Abstract: Provided is a method to update an OS installed in a secure element on an OS update platform exposing the same ES9+ interface as an SM-DP+, the secure element being an eUICC or an iUICC cooperating with a terminal, the secure element and the terminal being comprised in a device. The method comprises loading an OS update script in the OS update platform of the secure element manufacturer, triggering the LPA of the terminal to connect to the OS update platform by using the ES9+ SM-DP+ protocol, downloading by the LPA the OS update script in an ISD-P of the secure element and installing the OS update script in the ISD-P of the secure element, and after the installation of the OS update script in the ISD-P, return by the secure element an execution result to the OS update platform through the LPA.

Abstract: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.

Abstract: Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.

Abstract: A system configured to perform decision tasks carried out by a machine learning engine operates with a machine learning model, and includes a training component for improving the machine learning model, a device for carrying out decisions based on a set of input data, and an interaction interface for switching the machine learning model between training component and a device that includes a model attestation checker. The device performs acquiring input data, and ascertaining at least one machine learning model over the interaction interface. The model attestation checker performs checking if said machine learning model is trusted by a model attestation, and considering, for decision making, only those machine learning models that are trusted. The machine learning engine performs carrying out the decision task for input data by using a trusted machine learning model, and providing a result attestation for the decision output.

Abstract: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: The present invention relates to a method for authentication of a user using a user equipment, comprising an authentication engine for authenticating at least one user, said authentication engine being configured to operate with a local authentication model, wherein the method comprises the step for the user equipment of enhancing its local authentication model by at least one authentication factor, wherein said at least one authentication factor is stored in the local authentication model with a validity indication, indicating the time the authentication factor is valid for taking into account by the authentication engine, and authenticating a user by means of a match of the local authentication model with a set of user behavior indications retrieved by the user equipment through the authentication engine.

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: A system configured to perform decision tasks carried out by a machine learning engine operates with a machine learning model, and includes a training component for improving the machine learning model, a device for carrying out decisions based on a set of input data, and an interaction interface for switching the machine learning model between training component and a device that includes a model attestation checker. The device performs acquiring input data, and ascertaining at least one machine learning model over the interaction interface. The model attestation checker performs checking if said machine learning model is trusted by a model attestation, and considering, for decision making, only those machine learning models that are trusted. The machine learning engine performs carrying out the decision task for input data by using a trusted machine learning model, and providing a result attestation for the decision output.

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: This invention relates to a method for anticipating the setup of a relation of trust between a first vehicle called central vehicle and at least a second vehicle, wherein two interaction areas are defined relatively to the position of the central vehicle, the first interaction area called exchange area comprising the central vehicle and the second interaction area called pre-authentication area being defined in a way that it has to be crossed by said second vehicle for it to enter into the exchange area, the method comprising the steps of: detecting if the second vehicle is localized in the pre-authentication area associated with the central vehicle; authenticating the central vehicle and the second vehicle if not already authenticated; upon successful authentication, providing the central vehicle and the second vehicle with at least one credential to set up the relation of trust for it to be already established when the second vehicle is present in the exchange area associated with the central vehicle.

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ks)Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)K) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.

Abstract: The invention is a method sending a plurality of data from a server to a fleet of devices. The method comprises the following steps: splitting said plurality of data in a set of disjoint batches, uniquely allocating to each of said disjoint batches a time slot, identifying a selected data belonging to the disjoint batch which is allocated to the current time slot and sending the selected data from the server to one device of said fleet, and if an incident occurs at the server, discarding from the server the disjoint batch allocated to the time slot during which the incident occurred.

Abstract: The invention is a method sending a plurality of data (21, 22, 23) from a server (10) to a fleet of devices (11, 12, 13). The method comprises the following steps: splitting said plurality of data (21, 22, 23) in a set of disjoint batches (31, 32), uniquely allocating to each of said disjoint batches a time slot, identifying a selected data belonging to the disjoint batch which is allocated to the current time slot and sending the selected data from the server (10) to one device of said fleet, if an incident occurs at the server (10), discarding from the server (10) the disjoint batch allocated to the time slot during which the incident occurred.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)k) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.