公开(公告)号：US08543812B2

公开(公告)日：2013-09-24

申请号：US12666873

申请日：2008-06-26

Applicant: Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

Inventor： Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

IPC: H04L29/06

CPC classification number: H04L9/3271 ,  H04L9/3236 ,  H04L2209/805

Abstract: A system and a method for cryptographic reduced-coupon reloading are provided, where a coupon includes a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and a “reduced-coupon” xi=ƒ(ri), where ƒ is a predetermined one-way function, where: a candidate device and a second device acquire a common value of a token T, the candidate device transmits a verification value vT to the second device, the second device verifies whether the verification value is equal to PRF′Q(T), where PRF′ is a predetermined keyed pseudo-random function identical to, or derived from, the pseudo-random function PRF, where Q is an authentication key owned by the second device and known to the candidate device provided the candidate device is a legitimate reloading device, and if the verification is positive, one or several reduced-coupon(s) provided by the candidate device are stored in the second device.

Abstract translation: 提供了一种用于密码缩减优惠券重新加载的系统和方法，其中优惠券包括伪随机数ri = PRFK（i），其中i是用于标记优惠券的索引，PRF是预定的伪随机函数，K 是再生密钥和“减价券”xi = f（ri），其中f是预定的单向函数，其中：候选设备和第二设备获取令牌T的公共值，候选设备 向第二设备发送验证值vT，第二设备验证验证值是否等于PRF'Q（T），其中PRF'是与伪随机的相同或衍生的预定的键控伪随机函数 功能PRF，其中Q是由第二设备拥有并且候选设备已知的认证密钥，只要候选设备是合法的重新加载设备，并且如果验证是肯定的，则候选者提供的一个或几个减费券 设备存储在第二设备中。

公开(公告)号：US20100185851A1

公开(公告)日：2010-07-22

申请号：US12666873

申请日：2008-06-26

Applicant: Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

Inventor： Matthew Robshaw ,  Henri Gilbert ,  Marc Girault ,  Loic Juniot

IPC: H04L9/32

CPC classification number: H04L9/3271 ,  H04L9/3236 ,  H04L2209/805

Abstract: A system and a method for cryptographic coupon reloading are provided for, wherein a coupon comprises, on one hand, a pseudo-random number ri=PRFK(i), where i is an index for labeling the coupon, PRF is a predetermined pseudo-random function and K is a regeneration key, and, on the other hand, a “reduced-coupon” xi such that xi=ƒ(ri), where ƒ is a predetermined one-way function, characterized in that it comprises the following steps: a candidate device (1) and a second device (2) acquire a common value of a token T, said candidate device (1) transmits a verification value vT to the second device (2), the second device (2) verifies whether said verification value vT is given by vT=PRF′Q(T), where PRF′ is a predetermined keyed pseudo-random function identical to, or derived from, said pseudo-random function PRF, and where Q is an authentication key owned by the second device (2) and known to the candidate device (1) provided the candidate device (1) is a legitimate reloading device (1), and if the verification is positive, one or several reduced-coupon(s) provided by the reloading device (1) are stored in the second device (2). Application to second devices contained in RFID tags.

Abstract translation: 提供一种用于加密优惠券重新加载的系统和方法，其中优惠券一方面包括伪随机数ri = PRFK（i），其中i是用于标记优惠券的索引，PRF是预定的伪随机数， 随机函数和K是再生密钥，另一方面，“减价券”xi使得xi =ƒ（ri），其中ƒ是预定的单向函数，其特征在于它包括以下步骤 ：候选设备（1）和第二设备（2）获取令牌T的公共值，所述候选设备（1）向第二设备（2）发送验证值vT，第二设备（2）验证是否 所述验证值vT由vT = PRF'Q（T）给出，其中PRF'是与所述伪随机函数PRF相同或衍生的预定的键控伪随机函数，并且其中Q是由 第二设备（2）并且候选设备（1）已知，提供候选设备（1）是合法的重新加载 （1），并且如果验证是肯定的，则由所述重新加载装置（1）提供的一个或多个减价券存储在所述第二装置（2）中。 应用于RFID标签中的第二个设备。

公开(公告)号：US07165177B2

公开(公告)日：2007-01-16

申请号：US10221693

申请日：2001-03-19

Applicant: Henri Gilbert ,  Marc Girault

Inventor： Henri Gilbert ,  Marc Girault

IPC: H04L9/00

CPC classification number: G07F7/1008 ,  G06Q20/341 ,  G06Q20/40975 ,  G07F7/0866 ,  H04L9/3263 ,  H04L2209/04 ,  H04L2209/56

Abstract: The present invention relates to a method of protecting an electronic chip (1) of a user against fraud in transactions between an application (2) and the electronic chip (1).The method consists in: both the electronic chip (1) and the application (2) computing (16, 17) a certificate (Sp, S) which is the result of applying the logic function g to a list of arguments (e1, e2) comprising at least the seed R and the secret key K, allocating to the electronic chip (1) a second secret key K′ known only to the electronic chip (1) and to the application (2) and kept secret (13) in the electronic chip (1), on each authentication of the electronic chip (1), determining (18, 19) a mask M computed by applying a non-linear function f to at least a portion of the secret key K′, masking (20) the value of the certificate (Sp) by means of the mask M to make available to the application (2) only the masked value of the certificate (Spm), and using the application (2) to verify the masked value of the certificate (Spm) computed by the electronic chip (1).

Abstract translation: 本发明涉及一种保护用户的电子芯片（1）免受应用程序（2）和电子芯片（1）之间交易中的欺诈的方法。 该方法包括：电子芯片（1）和应用程序（2）计算（16,17）证书（Sp，S），其是将逻辑函数g应用于参数列表（e

公开(公告)号：US07284122B2

公开(公告)日：2007-10-16

申请号：US10221692

申请日：2001-03-19

Applicant: Henri Gilbert ,  Marc Girault

Inventor： Henri Gilbert ,  Marc Girault

IPC: H04L9/00

CPC classification number: G07F7/1008 ,  G06Q20/341 ,  G06Q20/40975 ,  H04L9/3263 ,  H04L2209/04 ,  H04L2209/56

Abstract: A cryptographic method of protection against fraud in transactions between an application and an electronic chip of a user. Both the electronic chip and the application compute a certificate (Sp, S) which is the result of applying a non-linear function f to a list of arguments (e1, e2) comprising at least a seed R and a secret key KO. A second secret key K′ which is known only to the electronic chip and to the application is allocated to and kept secret in the electronic chip. Upon each authentication of the electronic chip, a mask M is determined by computing it from at least a portion of the secret key K′. The value of the certificate (Sp) is masked by means of the mask M to make available to the application only the masked value of the certificate (Spm). The application is used to verify the masked value of the certificate (Spm) computed by the electronic chip.

Abstract translation: 一种在用户的应用程序和电子芯片之间的交易中防止欺诈的加密方法。 电子芯片和应用程序都计算证书（Sp，S），其是将非线性函数f应用于参数列表（e1，...，＆lt; SUB>）至少包括种子R和密钥KO。 仅将电子芯片和应用程序所知的第二秘密密钥K'分配给电子芯片并保密。 在电子芯片的每次认证时，通过从秘密密钥K'的至少一部分计算掩码M来确定掩码M. 证书（Sp）的值通过掩码M进行掩码，使应用程序只能使用证书的掩蔽值（Spm）。 该应用程序用于验证由电子芯片计算的证书（Spm）的屏蔽值。

公开(公告)号：US07526648B2

公开(公告)日：2009-04-28

申请号：US10472993

申请日：2002-06-07

Applicant: David Arditti ,  Jacques Burger ,  Henri Gilbert ,  Marc Girault ,  Jean-Claude Pailles

Inventor： David Arditti ,  Jacques Burger ,  Henri Gilbert ,  Marc Girault ,  Jean-Claude Pailles

IPC: H04L9/00 ,  G06F12/14

CPC classification number: G07F7/1008 ,  G06Q20/341 ,  G06Q20/40975 ,  G09C1/00 ,  H04L9/3263 ,  H04L2209/56

Abstract: The present invention relates to a cryptographic method of protecting an electronic chip against fraud and a device including an electronic chip which is adapted to protect the electronic chip against fraud. The method includes: mixing some or all of the input parameters (Em) to supply an output data item E′=(e′1, e′2, . . . , e′n, . . . , e′N), changing the state of a finite state automaton from an old state to a new state as a function of the data item E′=(e′1, e′2, . . . , e′n, . . . , e′N), and calculating a certificate (S) by means of an output function having at least one state of the automaton as an input argument. The device includes: mixing means, a finite state automaton, and output means for calculating a certificate (S).

Abstract translation: 本发明涉及一种保护电子芯片免受欺诈的密码方法和一种包括适用于保护电子芯片免受欺诈的电子芯片的设备。 该方法包括：混合部分或全部输入参数（Em）以提供输出数据项E'=（e'1，e'2，...，e'n，...，e'N） 将有限状态自动机的状态从旧状态改变为新状态，作为数据项E'=（e'1，e'2，...，e'n，...，e'N的函数） ），并且通过具有自动机的至少一个状态的输出函数作为输入参数来计算证书（S）。 该装置包括：混合装置，有限状态自动机和用于计算证书（S）的输出装置。

公开(公告)号：US07657738B2

公开(公告)日：2010-02-02

申请号：US10521833

申请日：2003-07-16

Applicant: Sébastien Canard ,  Marc Girault ,  Jacques Traore

Inventor： Sébastien Canard ,  Marc Girault ,  Jacques Traore

IPC: H04L9/32

CPC classification number: H04L9/3263 ,  G06Q20/383 ,  H04L9/3255 ,  H04L2209/42 ,  H04L2209/463

Abstract: The invention concerns a list signature method comprising: an organization phase whereby reliable authority defines parameters for implementing an anonymous electronic signature; a phase which consists in registering persons on a list of authorized members to generate a list signature, during which each person calculates a private key, and the reliable authority delivers to each person a certificate for membership of the list; a phase which consists in defining a serial number; a phase wherein a member of the list generates by means of certificate a signature containing an element common to all the signatures issued by one single member with one single serial number; a phase which consists in verifying whether the signature has been generated by a member of the list and whether the serial number has been used to generate the signature.

Abstract translation: 本发明涉及一种列表签名方法，包括：组织阶段，其中可靠的权限定义用于实现匿名电子签名的参数; 该阶段包括将人员登记在授权成员名单上以生成列表签名，在此期间，每个人计算私钥，可靠的权力机构向每个人递送列表成员的证书; 一个定义序列号的阶段 一个阶段，其中该列表的成员通过证书生成一个签名，该签名包含一个单个成员发出的所有签名所共有的元素和一个单个序列号; 一个阶段，其中包括验证签名是否由列表的成员生成，以及序列号是否已被用于生成签名。

公开(公告)号：US07571324B2

公开(公告)日：2009-08-04

申请号：US10500792

申请日：2002-12-13

Applicant: Sèbastien Canard ,  Marc Girault ,  Jacques Traore

Inventor： Sèbastien Canard ,  Marc Girault ,  Jacques Traore

IPC: H04K1/00 ,  H04L9/00 ,  H04L9/28 ,  G06F7/04 ,  G06K9/00

CPC classification number: H04L9/3255

Abstract: A cryptographic method and apparatus for anonymously signing a message. Added to the anonymous signature is another signature which is calculated (operation 13) using a private key common to all the members of a group authorized to sign and unknown to all revoked members. The private key is updated (operations 8, 11) at group level on each revocation within the group and at member level only on anonymous signing of a message by the member.

Abstract translation: 用于匿名签名消息的密码方法和装置。 添加到匿名签名是另一个计算的签名（操作13），使用对所有被撤销的成员授权签名和未知的组的所有成员共同的私钥。 在组内每个撤销的组级别和成员级别的私有密钥被更新（操作8,11），只有成员匿名签名消息。

公开(公告)号：US20050213769A1

公开(公告)日：2005-09-29

申请号：US10519698

申请日：2003-06-27

Applicant: Marc Girault ,  Jean-Claude Pailles

Inventor： Marc Girault ,  Jean-Claude Pailles

IPC: H04L9/10 ,  H04L9/30 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L9/302 ,  H04L9/3218 ,  H04L2209/56

Abstract: The cryptographic method is used in transactions for which a first entity generates, by means of a private RSA key, a proof verifiable by a second entity by means of a public RSA key associated with said private key. The public key includes an exponent and a module. The first entity generates a first element of proof by a calculation that can be performed independently of the transaction, and a second element of proof related to the first element of proof and which depends on a common number shared by the first and the second entities specifically for the transaction. The second entity verifies that the first element of proof is related, modulo the module of the public key, to a power of a generic number, with an exponent equal to a linear combination of the common number and of a product of the exponent of the public key by the second element of proof.

Abstract translation: 密码方法用于第一实体借助于专用RSA密钥通过与所述私钥相关联的公共RSA密钥由第二实体验证的证明的事务中。 公钥包括指数和模块。 第一实体通过可以独立于事务执行的计算产生第一证明要素，以及与第一证据要素有关的第二证据要素，其依赖于第一和第二实体共有的共同数字 为交易。 第二个实体验证第一个证明要素是否与公钥的模数相乘，以一般数字的幂来表示，其指数等于共同数字的一个线性组合， 公钥由第二要素证明。

公开(公告)号：US20050081038A1

公开(公告)日：2005-04-14

申请号：US10500311

申请日：2002-12-20

Applicant: David Arditti Modiano ,  Sebastien Canard ,  Marc Girault ,  Jacques Traore

Inventor： David Arditti Modiano ,  Sebastien Canard ,  Marc Girault ,  Jacques Traore

IPC: H04L9/08 ,  H04L9/10 ,  H04L9/32 ,  H04L9/00

CPC classification number: H04L9/3255

Abstract: The invention concerns a system enabling a member (M) of a group (G) to produce, by means of customized data (z; K), a message (m) accompanied by a signature (8) proving to a verifier that the message originates from a member of the group (G). The invention is characterized in that the customized data is in the form of an electronic physical medium (26). Advantageously, the latter also incorporates: encrypting means (B3) for producing a customized cipher (C) from the customized data prior to the signature S of the message (m), means (B5) for producing a combination of a message m to be signed and the cipher (C) associated with said message, for example in the form of a concatenation of the message (m) with the cipher (C), and means (B6) for signing (Sig) the message (m) with the customized data (z; K) in the form of a cipher (C) associated with said message. Advantageously, the physical medium is a smart card (26) or the like.

Abstract translation: 本发明涉及使得组（G）的成员（M）能够通过定制数据（z; K）产生伴随着签名（8）的消息（m）的系统，该签名（8）向验证者证明该消息 来自该组（G）的成员。 本发明的特征在于，定制数据是电子物理介质（26）的形式。 有利地，后者还包括：用于在消息（m）的签名S之前从定制数据产生定制密码（C）的加密装置（B3），用于产生消息m的组合的装置（B5） 签名和与所述消息相关联的密码（C），例如以消息（m）与密码（C）的级联的形式，以及用于与消息（m）签名（Sig）消息（M）的装置 以与所述消息相关联的密码（C）的形式的定制数据（z; K）。 有利地，物理介质是智能卡（26）等。

公开(公告)号：US08812840B2

公开(公告)日：2014-08-19

申请号：US11883975

申请日：2006-02-01

Applicant: Herve Sibert ,  Marc Girault

Inventor： Herve Sibert ,  Marc Girault

IPC: H04L29/00

CPC classification number: H04L9/3271 ,  G06Q20/388 ,  G07F7/1008 ,  H04L2209/805 ,  H04W12/06

Abstract: A method of pre-authentication of a first entity (10) by a second entity (1) communicating with each other via a wireless connection. The second entity (1) sends (23′) a challenge value (c). If the first entity (10) receives (23) a challenge value (c′), it applies to the received challenge value a predefined transformation (g) known to the second entity to obtain a first transformed value (r) and then sends (24) the first transformed value (r) obtained. If the second entity receives (24′) a transformed value (r′), it compares (25′) the received transformed value to a second transformed value (r″) obtained by applying the predefined transformation (g) to the challenge value sent and considers the pre-authentication to have succeeded if the result of comparing the second transformed value obtained and the transformed value received is below a predefined threshold (m).

Abstract translation: 一种通过无线连接相互通信的第二实体（1）对第一实体（10）进行预认证的方法。 第二实体（1）发送（23'）挑战值（c）。 如果第一实体（10）接收到（23）询问值（c'），则其对接收到的质询值应用第二实体已知的获得第一变换值（r）的预定变换（g），然后发送（ 24）获得的第一变换值（r）。 如果第二实体接收（24'）变换值（r'），则将接收到的变换值与通过将预定变换（g）应用于所发送的询问值而获得的第二变换值（r“）进行比较（25'） 并且如果所获得的第二变换值与所接收的变换值的比较低于预定阈值（m），则认为预认证成功。