Abstract: An electronic device is provided having a memory driver unit for reading partition headers including encrypted version numbers from a memory and for writing updated encrypted version numbers to the memory. The electronic device has an update agent unit for controlling a software or firmware update, a one-time programmable memory for storing a first value, and an encrypt-decrypt unit for decrypting the partition headers stored in the memory. The update agent is configured to compare the retrieved version numbers with a version number from a software or firmware update. The first value is incremented and stored in the one-time programmable memory if an update is performed. The encrypt-decrypt unit is configured to encrypt the version numbers of the software or firmware update based on the new first value. The memory driver unit is configured to write a new partition header with the updated encrypted version numbers into the memory.

Abstract: A composite customer ID (CCID) is stored in the OTP memory of integrated circuit chipsets used by a number of different customers. The CCID includes individual customer IDs (CIDs) at defined index positions, each corresponding to a different customer. Each chipset allows or disallows software booting, based reading a certificate index value from a given customer's certificate, reading an OTP CID from OTP, as pointed to the by certificate index value, and evaluating the OTP CID with a certificate CID read from the certificate. Thus, while CCID carries information for a plurality of customers, each customer's certificate points only to that customer's OTP CID, which can be changed to revoke that customer's certificate without revoking the other customers' certificates. The CCID also may include a version number, where the chipsets allow or disallow software booting based on evaluating the certificate version number in view of the CCID version number.

Abstract: Method for encrypting an initial digital data set, which comprises a compression of the initial digital data set delivering a compressed set comprising at least one compressed digital data stream and at least one dictionary making it possible to describe the content of the compressed digital data stream or streams, and an encryption of each dictionary only delivering an encrypted digital data set.

Abstract: A method of protecting digital data stored in a storage medium. The method comprises providing a first and a second addressable storage region in the storage medium, and selector means for selectively indicating one of the first and the second addressable storage regions as active; storing the digital data in the first addressable storage region of the storage medium, wherein the digital data stored in the first addressable storage region is stored encrypted with a first encryption key; and causing the selector means to indicate the first addressable storage region as being active; and, responsive to a trigger event, copying the digital data from the first to the second addressable storage region, wherein the digital data stored in the second addressable storage region is stored encrypted with a second encryption key; and causing the selector means to indicate the second addressable storage region as being active.

Abstract: An electronic device for storing data content by storing at least a portion of the data content in a rewritable memory device by storing an n bit count value associated with the status of the data content in a one time programmable memory. The n bit count value is written to the secure memory device along with the corresponding data content. Then the n bit count value is incremented and stored in the one time programmable memory each time there is a modification of the data content in the rewritable memory device. The number of bits of the one time programmable memory may correspond to the number of potential modifications of the stored data content.

Abstract: A method and a generator for generating a pseudo-random data sequence (3), including combining means for combining data belonging to a plurality of initial data sequences (9a, 9b, 9c) using a procedure for searching for at least one search pattern.

Abstract: A method of generating a pseudorandom data sequence, wherein said pseudorandom data sequence is generated by a procedure for searching for a search pattern in an initial data sequence of N bits, said search procedure comprising the following steps: (a) detecting in said initial data sequence a particular search pattern of r bits that is one of a set of search patterns; (b) determining an output pattern of k bits by an operation that depends on the progress of the preceding step; and repeating the preceding steps (a) and (b) successively to form the pseudorandom data sequence from a succession of output patterns.

Abstract: Method for decrypting, within a wireless communication device, a sequence of encrypted packets received via a wireless communication channel between the communication device and a cell assigned to this device, comprising for each packet the following steps:—the computation of an encrypting sequence corresponding to the packet (21); and—the decrypting of the packet with the aid of the said encrypting sequence (22). In this method, the encrypting sequences are computed before the reception of the packets while the reception quality is above a threshold (20, TH) and an indication of change of cell is not received (24).

Abstract: Wireless communication apparatus (WAP) which comprises means of receiving data streams (312, 313, 314, 315, 316, 317) each at least partly requiring a cryptographic processing operation, a cryptographic module (320) comprising a crypto-processor (301), and management means configured to deliver at least some of the data streams to the crypto-processor (301) according to an order of priority defined from the data types and cryptographic processing types assigned to each data stream.

Abstract: Method for encrypting an initial digital data set, which comprises a compression of the initial digital data set delivering a compressed set comprising at least one compressed digital data stream and at least one dictionary making it possible to describe the content of the compressed digital data stream or streams, and an encryption of each dictionary only delivering an encrypted digital data set.

Abstract: In a method of storing data in a memory device, which data comprise content to be processed in a processing device in which the memory device is installed, the method comprises the steps of writing encrypted content (Enc_Krand(flash_content) into the memory device before installing the memory device in the processing device, wherein the content was encrypted by use of a first key (Krand), and accessing the first key (Krand) and encrypting the first key (Krand) by the aid of a second key (KIC; Ke) that is dependent on the processing device after installation of the memory device in the processing device, and writing the encrypted first key (EncSym_KIC(Krand); EncAsym_Ke(Krand)) into the memory device.

Abstract: A method of limiting the bit rate going to a network service having a target bit rate, data packet traffic to the service coming from at least one contributor, and a bit rate being associated with the portion of the traffic coming from said contributor. The method includes sending the packet from the contributor to the service if the bit rate of the traffic of the contributor is below a threshold that is a function of the target bit rate and a current data packet traffic to said service, the bit rate of the traffic from the contributor being measured on the current data packet traffic.

Abstract: A composite customer ID (CCID) is stored in the OTP memory of integrated circuit chipsets used by a number of different customers. The CCID includes individual customer IDs (CIDs) at defined index positions, each corresponding to a different customer. Each chipset allows or disallows software booting, based reading a certificate index value from a given customer's certificate, reading an OTP CID from OTP, as pointed to the by certificate index value, and evaluating the OTP CID with a certificate CID read from the certificate. Thus, while CCID carries information for a plurality of customers, each customer's certificate points only to that customer's OTP CID, which can be changed to revoke that customer's certificate without revoking the other customers' certificates. The CCID also may include a version number, where the chipsets allow or disallow software booting based on evaluating the certificate version number in view of the CCID version number.

Abstract: An electronic device is provided having a memory driver unit for reading partition headers including encrypted version numbers from a memory and for writing updated encrypted version numbers to the memory. The electronic device has an update agent unit for controlling a software or firmware update, a one-time programmable memory for storing a first value, and an encrypt-decrypt unit for decrypting the partition headers stored in the memory. The update agent is configured to compare the retrieved version numbers with a version number from a software or firmware update. The first value is incremented and stored in the one-time programmable memory if an update is performed. The encrypt-decrypt unit is configured to encrypt the version numbers of the software or firmware update based on the new first value. The memory driver unit is configured to write a new partition header with the updated encrypted version numbers into the memory.

Abstract: A method and a generator for generating a pseudo-random data sequence (3), including combining means for combining data belonging to a plurality of initial data sequences (9a, 9b, 9c) using a procedure for searching for at least one search pattern.

Abstract: A method of generating a pseudorandom data sequence, wherein said pseudorandom data sequence is generated by a procedure for searching for a search pattern in an initial data sequence of N bits, said search procedure comprising the following steps: (a) detecting in said initial data sequence a particular search pattern of r bits that is one of a set of search patterns; (b) determining an output pattern of k bits by an operation that depends on the progress of the preceding step; and repeating the preceding steps (a) and (b) successively to form the pseudorandom data sequence from a succession of output patterns.

Abstract: A method of pre-authentication of a first entity (10) by a second entity (1) communicating with each other via a wireless connection. The second entity (1) sends (23?) a challenge value (c). If the first entity (10) receives (23) a challenge value (c?), it applies to the received challenge value a predefined transformation (g) known to the second entity to obtain a first transformed value (r) and then sends (24) the first transformed value (r) obtained. If the second entity receives (24?) a transformed value (r?), it compares (25?) the received transformed value to a second transformed value (r?) obtained by applying the predefined transformation (g) to the challenge value sent and considers the pre-authentication to have succeeded if the result of comparing the second transformed value obtained and the transformed value received is below a predefined threshold (m).

Abstract: A method is provided for controlling secure transactions using a physical device held by a user and bearing at least one pair of asymmetric keys, including a device public key and a corresponding device private key. The method includes, prior to implementing the physical device, certifying the device public key with a first certification key of a particular certifying authority, delivering a device certificate after verifying that the device private key is housed in a tamper-proof zone of the physical device; verifying the device certificate by a second certification key corresponding to the first certification key; and in case of a positive verification, registering the user with a provider delivering a provider certificate corresponding to the signature by the provider of the device public key and an identifier of the user.

Abstract: A public key cryptographic method based on groups of braids. The method employs a secret key defined by a representative s of a given braid S in a braid group G, a public key defined by a representative v of the braid T(S) converted from the braid S by an operator T, and an operation of verifying the equality of two braids, i.e. the equivalence of representatives of the two braids.

Abstract: A method of limiting the bit rate going to a network service having a target bit rate, data packet traffic to the service coming from at least one contributor, and a bit rate being associated with the portion of the traffic coming from said contributor. The method includes sending the packet from the contributor to the service if the bit rate of the traffic of the contributor is below a threshold that is a function of the target bit rate and a current data packet traffic to said service, the bit rate of the traffic from the contributor being measured on the current data packet traffic.