Abstract: A mobile station includes a radio section which communicates with a base station, and a short-range radio section for performing short range radio communication independently of the radio section. A backlight mounted on a display portion of the mobile station can be selectively turned on and off. The operation of the short-range radio section is disabled when the backlight is deactivated, and the operation of the short-range radio section is enabled when the backlight is activated.

Abstract: The invention relates to a system and method for making data secure. The inventive system is characterized in that it comprises:—a monotonic counter;—a computational entity;—a physical data medium comprising one or a plurality of data blocks, a first master block comprising the last value recovered from the monotonic counter, an identifier of the last data block written on said medium, a first authentication code guaranteeing the authenticity of the written data block or blocks, a second authentication code calculated from the last written data block, said data being fixed at a neutral value, and a third authentication code guaranteeing the authenticity of the first master block, and a second master block forming a replica of the first master block; and—an authentication key. The invention is used, in particular, to make data secure against playback and sudden interruptions in service in embedded systems.

Abstract: The invention relates to a method for securing a user interface that comprises a user interface including one or more peripheral hardware devices of the user interface for interaction with said interface, said peripheral hardware devices being driven by driver software, and one or more applications using the user interface. The invention also relates to a method for securing such an interface. The system of the invention is characterised in that the same further comprises a hypervisor and one or more virtual machines, the drivers of the peripheral hardware devices of the user interface being divided into two portions, i.e. a main portion of said drivers under the control of the hypervisor and a front-end portion of said drivers under the control of the virtual machines, wherein the front-end portion of the securing software component is in charge of managing the front-end portion of the drivers and the main portion of the securing software component is in charge of managing the main portion of the drivers.

Abstract: (EN)An electronic system (1) comprises a trusted processor (2), a trusted cache memory (3) and a mass storage memory (4). The data are stored in the mass storage memory (4), where the memories are divided into blocks, each block is identified by an address and the data are addressed via a verification tree. The verification tree is a tree structure comprising nodes where descendent nodes are attached to a root node and each node stores the address of the block containing each of its child nodes and a digest value of each block. A method for the verification of the data of such an electronic system comprises access to searched data at the same time reporting the corruption of data if a calculated digest is different from the current digest value.

Abstract: A method of securing a telecommunication terminal that is connected to a module used to identify a user of the terminal is described. The method includes a step including executing a procedure in which the terminal is matched to the identification module, consisting in: securely loading a first software program including a data matching key onto the identification module; securely loading a second software program which can operate in conjunction with the first software program onto the telecommunication terminal; transmitting a data matching key that corresponds to that of the first software program to the second software program; storing the transmitted data matching key in the secured storage zone of the telecommunication terminal; and conditionally submitting every response from the first software program to a request from the second software program upon verification at the true value of the valid possession of the data matching key by the second program.

Abstract: A method for loading, installing and running software, called loading units, having different levels of confidence by a data processing unit (1). The method includes at least associating at least one structure of information data concerning security requirements and characteristics of this loading unit with each loading unit (2, 3, 7); associating a dynamic data structure (10) representative of the state of security in the data processing unit (1) to the data processing unit (1); validating the security requirements and characteristics of each loading unit (2, 3, 7) with regard to the state in the data processing unit (1) contained in the dynamic data structure (10via an autonomous security module (9), and; if the validation is positive, authorizing, via the security module (9), the loading, installation or running of the loading unit (2, 3, 7).

Abstract: The inventive method for controlling access to data which is used by reference in a program execution system (including processes and aims) during the program execution consists in memorising by the system the totality of references obtainable by said program with the aid of means considered legal, before any operation which can be prohibited if it relates to values which are not legal references, in verifying by the system whether said values are amongst the legal references memorized for the program and in accepting or rejecting the operation, respectively.

Abstract: A secure system (1) for processing data includes a first device (2), and at least one second device (3) is characterized in that—each second device (3) comprises monitoring elements (7) suitable for transmitting operating information to the first device (2), and—the first device (2) includes elements (8) for storing a behavioral model of each second device (3) and elements (9) for comparing the operating information received from each second device (3) with the behavioral model so as to determine whether the operation of the second device (3) is compliant with the behavioral model stored, and validation elements (10) suitable for preventing the running of a sensitive operation on this second device or for instructing a change of state of the second device if the second device does not manifest compliant operation. A method and a computer program are also described.

Abstract: According to the inventive method, the chip card, a counting function (FC), a counter (Cpt) and a private key (Cf) stored in the write-only part of the memory region are stored in a persistent memory, the counter and the private key (Cf) being accessible only by the counting function (FC). When the chip card receives a counter request emitted by an requesting entity (ER), the counting function (FC) performs a modification of the counter (Cpt) and a calculation of a signature, and sends a response to the applicant entity (ER). When the on-board system receives the response to the counter request, the signature contained in the response is checked.

Abstract: The inventive method for controlling a program execution integrity by verifying execution trace prints consists in updating the representative print of an execution path and/or data applied for a program execution, comparing the actual print value (dynamically calculated to an expected value (statistically fixed, equal to a value of the print if the program execution is not disturbed) at a determined program spots and in carrying out a particular processing by the program when the actual print differs from the expected value.

Abstract: The invention relates to a user interface-equipped computing device comprising means for implementing a series of applications, said means including two execution spaces. According to the invention, the applications of the second execution space (100, P1, 200, P2) have a level of security specifically higher than that of the applications of the first execution space (100, P1, 200, P2), said two execution spaces being hosted by a physical processing means which is designed such that it cannot be separated into two parts without destroying the physical processing means.

Abstract: The inventive method for determining operational characteristics of a program includes a verification procedure involving the following stages: the first stage for expressing the operational characteristics of the program in the form of functions related to events producible during possible executions of the program, a second stage for simultaneously estimating, by program analysis, the program structure, the possible ways of execution and values used at different program points and the third stage for determining said characteristics by calculating associated functions by means of information extracted with the aid of the analysis.

Abstract: A method and system for transforming and verifying downloaded programs fragments with data type restriction in an embedded system in which a program fragment being temporarily stored a verification process of the stored program fragment object code is executed instruction by instruction so as to discriminate for each instruction the existence of a target, a branching instruction target, a target of an exception handler call or a target of a subroutine call. On the occurrence of a target of a branching instruction as the current instruction, the empty status of the stack is verified and the program fragment is rejected otherwise. A verification process and updating of the effect of the current instruction on the data types of the type stack and the table of register types is performed. The verification process is successfully executed instruction by instruction until the table of register types is stable, with no modification being present, and interrupted with the program fragment being rejected otherwise.

Abstract: The invention relates to a method for loading, installing and running software, called loading units, having different levels of confidence by a data processing unit (1). The invention consists of at least associating at least one structure of information data concerning security requirements and characteristics of this loading unit with each loading unit (2, 3, 7); associating a dynamic data structure (10) representative of the state of security in the data processing unit (1) to the data processing unit (1); validate the security requirements and characteristics of each loading unit (2, 3, 7) with regard to the state in the data processing unit (1) contained in said dynamic data structure (10) via an autonomous security module (9), and; if the validation is positive, authorize, via the security module (9), the loading, installation or running of the loading unit (2, 3, 7).

Abstract: A method for compressing an interpreted object code in a system using an interpreter, by identifying, in the interpreted object-coded program, similar non-contiguous groups of instructions, of arbitrarily complex structure, by replacing all or part of said groups in the interpreted object code of the program with newly-created specialized instructions and by instrumenting the interpreter and/or the interpreted object code of the program so as to render it capable of implementing the newly-created instructions.

Abstract: The invention concerns a method for compressing program code for execution in a system with few physical resources. This method comprises a semantic analysis of the code as to identify the objects accessed at each program point and to replace in this program groups of instructions used to access the objects by more compact specialised instructions.

Abstract: The invention relates to a method for enabling a new version of an application to be loaded onto a computer processing device. According to said method, information on the correspondence (I1, I3, I4, I6) between the classes (A to D) of the old version of the application and the classes (A to F) of the new version of the application, and information about correspondence between the static fields of the old version of the application and static fields of the new version of the application, is calculated prior to the loading. Said correspondence information is then associated in order to modify the objects in such a way that they point towards classes of the new version and use the new identifiers of the static fields of the new version of the application.

Abstract: The invention relates to a method of securing computer systems involving the logical containment of data. More specifically, the invention relates to a method of securing computer systems, which offers the possibility of executing codes that manipulate data which must be processed separately. The inventive method essentially involves the use of the following: (i) a memory manager for managing memory allocation units which can be typically a fixed-size page or a variable-size block, and (ii) memory allocation owners and requesters which can be typically user applications of the operating system of the computer system or the actual operating system. The system involves the separation of the aforementioned data by the owner and the encryption of same with a dedicated key.

Abstract: The invention relates to a method of securing computer systems comprising at least one code interpretation module and memory capacity for storing the code to be interpreted. For said purpose, the invention consists in making more difficult attacks involving physical measures and/or requiring a synchronisation with the interpreted code, by introducing variants into the interpreted code runtimes and the measurable physical prints.

Abstract: An existing active base logic flow between a master transceiver and a slave transceiver, is selected as reference logic flow wherein is generated a set of concurrent logic flows. The concurrent logic flows are built with successive elementary packets segmenting pairs of command/response. An exchange of pairs of command/response is initialised and continued by the master transceiver on the basis of specific commands. The slave transceiver triggers a segmentation by transmitting specific responses on the reference logic flow.