Abstract: Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y?) by encrypting said candidate data element (x?) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y?) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x?) belongs to said list of reference data elements (xi). Other embodiments disclosed.

Abstract: The present invention relates to a method for protecting a program in a computer system, the method comprising: when a subroutine of said program is called, pushing a return address on to a stack to start forming a stack frame; when pushing said return address, generating a checksum for said stack frame; each time a predetermined opcode is detected for said subroutine, updating said checksum according to an operand associated with said predetermined opcode; if the predetermined opcode is a pop opcode, in addition to said updating, determining whether the operand associated with said pop opcode is said return address; if it is determined that said operand is said return address, verifying said checksum before executing said predetermined opcode in order to detect an attack.

Abstract: A secure element for a device includes an operative system the secure element including a first security applet configure to communicate with the device operative system, wherein the first security applet is configure to accept any first external application, after performing a key registration, as a local administrator application for some first data provided by the first external application, so that no other external application may access the first data without a permission of the first external application. The disclosure also provides a telecommunications device and a method of management of secure information in such a secure element.

Abstract: A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.

Abstract: Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

Abstract: Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.

Abstract: Provided is a method for securely transferring data element values stored in a first device to a second device, where each stored data element value being encrypted with a storage key (KSi). It includes mutually agreeing on a short term session key (STK), determining, for each stored data element value an ephemeral key as a sub-sequence of a pseudorandom sequence (bsi) derived from the short term session key (STK), encrypting, each stored data element values using said ephemeral key, decrypting, each data element value encrypted with an ephemeral key, using the storage key (KSi), to obtain KSi-decrypted data element values, transferring said KSi-decrypted data element values from the first device to the second device, obtaining, by the second device, the ephemeral keys from the short term session key (STK), and decrypting the transferred data element values using the obtained ephemeral key.

Abstract: The present invention relates to a method for authentication of a user using a user equipment, comprising an authentication engine for authenticating at least one user, said authentication engine being configured to operate with a local authentication model, wherein the method comprises the step for the user equipment of enhancing its local authentication model by at least one authentication factor, wherein said at least one authentication factor is stored in the local authentication model with a validity indication, indicating the time the authentication factor is valid for taking into account by the authentication engine, and authenticating a user by means of a match of the local authentication model with a set of user behavior indications retrieved by the user equipment through the authentication engine.

Abstract: The invention is a method for managing a remote server that assigns to a user agent (30) a session reference (31) and a user authentication request. The user agent (30) delegates the authentication request to an identity wallet (20) that sends a proof (21) of identity to the remote server (10). The user agent and the identity wallet are two separate devices, one of which generates and displays an ephemeral confirmation token (60) and sends to the remote server a control token (65) generated from the ephemeral confirmation token. The other of said devices gets a code (61) entered by the user then communicates with the remote server for contributing to a checking of the code by using the control token. The remote server grants rights associated to the session reference only if the proof of the identity is valid and if said checking is successful.

Abstract: Provided is a method to operate a secure chip card for connecting to a user equipment operating in a cellular network comprising a plurality of network slices, wherein for at least one network slice a slice authentication server is operational, the secure chip card comprising a secured memory with at least one slice authentication application.

Abstract: Provided is a cross-spectral face recognition learning method based on a set of associated face images, a thermal image and a visual image, of a plurality of persons. The thermal image is coded in two different ways. A style encoder provides a style code of the thermal image. An identity encoder provides an identity code of the thermal image. The visual image is coded in a similar way with a style encoder providing a style code and with an identity encoder providing an identity code. The two face images of the same person share in the identity features a common part in the respective identity codes, noted as common identity code, whereas the style codes for the two images comprise features only relevant two the specific style, i.e. either thermal or visual, of the image. Other embodiments disclosed.

Abstract: Provided is a method to secure against side channel attacks performing a cryptographic operation of a cryptographic algorithm. It includes selecting a multiplier integer t and determining a second integer q? by multiplying said first integer q, determining (S2) an invertible random polynomial R[X] in said first polynomial ring Rq, randomizing (S3) the coefficients Ai of said input polynomial A[X] based on said determined second integer q? and said determined random polynomial R[X], performing (S4) the polynomial operation of the cryptographic operation on said randomized input polynomials A?[X], and unmasking (S5) the result polynomial Res?(X) by applying to its coefficients a modulo said first integer q operation. Other embodiments disclosed.

Abstract: Provided is a thermal face and landmark detection method for providing a ground truth reference database, capturing a thermal image comprising at least one face, detecting a face in the thermal image, cropping the thermal image creating a cropped face thermal image, applying a Gaussian filters method to the cropped face thermal image creating an improved cropped face thermal image and applying a landmark detector to the improved cropped face thermal image creating an landmarked cropped face thermal image. Other embodiments disclosed.

Abstract: Provided is a data carrier comprising at least a first metallic layer, at least one electronic module, at least one antenna, and at least a second metallic layer. The second metallic layer is arranged after the first metallic layer with respect to an extension direction (E). The antenna is in connection with the electronic module. The first metallic layer is a continuous metallic layer delimiting a recess, and wherein the electronic module is at least partially arranged within said recess. Other embodiments disclosed.

Abstract: Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.

Abstract: Method for provisioning a secure element with a profile, said secure element cooperating with a M2M terminal and being connected to the network of a first MNO thanks to a first profile, including requesting by a M2M service provider a second profile to the network of a second MNO; provisioning by said second MNO said second profile in the network of said second MNO; sending from said network to a subscription manager an order to download said second profile; terminating said first profile to the network of said first MNO; barring by said first MNO said subscription in the network of said first MNO; performing by said secure element a Fall-Back procedure; attaching said secure element to a provisioning HLR by using said provisioning profile; downloading from said subscription manager to said secure element said second profile; and enabling said second profile to become an operational profile.

Abstract: Provided is a method for generating, by a random number generator of a cryptographic system, an independent bit sequence from a binary candidate random stream, said random generator comprising a source of randomness configured to generate a random noise, an analog to digital converter configured to generate a binary raw random stream by digitizing said random noise, said candidate random stream being obtained from said raw random stream. Other embodiments disclosed.

Abstract: The present disclosure relates to a data processing system comprising a bus interconnect structure, a slave device coupled to the bus interconnect structure, a slave protection unit coupled to the bus interconnect structure, a plurality of master devices coupled to the bus interconnect structure, each master device of said plurality of master devices having a master identifier, wherein a master device is configured to run concurrently different threads, and, when a thread run by said master device requests access to said slave device, for issuing on the bus interconnect structure an access request comprising its master identifier and a thread identifier assigned to said thread.

Abstract: Provided is a method for non-repudiable endorsement of a private attestation. The method includes receiving an attestation from a Private Attribute Provider responsive to a request from a user declaring the attestation, securely binding pivotal attributes in the Attestation selected by the user once authenticated to an Issuing Authority, and securely binding the user to the attestation by way of their connected device. The method produces an endorsed attestation that includes signed server proof. This is provided by the user through their connected device to a service provider for receiving a service otherwise requiring third party trusted proof. Other embodiments are disclosed.

Abstract: Provided is a method and device for protecting a computerized digital security device against side-channel, fault injection, and timing attacks, the method comprising identifying asynchronous tasks to be performed by the computerized digital security device by placing identified asynchronous tasks in an asynchronous task queue; and executing a first application, including non-linearizing execution of the application by selecting at least one task from the asynchronous task queue, executing the selected at least one task, removing the selected at least one task from the asynchronous task queue. Other embodiments disclosed.