Abstract: The invention is a method for managing a tamper-proof device comprising a plurality of software containers and an operating system. The operating system is able to handle a set of communication protocols with external entities. The operating system accesses a pairing data in which each communication protocol of said set has been associated with a single software container and upon receipt of a message from one of the external entities, the operating system uses the pairing data to route the message to the software container associated with the communication protocol used to convey the message.

Abstract: A method for securing an execution of a local application is provided and includes the steps of requesting, from the first user device, to execute, by the local application, at least one operation; generating, by the first user device, by executing the local application, a first challenge; sending, from the local application, to a second user device, the first challenge and a predetermined identifier relating to an associated key pair; and retrieving, by the second user device, based on the key pair identifier, a private key; generating by the second user device, a first response, by using the first challenge and the private key; and sending from the second user device to the local application, the first response. Other embodiments are disclosed.

Abstract: A method for updating a terminal comprising a secure element is provided by way of an Over-the-Air (OTA) platform. The OTA receives at least a location data reflecting the location of the terminal and a request for downloading a list of preferred networks in the terminal. Each of said preferred networks may be associated with its own target roaming quota usage, at least one weighting factor associated to a given list of the set may be updated as a result of an optimization function which aims at generating one weighting factor based on a target roaming quota usage associated to each preferred network of the given list. Other embodiments are disclosed.

Abstract: Provided is a method for securing against fault attacks during verification a digital signature of a message on a client device. It performs (S1) at least one check on intermediate parameters that are generated for one that is different from 0 modulo n. It checks that values computed by several executions of the verification algorithm are the same, and checks that at least one mathematical relationship is verified. It performs a signature comparison final step to test equality between one of the intermediate parameters and a part of the digital signature. It triggers (S2) a fault attack countermeasure when at least one of the performed checks has failed.

Abstract: A method for accessing a private key is provided. The method includes storing, by a first device, the private key and an associated public key, generating an access token, sending to a second device, the access token, sending, to a first server, an address relating to a decentralized identifier and the access token, sending, by the first server, to a ledger, a request for getting a decentralized identifier along with the decentralized identifier address. By way of the method a solution is provided for accessing, by a first server to be accessed from a second device, based on a decentralized identifier readable from a ledger, a second server, as a proxy to a first device. It allows for authenticating a first device to a first server while keeping the private key only at the first device side (and not at the second device side).

Abstract: Provided is a method to operate a subscriber identification module connected to a communication equipment configured to operate in a cellular network and communicatively coupled with a remote server. The method includes receiving from the communication equipment an information element indicating a time range relating to a suspend time of the communication equipment, receiving from the remote server a target access time information element indicating an expected time for an access request from the subscriber identification module to the remote server, and determining a suspension time period considering the suspend time range. The method includes providing to the communication equipment the suspension time period, and in case after resuming from the suspension instructed by the communication equipment the accumulated duration of at least one successive time period derived from the suspension time period exceeds the target access time, sending a polling message.

Abstract: The invention relates to an authentication method. The method comprises: collecting, based on a predetermined authentication policy, at least one context data element; constituting, based on the at least one collected context data element, a data packet; generating, by using a predetermined hash type algorithm and the data packet, as input to the predetermined hash type algorithm, a hash; sending the generated hash; generating, as a hash distance generation step, a hash distance between the generated hash and a predetermined reference hash; and authenticating successfully or not based on the generated hash distance, as an authentication step. The invention also relates to corresponding device and system.

Abstract: A multipage security document has a first verification lens located in a see-through portion and corresponding to a first verification feature and a second verification lens collocated with the first verification lens as an adjacent layer to the first verification lens in the see-through portion and corresponding to a second verification feature. The multipage security document can contain a first sheet and a second sheet connected along one side to the first sheet such that the second sheet may be placed against the first sheet, the second sheet having a see-through portion. Other embodiments are disclosed.

Abstract: A system comprising a secure element cooperating with a telecommunication terminal is provided. The secure element or the terminal comprises files in which MCC/MNC codes of MNOs are stored. The telecommunication terminal is configured to select the files in order to attach the terminal to the telecommunication network of a MNO. The secure element or the terminal also comprise a file, called National like network file, for storing national network codes (MCC/MNC) of networks of the country of the Home PLMN of the secure element. The terminal selects the National like network file in order to try to connect the terminal to one of the networks referenced in the National like network file. Other embodiments are disclosed.

Abstract: Radiofrequency device with adjustable LC circuit comprising an electrical and/or electronic module. The invention relates to a communication device with a radio-frequency chip, said device comprising—an insulating support layer, —an electrical and/or electronic radiofrequency circuit on said insulating layer, said circuit comprising plates of an adjustable capacitor and/or an antenna spiral with adjustable inductance, —at least one element for adjusting a tuning frequency of the radiofrequency circuit. The device is distinguished in that said plates and/or spiral are included in an electrical and/or electronic chip card module, and in that said adjusting element connects an intermediate point of the spiral so as to decrease the available inductance and/or splits or links the plates so as to adjust the capacitance.

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: This invention relates to a method for updating a one-time secret key Kn maintained in a subscription module implemented in a communication apparatus, a wireless communication network maintaining an identical version of said one-time secret key Kn and configured to determine a result XRES expected from the communication apparatus when an authentication function is applied by the subscription module using a random challenge and said one-time secret key Kn as an input, the method comprising the following steps: receiving from the communication network an authentication request message containing at least a random challenge RANDn; determining by the subscription module a result RES by applying the authentication function using the random number RANDn and the one-time secret key Kn as inputs; transmitting said result RES to the communication network for it to be compared with the expected result XRES determined by the communication network using the random number RANDn and the corresponding version of the one-tim

Abstract: A user equipment for wireless communication, configured to operate in a cellular network, includes a credential container. The user equipment sends a set of payload items to a central server communicatively coupled to the cellular network, wherein the user equipment is configured to send an attach request message to the cellular network comprising a preconfigured qualifier for at least one of the user equipment and the credential container. The user equipment is further configured—to retrieve an authentication request message from the cellular network comprising a random value and an authentication code, —to determine a response token comprising a preconfigured identifier stored in at least one of the user equipment and the credential container and at least one out of the set of payload items, and—to submit said response token with an authentication failure message to the cellular network for forwarding to the central server.

Abstract: The present invention relates generally a method to authenticate a data carrier, such as passports, licenses, identification card . . . by hiding at least two optically encoded image within a data carrier so that the data carrier is authenticated through at least two factor authentication process. In the methods of the present invention, at least two reliable, readable optically encoded image are hidden within the data carrier wherein each of the encoded image is visible through a same decoder device but under different specific lighting conditions without the former having influence on the quality of the latter. The authentication methodology of the present invention provides an improved security, being even more difficult to reproduce by infringers, even more difficult to remove, replace or exchange and easy to check.

Abstract: A method for producing a radiofrequency device having a first antenna circuit connected to a radiofrequency chip and a second antenna circuit associated with, or coupled to, the first circuit, the method including the following steps: formation of the first antenna circuit in the form of a conductive wire deposited in a guided manner on a first substrate; and formation of the second antenna circuit in the form of a conductive wire deposited on the same first substrate in a guided manner and at a calibrated distance from the first antenna circuit.

Abstract: A first server receives from a device(s) an identifier, retrieves a reference credential(s) associated with the identifier(s), generates a reference token(s) using the reference credential(s) and a predetermined key(s) and sends to a second server the reference token(s) and a script(s) for requesting the user to provide a credential(s). The second server gets a device identifier(s) and sends to the device a request(s) by executing the script(s). The device gets a submitted credential(s), generates and sends to the second server a submitted token generated by using the submitted credential(s) and the predetermined key(s) stored by the device. The second server compares each of the submitted token(s) to the received reference token(s) and generates and sends to the first server a comparison and/or an authentication result(s). The invention also relates to corresponding device, first and second server and system.

Abstract: A method, an entity, and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

Abstract: The present invention relates to method of securing a software code comprising at least one constant value, said method generating a secure software code and comprising the steps of: —determining (S1) by a processor in the software code a constant value to be protected, —inserting (S2) by the processor in the software code an indexed array of values such that the constant value to be protected can be determined from one value of the array, —replacing (S3) by the processor in the software code the constant value to be protected by a replacement variable, —inserting (S4) by the processor in the software code a first sequence of instructions which, when executed at runtime: •computes the index in the array of the value from which the constant value to be protected can be determined, •extracts from said array the value located at said computed index in said array, •from said extracted value, determines the constant value to be protected, •sets the value of said replacement variable equal to the determined constan

Abstract: The present invention relates to a method of securing a compiled software code (SC) comprising computer code instructions organized in a plurality of basic blocks, said method generating a secure software code (SSC) and comprising the steps of: •determining (S1) by a processor a portion of the software code to be protected, •inserting (S2) by the processor in a selected basic block of the software code a first sequence of instructions which when executed at runtime: computes an integrity check value on said portion of the software code to be protected and computes an index value based on said computed integrity check value, •inserting (S3) by the processor in the selected basic block of the software code an indexed array of memory addresses in which the address, when executing the secure software code, of a following basic block to be executed after the selected basic block is indexed by said index value, •inserting (S4) by the processor at the end of the selected basic block of the software code a jump instr