公开(公告)号：US20180314810A1

公开(公告)日：2018-11-01

申请号：US15768211

申请日：2016-09-06

Applicant: GEMALTO SA

Inventor： Milas FOKLE ,  Benoit GONZALVO ,  Guillaume HUYSMANS

IPC: G06F21/31 ,  G06F21/12 ,  H04L29/08 ,  H04L29/06 ,  H04L9/32 ,  G06F21/44 ,  G06F21/60

CPC classification number: H04W4/50 ,  H04W4/60 ,  H04W12/02 ,  H04W12/06

Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.

公开(公告)号：US20200092277A1

公开(公告)日：2020-03-19

申请号：US16324098

申请日：2017-07-27

Applicant: GEMALTO SA

Inventor： Milas FOKLE

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/00

Abstract: A method for checking at the level of a service provider if an application in a terminal is entitled to request a service, a security element cooperating with the terminal contains a first key generated by the terminal application during an enrolment phase. The method comprises: A—Sending to the security element, a first message containing data generated by the service provider, and the public keys of the terminal application and the security element; B—Decrypting the first message in the security element with the private key of the security element; C—Sending to the terminal application the decrypted first message encrypted by the first key; D—Decrypting in the terminal application the received message with a second key and decrypting the data with the private key of the terminal application; E—Sending to the service provider the data; F—Checking by the service provider that the received data correspond to those sent at step A and, —if the data correspond, authorize the service to be executed; —if the data do not correspond, forbid the service to be executed.