Patents by Inventor Benoit Gonzalvo
Benoit Gonzalvo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10939265Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.Type: GrantFiled: September 6, 2016Date of Patent: March 2, 2021Assignee: THALES DIS FRANCE SAInventors: Milas Fokle, Benoit Gonzalvo, Guillaume Huysmans
-
Patent number: 10251062Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.Type: GrantFiled: April 25, 2016Date of Patent: April 2, 2019Assignee: GEMALTO SAInventors: HongQian Karen Lu, Jean-Yves Fine, Benoît Gonzalvo, Aline Gouget
-
Publication number: 20180314810Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.Type: ApplicationFiled: September 6, 2016Publication date: November 1, 2018Applicant: GEMALTO SAInventors: Milas FOKLE, Benoit GONZALVO, Guillaume HUYSMANS
-
Publication number: 20180091977Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.Type: ApplicationFiled: April 25, 2016Publication date: March 29, 2018Applicant: GEMALTO SAInventors: HongQian Karen LU, Jean-Yves FINE, Benoît GONZALVO, Aline GOUGET
-
Patent number: 9361470Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.Type: GrantFiled: September 18, 2012Date of Patent: June 7, 2016Assignee: GEMALTO SAInventors: Xavier Berard, Nicolas Roussel, Richard Pico, Frédéric Faure, Benoît Gonzalvo
-
Patent number: 9319882Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.Type: GrantFiled: October 25, 2013Date of Patent: April 19, 2016Assignee: GEMALTO SAInventors: Xavier Berard, Richard Pico, Frederic Faure, Benoit Gonzalvo
-
Publication number: 20150289135Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.Type: ApplicationFiled: October 25, 2013Publication date: October 8, 2015Applicant: GEMALTO SAInventors: Xavier Berard, Richard Pico, Frederic Faure, Benoit Gonzalvo
-
Publication number: 20140250501Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.Type: ApplicationFiled: September 18, 2012Publication date: September 4, 2014Applicant: Gemalto SAInventors: Xavier Berard, Nicolas Roussel, Richard Pico, Frédéric Faure, Benoît Gonzalvo
-
Publication number: 20140189373Abstract: This invention relates to a method for hard partitioning the resources of a secure computer system. The system hardware comprises a hardware mechanism designed to: generate an encryption key with each new program detected by the system, the key being specific to each program, store the said key associated with a program identifier in the system resources, encrypt and store all the data created by the program in the system resources with the key that is specific to it, decrypt the data of the program with the key specific to it in response to a manipulation, call, read and/or write request from a requesting program.Type: ApplicationFiled: July 31, 2012Publication date: July 3, 2014Applicant: GEMALTO SAInventors: Benoit Gonzalvo, Philippe Loubet Moundi
-
Patent number: 8661535Abstract: A method for executing an application compiled in intermediate code on a portable digital appliance equipped with a virtual executing machine for interpreting the intermediate code. The method includes a step of applying a secure execution mode wherein the interpretation of the intermediate code by the virtual machine includes the following steps: for each item of data the code handled for execution of an arithmetic and/or logical operation defined by the code, generating control data, related to the data of the code via a predetermined function; in parallel with the execution of the operation, executing a control operation related to the operation defined by the code via the predetermined function, and acting on the control data.Type: GrantFiled: December 12, 2006Date of Patent: February 25, 2014Assignee: Gemalto SAInventors: Benoit Gonzalvo, Pierre Girard
-
Patent number: 8646092Abstract: The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.Type: GrantFiled: July 18, 2007Date of Patent: February 4, 2014Assignee: Gemalto SAInventors: Benoit Gonzalvo, Jacques Jean-Alain Fournier
-
Publication number: 20130268934Abstract: The present invention describes a method for securing the execution of a computer program in a multitask device. This method is based on the execution, in parallel with the program to be made secure, of a security thread, able to modify the parameters of the scheduler.Type: ApplicationFiled: December 9, 2011Publication date: October 10, 2013Applicant: GEMALTO SAInventor: Benoît Gonzalvo
-
Publication number: 20090328231Abstract: The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.Type: ApplicationFiled: July 18, 2007Publication date: December 31, 2009Applicant: GEMALTO SAInventors: Benoit Gonzalvo, Jacques Jean-Alain Fournier
-
Publication number: 20090165149Abstract: A method for executing an application compiled in intermediate code on a portable digital appliance equipped with a virtual executing machine for interpreting the intermediate code. The method includes a step of applying a secure execution mode wherein the interpretation of the intermediate code by the virtual machine includes the following steps: for each item of data the code handled for execution of an arithmetic and/or logical operation defined by the code, generating control data, related to the data of the code via a predetermined function; in parallel with the execution of the operation, executing a control operation related to the operation defined by the code via the predetermined function, and acting on the control data.Type: ApplicationFiled: December 12, 2006Publication date: June 25, 2009Applicant: GEMPLUSInventors: Benoit Gonzalvo, Pierre Girard
-
Patent number: 7168625Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.Type: GrantFiled: July 7, 2003Date of Patent: January 30, 2007Assignee: GemplusInventors: Pierre Girard, Benoit Gonzalvo
-
Publication number: 20050218234Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.Type: ApplicationFiled: July 7, 2003Publication date: October 6, 2005Inventors: Pierre Girard, Benoit Gonzalvo