公开(公告)号：US11463251B2

公开(公告)日：2022-10-04

申请号：US16470358

申请日：2017-12-14

Applicant: GEMALTO SA

Inventor： Dominique Lacouture ,  Patrick Lambert ,  Daniel Rocha Furtado

IPC: H04L9/08

Abstract: The present invention relates to a method of securely using a first tenant secret key stored under an encrypted form in a first token (TKA) of a first tenant (A) identified by a first tenant identifier (UIDA) and having said first tenant secret key, wherein: each tenant identifier (UIDT) for a tenant (T) comprises a first value and, when said tenant (T) is allowed to use a secret key of a parent tenant (Tp) identified by a parent tenant identifier (UIDTP), said parent tenant identifier, appended before said first value, and said first token (TKA) has been generated from said first tenant identifier (UIDA) and a first tenant secret key encrypted with said first tenant identifier (UIDA) and with a first tenant customer master key (CMKA), said first tenant customer master key (CMKA) having been derived from said first tenant identifier (UIDA) and a secure domain master key (SDMK), said method comprising the following steps performed by a secure device storing said secure domain master key (SDMK), on request of a second tenant (B) identified by a second tenant identifier (UIDB): —getting a first tenant identifier (UIDA) of said first tenant (A) from said first token (TKA), —checking if the first tenant identifier (UIDA) is a prefix of or is equal to said second tenant identifier (UIDB), —when said first tenant identifier (UIDA) is a prefix of or is equal to said second tenant identifier (UIDB), recovering said first tenant secret key stored in said first token (TKA) and using it for the second tenant (B).

公开(公告)号：US09680638B2

公开(公告)日：2017-06-13

申请号：US14651770

申请日：2013-12-03

Applicant: GEMALTO SA

Inventor： Frank Detcheverry ,  Patrick Lambert ,  Fabien Poplin

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/08 ,  H04L9/3247 ,  H04L2209/72

Abstract: The present invention relates to a method to build a non-alterable structure and to such a non-alterable structure including data relative to a set of cryptographic material generated randomly or derived from a secret key linked to a business use, the non-alterable structure being intended to be transferred from a first entity to a second entity, the entities sharing at least an encryption/decryption key and a signature key, the structure comprising at least business data relative to the intended use of cryptographic material, an encrypted protection key encrypted with the encryption key, an encrypted set of cryptographic material encrypted with the protection key, a signature of the set of cryptographic material, the protection key and the data relative to the intended use of cryptographic material signed with the signature key.