公开(公告)号：US11882442B2

公开(公告)日：2024-01-23

申请号：US17541578

申请日：2021-12-03

申请人： TRUSTONIC LIMITED

发明人： Chris Loreskar

IPC分类号： H04W12/06 ,  H04L9/32 ,  H04L9/40 ,  H04W8/24 ,  H04W12/08 ,  H04W12/71 ,  H04W8/12

CPC分类号： H04W12/06 ,  H04L9/3247 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/0892 ,  H04L63/101 ,  H04W8/24 ,  H04W12/08 ,  H04W12/71 ,  H04W8/12

摘要： A terminal device seeking access to a mobile network retrieves a handset identifier identifying the terminal device and a cryptographic key for proving an identity of the terminal device from storage circuitry of the terminal device. The terminal device generates signature information by signing a block of information including the handset identifier using the cryptographic key. During a network connection process for negotiating access to the mobile network with a network control device, the terminal device communicates the signature information to the network control device.

公开(公告)号：US11533625B2

公开(公告)日：2022-12-20

申请号：US16816723

申请日：2020-03-12

申请人： Trustonic Limited

发明人： Chris Loreskar ,  Florent Joubert

IPC分类号： H04W12/48 ,  H04L9/40 ,  H04W8/18 ,  H04W12/12 ,  H04W12/037 ,  H04W12/069 ,  H04W12/0431

摘要： An authentication method is disclosed, the method comprising: receiving at least one request for an action in relation to an electronic device, wherein performance of the action requires verification of an association of a group of IDs specified by the request; verifying, via cryptographic verification, whether the group of IDs specified by the request match a cryptographically attested group of IDs associated with the electronic device, to determine whether the at least one request for an action is an authentic request; and, having determined the at least one request for an action is an authentic request, approving the at least one request, wherein the group of IDs comprises at least an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device and a device identifier associated with the electronic device.

公开(公告)号：US12096223B2

公开(公告)日：2024-09-17

申请号：US17608211

申请日：2020-05-01

申请人： TRUSTONIC LIMITED

发明人： Chris Loreskar ,  Derick Cassidy ,  John Dent

IPC分类号： H04W12/00 ,  H04W8/18 ,  H04W12/06 ,  H04W12/30 ,  H04W12/37 ,  H04W12/45 ,  H04W12/72 ,  H04W48/18

CPC分类号： H04W12/35 ,  H04W8/183 ,  H04W12/06 ,  H04W12/37 ,  H04W12/45 ,  H04W12/72 ,  H04W48/18

摘要： A method for remotely performing secure change of operational mode of a telecommunications device, the method comprising: establishing a first secure channel between a modem of the telecommunications device and an application executing in an Execution Environment of the telecommunications device; establishing a second secure channel between the application and a remote server; enabling the modem in a limited operational mode; generating a request, by the modem or the application, to verify the validity of a subscriber identity module of the telecommunications device; retrieving, by the modem, module identification information from the subscriber identity module; retrieving verification information, by the application and from the remote server, using the second secure channel, sending the module identification information from the modem to the application using the first secure channel, verifying at the application whether the subscriber identity module is valid using the module identification information and the verification information, and sending the verification result from the application to the modem using the first secure channel, or retrieving verification information, by the application and from the remote server, using the second secure channel, sending the verification information from the application to the modem using the first secure channel and verifying at the modem whether the subscriber identity module is valid using the module identification information and the verification information, or sending the module identification information from the modem to the remote server, verifying at the remote server whether the subscriber identity module is valid using the module identification information and verification information available at the server, sending the verification result from the remote server to the application using the second secure channel, and sending the verification result from the application to the modem using the first secure channel; responsive to a positive verification of the subscriber identity module transitioning the modem from the limited operational mode to an enhanced operational mode.

公开(公告)号：US10680812B2

公开(公告)日：2020-06-09

申请号：US15819294

申请日：2017-11-21

申请人： Trustonic Limited

发明人： Richard Hayton ,  Chris Loreskar ,  Donald Kenneth Felton

IPC分类号： H04L29/06 ,  H04L9/08 ,  G06F21/73 ,  G06F21/57 ,  G06F21/44 ,  G06F15/02 ,  H04L9/32 ,  H04W12/08 ,  H04W12/10 ,  H04W88/02

摘要： A method for validating an electronic device 2 includes receiving attestation information provided by the electronic device 2 attesting that the electronic device 2 has received a plurality of event attestations. Each event attestation provides a cryptographically authenticated attestation to the occurrence of a respective event during a lifecycle of the electronic device. A validation result is determined that indicates whether the attestation information is valid. Providing separate cryptographically authenticated attestations for respective events in the lifecycle of the device can simplify manufacturing of the devices in a multistage manufacture process compared to an approach using a single device-specific attestation attesting that the entire process is trusted.

公开(公告)号：US11388012B2

公开(公告)日：2022-07-12

申请号：US16642992

申请日：2018-08-23

申请人： TRUSTONIC LIMITED

发明人： Chris Loreskar ,  John Dent

IPC分类号： H04L9/32 ,  G06F21/44 ,  G06F21/53 ,  G06F21/57

摘要： A method for a device comprises enrolling a specified application installed on the device into a chain of trust provided by a private key infrastructure. In the chain of trust, a child certificate is attested as valid by an attestor associated with a parent certificate in the chain of trust. Enrolling includes generating an application certificate 20-A for verifying that the specified application is installed on the device 2. The application certificate is a descendant certificate of the device certificate associated with the device and the chain of trust.

公开(公告)号：US11025437B2

公开(公告)日：2021-06-01

申请号：US16114556

申请日：2018-08-28

申请人： Trustonic Limited

发明人： Chris Loreskar

IPC分类号： H04L29/06 ,  H04L9/32 ,  G06F21/57 ,  H04W12/06 ,  H04L9/00 ,  H04L29/08

摘要： A method for post-manufacture certificate generation for an electronic device 4 comprises obtaining a public key from the electronic device 4, and enrolling the device in to a chain of trust provided by a public key infrastructure in which a child certificate is attested as valid by an attestor associated with a parent certificate in the chain. The enrolling comprises generating an electronic device certificate 30-I for the chain of trust using the public key 32 obtained from the electronic device. The enrolling is performed at an enrolment device 6 separate from the electronic device 4. The electronic device certificate 30-I is a descendant certificate of the enrolment device certificate 30-D associated with the enrolment device 6.

公开(公告)号：US12081989B2

公开(公告)日：2024-09-03

申请号：US17583561

申请日：2022-01-25

申请人： Trustonic Limited

发明人： Chris Loreskar ,  Florent Joubert

IPC分类号： H04W12/48 ,  H04L9/40 ,  H04W8/18 ,  H04W12/037 ,  H04W12/0431 ,  H04W12/069 ,  H04W12/12

CPC分类号： H04W12/48 ,  H04L63/0442 ,  H04L63/104 ,  H04W8/183 ,  H04W12/037 ,  H04W12/0431 ,  H04W12/069 ,  H04W12/12

摘要： An authentication method and terminal device obtain a device identifier associated with an electronic device and receive an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device. A group of IDs is cryptographically signed with a device key of the terminal device or a key derived from the device key. The group of IDs may comprise the device identifier and the ICC ID.

公开(公告)号：US10904015B2

公开(公告)日：2021-01-26

申请号：US16118579

申请日：2018-08-31

申请人： Trustonic Limited

发明人： Chris Loreskar ,  Alec Milne Edgington ,  John Dent ,  Jan-Erik Gustav Ekberg

IPC分类号： G06F21/33 ,  H04L9/32 ,  H04L9/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30

摘要： A method of post-manufacture generation of the device certificate 20 for verifying an electronic device 2 according to a public key infrastructure is provided. The method comprises obtaining, at a certificate generating apparatus 40, a first key 42 associated with the device 2. A second key 22 for the electronic device is derived from the first key 42. The device certificate 20 for the PKI is generated with the second key acting as the public key 22 associated with the device certificate 20. In a corresponding way a private key 24 for the PKI can be generated by the electronic device 2 based on a shared first key 42. This approach enables the manufacturing cost for manufacturing an electronic device to be reduced whilst still enabling use of a PKI for attesting to properties of the device 2.

公开(公告)号：US11228907B2

公开(公告)日：2022-01-18

申请号：US16346618

申请日：2017-11-02

申请人： TRUSTONIC LIMITED

发明人： Chris Loreskar

IPC分类号： H04W12/06 ,  H04L9/32 ,  H04L29/06 ,  H04W8/24 ,  H04W12/08 ,  H04W12/71 ,  H04W8/12

摘要： A network usage control method comprises receiving (S2, S5) a handset identifier (e.g. an IMEI number) of a requesting terminal device (2) seeking to use a mobile network (4); retrieving verification information (S7) for verifying an identity of an authorised terminal device associated with the handset identifier; verifying (S9), based on the verification information, whether the requesting terminal device (2) is the authorised terminal device; and controlling (S10, S11) usage of the mobile network by the requesting terminal ON device in dependence on whether the requesting terminal device is verified as the authorised terminal device. Cryptographic keys can be used to bind the handset identifier to a particular handset and verify that a device presenting a given handset identifier is actually the authorised handset for that handset identifier. This prevents thieves being able to circumvent blacklisted handset identifier of a stolen handset by cloning a valid handset identifier from another device.

公开(公告)号：US10856146B2

公开(公告)日：2020-12-01

申请号：US15888119

申请日：2018-02-05

申请人： Trustonic Limited

发明人： Chris Loreskar ,  Thomas Nyman

IPC分类号： H04L29/06 ,  H04W12/06 ,  G06F16/955 ,  H04W4/08 ,  H04L12/24 ,  H04W4/80 ,  H04L9/32 ,  H04L9/08 ,  H04W4/70 ,  H04W12/00

摘要： A method for verifying whether an electronic device is one of a group of known devices comprises receiving verification information indicative of a first device identifier accessible from storage circuitry by a predetermined process executed by the electronic device and a second device identifier inaccessible from the storage circuitry by the predetermined process. A device database retains valid pairings of the first and second device identifiers for the group of known devices. The device database is looked up based on the verification information to determine whether the first and second device identifiers correspond to one of the valid parings.