OR (XOR) operations or arithmetic operations between said values without disclosing any information relative to the first and second values and, wherein said computing steps are executed by the hardware processor by performing a constant number of elementary operations whatever the bit-size of said first and second values, —outputting (S3) said boolean masked result of the arithmetic operation between said first value (x) and said second value (y).
-
4.发明申请公开(公告)号:US20220164178A1
公开(公告)日:2022-05-26
申请号:US17599647
申请日:2020-03-31
申请人: THALES DIS FRANCE SA
摘要: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.
-
公开(公告)号:US11336459B2
公开(公告)日:2022-05-17
申请号:US16628269
申请日:2018-06-29
申请人: THALES DIS FRANCE SA
IPC分类号: H04L9/32 , H04L9/40 , B60R25/24 , H04W4/40 , H04W12/108 , G06Q20/40 , G06Q20/12 , G06Q20/14 , G06Q20/32 , G06Q20/38 , G06Q30/06 , G07F17/00 , H04L67/303 , H04L67/306 , B60R25/00 , H04L29/06 , H04W12/084
摘要: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly verified by the owner's device; granting for the user access to the service provided by the connected device when the user profile is validated.
-
公开(公告)号:US11314999B2
公开(公告)日:2022-04-26
申请号:US16648203
申请日:2018-09-18
申请人: THALES DIS FRANCE SA
发明人: Teemu Pohjola
摘要: The present invention relates generally a method to authenticate a data carrier, such as passports, licenses, identification card . . . by hiding at least two optically encoded image within a data carrier so that the data carrier is authenticated through at least two factor authentication process. In the methods of the present invention, at least two reliable, readable optically encoded image are hidden within the data carrier wherein each of the encoded image is visible through a same decoder device but under different specific lighting conditions without the former having influence on the quality of the latter. The authentication methodology of the present invention provides an improved security, being even more difficult to reproduce by infringers, even more difficult to remove, replace or exchange and easy to check.
-
公开(公告)号:US20220104013A1
公开(公告)日:2022-03-31
申请号:US17298213
申请日:2019-11-21
申请人: THALES DIS FRANCE SA
IPC分类号: H04W12/06 , H04W12/02 , H04W12/041 , H04W12/106 , H04W12/03
摘要: A method to attach a mobile device to a server, using a protocol having data size encoding constraints which prevents using traditional ciphering, includes an initialization phase using a range of ephemeral IMSIs stored in a batch of credential containers of mobile devices and an associated group master key shared by the server and credential containers having the same range of ephemeral IMSIs to initiate a session using a server random value. The initialization phase uses limited payload in a mobile device-to-server message to send a randomly chosen rIMSI among the range of IMSIs to enable the server to generate keys to initiate a secured communication phase, then using individual keys stored in the mobile device and retrieved by the server with an identifier of the credential container sent in a mobile device-to-server message and with an individualization master key owned by the server.
-
公开(公告)号:US11273660B2
公开(公告)日:2022-03-15
申请号:US16978981
申请日:2019-02-22
申请人: THALES DIS FRANCE SA
发明人: David Westgate , Tommi Seppala
IPC分类号: B42D25/24 , B42D25/435
摘要: Security document and method of manufacturing thereof. The security document having at least one bio data page and at least one paper data page stitched together, and at least one cover sheet placed outside the bio data page and the paper data pages, said cover sheet having at least one end paper sheet stitched with the stitched pages and one cover material sheet attached to the end paper sheet. The inside of the cover sheet is kiss cut in order to prevent any splitting of the cover sheet.
-
公开(公告)号:US20220078020A1
公开(公告)日:2022-03-10
申请号:US17417412
申请日:2019-12-23
申请人: THALES DIS FRANCE SA
摘要: Acquisition of a biometric template from a biometric device wherein a biometric image information is captured from said biometric device, wherein when an anti-spoofing detection method is successful, extracting said biometric template from the captured biometric image information and computing a digital integrity at least over a part of a predefined message, receiving by a biometric matching system said biometric template and said digital integrity, and setting up an authentication mechanism of the biometric device through the received digital integrity and that said biometric template by said biometric matching system only when the output of the authentication mechanism is successful.
-
公开(公告)号:US20220014911A1
公开(公告)日:2022-01-13
申请号:US17294885
申请日:2019-11-19
申请人: THALES DIS FRANCE SA
发明人: Danny TABAK , Johan JOSEFSSON
摘要: A method comprises: Sending, by a first Chip Interface Device (CID), to a second CID, using a CID type protocol, a request for establishing a secure channel over a wireless protocol. Sending, by the second CID, to a Personal Computer Smart Card (PCSC), a first request for establishing a connection to the chip. Establishing, by the PCSC, a connection to the chip. Establishing, by the PCSC, a connection to the second CID. Establishing, by the second CID, a secure session with the first CID by using a session key. And sending, by the second CID, to the first CID, while using the CID type protocol, a secure CID channel establishment success that allows sending or receiving APDU(s) via the established secure channel over the wireless protocol. The second CID renders apparent to the first CID the chip as being connected.
-
-
-
-
-
-
-
-
-
搜索结果
123 条记录 (耗时 0.021 秒)
