Abstract: This invention related to a method for provisioning a first communication device with a set of at least one credential required for accessing to a wireless network by using a second communication device provisioned with a cryptographic key K also known by the wireless network, the first communication device being associated with a certificate comprising a public key PK, said certificate being stored with an associated private key PrK in said first communication device, the method comprising the following steps: receiving by the second communication device a registration request from the first communication device in order to be provisioned with the set of at least one credential; transmitting to the wireless network by the second communication device the registration request to generate a set of at least one credential associated to the first communication device comprising at least a cryptographic key K?, the wireless network being adapted to generate a first random number R1 and a second random number R2; r

Abstract: A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.

Abstract: A method for operating an attribute assertion device having a processor and memory to create an unlinkable digital signature-equivalent of an assertion message that is verifiable—by a service provider receiving the unlinkable digital signature-equivalent—as being generated from a digital signature of a known attribute provider having a public key PKAP. Operating the processor of the attribute assertion device to transform a digital signature of the attribute message into an unlinkable digital signature-equivalent using a one-way transformation of the signature, with the transformation process using a random value generated by the attribute assertion device and a challenge provided by the service provider.

Abstract: The present invention relates to a method to securely load set of sensitive data hardware registers with sensitive data on a chip supporting hardware cryptography operations, said method comprising the following steps monitored by software instructions, at each run of a software: select a set of available hardware registers listed in a predefined list listing, in the chip architecture, the unused hardware registers and other relevant hardware registers not handling sensitive data and not disrupting chip functionality when loaded, establish an indexible register list of the address of the sensitive data hardware registers and of the hardware registers in the set of available hardware registers, in a loop, write each hardware register in this register list with random data, a random number of times, in random order except the last writing in each of the sensitive data hardware registers where a part of the sensitive data is written.

Abstract: This invention concerns a method and system for improving the security of transaction in an emulated Integrated Circuit. During compilation time of a payment application, at least one detection agent are inserted into the code of the payment application. This detection agent is configured to detect an unauthorized use of the payment application. During a runtime of the payment application, if the detection agent result indicates “no threat detected” the payment application retrieves from a predefined map of “no threat detected”, the right value associated to the detection agent, otherwise a random false value is generated. The payment application alters at least one data manipulated during the transaction with the value retrieved or generated. A reverse mechanism of the payment application retrieve the right value and apply a restoration process to the altered data with the retrieved right value. The payment application computes a cryptogram from the restored manipulated data.

Abstract: Method for producing an electrophoretic display device comprising a low-voltage microcontroller. The invention relates to a method for producing a segmented electrophoretic display device comprising a bistable display operating at predetermined opposing voltages and an electronic circuit with microcontroller for controlling the display according to a control program. The method includes the following steps: supplying the controller, which is different from a specific display controller for a bistable display and configured to deliver voltages, lower in absolute value to the predetermined voltages, and compensating the voltages with at least one compensation voltage to at least reach the predetermined opposing voltages. The invention also relates to the corresponding device.

Abstract: The invention relates to a method for authorizing a communication with a portable electronic device, such as access to at least one memory area. The portable electronic device has a display for presenting an item of information visible to the outside and an interface for communication with the outside of the portable electronic device. The item of information is at least in part taken into account by the portable electronic device to authorize the communication. The method includes optically reading of the item of information outside the portable electronic device. The method also includes a step of varying the item of information, the step of varying causing the item of information, termed the variable item of information, to vary at least in part. The invention also relates to the portable electronic device, and the system comprising the portable electronic device and an electronic communication or reading device.

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: A method for transmitting a subscription profile from an MNO to a secure element pre-provisioned with a temporary profile comprising a unique identifier, MCC and MNC, includes: —Transmitting from the MNO the unique identifier to a SM-DP; —Creating the subscription profile at the SM-DP; —Provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI comprising a second MCC, a second MNC; —Provisioning in the MNO the temporary IMSI and an ephemeral key; —At the first attempt of the secure element to connect to the D-HSS server, exchanging data in signaling messages for provisioning the secure element with the temporary IMSI; —At the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.

Abstract: The invention concerns a method for manufacturing an identification document comprising a body with a first visual marking and a second visual marking, the first and the second visual markings depicting same identification data. The method comprises the following steps of: engraving a first area of the identification document with a first laser beam for obtaining the first visual marking; providing at least one see-through portion in a second area of the identification document; providing an optically variable printing ink patch, laminated to at least one first transparent layer located in the see-through portion; and engraving the surface of the laminated optically variable printing ink patch with a second laser beam for obtaining the second visual marking, said second laser beam having a lower power than the first laser beam. The invention concerns also the identification document obtained by this method.

Abstract: The invention concerns a method of managing the connectivity to a mobile telecommunications network of a SIM cooperating with an IoT Device. The method includes modifying a parameter of the SIM to temporarily prohibit it from connecting to the mobile telecommunications network during a certain period of time.

Abstract: The invention concerns a method for establishing a bidirectional communication channel between a server and a secure element cooperating with a terminal in a cellular telecommunication network for exchanging data and commands, the method comprising: a—Sending a first attachment request signaling message from the terminal to the server, the first message comprising a MCC and a MNC of the server, and at least a part of a unique identifier of the secure element, the server being provisioned with the unique identifier; b—Sending from the server to the secure element, in at least a first signaling message: At least a command; A correlation identifier if further messages have to be sent from the secure element to the server; A first payload comprising data; c—Executing at the secure element the command.

Abstract: The present invention relates to a method to intrinsically protect a computer program having a driving value dedicated to handle sensitive data, said driving value comprising a plurality of N computation units to perform computations using sensitive data and susceptible to let sensitive data leak, each unit having V possible values, said method comprising a step of unrolling k parts of P units, with P>1 and P<N and N?P*k, by rewriting them in an equivalent sequence of computations protecting the sensitive data, said unrolling step resulting in a plurality of V{circumflex over (?)}P possible parts of P units, said method further comprising the step of introducing, in the finally executed computer program, instructions to dynamically execute the driving value by selecting, at end of each executed part, the next part to be executed among the possible parts.

Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.

Abstract: The present invention relates to a method to create a trusted NDEF record in an NFC device, comprising the steps of: providing an NDEF application in said NFC device, having a first NDEF record contained in an NFC device, wherein said NDEF application is configured to generate a second NDEF record different from a previous first one, based on data collected, as a result of a detection or upon a receipt of a request of an NFC reader or after collection of new data. The invention also relates to the use of above method to make secure mobile application activations or for realizing a strong customer authentication.

Abstract: The present invention relates to a method for amending the firmware of a device with limited resources, the device comprises a memory unit, and a firmware amending software, and the firmware comprises: at least two functional components, wherein the first functional component comprises at least one public function, configured to be called by at least one second functional component different from the first functional component, a functional component table, wherein at least one of the functional components is registered, a call dispatch unit, where each call addressing one of the public functions is dispatched, wherein the firmware amendment comprises the steps for the firmware amending software of: storing a new functional component at a memory location of the memory unit, updating the functional component table with the memory location of said new functional component, and handing over control to the firmware.

Abstract: The invention is a method for updating a first secret data in a credential container including a subscriber identity module. The credential container comprises a set of secret parameters customized for a network operator and is configured to execute a symmetric mutual authentication algorithm using said set. The credential container receives from a remote server a second secret data enciphered using a second algorithm different from said symmetric mutual authentication algorithm and a subset of said secret parameters, the credential container deciphers the enciphered second secret data by using both the subset and a third algorithm and replaces the first secret data with the second secret data.

Abstract: A method for personalizing a UICC includes: i—sending from the UICC to a D-HSS an attach request message comprising an IMSI with a given MCC/MNC; ii—sending from the D-HSS to the UICC a command and first cryptographic data; iii—computing at the UICC a secret key by using the first cryptographic data; iv—sending from the UICC to the D-HSS a command and second cryptographic data; v—repeating steps ii to iv until the UICC holds the entire first cryptographic data and the D-HSS holds the entire second cryptographic data—; vi—computing at the D-HSS the secret key by using the second entire cryptographic data; vii—allocating by the D-HSS a free IMSI belonging to an operator and transferring from the D-HSS to the UICC the free IMSI and other personalization data; viii—personalizing the UICC with the free IMSI, personalization data and the secret key.

Abstract: Method for activating a feature of a chip having an interface comprising at least two power pins. The method comprises the following steps: the chip measures a series of voltage values between said power pins, the chip detects a series of sync signals different from clock signals, said sync signals being interleaved with said voltage values, the chip identifies a data sequence from said series of voltage values, and the chip activates the feature only if the data sequence matches a predefined pattern.

Abstract: The present invention relates generally to a data carrier and a method for making the data carrier. More particularly, this invention relates to color laser marking of article, especially security documents. The present invention proposes a security document comprising a multilayers assembly instead of a single color component mixture in a layer. The multilayer assembly comprises at least two laser sensitive layer. Each layer comprises at least one coloring agent component. The order arrangement of the multilayers of bleachable coloring agent component is made so that each layer behaves as a wavelength filter configured to selectively transmit longer wavelengths and block or attenuate shorter wavelengths while protecting the underneath coloring agent component from bleaching interference.