Abstract: A data carrier having one optically variable element, at least one background element, which is arranged after the at least one optically variable element when seen along an extension direction, and at least one security element, which is constituted by at least a part of the at least one optically variable element and at least a part of the at least one background element. At least one tamper-indicating element is provided, which is arranged at least in a region between the at least one optically variable element and the at least one background element with respect to the extension direction.

Abstract: Generation of one dimensional guilloche patterns able to be affixed on a document, each guilloche pattern being able to encode variable alphanumeric data providing a different appearance to each guilloche pattern, by formatting alphanumeric data to be encoded in the form of a predefined number of data blocks with a predefined size, generating a carrier function having a plurality of parameters, the formatted data blocks forming at least one of the parameters, and modulating the carrier function by the formatted data blocks so as to encode the alphanumeric data graphically, each data block defining a guilloche pattern, the number of data blocks defining the number of guilloche patterns, the carrier function associated with a formatted data block is modulated locally, each datum of the block being encoded locally in the guilloche pattern, by interpolation of a predefined point associated with the carrier function.

Abstract: This invention relates to a method for provisioning a wireless control device with an information element allowing to identify visually at least one unauthorized user in a restricted area, the restricted area comprising a gateless control area being equipped with at least an image sensor and an electronic reader supporting a short range radio technology allowing to read data memorized into a wearable device carried by a user.

Abstract: A method of producing at least one security element (9) in a data carrier (1) comprises the steps of: Providing a source of radiation (6) that is configured to emit electromagnetic radiation (R), providing a data carrier (1) that comprises at least one guiding layer (2) and at least one processing layer (3), providing at least one masking layer (4) comprising at least one masking element (5), and irradiating electromagnetic radiation (R) from the source of radiation (6) through the masking layer (4) and onto the data carrier (1). Electromagnetic radiation (R) that impinges on a region (7a) of the masking layer (4) having no masking element (5) impinges on the at least one processing layer (3) as electromagnetic radiation having a first radiation property (Ra), whereby the at least one processing layer (3) is cured in said region of impingement (8a) into a first curing state.

Abstract: Secure computation of a random number sequence in a cryptographic device. The computation is secured by receiving a homomorphic ciphertext seed vector, selecting an initial internal state from the seed vector, the initial internal state composed of a subset of elements of the seed vector, updating an internal state from a previous internal state using multivariate functions accepting elements of the previous internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, generating an intermediate result vector of homomorphic ciphertexts from the homomorphic ciphertext internal state multivariate functions accepting the elements of the internal state as inputs to produce a homomorphic ciphertext from homomorphic ciphertext input values, and decrypting the intermediate result vector elements into plaintext vector elements, thereby producing a plaintext deterministic random sequence vector corresponding to plaintext seed elements used to produce the seed vector.

Abstract: The present invention relates to a method secured against side channel attacks performing an arithmetic operation of a cryptographic algorithm mixing Boolean and arithmetic operations, wherein said method is performed by a cryptographic device comprising a processing system having at least one hardware processor, and said operation has a first value (x) and a second value (y) as operands, comprising: —obtaining (S1) a first masked value (x?), a second masked value (y?), a first Boolean mask (rx), a second Boolean mask (ry), said first masked value (x?) resulting from masking said first value (x) by said first Boolean mask (rx) by performing a Boolean exclusive OR (XOR) operation between said first value (x) and said first Boolean mask (rx), and said second masked value (y?) resulting from masking said second value (y) by said second Boolean mask (ry) by performing a Boolean exclusive OR (XOR) operation between said second value (y) and said second Boolean mask (ry), —performing (S2) in any order a plurality o

Abstract: The present invention relates to a method to authenticate a user having a GBA or AKMA compliant user equipment (UE) at a service provider (SR) using a GBA or AKMA protocol to communicate with a user equipment (UE), said method relying on an operator's (MNO) GBA or AKMA authentication framework while maintaining confidentiality of the communication between the user equipment (UE) and the service provider (SR) regarding the operator (MNO), said method using a Diffie-Hellman exchange between the user equipment (UE) and the service provider (SR), leading to a Diffie-Hellman session key (gxy), while establishing the GBA or AKMA protocol, said method comprising a step of calculation of a final Network or AKMA Application Function key (iNAF_key or iAApF_key) to be used in further communication between the user equipment (UE) and the service provider (SR) by derivation from the Diffie-Hellman session key (gxy) and from the GBA or AKMA protocol's service provider key (Ks_ext/int_NAF or KAF), the user authentication be

Abstract: The present invention relates to a method for reaching a consensus for appending, at a current round (j), a new block of data to a permissioned ledger distributed through a network comprising network connected devices authorized by the ledger, called nodes, said method being performed by a tamper-proof computing device configured for managing securely digital keys and comprising a random number generator and a cryptoprocessor for generating signatures with said keys, and comprising, for a set of transactions to be validated, the steps of: receiving, from at least a first node (Nk), a candidate block (Bj,Nk) computed by said first node on transactions among said set of transactions, for each received candidate block, generating a random value by the random number generator, and generating a signed selection message comprising: an identifier of the current round (j), said received candidate block (Bj,Nk) and said generated random value by said cryptoprocessor, broadcasting said signed selection messages to th

Abstract: Provided is a method for generating a digital signature of an input message (M) based on a secret key (dA) of a client device having access to a first set and a second set of precomputed data stored in a storage unit. The first set of precomputed data comprises private element parts (ki) protected with an homomorphic encryption. The second set of precomputed data comprises public element parts (Qi) paired with the private element parts of the first set. Each private element part is a discrete logarithm of the public element part paired therewith. The private element (k), can be homomorphically encrypted, by combining homomorphically encrypted private element parts selected in the first set (ki). The selection of the public and private element parts depends on the input message. Other embodiments are disclosed.

Abstract: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: The present invention relates to a method for a secure execution of a whitebox cryptographic algorithm applied to a message (m) and protected by countermeasures based on pseudo-random values, comprising the steps of: executing a pseudo-random function (PRP) generating pseudo-random output values and an encrypted main output value based on an encrypted input value (*Xi*) derived from said message, securing said cryptographic algorithm by applying to the cryptographic algorithm said countermeasures based on said generated pseudo-random output values retrieving, from said generated encrypted main output value, the input value or part of the input value, under an encrypted form (*Xi*), executing said secured cryptographic algorithm on said encrypted retrieved value.

Abstract: A system and method for authentication of a secure element cooperating with a Mobile Equipment forming a terminal in a telecommunication network is provided. The telecommunication network comprises a SEAF and a AUSF/UDM/ARPF. The method includes generating an anchor key (KSEAF_SRT) for the communication between the terminal and the SEAF according to 3GPP TS 33.501, wherein the anchor key (KSEAF_SRT) is indirectly derived from a key (KSRT) obtained by deriving from the long-term key K and a secure registration token SRT sent by the terminal to the AUSF/UDM/ARPF and concealed with the AUSF/UDM/ARPF public key along with its SUPI in the SUCI. Other embodiments are disclosed.

Abstract: The present invention relates to a method of secure generation by a client device A and a server device B of at least a RSA current signature and a RSA next signature with a private exponent component d of an RSA key, comprising: •a handshake phase (P1) comprising: a. receiving (S1) a handshake request comprising a hash of the next client value (pvA_next), b.

Abstract: A method for detecting that a removable secure element has been temporarily disconnected from a first device includes: Providing by the secure element to the first device a first Temporal Global Identity; Entering the first device in the sleeping mode; If the secure element is inserted and used by a second device during the sleeping mode of the first device, replacing in the secure element the first Temporal Global Identity by a second Temporal Global Identity and providing the second Temporal Global Identity to the second device; When getting out from the sleeping mode by the first device, reading by the first device the Temporal Global Identity stored in the secure element; If the Temporal Global Identity read is not the same than the stored Temporal Global Identity, sending to an MNO server a message to indicate that the secure element has been used by another device.

Abstract: A method to attach a mobile device to a server, using a protocol having data size encoding constraints which prevents using traditional ciphering, includes an initialization phase using a range of ephemeral IMSIs stored in a batch of credential containers of mobile devices and an associated group master key shared by the server and credential containers having the same range of ephemeral IMSIs to initiate a session using a server random value. The initialization phase uses limited payload in a mobile device-to-server message to send a randomly chosen rIMSI among the range of IMSIs to enable the server to generate keys to initiate a secured communication phase, then using individual keys stored in the mobile device and retrieved by the server with an identifier of the credential container sent in a mobile device-to-server message and with an individualization master key owned by the server.

Abstract: The invention is a method for communication between a server and a user equipment through a set of command/response pairs. The user equipment uses an IMSI field of an Attach Request frame as defined by ETSI TS 124.008 to convey a command to the server. The server uses an Authentication parameter RAND field or an Authentication parameter AUTN field of an Authentication Request frame as defined by ETSI TS 124.008 to convey a response corresponding to the received command. The server sends the Authentication Request frame in response to the Attach Request frame.

Abstract: The present invention relates to a method for generating a prime number and using it in a cryptographic application, comprising the steps of: a) determining at least one binary base B with a small size b=log2(B) bits and for each determined base B at least one small prime pi such that B mod pi=1, with i an integer, b) selecting a prime candidate YP, c) decomposing the selected prime candidate YP in a base B selected among said determined binary bases : YP=?yjBid) computing a residue yPB from the candidate YP for said selected base such that yPB=?yje) testing if said computed residue yPB is divisible by one small prime pi selected among said determined small primes for said selected base B, f) while said computed residue yPB is not divisible by said selected small prime, iteratively repeating above step e) until tests performed at step e) prove that said computed residue yPB is not divisible by any of said determined small primes for said selected base B, g) when said computed residue yPB is not divisible by a

Abstract: Security document and method of manufacturing thereof. The security document having at least one bio data page and at least one paper data page stitched together, and at least one cover sheet placed outside the bio data page and the paper data pages, said cover sheet having at least one end paper sheet stitched with the stitched pages and one cover material sheet attached to the end paper sheet. The inside of the cover sheet is kiss cut in order to prevent any splitting of the cover sheet.