Abstract: The invention relates to a method for personalizing an electronic device using an encryption device adaptable to standard certified apparatuses. The encryption device makes it possible to ensure the confidentiality of the transfer of a secret code from the user to a possible personalization server.

Abstract: The invention concerns a method enabling a server manager to prove subsequently that the server was authorized to read a user's personal data in a terminal station (ST), comprising: transmitting server policy data (PS) to the station; comparing the server policy data with private policy data (PP) pre-stored in the station; determining a signature (SGST) of server policy data received in the station; and transmitting the signature with the personal data (DP) read in the station to the server when the compared policy data (PS, PP) are compatible.

Abstract: The invention relates to a security token comprising a communication interface adapted to communicate with a host computer; a security module, comprising encryption based security features; a non volatile memory storing at least an application to be uploaded and executed in a host computer. The application makes use of the security features when executed in a host computer in communication with the communication interface. The security token is adapted to modify the content of the application as uploaded or its execution parameters at successive connexions of the security token to a host computer.

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract: A mobile telephone handset includes: a storage support which is secured against fraudulent access and which stores the IMEI of the handset. A connector for a secure electronic module is associated with an operator. A handset operating system controls authentication of the IMEI storage support by a secure electronic module which is connected to the aforementioned connector in order to establish a secure communication channel between the storage support and the module and transmission of the IMEI over the secure channel to the secure electronic module. The arrangement can be used to prevent the dynamic modification of the IMEI during the transmission thereof.

Abstract: The invention relates to a method and a device for preventing the establishment of a radiofrequency communication between a contactless portable object and another contactless object. If the bearer of the contactless portable object does not modify the state of at least one on-board sensor of the contactless portable object in a specified manner and in specified proportions, the communication is prevented. One purpose of the invention is to prevent the use of the contactless portable object without the bearer's authorization.

Abstract: A method for executing an application compiled in intermediate code on a portable digital appliance equipped with a virtual executing machine for interpreting the intermediate code. The method includes a step of applying a secure execution mode wherein the interpretation of the intermediate code by the virtual machine includes the following steps: for each item of data the code handled for execution of an arithmetic and/or logical operation defined by the code, generating control data, related to the data of the code via a predetermined function; in parallel with the execution of the operation, executing a control operation related to the operation defined by the code via the predetermined function, and acting on the control data.

Abstract: A method for securing the execution of a session with a data processor, such as a smart card, under the control of at least two entities, such as servers. Session numbers and session keys are transmitted to the entities. The session number and key are applied to an algorithm in the data processor and the respective entity to produce a result and signature. The results and the signatures are transmitted to the data processor. A session corresponding to the results from the data processor is executed when the signatures are identical to the results. In another embodiment, one of the entities receives a delegation of a third entity to authorize execution of the session.

Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.

Abstract: Analyte monitoring devices and methods therefore are provided. The devices integrate various functions of analyte monitoring, e.g., sample acquisition and testing.

Abstract: A method for protection against modification of data sent by a user to a secure medium via a reader selects and stores some of the data. Confirmation of the authenticity of the selected data is obtained by verifying whether they are identical to those input on request by the user in a secure communication mode of the reader. The method is applicable to the protection against the modification of a command and/or a document signed with an electronic signature.

Abstract: A document-filing notebook includes inner sheets which are indexed with tabs and which are inseparably connected to the binder, such that the pages of the notebook can be filed separately from the binder.

Abstract: A mobile telephone handset includes: a storage support which is secured against fraudulent access and which stores the IMEI of the handset. A connector for a secure electronic module is associated with an operator. A handset operating system controls authentication of the IMEI storage support by a secure electronic module which is connected to the aforementioned connector in order to establish a secure communication channel between the storage support and the module and transmission of the IMEI over the secure channel to the secure electronic module. The arrangement can be used to prevent the dynamic modification of the IMEI during the transmission thereof.

Abstract: In a method of producing a digital certificate, a certificate authority compiles a data set containing a public key and digital data that identifies the owner of the public key and an associated private key, and subsequently signs that data set to produce a digital certificate. The invention, the digital data also includes data that identifies a device for generating the private key and/or storing the private key on a support and/or signing with the private key. The method can be used to produce X509-type digital certificates.

Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.

Abstract: In a method for monitoring the flow of execution of a series of instructions of a computer program, a sequence of instructions are transmitted to the processor to execute the monitored program. These instructions are analyzed, and the result of the analysis are verified by referring to reference data recorded with the program. The reference data can include a value predetermined in such a way as to correspond to the result of the analysis produced during the monitoring process only if all the instructions have been actually analyzed during the program flow. The invention also concerns a device for monitoring the program execution, a program device, and a programming device operating according to the monitoring principles.

Abstract: A document folder including two sheets joined by a binding. One of the sheets has at least two flaps. Note book pages are securely linked to the binding. The note book pages are stored by folding the flaps successively one on top of the other on the sheet with the pages beneath the flaps folded towards the sheet.

Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.

Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.

Abstract: A photocatalytic composition includes at least a photocatalyst agent and at least an inorganic binding agent, characterized in that the inorganic binding agent includes an aqueous colloidal silica dioxide (SiO2) dispersion, the aqueous colloidal silica dioxide dispersion including particles capable of being bound to one another after coating the photocatalyst agent.