Abstract: The present invention relates to a system and method for securing offline usage of a certificate by authenticating a user by a One Time Password (OTP) system when the user computing device is working in offline. An external authentication server of the server generates a set of expected OTP to protect the certificate. The server encrypts each certificate with a wrapper key and derivates a key from each OTP. Each derived key encrypts the wrapper key to create a set of encrypted wrapper keys. The computing device stores into its memory the encrypted certificate and the set of encrypted wrapper keys received from the authentication server. During a use of the certificate by the computing device working offline, an authentication request is received from a user of the computing device, the authentication request including a user-provided OTP. The computing device derives a key from the OTP provided. The OTP derived key being used to decrypt one corresponding wrapper key of the set of encrypted wrapper keys.

Abstract: The communication device 1 comprises a memory M for storing a numeric key and a diversification algorithm; a calculator D for generating an identification code from at least the numeric key and the diversification algorithm; a display for displaying the identification code generated 101, 102, 103 by the calculator. The communication device further comprises a light sensor 11 for receiving a light signal 30.

Abstract: To place an insert cut out of film with no gaps in a cavity formed in a foil, after placing the foil on a supporting substrate, the cavity is punched into the foil by means of a tubular cutting punch comprising an inner pusher with a cutting edge in the required shaped of the cavity and the insert, so that the edge goes through the thickness of the foil and cuts a slug out of it; the punch is lifted with the slug held inside the punch, without moving the foil, the film is brought between the foil and the edge of the punch, the punch is lowered once again so as to cut the insert out of the film and then push the insert cut in that way in the cavity with a pusher, and the punch and the pusher are removed, with the insert held in place in the cavity.

Abstract: A method for manufacturing a personalizable portable electronic device having a reprogrammable non-volatile memory for storage of application programs and libraries as well as a corresponding portable electronic device and personalization system. The method includes a step of storing a plurality of compressed application code libraries in the non-volatile memory a step of determining which application code libraries are not required for applications used on the personalizable portable electronic device, a step of deleting from the non-volatile memory any compressed application code libraries determined to not be required for applications used on the personalizable portable electronic device, and a step of decompressing an application code library required by an application used on the personalizable portable electronic device. Other systems and methods are disclosed.

Abstract: The present invention relates to a method for updating a firmware on a device, from a current version to a new version, said firmware being split into: —a core part, —an extended part comprising a plurality of entry points callable by the core part, said method comprising: —inhibiting the entry points between the core part of the current version, called current core part, and the extended part of the current version, called current extended part; —erasing the current extended part; —downloading the core part of the new version, called new core part; —erasing the current core part; —downloading—the extended part of the new version, called new extended part; —activating the entry points between the new core part and the new extended part.

Abstract: The invention relates to a payment device 100 comprising a secure integrated circuit SE with a dual interface. A connector 110 is connected to the contact type interface in order to communicate with an external reader. An antenna 140 is connected to the contactless interface. The device also comprises a reader circuit 120, 130, 150 compatible with the secure integrated circuit SE, wherein the reader circuit is connected in parallel to the connector 110. An independent battery BAT is used to power the reader circuit. A power switching circuit 160 connected to a communication field detection circuit 170, wherein said power switching circuit is capable of powering the reader circuit after a communication field is detected.

Abstract: Disclosed is a method to operate a wireless device, comprising a communication unit, in a wireless cellular network comprising at least two radio access networks, the communication unit being configured to communicate to a network node of the wireless cellular network, the network node being associated to a first radio access network. The method comprises the steps for the communication unit of: detecting if a second radio access network of said wireless cellular network fulfills a predefined set of access parameters, wherein the second radio access network supports a different access technology than the first radio access network. If the second radio access network fulfills said set of access parameters: sending a connection release indication to the network node, receiving from the network node a connection release confirmation message, sending a connection request message to the wireless cellular network with selection of said second radio access network.

Abstract: The invention is a system comprising a host device and a secure element including a plurality of virtual profiles and an execution component configured to run simultaneously several of said virtual profiles. The system comprises a discovery agent configured to provide a subset of the plurality of virtual profiles, configuration data for each virtual profile of said subset and capability data reflecting the maximum of logical channels handled by the host device. The system comprises an allocating agent configured to cooperate with the discovery agent to allocate a range of logical channels to each virtual profile of the subset based on the capability data and to determine in each of the ranges a main logical channel which remains permanently available when the virtual profile to which the range is allocated has been booted.

Abstract: The invention is a method of managing communication between a host device and a secure element comprising two virtual profiles. The method comprises the steps of: running simultaneously both virtual profiles in the secure element, generating an incoming data from the host device by multiplexing a first command targeting one virtual profile and another command targeting the other virtual profile and sending the incoming data to the secure element, demultiplexing both commands at the secure element side and sending each command to the targeted virtual profile, getting response messages generated by both virtual profiles by executing said commands, generating an outgoing data by multiplexing the response messages and sending this outgoing data to the host device, and demultiplexing the response messages at the host device side.

Abstract: This invention relates to a method used by an authorized user for the verification of a document having electronic verification means, The method comprises the various steps consisting in:—reading, with electronic reading equipment with which the authorized user is equipped, of information stored in the electronic verification means of the verified document;—transferring verification information, established on the basis of the information saved in the electronic verification means, from the electronic reading equipment to a viewing device of the authorized user, which viewing device is positioned, in normal conditions of use, in front of the eyes of the authorized user, the said viewing device being transparent to allow the said authorized user to see through it.

Abstract: The invention relates to a method for loading at least one native code on at least one target secure element comprising a java card virtual machine, said method comprising the following steps: providing a modified CAP file composed of at least one custom CAP component comprising a native code; extracting said native code from the custom CAP component; installing said native code in the target secure.

Abstract: The present invention concerns a secure document comprising at least a personalized rainbow color micro-text with a text height inferior or equal to 300 ?m. The invention also concerns the method of production of said secure document. The present invention also concerns a method of production of a secure document comprising at least a personalized rainbow color micro-text with a text height inferior or equal to 300 ?m, said method comprising at least the following steps:—printing a rainbow color pattern on a predefined area of the secure document,—laser marking on the rainbow pattern of the predefined area, in order to form the personalized rainbow color micro-text on said predefined area. The laser marking can be laser blackening, laser whitening or a laser color change.

Abstract: The present invention relates to a method to protect, in a secured container using an encryption key, a set of mixed sensitive and public data to be transferred to an entity. The method includes the steps of: generating a random key, ciphering the set of mixed sensitive and public data using said random key to obtain a ciphered set of data, generating an initialization value, and defining configuration information for the secured container. The initialization value, the configuration information and random key form a preamble. The preamble and the ciphered set of data are encrypted. The initialization value renders the resulting encrypted data variable from a secured container to another even in case of repetitive configuration information in the preamble.

Abstract: The present invention concerns the implementation of end-to-end security for the communication between a low cost card reader and the remote server. The purpose of the present invention is the establishment of a secure channel between the card reader and the remote server through an un-trusted communication device (e.g. a smart phone or a tablet) that is intrinsically resistant to some basic differential side-channel analysis in a context where there is no secure random number generator and no source of entropy in the card reader, while providing the following characteristics:—Mutual authentication between the card reader and the server—Secure channel based on session keys such that the keys of the secure channel related to a past transaction cannot be re-played, or the session keys of a future transaction cannot be pre-computed by the card reader and later re-use by the card reader in a legitimate transaction.

Abstract: The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

Abstract: The invention comprises an operating method of a terminal device, which is configured for radio communication via different frequency bands, in performing a network scan, the method comprising: receiving a command for starting a network scan; in response to receiving the command, attempting a synchronization with predefined control channels on all frequency bands receivable by the terminal device or on a subset thereof comprising a plurality of the frequency bands, and, upon successful synchronization with a respective one of the control channels, ascertaining respective network-configuration information provided via the respective control channel by a respective network; determining, using the network-configuration information ascertained, an estimate of a quantity indicative of an achievable data throughput, hereinafter throughput estimate, associated with the respective ascertained network-configuration information; generating and providing an output, which is indicative of at least one of the determined t

Abstract: The invention relates to a method for a client device (2) to access to remote secure data on a remote secure device (1), said secure data being associated to a remote service, characterized in that it comprises creating a secure peer to peer channel (3) between a client application (21) of a client device and said remote secure device so as the client device and the remote secure device exchange data (4) securely and bidirectionally.

Abstract: The invention proposes an off-line divisible e-cash scheme where a user can withdraw a divisible coin of monetary value nL (n being for example equal to 2) that he can parceled and spend anonymously and unlinkably. The invention allows to protect the anonymity of honest users and to revoke anonymity only in case of cheat for protocols based on a tree structure without using a trusted third party.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: Automated secure registration techniques for communication devices are provided which address the problem of allowing multiple clients to gain access to one system, and thus provide a solution to the “reverse single sign-on” problem. For example, a method for registering a group of two or more communication devices in a communication network comprises the following steps. A group challenge message is sent from a network device to the group of two or more communication devices. The network device receives one or more response messages to the group challenge respectively from one or more of the group of two or more communication devices, wherein the response message from each of the responding communication devices in the group comprises a group credential corresponding to the group.