Abstract: In an embodiment a method for calibrating temperature sensors includes arranging devices-under-test (DUTs) in a sealable and thermally isolated chamber of a calibration arrangement such that each of the DUTs is in proximity to, associated to and in thermal contact with at least one of a number of reference samples, controlling the calibration arrangement to thermalize the DUTs and the reference samples to a temperature set point and generating, based on a temperature-dependent quantity, a set of measurement signals for each of the DUTs, wherein each set of measurement signals comprises a test measurement signal from a distinct one of the DUTs and a reference measurement signal from each of an associated at least one of the reference samples.

Abstract: A data processing system and a method are provided for recognizing a scanned biometric characteristic in the data processing system. The data processing system includes a biometric sensor, a rich execution environment (REE), and a secure element (SE). In one embodiment, during an enrollment operation, a random challenge is applied to scanned data to produce a biometric template that is stored. During subsequent validation operations, the SE determines if user data includes evidence of the random challenge before providing access to a secure application. Evidence of the random challenge indicates the user data was provided by the biometric sensor. In another embodiment, the sensor data is split between the REE and the SE and partially processed in the SE. The described embodiments prevent a replay attack from being conducted in communications between the REE and the SE.

Abstract: A security device provisioning hub, including: a memory; and a processor configured to: receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service; receive a second secret token from a customer device having a security chip; verify that the first secret token and the second secret token are the same; and provide to the customer device access credentials to the first service.

Abstract: A data processing system and a method are provided for recognizing a scanned biometric characteristic in the data processing system. The data processing system includes a biometric sensor, a rich execution environment (REE), and a secure element (SE). In one embodiment, during an enrollment operation, a random challenge is applied to scanned data to produce a biometric template that is stored. During subsequent validation operations, the SE determines if user data includes evidence of the random challenge before providing access to a secure application. Evidence of the random challenge indicates the user data was provided by the biometric sensor. In another embodiment, the sensor data is split between the REE and the SE and partially processed in the SE. The described embodiments prevent a replay attack from being conducted in communications between the REE and the SE.

Abstract: A data processing system and a method are provided for recognizing a scanned biometric characteristic in the data processing system. The data processing system includes a biometric sensor, a rich execution environment (REE), and a secure element (SE). In one embodiment, during an enrollment operation, a random challenge is applied to scanned data to produce a biometric template that is stored. During subsequent validation operations, the SE determines if user data includes evidence of the random challenge before providing access to a secure application. Evidence of the random challenge indicates the user data was provided by the biometric sensor. In another embodiment, the sensor data is split between the REE and the SE and partially processed in the SE. The described embodiments prevent a replay attack from being conducted in communications between the REE and the SE.

Abstract: A data processing system and a method are provided for recognizing a scanned biometric characteristic in the data processing system. The data processing system includes a biometric sensor, a rich execution environment (REE), and a secure element (SE). In one embodiment, during an enrollment operation, a random challenge is applied to scanned data to produce a biometric template that is stored. During subsequent validation operations, the SE determines if user data includes evidence of the random challenge before providing access to a secure application. Evidence of the random challenge indicates the user data was provided by the biometric sensor. In another embodiment, the sensor data is split between the REE and the SE and partially processed in the SE. The described embodiments prevent a replay attack from being conducted in communications between the REE and the SE.

Abstract: Articles and methods for transaction irregularity detection are disclosed. In one example, the article discloses: a memory including a record of a last-reported security-device transaction with the security-device, and including a last-reported transaction counter value associated with the last-reported security-device transaction; a previous device identifier; a record of the previous security-device transaction with the security-device, and including the previous device identifier associated with the previous security-device transaction; a record of a current security-device transaction with the security-device, and including a currently-reported transaction counter value associated with the current security-device transaction; and a back-end device tagging the previous device with fraud if the current transaction counter value differs from the last-reported transaction counter value by other than an increment.

Abstract: A security device provisioning hub, including: a memory; and a processor configured to: receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service; receive a second secret token from a customer device having a security chip; verify that the first secret token and the second secret token are the same; and provide to the customer device access credentials to the first service.

Abstract: A method is provided for authenticating an IC device. The method includes provisioning an integrated circuit (IC) device with a unique identification number (UID). The IC device is configured to calculate a device-specific key (DSK) using the UID. The UID is used with a secure application separate from the IC device to calculate the DSK. The DSK calculated by the IC device is the same as the DSK calculated by the secure application. The UID and the DSK calculated by the secure application is provided to a provider of an online service. The provider of the online service is enabled to authenticate the IC device using the UID and the DSK calculated with the secure application in response to the IC device contacting the online service. The provider may authenticate the device using a standard cryptographic challenge-response protocol. If the IC device has knowledge of a particular DSK, then the IC device is a legitimate authorized device.

Abstract: A method is provided for authenticating an IC device. The method includes provisioning an integrated circuit (IC) device with a unique identification number (UID). The IC device is configured to calculate a device-specific key (DSK) using the UID. The UID is used with a secure application separate from the IC device to calculate the DSK. The DSK calculated by the IC device is the same as the DSK calculated by the secure application. The UID and the DSK calculated by the secure application is provided to a provider of an online service. The provider of the online service is enabled to authenticate the IC device using the UID and the DSK calculated with the secure application in response to the IC device contacting the online service. The provider may authenticate the device using a standard cryptographic challenge-response protocol. If the IC device has knowledge of a particular DSK, then the IC device is a legitimate authorized device.

Abstract: Reader (420) for determining the validity of a connection to a transponder (440), designed to measure a response time of a transponder (440) and to authenticate the transponder (440) in two separate steps. Transponder (440) for determining the validity of a connection to a reader (420), wherein the transponder (440) is designed to provide information for response time measurement to said reader (420) and to provide information for authentication to said reader (420) in two separate steps, wherein at least a part of data used for the authentication is included in a communication message transmitted between the reader (420) and the transponder (440) during the measuring of the response time.

Abstract: The exemplary embodiments of the invention realize an efficient prevention of massive infiltration of cloned RFID transponders into existing and new RFID systems. Furthermore, reader devices used for authentication of RFID transponders do not need to be on-line and do not need to be equipped with a Security Authentication Module (SAM). This simplifies authentication procedures and reduces costs. According to an exemplary embodiment of the invention a transponder-specific originality signature is stored by a transponder manufacturer on the transponder. The transponder-specific originality signature may, for example, be stored in the non-volatile memory (EEPROM) of the transponder during the fabrication of the transponder. This transponder-specific originality signature can be checked at any time in a convenient way, which provides an indication of originality of said transponder.

Abstract: A refrigerator having a thermal store comprising a phase change material is disclosed. The refrigerator has a cooling chamber for containing an object to be cooled, and a vapor compression refrigeration system including a first evaporator for cooling the cooling chamber and a second evaporator for cooling the phase change material. A valve is provided to control the flow of refrigerant to the first and second evaporators depending on the cooling load on the refrigerator. When the refrigerator is subject to a relatively low cooling load, refrigerant flows to the second evaporator to cool the phase change material and, when the refrigerator is subject to a relatively high cooling load, refrigerant flows to the first evaporator such that increased cooling is provided to the cooling chamber by the first evaporator and the phase change material.

Abstract: Transponder (180) having stored a fixed identification number, which expands said identification number with a random number, encrypts said expanded number with a key, and sends it to a reader (160) on its request. Reader (160), which on request receives an encrypted number from a transponder (180), decrypts a received encrypted number with a key, which was also used by the transponder (180), and extracts a fixed identification number associated with the transponder (180).

Abstract: Transponder (104), comprising a storage unit (106) having stored a number of different applications, a processing unit (108) which, on request of a reader (102), is adapted to generate a response interpretable using an encryption scheme known by both the transponder (104) and the reader (102) so that the reader (102) is capable of determining whether an application is supported by the transponder (104) by analyzing the response using the encryption scheme, and a transmission unit (110) adapted to send the response to said reader (102).

Abstract: Articles and methods for transaction irregularity detection are disclosed. In one example, the article discloses: a memory including a record of a last-reported security-device transaction with the security-device, and including a last-reported transaction counter value associated with the last-reported security-device transaction; a previous device identifier; a record of the previous security-device transaction with the security-device, and including the previous device identifier associated with the previous security-device transaction; a record of a current security-device transaction with the security-device, and including a currently-reported transaction counter value associated with the current security-device transaction; and a back-end device tagging the previous device with fraud if the current transaction counter value differs from the last-reported transaction counter value by other than an increment.

Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: The exemplary embodiments of the invention realize an efficient prevention of massive infiltration of cloned RFID transponders into existing and new RFID systems. Furthermore, reader devices used for authentication of RFID transponders do not need to be on-line and do not need to be equipped with a Security Authentication Module (SAM). This simplifies authentication procedures and reduces costs. According to an exemplary embodiment of the invention a transponder-specific originality signature is stored by a transponder manufacturer on the transponder. The transponder-specific originality signature may, for example, be stored in the non-volatile memory (EEPROM) of the transponder during the fabrication of the transponder. This transponder-specific originality signature can be checked at any time in a convenient way, which provides an indication of originality of said transponder.

Abstract: The invention provides a secure and efficient resource management system and a corresponding method for managing resources of a product that is put on the market by a licensor via a distribution chain. In particular, the number of keys needed for managing said resources can be reduced. At the time that the product is released to the market the exact licensing conditions of the product need not be known yet. The licensing conditions and the associated configuration of resources of the product are managed via a second key which is provided to a licensee. The licensee, however, has no knowledge of the first key and the derivation function which generates said second key based on the first key. Therefore, it is ensured that the licensee cannot claim more resources of the product than the licensor allows.

Abstract: The invention provides a method for the purification of a liquid by membrane distillation comprising: passing a heated vapourising stream of a liquid (retentate stream) through a retentate channel along a porous hydrophobic membrane (10), whereby vapour of the liquid flows via the pores of the membrane to the other side of said membrane, and condensing said vapour on the other side of said membrane to give a distillate stream in a distillate channel (5) which distillate is created by passing the heat of condensation (latent heat) towards a condenser surface (3), said condenser surface forming a non-porous separation between a feed stream of the liquid to be purified and said distillate stream, which feed stream is passed through a feed channel (2) in counter-current with the retentate stream, in which feed channel a space material (4) is arranged whereby at least part of the latent heat is transferred via the condenser surface to the feed stream, and whereby a positive liquid pressure difference is applied be