Abstract: A data carrier extends along an extension direction (E) and comprises at least one carrier body and at least one processing layer. The processing layer, at least in an unprocessed state of the processing layer, comprises one or more reactive elements and one or more unreactive elements. The reactive elements are configured to interact with impinging electromagnetic radiation (R) upon a processing of the processing layer. The processing layer, in a processed state of the processing layer, comprises one or more reacted elements being generated from the reactive elements. The processing layer in the processed state furthermore comprises one or more further reacted elements being generated from one or more of the unreactive elements upon the interaction of the reactive elements with the impinging electromagnetic radiation (R) and furthermore comprises one or more unreactive elements remaining non-interacting.

Abstract: The disclosure concerns a method for updating a secure element cooperating with a telecommunication terminal in a telecommunication network, the updating being performed by an OTA server, the method including sending from the OTA server to the secure element a trigger of polling message through a LwM2M channel, in order to ask to the secure element to establish a https channel with the OTA server, the OTA server updating the secure element through the https channel after establishment of the https channel.

Abstract: Provided is a method for detecting a forgery of an identity document including a visual security element. A neural network is trained with a training data set such that an input to the dedicated neural network is a filtered image for a given identity document and an output of the dedicated neural network is an indicator of the forgery or not of said given identity document, wherein said output is based on geometrical objects in said input filtered image created by a replacement or a displacement of a security element in said given identity document and revealed by said digital image filtering, thereby producing a set of parameters for the dedicated neural network with which the processor of the security device has been programmed. Other embodiments disclosed.

Abstract: Provided is a card comprising an antenna connected to a chip, the card comprising: A central PVC core made of recycled PVC supporting the antenna; Two recycled PVC layers, a front side PVC layer and a back side PVC layer, each PVC layer being laminated on a side of the central PVC core, the front side PVC layer being laminated on the side of the PVC core supporting the antenna; Two transparent PET layers, a front side PET layer and a back side PET layer, the PET layers being glued on each of the recycled PVC layers, the front side PET layer being metalized by an aluminum foil; and Two PVC transparent overlays glued on each external face of the card.

Abstract: Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y?) by encrypting said candidate data element (x?) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y?) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x?) belongs to said list of reference data elements (xi). Other embodiments disclosed.

Abstract: The present invention relates to a method for protecting a program in a computer system, the method comprising: when a subroutine of said program is called, pushing a return address on to a stack to start forming a stack frame; when pushing said return address, generating a checksum for said stack frame; each time a predetermined opcode is detected for said subroutine, updating said checksum according to an operand associated with said predetermined opcode; if the predetermined opcode is a pop opcode, in addition to said updating, determining whether the operand associated with said pop opcode is said return address; if it is determined that said operand is said return address, verifying said checksum before executing said predetermined opcode in order to detect an attack.

Abstract: A secure element for a device includes an operative system the secure element including a first security applet configure to communicate with the device operative system, wherein the first security applet is configure to accept any first external application, after performing a key registration, as a local administrator application for some first data provided by the first external application, so that no other external application may access the first data without a permission of the first external application. The disclosure also provides a telecommunications device and a method of management of secure information in such a secure element.

Abstract: A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.

Abstract: Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

Abstract: Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.

Abstract: Provided is a method for securely transferring data element values stored in a first device to a second device, where each stored data element value being encrypted with a storage key (KSi). It includes mutually agreeing on a short term session key (STK), determining, for each stored data element value an ephemeral key as a sub-sequence of a pseudorandom sequence (bsi) derived from the short term session key (STK), encrypting, each stored data element values using said ephemeral key, decrypting, each data element value encrypted with an ephemeral key, using the storage key (KSi), to obtain KSi-decrypted data element values, transferring said KSi-decrypted data element values from the first device to the second device, obtaining, by the second device, the ephemeral keys from the short term session key (STK), and decrypting the transferred data element values using the obtained ephemeral key.

Abstract: The present invention relates to a method for authentication of a user using a user equipment, comprising an authentication engine for authenticating at least one user, said authentication engine being configured to operate with a local authentication model, wherein the method comprises the step for the user equipment of enhancing its local authentication model by at least one authentication factor, wherein said at least one authentication factor is stored in the local authentication model with a validity indication, indicating the time the authentication factor is valid for taking into account by the authentication engine, and authenticating a user by means of a match of the local authentication model with a set of user behavior indications retrieved by the user equipment through the authentication engine.

Abstract: The invention is a method for managing a remote server that assigns to a user agent (30) a session reference (31) and a user authentication request. The user agent (30) delegates the authentication request to an identity wallet (20) that sends a proof (21) of identity to the remote server (10). The user agent and the identity wallet are two separate devices, one of which generates and displays an ephemeral confirmation token (60) and sends to the remote server a control token (65) generated from the ephemeral confirmation token. The other of said devices gets a code (61) entered by the user then communicates with the remote server for contributing to a checking of the code by using the control token. The remote server grants rights associated to the session reference only if the proof of the identity is valid and if said checking is successful.

Abstract: Provided is a method to operate a secure chip card for connecting to a user equipment operating in a cellular network comprising a plurality of network slices, wherein for at least one network slice a slice authentication server is operational, the secure chip card comprising a secured memory with at least one slice authentication application.

Abstract: Provided is a cross-spectral face recognition learning method based on a set of associated face images, a thermal image and a visual image, of a plurality of persons. The thermal image is coded in two different ways. A style encoder provides a style code of the thermal image. An identity encoder provides an identity code of the thermal image. The visual image is coded in a similar way with a style encoder providing a style code and with an identity encoder providing an identity code. The two face images of the same person share in the identity features a common part in the respective identity codes, noted as common identity code, whereas the style codes for the two images comprise features only relevant two the specific style, i.e. either thermal or visual, of the image. Other embodiments disclosed.

Abstract: Provided is a data carrier comprising at least a first metallic layer, at least one electronic module, at least one antenna, and at least a second metallic layer. The second metallic layer is arranged after the first metallic layer with respect to an extension direction (E). The antenna is in connection with the electronic module. The first metallic layer is a continuous metallic layer delimiting a recess, and wherein the electronic module is at least partially arranged within said recess. Other embodiments disclosed.

Abstract: Provided is a thermal face and landmark detection method for providing a ground truth reference database, capturing a thermal image comprising at least one face, detecting a face in the thermal image, cropping the thermal image creating a cropped face thermal image, applying a Gaussian filters method to the cropped face thermal image creating an improved cropped face thermal image and applying a landmark detector to the improved cropped face thermal image creating an landmarked cropped face thermal image. Other embodiments disclosed.

Abstract: Provided is a method to secure against side channel attacks performing a cryptographic operation of a cryptographic algorithm. It includes selecting a multiplier integer t and determining a second integer q? by multiplying said first integer q, determining (S2) an invertible random polynomial R[X] in said first polynomial ring Rq, randomizing (S3) the coefficients Ai of said input polynomial A[X] based on said determined second integer q? and said determined random polynomial R[X], performing (S4) the polynomial operation of the cryptographic operation on said randomized input polynomials A?[X], and unmasking (S5) the result polynomial Res?(X) by applying to its coefficients a modulo said first integer q operation. Other embodiments disclosed.

Abstract: Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.

Abstract: Provided is a method for generating, by a random number generator of a cryptographic system, an independent bit sequence from a binary candidate random stream, said random generator comprising a source of randomness configured to generate a random noise, an analog to digital converter configured to generate a binary raw random stream by digitizing said random noise, said candidate random stream being obtained from said raw random stream. Other embodiments disclosed.