Abstract: The present invention relates to a method of generating a secure RSA key by a server comprising the steps of: •generating (S1) a private RSA key d and a RSA modulus integer N; •splitting (S2) the secret key integer d in j key shares dJ of length n, with j in [1, J], J being an integer, and such that d=d1+d2+ . . . +dJ mod phi(N), with each key share dj being equal to (dj(0) . . . dj(i) . . . dj(n/b?1)) with each key share component dj(i) in {0 . . . 2{circumflex over (?)}b?1} and i in [0, n/b?1], b being an integer inferior to n and phi the Euler's totient function; •encrypting (S3) with a fully homomorphic encryption (FHE) algorithm each key share component dj(i) of the private RSA key d by using a Fully Homomorphic Encryption secret key ps of a set Ss comprising the index couple (i,j), to generate an encrypted key share component edj(i) of said secure RSA key, said set Ss being a set of integer couples, among a predetermined integer number u of disjoint sets {S1, S2 Ss, Ss+1, . . .

Abstract: The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).

Abstract: The invention relates to a method for detecting a failure in a PDP context or an EPS PDN connection. A chip incorporated within or coupled to a device receives from the device a call control PDP context activation type event or a call control EPS PDN connection activation type event. The chip receives from the device an updated value relating to an HFN start PS. The chip compares the last updated value relating to the HFN start PS to a predetermined value relating to the HFN start PS. If the last updated value relating to the HFN start PS is greater than or is less than/equal to the predetermined value relating to the HFN start PS, then the chip detects that the PDP context or the EPS PDN connection has been successfully or unsuccessfully activated respectively.

Abstract: The present invention relates to transmitting a provisioning dataset from a cellular network to a user equipment. The cellular network includes a plurality of base nodes providing access to the user equipment, a remote provisioning server accessible by the cellular network, and a core network, comprising at least two network slices. At least one of the network slices includes at least one network node exclusively assigned to the network slice. At least one of the network slices is dedicated for operating a predefined class of user equipments. At least one remote provisioning network slice includes an assigned network node giving access to the remote provisioning server, and at least one base node assigned to the remote provisioning network slice.

Abstract: A method for checking at the level of a service provider if an application in a terminal is entitled to request a service, a security element cooperating with the terminal contains a first key generated by the terminal application during an enrolment phase.

Abstract: The invention relates to a method for automatically receiving and/or transmitting information intended for or relating to a holder of an alphanumeric account identifier, the method including a step of creating an electronic address comprising an identifier, wherein the identifier is obtained or derived from at least a portion of the alphanumeric identifier of the account or associated with an account. The invention also concerns the corresponding electronic system.

Abstract: The invention relates to a method for carrying out a sensitive operation in the course of a communication between a processing unit and a first service server, said first server being accessible via a first domain name and/or first electronic address. The method comprises the step of using at least one second domain name different from the first and/or a second electronic address different from the first to carry out all or part of the sensitive operation. The invention also relates to a system corresponding to the method and comprising the server and/or the processing unit.

Abstract: The invention relates to a method for manufacturing a portable electronic-chip-comprising object including a body and a metal-air battery that is integrated into the body, the battery comprising an electrolyte layer and a protective air-porous membrane covering the electrolyte. The method includes a step of forming at least one air-supply duct extending from the protective membrane to an air source. An air-porous material is contained in the duct and completely blocks the duct at least in one place on its course. The invention also relates to the object corresponding to this method.

Abstract: A method for managing a secure element embedded in an equipment comprising an NFC controller. The secure element comprises a security indicator. The method comprises the steps of: on receipt of a triggering command sent by the NFC controller, the secure element switches in a test context; on receipt of a restore command sent by an application, the secure element sets the security indicator, such as a counter of unusual events, to a predefined value only if the secure element is in test context; and on receipt of an ending command sent by the NFC controller, the secure element switches in a Live context. The secure element keeps a track of the switch in the test context and denies any further triggering commands. The method enables reset of security indicator after manufacturing and test where the security indicator may have been affected.

Abstract: The invention relates to a method for producing a security document, wherein a body is created that comprises two superimposed layers, a circuit which is electric and/or has an electronic chip arranged on the interface between the two layers, and a first adhesive between the two layers, which adheres to the two layers and/or the circuit. The method includes a step of depositing a second adhesive which is different from, or has a different behaviour from, the first adhesive in relation to the solvents or the temperature and partially adheres to at least one of the two layers and/or the circuit.

Abstract: The invention relates to a method for authenticating to a second device. A first device shares with the second device at least one session key. The first device sends to at least one third device at least one first session key. The at least one third device connects directly to the second device by using the at least one first session key. According to the invention, the method further comprises the following steps. The first device sends to the at least one third device a command for disconnecting from or switching to a non-connected mode with the second device. And the at least one third device disconnects from or switches to a non-connected mode with the second device based upon the received command. The invention also pertains to corresponding first device and system for authenticating to a second device.

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: An article may include a biodata page defining a perimeter including an edge and a hinge layer attached to at least a portion of the biodata page. The hinge layer comprises a cross-linked polyurethane. In some examples, the hinge layer may include a cross-linked thermoset polyurethane.

Abstract: Method for producing an electrophoretic display device comprising a low-voltage microcontroller. The invention relates to a method for producing a segmented electrophoretic display device comprising a bistable display operating at predetermined opposing voltages and an electronic circuit with microcontroller for controlling the display according to a control program. The method includes the following steps: supplying the controller, which is different from a specific display controller for a bistable display and configured to deliver voltages, lower in absolute value to the predetermined voltages, and compensating the voltages with at least one compensation voltage to at least reach the predetermined opposing voltages. The invention also relates to the corresponding device.

Abstract: The present invention relates to a method of privacy-preserving during an access to a restricted e-service requiring user private data from a smart card. The invention relates more particularly to the field of methods implemented so that the user has the guarantee that only the private data needed to access to the e-service are extracted from the smart card. It is to guarantee that the user has a perfect knowledge of his private data provided by his smart card to a requester. With the invention a message notifying to the user the very nature of the identity assertion is displayed on the screen of the smart card. By doing so, the card ensure 100% security with regard to user consent: the data read out of his card cannot differ comparing to the data requested by the service provider through the terminal.

Abstract: The invention relates to a method, an entity and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

Abstract: In a method for authenticating a user, a device accesses a key and an initial vector. The vector is generated by using a first algorithm, a reference vector and reference user authentication data. The device accesses data and provided user authentication data. The device generates an intermediary vector by using a second algorithm, the initial vector and the user authentication data. The device generates a cryptogram by using a third algorithm, the key, the intermediary vector and the data. A server receives a request for authenticating a user accompanied with the cryptogram and the data. The server accesses the key and the reference vector. The server generates a reference cryptogram by using the third algorithm, the key, the reference vector and the data. The server verifies whether the reference cryptogram matches the cryptogram. If the reference cryptogram matches the cryptogram, the server authenticates the user.

Abstract: A method for making an intermediate electronic device, wherein said device is coated or is to be coated with a cover sheet or layer, the method comprising the step of forming a carrier-body comprising: a cavity provided in the carrier-body; an electric circuit comprising at least one electric interconnection area inside the cavity; an electronic module comprising at least one connection pad connecting said interconnection area and arranged in the cavity; a space or gap provided at the interface between the module and the carrier-body, substantially perpendicular to a main surface of the carrier-body, in communication with the surface of the carrier-body, and intended to be covered with a cover sheet or layer; the method is characterized in that a flexible or elastic material is arranged in the device so as to fill the space or gap between the module and the body-carrier or at least partially cover same.

Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: In a method for securing access to a service, a device is set in a restricted operation mode that allows addressing only a first server and that is associated with a first identifier relating to a first connectivity gateway. The device accesses the first identifier and a subscription profile that is active during the restricted operation mode. The first server receives from the device a request for enrolling a device user and at least one feature relating to a user identity. The first server verifies whether the user identity feature is valid. If the user identity feature is valid, the first server sends to the device a command for deactivating the restricted operation mode. The device deactivates the restricted operation mode while storing, instead of the first identifier, a second identifier relating to a second connectivity gateway. The second identifier allows accessing a second server that manages the service.