Abstract: A method for provisioning an applet in a security element with credentials of a terminal application provided by an application server comprises: Sending a request to provision the applet with credentials from the terminal application to the applet; Sending an SMS message containing an identifier of the applet from the applet to an OTA platform; Adding the MSISDN of the security element by an SMSC located in front of the OTA platform in the header of the SMS; Requesting the credentials from the OTA platform to the application server; Sending from the application server to the OTA platform the credentials to be associated with the MSISDN; Sending from the OTA platform to the applet the credentials associated with the MSISDN; and Sending from the applet to the terminal application a message that it has been provisioned with credentials of the terminal application.

Abstract: In an example, a method includes capturing one or more friction ridge images of a finger at an instance in time, the one or more friction ridge images including a plurality of perspectives of the finger. The method also includes determining, from the one or more friction ridge images, a rolled fingerprint representation of the finger, the rolled fingerprint representation comprising data from the plurality of perspectives, and outputting the rolled fingerprint representation.

Abstract: A method for personalizing pre-generated protected profiles, as defined by the GSMA SGP.02 and SGP.22 RSP Technical Specifications, includes adding an application and diversified data at the end of the profiles in order to re-compute only the SCP03t security at the end of the profiles and to transmit the protected profiles to eUICCs cooperating with terminals.

Abstract: A method of inserting guilloche patterns in a document, each guilloche pattern being capable of encoding variable alphanumeric data ensuring a different aspect at each guilloche pattern so as to render said document secure using an operation of determining an insertion intensity of each guilloche pattern previously generated on the basis of a mid-gray level of the document near said guilloche pattern. A device for implementing this insertion method. The method further provides for extracting guilloche patterns from a secure document likely to be degraded by determining a contrast card of at least one portion of the secure document that includes the guilloche patterns, identifying, on this contrast card an optimal percolation trajectory, and extracting the optimal percolation trajectory, said trajectory corresponding to the guilloche pattern.

Abstract: Method for a service provider to launch a targeted service implemented by an application belonging to a security domain of an eUICC embedded into a communication device.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes:—Transmitting from the MNO the unique identifier to a SM-DP;—Creating the subscription profile at the SM-DP;—Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC;—Provisioning in the MNO the temporary IMSI and an ephemeral key;—At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI;—At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: Secure generation of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), by obtaining a hashed message, said hashed message being computed by hashing said message with a public hash function H:{0,1}*?Z*N, generating a first part of the RSA signature from said hashed message and said first private exponent component share, generating a second part of the RSA signature from said first part of the RSA signature and said second private exponent component share, determining the RSA signature from said second part of the RSA signature, and wherein the step of generation of a part of the RSA signature from the smaller private exponent component share among the first and second private exponent component shares is performed using a whitebox protection method and the step of generation of a part of the RSA signature from the bigger private exponent component share among the first and second private exponent component shares is performed using lower security req

Abstract: The invention relates to a method for producing a support body in a card format, with a graphic customization, that has a surface finishing effect that is more or less smooth, rough, mirrored or matte on the support body. The method includes supplying a support body having a layer of material configured to allow a marking by punching or lamination. The layer is exposed on the main external face and the surface finishing effect is equivalent to that obtained by a step of marking or lamination while not including a step of depositing varnish.

Abstract: A method for enrolling a holder of a biometric transaction device includes the following step: storing at least one biometric pattern in the device. The method further includes the following steps: a) providing the holder with a portable, mobile power connector, configured to trigger the storing; b) and/or activating the biometric pattern, the activation being carried out in response to or in association with a successful authentication of the holder. A corresponding system is also enclosed.

Abstract: A virtual smart card service corresponds to an execution of a smart card application. A key is stored at a server side. Application metadata is used to emulate a smart card application logic. The method comprises: processing, by a client, the smart card application logic; running the smart card application while retrieving smart card data from the smart card application logic; identifying key operation within the smart card application; generating a key operation request by using the identified key operation and data relating to the client; sending to the server the key operation request; processing, by the server, the key operation request by using the key and client data; getting a key operation result from the identified key operation on the client data; and sending to the client the key operation result.

Abstract: Electronic voting including a registration authority server, an election authority server, and a voter-host computer connected to an electronic identity card associated with a voter casting a vote. The registration authority server computer and the secure electronic identity card establish a first cross-domain unlinkable pseudonym for the secure electronic identification token, the first cross-domain unlinkable pseudonym being unique to the electronic identity card and the registration authority. The registration authority writes a vote-eligibility attribute on the electronic identity card. The election authority server computer retrieves a second cross-domain unlinkable pseudonym and the vote-eligibility attribute from the electronic identity card, the second cross-domain unlinkable pseudonym being associated with the election authority, and writes an attribute on the electronic identity card indicative of receipt of a vote cast by the voter.

Abstract: A method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers associated to a second network operator by selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set, sending an attachment request comprising the randomly selected IMSI, receiving in an authentication request message the request for getting the eUICC identifier, as a response, sending to the discovery server a authentication failure message, receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Abstract: The present invention relates to a method for authentication of a user using a user equipment, comprising an authentication engine for authenticating at least one user, said authentication engine being configured to operate with a local authentication model, wherein the method comprises the step for the user equipment of enhancing its local authentication model by at least one authentication factor, wherein said at least one authentication factor is stored in the local authentication model with a validity indication, indicating the time the authentication factor is valid for taking into account by the authentication engine, and authenticating a user by means of a match of the local authentication model with a set of user behavior indications retrieved by the user equipment through the authentication engine.

Abstract: The invention relates to a method for detecting a failure in a PDP context or an EPS PDN connection. A chip incorporated within or coupled to a device receives from the device a call control PDP context activation type event or a call control EPS PDN connection activation type event. The chip receives from the device an updated value relating to an HFN start PS. The chip compares the last updated value relating to the HFN start PS to a predetermined value relating to the HFN start PS. If the last updated value relating to the HFN start PS is greater than or is less than/equal to the predetermined value relating to the HFN start PS, then the chip detects that the PDP context or the EPS PDN connection has been successfully or unsuccessfully activated respectively.

Abstract: A method and system for providing proof of personal information includes a first device sending a request to a server for proving user information and data identifying a requester. The server generates (i) requester authentication data and associated data identifying a transaction, and (ii) a proof of user information using the user information and the requester authentication data. The server then sends the proof of user information and the associated data identifying the transaction to the first device. A second device sends to the server a request for getting authentication data associated with data identifying a transaction and the associated data identifying the transaction. In response to the request, the server sends authentication data associated with the data identifying the transaction to the second device. The second device or a verifier may then authenticate the user information only if the received authentication data matches the requester authentication data.

Abstract: This invention relates to a method for granting, for a mobile device which is not provisioned with a subscription to access a wireless network, the establishment of an initial wireless communication over a second wireless network (Se-PLMN) operated by a second wireless network operator (Se-MNO), the mobile device belonging to a user, the method comprising the steps of: receiving (801) by the second wireless network (Se-PLMN) an identifier of the mobile device; verifying (802), in an immutable distributed database hosted by a first wireless network operator (Fi-MNO) and the second mobile network operator (Se-MNO) in which data is replicated across a plurality of compute nodes of a network, if at least a published assertion comprising said identifier of the mobile device demonstrates that the user owns a first subscription to the first mobile network operator (Fi-MNO), said subscription allowing said first operator (Fi-MANO) to be charged by the second mobile network operator (Se-MNO) for the establishment of a

Abstract: The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.

Abstract: This invention relates to a method to compensate by a server a clock deviation of a card i by maintaining a time base Tbase (i) synchronized with card i, the method comprising the steps of: receiving at a time TS a dynamic card verification dCVV code value generated by card i; providing a set of at least two dCVV code corresponding to two successive dCVV time periods; if the dCVV code received from card i corresponds to one of the dCVV codes of the provided set but is different from the reference dCVV code, determine the minimum possible timing drift Min_td between the time base maintained by the server for the card and the time base Tbase(i) of the card; updating time base Tbase(i) by addition of a time drift correction equal to the minimum possible time drift Min_td.

Abstract: Method for activating a feature of a chip having an interface comprising at least two power pins. The method comprises the following steps: the chip measures a series of voltage values between said power pins, the chip detects a series of sync signals different from clock signals, said sync signals being interleaved with said voltage values, the chip identifies a data sequence from said series of voltage values, and the chip activates the feature only if the data sequence matches a predefined pattern.

Abstract: The present invention relates to a mobile communication device for communicating with a cellular network by means of a serving base node, the mobile communication device further being connected to a subscriber identity module, the mobile communication device being configured to operate in a power optimization mode wherein the power optimization mode comprises extended paging periods, and the mobile communication device is further configured to set up a communication context with the base node using authentication means of the subscriber identity module, wherein the mobile communication device is further configured, in case of detection of a removal of the subscriber identity module and when the power optimization mode is activated: to send an removal alert message to the serving base node by means of said communication context, afterwards to terminate the communication context.