Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes: —Transmitting from the MNO the unique identifier to a SM-DP; —Creating the subscription profile at the SM-DP; —Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC; —Provisioning in the MNO the temporary IMSI and an ephemeral key; —At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI; —At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y?) by encrypting said candidate data element (x?) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y?) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x?) belongs to said list of reference data elements (xi). Other embodiments disclosed.

Abstract: A system for authenticating an electronic device by means of an authentication server in order to authenticate a user of said electronic device. The system is adapted to perform an authentication based on a fictive payment transaction and includes the authentication server which is adapted to execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution to receive a first cryptogram from said electronic device; send said first cryptogram to a banking server; and receive from said banking server an acknowledgment if said first cryptogram is valid; when said fictive payment transaction has been executed, compute an authentication identification based on said electronic device's data; said electronic device which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server and during said execution to send said first cryptogram to said authentication server.

Abstract: Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.

Abstract: Provided is a method for securely diversifying a generic application stored in a secure processor of a terminal, said method comprising: Generating at the request of a manager application hosted in an application processor of said terminal, at the level of a distant server, a server challenge; Sending said server challenge to said application; Generating a first message at said application, said first message being function of said server challenge, an application challenge and an unique identifier of said application; Sending said first message to a Root-Of-Trust service hosted in a secure processor of said terminal, said Root-of-Trust service generating an attestation of said first message, said attestation guaranteeing that said first message has not been modified and originates from said secure processor; and Transmitting said attestation of said first message to said distant server in an enablement request message.

Abstract: Provided is a method for connecting a terminal cooperating with a secure element to a second network, the secure element having a subscription from a first network whilst the secure element is roaming on a third network, the secure element storing the PLMN code of the second network, called second PLMN code, and the PLMN code of the third network, called third PLMN code, the second PLMN code having a higher priority than the third PLMN code in the OPLMN roaming file, the second PLMN having no roaming agreement with the first network nor the third network, and the third network having a coverage that overlaps at least a part of the coverage of the second network, the method comprising, when it is detected that the second network has rejected the attachment request of the terminal.

Abstract: A system configured to perform decision tasks carried out by a machine learning engine operates with a machine learning model, and includes a training component for improving the machine learning model, a device for carrying out decisions based on a set of input data, and an interaction interface for switching the machine learning model between training component and a device that includes a model attestation checker. The device performs acquiring input data, and ascertaining at least one machine learning model over the interaction interface. The model attestation checker performs checking if said machine learning model is trusted by a model attestation, and considering, for decision making, only those machine learning models that are trusted. The machine learning engine performs carrying out the decision task for input data by using a trusted machine learning model, and providing a result attestation for the decision output.

Abstract: Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

Abstract: The invention relates to a method for producing a support body in a card format, with a graphic customization, that has a surface finishing effect that is more or less smooth, rough, mirrored or matte on the support body. The method includes supplying a support body having a layer of material configured to allow a marking by punching or lamination. The layer is exposed on the main external face and the surface finishing effect is equivalent to that obtained by a step of marking or lamination while not including a step of depositing varnish.

Abstract: Provided is a method for securing a security document comprising at least personal data pages and a cover sheet placed outside the personal data pages, the method comprising, during security document manufacturing, a step of stitching the personal data pages and the cover sheet together by means of an upper thread and a lower thread interlaced together and a step of treating at least a part of the stitching with ultrasonic welding so as to structurally modify the thread.

Abstract: Provided is a method for executing a security related process comprising at least a first operation and a subsequent programming operation of a memory area in a first memory row of a first memory of a system and using as input security data stored in said second memory of said system, wherein said first memory is a non-volatile memory and said system comprises a first memory charge pump. The method comprises, when the execution of said security related process is triggered: opening (S2) the first memory row, charging (S3) said first memory charge pump, performing (S4) said first operations of the security related process, based on said security data from the second memory, and performing (S5) said programming operation of said memory area in said opened first memory row using said charged charge pump.

Abstract: The invention is a method for managing an instance of a class in a secure element embedded in a hosting machine and including a Central Processing Unit, a storage area and a virtual machine. The method comprises a step of receiving by the secure element a load file containing a binary representation of a package of the class and a step of instantiating the instance from the package and storing the instance in the storage area. The load file includes a specific component which is a custom component within the meaning of Java Card™ specifications and which contains executable data. The instance requests the execution of a subset of the executable data by directly invoking the subset of executable data through an Application Programming Interface.

Abstract: Provided is a method for dynamically selecting a mobile subscription for a secure element cooperating with a terminal in a telecommunication system comprising a network visited by the terminal and a HSS of a server The method includes sending from the secure element a random e-IMSI ephemeral IMSI in a first attachment request message to the HSS through the visited network, the visited network having the best received signal and having a roaming agreement with an e-IMSI service provider; and transmitting 101 from the HSS to the secure element in a signaling message a PLMN list of all the local operators having a commercial agreement with the e-IMSI service provider.

Abstract: Provided is an anti-counterfeit label with multi-focus multi-layer depth-of-field images. The anti-counterfeit label is sequentially provided with a multi-focus microlens array layer, a transparent base membrane layer and a microtext array layer from top to bottom in a laminating mode, and a metal reflective layer is arranged under the microtext array layer; the multi-focus microlens array layer comprises microlenses which are distributed in an array mode and have multiple focuses; the microtext array layer comprises one set or multiple sets of subunit pattern periodic ordered arrays. The anti-counterfeit label has the advantages that the microtext array layer can be amplified by 80-800 times by the multi-focus microlens array layer. The anti-counterfeit label is particularly suitable for popular anti-counterfeiting and can effectively improve the anti-counterfeit capacity.

Abstract: The invention provides a solution to accessing for a geographical location information-based service in a server of a machine type communication based communication system, where firstly a server broadcasts or multicasts a content request message, the content request message comprising information on requested content and information on a target geographical location; then the server receives a response message from at least one user equipment, the response message indicating that the at least one user equipment possesses the requested content and the at least one user equipment being located within the target geographical location; and finally the server acquires the requested content from the at least one user equipment.

Abstract: The invention relates to a method for performing a transaction with a system (1, 1A, 1B, 10) comprising a terminal (2) and a chip device (3), said system being configured to communicate to a user (6), during said transaction, transaction information from the terminal via an adapter (4), said adapter being configured to receive, by wire or wirelessly, said information (5) and to translate it into voice or another form, said information being obtained or collected in or via said chip device (3), characterized in that said chip device (3) is configured with a first communication interface with proximity radiofrequency or electrical (M3) contacts included in the device in order to receive the transaction information directly from a communication interface of the terminal. The invention also relates to the corresponding system.

Abstract: Method for improving user authentication efficiency performed by a communication device belonging to an authentication system. The communication device includes a local machine learning engine having a set of N artificial neural network ANN1,i adapted to process N different types of input signals.

Abstract: Provided is a method to operate a secure chip card for connecting to a user equipment operating in a cellular network comprising a plurality of network slices, wherein for at least one network slice a slice authentication server is operational, the secure chip card comprising a secured memory with at least one slice authentication application

Abstract: Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.

Abstract: In a method for securing access to a service, a device is set in a restricted operation mode that allows addressing only a first server and that is associated with a first identifier relating to a first connectivity gateway. The device accesses the first identifier and a subscription profile that is active during the restricted operation mode. The first server receives from the device a request for enrolling a device user and at least one feature relating to a user identity. The first server verifies whether the user identity feature is valid. If the user identity feature is valid, the first server sends to the device a command for deactivating the restricted operation mode. The device deactivates the restricted operation mode while storing, instead of the first identifier, a second identifier relating to a second connectivity gateway. The second identifier allows accessing a second server that manages the service.