Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract: The invention relates to a radio device for requesting and receiving a radio network service from at least one cellular radio network, comprising a multi-domain monitoring unit, which is configured to determine, while access to a first one of the radio network domains is maintained, first availability information regarding the requested radio network service from the first radio network domain and second availability information regarding the requested radio network service from at least one second radio network domain of the set of radio network domains, and provide at its output, at least upon determination that the first availability information indicates non-availability of the requested radio network service from the first radio network domain, an availability output indicative at least of those second radio network domains with determined current availability of the requested radio network service.

Abstract: The invention relates to the technical field of smart cards with displays. Such a card comprises, embedded in a transparent core, a multi-component module supporting the display. The card comprises: at least one layer of ink printed on the surface of the transparent core, except in a zone facing the display, said at least one layer being opaque in at least one region; and a transparent film covering the at least one ink layer. The card is characterized in that the at least one layer is formed by a first opaque ink layer printed on the surface of the transparent core, except in a zone facing the display and a second ink layer forming a graphic design allowing customization printed on the first ink layer.

Abstract: In an operating method of a user equipment that exchanges signals with network nodes of a cellular radio access network, a quantity that is indicative of a current operating temperature of the user equipment is measured; the user equipment determines whether a threshold value relating to the operating temperature has been exceeded; if the threshold value is exceeded, temperature information is transmitted to a network node of the cellular radio access network, to indicate that the threshold value has been exceeded; in response, the user equipment receives an instruction to use a second set of operating parameters requiring a smaller average power input for the connection to the cellular radio access network in comparison with the first set of operating parameters; and the user equipment, in response to receiving the instruction, reconfigures its connection to the cellular radio access network so as to use the second set of operating parameters.

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: The present invention relates to a method to operate a contactless mobile device as a low cost secured point-of-sale, hereinafter POS device, said POS device having a non-secured operating system, a POS application installed in said non-secured operating system, an embedded secure element, a transaction proxy applet installed in said embedded secure element and a Contactless Front-End to contactless communicate with a customer mobile device having a secured transaction dedicated application.

Abstract: The invention is a method of communicating between a server and a distant secure element through a point-to-point link. The server is provided with a set comprising a plurality of data and a plurality of identifiers, each of the data is associated with one of the identifiers. The plurality of data comprises a first data compatible with the distant secure element and a second data incompatible with the distant secure element. The whole set is sent from the server to the distant secure element through the point-to-point link. A control operation is run with respect to a reference value stored in the distant secure element for each identifier. The data associated with the identifiers for which the control operation failed is discarded.

Abstract: The present invention generally relates to systems and methods for performing issuer updates of data stored in a mobile device, a remote authentication, a remote payment transaction or enable the configuration of mobile application functions or operations. More specifically, the present invention relates to a method and system for securing an issuer updates processing for mobile payment application. When an update transaction is initiated, the payment application increments an Application Transaction Counter ATC and derives from this ATC a session keys. Sensitive user credential data are encrypted with the computed session keys before transmission to a gateway which is configured to compute the session keys for decryption. The decrypted user credential data are forwarded to a payment application issuer for updates.

Abstract: The present invention relates to a server comprising at least an application outputting at least one cookie, the server including a scrambled cookie names generator, a correspondence mechanism associating connections attributes for the application with an unpredictable scrambled cookie name, the scrambled cookie name being the one provided in the cookie sent to client side for use in the next connections to the application.

Abstract: The present invention concerns a method for transferring securely the subscription information and user data from a first terminal to a second terminal, the terminals respectively containing a first and a second UICC. According to the invention, the method consists in: i—transmitting an identifier of the second terminal to the first terminal; ii—transmitting from the first terminal to a secure vault the identifier of the second terminal and an identifier of the first UICC; iii—transmitting from the secure vault to the first terminal a subscription installation public key of the second terminal; iv—in the first UICC, packaging and encrypting the subscription information and user data with the subscription public installation key of the second terminal; v—transmitting the package to the second UICC of the second terminal; vi—installing the package on the second UICC.

Abstract: Method for providing user-to-user delegation service in federated identity environment, characterized in that it comprises a delegation or assignment step wherein a delegator specifies said delegation at an identity provider for delegating a privilege or task to a delegatee to be performed at a service provider.

Abstract: An integrated circuit card is used with a terminal. The integrated circuit card includes a memory that stores an interpreter and an application that has a high level programming language format. A processor of the card is configured to use the interpreter to interpret the application for execution and to use a communicator of the card to communicate with the terminal.

Abstract: The invention relates to a method for initiating an OTA session in a mobile radio communication network at the request of a user of a mobile terminal. The OTA session is established between the mobile terminal and a remote OTA server, the mobile terminal including a security element such as a UICC card. According to the invention, the method comprises: i) entering a special code using the man/machine interface of said mobile terminal; ii) said security element intercepting said special code; and iii) opening said OTA session between said mobile terminal and said remote server in a secure mode.

Abstract: The invention relates to a method for providing a user with an authenticated remote access to a remote secure device (2), said remote access being initiated from a local accessing device (1), said remote secure device (2) embedding secure data related to a specific service, characterized in that it comprises establishing a mutual authentication between said remote secure device (2) and a local secure device (3) different from the local accessing device (1) so as the user of the local accessing device (3) is able to access to the secure data of the remote secure device (2).

Abstract: The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.

Abstract: The present invention generally relates to systems and methods for authenticating transactions through a simplex communication. To allow trusting the transaction with a payment by an image code such QR code, the invention proposes means to authenticate said transaction. For that, when the mobile payment application is loaded into preferably a secure element of the user mobile device a registration process is enabled. During this registration process on a server, an account of the user is created and a set of unpredictable numbers in quantity N is generated. This set of unpredictable numbers is transmitted to the mobile payment application for storage. The payment application uses the stored set of transaction unpredictable numbers for next N times transactions performed by the mobile payment application for transaction cryptogram calculation. The same transaction unpredictable number is recovered in the server side during the transaction authorization process.

Abstract: A method designed to allow the printing of a matrix (MPC) of pixels, in N colours defining a colour coding system, on a selected part of a physical medium (MP). That method comprises a stage in which colour pixels are printed in at least one pass along oblique lines in relation to the physical medium (MP), wherein the pixels of an oblique line are all in the same colour selected from the N colours and different from that used for the previous oblique line, in order to generate a matrix (MPC) of M horizontal lines comprising P pixels each in the N colours successively in a selected order, and wherein each horizontal line other than the first one comprises a first pixel that is identical to the second pixel of the previous horizontal line.

Abstract: The invention is a method for negotiating a parameter of an optical communication protocol between two devices. One device displays a first calibration image comprising a series of pixel patterns having a predetermined position and different sizes. The other device takes a first calibration picture of the first calibration image, identifies a set comprising at least one detectable pixel pattern in the first calibration picture and selects a setting data based on the set. Then it displays a second calibration image comprising this setting data which is read by the first device via another calibration picture. The first device retrieves the setting data from the calibration picture, selects a value based on the setting data and updates the parameter with the selected value.

Abstract: An application device exchanges application data via a cellular radio communication network with an application server. The application device has a memory providing write access for a control entity associated with the network. The application device receives an information element from a network management node operated by the control entity. The information element is indicative of regulation information that defines at least one time span or point in time that can be used for transmission of application exchange data between the application device and the application server. The application device receives an instruction from the network management node to store the regulation information in the device memory, and stores the regulation information. The application device subsequently initiates transmission of the application exchange data between the application device and the application server only at an allowed time that is in accordance with the stored regulation information.

Abstract: The present invention provides a method of operating an idle mobile unit that is capable of communicating with first and second wireless communication systems. One embodiment of the method includes providing a location update message in response to the idle mobile unit transitioning from a first tracking area associated with the second wireless communication system to a second tracking area associated with the second wireless communication system. The first and second wireless communication systems are capable of paging the idle mobile unit following the location update message.