Abstract: A first server receives from a device(s) an identifier, retrieves a reference credential(s) associated with the identifier(s), generates a reference token(s) using the reference credential(s) and a predetermined key(s) and sends to a second server the reference token(s) and a script(s) for requesting the user to provide a credential(s). The second server gets a device identifier(s) and sends to the device a request(s) by executing the script(s). The device gets a submitted credential(s), generates and sends to the second server a submitted token generated by using the submitted credential(s) and the predetermined key(s) stored by the device. The second server compares each of the submitted token(s) to the received reference token(s) and generates and sends to the first server a comparison and/or an authentication result(s). The invention also relates to corresponding device, first and second server and system.

Abstract: A method, an entity, and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

Abstract: The invention is a method that comprises parsing first and second digital documents and identifying a first component into said first digital document and a second component into said second digital document, determining a first attribute based on a context of the first digital document, determining a second attribute based on a context of the second digital document, allocating the first attribute to the first component and the second attribute to the second component, and storing in a storage unit a first entry comprising a value of the first component and the first attribute and a second entry comprising a value of the second component and the second attribute. The method comprises conducting a correlation search between said first and second components using said first and second attributes, if the correlation has been found, generating a data reflecting the correlation.

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

Abstract: The invention relates to a method for carrying out a sensitive operation in the course of a communication between a processing unit and a first service server, said first server being accessible via a first domain name and/or first electronic address. The method comprises the step of using at least one second domain name different from the first and/or a second electronic address different from the first to carry out all or part of the sensitive operation. The invention also relates to a system corresponding to the method and comprising the server and/or the processing unit.

Abstract: To authorize a transaction, a first device sends to a first server a transaction-authorization request accompanied with an Id-PAN relating to a user account, and including an identifier of a second device. The first server sends to a second server a user-authorization request accompanied with the Id-PAN and transaction data. The second server sends to the second device a request for user approval including the transaction data and the user account data. The second device requests whether the device user approves a requested transaction. The second device sends to the second server a request for authorizing the transaction and data relating to user approval. The second server verifies whether the requested transaction is approved by the user. The second server sends to a server a verification result including a transaction authorization or refusal.

Abstract: A first server receives from a device(s) an identifier, retrieves a reference credential(s) associated with the identifier(s), generates a reference token(s) using the reference credential(s) and a predetermined key(s) and sends to a second server the reference token(s) and a script(s) for requesting the user to provide a credential(s). The second server gets a device identifier(s) and sends to the device a request(s) by executing the script(s). The device gets a submitted credential(s), generates and sends to the second server a submitted token generated by using the submitted credential(s) and the predetermined key(s) stored by the device. The second server compares each of the submitted token(s) to the received reference token(s) and generates and sends to the first server a comparison and/or an authentication result(s). The invention also relates to corresponding device, first and second server and system.

Abstract: The invention relates to a method for carrying out a sensitive operation in the course of a communication between a processing unit and a first service server, said first server being accessible via a first domain name and/or first electronic address. The method comprises the step of using at least one second domain name different from the first and/or a second electronic address different from the first to carry out all or part of the sensitive operation. The invention also relates to a system corresponding to the method and comprising the server and/or the processing unit.

Abstract: The invention relates to a method, an entity and a system for managing access to data. The data is associated with metadata. At least one predetermined access policy for accessing metadata includes, for each client, at least one identifier relating to the client. An entity receives from at least one client device, a data access request that includes at least one identifier relating to the client. The entity determines, based on the associated access policy, whether the metadata access is authorized. If yes, the entity determines, based on the associated access policy, associated first data allowing to access the metadata. The entity accesses, based on the first data, the associated metadata. The entity accesses, based on the accessed metadata and the associated access policy, at least a part of the associated data, as a late dynamic binding of the metadata with the associated data (or a part of it).

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

Abstract: To authorize a transaction, a first device sends to a first server a transaction-authorization request accompanied with an Id-PAN relating to a user account, and including an identifier of a second device. The first server sends to a second server a user-authorization request accompanied with the Id-PAN and transaction data. The second server sends to the second device a request for user approval including the transaction data and the user account data. The second device requests whether the device user approves a requested transaction. The second device sends to the second server a request for authorizing the transaction and data relating to user approval. The second server verifies whether the requested transaction is approved by the user. The second server sends to a server a verification result including a transaction authorization or refusal.

Abstract: To authorize a data transaction, a terminal reads user account information from a device. The terminal sends, through a payment network, to a first server a request for authorizing a transaction accompanied with the account information. The first server sends to a device a request for a user approval relating to a transaction. The device requests whether the user approves a requested transaction authorization. Only if the user approves the requested transaction authorization, the device sends to the first server a request for authorizing a transaction and an identifier relating to the device. The first server retrieves, based upon the at identifier relating to the device, the account information. The first server sends to a second server a request for authorizing a transaction and the account information. The second server sends, through the first server and the payment network, to the terminal, either a transaction authorization or a transaction refusal.

Abstract: The invention relates to a method 20 for signing data. According to the invention, the method comprises the following steps. A device generates a first cryptogram by using a predetermined payment transaction key, a predetermined algorithm and data relating to data to be signed, as input to the algorithm. The data to be signed being different from payment transaction data. The device sends, without going through any payment transaction channel, to a first server a first message including a request for validating a signature relating to the data to be signed accompanied with the first cryptogram and the data relating to the data to be signed. The first or a second server generates a second cryptogram by using the predetermined payment transaction key, the predetermined algorithm and the data relating to the data to be signed, as input to the algorithm. The first or the second server compares the second cryptogram to the first cryptogram.

Abstract: The present invention relates to a method for certifying a displayed picture, using a user device Near Field Communication compatible, comprising a secure element, a control device Near Field Communication compatible, said method comprising the steps of: opening a Near Field Communication channel between the user device and the controller device, transmitting an information from the secure element to the control device via said Near Field Communication channel, and displaying an element determined from said information, on the control device.

Abstract: The invention is a method of managing an application embedded in a telecom device. The telecom device comprises a SIM card and a Push Registry as defined by the Mobile Information Device Profile® specifications. The application is intended to be registered in the Push Registry by defining a specific inbound connection associated to the application. The SIM card requires a local connection on the specific inbound connection for activating the application and for establishing a local communication channel between the SIM card and the application.

Abstract: In general, the invention relates to a system that includes a smart phone and a smart card. The smart phone includes a web browser and a display for displaying a web page, where the web page includes at least one selectable entry. The smart card includes at least one proactive logic entity, where the at least one proactive logic entity is configured to respond to selection of the at least one selectable on the web page.

Abstract: The invention relates to a portable device (in particular a SIM card), a communication device (in particular a cellular phone) and a system comprising a portable device and a communication device. The portable device of the invention comprises processing means, external communication means, message storage means, and a web server. It has no messaging user interface. The portable device further comprises a messaging client comprising web communication means for communicating with the web server, and comprising message management means for managing messages including at least one message stored in the portable device. The communication device of the invention may comprise a message proxy.

Abstract: The invention is a method of managing an application embedded in a telecom device. The telecom device comprises a SIM card and a Push Registry as defined by the Mobile Information Device Profile® specifications. The application is intended to be registered in the Push Registry by defining a specific inbound connection associated to the application. The SIM card requires a local connection on the specific inbound connection for activating the application and for establishing a local communication channel between the SIM card and the application.

Abstract: The invention relates to a portable device (in particular a SIM card), a communication device (in particular a cellular phone) and a system comprising a portable device and a communication device. The portable device of the invention comprises processing means, external communication means, message storage means, and a web server. It has no messaging user interface. The portable device further comprises a messaging client comprising web communication means for communicating with the web server, and comprising message management means for managing messages including at least one message stored in the portable device. The communication device of the invention may comprise a message proxy.

Abstract: In general, the invention relates to a system that includes a smart phone and a smart card. The smart phone includes a web browser and a display for displaying a web page, where the web page includes at least one selectable entry. The smart card includes at least one proactive logic entity, where the at least one proactive logic entity is configured to respond to selection of the at least one selectable on the web page.