Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.

Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

Abstract: The invention is a method for managing an application that includes a generic part and an additional part. The generic part is pre-installed on a device. The device gets a fingerprint of itself and after a user authentication sends to a server a request for getting the additional part. The request comprises credentials associated with the user or a reference of the user, the fingerprint and a reference of the application. The server generates a ciphered part of the additional part using a key based on both the credentials and the fingerprint and builds an auto-decrypt program configured to decipher the ciphered part. The device receives the ciphered part and the auto-decrypt program. It gets the fingerprint and the credentials and retrieves the additional part by running the auto-decrypt program with said fingerprint and credentials as input parameters.

Abstract: The invention is a method for managing access to a service wherein the method comprises the following steps: a client application sends to an application server a request to access the service by using credentials and a first anti-clone code, the application server performs a verification of the credentials and said first anti-clone code, the application server sends a second anti-clone code to the client application and deactivates said first anti-clone code only in case of successful verification, said second anti-clone code being required for the next attempt to access the service.

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract: This invention relates to a method for hard partitioning the resources of a secure computer system. The system hardware comprises a hardware mechanism designed to: generate an encryption key with each new program detected by the system, the key being specific to each program, store the said key associated with a program identifier in the system resources, encrypt and store all the data created by the program in the system resources with the key that is specific to it, decrypt the data of the program with the key specific to it in response to a manipulation, call, read and/or write request from a requesting program.

Abstract: A method for executing an application compiled in intermediate code on a portable digital appliance equipped with a virtual executing machine for interpreting the intermediate code. The method includes a step of applying a secure execution mode wherein the interpretation of the intermediate code by the virtual machine includes the following steps: for each item of data the code handled for execution of an arithmetic and/or logical operation defined by the code, generating control data, related to the data of the code via a predetermined function; in parallel with the execution of the operation, executing a control operation related to the operation defined by the code via the predetermined function, and acting on the control data.

Abstract: The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.

Abstract: The present invention describes a method for securing the execution of a computer program in a multitask device. This method is based on the execution, in parallel with the program to be made secure, of a security thread, able to modify the parameters of the scheduler.

Abstract: The invention concerns a method for protecting the data of an application compiled in intermediate for execution executed on a digital apparatus equipped with a virtual machine managing the execution of the code via a execution stack defining at least one stack frame corresponding to a method called during the execution of the code. A secured execution mode of the code involves the determination of at least one global checksum associated with each stack frame and, each time that a datum of the code is manipulated, the calculation of a local checksum associated with that datum. The calculation is on one hand, on the global checksum associated with the stack frame corresponding to the manipulated datum and, on the other hand, on at least one part of the other data constituting the stack frame.

Abstract: A method for executing an application compiled in intermediate code on a portable digital appliance equipped with a virtual executing machine for interpreting the intermediate code. The method includes a step of applying a secure execution mode wherein the interpretation of the intermediate code by the virtual machine includes the following steps: for each item of data the code handled for execution of an arithmetic and/or logical operation defined by the code, generating control data, related to the data of the code via a predetermined function; in parallel with the execution of the operation, executing a control operation related to the operation defined by the code via the predetermined function, and acting on the control data.

Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.

Abstract: The invention concerns a method for differentiating between data and instructions thereby providing against certain attacks in a data processing device such as a smart card, whereby a generator associates a random number with an applicative component of a downloaded application, and a transformer in a virtual machine applies each of the instruction words in the component and the associated random number to a transformation function so as to store the transformed instruction words when downloading the component. A second transformer applies each of the transformed words of part of the component and the associated random number to the reciprocal function of the transformation function so as to retrieve the instruction words constituting the component part, to execute the same.