Abstract: The present invention relates to a method to execute by a processing unit a sensitive computation using multiple different and independent branches each necessitating a given number of processing unit time units to be executed, characterized in that it comprises the following steps of, at each execution of a sensitive computation: generating at least as many identifiers as the number of branches, associating each identifier to a unique branch, generating a random permutation of identifiers, the number of occurrences of each identifier in the permutation being at least equal to the number of central processing unit time units in the shortest of the branches, by processing each identifier in the random permutation, determining successively the branch to execute by each successive central processing unit time units according to the identifier value, for each identifier of the random permutation, executing a central processing unit time unit for the branch determined according to the identifier value.

Abstract: The object of this invention is a method for securing an electronic document. In particular, this invention relates to a method that prevents the forging of documents in which an electronic chip is incorporated. To that end, the invention proposes a method in which the data on the document medium are associated with a fingerprint of the document, so as to make them inseparable. That fingerprint is determined on the basis of measurable physical units of the electronic chip or the medium. Thus, the invention allows the combination of the physical protection of the document and the protection of the chip so as to reinforce the security of said documents.

Abstract: The invention relates to a method for accessing an Internet protocol Multimedia Subsystem type subsystem, said subsystem. According to the invention, a device is firstly connected to a mobile communication network, as a visited network, said first network. The method comprises the following steps. The first network sends to the device a first message comprising current location data relating to a location where the device is currently present. The device analyses whether at least one roaming rule associated with the current location data is or is not stored within the device. The at least one roaming rule includes, each, at least one parameter for accessing the subsystem. And if the device does store the at least one roaming rule associated with the current location data, then the device sends to the subsystem a second message including a request for connecting to the subsystem. The invention also pertains to a corresponding device.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: A method for data transmission in a cellular network to a wireless device, the wireless device being assigned to a group of low capability devices. The cellular network comprises a plurality of base nodes, including an active base node, which is the base node the wireless device is currently associated to, wherein a data connection with the wireless device is established. The active base node is configured to downlink communicate on a frequency band comprising a plurality of frequency blocks comprising a plurality of subcarriers. The method comprises: the active base node transmitting data to the wireless device in a frequency block, being during a scheduling period the only frequency block providing data to said wireless device, submitting the data dedicated for the wireless device in one first subframe of the frequency block, followed by at least one second subframe without data dedicated to the wireless device.

Abstract: The invention relates to a method for managing a wireless link between a first device and a second device. The method includes the steps of polling an activity of a first wireless interface of the first device during a first predetermined lapse of time, suspending the wireless link and polling an activity of a first body-coupled communication interface of the first device during a second predetermined lapse of time when no activity is detected on the first wireless interface of the first device during the first predetermined lapse of time, and resuming the wireless link when at least one polling packet comprising a resume request is detected by the first body-coupled communication interface of the first device during the second predetermined lapse of time.

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract: A mobile terminal for participating in a mobile network and adapted to perform a power consumption sensitive cell reselection includes a detector configured to detect presence of a first possible connection to the mobile network via a first technology, and a second possible connection to the mobile network via a second technology. A selector is configured to identify which of the first possible connection and the second possible connection causes less energy consumption in the mobile terminal in a low-power mode of operation. A controller is configured to connect the mobile terminal to the mobile network through the identified possible connection. A network entity for supporting a mobile terminal in performing a power consumption sensitive cell reselection is also disclosed.

Abstract: A wireless communication device in a cellular network, comprising a plurality of cells, each having a base node, camps on an active cell, which is part of one of two or more radio access networks of the cellular network. The cellular network further comprises at least one device domain, said wireless communication device being assigned to said device domain. The wireless communication device determines measurements of received signal quality of the base node of a cell, and submits to the base node of the active cell said measurements and a request for service. The cellular network sends the wireless communication device an instruction relating to the use of at least one of said radio access networks, based on: the device domain the wireless communication device is assigned to, and the received measurements. The wireless communication device selects a cell for the requested service, based on the instruction.

Abstract: The invention relates to a method for enrolling and authenticating a bank's cardholder to a service provided by a service provider, characterized in that it comprises: a. receiving an identification cardholder data (ID) by a first channel; b. double-checking the identity of said cardholder by a second channel.

Abstract: In a method for downloading subscription information to an identification unit connected to a wireless communication device operating within a cellular network, which includes at least one packet gateway node and a remote provisioning server being connected to it, the wireless communication device operates in a mode with limited access to the remote provisioning server.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: A first device generates a first signature, by using complete transaction data received from a second device, a first algorithm and a first key, modifies at least one character from t complete transaction data and gets partial transaction data, and sends to the second device the partial transaction data. The second device requests a user to modify the partial transaction data by providing at least one character, as complementary data to the partial transaction data, gets, as request response from a user, at least one character to modify the partial transaction data, a corresponding result being proposed modified transaction data, generates a second signature by using the proposed modified transaction data, the first algorithm and the first key, and sends to the first device the second signature. Only if the second signature does match the first signature, then the first device authorizes to carry out a corresponding transaction.

Abstract: A method for downloading an updated profile includes a) receiving by a first server an enrolment request with a subscriber identifier, b) receiving by a second server data for provisioning the second server for the subscriber, c) receiving by a third server a command for downloading an updated profile accompanied with the subscriber identifier and an profile identifier, d) sending from the third server to the second server a request for at least one data update accompanied with the subscriber identifier, e) sending from the second server to the third server the data update, f) associating by the third server the data update and a profile, g) sending from the third server to the device or a chip the associated updated profile, i) activating by the device the associated updated profile, and j) sending to the second server a message that the associated updated profile is activated.

Abstract: An activated contactless communication circuit includes a device for receiving and transmitting a data-carrying electromagnetic field; a first circuit resonating with a first antenna for receiving data; and a second circuit resonating with a second antenna for transmitting data, the first and second resonating circuits being separate from each other. The transmission is carried out at a frequency phase-synchronized with the frequency of the electromagnetic field for reception.

Abstract: A method of authenticating a user at a first terminal or a remote server connected to the first terminal, the authentication including inputting a code into the first terminal by the user and in comparing this code with a confidential personal code of the user, the confidential personal code comprising symbols to be input successively by the user into the first terminal, the method including transmitting from the first terminal to a second terminal belonging to the user a disordered series of symbols, a subset of which constitutes the confidential personal code, displaying on a screen of the second terminal the disordered series of symbols in a grid, called the second grid, each symbol of the series being contained in a box of the second grid, inputting by the user on the first terminal, the confidential personal code into a grid, called the first grid, at the corresponding locations of the symbols of the confidential personal code in the second grid, and verifying, at the first terminal or the remote server,

Abstract: The invention is a method for managing a response generated by an application embedded in a secure token in response to a command requesting opening a proactive session. An applicative server relies on an OTA server to securely send the command to the application. The method comprises the steps of: the application retrieves a data from the command and derives a key using a preset function, the application generates the response to the command, builds a secured response packet comprising the response secured with the derived key and sends the secured response packet to the applicative server.

Abstract: The invention concerns notably a method for detecting dynamically that secure elements are eligible to at least one OTA campaign for updating these secure elements, each secure element cooperating with a telecommunication terminal in a telecommunication network, this updating being realized by an OTA server. According to the invention, the method consists in: Detecting which secure elements have not polled the OTA server for a given time frame; Checking eligibility for these secure elements; Updating the secure elements that did not poll the OTA server for this given time frame and that are eligible to the OTA campaign by pushing messages to these secure elements.

Abstract: The invention is a method for authorizing a device to establish a communication session with an access point of a WLAN. A secure token comprises a data related to a telecom network subscription and is connected to the device. The device comprises credentials required for establishing the communication session with the access point. The method comprises the following steps: asking the secure token to initiate an authentication by using the data, running an authentication process initiated by the secure token by using the data and a communication channel provided by the telecom network, in case of successful authentication, sending an authentication pattern from the secure token to the device, authorizing use of the credentials thanks to the authentication pattern in the device and establishing the communication session between the device and the access point by using said credentials.