Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .

Abstract: The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

Abstract: The present invention relates to a method to segment slap images and to generate accurately labelled individual fingerprints, said method comprising the following steps: reception of inputs images from a contactless fingerprint reader under controlled lighting conditions; computation of a variance in the received images to estimate a slap area as a foreground slap mask in the input images; identification of individual fingers by finding boundary of each finger; verification of a number of fingers and of geometric constraints; calculation of pose and orientation based on shape and geometry information; identification of effective fingertip area on each detected finger according the pose, orientation, as well as geometric information; output of individual fingerprints.

Abstract: The invention is a method for managing a tamper-proof device comprising first and second software containers, said tamper-proof device being included in a host device comprising a baseband unit. Said first software container is designed to emulate an eUICC and is in a deactivated state. The second software container comprises a set of rules. The baseband unit comprises an activator agent which retrieves both location data broadcasted by a telecom network and the set of rules from the second software container. The activator agent checks if activation of the first software container is authorized by one of said rules for the location data and requests activation of the first software container only in case of successful checking.

Abstract: A method for data transmission between a user equipment operating in a cellular network, and a control terminal accessible from the cellular network. The user equipment operates in a communication connection to the control terminal by means of first and second wireless carriers, with one of the control terminal and the user equipment acting as transmitting apparatus, and the other as receiving apparatus. The transmitting apparatus sends content as a first data packet over the first wireless carrier and as a second data packet over the second wireless carrier. The receiving apparatus attempts to receive the first data packet over the first wireless carrier and the second data packet over the second wireless carrier, and sends over the first and second wireless carriers a message indicating whether at least one of the first and second data packet was successfully received.

Abstract: A method for providing a user authentication credential comprises a) registering, in a device, at least one reference character, as a first user authentication credential; b) submitting, by the user, to the device, at least one character, as a second user authentication credential; c) retrieving, by the device, each reference character along with a corresponding position within the first user authentication credential; d) comparing, by the device, each submitted character within the second user authentication credential to a corresponding reference character within the first user authentication credential at one and the same position within the second user authentication credential and the first user authentication credential; and e) providing, by the device to the user, if the submitted character does not match the corresponding reference character, an information item for prompting the user to correct the submitted character.

Abstract: The invention relates to a method for detecting a failure in a PDP context or an EPS PDN connection. A chip incorporated within or coupled to a device receives from the device a call control PDP context activation type event or a call control EPS PDN connection activation type event. The chip receives from the device an updated value relating to an HFN start PS. The chip compares the last updated value relating to the HFN start PS to a predetermined value relating to the HFN start PS. If the last updated value relating to the HFN start PS is greater than or is less than/equal to the predetermined value relating to the HFN start PS, then the chip detects that the PDP context or the EPS PDN connection has been successfully or unsuccessfully activated respectively.

Abstract: The present invention relates to a user equipment configured to operate in a cellular network comprising a plurality of base stations, the user equipment comprising a communication unit and a control unit, wherein the communication unit is capable of operating in a specialized transmission mode with one of the plurality of base stations being capable of supporting said specialized transmission mode, in case of detection of a suitable base station, the communication unit is configured when operating in non-registered mode to: —decode an information signal received from said detected base station, the information signal indicating if said base station supports said specialized transmission mode, —camp on said base station, if said specialized transmission mode is supported, or —otherwise provide a message indicating non-support of specialized transmission mode support to the control unit.

Abstract: A method provides access to data or a service from a first device relating to a first user. A set of identifiers relating each to a second device is predefined. Each second device is related to a second user. A server receives, from the first device, a request for accessing the data or service from a current location relating to the first user. The server sends, to each selected second device, a request to determine whether the first user is locally present. Each selected second device requests, from to the second device user, whether the first user is locally present. Each selected second device gets, from the second user, a presence response and sends, to the server, the presence response. The server verifies whether the received presence response includes a predefined positive presence response. If yes, the server authorizes the first device to access the data or service.

Abstract: The present invention relates to transmitting a provisioning dataset from a cellular network to a user equipment. The cellular network includes a plurality of base nodes providing access to the user equipment, a remote provisioning server accessible by the cellular network, and a core network, comprising at least two network slices. At least one of the network slices includes at least one network node exclusively assigned to the network slice. At least one of the network slices is dedicated for operating a predefined class of user equipments. At least one remote provisioning network slice includes an assigned network node giving access to the remote provisioning server, and at least one base node assigned to the remote provisioning network slice.

Abstract: A method for checking at the level of a service provider if an application in a terminal is entitled to request a service, a security element cooperating with the terminal contains a first key generated by the terminal application during an enrolment phase.

Abstract: The invention relates to a method for automatically receiving and/or transmitting information intended for or relating to a holder of an alphanumeric account identifier, the method including a step of creating an electronic address comprising an identifier, wherein the identifier is obtained or derived from at least a portion of the alphanumeric identifier of the account or associated with an account. The invention also concerns the corresponding electronic system.

Abstract: A method for a wireless terminal communicating with a base station of a cellular network, the terminal operating in enhanced coverage mode and configured to set up a communication session with the base station by means of at least one of a direct communication link and a sidelink communication link using a second wireless terminal. The method comprises: determining a quality of the direct communication link with the base station, determining a quality of a communication link to a second wireless terminal capable of communicating with the base station, initiating transmission of a link quality message to the base station, the link quality message comprising information relating to the quality of the communication link, receiving a response from the base station indicating if the direct communication link or the sidelink communication link is to be used, requesting a communication session via the indicated communication link.

Abstract: The invention relates to a method for carrying out a sensitive operation in the course of a communication between a processing unit and a first service server, said first server being accessible via a first domain name and/or first electronic address. The method comprises the step of using at least one second domain name different from the first and/or a second electronic address different from the first to carry out all or part of the sensitive operation. The invention also relates to a system corresponding to the method and comprising the server and/or the processing unit.

Abstract: In a method for downloading subscription information to an identification unit connected to a wireless communication device operating within a cellular network, which includes at least one packet gateway node and a remote provisioning server being connected to it, the wireless communication device operates in a mode with limited access to the remote provisioning server.

Abstract: User equipment communicates by means of a primary base node and at least one secondary base node of a cellular network that are respectively assigned to different radio access networks. The user equipment sends a first message comprising its available capabilities to the primary base node, and receives a first indication from the primary base node relating to the capabilities being used by the primary base node. It sends a second message to the secondary base node, comprising those capabilities not being used by the primary base node. and receives a second indication from the secondary base node relating to the capabilities being used by the secondary base node. It sends a third message with still unused capabilities to the primary base node. and initiates a communication link with a remote terminal by means of the primary and the secondary base nodes using the configured capabilities.

Abstract: The present invention relates to a method for operating a wireless device, said wireless device being adapted for communicating with a cellular network by means of a serving base node, being the one of a plurality of base nodes of the cellular network the wireless device is currently camping on, configured to support extended coverage mode, the method comprising for the wireless device the steps of: —determining an extended coverage support level, relating to the capability of the wireless device for operating in extended coverage mode, —receiving extended coverage maximum support level broadcasted by a plurality of base nodes, —selecting one of the plurality of base nodes for registration as serving base node, —providing upon registration with the selected base node its extended coverage support level towards the base node.

Abstract: The invention comprises an operating method of a terminal device, which is configured for radio communication via different frequency bands, in performing a network scan, the method comprising: receiving a command for starting a network scan; in response to receiving the command, attempting a synchronization with predefined control channels on all frequency bands receivable by the terminal device or on a subset thereof comprising a plurality of the frequency bands, and, upon successful synchronization with a respective one of the control channels, ascertaining respective network-configuration information provided via the respective control channel by a respective network; determining, using the network-configuration information ascertained, an estimate of a quantity indicative of an achievable data throughput, hereinafter throughput estimate, associated with the respective ascertained network-configuration information; generating and providing an output, which is indicative of at least one of the determined t

Abstract: The invention relates to a method for manufacturing a portable electronic-chip-comprising object including a body and a metal-air battery that is integrated into the body, the battery comprising an electrolyte layer and a protective air-porous membrane covering the electrolyte. The method includes a step of forming at least one air-supply duct extending from the protective membrane to an air source. An air-porous material is contained in the duct and completely blocks the duct at least in one place on its course. The invention also relates to the object corresponding to this method.