Abstract: The invention relates to a method for setting up a secure session between a first entity and a second entity. In an embodiment, the first entity is a user authentication device and the second entity is an application running on a platform. The method comprises generating a first random number. A user enters a first string, derived from said first number, into the second entity. Further, the method includes applying a one-way function to the first string or to a derivative thereof, obtaining an encoded string. The method also comprises transmitting the encoded string to an intermediate node that is in connection to the first entity and the second entity. Further, the method comprises the step of sharing a second random number with the second entity. The method also comprises a step of deriving a secret key from the first and the second string.

Abstract: The invention relates to a method for tightly coupling context to a secure pin and securely storing an asset in hardware. The method comprises a step of sending the context to a secure element, a step of ensuring that the context is shown to a user, and a step of acquiring user consent by performing an authentication check. Further, the method comprises a step of combining an authentication result with the secured context, and a step of performing an operation on the context with the asset if the authentication was successful.

Abstract: The invention relates to a method for transmitting a message from an online object to an offline object. The method comprises the step of generating and transmitting, from an online object, a message to a web-based message exchange server. The message includes identification data. Upon receipt, the message exchange server forwards the message to a mobile device. Further, a data connection is established between the mobile device and a target offline object for delivery of the message at the offline object.

Abstract: The invention relates to a method for setting up a secure session between a first entity and a second entity. In an embodiment, the first entity is a user authentication device and the second entity is an application running on a platform. The method comprises generating a first random number. A user enters a first string, derived from said first number, into the second entity. Further, the method includes applying a one-way function to the first string or to a derivative thereof, obtaining an encoded string. The method also comprises transmitting the encoded string to an intermediate node that is in connection to the first entity and the second entity. Further, the method comprises the step of sharing a second random number with the second entity. The method also comprises a step of deriving a secret key from the first and the second string.

Abstract: The invention relates to a method for authorizing a person. The method comprises the step of receiving authentication data from a personal authentication device transmitting said data to a reader associated with a central authorization system. Further, the method comprises the steps of including the received authentication data in a request message and transmitting the request message to the central authorization system, receiving the request message at the central authorization system and retrieving the authentication data from the request message. The method also comprises the steps of performing an authentication process at a central authentication system using said reader authentication data and executing an authorization process at the central authorization system based on the authentication process result.

Abstract: The invention relates to a method for authorizing a person. The method comprises the step of receiving authentication data from a personal authentication device transmitting said data to a reader associated with a central authorization system. Further, the method comprises the steps of including the received authentication data in a request message and transmitting the request message to the central authorization system, receiving the request message at the central authorization system and retrieving the authentication data from the request message. The method also comprises the steps of performing an authentication process at a central authentication system using said reader authentication data and executing an authorization process at the central authorization system based on the authentication process result.