Abstract: A method for secure loading of a key dedicated to securing a predetermined operation into memory of a microchip of an embedded system includes, as a first step, authenticating a security device by generating a first random number using the microchip, transmitting the first random number to the security device, generating a second random number in the security device, generating a first cryptogram from the first and second random numbers by applying an asymmetric signature algorithm using an asymmetric secret key, transmitting at least the first cryptogram to the microchip, and authenticating the security device by verifying the first cryptogram using the public key.

Abstract: The invention relates to the loading of an applet in a smart card (2a), with the aid of two loading programs, an in-loader (IL) stored in the card and an off-loader (OL), respectively. According to the invention, two specific communication protocol layers are provided, one in a terminal (1) that houses the card reader, and the other in the card. These layers include in particular intelligent agents that enable the card to offer a client/webserver and gateway or CGI function. The method includes at least one step during which an http request is sent to the card in order to address an HTML page, one step of retrieving parametrizing data carried by an HTML form, and one step of executing the second loading program (IL), by implementation of the CGI function, in order to load the applet.

Abstract: The invention relates to a method for processing and transmitting digital data in a mobile telephone network, particularly using the GSM standard, and more particularly for applications using the so-called SIM Toolkit standard stores in a smart card of the so-called SIM Type of a unit of mobile equipment (1). According to the method, so-called master applications (30M) are remoted to a remote server (3) with which the mobile equipment (1) communicates. These applications (30M) communicate with the SIM smart card (2) via the circuits of the mobile equipment (10) and first and second types of so-called “reporter” SIM Toolkit applications, respectively called “reporter” (21) and “slave” (22). The invention also concerns an embedded microchip system, particularly a smart card of the so-called SIM type.

Abstract: The invention relates to a method and associated security module for protecting the processing of sensitive information in a security module with a monolithic structure, the module comprising information processing means (9) and means for storing (3, 4) information capable of being processed by said processing means. The method comprises the following steps: selecting a piece of sensitive information in the storage means; determining (7) a specific condition for the integrity of said information; reading the information and transmitting (1) it to the processing means; verifying (11) during the processing of the information that the specific condition is satisfied; and disabling the processing of the information if the specific condition is not satisfied.

Abstract: The invention relates to a method for listing a user in a directory server and/or locating a subscriber in an internet-type network (RI), by consulting a directory server (SAi), in such a way as to determine an IP address associated with this subscriber. To do so, a smart card (2a) is used, which stores applications (A1) that are each associated with a listing and/or locating (“PL”) protocol. Subscriber profiles can be stored in the smart card (2a). A plurality of different protocols can be stored, converting the smart card (2a) into a multi-directory database. The card (2a) is provided with client/webserver and CGI functions, in such a way as to be capable of initiating transmissions, by internet protocols, between directory servers (SAi) and the smart card (2a) and activating the applications (A1) stored in the card, for the execution of listing and/or locating (“PL”) protocols. The invention also relates to the associated card.

Abstract: The invention concerns a method for secure storage of a piece of so-called sensitive data, for example an encryption key, in a memory (M) of an embedded microchip system, particularly a smart card (CP). The memory (M) comprises two physically distinct storage devices (1, 2), for example a permanent memory of the “ROM” type (1), and a second, re-programmable memory of the “EEPROM” type (2). The piece of sensitive data is divided into at least two parts (d, d?), in a given logical configuration, each of these parts being stored in one of the distinct storage devices (1, 2). An additional piece of verification data, a checksum or hash data, can also be stored in the first storage device (1), at the same time as the first sensitive data part (d). The invention also concerns an embedded microchip system, particularly a smart card (CP).

Abstract: The invention relates to a method for managing data transmissions via an internet network (RI) between calling (Aa) and called (Ab) subscribers and also an associated smart card. A card (2a) cooperates with a terminal (1a) and has client/webserver (SWEB), CGI and proxy (27a) functions. The proxy function is used for the signaling channels (CS) and data channels (CD). The terminal (1a) and the card (2a) include specific communication protocol layers that make it possible to establish sessions for bidirectional transmission between them and/or with the internet network (RI). The smart card (2a) stores applications associated with protocols for listing (900a) and for locating subscribers (901a), as well as subscriber profiles (903a). It plays the role of a proxy in the signaling channel (CS) and/or data channel (CD).

Abstract: The invention relates to a method for listing a user in a directory server and/or locating a subscriber in an internet-type network (RI), by consulting a directory server (SAi), in such a way as to determine an IP address associated with this subscriber. To do so, a smart card (2a) is used, which stores applications (Al) that are each associated with a listing and/or locating (“PL”) protocol. Subscriber profiles can be stored in the smart card (2a). A plurality of different protocols can be stored, converting the smart card (2a) into a multi-directory database. The card (2a) is provided with client/webserver and CGI functions, in such a way as to be capable of initiating transmissions, by internet protocols, between directory servers (SAi) and the smart card (2a) and activating the applications (Al) stored in the card, for the execution of listing and/or locating (“PL”) protocols. The invention also relates to the associated card.

Abstract: The invention concerns a method and an architecture using a smart card (2) for remote control, via an internet-type network (RI), of a user station (1) comprising a smart card reader (3). The data required to control the station (1) are stored (41) in a remote server (4). The station (1) comprises a web-type browser (10) that transmits requests to the server (4). In response, the latter generates specific commands designed for the smart card (2). The station (1) comprises a specialized software module (8) forming an interface between the smart card reader (3) and the internet network (RI). This module (8) translates the specific commands into commands in conformity with the ISO 7816-4 standard, and transmits them to the smart card (2) in order to activate an application of the latter. The server (4) can also store (42) HTML pages.

Abstract: The invention relates to a method for high-speed data stream transmission to an Internet-type network (RI) between a remote server (4) and a smart card terminal (1). The terminal and the card each include a specific transmission protocol layer (13, 23a). These layers include two intelligent agents (T2, T1, S2, S1), one being a server and the other being a client. The intelligent agents (T2, T1, S2, S1) enable the establishment of bidirectional data exchange sessions. The card then has the function of a client/web server. A filter (28) cooperates with the intelligent agents (T2, T1, S2, S1) to form a “proxy”-type function (27) implanted directly in the card. The data stream includes critical data that pass through the card and opaque data that pass directly to the terminal (1) under the control of the filter (28). Application in particular to multimedia data streams.

Abstract: The present invention relates to a message transmission system comprising a telecommunication network (2) comprising a communication server (4) and at least one wireless telephone (1), the server comprising means for sending messages to one or more wireless telephones, the wireless telephone or telephones (1) being equipped with means for storing and processing message (Mess-Serv), characterized in that the messages (Mess-Serv) comprise a first field (V-TYP) containing information relating to the type profile of the recipient of the message and in that the processing means compare the profile stored in each wireless telephone relative to the subscriber using the wireless telephone to the profile contained in the message, and authorize the storage of the messages in the storage means if the profile of the subscriber using the wireless telephone is compatible with the type profile contained in the field of the message.

Abstract: The invention provides for a cryptographic method for digital signature. A set S1 of k polynomial functions Pk(x1, . . . , xn+v, y1, . . . , yk) are supplied as a public key, where k, v, and n are integers, x1, . . . , xn+v are n+v variables of a first type, and y1, . . . , yk are k variables of a second type, the set S1 being obtained by applying a secret key operation on a given set S2 of k polynomial functions P?k(a1, . . . , an+v, y1, . . . , yk), a1, . . . , an+v designating n+v variables including a set of n “oil” and v “vinegar” variables. A message to be signed is provided and submitted to a hash function to produce a series of k values b1, . . . , bk. These k values are substituted for the k variables y1, . . . . , yk of the set S2 to produce a set S3 of k polynomial functions P?k(a1, . . . , an+v), and v values a?n+1, . . . , a?n+1, are selected for the v “vinegar” variables. A set of equations P?k(a1, . . . , a?n+v)=0 is solved to obtain a solution for a?1, . . .

Abstract: The invention relates to a method for protecting one or more computer systems using the same secret key (Ks) cryptographic algorithm, characterized in that the way in which said calculation is performed depends, for each computer system and for each secret key, on secret data (Ds) stored in a secret area of the computer system or systems.

Abstract: The invention concerns an architecture of a terminal (5) allowing communications between a smart card (8) and a web server (4), via an internet network (RI). The terminal (5) is equipped with a secure enclosure (6) comprising a smart card reader (8), a keyboard (62), and optionally, other computing resources (63). The non-secure part of the terminal (5) comprises a web browser (51) and a first communication node (50) that routes the requests received to the browser (51) or to the secure enclosure (6). The secure enclosure (6) comprises a second communication node (60) and an HTTP server (61). The smart card (8) comprises a third communication node (80) and an HTTP server (81). The web server (4) comprises a merchant application (41) that can be placed in communication with the smart card (8) and activate software applications (A1–An) of the latter.

Abstract: An unpredictable microprocessor or microcomputer comprises a processor (1), a first working memory (51), a main memory (6) containing an operating system, a main program (P1) and a secondary program (P2), a second working memory (52), and switching means which, during the performance of the programs, makes it possible to switch from using one of the two working memories (51, 52) to using the other working memory, while preserving their contents. Switching means comprise at least one first block of registers (54) for storing the operating context of the programs in the main memory and a switching circuit (53) for enabling one of the working memories and the access registers (A1–a3) (d1–d3) associated with each memory (51, 52, 6) and controlled by said switching circuit (53).

Abstract: The invention concerns a method for dynamically allocating memory workspace of an onboard system to a data structure identified by an identification number (ID_Ak) and the corresponding onboard system. The storage area of the onboard system being subdivided into elementary memory blocks (BL1), the method is implemented on the basis of an allocation instruction and an erasure instruction. To allocate (A) an elementary memory block, the method consists in assigning an identification number (ID-Ak) to the block concerned. To erase (E) an elementary storage block, the method consists in assigning an arbitrary value (AAAA) different from any identification number. The system is applicable to onboard systems, such as multi-application microprocessor cards.

Abstract: The invention relates to a method for verifying transformation (2) of a source code (1) into a transformed code (3) designed for an embedded system (7) such as in a smart card or other portable or mobile device including data processing resources. The method comprises at least the following steps: determining a single virtual machine that factors in the behavior of both of these codes (1, 3), determining for each source code (1) and transformed code (3) a plurality of auxiliary functions representing the residual differences between said source code (1) and transformed code (3), and a step for verifying a correspondence property between the auxiliary functions, the verification of the code transformation (2) being obtained from this last step.

Abstract: The invention relates to a method for storing information in information storage means of a security module and for operating on information units in a security module, and the associated security module, wherein two storage areas (41, 42) are defined, one of which (41) is for storing the information (a, b, c; d, e, f) in dispersed pieces (a, b, c), (d, e, f), the other of which (42) is for storing addresses (AA, 92) at which the pieces of information are located. The storage in the second storage area takes place in positions that are based on the addresses (83, 86) of the pieces of information in the first storage area (41), as defined before dispersion.

Abstract: A method for loading applications into an embedded system from a station on which the source code of the application is written, compiled, verified and converted. The conversion includes the performance of the static linking of a plurality of sets of packages, called modules, and an application program interface module or a service module corresponding to an application, and consists of assigning an identifier to each module and a reference number to each class, each method and each attribute. The reference to a method or an attribute in the linked pseudocode of a module is coded in three bytes referencing a class internal or external to the module, the number of the class, and either the number of the method or the number of the attribute, a reference to an external class being interpreted as a reference to an API module.

Abstract: A method is described for authenticating a portable object that includes a processor and a memory. The memory contains at least one code defining operations capable of being executed by the portable object, as well as a one-way function. The method comprises an authentication of the portable object which includes sending the portable object an order so that the latter executes a calculation of a result by applying to the one way function at least part of the code. This result enters into the implementation of a given operation, the operation being performed successfully only when the portable object is authentic.