Abstract: The invention relates to an electronic access pass allowing a person associated with the pass to access at least one restricted-access area of a building, and to a method implemented by such a pass for accessing a restricted-access area of a building. According to some embodiments, when a pass reader authorizes access to said area after reading the pass, information selected on the basis of the restricted-access area is temporarily displayed on the pass. This makes it possible to identify the carrier within the area based on the information displayed on the pass, while at the same time limiting the possibility of information being recovered through a simple glance outside the area. Overall security is thereby improved as a result, both within the area and outside it, due to the temporary nature of the display.

Abstract: A card (35) generates a dynamic security code for a card transaction, e.g. a card not present (CNP) transaction. The card (35) receives a request (83) to generate a dynamic security code from an electronic device (10) external to the card via an external card interface (330). The card (35) receives a message (87) comprising a time via the external card interface (330). The card (35) computes (89) the dynamic security code based on the time and a key (dCVV-key) stored at the card. The card (35) sends the dynamic security code (90) to the electronic device (10) via the external card interface (330) for display on a display (14) of the electronic device (10). The card (35) may determine (88) an authenticity of the message comprising the time.

Abstract: A method for cryptographic signature of a datum comprises determining: a signature point equal to the addition of elements equal to a derived first point and of number equal to a first scalar; a second scalar by subtracting, from the product of the first scalar and of a selected scalar, the product of a third and of a fourth scalar; another signature point equal to the addition of elements equal to a selected point and of number equal to the second scalar, and of elements equal to a derived second point and of number equal to the fourth scalar; and a signature portion based on a private key, on the first scalar, on a coordinate of the signature point and on the datum. The derived first and second point are respectively equal to the addition of elements equal to a generator point and of number equal to a fifth and to the third scalar.

Abstract: A post-quantum strong authentication scheme uses a reference PIN code stored in the memory of a personal object 1. A server generates a secret ss and a corresponding cipher ct using a key encapsulation mechanism, KEM, and a public key pk of the user, and then generates a cryptographic key ss' with a one-way function, OWF, applied to the secret. An access terminal 2 receives ss' and ct, and then obtains a PIN entered by the user, encrypts the PIN with ss?, and finally transmits the encrypted PIN cPIN and ct to the personal object 1. The personal object obtains ss through KEM decapsulation of ct and, with its private key sk, generates ss' with OWF, and uses it to decrypt cPIN. Verification thereof validates a first authentication factor. The personal object generates and then sends a confirmation Know(ss) of the secret to the server, validating a second authentication factor.

Abstract: An electronic element includes: a module for storing reference data; a module for receiving data from a processor; a module for verifying the received data by comparison by way of reference data; and a module for transmitting an instruction to cut off supply of the processor, the supply cutoff instruction being transmitted after occurrence of a failure event, the failure event being an absence of reception of data or a failure in verifying the data. A system including such an electronic element and a method for monitoring a processor by the electronic element are also described.

Abstract: A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G? equal to a first product G?=[d?]G, where d? is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q? equal to a second product Q?=[d?]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G?; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q?; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

Abstract: An electronic device generates a dynamic security code for a card transaction, e.g. a card not present transaction. The electronic device receives a user request to generate a dynamic security code. The electronic device sends a time request to a time source and receives a message including a time from the time source. The electronic device determines an authenticity of the message containing the time and computes the dynamic security code based on the time received in the message and a key stored at the electronic device. The electronic device causes the dynamic security code to be displayed on a display of the electronic device. The electronic device may be capable of computing a dynamic security code for a plurality of different cards. The electronic device may be a smart phone, a tablet, or a personal computer.

Abstract: The disclosure proposes a method in a first device comprising a transaction history and a generation counter, this device processing transactions with a second device. During a current transaction: receipt of data comprising a public key of the second device, a second generation counter and an identifier of the current transaction; verification that the first and second generation counters coincide; verification that the history comprises an input associated with the public key; approval of the current transaction if the transaction identifier satisfies a condition indicating the uniqueness of the current transaction; storage in the history of a new input with the public key; and update of an account balance to pay a credit to an account. The method also comprises: detection of a risk of saturation of the memory of the first device; update of the first generation counter and eviction of the memory.

Abstract: A processing method implemented by a first device including receiving first data including a challenge datum; obtaining key data including an encrypted cryptographic key which is masked by executing a cryptographic masking function; receiving an unmasking key; determining the encrypted cryptographic key by executing a cryptographic unmasking function on the basis of the unmasking key; determining a decrypted cryptographic key by a decryption by executing a decryption algorithm with white-box implementation on the basis of the encrypted cryptographic key; determining an answer datum by a cryptographic operation by executing a predetermined cryptographic algorithm on the basis of the decrypted cryptographic key and the challenge datum; and sending the answer datum to authenticate the first device.

Abstract: The invention relates to an electronic access pass allowing a person associated with the pass to access at least one restricted-access area of a building, and to a method implemented by such a pass for accessing a restricted-access area of a building. According to some embodiments, when a pass reader authorizes access to said area after reading the pass, information selected on the basis of the restricted-access area is temporarily displayed on the pass. This makes it possible to identify the carrier within the area based on the information displayed on the pass, while at the same time limiting the possibility of information being recovered through a simple glance outside the area. Overall security is thereby improved as a result, both within the area and outside it, due to the temporary nature of the display.

Abstract: Method for controlling commands suitable to be processed by a peripheral (2) comprising the following steps implemented by a control circuit (6) connected to a communication bus (8), a command circuit (4) and the peripheral (3) also being connected to the communication bus (8): granting or refusing authorization to the command circuit (4) to transmit a command signal of the peripheral via the bus (8), detecting the possible transmission of the command signal for the peripheral by the command circuit via the bus (8), implementing protection measures (614) when the control circuit detects that the command signal has been transmitted as the control circuit has not granted authorization, or that the command signal has not been transmitted as the control circuit has granted authorization.

Abstract: A cryptographic method is provided. The cryptographic method comprises an initialisation phase for determining a provisional generator point G? equal to a first product G?=[d?]G, where d? is a first random scalar forming a secret key of N bits and G is a generator point of an elliptical curve, and determining a provisional key Q? equal to a second product Q?=[d?]Q, where Q is a point of the elliptical curve forming a public key. During an encryption phase a second random scalar forming a second secret key k of M bits, with M<N; a public key P is calculated such that P=[k]G?; a coordinate of an intermediate point SP1, of the elliptical curve, equal to a fourth product SP1=[k]Q?; at least one key by application of a derivation function (F1); and data (T1) are encrypted based on said at least one key.

Abstract: The present invention concerns a method for securing data transmitted by a data source (2) of a connected object (1) against attacks affecting a control circuit (4) of the connected object (1), the connected object (1) also comprising an electronic signature circuit (6) and a communication bus (8) connected to the control circuit (4), connected to the electronic signature circuit (6) and connected to the source (2), wherein the method comprises the following steps implemented by the electronic signature circuit (6): detecting (602) a first datum (M) transmitted by the source (2) on the communication bus (8); detecting (606) a second datum (M?) to be signed, on the communication bus, the second datum having been transmitted (404) by the control circuit (4) on the communication bus (8) after detection of the first datum (M) by the control device (4); verifying (608) coherence between the detected data (M, M?), signalling (610) an error (E), if any, as a function of a result of the verification.

Abstract: Disclosed is a card that generates a dynamic security code for a card transaction, e.g. a card not present transaction. The card receives a request to generate a dynamic security code from an electronic device external to the card via an external card interface. The card receives a message including a time via the external card interface. The card computes the dynamic security code based on the time and a key stored at the card. The card sends the dynamic security code to the electronic device via the external card interface for display on a display of the electronic device. The card may determine an authenticity of the message including the time.

Abstract: Disclosed is a method for authenticating a user by using an electronic apparatus including an authentication module and a secure module, which includes the following steps: the authentication module transmits a recognition result to the secure module according to a process that allows the authentication module to be authenticated by the secure module; the secure module generates an authentication token by signing, with a private key stored in the secure module, data including data representing at least one feature of the authentication module; and transmitting the generated authentication token. Also disclosed is an associated secure module, electronic apparatus and system.

Abstract: Method for controlling commands suitable to be processed by a peripheral (2) comprising the following steps implemented by a control circuit (6) connected to a communication bus (8), a command circuit (4) and the peripheral (3) also being connected to the communication bus (8): granting or refusing authorization to the command circuit (4) to transmit a command signal of the peripheral via the bus (8), detecting the possible transmission of the command signal for the peripheral by the command circuit via the bus (8), implementing protection measures (614) when the control circuit detects that the command signal has been transmitted as the control circuit has not granted authorization, or that the command signal has not been transmitted as the control circuit has granted authorization.

Abstract: An electronic element includes: a module for storing reference data; a module for receiving data from a processor; a module for verifying the received data by comparison by way of reference data; and a module for transmitting an instruction to cut off supply of the processor, the supply cutoff instruction being transmitted after occurrence of a failure event, the failure event being an absence of reception of data or a failure in verifying the data. A system including such an electronic element and a method for monitoring a processor by the electronic element are also described.

Abstract: An authentication method is performed between a first party and a second party. The method includes: i) determining a challenge; ii) sending the challenge to the second party; receiving a response from the second party including a second cryptogram; computing a first cryptogram using the challenge and the key of the first party; determining if the first cryptogram matches the second cryptogram received from the second party. If the first cryptogram does not match the second cryptogram, the method further includes performing a computation using the first cryptogram and the second cryptogram; and comparing a result of the computation with a stored set of results to recover a first data element carried by the second cryptogram.

Abstract: The invention concerns a voter enrollment method implemented from a plurality of biometric data acquired on several voters, the method comprising the steps of receiving biometric data and associating each biometric data with at least one voting cryptographic data or a pointer, so that subsequently, during a poll, each voter can be biometrically identified using the electronic device and vote with his cryptographic voting data. The invention also concerns an electronic voting method comprising the steps of receiving biometric data acquired by a biometric sensor on an individual, said biometric data corresponding to a type of biometric data used for enrollment, verifying a match between the acquired biometric data and a stored biometric data, and, if said verification is positive, transmitting a voting result generated using a voting cryptographic data.

Abstract: A method for the authentication of a first electronic entity (C) by a second electronic entity (H), wherein the first electronic entity (C) implements the following steps: reception of a challenge (HCH) from the second electronic entity (H); generation of a number (CCH) according to a current value of a counter (SQC) and a first secret key (K-ENC); generation of a cryptogram (CAC) according to the challenge (HCH) and a second secret key (S-MAC); and transmission of a response including the cryptogram (CAC) to the second electronic entity (H), without transmission of the number (CCH).