Patents by Inventor Ly Thanh Phan

Ly Thanh Phan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20220248315
    Abstract: A method for updating a terminal comprising a secure element is provided by way of an Over-the-Air (OTA) platform. The OTA receives at least a location data reflecting the location of the terminal and a request for downloading a list of preferred networks in the terminal. Each of said preferred networks may be associated with its own target roaming quota usage, at least one weighting factor associated to a given list of the set may be updated as a result of an optimization function which aims at generating one weighting factor based on a target roaming quota usage associated to each preferred network of the given list. Other embodiments are disclosed.
    Type: Application
    Filed: May 12, 2020
    Publication date: August 4, 2022
    Applicant: THALES DIS FRANCE SAS
    Inventors: Ly Thanh PHAN, Jean-François GROS, Jean-Yves FINE, Vincent DANY
  • Publication number: 20220225077
    Abstract: Provided is a method to operate a subscriber identification module connected to a communication equipment configured to operate in a cellular network and communicatively coupled with a remote server. The method includes receiving from the communication equipment an information element indicating a time range relating to a suspend time of the communication equipment, receiving from the remote server a target access time information element indicating an expected time for an access request from the subscriber identification module to the remote server, and determining a suspension time period considering the suspend time range. The method includes providing to the communication equipment the suspension time period, and in case after resuming from the suspension instructed by the communication equipment the accumulated duration of at least one successive time period derived from the suspension time period exceeds the target access time, sending a polling message.
    Type: Application
    Filed: April 7, 2020
    Publication date: July 14, 2022
    Applicant: THALES DIS FRANCE SAS
    Inventors: Ly Thanh PHAN, Vincent DANY, Jean-François GROS
  • Publication number: 20220200795
    Abstract: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SR) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SR) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SR), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SR) by derivation from the Diffie-Hellman session key (gxy) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or KAF), the user authentication be
    Type: Application
    Filed: April 7, 2020
    Publication date: June 23, 2022
    Applicant: THALES DIS FRANCE SA
    Inventors: Mireille PAULIAC, Ly Thanh PHAN
  • Publication number: 20220191677
    Abstract: A system comprising a secure element cooperating with a telecommunication terminal is provided. The secure element or the terminal comprises files in which MCC/MNC codes of MNOs are stored. The telecommunication terminal is configured to select the files in order to attach the terminal to the telecommunication network of a MNO. The secure element or the terminal also comprise a file, called National like network file, for storing national network codes (MCC/MNC) of networks of the country of the Home PLMN of the secure element. The terminal selects the National like network file in order to try to connect the terminal to one of the networks referenced in the National like network file. Other embodiments are disclosed.
    Type: Application
    Filed: March 17, 2020
    Publication date: June 16, 2022
    Applicant: THALES DIS FRANCE SAS
    Inventors: Jean-François GROS, Ly Thanh PHAN, Vincent DANY
  • Publication number: 20220116777
    Abstract: A system and method for authentication of a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network is provided. The telecommunication network comprises a SEAF and a AUSF/UDM/ARPF. The method includes generating an anchor key (KSEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (KSEAF_SRT) is indirectly derived from a key (KSRT) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI. Other embodiments are disclosed.
    Type: Application
    Filed: January 16, 2020
    Publication date: April 14, 2022
    Applicant: THALES DIS FRANCE SA
    Inventors: Ly-Thanh PHAN, Mireille PAULIAC
  • Publication number: 20220104023
    Abstract: A method for detecting that a removable secure element has been temporarily disconnected from a first device includes: Providing by the secure element to the first device a first Temporal Global Identity; Entering the first device in the sleeping mode; If the secure element is inserted and used by a second device during the sleeping mode of the first device, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity and providing the second Temporal Global Identity to the second device; When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element; If the Temporal Global Identity read is not the same than the stored Temporal Global Identity, sending to an MNO server a message to indicate that the secure element has been used by another device.
    Type: Application
    Filed: January 2, 2020
    Publication date: March 31, 2022
    Applicant: THALES DIS FRANCE SA
    Inventors: Ly Thanh PHAN, Vincent DANY, Mireille PAULIAC
  • Publication number: 20220070813
    Abstract: A method for connecting a secure element to a network of a first mobile network operator using an ephemeral first IMSI, in order to get a second IMSI, from the first mobile network operator, includes: Selecting a first radio serving network, the first selected network being not listed in the Forbidden VPLMN list of the secure element; Sending a REGISTER REQUEST message comprising the first IMSI to the first selected network; If the first selected network does not route the message to the network of the first mobile network operator, stop trying to register with the first selected network and put the MCC/MNC codes of the first selected network in the Forbidden VPLMN list of the secure element; Searching for a another network to register with; and Repeat the foregoing steps until a network routes the first IMSI to the network of the first mobile network operator.
    Type: Application
    Filed: January 2, 2020
    Publication date: March 3, 2022
    Applicant: THALES DIS FRANCE SA
    Inventors: Jean-Yves FINE, Ly Thanh PHAN
  • Patent number: 11177951
    Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: November 16, 2021
    Assignee: THALES DIS FRANCE SA
    Inventors: Mireille Pauliac, Michel Endruschat, Ly Thanh Phan, Jean-Yves Fine
  • Patent number: 11115195
    Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: September 7, 2021
    Assignee: THALES DIS FRANCE SA
    Inventor: Ly Thanh Phan
  • Patent number: 11012860
    Abstract: This invention relates to a method for granting, for a mobile device which is not provisioned with a subscription to access a wireless network, the establishment of an initial wireless communication over a second wireless network (Se-PLMN) operated by a second wireless network operator (Se-MNO), the mobile device belonging to a user, the method comprising the steps of: receiving (801) by the second wireless network (Se-PLMN) an identifier of the mobile device; verifying (802), in an immutable distributed database hosted by a first wireless network operator (Fi-MNO) and the second mobile network operator (Se-MNO) in which data is replicated across a plurality of compute nodes of a network, if at least a published assertion comprising said identifier of the mobile device demonstrates that the user owns a first subscription to the first mobile network operator (Fi-MNO), said subscription allowing said first operator (Fi-MANO) to be charged by the second mobile network operator (Se-MNO) for the establishment of a
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: May 18, 2021
    Assignee: Thales Dis France SA
    Inventors: Ly Thanh Phan, Ilan Mahalal
  • Patent number: 10965690
    Abstract: This invention relates to a method for managing the status of a connected device by publishing assertions in an immutable distributed database composed of a plurality of compute nodes, a pair of keys comprising a public key and a private key being associated with the connected device. The method comprises the steps of: receiving from a first terminal associated to a first user an instruction message; verifying that the first user is allowed to modify the status of the connected device; sending an assertion request to the immutable distributed database for publishing an assertion comprising the status information.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: March 30, 2021
    Assignee: THALES DIS FRANCE SA
    Inventor: Ly Thanh Phan
  • Publication number: 20190238324
    Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r
    Type: Application
    Filed: March 30, 2017
    Publication date: August 1, 2019
    Applicant: Gemalto SA
    Inventors: Mireille PAULIAC, Michel ENDRUSCHAT, Ly Thanh PHAN, Jean-Yves FINE
  • Publication number: 20190208419
    Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.
    Type: Application
    Filed: July 27, 2017
    Publication date: July 4, 2019
    Applicant: Gemalto SA
    Inventor: Ly Thanh PHAN
  • Publication number: 20190149558
    Abstract: This invention relates to a method for managing the status of a connected device by publishing assertions in an immutable distributed database composed of a plurality of compute nodes, a pair of keys comprising a public key and a private key being associated with the connected device. The method comprises the steps of: receiving from a first terminal associated to a first user an instruction message; verifying that the first user is allowed to modify the status of the connected device; sending an assertion request to the immutable distributed database for publishing an assertion comprising the status information.
    Type: Application
    Filed: May 22, 2017
    Publication date: May 16, 2019
    Inventor: Ly Thanh PHAN
  • Publication number: 20190124512
    Abstract: This invention relates to a method for granting, for a mobile device which is not provisioned with a subscription to access a wireless network, the establishment of an initial wireless communication over a second wireless network (Se-PLMN) operated by a second wireless network operator (Se-MNO), the mobile device belonging to a user, the method comprising the steps of: receiving (801) by the second wireless network (Se-PLMN) an identifier of the mobile device; verifying (802), in an immutable distributed database hosted by a first wireless network operator (Fi-MNO) and the second mobile network operator (Se-MNO) in which data is replicated across a plurality of compute nodes of a network, if at least a published assertion comprising said identifier of the mobile device demonstrates that the user owns a first subscription to the first mobile network operator (Fi-MNO), said subscription allowing said first operator (Fi-MANO) to be charged by the second mobile network operator (Se-MNO) for the establishment of a
    Type: Application
    Filed: May 22, 2017
    Publication date: April 25, 2019
    Inventors: Ly Thanh PHAN, Ilan MAHALAL
  • Publication number: 20150286811
    Abstract: The invention relates to a method for authenticating a user when accessing to an application securely stored on a secure element of a portable device, said method comprising a step of authenticating the user via two authentication factors. The method comprises requesting a further authentication factor to said user, in a form of challenge-response based on a randomised request associated to a biometric data of said user.
    Type: Application
    Filed: October 18, 2013
    Publication date: October 8, 2015
    Applicant: GEMALTO SA
    Inventors: Ly-Thanh Phan, Denis L'Heriteau
  • Patent number: 9148896
    Abstract: A method for establishing a communication channel between a local server and a remote server includes: i) transmitting, from the local server to a terminal, the IP address of the remote server and a communication port of the local server; ii) transmitting the IP address of the terminal from the terminal to the local server; iii) transmitting, from the local server to the terminal, a request to connect to the remote server, including the IP addresses of the remote server and the terminal, an identifier of the local server; and the communication port; iv) transmitting, from the local server to the remote server, the IP address of the terminal, an identifier of the local server, and the communication port; and v) combining, at the remote server, the identifier of the local server and the IP address of the terminal to ascertain an IP address of the local server.
    Type: Grant
    Filed: January 12, 2012
    Date of Patent: September 29, 2015
    Assignee: GEMALTO SA
    Inventors: Didier Morel, Cyril Barras, Jean-Yves Fine, Ly-Thanh Phan
  • Publication number: 20140119355
    Abstract: A method for establishing a communication channel between a local server and a remote server includes: i) transmitting, from the local server to a terminal, the IP address of the remote server and a communication port of the local server; ii) transmitting the IP address of the terminal from the terminal to the local server; iii) transmitting, from the local server to the terminal, a request to connect to the remote server, including the IP addresses of the remote server and the terminal, an identifier of the local server; and the communication port; iv) transmitting, from the local server to the remote server, the IP address of the terminal, an identifier of the local server, and the communication port; and v) combining, at the remote server, the identifier of the local server and the IP address of the terminal to ascertain an IP address of the local server.
    Type: Application
    Filed: January 12, 2012
    Publication date: May 1, 2014
    Applicant: GEMALTO SA
    Inventors: Didier Morel, Cyril Barras, Jean-Yves Fine, Ly-Thanh Phan
  • Patent number: 5991404
    Abstract: A system for diversifying information carried by a network to apparatuses for providing goods or services. The network includes a plurality of platforms each capable of creating messages including diversification data for diversifying the information to be carried. The diversification data is provided by a diversification-data generator in each platform. Each apparatus includes an access control module which stores the diversification data separately for each platform.
    Type: Grant
    Filed: July 15, 1997
    Date of Patent: November 23, 1999
    Assignee: Schlumberger Industries, S.A.
    Inventors: Lionel Brahami, Nathalie Ocquet, Christian Dietrich, Ly Thanh Phan