Abstract: A method for connecting a secure element to a network of a first mobile network operator using an ephemeral first IMSI, in order to get a second IMSI, from the first mobile network operator, includes: Selecting a first radio serving network, the first selected network being not listed in the Forbidden VPLMN list of the secure element; Sending a REGISTER REQUEST message comprising the first IMSI to the first selected network; If the first selected network does not route the message to the network of the first mobile network operator, stop trying to register with the first selected network and put the MCC/MNC codes of the first selected network in the Forbidden VPLMN list of the secure element; Searching for a another network to register with; and Repeat the foregoing steps until a network routes the first IMSI to the network of the first mobile network operator.

Abstract: The invention method comprises: authenticating successfully, by a user authentication server, through a logon agent in a device, a device user; sending, by the user authentication server, to the logon agent, session data relating to the successful authentication session; sending, by the logon agent, to a logon application the session data; receiving, by at least one browser, from the device user, a first request for accessing the service with a first server identifier; sending, by the logon application, to the at least one browser, the session data; sending, by the browser, based on the first server identifier, to a first receiving server, the session data; verifying, by the first receiving server, whether the session data is or is not valid, and, if yes, authorizing access to the service.

Abstract: A method for producing a metal insert for a radio-frequency chip card includes the steps of forming or providing an assembly comprising an insulating substrate bearing: at least one antenna coil resting on the substrate, comprising a connection interface to a radio-frequency module, a metal plate comprising radio-frequency permittivity perforations and a cavity for receiving a radio-frequency chip module, respectively arranged facing the antenna coil and its connection interface. The perforations comprise at least two longitudinal slots extending along and facing a portion of the antenna coil, each slot also opening onto the edge of the plate via a passage arranged on the edge. The invention also relates to a corresponding card produced by the method.

Abstract: The present invention relates to a method for securing against N-order side-channel attacks a cryptographic process using in a plurality of encryption rounds an initial Substitution box S0 comprising the steps of: —generating (E12) a first randomized substitution box S1 by masking said initial substitution box S0 such that S1(x XOR m1)=S0(x) XOR m2, with m1, m2 uniformly-distributed random values, for any input value x of the initial substitution box S0, —generating (E13) a first transrandomized Substitution box S(1,1) from the first randomized substitution box S1 and from masks m1,1, m?1,1 such that S(1, 1)[x]=S1[x xor (m1 xor m1,1)] xor (m2 xor m?1,1) for any input value x of the first transrandomized Substitution box S(1,1), —generating (E14) from the first transrandomized Substitution box S(1,1) a N?1th transrandomized Substitution box S(1, N?1) by performing iteratively N?2 times a step of generation of a ith transrandomized Substitution box S(1, i) from a i?1th transrandomized substitution box S(1, i?1)

Abstract: A method for personalizing pre-generated protected profiles, as defined by the GSMA SGP.02 and SGP.22 RSP Technical Specifications, includes adding an application and diversified data at the end of the profiles in order to re-compute only the SCP03t security at the end of the profiles and to transmit the protected profiles to eUICCs cooperating with terminals.

Abstract: The invention more particularly relates to a method and device for controlling a segmented electrophoretic display. Such displays, preferably covered by the invention, comprise a layer (or a film) of microcapsules containing colored particles suspended in a fluid or a gas, the same layer being sandwiched between two electrodes: at least one first electrode having the shape of the segment to be displayed a second transparent electrode made by a conductive layer of indium tin oxide (ITO) for example. Alternative electrodes based on a thin film of carbon nanostructures, silver or copper wires can also be used.

Abstract: The present invention relates to a device having a central processing unit, RAM memory and at least two hardware elementary operations, using registers of greater size than the one of the central processing unit, said device being such that construction of at least one part of RAM memory is managed only by the hardware elementary operations, hardware elementary operations themselves and masking of inputs/outputs/intermediary data are monitored by software instructions, said software instructions being able to address different cryptographic functionalities using said hardware elementary operations according to several ways depending on each concerned functionality, said software instructions being further able to address several levels of security in the execution of the different functionalities.

Abstract: The invention proposes a method for establishing a bidirectional NAS signalization channel between a secure element cooperating with a terminal and a distant platform through a Network Exposure Function, upon request of either the secure element or the distant platform. The method includes an exchange of containers of data between the distant platform and the secure element through the Network Exposure Function.

Abstract: A method comprises: Sending, by a first Chip Interface Device (CID), to a second CID, using a CID type protocol, a request for establishing a secure channel over a wireless protocol. Sending, by the second CID, to a Personal Computer Smart Card (PCSC), a first request for establishing a connection to the chip. Establishing, by the PCSC, a connection to the chip. Establishing, by the PCSC, a connection to the second CID. Establishing, by the second CID, a secure session with the first CID by using a session key. And sending, by the second CID, to the first CID, while using the CID type protocol, a secure CID channel establishment success that allows sending or receiving APDU(s) via the established secure channel over the wireless protocol. The second CID renders apparent to the first CID the chip as being connected.

Abstract: The present invention relates to a method of secure generation by a client device and a server device of an RSA signature of a message to be signed with a private exponent component d of an RSA key (p, q, N, d, e), wherein said client device stores a client device private exponent component dA, a client value, and a client dynamic offset, and said server device stores a server device private exponent component dB, where dB=d?dA modulo phi(N), a server value, a server dynamic offset and a failure counter, comprising: a. receiving from the client device a client part of said RSA signature (HS1) of said message to be signed, after incrementing its client value (pvA) by a first predetermined step E, from the client device private exponent component and from an updated client dynamic offset function of said client dynamic offset and of said client value, b. setting said failure counter to a first default value, c. incrementing said server value (pvB) by a second predetermined step (E?), d.

Abstract: Transferring a MSISDN from a first to a second secure element includes: during an enrolment phase of the first secure element, transferring from the first secure element to a remote server, a first hash of a secret information entered by a user in the terminal and the MSISDN of the subscription of the user; and storing the hash associated to the MSISDN in the server. When the second secure element is for the first time activated in a terminal, after the user having entered the MSISDN to be transferred and the secret information, the second information is hashed to form a second hash for the second secure element. The first hash and the second hash are compared, and if the second hash corresponds to the first hash for this MSISDN, a subscription identifier of the second secure element is assigned to this MSISDN at the level of the operator network.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a firstsignaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: A method for building a predefined secret value allocated to a first pod belonging to a node of a system having a second pod. The system includes a first storage area whose access is restricted to the node and a second storage area whose access is restricted to the second pod. The second pod retrieves a first value stored in a third storage area and a second value stored in the second storage area, and computes a third value by applying a first function to the first and second values. The second pod retrieves a fourth value stored in the first storage area and computes a fifth value by applying a second function to the third and fourth values. The first pod retrieves a sixth value stored in the first pod and computes the predefined secret value by applying a third function to the fifth and sixth values.

Abstract: Secure cryptography operations on a white-box cryptography device. Receiving a first message. Receiving a cryptographic key encrypted using a homomorphic encryption scheme. Performing a cryptographic operation, e.g., decryption or digital signature, using the encrypted cryptographic key. Performing a homorphically encrypted tracer calculation that traces the performance of the cryptography operations on the white-box cryptography device thereby allowing verification that all steps of the cryptography operation has been performed without external manipulation. Performing a key-exchange operation. Decrypting the key-exchange output using an alternate cryptographic key stored on the cryptographic device.

Abstract: A first server exchanges with a second server a master (symmetric) key(s). The first server sends to the first application the master key(s). The second server generates dynamically a first derived key by using a generation parameter(s) and a first master key. The second server sends to the second application the first derived key and the generation parameter(s). The second application generates and sends to the first application a first (key possession) proof and the generation parameter(s). The first application verifies successfully by using the generation parameter(s), the first master key and the first proof, that the first proof has been generated by using the first derived key, generates and sends to the second application a second (key possession) proof. The second application verifies successfully that the second proof has been generated by using the first derived key, as a dynamically generated and proven shared key.

Abstract: The invention is a method for securing a system including a plurality of entities and a repository storing usage patterns. The method comprises the following steps: for each of the entities involved in a transaction requested by a user, capturing a behavior data reflecting the dynamic behavior of said entity, generating a set of locality-sensitive-hashing hashes from each of said behavior data, computing a similarity score for each of the entities involved in the transaction, based on both said usage patterns and the set of generated locality-sensitive-hashing hashes, and based on a subset of the computed similarity scores, applying a preset security action to the transaction.

Abstract: Security article and method for producing a security article. The method includes microprinting on a patch an array of microimages, placing a first translucent layer over the substrate and first patch, and laminating the substrate, the patch, and the first translucent layer using a lamination tool. The resulting security product includes a microlens array is located in the first translucent layer in register with the patch such that microimages have a one-to-one correspondence with lenses of the array of microlenses, wherein when the microimage array is viewed by a viewer through the microlens array, a composite image is visible to a viewer of the security article.

Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: The invention is a method that comprises parsing first and second digital documents and identifying a first component into said first digital document and a second component into said second digital document, determining a first attribute based on a context of the first digital document, determining a second attribute based on a context of the second digital document, allocating the first attribute to the first component and the second attribute to the second component, and storing in a storage unit a first entry comprising a value of the first component and the first attribute and a second entry comprising a value of the second component and the second attribute. The method comprises conducting a correlation search between said first and second components using said first and second attributes, if the correlation has been found, generating a data reflecting the correlation.