公开(公告)号：WO2018188911A1

公开(公告)日：2018-10-18

申请号：PCT/EP2018/056994

申请日：2018-03-20

Applicant: GEMALTO SA

Inventor： LACOUTURE, Dominique ,  LAMBERT, Patrick ,  ROCHA FURTADO, Daniel

IPC: G06F21/78

CPC classification number: G06F21/78 ,  G06F2221/2111

Abstract: The present invention relates to a memory card comprising a memory, a processor, an interface and a positioning system, said memory card being configured for being inserted in a user apparatus, for storing a first encryption key generated depending on intended geo-parameter values and for, - when a command for writing first data in said memory is received from said user apparatus on the interface, encrypting said first data with said first encryption key by the processor and storing said encrypted first data in said memory, - when a user command for reading said first data stored in said memory is received from said user apparatus on the interface, ○ obtaining current geo-parameter values from said positioning system, ○ generating by said processor from the obtained current geo-parameter values a second encryption key and an associated decryption key, ○ verifying if said first and second encryption keys match and when the keys match, decrypting said encrypted first data stored in said memory by the processor with said decryption key and outputting said decrypted encrypted first data to said user apparatus (2) on said interface.

公开(公告)号：WO2018114574A1

公开(公告)日：2018-06-28

申请号：PCT/EP2017/082779

申请日：2017-12-14

Applicant: GEMALTO SA

Inventor： LACOUTURE, Dominique ,  LAMBERT, Patrick ,  ROCHA FURTADO, Daniel

IPC: H04L9/08

Abstract: The present invention relates to a method of securely using a first tenant secret key stored under an encrypted form in a first token (TKA) of a first tenant (A) identified by a first tenant identifier (UID A ) and having said first tenant secret key, wherein : each tenant identifier (UID T ) for a tenant (T) comprises a first value and, when said tenant (T) is allowed to use a secret key of a parent tenant (Tp) identified by a parent tenant identifier (UID TP ), said parent tenant identifier, appended before said first value, and said first token (TKA) has been generated from said first tenant identifier (UID A ) and a first tenant secret key encrypted with said first tenant identifier (UID A ) and with a first tenant customer master key (CMK A ), said first tenant customer master key (CMK A ) having been derived from said first tenant identifier (UID A ) and a secure domain master key (SDMK), said method comprising the following steps performed by a secure device storing said secure domain master key (SDMK), on request of a second tenant (B) identified by a second tenant identifier (UID B ) : - getting a first tenant identifier (UID A ) of said first tenant (A) from said first token (TKA), - checking if the first tenant identifier (UID A ) is a prefix of or is equal to said second tenant identifier (UID B ), - when said first tenant identifier (UID A ) is a prefix of or is equal to said second tenant identifier (UID B ), recovering said first tenant secret key stored in said first token (TKA) and using it for the second tenant (B).