Abstract: A method for interrogating an electronic identity card by a terminal with a claim covering an identity attribute of the holder of this card. The terminal obtains an identity token of the CNIe then selects in a HD wallet an issuer account associated to the identity attribute covered by the claim. Afterwards, it forms a transaction including as arguments the identity token and the path in the arborescence of the wallet leading to the issuer account, this transaction then being transmitted to a blockchain. Afterwards, it is verified by consensus that the terminal is habilitated to issue a claim covering an identity attribute, and that the issuing address of the transaction corresponds to the identity attribute on which the terminal is habilitated to issue a claim.

Abstract: A method for generating an evidence of the time elapsed between two successive events occurring within a node of an asynchronous network, for example between two transactions emitted by such a node intended to a distributed register (ledger). The node is provided with an embedded system comprising a TPM module generating a control clock, a system clock within a TEE environment and a precision clock. The node verifies the coherence of the clocks by comparing the measurements of the time elapsed between two successive transactions, the measurements having been performed by means of the different clocks. In case of coherence of the measurements, the node emits a transaction proving the elapsed time intended to the distributed register. A verifier node may verify this evidence and certifies that the evidence is verified by emitting a validation transaction to the distributed register.

Abstract: A method of generating a hierarchical deterministic keys portfolio, in particular to sign transactions sent to a blockchain. The generation method includes an initialization phase by an administrator and a phase of setting parameters for at least one user. Private key usage contexts are created from the administrator account, each context specifying conditions for use of the private key in said context. User accounts are also created, each user account being associated with a private key in the tree structure, the private key of said user being obtained from a master private key of the administrator, the usage context to which the user account is attached, and the user's identifier.

Abstract: A method provisions keys in a network of connected objects, including a plurality of such objects as well as a programming station. The nodes of the network could communicate over a main channel and over a secure auxiliary channel, distinct from the main channel. After a first phase of authentication and mutual identification with the nodes of the network, a terminal including a secure hardware element, broadcasts, in a second phase, a set of secret keys to each node, via the auxiliary channel, the set of secret keys including a first secret key intended to authenticate the nodes belonging to the network and a second secret key, intended to encrypt the exchanges over the main channel. In a third phase, the programming station performs a discovery of the nodes of the network.

Abstract: A method for interrogating an electronic identity card by a terminal with a claim covering an identity attribute of the holder of this card. The terminal obtains an identity token of the CNIe then selects in a HD wallet an issuer account associated to the identity attribute covered by the claim. Afterwards, it forms a transaction including as arguments the identity token and the path in the arborescence of the wallet leading to the issuer account, this transaction then being transmitted to a blockchain. Afterwards, it is verified by consensus that the terminal is habilitated to issue a claim covering an identity attribute, and that the issuing address of the transaction corresponds to the identity attribute on which the terminal is habilitated to issue a claim.

Abstract: The present invention relates to a method for selective disclosure of confidential data of a first user to a second user of a blockchain (450). The first user is equipped with a deterministic hierarchical key portfolio (410) and selects a leaf of the tree of the portfolio as an emitter account. A secret key is derived from the chain code of this emitter account and the data to be disclosed are encrypted using this secret key. The first user transmits, by means of a first transaction, the data encrypted in this manner to a smart contract (430) which stores them in the blockchain. It transmits by means of a second transaction an access credit to the smart contract which stores it in connection with the pair formed by the emitter account of the first user and the receiver account of the second user. The second user transmits a third transaction to the smart contract from its receiver account (420).

Abstract: A method/a system for accessing personal data using an access token server, a data server and a blockchain. The access token server generates the access rights of different users in the form of access tokens. The access token server stores an access token by transmitting it via a first transaction, to a first smart contract of the blockchain. A user can request an access authorization by transmitting a second transaction to a second smart contract that can access the token by presenting cryptographic elements to authenticate the user. A granted authorization is recorded by the second contract in the blockchain. A user may access the personal data by transmitting an access request to the data server. This interrogates the second smart contract to verify the authorization and to obtain the access token. The data server next transmits the stored personal data to a URL specified in the token.

Abstract: A method for anonymized storage of personal data and a method for managing access to the data. The anonymization of data is achieved by making independent, thanks to the use of a blockchain, the identifiers of the data sources and the users on the one hand, and the personal data on the other hand. The personal data are stored at addresses indexed by their hashed values in a first database and the identifiers are stored with their corresponding access profiles in a second database. The link between these two independent databases is ensured by cryptographic elements recorded in the ledger of the blockchain.

Abstract: This invention relates to a Diffie-Hellmann type method of exchanging keys between peers, authenticated by means of a blockchain and capable of storing smart contracts in the distributed ledger. The key exchange is then made by means of such a contract in which the peers are declared. Each of the peers calls the contract and the contract saves their wallet addresses. When called by the addressee peer, and after verifying the address of the addressee peer, the contract delivers the public key generated by the sending peer to the addressee peer.

Abstract: The invention relates to a method for exchanging keys between peers, of Diffie-Hellmann type, authenticated by means of a blockchain of transactions. The public keys of the peers are recorded in the ledger distributed by means of transactions transmitted by the peers, the latter being identified by their wallet addresses and authenticated by their respective signatures.

Abstract: A method of generating a hierarchical deterministic keys portfolio, in particular to sign transactions sent to a blockchain. The generation method includes an initialization phase by an administrator and a phase of setting parameters for at least one user. Private key usage contexts are created from the administrator account, each context specifying conditions for use of the private key in said context.

Abstract: This invention relates to a method of selectively authenticating a user of a blockchain with a smart contract deployed on said blockchain. The user has a hierarchical deterministic keys wallet comprising a path between the user's master private key and a private key specific to the smart contract, this path comprising a plurality of branches each carrying an index, the smart contract being univocally identified by one or several indices of branches followed by said path. The user can issue a transaction from an issuing account address, obtained by hashing the public key corresponding to said specific private key in an asymmetric cryptosystem, and can sign this transaction using the specific private key. The smart contract uses the signature to verify that the transaction was really issued from the issuing account address in question.

Abstract: A method/a system for accessing personal data using an access token server, a data server and a blockchain. The access token server generates the access rights of different users in the form of access tokens. The access token server stores an access token by transmitting it via a first transaction, to a first smart contract of the blockchain. A user can request an access authorization by transmitting a second transaction to a second smart contract that can access the token by presenting cryptographic elements to authenticate the user. A granted authorization is recorded by the second contract in the blockchain. A user may access the personal data by transmitting an access request to the data server. This interrogates the second smart contract to verify the authorization and to obtain the access token. The data server next transmits the stored personal data to a URL specified in the token.

Abstract: A method for anonymized storage of personal data and a method for managing access to the data. The anonymization of data is achieved by making independent, thanks to the use of a blockchain, the identifiers of the data sources and the users on the one hand, and the personal data on the other hand. The personal data are stored at addresses indexed by their hashed values in a first database and the identifiers are stored with their corresponding access profiles in a second database.

Abstract: The invention relates to a method for exchanging keys between peers, of Diffie-Hellmann type, authenticated by means of a blockchain of transactions. The public keys of the peers are recorded in the ledger distributed by means of transactions transmitted by the peers, the latter being identified by their wallet addresses and authenticated by their respective signatures.

Abstract: This invention relates to a Diffie-Hellmann type method of exchanging keys between peers, authenticated by means of a blockchain and capable of storing smart contracts in the distributed ledger. The key exchange is then made by means of such a contract in which the peers are declared. Each of the peers calls the contract and the contract saves their wallet addresses. When called by the addressee peer, and after verifying the address of the addressee peer, the contract delivers the public key generated by the sending peer to the addressee peer.

Abstract: A method for setting up a secure end-to-end communication between a user terminal or a context broker server, and an object connected to the IP infrastructure through a gateway. The method uses an access authorization server and a production server. The method can generate a private and public access key pair (KF,QF) within the connected object, particularly using a cryptosystem on an elliptical curve with a small implicit certificate, the access keys being used to set up a secure end-to-end communication.

Abstract: An end-to-end communication method between a mobile sensor and a user, the mobile sensor moving within a WSN network, the WSN network including a plurality of sub-networks connected to the Internet with gateways. When the mobile sensor desires to join a sub-network, it transmits an association request to the gateway of the sub-network which relays it to the server via the Internet. The latter communicates to the mobile sensor and to the gateway a temporary encryption key in an encrypted form. The gateway can then communicate to the mobile sensor the security key of the sub-network, by a message encrypted with the temporary encryption key. The mobile sensor can then securely communicate with the gateway, at the link level, with the security key of the sub-network.

Abstract: A method for setting up a secure end-to-end communication between a user terminal or a context broker server, and an object connected to the IP infrastructure through a gateway. The method uses an access authorisation server and a production server. The method can generate a private and public access key pair (KF,QF) within the connected object, particularly using a cryptosystem on an elliptical curve with a small implicit certificate, the access keys being used to set up a secure end-to-end communication.

Abstract: A method for securely transmitting packets on a wireless link is disclosed. This method advantageously uses a type II HARQ protocol. In a first step, a first version of a packet is transmitted, so that the receiver cannot decode it. The receiver generates a couple of public and private keys, and sends back to the transmitter a negative acknowledgment as well as the public key. The transmitter then transmits a second version of the packet, encrypted using the public key. The receiver tries to decode a combination of the first and the second versions of the packet. In case of success, a positive acknowledgment is transmitted to the transmitter and, in case of failure, the retransmission process is iterated.