Abstract: Provided is a secure online authentication method of a user by a relying party using a mobile ID document uses a secret to consent to a retrieval of a dedicated data field, wherein an access token is generated, including a proof, which is used by the relying party to transmit an access request to the mobile document issuer, trading the token for an authentication document comprising the personal data related to the dedicated data field by the document issuer to the relying party, wherein the proof verification material is extracted from the authentication document and checked to access said personal data and accepting the online authentication of the user. Other embodiments disclosed.

Abstract: A device comprises a hash tree including a root node and a leaf node. An issuing authority having agreed to generate a signature of the root node after having successfully checked validity of an attribute stored in the leaf node. The device identifies a subset of nodes by using a template specifying the structure of the hash tree, said subset comprising, for all paths of the hash tree that do not comprise said leaf node, the node which is the closest to the reference root node and which does not belong to the path comprising said leaf node. A verifier computes a test hash and then computes a test root node by applying a preset rule. The verifier checks that the signature is valid using a data whose authenticity is certified by the issuing authority.

Abstract: A method comprises: receiving, by a user device, from a verifier device, a request for user data; retrieving a first cryptogram and a decryption key; sending and, to a server, the first cryptogram; retrieving a random and a second cryptogram generated using reference user authentication data concatenated with the random; sending, to the verifier device, the second cryptogram and the random; storing the reference random; sending, to the user device, the second cryptogram; decrypting the second cryptogram using the decryption key; extracting the reference user authentication data and the random; providing, the user device, with user authentication data; verifying that it matches the reference user authentication data; providing, the verifier device, with the random; verifying that it matches the reference random; and authenticating the user data.

Abstract: Provided is a method for facilitating the renewing of a digital identity document. It includes receiving a request for renewing a digital identity document; checking whether said digital identity document can be renewed, if the check result is positive, creating an up-to-date validity-related data item to be associated with said digital identity document and to be inspected by a verifier when the validity of said digital identity document must be assessed; and sending said up-to-date validity-related data item to a device of a user of said digital identity document so that a validity-related data item previously associated with said digital identity document can be replaced by said up-to-date validity-related data item at the user's side.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: The invention relates to a method for managing the reputation level of a first communication device (100), said reputation level (103) being stored into a first secure enclave (102) embedded in said first communication device (100). The method comprises the steps of: receiving from the first communication device (100) by a second communication device (110) an information message; verifying that the information message is consistent with data obtained from a sensor embedded in the second communication device (110); generating a feedback message by the second communication device (110) to be transmitted to the first communication device (100) indicating if the information message is consistent for the secure enclave (102) of the first communication device (100) to update its reputation level.

Abstract: The invention relates to a method for controlling by a server called secure server the use of a first set of at least one data element of a data owner and provided by a communication device, the method comprising the steps of: receiving at least one digital signature representative of a process authorized by the data owner and adapted to carry out a series of at least one instructions using the first set of at least one data element; receiving from a process entity the series of at least one instruction, and a ciphered version of the first set of at least one data element which is communicated to the process entity by the communication device; verifying that the series of at least one instruction correspond to a process authorized by the data owner of the communication device by comparing the at least one digital signature received by the secure server with a digital signature obtained by the secure server using as an input the series of at least one instruction received by the secure server; and if the serie

Abstract: The invention relates to a method for granting access to a service provided by a connected device for a user having a user's device and requesting said access, the method comprising the steps of: receiving by the user's device from the connected device a request to validate a user profile, a user profile corresponding to a list of at least one data item representing the user's capabilities to use a service provided by the given connected device; requesting by the user's device to a verification server associated to the at least one data item to validate said data item, and receiving a digital signature of said data item generated by the verification server as a proof of the validation; transmitting the data item of the user profile and its digital signature to a device belonging to the owner of the connected device for it to be informed that said data item is validated, the user profile being considered as validated when the digital signatures of all the data items listed in the user profile are correctly ver

Abstract: This invention relates to a method for anticipating the setup of a relation of trust between a first vehicle called central vehicle and at least a second vehicle, wherein two interaction areas are defined relatively to the position of the central vehicle, the first interaction area called exchange area comprising the central vehicle and the second interaction area called pre-authentication area being defined in a way that it has to be crossed by said second vehicle for it to enter into the exchange area, the method comprising the steps of: detecting if the second vehicle is localized in the pre-authentication area associated with the central vehicle; authenticating the central vehicle and the second vehicle if not already authenticated; upon successful authentication, providing the central vehicle and the second vehicle with at least one credential to set up the relation of trust for it to be already established when the second vehicle is present in the exchange area associated with the central vehicle.

Abstract: The invention relates to an intelligent portable personal security object including graphical personalization data visible from a face of the object, wherein the graphical personalization data are presented by electronic display. The invention also relates to a use of the portable object in the carrying out of secure electronic transaction; and/or in the authentication and visual monitoring of at least one person; and/or in logical access control for at least one user; and/or in the displaying of data other than graphical personalization data.

Abstract: The present invention relates to a method for establishing secure history and audit of an integrated circuit card comprising an audit register, for property hand-over, which includes the following steps: storing in the audit register of said integrated circuit card remote actions performed on said integrated circuit card; computing a hash function of the content of said audit register of said integrated circuit card and remote actions content, and storing the result of said hash function in said audit register of said integrated circuit card; storing on a remote server an audit log of remote actions performed on said integrated circuit card; and verifying the integrity of said audit log stored on said remote server by comparing the content of said audit register of said integrated circuit card and the result of a computed hash function of said audit log.

Abstract: The invention relates to a method for accessing an application. A token includes at least one application that is executable by a device. The token is coupled to the device. The method comprises the following steps. The token sends to the device data for identifying the token and data for authenticating the token. The device analyses whether the token identification data is included within a list of at least one authorized token. Only if the token identification data is included within a list of at least one authorized token, then the device analyses whether the token is authenticated. And only if the device authenticates the token, then the device authorizes to execute the application. The invention also relates to a corresponding device.

Abstract: The invention relates to an intelligent portable personal security object including graphical personalization data visible from a face of the object, wherein the graphical personalization data are presented by electronic display. The invention also relates to a use of the portable object in the carrying out of secure electronic transaction; and/or in the authentication and visual monitoring of at least one person; and/or in logical access control for at least one user; and/or in the displaying of data other than graphical personalization data.