Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: The present invention relates to a method to operate a contactless mobile device as a low cost secured point-of-sale, hereinafter POS device, said POS device having a non-secured operating system, a POS application installed in said non-secured operating system, an embedded secure element, a transaction proxy applet installed in said embedded secure element and a Contactless Front-End to contactless communicate with a customer mobile device having a secured transaction dedicated application.

Abstract: The present invention generally relates to systems and methods for performing issuer updates of data stored in a mobile device, a remote authentication, a remote payment transaction or enable the configuration of mobile application functions or operations. More specifically, the present invention relates to a method and system for securing an issuer updates processing for mobile payment application. When an update transaction is initiated, the payment application increments an Application Transaction Counter ATC and derives from this ATC a session keys. Sensitive user credential data are encrypted with the computed session keys before transmission to a gateway which is configured to compute the session keys for decryption. The decrypted user credential data are forwarded to a payment application issuer for updates.

Abstract: The invention is a method of communicating between a server and a distant secure element through a point-to-point link. The server is provided with a set comprising a plurality of data and a plurality of identifiers, each of the data is associated with one of the identifiers. The plurality of data comprises a first data compatible with the distant secure element and a second data incompatible with the distant secure element. The whole set is sent from the server to the distant secure element through the point-to-point link. A control operation is run with respect to a reference value stored in the distant secure element for each identifier. The data associated with the identifiers for which the control operation failed is discarded.

Abstract: The present invention relates to a server comprising at least an application outputting at least one cookie, the server including a scrambled cookie names generator, a correspondence mechanism associating connections attributes for the application with an unpredictable scrambled cookie name, the scrambled cookie name being the one provided in the cookie sent to client side for use in the next connections to the application.

Abstract: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.

Abstract: An integrated circuit card is used with a terminal. The integrated circuit card includes a memory that stores an interpreter and an application that has a high level programming language format. A processor of the card is configured to use the interpreter to interpret the application for execution and to use a communicator of the card to communicate with the terminal.

Abstract: The invention relates to a method for initiating an OTA session in a mobile radio communication network at the request of a user of a mobile terminal. The OTA session is established between the mobile terminal and a remote OTA server, the mobile terminal including a security element such as a UICC card. According to the invention, the method comprises: i) entering a special code using the man/machine interface of said mobile terminal; ii) said security element intercepting said special code; and iii) opening said OTA session between said mobile terminal and said remote server in a secure mode.

Abstract: The invention relates to a method for providing a user with an authenticated remote access to a remote secure device (2), said remote access being initiated from a local accessing device (1), said remote secure device (2) embedding secure data related to a specific service, characterized in that it comprises establishing a mutual authentication between said remote secure device (2) and a local secure device (3) different from the local accessing device (1) so as the user of the local accessing device (3) is able to access to the secure data of the remote secure device (2).

Abstract: The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.

Abstract: The present invention generally relates to systems and methods for authenticating transactions through a simplex communication. To allow trusting the transaction with a payment by an image code such QR code, the invention proposes means to authenticate said transaction. For that, when the mobile payment application is loaded into preferably a secure element of the user mobile device a registration process is enabled. During this registration process on a server, an account of the user is created and a set of unpredictable numbers in quantity N is generated. This set of unpredictable numbers is transmitted to the mobile payment application for storage. The payment application uses the stored set of transaction unpredictable numbers for next N times transactions performed by the mobile payment application for transaction cryptogram calculation. The same transaction unpredictable number is recovered in the server side during the transaction authorization process.

Abstract: A method designed to allow the printing of a matrix (MPC) of pixels, in N colours defining a colour coding system, on a selected part of a physical medium (MP). That method comprises a stage in which colour pixels are printed in at least one pass along oblique lines in relation to the physical medium (MP), wherein the pixels of an oblique line are all in the same colour selected from the N colours and different from that used for the previous oblique line, in order to generate a matrix (MPC) of M horizontal lines comprising P pixels each in the N colours successively in a selected order, and wherein each horizontal line other than the first one comprises a first pixel that is identical to the second pixel of the previous horizontal line.

Abstract: The invention is a method for negotiating a parameter of an optical communication protocol between two devices. One device displays a first calibration image comprising a series of pixel patterns having a predetermined position and different sizes. The other device takes a first calibration picture of the first calibration image, identifies a set comprising at least one detectable pixel pattern in the first calibration picture and selects a setting data based on the set. Then it displays a second calibration image comprising this setting data which is read by the first device via another calibration picture. The first device retrieves the setting data from the calibration picture, selects a value based on the setting data and updates the parameter with the selected value.

Abstract: The present invention provides a method of operating an idle mobile unit that is capable of communicating with first and second wireless communication systems. One embodiment of the method includes providing a location update message in response to the idle mobile unit transitioning from a first tracking area associated with the second wireless communication system to a second tracking area associated with the second wireless communication system. The first and second wireless communication systems are capable of paging the idle mobile unit following the location update message.

Abstract: The invention relates to a SIM (2) card in a first format, with an electronic module (4). The card body comprises a score line (6) surrounding the electronic module (4) in order to define the second card format (3). The said score line (6), comprises residual matter thickness that is smaller than the thickness of the card body. The thickness of the residual matter comprises a first thickness (9) over a first part of the score line (6), at least one second thickness (10) smaller than the first thickness (9) over a second part of the score line and at least one residual thickness change zone (11, 17), where the said thickness change zone is a gradual thickness change zone (11, 17) that goes from the first thickness to the second thickness.

Abstract: The invention relates to an electronic module comprising a first metal layer including at least one contact pad or a conductive pad for connection or interconnection, an insulating layer that is electrically connected to the metal layer via a first surface, a second metal layer connected to the insulating layer on the opposite surface thereof, a chip location or an electronic chip electrically connected to the at least one contact pad through openings in the insulating layer, characterized in that the insulating layer is an adhesive.

Abstract: The present invention relates to a method of privacy-preserving during an access to a restricted e-service requiring user private data from a smart card. The invention relates more particularly to the field of methods implemented so that the user has the guarantee that only the private data needed to access to the e-service are extracted from the smart card. It is to guarantee that the user has a perfect knowledge of his private data provided by his smart card to a requester. With the invention a message notifying to the user the very nature of the identity assertion is displayed on the screen of the smart card. By doing so, the card ensure 100% security with regard to user consent: the data read out of his card cannot differ comparing to the data requested by the service provider through the terminal.

Abstract: The invention is a method of transferring user data from a first instance of a package to a second instance of another package corresponding to an upgraded version. The first instance stores the user data in its own storage format. The two instances are embedded in a secure element.

Abstract: This invention relates to a secure document (1) comprising a substrate (7) integrating a radiofrequency identification device (11;13), the said substrate (7) comprising at least one slot (15).

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.