-
公开(公告)号:US20070009101A1
公开(公告)日:2007-01-11
申请号:US10562036
申请日:2004-06-22
申请人: Rached Ksontini , Stephane Joly , Renato Cantini , Mehdi Tazi
发明人: Rached Ksontini , Stephane Joly , Renato Cantini , Mehdi Tazi
IPC分类号: H04K1/00
CPC分类号: G07F7/1008 , G06Q20/341 , G06Q20/35765 , G06Q20/40975
摘要: The aim of this invention is to provide a method to allocate resources on a security module of a portable apparatus such as a telephone, taking into account the security imperatives of the different intervening parties, such as the operator and application suppliers. This aim is achieved by a resource allocation method of a security module of an apparatus connected to a network, this network being administrated by an operator, said resources being used by the application suppliers, this method comprising the following steps: generation of a pair of asymmetric keys and storage of the private key in the security module, the public key being stored by the operator, introduction of at least one public key of the operator in the security module, reception by the operator of a request from a supplier, this request comprising at least the public key of the supplier, transmission by the operator of a resource reservation instruction to the security module together with the public key of the supplier, transmission by the operator of the security module's public key to the supplier, establishment of a secure communication channel between the supplier and the security module.
摘要翻译: 本发明的目的是提供一种在诸如电话的便携式设备的安全模块上分配资源的方法,其考虑到诸如运营商和应用供应商的不同中介方的安全要求。 该目的通过连接到网络的装置的安全模块的资源分配方法来实现,该网络由运营商管理,所述资源由应用供应商使用,该方法包括以下步骤:生成一对 私钥在安全模块中的非对称密钥和存储,公钥由操作者存储,在安全模块中引入操作者的至少一个公开密钥,操作者接收来自供应商的请求,该请求 至少包括供应商的公开密钥,由运营商将资源预约指令与供应商的公开密钥一起发送给安全模块,由运营商将安全模块的公开密钥发送给供应商,建立安全的 供应商和安全模块之间的通信渠道。
-
公开(公告)号:US08261365B2
公开(公告)日:2012-09-04
申请号:US10577857
申请日:2004-11-26
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04L29/06
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.
摘要翻译: 使用存储在与经由网络连接到控制服务器的设备相关联的安全模块中的资源的至少一个应用的认证方法。 控制服务器经由网络接收,分析和验证至少包括设备的标识符和安全模块的标识符的标识数据,生成包括应用的摘要,识别数据和用于安全模块的指令的密码,以及 通过网络和设备将密码传输到安全模块。 后者通过将从密码提取的摘要与计算的摘要进行比较来验证应用,其中,在应用的初始化和激活期间的至少一个期间,安全模块执行从密码提取的指令,并且释放或阻止访问某些 根据应用验证的结果,所述安全模块的资源。
-
公开(公告)号:US08813253B2
公开(公告)日:2014-08-19
申请号:US13557266
申请日:2012-07-25
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.
摘要翻译: 使用存储在与经由网络连接到控制服务器的设备相关联的安全模块中的资源的至少一个应用的认证方法。 控制服务器经由网络接收,分析和验证至少包括设备的标识符和安全模块的标识符的标识数据,生成包括应用的摘要,识别数据和用于安全模块的指令的密码,以及 通过网络和设备将密码传输到安全模块。 后者通过将从密码提取的摘要与计算的摘要进行比较来验证应用,其中,在应用的初始化和激活期间的至少一个期间,安全模块执行从密码提取的指令,并且释放或阻止访问某些 根据应用验证的结果,所述安全模块的资源。
-
4.发明授权公开(公告)号:US08001615B2
公开(公告)日:2011-08-16
申请号:US10577158
申请日:2004-11-03
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: G06F7/04
摘要: A method for managing the security of applications with a security module associated to an equipment connected to a network managed by a control server of an operator. The applications use resources as data or functions stored in the security module locally connected to the equipment. The method may include steps of receiving, analyzing and verifying, by the control server, identification data from the equipment and the security module, generating a cryptogram from the result of the verification of the identification data, transmitting the cryptogram to the security module of the equipment, and selectively activating or selectively deactivating by the security module at least one resource as data or functions of the security module by executing instructions included in the cryptogram and conditioning the functioning of an application according to criteria established by a supplier of the application or the operator or a user of the equipment.
摘要翻译: 一种用于利用与连接到由操作员的控制服务器管理的网络连接的设备相关联的安全模块来管理应用的安全性的方法。 应用程序使用资源作为存储在本地连接到设备的安全模块中的数据或功能。 该方法可以包括以下步骤:由控制服务器接收,分析和验证来自设备和安全模块的识别数据,从识别数据的验证结果生成密码,将密码发送到安全模块 设备,并且通过执行包括在密封件中的指令并且根据应用的供应商建立的标准来调节应用程序的功能,由安全模块至少一个资源作为安全模块的数据或功能选择性地激活或选择性地去激活, 操作员或设备的用户。
-
5.发明申请公开(公告)号:US20070274524A1
公开(公告)日:2007-11-29
申请号:US10577158
申请日:2004-11-03
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04K1/00
摘要: The aim of this invention is to propose a method to manage the security of the set composed by an equipment, a security module and applications in order to limit the risk related to the fact that a security module could be fraudulently used by applications executed on a type of equipment and/or of software version that does not entirely fulfill the established security criteria. This aim is reached by a method for managing the security of applications with a security module functioning in an equipment connected to a network, said network being managed by a control server of an operator, said applications using resources as data or functions stored in a security module locally connected to said equipment, comprising the following preliminary steps: reception of data comprising at least the type and software version of the equipment and the identity of the security module, via the network, by the control server, analysis and verification by the control server of said data, generation of a cryptogram from the result of the verification of said data, and transmission of said cryptogram, via the network and the equipment, to the security module, said method further comprises steps wherein the security module analyses the received cryptogram and activates, respectively deactivates the resources as data or functions used by at least one application installed in the equipment, said cryptogram comprising the instructions conditioning the functioning of the application according to criteria established by the supplier of said application and/or the operator and/or the user of the equipment.
摘要翻译: 本发明的目的是提出一种管理由设备,安全模块和应用组成的集合的安全性的方法,以便限制与安全模块可能被欺骗性地使用的应用程序相关的风险 类型的设备和/或软件版本不完全符合既定的安全标准。 该目的通过一种用于利用在连接到网络的设备中工作的安全模块来管理应用的安全性的方法来实现,所述网络由操作者的控制服务器管理,所述应用使用资源作为存储在安全性中的数据或功能 模块本地连接到所述设备,包括以下初步步骤:由控制服务器通过控制服务器接收至少包括设备的类型和软件版本以及安全模块的身份的数据,由控制器进行分析和验证 所述数据的服务器,从所述数据的验证结果生成密码,以及经由所述网络和所述设备将所述密码传输到所述安全模块,所述方法还包括以下步骤,其中所述安全模块分析所接收的密码 并激活,分别将资源停用为安装在e中的至少一个应用所使用的数据或功能 设备,所述密码包括根据由所述应用的供应商和/或操作者和/或设备的用户建立的标准来调节应用的功能的指令。
-
公开(公告)号:US20120314859A1
公开(公告)日:2012-12-13
申请号:US13557266
申请日:2012-07-25
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04W12/06
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: Authentication method of at least one application using resources stored in a security module associated to an equipment connected to a control server via a network. The control server receives via the network, analyses and verifies identification data comprising at least an identifier of the equipment and an identifier of the security module, generates a cryptogram comprising a digest of the application, the identification data and instructions intended for the security module and transmits the cryptogram, via the network and the equipment, to the security module. The latter verifies the application by comparing the digest extracted from the cryptogram with a calculated digest, wherein, during at least one of initialization and activation of the application, the security module executes the instructions extracted from the cryptogram and either releases or blocks access to certain resources of said security module according to a result of the verification of the application.
摘要翻译: 使用存储在与经由网络连接到控制服务器的设备相关联的安全模块中的资源的至少一个应用的认证方法。 控制服务器经由网络接收,分析和验证至少包括设备的标识符和安全模块的标识符的标识数据,生成包括应用的摘要,识别数据和用于安全模块的指令的密码,以及 通过网络和设备将密码传输到安全模块。 后者通过将从密码提取的摘要与计算的摘要进行比较来验证应用,其中,在应用的初始化和激活期间的至少一个期间,安全模块执行从密码提取的指令,并且释放或阻止访问某些 根据应用验证的结果,所述安全模块的资源。
-
公开(公告)号:US20070198834A1
公开(公告)日:2007-08-23
申请号:US10577857
申请日:2004-11-26
申请人: Rached Ksontini , Renato Cantini
发明人: Rached Ksontini , Renato Cantini
IPC分类号: H04L9/00
CPC分类号: H04L63/0428 , G06F8/65 , G06F21/10 , G06F21/34 , G06F21/51 , G06F21/554 , G06F2221/2107 , G06F2221/2153 , H04L63/0823 , H04L63/0853 , H04L63/10 , H04L63/12 , H04L63/123 , H04W4/60 , H04W12/08 , H04W12/10
摘要: A method is disclosed for the authentication of applications both at the time of their downloading, as well as at the time of their execution. At least one application works in an equipment connected by a network to a control server, the equipment being locally connected to a security module. The application is loaded and/or executed via an application execution environment of the equipment and uses resources stored in the security module. The authentication method includes reception by the control server, via the network, of data including at least the identifier of the equipment and the identifier of the security module, analysis and verification by the control server of the data; generation of a cryptogram including a digest of the application, data identifying the equipment and the security module and instructions intended for the module; transmission of the cryptogram, via the network and the equipment, to the security module; and verification of the application by comparing the digest extracted from the cryptogram received with a digest determined by the security module. Further, said method further comprising steps wherein, during the initialization and/or the activation of the application, the security module executes the instructions extracted from the cryptogram, to at least one of release and block the access to certain resources of the security module according to the result of the verification suited to this application carried out previously.
摘要翻译: 公开了一种用于在其下载时以及在其执行时对应用进行认证的方法。 至少一个应用程序在通过网络连接到控制服务器的设备中工作,该设备本地连接到安全模块。 应用程序通过设备的应用程序执行环境加载和/或执行,并使用存储在安全模块中的资源。 认证方法包括控制服务器经由网络接收至少包括设备的标识符和安全模块的标识符的数据,由控制服务器分析和验证数据; 生成包含应用摘要的密码,标识设备的数据和安全模块以及用于该模块的指令; 通过网络和设备将密码传输到安全模块; 以及通过将从所接收的密码提取的摘要与由安全模块确定的摘要进行比较来验证应用。 此外,所述方法还包括以下步骤,其中在所述应用的初始化和/或激活期间,所述安全模块执行从所述密码提取的指令中的至少一个,以释放和阻止对所述安全模块的某些资源的访问中的至少一个, 对于以前进行的适用于该应用的验证的结果。
-
8.发明授权公开(公告)号:US07610040B2
公开(公告)日:2009-10-27
申请号:US11209138
申请日:2005-08-22
申请人: Renato Cantini , Karin Busch Lauper
发明人: Renato Cantini , Karin Busch Lauper
CPC分类号: G07F7/1008 , G06Q20/04 , G06Q20/10 , G06Q20/32 , G06Q20/322 , G06Q20/3223 , G06Q20/327 , G06Q20/346 , G06Q20/363 , G06Q20/389 , G06Q20/4016 , G06Q40/025 , G07F7/0866
摘要: Method for detecting possible frauds in payment transactions between at least two partners (1, 2), the payment transaction data and/or payment authorization data being transmitted over at least one mobile radio network, at least one multivalued parameter used for detecting a possible fraud attempt being determined in said mobile radio network, said payment transactions being performed over at least one payment service provider (4), at least a second multivalued parameter used for detecting a possible fraud attempt being determined by said payment service provider (4), and certain combinations of said first and second parameters are sought in said fraud detection module in order to detect fraud attempts.
摘要翻译: 用于检测至少两个伙伴(1,2)之间的支付交易中的可能欺诈的方法,通过至少一个移动无线电网络发送的支付交易数据和/或支付授权数据,用于检测可能的欺诈的至少一个多值参数 尝试在所述移动无线电网络中确定所述支付交易是通过至少一个支付服务提供商(4)执行的,用于检测由所述支付服务提供商(4)确定的可能的欺诈尝试的至少第二多值参数,以及 在所述欺诈检测模块中寻求所述第一和第二参数的某些组合,以便检测欺诈尝试。
-
公开(公告)号:US07509098B2
公开(公告)日:2009-03-24
申请号:US10511610
申请日:2003-05-05
CPC分类号: G06F9/5016 , G06F9/5011
摘要: Proposed are a method and a system for management of resources of portable resource modules (1, 1′), each connected to a communication terminal (2, 2′, 2″), which modules comprise electronic memory units (11) and are designed in particular as chipcards. A first resource management instruction comprising a module identification is transmitted to a resource management centre (4). A second resource management instruction is transmitted from the resource management centre (4) via a communication network (3) to the resource module (1) identified through the module identification. In the particular resource module (1), resources are made ready or released by a resource control mechanism (111) corresponding to the received second resource management instruction. A resource management confirmation is transmitted by the particular resource module (1) via the communication network (3) to the resource management centre (4), and in the resource management centre (4) information about the resources made ready or released is stored assigned to the module identification.
摘要翻译: 提出了一种用于管理便携式资源模块(1,1')的资源的方法和系统,每个便携式资源模块(1,1')连接到通信终端(2,2',2“),这些模块包括电子存储单元(11) 特别设计为芯片卡。 包括模块识别的第一资源管理指令被发送到资源管理中心(4)。 从资源管理中心(4)经由通信网络(3)向通过模块识别识别的资源模块(1)发送第二资源管理指令。 在特定资源模块(1)中,通过与所接收的第二资源管理指令相对应的资源控制机构(111)准备或释放资源。 资源管理确认由特定资源模块(1)经由通信网络(3)发送到资源管理中心(4),在资源管理中心(4)中,存储已准备好或释放的资源的信息被分配 到模块识别。
-
公开(公告)号:US07231371B1
公开(公告)日:2007-06-12
申请号:US10129949
申请日:1999-11-19
申请人: Renato Cantini , Peter Keller
发明人: Renato Cantini , Peter Keller
IPC分类号: H04L9/00
CPC分类号: G07F7/1016 , G06Q20/367 , H04L9/3226 , H04L9/3263 , H04L2209/80
摘要: Method and system for ordering a digital certificate by a user and for delivering the certificate to a certificate support device of the user. A placed order, in which personal data have been received from the user and the user has been authenticated by a registration unit, is stored in a responsible certification unit. A secret certificate PIN assigned to the order, which is otherwise known only to the certification unit, is transmitted to the user, and a certificate or a reference to a certificate is transmitted for storing to the certificate support device identified by a certificate support identification, if the certificate PIN and indications making it possible to determine the order are transmitted to the certification unit.
摘要翻译: 用于由用户订购数字证书并将证书交付给用户的证书支持设备的方法和系统。 已经从用户接收到个人数据并且用户已经被注册单元认证的放置顺序被存储在负责的认证单元中。 分配给订单的秘密证书PIN码(以其他方式仅用于认证单元)被发送给用户,并且向证书支持设备发送证书或对证书的引用以存储到由证书支持标识识别的证书支持设备, 如果证书PIN和可以确定订单的指示被发送到认证单位。
-
-
-
-
-
-
-
-
-
搜索结果
26 条记录 (耗时 0.026 秒)
