EP2263350A2 - Gestion d'utilisation securisee de terminal - Google Patents
Gestion d'utilisation securisee de terminalInfo
- Publication number
- EP2263350A2 EP2263350A2 EP09742265A EP09742265A EP2263350A2 EP 2263350 A2 EP2263350 A2 EP 2263350A2 EP 09742265 A EP09742265 A EP 09742265A EP 09742265 A EP09742265 A EP 09742265A EP 2263350 A2 EP2263350 A2 EP 2263350A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- security
- terminal
- entity
- secure
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
- H04L2209/805—Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
Definitions
- the present invention relates to the level of security relating to the use of a terminal and more particularly in a context of unrestricted terminal use, that is to say when the terminal considered is likely to be used by several users successively.
- it finds applications particularly in the field of secure communications when a general purpose terminal equipment is likely to be used successively by several users, including users belonging to different organizations.
- a functional block of the terminal terminal is not operational initially, and that it becomes only on receipt of certain data. This is so according to a scenario as defined in the TETRA standard (for Trans European Trunked Radio '), and more specifically in the document TETRA security' of the ETIS EN 300 392-7 (for ⁇ uropean Telecommunications Standards Institute ') in English).
- certain functionalities of a terminal can only be used using identity parameters that are stored on a specific card.
- identity parameters can correspond to the ITSI (for 'Individual TETRA Subscriber Identity' in English) and to a key K, or to the ITSI, as well as to a key KS (for 'Session Key') and an RS key (for 'Random Seed').
- the intended use of these identity parameters makes it possible to partition the security of use of various communications services offered to the user.
- the ITSI is a card inserted inside the terminal. It makes it possible to secure the use of a terminal but does not allow an easy change of user of this terminal.
- a first aspect of the present invention proposes a method for managing the secure use of a terminal having at least one secure functionality on the basis of security data; a security entity storing said security data and first authentication parameters; and the terminal storing second authentication parameters; said method comprising the following steps, at the terminal:
- a terminal requires security data to allow the use of at least one feature of this terminal.
- This security data is initially stored on a security entity, which can also be referenced as a user card, and the terminal is responsible for retrieving it from this security entity. It is advantageously provided here to carry out this recovery of security data via a secure contactless link which has been established only after the terminal has been able to authenticate this security entity.
- This prior authentication step based on information stored both on the terminal and on the security entity, ensures a level of security in the use of this terminal.
- the terminal can then unlock the corresponding functionality.
- the terminal can be used by the corresponding user, even if the connection between the security entity and the terminal is interrupted thereafter.
- the level of security associated with the use of the terminal is notably guaranteed by the fact that the security entity, or user card, is mechanically kept in contact with the terminal, and more precisely positioned within it.
- the use of the terminal is possible only in the presence of the security entity.
- the level of security of use of the terminal is based on the prior authentication of the entity and the terminal, as well as on the secure transmission of the security data from the security entity. to the terminal.
- the level of security of use of the terminal does not rely on the presence of the security entity, it is not required that a link between the terminal and the security entity is maintained during use. of the terminal. Once the security data has been transmitted to it, the terminal can be used without a link between the security entity and itself.
- the level of security of the use of a terminal is based in particular on the mutual authentication between the terminal and the entity of security. It can thus be provided that the secure link established between the security entity and the terminal is contactless and is established temporarily, simply to allow the transmission of security data. In such conditions, it is then easy to implement a change of user of the terminal.
- Such a management method can therefore be advantageously implemented for the unmarked use of terminals.
- At least one first manager is in charge of managing security parameters relating to terminals and at least one second manager is in charge of managing security parameters relating to users of the terminals.
- the first authentication parameters stored on the security entity may correspond to a first security parameter provided by the second manager and a second security parameter indicating the first manager; and the second authentication parameters that are stored on the terminal may correspond to a third security parameter provided by the first manager and a fourth security parameter indicating the second manager.
- the security entity can be informed both of the transmission of security data to a terminal, and the erasure of this security data at this terminal. It can therefore manage a state of use of the security data that it stores by one or more terminals according to an embodiment of the present invention.
- the terminal before step 12.1, registers with a network on the basis of an identifier previously stored at the terminal.
- the terminal since the terminal has retrieved security data from a security entity, it is able to register with the network. It can thus have at least some services offered by this network on the basis of an identifier of its own, that is to say, which may not be related to the user of the terminal.
- a second aspect of the present invention provides a secure use management method of a terminal having at least one secure functionality based on security data; a security entity storing said security data and first authentication parameters; and the terminal storing second authentication parameters; said method comprising the following steps, at the security entity level:
- the first authentication parameters stored on the security entity may correspond to a first security parameter provided by the second manager and a second security parameter indicating the first manager; and the second authentication parameters stored on the terminal may correspond to a third security parameter provided by the first manager and a fourth security parameter indicating the second manager.
- the security principal can manage a usage state that is updated:
- a third aspect of the present invention provides a terminal adapted to implement a management method according to the first aspect of the present invention.
- a fourth aspect of the present invention provides a security entity adapted to implement a management method according to the second aspect of the present invention.
- a fifth aspect of the present invention provides a secure terminal utilization management system comprising a terminal according to the third aspect of the present invention and a security entity according to the fourth aspect of the present invention.
- FIG. 1 illustrates the main steps of a management method according to an embodiment of the present invention
- FIG. 2 illustrates an architecture of a terminal and a security entity according to an embodiment of the present invention
- FIG. 3 illustrates an exchange of messages relating to secure identifier management within a terminal between different functionalities of this terminal, according to an embodiment of the present invention
- FIG. 4 illustrates an exchange of messages relating to secure identifier management between different functionalities of this terminal, in the case where the terminal has already registered with a network on the basis of an own identifier
- FIG. 5 illustrates an exchange of messages implemented for erasing security data stored on a terminal according to one embodiment of the present invention.
- Figure 1 illustrates the main steps of a management method according to an embodiment of the present invention implemented at a terminal.
- a terminal according to an embodiment of the present invention implements at least one feature that is initially blocked.
- the term 'functionality blocked' means that the functionality can not be used in the terminal without being previously unlocked on the basis of security data.
- the term 'security data' means a cryptographic key or access control parameters.
- Such security data may advantageously be stored on any storage medium that is able both to store this security data and to communicate with the terminal in question. No limitation is attached to the present invention with regard to the security entity that stores the security data.
- authentication step allows the terminal to authenticate the security entity from which it is likely to receive security data unlocking one of its features. Based on this step 21, the terminal is able to verify that the security principal is an entity from which it can safely receive data.
- the use of the terminal, or more precisely the unlocking of the blocked functionality on this terminal is subject to a control which guarantees a level of security as to the identity of the user of the terminal.
- This authentication step is based on information shared between the terminal and the security entity.
- the terminal are stored authentication parameters that allow both to be authenticated to the entity and to authenticate the entity itself. It is the same on the side of the entity that stores authentication parameters that allow it to authenticate with the terminal and authenticate the terminal.
- Such mutual authentication is implemented, advantageously, before restoration of the secure contactless link.
- these authentication parameters correspond to different types of security settings relating to different organizations.
- organizations are in charge of providing such security parameters on one side for terminals and on the other hand for users of these terminals, so as to secure the use of these terminals.
- a first manager in charge of managing the security parameters of the terminals and a second manager in charge of managing the security parameters of the security entities, that is to say, user cards, allowing a user to be able to use one of the terminals.
- the first manager is adapted to generate first security parameters for the terminals, all these first security parameters being associated with a single security parameter, denoted term_public_credential, which indicates the first manager.
- the second manager is adapted to generate second security parameters for the terminal users, all these second security parameters being associated with a single security parameter, noted org_public_credential, which indicates the second manager.
- the first and second security parameters may for example correspond to respective key pairs composed of a private key and a public key. They may also correspond to certificates falling under asymmetric cryptography.
- the single security parameters, indicating a manager, may correspond to public keys on the basis of which the identity of the security parameter provider manager can be verified.
- a security parameter indicating the second manager that is to say the one who is in charge of managing the security parameters relating to users, and therefore security principals, and on the other hand, at least one security parameter provided by the first manager.
- provision may be made for storing, on the one hand, a security parameter indicating the first manager, and on the other hand, a security parameter provided by the second manager.
- the terminal can verify that the corresponding security entity belongs to a user who is authorized to use it. Indeed, the terminal receives the security parameter provided by the second manager from the security entity and can thus determine if this security parameter was provided by the second manager indicated by the security parameter that it stores. The same operation can be performed at the security entity level as well.
- the mutual authentication between the terminal and the security entity can be implemented on the basis of a protocol already known, for example on the occasion of a key agreement as defined in ISO / IEC 1770- 2 "Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques".
- the authentication step fails and the process is then stopped.
- the terminal After the terminal has authenticated the security entity and the latter has authenticated the terminal, it proceeds, in a step 22, to the continuation of restoration of a secure link between the terminal and the security entity.
- This secure link can be established according to any type of key agreement protocol or key transport, for example as defined in ISO / IEC 1770-
- the security entity transmits the security data to the terminal.
- the latter stores it. It is then able to unlock the functionality whose implementation is initially blocked, thanks to this security data.
- a user who has a security entity can have access to the corresponding function of the terminal, that is to say that which can be implemented through the unlocked feature of the terminal.
- This terminal may for example have some services offered in a network through the unlocked feature.
- the security data is stored on the terminal, it is not required that the link between the terminal and the corresponding security entity is maintained. Indeed, it is sufficient that this connection is established temporarily for the transmission of the security data.
- FIG. 2 illustrates an architecture of a terminal and a security entity according to an embodiment of the present invention.
- a terminal 21 according to an embodiment of the present invention comprises:
- an authentication unit 61 adapted to perform authentication 21 of the security entity on the basis of the first and second authentication parameters; a link management entity 62 adapted to establish a secure link without contact with the security entity; and
- the terminal may further comprise a storage management unit
- a security entity adapted to store the received security data and to erase it on a specific action.
- a security entity comprises:
- an authentication unit 71 adapted to perform authentication of the terminal on the basis of the first and second authentication parameters
- a link management entity 72 adapted to establish a secure link without contact with the terminal
- a transmitter 73 adapted to transmit, during said secure connection without contact, the stored security data. It may further include a state management entity 74 adapted to update a state:
- the terminal 21 further comprises a PWR function 201 for turning on or off the terminal. It further comprises an IF interface functionality 204 in charge of managing the reception at the terminal and the transmission of signals from the terminal to a security entity.
- This IF interface functionality 204 may support the detection of the presence of a security entity according to an embodiment of the present invention. No limitation is attached to the implementation of such presence detection security entity. It is expected that the authentication units 61, link management
- the receiver 63 are located within the IF 204 functionality.
- the contactless link between the terminal and the security entity may be of the NFC (Near Field Communication) type, such as, for example, ISO / IEC 14443, ISO / IEC 18092 and ISO / IEC 21481 (for International Organization Standardization / International Electrotechnical Commission ').
- NFC Near Field Communication
- this connection can be established when the distance between the terminal and the identifier entity is between 4 cm and 10 cm. about. This distance being relatively small, the level of security of the connection is high and furthermore the power consumption is advantageously relatively low at the terminal.
- the radio interface between the terminal and the security entity is of another type that supports greater distances between the terminal and the security entity, such as the ISO / IEC 15693 standard.
- the terminal also has a feature BB 202 (for 'Base Band' in English) offering the main functions of the terminal when it is powered on by the PWR 201 feature. It also features a CRYPT feature
- the secure functionality is the function CRYPT 203.
- the latter is therefore initially blocked.
- it is required to possess security data.
- Part of the functionality CRYPT 203 can be used in the authentication step 21.
- the security parameters stored at the terminal are more specifically at the level of the CRYPT functionality.
- the BB 202 functionality may not start until the CRYPT 203 is unblocked, with a corresponding security data received by the implementation of the steps 21 to 23 described above. Then, once unlocked, the CRYPT 203 feature can provide a secure start (or 'secure bootstrap' in English) of the BB service.
- the terminal may subsequently use security parameters derived from the security parameters provided by the second manager in subsequent transactions as part of its use within a communication network.
- the IF function 204 is put on standby until the next transition from the state Of f to the on state of the PWR function 201 or until a manual action is performed. by the user at the terminal.
- the IF feature 204 is woken during a 'off to on' transition of the terminal PWR functionality 201 and the CRYPT feature 203 immediately provides a secure start (or 'secure bootstrap' in English) of the BB functionality even if the security data has not yet been received.
- the terminal 21 can offer services to the user before receiving the security data stored on the security entity it uses.
- the terminal uses certain parameters that it has, such as in particular an identifier specific to the terminal, denoted terminal_id, and, if necessary, a set of parameters. also specific to the terminal and managed at the network level. Thanks to such a recording at the network level, the terminal can advantageously have some services offered in the network when it does not yet have the security data. In this case, in parallel or independent way, the IF functionality
- the terminal can detect the presence of a security entity 12 nearby. Then, when the presence of such a security entity is detected, it is then possible to implement steps 21 to 23 of the method according to an embodiment of the present invention, in order to recover the security data that makes it possible to unlock the security.
- functionality CRYPT 203
- the terminal is then able to perform another registration at the network level on the basis of a secure identifier obtained from the security data retrieved since the security entity, this registration following the registration made on the basis of its own identifier, terminal_id.
- the terminal can advantageously re-register with the network under its new identity, which is secure, and which is derived from the security data.
- the user can access a greater variety of services offered in the network, once he has recovered the security data.
- the function BB 202 informs a device of the network 22, such as for example a directory server of the network, of the association between the network. terminal_id identifier and the identity resulting from the security data.
- the procedure for retrieving the security data can be implemented again, at a terminal that has already retrieved security data, or on a manual action of the user at the terminal such as for example a pressure of a key or a succession of several terminal keys, or on a new transition from the state 'off to the state On' in the PWR function 201, which implies that a transition of the 'state' on 'to the Off state has been done previously.
- FIG. 3 represents, in one embodiment of the present invention, the exchanges of messages relating to the management of identifier between the functionalities BB 202, CRYPT 203 and IF 204 of a terminal, when the operational state of the functionality PWR goes from Off to On '.
- An awakening command message 31 of the IF function 204 is issued by the BB function 202.
- the reception of this message 31 at the IF function 204 triggers the implementation of a presence detection step 32 of a user card, or security entity 12.
- a status change notification message 33 is sent from the IF function 204 to the CRYPT 203 facility.
- a secure contactless link is then established, and the security entity 12 transmits the security data via the IF functionality 204 by an information message 35.
- the CRYPT function 203 On receipt of this information message 35, the CRYPT function 203 stores the security data thus received, via the storage management unit 64.
- an unblocking message exchange 36 is implemented between the CRYPT 203 and the BB 202 functionality to unblock the services offered to the user of the terminal via the BB 202 functionality.
- FIG. 4 represents, in one embodiment of the present invention, the exchange of messages relating to the management of identifier inside a terminal between the functions BB 202, CRYPT 203 and IF 204, when the PWR functionality 201 is already in the 'On' operational state and the terminal has already registered with a network on the basis of its own identifier.
- a change of registration message 41 is sent to the function BB 202.
- the function BB 202 Upon reception of this message 41, the function BB 202 sends a wake up command message 31 to the functionality IF 204.
- This wake up command message 31 can be sent by the function BB 202 in parallel with other tasks that it implements following the registration of the terminal already made in the network on the basis of its own identifier, terminal_id .
- a presence detection step 32 of a security entity 12 is implemented.
- the IF 204 function changes status and notifies it to the CRYPT 203 via a status change notification message 33.
- a mutual authentication step 34 between the terminal 1 1 and the security entity 12 is then implemented. Then, the security entity transmits the security data to the terminal via a secure contactless link with an information message 35. The security data is then stored at the CRYPT 203 facility.
- the latter initiates an exchange of messages 42 with the functionality BB 202 to interrupt the other tasks that are managed at the level of the functionality BB and which are related to services available following the registration already carried out with the specific identifier of the terminal.
- the terminal 1 1 therefore has the security data, it is therefore able to deduce a secure identifier, on the basis of which it can register with the network 22. For this purpose, it can an exchange of messages 43 is provided between the functionality BB 202 and the network 22.
- the security data can be erased at the terminal where it is stored during the implementation of a management method according to an embodiment of the present invention. present invention.
- the terminal can be used by another user, it should be provided for erasure of the security data from the security entity, or user card.
- No limitation is attached to the action that triggers such a deletion of secure data at the terminal.
- Such an erase procedure may be triggered upon power off of the terminal, i.e., when the PWR functionality 201 changes from operational state 'On' to operational state 'Off. It can also be envisaged that the pressing of a key or a succession of terminal keys by the user triggers the deletion of this security data.
- Figure 5 illustrates an exchange of messages implemented to erase the security data stored on the terminal according to an embodiment of the present invention.
- the BB 202 function sends to the function CRYPT 203 an erasure message 51 requesting CRYPT functionality to erase the security data it has stored.
- This functionality CRYPT 203 erases, in a step 52, the stored security data. Once this step 52 has been performed, an erase notification message 53 is then sent to the security entity 12 via the IF function 204. It should be noted that the transmission of this erasure notification message 53 requires that the IF 204 functionality is not in sleep mode but in active mode. Therefore, if this IF 204 is in standby mode, it is here planned to previously order its mode change by remission, since the BB 202 function to the IF 204 function, an awakening command message 31 .
- the security entity 12 is able to know if the security data that is stored at its level, is also on a terminal or not. Such a security entity can therefore manage a usage state that indicates whether the security data is stored on a terminal or not.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0852341A FR2929788B1 (fr) | 2008-04-08 | 2008-04-08 | Gestion d'utilisation securisee de terminal |
PCT/FR2009/050604 WO2009136067A2 (fr) | 2008-04-08 | 2009-04-07 | Gestion d'utilisation securisee de terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
EP2263350A2 true EP2263350A2 (fr) | 2010-12-22 |
Family
ID=40093036
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP09742265A Withdrawn EP2263350A2 (fr) | 2008-04-08 | 2009-04-07 | Gestion d'utilisation securisee de terminal |
Country Status (6)
Country | Link |
---|---|
US (1) | US20110030033A1 (fr) |
EP (1) | EP2263350A2 (fr) |
KR (1) | KR20110003361A (fr) |
CN (1) | CN102047607B (fr) |
FR (1) | FR2929788B1 (fr) |
WO (1) | WO2009136067A2 (fr) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014097164A1 (fr) * | 2012-12-19 | 2014-06-26 | Saferend Security Ltd. | Système et procédé pour déterminer une mesure d'authenticité d'identité |
US10267261B2 (en) * | 2016-08-01 | 2019-04-23 | GM Global Technology Operations LLC | Methods of joining components in vehicle assemblies |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996026477A1 (fr) * | 1995-02-21 | 1996-08-29 | Ing. C. Olivetti & C., S.P.A. | Procede pour la protection d'un ordinateur electronique |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3962553A (en) * | 1973-03-29 | 1976-06-08 | Motorola, Inc. | Portable telephone system having a battery saver feature |
US5678228A (en) * | 1995-03-06 | 1997-10-14 | Hughes Aircraft Co. | Satellite terminal with sleep mode |
US7260726B1 (en) * | 2001-12-06 | 2007-08-21 | Adaptec, Inc. | Method and apparatus for a secure computing environment |
US7191344B2 (en) * | 2002-08-08 | 2007-03-13 | Authenex, Inc. | Method and system for controlling access to data stored on a data storage device |
US7318235B2 (en) * | 2002-12-16 | 2008-01-08 | Intel Corporation | Attestation using both fixed token and portable token |
US7597250B2 (en) * | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US7475247B2 (en) * | 2004-12-16 | 2009-01-06 | International Business Machines Corporation | Method for using a portable computing device as a smart key device |
US8195233B2 (en) * | 2007-07-30 | 2012-06-05 | Motorola Mobility, Inc. | Methods and systems for identity management in wireless devices |
US20090177892A1 (en) * | 2008-01-09 | 2009-07-09 | Microsoft Corporation | Proximity authentication |
-
2008
- 2008-04-08 FR FR0852341A patent/FR2929788B1/fr active Active
-
2009
- 2009-04-07 EP EP09742265A patent/EP2263350A2/fr not_active Withdrawn
- 2009-04-07 US US12/936,891 patent/US20110030033A1/en not_active Abandoned
- 2009-04-07 CN CN200980121222.6A patent/CN102047607B/zh not_active Expired - Fee Related
- 2009-04-07 KR KR1020107025039A patent/KR20110003361A/ko not_active Application Discontinuation
- 2009-04-07 WO PCT/FR2009/050604 patent/WO2009136067A2/fr active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1996026477A1 (fr) * | 1995-02-21 | 1996-08-29 | Ing. C. Olivetti & C., S.P.A. | Procede pour la protection d'un ordinateur electronique |
Non-Patent Citations (1)
Title |
---|
MENEZES ET AL: "Handbook of Applied Cryptography", USA, 1 January 1997 (1997-01-01), USA, XP055102331, Retrieved from the Internet <URL:https://www.google.com/patents/WO1996026477A1?cl=en> [retrieved on 20170320] * |
Also Published As
Publication number | Publication date |
---|---|
KR20110003361A (ko) | 2011-01-11 |
CN102047607B (zh) | 2015-04-22 |
WO2009136067A3 (fr) | 2010-03-11 |
US20110030033A1 (en) | 2011-02-03 |
FR2929788A1 (fr) | 2009-10-09 |
FR2929788B1 (fr) | 2011-11-04 |
CN102047607A (zh) | 2011-05-04 |
WO2009136067A2 (fr) | 2009-11-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1427231B1 (fr) | Procédé d'établissement et de gestion d'un modèle de confiance entre une carte à puce et un terminal radio | |
EP1022922B1 (fr) | Procédé d'authentification, avec établissement d'un canal sécurise, entre un abonné et un fournisseur de services accessible via un opérateur de télécommunications | |
EP2741466B1 (fr) | Procédé et système de gestion d'un élément sécurisé intégré ese | |
US8972728B2 (en) | Method and apparatus for providing subscriber identity module-based data encryption and remote management of portable storage devices | |
EP2720199B1 (fr) | Procédé sécurisé de commande d'ouverture de dispositifs de serrure à partir de messages mettant en oeuvre un cryptage symétrique | |
EP1903746B1 (fr) | Procédé de sécurisation de sessions entre un terminal radio et un équipement dans un réseau | |
KR20080017313A (ko) | 원격 무선 전화기 자동 파괴 | |
CN101119565A (zh) | 移动通信终端设备数据保护的方法、系统及设备 | |
WO2016102831A1 (fr) | Procédé de sécurisation de transactions sans contact | |
EP1849320A1 (fr) | Procede et dispositif d'acces a une carte sim logee dans un terminal mobile par l'intermediaire d'une passerelle domestique | |
CN110443047A (zh) | 数据交换群组系统及方法 | |
US7987249B2 (en) | Soft system failure recovery for management consoles supporting ASF RMCP | |
EP1628501A1 (fr) | Système et procédé d'accès sécurisé de terminaux visiteurs à un réseau de type IP | |
EP2156600B1 (fr) | Procédé de distribution de clé d'authentification, terminal, serveur de mobilité et programmes d'ordinateurs correspondants | |
WO2009136067A2 (fr) | Gestion d'utilisation securisee de terminal | |
CN1983291A (zh) | 对企业硬盘进行密码集中管理的方法和系统 | |
CN112215591B (zh) | 一种针对加密货币钱包的分布式加密管理方法、装置及系统 | |
EP2747333A1 (fr) | Système de stockage sécurisé comprenant un dispositif de sécurité virtuel et un dispositif de stockage sécurisé mobile | |
WO2011045297A1 (fr) | Gestion de dispositif de communication a travers un reseau de telecommunications | |
EP2266276B1 (fr) | Gestion d'identites d'utilisateurs dans un systeme | |
WO2005079038A1 (fr) | Procede, terminal mobile, systeme et equipement pour la fourniture d’un service de proximite accessible par l’intermediaire d’un terminal mobile | |
FR2813151A1 (fr) | Communication securisee dans un equipement d'automatisme | |
EP3520324B1 (fr) | Procédé de contrôle de la répartition des dispositifs d'enregistrement déployés dans les infrastructures virtualisées de deux entités | |
EP2911365A1 (fr) | Procédé et système de sécurisation de transactions offertes par une pluralité de services entre un appareil mobile d'un utilisateur et un point d'acceptation | |
FR3116978A1 (fr) | Contrôle d’accès à un réseau de communication local, et passerelle d’accès mettant en œuvre un tel contrôle |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20101001 |
|
AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA RS |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CASSIDIAN SAS |
|
DAX | Request for extension of the european patent (deleted) | ||
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: EADS SECURE NETWORKS |
|
17Q | First examination report despatched |
Effective date: 20140221 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: CASSIDIAN SAS |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: AIRBUS DS SAS |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20171005 |