Abstract: A system configured to perform decision tasks carried out by a machine learning engine operates with a machine learning model, and includes a training component for improving the machine learning model, a device for carrying out decisions based on a set of input data, and an interaction interface for switching the machine learning model between training component and a device that includes a model attestation checker. The device performs acquiring input data, and ascertaining at least one machine learning model over the interaction interface. The model attestation checker performs checking if said machine learning model is trusted by a model attestation, and considering, for decision making, only those machine learning models that are trusted. The machine learning engine performs carrying out the decision task for input data by using a trusted machine learning model, and providing a result attestation for the decision output.

Abstract: Method for improving user authentication efficiency performed by a communication device belonging to an authentication system. The communication device includes a local machine learning engine having a set of N artificial neural network ANN1,i adapted to process N different types of input signals.

Abstract: The present invention relates to a method for authentication of a user using a user equipment, comprising an authentication engine for authenticating at least one user, said authentication engine being configured to operate with a local authentication model, wherein the method comprises the step for the user equipment of enhancing its local authentication model by at least one authentication factor, wherein said at least one authentication factor is stored in the local authentication model with a validity indication, indicating the time the authentication factor is valid for taking into account by the authentication engine, and authenticating a user by means of a match of the local authentication model with a set of user behavior indications retrieved by the user equipment through the authentication engine.

Abstract: Method for improving user authentication efficiency performed by a communication device belonging to an authentication system. The communication device includes a local machine learning engine having a set of N artificial neural network ANN1,i adapted to process N different types of input signals.

Abstract: A system configured to perform decision tasks carried out by a machine learning engine operates with a machine learning model, and includes a training component for improving the machine learning model, a device for carrying out decisions based on a set of input data, and an interaction interface for switching the machine learning model between training component and a device that includes a model attestation checker. The device performs acquiring input data, and ascertaining at least one machine learning model over the interaction interface. The model attestation checker performs checking if said machine learning model is trusted by a model attestation, and considering, for decision making, only those machine learning models that are trusted. The machine learning engine performs carrying out the decision task for input data by using a trusted machine learning model, and providing a result attestation for the decision output.

Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.

Abstract: The invention is a method for managing communication between a secure element and a device. The secure element comprises a physical communication interface and first and second virtual profiles. It is configured to exchange data targeting the virtual profiles with the device through the physical communication interface. The method comprises the steps of: running simultaneously said first and second virtual profiles, demultiplex incoming data received through the physical communication interface and multiplex outgoing data sent through the physical communication interface, resetting one of said virtual profiles individually without affecting the other virtual profiles in response to receiving a specific signal sent by the device through the physical communication interface.

Abstract: A method for establishing a first secured communication channel between an administrative agent in a device and a distant server, the device comprising a secure element communicating with the administrative agent, the secure element being administrated through the administrative agent by the distant server, the administrative agent being administrated by a third party server through a second secured communication channel, the distant server and the third party server being connected through a third secured channel. The third party server requests, from the distant server, an operation on the secure element and a one-time PSK. The distant server sends, to the third party server, the one-time PSK. The third party server sends, to the administrative agent, a triggering message including the one-time PSK. A TLS-PSK handshake is performed between the administrative agent and the distant server with the one-time PSK to establish the first secured communication channel.

Abstract: The invention is a method for managing communication between a secure element and a device. The secure element comprises a physical communication interface and first and second virtual profiles. It is configured to exchange data targeting the virtual profiles with the device through the physical communication interface. The method comprises the steps of: running simultaneously said first and second virtual profiles, demultiplex incoming data received through the physical communication interface and multiplex outgoing data sent through the physical communication interface, resetting one of said virtual profiles individually without affecting the other virtual profiles in response to receiving a specific signal sent by the device through the physical communication interface.

Abstract: A first device stores a subscription manager and at least two subscriptions. A first subscription is active and a second subscription is non-active. A second device sends a request for switching to the second subscription. The subscription manager sets a first variable relating to a next active subscription to the second subscription. The subscription manager sends to the first device a message requesting the first device to re-launch an execution of the subscription manager and to read data. The first device sends to the subscription manager a message including a command for re-launching an execution of the subscription manager. The subscription manager de-activates, based upon the first variable value, the first subscription. The subscription manager activates, based upon the first variable value, the second subscription, and sends to the first device operating system data relating to the second subscription, as a current active subscription.

Abstract: A first device stores a subscription manager and at least two subscriptions. A first subscription is active and a second subscription is non-active. A second device sends a request for switching to the second subscription. The subscription manager sets a first variable relating to a next active subscription to the second subscription. The subscription manager sends to the first device a message requesting the first device to re-launch an execution of the subscription manager and to read data. The first device sends to the subscription manager a message including a command for re-launching an execution of the subscription manager. The subscription manager de-activates, based upon the first variable value, the first subscription. The subscription manager activates, based upon the first variable value, the second subscription, and sends to the first device operating system data relating to the second subscription, as a current active subscription.

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract: Mutual authentication between: (i) a user terminal cooperating with a security element and an application for registering with a service, and (ii) a remote server that provides the service, by means of a third-party portal, includes: i) transmitting, to the remote server by means of the portal, signed information R enabling the security element to be authenticated in the remote server; ii) authenticating the security element in the remote server; iii) transmitting a value R? signed by the remote server to the application by means of the portal; iv) transmitting a request for verification of the signed value R? from the application to the security element; v) verifying, in the security element, the signature of the remote server and whether the requested service has been granted by the remote server; vi) establishing a secure connection with the remote server using the security element, and requesting that the service be executed.

Abstract: A method of managing data in an electronic token includes an initial step of storing a first data into the electronic token and into a secured site. Secret data, intended to be initialized in the electronic token, is identified. Instructions and a subset of the first data are also identified, wherein the subset allows the secret data to be rebuilt by applying the instructions. A reference identifying the subset is sent to the electronic token. In the electronic token, the secret data is rebuilt from the first data and the reference by applying the instructions.

Abstract: The invention is a method of analyzing the wear of a non volatile memory embedded in a secure electronic token. A set of events are intended to generate writing and/or erasing operations in said memory. The token comprises a buffer. The method comprises the following steps: each time an event belonging to said set occurs, generating a data which reflects the event and storing said data in the buffer, sending the buffer to a remote machine, analyzing the buffer to determine the wear of the memory.

Abstract: A method of detecting an abnormal environmental operating condition of an element embedded in an apparatus. The element is able to communicate with a telecommunications network. The method includes cyclically measuring at least one environmental operating parameter of the element, detecting that the element is operating for an excessive duration in at least one reference operating span and transmitting an alert message to the telecommunications network if the element has operated for an excessive duration in the reference operating span.

Abstract: In order to broadcast a commercial content corresponding to the centers of interest of a user of a communicating object, the disclosed method involves generating a message including at least one piece of commercial content associated with at least one piece of meta-information characterising the subject concerned by the commercial content. The method is implemented by the object for extracting a piece of commercial content from the message only if the piece of meta-information of the content corresponds to a piece of meta-information characterising a center of interest of the user.

Abstract: The invention is a secure element comprising a virtual machine able to work in admin mode and in runtime mode. The secure element comprises two enhanced containers. Each of said enhanced containers can be either in an activated state or in a disabled state. Only one of the enhanced containers can be in activated state at any given time. The virtual machine is adapted to access each of the enhanced containers when working in admin mode. The virtual machine cannot access an enhanced container which is in disabled state when working in runtime mode.

Abstract: A first user of a first communicating object shares personal data in response to a request from a second user. The shared data are associated with a reference of the second user in the first communicating object and are transmitted to the second communicating object in order to be recorded therein in association with a reference of the first user. The first user controls the shared personal data from the first communicating object by transmitting a control instruction to the second communicating object. The instruction contains at least the reference of the first user in order to find the personal data of the first user in association with the reference in the second communicating object, and to treat the personal data according to the transmitted control instruction.