Abstract: Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.

Abstract: In a method for securing access to a service, a device is set in a restricted operation mode that allows addressing only a first server and that is associated with a first identifier relating to a first connectivity gateway. The device accesses the first identifier and a subscription profile that is active during the restricted operation mode. The first server receives from the device a request for enrolling a device user and at least one feature relating to a user identity. The first server verifies whether the user identity feature is valid. If the user identity feature is valid, the first server sends to the device a command for deactivating the restricted operation mode. The device deactivates the restricted operation mode while storing, instead of the first identifier, a second identifier relating to a second connectivity gateway. The second identifier allows accessing a second server that manages the service.

Abstract: The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.

Abstract: Remote subscription management of an eUICC comprising a private key and a public certificate, the public certificate comprising information allowing a subscription manager server to decide if it can agree to manage the eUICC.

Abstract: Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting: (i) instruction for the cancellation of the previous version of the abstract; and (ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii). RE i) Please cancel the previous version of the abstract. RE ii) A clean version of the substitute Abstract is set forth on the following page. No new matter has been added.

Abstract: The present invention relates to a computing device for executing a first cryptographic operation of a cryptographic process on useful input data, said computing device comprising a first processor, a second processor and a selection circuit wherein: —said selection circuit is configured: —for receiving, from an input bus, expanded input data obtained by interleaving dummy input data with said useful input data, —for determining positions of the dummy input data in said expanded input data, —and for extracting said dummy input data and said useful input data from the expanded input data based on said determined positions, —said first processor is configured for executing said first cryptographic operation of said cryptographic process on said extracted useful input data to obtain useful output data, —said second processor is configured for executing a second operation on said extracted dummy input data to obtain dummy output data, said computing device being configured for having said operations executed such

Abstract: The invention concerns a method for transmitting to a physical or virtual element of a telecommunications network, an encrypted subscription identifier stored in a security element, or an encrypted identifier of the security element or an encrypted identifier of a terminal cooperating with the security element. The method includes pre-calculating proactively, at the occurrence of an event, the encrypted identifier using a key and storing it in a file or memory of the security element with a parameter enabling the key to be calculated by the element of the telecommunications network, in order to be able to transmit to the element of the telecommunications network the encrypted identifier and the parameter, without having to compute the encrypted identifier when the terminal is asking for it.

Abstract: Contactless fingerprint reader. The contactless fingerprint reader has one or more light sources adapted to emit light under different lighting conditions, a first camera adapted to successively capture first images of a subject captured with and without flash light, at least one second camera adapted to capture second images from different angles, one or more sensors adapted to generate one or more spatial-temporal signals representing a change of a distance between said subject and one or more locations of the contactless fingerprint reader, and communication module for sending the first images, said second images, and the one or more spatial-temporal signals to an anti-spoofing device.

Abstract: A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.

Abstract: A central server for communicating with a user equipment and a cellular network is provided. The server is configured to exchange with the cellular network information relating to at least one preconfigured qualifier assigned to the user equipment and assigned to the central server. The server receives a payload item from the cellular network transmitted by the user equipment to said cellular network by means of an authentication failure message for authenticating a user equipment at a cellular network during an attach comprising the payload item, instead of receiving a SMS or establishing an IP connection with the user equipment. The payload item can result from a latest measurement data of user equipment regularly transmitting data to said central server and/or a sensor connectively coupled to the user equipment when operating as an Internet of Things (IoT) smart-metering device.

Abstract: A method for producing a metal insert for a radio-frequency chip card includes the steps of forming or providing an assembly comprising an insulating substrate bearing: at least one antenna coil resting on the substrate, comprising a connection interface to a radio-frequency module, a metal plate comprising radio-frequency permittivity perforations and a cavity for receiving a radio-frequency chip module, respectively arranged facing the antenna coil and its connection interface. The perforations comprise at least two longitudinal slots extending along and facing a portion of the antenna coil, each slot also opening onto the edge of the plate via a passage arranged on the edge. The invention also relates to a corresponding card produced by the method.

Abstract: Provided is a method for managing a multi-application contactless device that includes a memory storing both a first configuration data whose activation is required to expose a first application to a contactless reader and a second configuration data whose activation is required to expose a second application to the contactless reader. The method comprises a step in which a sensor of the contactless device provides a value by evaluating an electromagnetic field generated by the contactless reader. The method comprises a step in which a selector unit of the contactless device activates one of said first and second configuration data by using said value.

Abstract: Provided is a method to implement a Virtual Primary Platform (VPP) using a Tamper Resistant Element (TRE) and an External Execution Environment (EEE).The Virtual Primary Platform (VPP) comprises a VPP Low Level Operating System (VPP LLOS) distributed across a VPP Process Execution Environment (VPEE) in the Tamper Resistant Element (TRE). The VPP Low Level Operating System (VPP LLOS) comprises VPP LLOS API stubs installed in the VPP Process Execution Environment (VPEE) and routes communications between the VPP Process Execution Environment (VPEE) and the External Execution Environment (EEE) and an external agent (EA) installed therein.

Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

Abstract: A virtual smart card service corresponds to an execution of a smart card application. A key is stored at a server side. Application metadata is used to emulate a smart card application logic. The method comprises: processing, by a client, the smart card application logic; running the smart card application while retrieving smart card data from the smart card application logic; identifying key operation within the smart card application; generating a key operation request by using the identified key operation and data relating to the client; sending to the server the key operation request; processing, by the server, the key operation request by using the key and client data; getting a key operation result from the identified key operation on the client data; and sending to the client the key operation result.

Abstract: Provided is a method for determining a match between a candidate fingerprint and a reference fingerprint characterized by minutiae local features. The method includes extracting several minutiae from the candidate fingerprint, computing from said extracted minutiae a plurality of minutiae local features of the candidate fingerprint, computing a first global matching score between the candidate fingerprint and the reference fingerprint based on the first similarity scores of said matching local feature pairs; computing a second global matching score between the candidate fingerprint and the reference fingerprint based on said computed second similarity scores; and determining a match between the candidate fingerprint and the reference fingerprint comprising: comparing the first and second global matching scores and, comparing the first matching score to a matching threshold. Other embodiments disclosed.

Abstract: Provided is a method for determining a match between a candidate fingerprint and a reference fingerprint characterized by minutiae local features. The method includes evaluating a similarity of the candidate fingerprint local feature and the reference fingerprint local feature of a current local feature pair, and determining a match depending on the similarity evaluation and geometric coherence evaluations performed for said current local feature pair. Other embodiments are disclosed.

Abstract: The present invention relates to a method of securely using a first tenant secret key stored under an encrypted form in a first token (TKA) of a first tenant (A) identified by a first tenant identifier (UIDA) and having said first tenant secret key, wherein: each tenant identifier (UIDT) for a tenant (T) comprises a first value and, when said tenant (T) is allowed to use a secret key of a parent tenant (Tp) identified by a parent tenant identifier (UIDTP), said parent tenant identifier, appended before said first value, and said first token (TKA) has been generated from said first tenant identifier (UIDA) and a first tenant secret key encrypted with said first tenant identifier (UIDA) and with a first tenant customer master key (CMKA), said first tenant customer master key (CMKA) having been derived from said first tenant identifier (UIDA) and a secure domain master key (SDMK), said method comprising the following steps performed by a secure device storing said secure domain master key (SDMK), on request of a

Abstract: A method for enrolling a holder of a biometric transaction device includes the following step: storing at least one biometric pattern in the device. The method further includes the following steps: a) providing the holder with a portable, mobile power connector, configured to trigger the storing; b) and/or activating the biometric pattern, the activation being carried out in response to or in association with a successful authentication of the holder. A corresponding system is also enclosed.

Abstract: The invention relates to a method for manufacturing a portable electronic-chip-comprising object including a body and a metal-air battery that is integrated into the body, the battery comprising an electrolyte layer and a protective air-porous membrane covering the electrolyte. The method includes a step of forming at least one air-supply duct extending from the protective membrane to an air source. An air-porous material is contained in the duct and completely blocks the duct at least in one place on its course. The invention also relates to the object corresponding to this method.