Abstract: A method for determining the presence of a human being, comprising: measuring (S6) a movement (MOV) of a first device (4) by a sensor (44) of said first device (4), determining the presence of a human being on the basis of the measured movement (MOV).

Abstract: The present invention concerns a method for securing data transmitted by a data source (2) of a connected object (1) against attacks affecting a control circuit (4) of the connected object (1), the connected object (1) also comprising an electronic signature circuit (6) and a communication bus (8) connected to the control circuit (4), connected to the electronic signature circuit (6) and connected to the source (2), wherein the method comprises the following steps implemented by the electronic signature circuit (6): detecting (602) a first datum (M) transmitted by the source (2) on the communication bus (8); detecting (606) a second datum (M?) to be signed, on the communication bus, the second datum having been transmitted (404) by the control circuit (4) on the communication bus (8) after detection of the first datum (M) by the control device (4); verifying (608) coherence between the detected data (M, M?), signalling (610) an error (E), if any, as a function of a result of the verification.

Abstract: An electronic device generates a dynamic security code for a card transaction, e.g. a card not present transaction. The electronic device receives a user request to generate a dynamic security code. The electronic device sends a time request to a time source and receives a message including a time from the time source. The electronic device determines an authenticity of the message containing the time and computes the dynamic security code based on the time received in the message and a key stored at the electronic device. The electronic device causes the dynamic security code to be displayed on a display of the electronic device. The electronic device may be capable of computing a dynamic security code for a plurality of different cards. The electronic device may be a smart phone, a tablet, or a personal computer.

Abstract: A method for the authentication of a first electronic entity (C) by a second electronic entity (H), wherein the first electronic entity (C) implements the following steps: reception of a challenge (HCH) from the second electronic entity (H); generation of a number (CCH) according to a current value of a counter (SQC) and a first secret key (K-ENC); generation of a cryptogram (CAC) according to the challenge (HCH) and a second secret key (S-MAC); and transmission of a response including the cryptogram (CAC) to the second electronic entity (H), without transmission of the number (CCH).

Abstract: A method for receiving data (DATASEND) within an electronic entity (2) includes the following steps: establishment, between the electronic entity (2) and an external electronic apparatus, of a first secure channel by encipherment by element of a first cryptographic key (SK-ENC); reception, via the first secure channel, of a first command; reception of at least one second cryptographic key (BK-ENC) via the first secure channel; setting up, owing to the execution of the command, of a second secure channel by encipherment by element of the second cryptographic key (BK-ENC); and reception of the data (DATASEND) in the second secure channel. A corresponding electronic entity is also described.

Abstract: In a network including an application server, a network server, and a device having a memory storing an application cryptographic key, a method includes: testing the memory for the absence or presence of a cryptographic key associated with the network; if the key is absent, the device sending a request to join the network, the application server producing derivation data, the application server encrypting the derivation data by the application cryptographic key, and the device receiving the encrypted derivation data; and in the event of the key being present, the device sending a request to join the network, the network server producing derivation data, the network server encrypting the derivation data by a network cryptographic key equal to or derived from the cryptographic key associated with the network, and the device receiving the encrypted derivation data. A method performed in the device, and an associated electronic entity are also described.

Abstract: An electronic device is proposed, which is configured to receive at least one cryptographic parameter and validate the at least one cryptographic parameter. The electronic device is is configured to validating the parameter by determining an imprint from a one-way function and from at least the cryptographic parameter; detecting at least one part of the imprint in a dedicated memory zone of the electronic device, and delivering a piece of information on validation should there be effective detection.

Abstract: An authentication method is performed between a first party and a second party. The method includes: i) determining a challenge; ii) sending the challenge to the second party; receiving a response from the second party including a second cryptogram; computing a first cryptogram using the challenge and the key of the first party; determining if the first cryptogram matches the second cryptogram received from the second party. If the first cryptogram does not match the second cryptogram, the method further includes performing a computation using the first cryptogram and the second cryptogram; and comparing a result of the computation with a stored set of results to recover a first data element carried by the second cryptogram.

Abstract: Disclosed is a method for authenticating a user by using an electronic apparatus including an authentication module and a secure module, which includes the following steps: the authentication module transmits a recognition result to the secure module according to a process that allows the authentication module to be authenticated by the secure module; the secure module generates an authentication token by signing, with a private key stored in the secure module, data including data representing at least one feature of the authentication module; and transmitting the generated authentication token. Also disclosed is an associated secure module, electronic apparatus and system.

Abstract: Disclosed is a secure electronic entity including a memory unit storing data in the form of multiplets and a processing module designed to receive data from an electronic device. The processing module is designed to determine a proof-of-integrity element in accordance with the data received and at least one portion of the stored multiplets, and to transmit the proof-of-integrity element to the electronic device. Also disclosed is a method for verifying the integrity of data stored in such a secure electronic entity.

Abstract: A method for verifying the security of a device for generating private and public cryptographic keys. Such a method includes generating at least one pair of private and public cryptographic keys by the device from at least one random variable coming from a random-variable generator; transmitting at least one constituent element of a generated private or public key to at least one device for verifying; and determining a level of security of the device from the at least one transmitted element, as a function of pieces of information stored by the device for verifying.

Abstract: A cryptographic processing method using a sensitive data item in a cryptographic processing system including in memory a test making it possible to tell a human and a computer apart and a reference value obtained by applying a cryptographic function to a pair of values P and R, where P is the sensitive data item and R is a solution to the memorized test, the method including the steps of: configuring the cryptographic processing system, including obtaining and memorizing the reference value in the cryptographic system; transmitting the memorized test to a user; obtaining the user's response to the transmitted test; a cryptographic processing step based on the sensitive data item, using the obtained response, the reference value and the cryptographic function. The reference value and memorized test are in the memory of the system and the solution is not in the memory of the system, during the transmission step.

Abstract: A method of exchanging data between a data processing system and an electronic entity, characterized by the following steps: the electronic entity sending the data processing system a certificate (CASD_CERT) associating an identifier of the electronic entity with a public key (CASD_PK) associated with a secret key (CASD_SK) stored in the electronic entity in a set of reserved keys associated with a first security domain; the data processing system verifying the association of the identifier and the public key (CASD_PK) via the certificate (CASD_CERT); and an application of the electronic entity separate from the first security domain and the data processing system exchanging data encrypted by the public key (CASD_PK) or signed by the first security domain by the secret key (CASD_SK) stored in the electronic entity.

Abstract: A method and apparatus are proposed for cryptographic computations implemented in an electronic component. The method includes determining the cofactor of an elliptic curve E defined over a finite field Fq with q elements, the elliptic curve comprising a base point P having an order equal to n. The step of determining includes determining a value of floor((q+2ceil(b/2)+1+1)/n) when n>6?q, where the function ceil corresponds to the ceiling function, floor corresponds to the floor function, and b corresponds to the size q in number of bits of q.

Abstract: An electronic device is proposed, which is configured to receive at least one cryptographic parameter and validate the at least one cryptographic parameter. The electronic device is is configured to validating the parameter by determining an imprint from a one-way function and from at least the cryptographic parameter; detecting at least one part of the imprint in a dedicated memory zone of the electronic device, and delivering a piece of information on validation should there be effective detection.

Abstract: A cryptographic processing method using a sensitive data item in a cryptographic processing system including in memory a test making it possible to tell a human and a computer apart and a reference value obtained by applying a cryptographic function to a pair of values P and R, where P is the sensitive data item and R is a solution to the memorized test, the method including the steps of: configuring the cryptographic processing system, including obtaining and memorizing the reference value in the cryptographic system; transmitting the memorized test to a user; obtaining the user's response to the transmitted test; a cryptographic processing step based on the sensitive data item, using the obtained response, the reference value and the cryptographic function. The reference value and memorized test are in the memory of the system and the solution is not in the memory of the system, during the transmission step.

Abstract: A method for verifying the security of a device for generating private and public cryptographic keys. Such a method includes generating at least one pair of private and public cryptographic keys by the device from at least one random variable coming from a random-variable generator; transmitting at least one constituent element of a generated private or public key to at least one device for verifying; and determining a level of security of the device from the at least one transmitted element, as a function of pieces of information stored by the device for verifying.

Abstract: A method of transfer transferring a right to access a service from a device (2) of a lender (P) to a device (25) of a borrower (E), the method comprising: holding an access right to a service; obtaining authentication data associated with the borrower (E) or the borrower's device (25); duplicating said at least one access right (D1-D2); using a cryptographic key associated with the device (2) of the lender (P) to calculate a cryptogram containing authentication data and duplicated rights; and sending the cryptogram to the device (25) of the borrower (E). Correspondingly, the invention also provides a method of controlling access to such a service by a service provider, and also a method of managing a transfer of such access rights from the device (2) of the lender (P) to the service provider.

Abstract: A cryptographic calculation is carried out in an electronic component according to a specific cryptographic algorithm including at least one specified non-linear operation on blocks of data of k bits, k being a whole number of more than 2. Several blocks of masked intermediate data of j bits are generated from an initial block of data of k bits, j being a whole number that is smaller than k. Then a non-linear operation S is applied to at least one of the masked intermediate data blocks of j bits with the aid of a substitution table with 2 inputs producing a modified data block of j bits. The modified data block of j bits and at least some of the masked intermediate data blocks of j bits are combined to form a result block of k bits corresponding to the initial data block of k bits by means of a transformation including the specified non linear operation.

Abstract: In an RF label identification system comprising a label reader and a plurality of labels, a unique and secret identifier being associated with each label, a first random number is sent from a label to the reader. A second random number is then sent from the reader to the label. In the RF label, a value of the encrypted identifier is then obtained by generating third and fourth random numbers in accordance with a probabilistic rule, by transforming the first and second random numbers in accordance with a determined function and by combining the identifier with the first and second random numbers, with the first and second transformed numbers and with the third and fourth random numbers. The value of the encrypted identifier is sent to the reader. After N repetitions of the above process, the reader identifies the RF label as a function of the N values of the encrypted identifier received, of the determined function, of the N first and second random numbers and of the probabilistic rule.