Abstract: A Hardware Security Module (HSM) (900), and method thereof, suitable for use in securely servicing cryptographic requests from multiple tenant applications to preserve end-to-end privacy is provided. A Link Encryption and Key Diversification interoperability (43) between two processors provides cryptographic and logical isolation between multiple tenant applications on the HSM (900) that use and share more than one PCIe Physical Function (30) over more than one Virtual Function (VF) (21) to one or more Crypto Units (CU) (61) for satisfying a request (46) of an HSM cryptographic services. An Output Feedback (OFB) block with CRC support is further provided with encryption and decryption. The HSM as configured is more resistant to side channel attacks.

Abstract: The disclosure concerns a method of replacing a current key in a security element co-operating with a terminal in a network operated by a network operator, the method includes trying to decrypt the encrypted message by using the current key; selecting in a table stored in the secure element another key and try to decrypt the encrypted message by using the other key; replacing atomically the current key by the rescue key and do not use the current key anymore, the rescue key replacing the current key and, otherwise, try to decrypt the encrypted message by using another rescue key of the window if such another rescue key exists, until all rescue keys have been selected and used for decrypting the encrypted message and, if none of the rescue keys permit to decrypt the encrypted message, select the blocking key; and blocking the corresponding functionality of the security element.

Abstract: Provided is a method to monitor the management of network slices by a communication device (ME) having a secure element (USIM), said communication device being compliant with at least a technology implementing network slicing using a route selection policy, said communication device further supporting a USIM application toolkit framework implementing event download envelops, said secure element having a memory to store rules for the route selection policies, said method comprising the steps of, for the communication device active in a network of the technology implementing network slicing. It receives a slice status and slice information from the network, and pushes the slice status and slice information to the secure element using an event download envelop as defined in the USIM application toolkit framework supported by the communication device.

Abstract: A method for transmitting data stream packets within a wireless communication network, includes the following steps: at at least one node: computing, from the signatures Si of the streams Fi to which the node has subscribed and for each of these streams Fi, reserved resources RBres wherein there is no collision, and resources RBcomp potentially in competition, wherein collisions are possible, checking whether the current resource RB is reserved or whether it is in competition, if the current resource RBres is reserved if the node is the packet transmission source or if the node has already correctly decoded the packet, transmitting the packet of the stream associated with the resource, if not, attempting to decode the packet of the stream and, if the decoding is correct, storing the decoded packet in memory, if the current resource RBcomp is in competition, applying a method for managing stream collisions on the resources where n>1.

Abstract: A first server launches, under control of a device user, an execution of a first virtual payload by using a predetermined service provider interface or a first predetermined application programming interface that is associated with the first virtual payload executed by the first server. The first virtual payload generates a first random nonce. The first virtual payload launches an execution of a second virtual payload by using an associated second predetermined application programming interface. The second virtual payload is executed by the first or a second server. The first virtual payload exchanges with the second virtual payload the first random nonce, so as to establish a first secure channel. The invention also relates to corresponding first server and system.

Abstract: A system comprising a secure element cooperating with a telecommunication terminal is provided. The secure element or the terminal comprises files in which MCC/MNC codes of MNOs are stored. The telecommunication terminal is configured to select the files in order to attach the terminal to the telecommunication network of a MNO. The secure element or the terminal also comprise a file, called National like network file, for storing national network codes (MCC/MNC) of networks of the country of the Home PLMN of the secure element. The terminal selects the National like network file in order to try to connect the terminal to one of the networks referenced in the National like network file. Other embodiments are disclosed.

Abstract: A method for transmitting a subscription profile that includes transmitting from a POS of the MNO the unique identifier of the secure element to a SM-DP; creating or reserving the subscription profile at the SM-DP; provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI including a second MCC, a second MNC; provisioning in the HSS of the MNO the temporary IMSI and an ephemeral Ki; at the first attempt of the secure element to connect to the D-HSS server with its temporary profile, exchanging data in signaling messages between the secure element and the D-HSS for provisioning the secure element with the temporary IMSI; at the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: A method comprises: Sending, by a first Chip Interface Device (CID), to a second CID, using a CID type protocol, a request for establishing a secure channel over a wireless protocol. Sending, by the second CID, to a Personal Computer Smart Card (PCSC), a first request for establishing a connection to the chip. Establishing, by the PCSC, a connection to the chip. Establishing, by the PCSC, a connection to the second CID. Establishing, by the second CID, a secure session with the first CID by using a session key. And sending, by the second CID, to the first CID, while using the CID type protocol, a secure CID channel establishment success that allows sending or receiving APDU(s) via the established secure channel over the wireless protocol. The second CID renders apparent to the first CID the chip as being connected.

Abstract: Provided is a secure online authentication method of a user by a relying party using a mobile ID document uses a secret to consent to a retrieval of a dedicated data field, wherein an access token is generated, including a proof, which is used by the relying party to transmit an access request to the mobile document issuer, trading the token for an authentication document comprising the personal data related to the dedicated data field by the document issuer to the relying party, wherein the proof verification material is extracted from the authentication document and checked to access said personal data and accepting the online authentication of the user. Other embodiments disclosed.

Abstract: Provided is a method to operate a subscriber identification module connected to a communication equipment configured to operate in a cellular network and communicatively coupled with a remote server. The method includes receiving from the communication equipment an information element indicating a time range relating to a suspend time of the communication equipment, receiving from the remote server a target access time information element indicating an expected time for an access request from the subscriber identification module to the remote server, and determining a suspension time period considering the suspend time range. The method includes providing to the communication equipment the suspension time period, and in case after resuming from the suspension instructed by the communication equipment the accumulated duration of at least one successive time period derived from the suspension time period exceeds the target access time, sending a polling message.

Abstract: A system and method for protecting an application resource file (RF) when a client uses an application on a host can include the steps by the application on the host of binding the RF to the host during execution of the application on the host by obtaining a device fingerprint of the host, verifying a signature by using the RF, the device fingerprint of the host, and a public key, where the signature was created during or at one of the following: a) an installation of the application at the host by signing the RF and the device fingerprint of the host using a private key corresponding to the public key; (b) an application provider before the installation of the application at the host; or (c) a client device; and where the method further uses the RF if a verification of the signature is successful.

Abstract: Provided is a low capability device (UE) active in a communication system comprising a plurality of satellites (Si, Sj) insuring a temporally continuous communication coverage for the low capability device (UE), said satellites being further grouped in families (S1x), satellites of a same family (S1x) sharing same and common access information, said device (UE) comprises a power saving module to send to the serving satellite (S11), during a first data session, a next access request for a next or continued data session with time indications including at least a desired next time interval to be granted for communication. Other embodiments disclosed.

Abstract: A supporting frame for aerospace applications comprises a plurality of rods, which are arranged along two bases substantially parallel and opposite each other, and along two sides, which are substantially parallel and opposite to each other and are coupled to each other via the two bases; the rods are coupled to each other in a mutually rotating manner by nodes so as to be able to configure the supporting frame between a deployed operating condition and a compacted operating condition; the nodes are spaced apart from one another in the deployed operating condition and are each hinged to at least two of the rods; in the compacted operating condition, each of the nodes is placed side by side with two adjacent nodes so as to form, together, two supporting members arranged at opposite longitudinal ends of the supporting frame and each being ring-shaped.

Abstract: A system for managing advertisements in an in-flight entertainment (“IFE”) system operating on an airplane can include an inventory processing device and a non-transitory computer readable medium. The non-transitory computer readable medium can be communicatively coupled to the inventory processing device to cause the inventory processing device to perform operations. The operations can include determining an inventory of targeted advertisements for future flights. The operations can further include receiving a request to use a portion of the inventory for advertisements associated with an advertiser. The operations can further include transmitting instructions to an IFE controller on-board the airplane to cause the IFE controller to provide the advertisements during targeted advertisement opportunities during a flight.

Abstract: The invention relates to a system for identifying a user terminal forming part of an entertainment system for a mobile passenger transport apparatus comprising a plurality of user terminals and a communication network connecting said user terminals, each user terminal comprising a screen, and being designed to be attached to a docking station positioned at a predetermined location. The docking station comprises an identification component encoding an identifier comprising spatial location information for the docking station, and the user terminal comprises an identifier reading device, adapted to obtain, upon command, said identifier from the identification component of the docking station to which said user terminal is attached, the user terminal comprising a memory and being adapted to store said identifier in said memory. The identifier is used during network communications in said communication network.

Abstract: A sonar includes a first part and a second part linked by an electric carrier cable configured to mechanically support the second part and allow the two parts of the sonar to exchange signals comprising: a unidirectional signal, called electrical power supply signal, unidirectional signals, called signals to be emitted, transmitted by the first part to the second part for them to be transmitted in the form of acoustic waves, and a bidirectional signal conveying communication data, the sonar wherein the first part comprises signal combination means configured for the signals to be transmitted simultaneously over the electric carrier cable, and in that the second part comprises separation means allowing the recovery of each of the signals transmitted over the electric carrier cable.

Abstract: A device comprises a hash tree including a root node and a leaf node. An issuing authority having agreed to generate a signature of the root node after having successfully checked validity of an attribute stored in the leaf node. The device identifies a subset of nodes by using a template specifying the structure of the hash tree, said subset comprising, for all paths of the hash tree that do not comprise said leaf node, the node which is the closest to the reference root node and which does not belong to the path comprising said leaf node. A verifier computes a test hash and then computes a test root node by applying a preset rule. The verifier checks that the signature is valid using a data whose authenticity is certified by the issuing authority.

Abstract: Provided is a system and platform for Machine Learning (ML) based Data Discovery and Classification. The system and platform comprising components of a user console, a ML agent, and a ML data engine. By way of a ML pipeline, sensitive data is obfuscated that would otherwise by in the clear when transmitted to a centralized server. The ML model pipeline decouples embedding from model training. In a first step, the ML Agent runs on data endpoint machine or proxy to convert clear text data to embedding vectors. In a second step, the ML data engine runs on a centralized server to train models using the embedding vectors. The separation of pipeline components and respective handling of workflow requests and messages associated therewith prevents the transfer of clear data in the open. Other embodiments disclosed.

Abstract: This electronic configuration assist device of a flight of an aircraft includes: an acquisition module configured to acquire a flight modality, previously selected by a user from a set of predefined flight modalities; a determination module configured to determine a group of avionics functional component(s) as a function of the acquired modality, each functional component having an elementary score for each predefined flight modality, an overall score being calculated for each possible group of components from the elementary score or scores of the components of the said group for the acquired modality, the determined group being the one having the best overall score among the calculated overall scores; a display module configured to display information relating to each component of the determined group of avionics functional component(s).

Abstract: A device for controlling the efficiency of a scanning active antenna includes at least two transmission paths Txi, a transmission path comprising a phase control module, and a power stage at the output of which a radiating element is arranged, comprising at least: a voltage modulator located upstream of the power stage of each of the radiating elements, a control device transmitting a PWM drain voltage control signal configured so as to manage the gain of a power stage in accordance with a predefined first bias law and to control the phase applied to the drain of the power stage in accordance with a second bias law.