Patents Assigned to GIESECKE+DEVRIENT MOBILE SECURITY GMBH
-
Patent number: 11205020Abstract: The present invention relates to a security module and to a corresponding method for operating the security module for realizing a secure memory management. The subject matter according to the invention takes into account existing hardware components, for example a smart card, and can thus be integrated into existing smart cards with particularly little technical effort. The secure memory management prevents attacks against memory segments of the data memory.Type: GrantFiled: May 31, 2017Date of Patent: December 21, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventor: Michael Baldischweiler
-
Patent number: 11202201Abstract: A subscriber identity module (eUICC), comprises profiles for the utilization of a mobile terminal that include at least a first profile and at least a second profile, of which the second profile (Pr1, Pr2) is devised as an active profile. The first profile is designed as a root profile (PrR) which in a normal state of the subscriber identity module is in an inactive state, and which is devised to be activated in response to an authentication command (AUTHENTICATE) received at the subscriber identity module. The authentication command is specially parameterized for the root profile (PrR) with a specific root value of the network parameter (P2) to be activated during a change-over period. The initially active second profile (Pr1, Pr2) is deactivated during the change-over period. After the end of the change-over period, the first profile (PrR) is again deactivated and the second profile (Pr1, Pr2) is again activated.Type: GrantFiled: November 30, 2016Date of Patent: December 14, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Ulrich Huber, Nils Nitsch
-
Patent number: 11184343Abstract: A method is provided for carrying out a cryptographically secured authentication which complies with the Universal Authentication Framework (UAF) of the FIDO Alliance. It is thus possible to employ an existing infrastructure of the FIDO Alliance and the method can be embedded into the infrastructure using standard interfaces.Type: GrantFiled: January 29, 2018Date of Patent: November 23, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Volker Stöhr, Frank-Michael Kamm, Nils Gerhardt, Andreas Chalupar
-
Patent number: 11167535Abstract: A multilayer, co-extruded foil stack has a layer of a layer having Tritan® and a layer arranged within the foil stack with a layer having polycarbonate. A card-shaped data carrier has at least the multilayer foil stack.Type: GrantFiled: June 28, 2017Date of Patent: November 9, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventor: Josef Riedl
-
Patent number: 11148459Abstract: The present invention is directed at a method for manufacturing a card-shaped data carrier, in which a material from nature, for example wood, is installed in a particularly advantageous manner. The invention is further directed at a correspondingly adapted apparatus for manufacturing the card-shaped data carrier as well as at the data carrier itself. Further, a computer program product is proposed, having control commands that implement the method and/or operate the proposed apparatus.Type: GrantFiled: September 4, 2017Date of Patent: October 19, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Günter Endres, Thomas Tarantino
-
Patent number: 11148458Abstract: A method for changing a geometry of an edge of a portable data carrier, wherein the geometry of the edge is changed in order to work on the edge and the outer side of the data carrier proceeding from a common side, without a spatial location of the data carrier being changed.Type: GrantFiled: June 29, 2016Date of Patent: October 19, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Josef Riedl, Günter Endres, Klaus Kohl, Thorsten Sauer
-
Patent number: 11128436Abstract: A processor device with a white-box masked implementation of the cryptographic algorithm AES implemented thereon, which comprises a SubBytes transformation. The white-box masked implementation is hardened in that white-box round input values x? are supplied at the round input of rounds instead of the round input values x, said white-box round input values being formed from a concatenation of: (i) the round input values x that are masked by means of the invertible masking mapping A and (ii) obfuscation values y that are likewise masked with the invertible masking mapping A; wherein from the white-box round input values x? only the (i) round input values x are fed to the SubBytes transformation T, and (ii) the masked obfuscation values y are not.Type: GrantFiled: July 12, 2017Date of Patent: September 21, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventor: Sven Bauer
-
Patent number: 11055596Abstract: A method for manufacturing a chip card is provided by electroconductive connecting of a chip module to a chip-card body having at least one electrical contact area. The method includes adhesively connecting the chip module to the chip-card body by a thermoplastic, electroconductive elastomeric material such that the chip module is conductively connected to at least one electrical contact area of the chip-card body.Type: GrantFiled: January 23, 2020Date of Patent: July 6, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventor: Johannes Bader
-
Patent number: 11023600Abstract: A method for protection against a relay attack on a system is composed of at least a first and a second communication device. Data are transmitted wirelessly between the first and the second communication device. The first communication device ascertains a first spectrum of all wirelessly transmitted signals to be received at the location of the first communication device within a frequency band. The second communication device likewise ascertains a second spectrum of all wirelessly transmitted signals to be received at the location of the second communication device within the frequency band. The frequency band is limited by a minimum and a maximum frequency. The second communication device transmits the second spectrum to the first communication device. The first communication device compares the first spectrum with the second spectrum in order to ascertain whether the second communication device is located at the location of the first communication device.Type: GrantFiled: February 5, 2018Date of Patent: June 1, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Klaus Finkenzeller, Volker Stöhr
-
Patent number: 11003797Abstract: A method and a system for subscription management in a security element for a mobile end device, wherein one subscription profile is associated with one subscription. For a subscription profile, an access to functionalities of the security element is subscription-profile-specifically restricted.Type: GrantFiled: June 22, 2016Date of Patent: May 11, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Nils Nitsch, Michael Schnellinger
-
Patent number: 10979429Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.Type: GrantFiled: April 13, 2017Date of Patent: April 13, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Frank Götze, Claus Dietze, Jan Eichholz
-
Patent number: 10966081Abstract: A system for registering an MSISDN with a device hosting the UICC and in which the UICC is or can be operated includes a UICC provisioning server operated by an UICC different from the MNO. A Local Profile Assistant LPA is installed within the device or the UICC, and enables establishment of secured data sessions between the UICC and the UICC provisioning server. A modem is installed within the device or UICC. The modem enables communication of the device within a mobile network operator MNO mobile network. An MSISDN retrieval logic is associated with the LPA. A logic is constructed to perform a retrieval sequence with the foregoing components and data.Type: GrantFiled: December 20, 2018Date of Patent: March 30, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Jorgen Hult, Markus Haubner, Nils Nitsch, Waleed Badawy, Ulrich Huber, Anders Kokeritz, Hrushikesh Chidley, Rikard Forselius, Gero Galka
-
Patent number: 10943238Abstract: A method for authorizing a transaction reading out a first code and a second code by means of a first mobile device. The second code contains information items for decrypting the first code. From the read-out codes a first signature confirming the transaction vis-à-vis the system is generated, which is transmitted to the system. Subsequently, an authorization of the transaction is effected.Type: GrantFiled: January 27, 2015Date of Patent: March 9, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Michael Baldischweiler, Claus Dietze, Martin Auer
-
Patent number: 10944741Abstract: A method for reading an identity document, a readout terminal and a readout system, which simplifies the multiple reading of identity documents. According to the method, an authentication key and an information item are stored in hidden fashion in the chip of the identity document.Type: GrantFiled: July 10, 2015Date of Patent: March 9, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Frank Schmalz, Jan Eichholz, Christopher Schmid
-
Patent number: 10926573Abstract: The present invention is directed to a method for supplying an optical security element in a value document, as well as to an accordingly devised apparatus for adjusting an optical security element as well as to the value document per se. According to the invention a method is proposed which makes it possible to supply a known optical security element in an especially simple technical way, without a vapor deposition of embossed structures being necessary in this connection. Further the present invention is directed to a computer program product having control commands, which executes the method or operates the proposed apparatus.Type: GrantFiled: February 9, 2018Date of Patent: February 23, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Günter Endres, Klaus Kohl, Martin Imhof
-
Patent number: 10904759Abstract: A method for the initial operation and personalization of a subscriber identity module in a mobile radio network, prior to its first initial operation in the mobile radio network, the subscriber identity module does not yet include an individual secret key and is being equipped with an individual, unique parameter data set only after its first initial operation in the mobile radio network. A mobile radio server takes on, from the subscriber identity module, an authentication message formed with a preliminary parameter data set comprising an individual, unique subscriber identification and a non-individual, non-unique preliminary secret key, and sends, after a verification, in response thereto an individual, unique final secret key to the subscriber identity module for programming into the subscriber identity module. The preliminary parameter data set is introduced into the subscriber identity module selectively during production or by an initializing step based on an initial parameter data set.Type: GrantFiled: August 16, 2018Date of Patent: January 26, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventor: Lars Hoffmann
-
Patent number: 10904742Abstract: A method for the communicating of a subscriber identity module, implemented or implementable in an end device, in which at least one profile is adapted for the utilization of the mobile end device in a mobile communication network, vis-à-vis a server, in which method a message from the subscriber identity module is sent to the server. Before the sending of the message, a step of the establishing of a technology is carried out in the subscriber identity module in which there is established, which technology the profile corresponds to, and the sending is carried out compliant with the technology. The communicating can involve the notifying of a profile change effected in the subscriber identity module.Type: GrantFiled: June 24, 2016Date of Patent: January 26, 2021Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Nils Nitsch, Ulrich Huber
-
Patent number: 10873575Abstract: A method for providing a personal identification code of a security module, includes a personal identification code assigned to the security module and a server is provided which a user of the security module can access after an authentication. In the method, triggered by a request from the user at the server, an authentication code is transmitted to a terminal of the user by means of a first message. An authentication code input by the user is received at the server, whereupon it is verified whether the input authentication code matches the authentication code transmitted to the terminal, wherein, in the case of a match, the personal identification code is transmitted to the terminal of the user by means of a second message.Type: GrantFiled: May 25, 2016Date of Patent: December 22, 2020Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Werner Herget, Thomas Werner
-
Patent number: 10867326Abstract: A method for securing a transaction in a reputation system includes the following steps: authenticating a user vis-à-vis an end device by means of an electronic proof of identity for releasing authentication data for the digital identity that are stored on the end device, and authenticating the digital pseudonym assigned to the user vis-à-vis the reputation system by means of the end device while employing the stored authentication data pertaining to the digital pseudonym. The electronic proof of identity can be present as an electronic identity card in the form of a portable data carrier.Type: GrantFiled: December 9, 2013Date of Patent: December 15, 2020Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Gisela Meister, Dirk Wacker, Katharina Wallhausser
-
Patent number: 10864668Abstract: A composite film material usable in a data carrier card body includes a first outer plastic layer, an inner plastic layer and a second outer plastic layer, all the layers together forming a co-extruded composite. The plastic material of the first outer layer is a polyethylene terephthalate glycol copolymer (PETG) or contains a PETG, the plastic material of the inner layer is a thermoplastic copolyester elastomer (TPC) or contains a TPC, and the plastic material of the second outer layer is a PETG or contains a PETG.Type: GrantFiled: February 23, 2011Date of Patent: December 15, 2020Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Josef Riedl, Cordula Regensburger, Andreas Braun