Abstract: A method for controlling access of a user equipped with a terminal to a physical or logical resource, the method involving a secure cryptographic device forming a token corresponding to an access criterion, the access token being intended to generate a keystream masking a biometric reference of the user obtained by a biometric reader of the terminal. The biometric reference thus masked is encrypted by fully homomorphic encryption and stored in a database hosted by a remote server. An access control operator obtains a biometric characteristic of the user, homomorphically encrypts it and transmits it to the remote server. This server compares the first and second biometric models in the homomorphic domain and supplies the homomorphically-encrypted result of the comparison to the access control operator. The latter grants or denies access to the user according to the result of the comparison, after having decrypted it.

Abstract: A method for confidentially querying the presence of a record in a database hosted by a server, the records being stored in the database in the form of digital footprints obtained by hashing a record by a public hash function. The footprints are masked by a stream cipher using a symmetric key of a first user. The first user may grant a second user authorisation to query the database by transmitting the inverse masks of various rows, encrypted by the public key of an additive homomorphic cryptosystem of the second user. The rows of the database are unmasked in the homomorphic domain and the second user transmits an encrypted request to query the base according to a PIR protocol. The second user can decrypt the response from the server using the private key of their homomorphic cryptosystem and determine whether the footprint sought is present in the response thus decrypted.

Abstract: The present invention concerns a method for confidentially processing the kinematic data of a vehicle (210), in particular a method for classifying this data in order to determine the driving style of the vehicle while respecting the confidentiality of the data in question. The data is encrypted (254) by the vehicle by means of a symmetric encryption algorithm using a secret key generated (251) by the vehicle. This secret key is encrypted (252) by the vehicle by means of a homomorphic asymmetric encryption algorithm by using the public key of a vehicle service provider (240). The data encrypted by means of the secret key, and the homomorphically encrypted secret key, are transmitted (253, 255) by the vehicle to an access point that transcrypts (261) them and transmits (262) the homomorphically encrypted data to a calculation platform (230).

Abstract: The present invention concerns a method for processing system logs of a computer system. A system log generator (LG) transmits these system logs to a system log analyser (SIEM) after they have been encrypted by means of a symmetric encryption key and sends the symmetric encryption key in parallel with a homomorphic cryptosystem public key. The system log analyser carries out a transcryption of these logs then a processing thereof in the homomorphic domain. The result of the processing in the homomorphic domain is then transmitted to a security centre (SOC) or even directly to the system log generator to be decrypted there. The security centre can establish a security report or propose a countermeasure before sending it, in form encrypted by the symmetric key, to the system log generator.

Abstract: A method and a device for setting up a session key between a source entity and a target entity in a communication network comprises a plurality of communicating entities. The method, which relies on the use of symmetrical cryptographic primitives, provides each entity in the session with protection against denial of service attacks by setting up a session in four or five message exchanges.

Abstract: A method and a device for setting up a session key between a source entity and a target entity in a communication network comprises a plurality of communicating entities. The method, which relies on the use of symmetrical cryptographic primitives, provides each entity in the session with protection against denial of service attacks by setting up a session in four or five message exchanges.