Abstract: A method for deploying credentials in a server and a client system including three devices. The second device has primary credentials including a public key, a private key and a primary certificate. After successful authentication of a user, the first device generates a new private key/public key pair and wraps the new private key. After successful authentication of the user, the second device derives a new certificate comprising the new public key, the new certificate having the same usage specified in the primary certificate. The second device signs the new certificate using the private key of the primary credentials. The third device forwards to the server the primary certificate and the new credentials combining the new public key, the wrapped private key and the new certificate. The server verifies the chain of trust of the new credentials and, in case of successful verification, associates the new credentials to the user.

Abstract: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: A method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server, in which the keys to be provisioned via the method remain unknown. The method includes the steps of, for the source secure device, encrypting a key to be transferred using a transport key so that only the target secure device can decrypt, and sending the encrypted key to the provisioning server and, for the target secure device, when available, getting the encrypted transferred key, and decrypting the transferred key using the transport key.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition.

Abstract: (EN)A system, method and computer-readable storage medium with instructions for operating a digital signature server and a portable security device to cooperate to provide digital signature services using a private key stored on the portable security device by delegating to a user's smart card the actual task of digitally signing documents. Other systems and methods are disclosed.

Abstract: A remote server is connected to at least one energy box, each energy box being connected to at least one energy consuming device, and each energy box being connected to a metering device. The remote server sends to the energy box a transaction demand. The energy box sends to at least one energy consuming device an energy consumption reduction request. The metering device measures energy consumption of the energy consuming device. The metering device sends to the energy box the measured energy consumption. The energy box verifies whether the demanded transaction has been carried out based upon at least one test, the test depending on at least one measured energy consumption. If the demanded transaction has been carried out, the energy box sends to a remote server a transaction response.

Abstract: The present invention relates to a method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server for which the keys to be provisioned through the method remain unknown.

Abstract: Secure password-based authentication for cloud service computing. A request for cloud computing resource access includes a derivative password that contains a parameter that the recipient may extract in order to independently calculate the derivative password based on the parameter and a stored password which may then be verified against a known-to-be-correct password. Other systems and methods are disclosed.

Abstract: Privacy-preserving smart metering for a smart grid. Issuing a privacy-enhanced credential to a consumer node having smart meter. Operating the consumer node to associate an id with the credential and to use the id to report usage. Other systems and methods are disclosed.

Abstract: Privacy-preserving smart metering for a smart grid. Issuing a privacy-enhanced credential to a consumer node having smart meter. Operating the consumer node to associate an id with the credential and to use the id to report usage. Other systems and methods are disclosed.

Abstract: Enhanced security for limited access through multi-factor authorization to cloud computing resources. The enhanced security is obtained by utilizing a personal security device to perform certain security operations as part of an authorization protocol such that an authorization grant is confirmed using two independent factors such as evidence of knowledge of a secret plus possession of a personal security device. The personal security device may also store an access token and perform cryptographic operations evidencing possession of the access token. Other systems and methods are disclosed.

Abstract: A method of operating a host computer having a web-browser with the capability of executing at least one web-browser add-on to provide a web application access to a smart card to protect the smart card from security threats associated with being connected to the Internet. Prior to establishing a connection between a web application executing in the web browser, verifying that the web application has been authorized to connect to a smart care using the web-browser add-on to provide a web application access to a smart card.

Abstract: The invention relates to a method for communicating between a server and a client. The server and the client access at least one session extension key and/or a key associated with the session extension key, as an associated key. The server authorizes to extend an open communication session with the client until an expiration time only if the client sends to the server authentication data allowing the server to authenticate at least the client on a basis of the session extension key. The expiration time is a time at which the communication session is open completed by a predetermined extension time period. The invention also relates to corresponding client, server and system.

Abstract: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.

Abstract: The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.

Abstract: Secure password-based authentication for cloud service computing. A request for cloud computing resource access includes a derivative password that contains a parameter that the recipient may extract in order to independently calculate the derivative password based on the parameter and a stored password which may then be verified against a known-to-be-correct password. Other systems and methods are disclosed.

Abstract: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.

Abstract: The invention relates to a system comprising a network device (NSC), a host computer (HOST) and a remote server remote (SRV). The host computer (HOST) and the network device (NSC) server are connectable through a network. The host computer (HOST) and the remote server (SRV) are connectable through the Internet. The smart network device (NSC) comprises a web server accessible from the host computer (HOST). The network device (NSC) is set to store a user's authentication credential. The host computer (HOST) is set to display a web page produced by the remote server (SRV) to the user. The remote server (SRV) is set to include a login link in said web page, the login link pointing to said web server. The web server is set to display a login page to the user on the host computer (HOST) when the user clicks on said login link, in order to authenticate the user.

Abstract: A system, method and computer-readable storage medium with instructions for operating a digital signature server and a portable security device to cooperate to provide digital signature services using a private key stored on the portable security device by delegating to a user's smart card the actual task of digitally signing documents. Other systems and methods are disclosed.