Abstract: The present invention relates to a method, for a provider entity belonging to a provider group, to authenticate its belonging to an attribute provider group to a verification entity in a non-traceable manner without necessitating to share secret or large constants compromising privacy. Both entities comprise at least one attribute group arborescence, this attribute group arborescence being shared by the provider entity and the verification entity when the provider entity has the attribute. According to the invention, when a verification is triggered, the verification entity calculates a certificate from the attribute group arborescence, said certificate being calculated from the authentication tokens of the groups along the arborescence from the attribute verification group's token to the consumer group's token.

Abstract: The present invention relates to a method to generate prime numbers on board a portable device, said method comprising the steps of, each time at least one prime number is requested: when available, retrieve results from previously performed derivation calculation or, if not, select a start point for derivation; process derivation calculation to converge towards a prime number; if a prime number is found, store it and restart derivation calculation from a new start point; stop the derivation calculation after a predetermined amount of time; store intermediate results to be used a next time a prime number will be requested; output a stored prime number.

Abstract: The object of this invention is a method for securing an electronic document. In particular, this invention relates to a method that prevents the forging of documents in which an electronic chip is incorporated. To that end, the invention proposes a method in which the data on the document medium are associated with a fingerprint of the document, so as to make them inseparable. That fingerprint is determined on the basis of measurable physical units of the electronic chip or the medium. Thus, the invention allows the combination of the physical protection of the document and the protection of the chip so as to reinforce the security of said documents.

Abstract: The invention relates to a method for accessing an Internet protocol Multimedia Subsystem type subsystem, said subsystem. According to the invention, a device is firstly connected to a mobile communication network, as a visited network, said first network. The method comprises the following steps. The first network sends to the device a first message comprising current location data relating to a location where the device is currently present. The device analyses whether at least one roaming rule associated with the current location data is or is not stored within the device. The at least one roaming rule includes, each, at least one parameter for accessing the subsystem. And if the device does store the at least one roaming rule associated with the current location data, then the device sends to the subsystem a second message including a request for connecting to the subsystem. The invention also pertains to a corresponding device.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: The invention relates to a method for managing a wireless link between a first device and a second device. The method includes the steps of polling an activity of a first wireless interface of the first device during a first predetermined lapse of time, suspending the wireless link and polling an activity of a first body-coupled communication interface of the first device during a second predetermined lapse of time when no activity is detected on the first wireless interface of the first device during the first predetermined lapse of time, and resuming the wireless link when at least one polling packet comprising a resume request is detected by the first body-coupled communication interface of the first device during the second predetermined lapse of time.

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract: The invention relates to a method for enrolling and authenticating a bank's cardholder to a service provided by a service provider, characterized in that it comprises: a. receiving an identification cardholder data (ID) by a first channel; b. double-checking the identity of said cardholder by a second channel.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: A first device generates a first signature, by using complete transaction data received from a second device, a first algorithm and a first key, modifies at least one character from t complete transaction data and gets partial transaction data, and sends to the second device the partial transaction data. The second device requests a user to modify the partial transaction data by providing at least one character, as complementary data to the partial transaction data, gets, as request response from a user, at least one character to modify the partial transaction data, a corresponding result being proposed modified transaction data, generates a second signature by using the proposed modified transaction data, the first algorithm and the first key, and sends to the first device the second signature. Only if the second signature does match the first signature, then the first device authorizes to carry out a corresponding transaction.

Abstract: An activated contactless communication circuit includes a device for receiving and transmitting a data-carrying electromagnetic field; a first circuit resonating with a first antenna for receiving data; and a second circuit resonating with a second antenna for transmitting data, the first and second resonating circuits being separate from each other. The transmission is carried out at a frequency phase-synchronized with the frequency of the electromagnetic field for reception.

Abstract: A method of authenticating a user at a first terminal or a remote server connected to the first terminal, the authentication including inputting a code into the first terminal by the user and in comparing this code with a confidential personal code of the user, the confidential personal code comprising symbols to be input successively by the user into the first terminal, the method including transmitting from the first terminal to a second terminal belonging to the user a disordered series of symbols, a subset of which constitutes the confidential personal code, displaying on a screen of the second terminal the disordered series of symbols in a grid, called the second grid, each symbol of the series being contained in a box of the second grid, inputting by the user on the first terminal, the confidential personal code into a grid, called the first grid, at the corresponding locations of the symbols of the confidential personal code in the second grid, and verifying, at the first terminal or the remote server,

Abstract: The invention is a method for managing a response generated by an application embedded in a secure token in response to a command requesting opening a proactive session. An applicative server relies on an OTA server to securely send the command to the application. The method comprises the steps of: the application retrieves a data from the command and derives a key using a preset function, the application generates the response to the command, builds a secured response packet comprising the response secured with the derived key and sends the secured response packet to the applicative server.

Abstract: The invention concerns notably a method for detecting dynamically that secure elements are eligible to at least one OTA campaign for updating these secure elements, each secure element cooperating with a telecommunication terminal in a telecommunication network, this updating being realized by an OTA server. According to the invention, the method consists in: Detecting which secure elements have not polled the OTA server for a given time frame; Checking eligibility for these secure elements; Updating the secure elements that did not poll the OTA server for this given time frame and that are eligible to the OTA campaign by pushing messages to these secure elements.

Abstract: The invention is a method for authorizing a device to establish a communication session with an access point of a WLAN. A secure token comprises a data related to a telecom network subscription and is connected to the device. The device comprises credentials required for establishing the communication session with the access point. The method comprises the following steps: asking the secure token to initiate an authentication by using the data, running an authentication process initiated by the secure token by using the data and a communication channel provided by the telecom network, in case of successful authentication, sending an authentication pattern from the secure token to the device, authorizing use of the credentials thanks to the authentication pattern in the device and establishing the communication session between the device and the access point by using said credentials.

Abstract: A remote server is connected to at least one energy box, each energy box being connected to at least one energy consuming device, and each energy box being connected to a metering device. The remote server sends to the energy box a transaction demand. The energy box sends to at least one energy consuming device an energy consumption reduction request. The metering device measures energy consumption of the energy consuming device. The metering device sends to the energy box the measured energy consumption. The energy box verifies whether the demanded transaction has been carried out based upon at least one test, the test depending on at least one measured energy consumption. If the demanded transaction has been carried out, the energy box sends to a remote server a transaction response.

Abstract: A system, method and computer-readable storage medium for decrypting a code c using a modified Extended Euclidean Algorithm (EEA) having an iteration loop independent of the Hamming weight of inputs to the EEA and performing a fixed number of operations regardless of the inputs to the EEA thereby protecting a cryptographic device performing the decryption from side-channel attacks.

Abstract: The present invention relates to a method to access a data store previously locked using a passphrase from a device. The method includes the following steps, when the user requests access to the data store: requesting the user to enter the personal code; generating an access code by applying a first function to at least the entered personal code; sending out, to the server, at least an identifier of the device and the access code; for the server, comparing the access code with the preliminary received first function; for the server, if the access code is correct, returning the passphrase to the device; and for the device, unlocking the data store using the received passphrase in combination with the entered personal code.

Abstract: The invention proposes a method consisting in: opening, at the request of the UICC, a data channel between the terminal and the server; performing a mutual authentication between the UICC and the server by using the bootstrap credentials; requesting, from the UICC to the server, the delivery of a subscription profile by using the unique serial number; if a subscription profile exists for the UICC, downloading the subscription profile to the UICC.