Abstract: The invention proposes a verification process of an access right of an individual comprising conducting the following steps before the individual presents themselves at a control point, of: acquisition, by a client device, of a biometric datum on the individual, and transmission of said datum to a remote calculation server, performing a zero-knowldege calculation protocol verifiable publicly by the remote calculation server, comprising: calculation of a function comprising a remote calculation between the biometric datum and each of a plurality of reference data, comparison of each distance to a predetermined threshold, and generation of a result indicating whether at least one of the distances calculated is under said threshold, generation, from said function, of proof of exactness of calculation of the function, transmission via the remote calculation server of the result of calculation of the function and proof of exactness of the calculation to the client device, and the process comprises conducting

Abstract: The invention provides a method of generating at least one derived identity of an individual 1, the method comprising the following steps: generating a first identifier id1 from biometric data of the individual; defining a serial number ns associated with the individual; generating first check data ctrl1 for verifying consistency between the first identifier id1 and the serial number ns; and concatenating the serial number ns, the first identifier id1, and the first check data ctrl1 in such a manner as to form a first derived identity ident1 of the individual.

Abstract: The invention proposes a method for processing biometric data, comprising verification of the result of a calculation of distance between a biometric candidate datum and at least one biometric reference datum, each comprising a number n of indexed components (ai, bi), said calculation of distance comprising that of a polynomial of the components of the biometric data, the method being executed by a proving entity and a verification entity, the method comprising steps during which: the proving entity communicates to the verification entity the result of calculation of the distance between the candidate and reference biometric data, and said data, the proving entity generates from each datum a function of a number d of variables fa(i1, . . . , id), fb(i1, . . . , id) where d=log2 n, defined for each variable on the set {0,1}, by reformulation of the index i of each component (ai, bi) in binary format, the proving entity generates from each function a polynomial of d variables ã(x1, . . .

Abstract: The invention relates to a method for securing a document including a visual element, carried out by a processing unit comprising processing means, the method comprising generation, from the visual element, of a reference security datum, and storage of the reference security datum, wherein the reference security datum is generated by means of an algorithm configured so as to generate: for any image acquired from the visual element, a security datum whereof the differences relative to the reference security datum are less than a determined threshold, and for any image acquired on a different visual element, a security datum whereof the differences relative to the reference security datum are greater than said threshold.

Abstract: The invention concerns a method for generating an electronic signature key and an associated public key certificate, implemented by a client unit and a server unit, the method comprising a step during which the client unit and/or the server unit generate(s) a signature key comprising a private key and a public key, and a public key certificate comprising said public key, the method being characterized in that the client unit acquires an item of biometric data of an individual, and in that the signature key and/or the public key certificate are generated from at least a portion of said biometric data, and in that the portion of biometric metric data from which the signature key and/or the public key certificate have been generated is ephemeral and is not memorized after the signature key and the public key certificate have been generated. The invention also concerns a method for transferring a message and a system designed to implement the method for generating a signature key.

Abstract: The invention is about an identification process of an individual or object, in a system comprising a control server and a management server of a database comprising N indexed data of N stored individuals, in which, to identify the individual or object, its datum is compared to each of the N data of the base.

Abstract: The invention proposes a method comprising the evaluation of a function F obtained by applying to n sub-functions fi a first operation, the evaluation comprising: the application of a series of calculation steps in which a first unit assumes a role of a client and a second unit assumes a role of a server, and the repetition of the series of calculation steps in which the roles of client and of server are exchanged between the units, each series of steps comprising: a) randomly generating, by the server, first data, and a second datum, b) for each sub-function fi, generating by the server a set of elements formed by: a result of fi evaluated in the data of the client and of the server, masked by a first datum, by applying the first operation between the result and the first datum, and masked by the second datum, by applying between the masked result and the second datum of a second operation different from the first and distributed relatively to the latter, c) recovering by oblivious transfer, by the c

Abstract: The invention proposes a method comprising the calculation of a function written as a product of: a sub-function fX of a datum of a client unit a sub-function fY of a datum of a client unit, and a product of n indexed sub-functions fi of both data, the method comprising the steps of: randomly generating, by the server unit, n indexed invertible data ri from the set with m being a prime number, generating, by the server unit, for each i from 1 to n, a set for which each element is formed by a product of a datum ri with a possible result of the sub-function of two variables fi evaluated in both data, applying an oblivious transfer protocol between the client unit and the server unit so that the client unit recovers, for each i from 1 to n, an intermediate datum ti equal to: ti=ri×fi(xi,Y) obtaining, by the client unit a result T from intermediate data such that: T = f X ? ( X ? ) × ? i = 1 n ? ? t i obtaining, by the server unit a result R from inverted data suc

Abstract: A method of secure distributed storage on N servers and a secure access method to confidential data stored in a secure and distributed manner on N servers are provided. Additionally, distributed storage, devices, systems, computer programs and storage medium are provided for the implementation of such methods.

Abstract: An enrollment method for enrolling biometric data in a database. Each data item includes an information vector on a biometric feature, and a mask vector, determining those bits of the information vector to be taken into account for data comparison. The method includes the application of permutation to the bits of the vectors. The vectors using an enrollment code, the permutation being applied to the encoded vectors. In the encoded vectors, the mean weight of the representations of all the bits of the mask vector is constant or statistically constant irrespective of the values of the bits of the mask vector; and least one bit is drawn randomly following the same law of distribution as the bits of the information vector.

Abstract: The invention relates to an authentication device (1), characterized in that it comprises a support (10) provided with a surface (12), said surface comprising a plurality of peaks (14) and valleys (15) forming a pattern (13) capable of being acquired by a digital fingerprint sensor. The invention also relates to a method of manufacturing such a device.

Abstract: The present invention relates to a biometric identification method of an entity comprising computation of a matching value between biometric data of an entity u and reference biometric data u?, by application of a function F to said biometric data by performing a non-interactive, publicly verifiable computation method comprising: representation of said function in the form of an arithmetic circuit converted into a polynomial representation, and generation of keys, determination of matching value by evaluating the arithmetic circuit having the biometric data of the entity and the reference biometric data as inputs, generation of proof of correction of the computation execution of the matching values, verification of said received proof, representation of said function comprising encoding of an integer k>1 of binary integers of a vector of a biometric datum on at least one input wire of the circuit, and the function F comprising at least m scalar products, if the divider m is equal to 2 or 3, evaluation of t

Abstract: The invention relates to a method for enabling the authentication or identification of a person (1) using a first electronic device (2) comprising an image-capturing unit and a data-transmission unit, the method including a step of registering said person in a verification system (3). The registration step includes the steps of: capturing, using the image-capturing unit of said electronic device, a first image (h) of at least one object (O) of any kind that is secretly selected by the person; and transmitting said first image to the verification system by means of said data transmission device of said first electronic device.

Abstract: The invention relates to a method for generating a message signature intended to be validated by a verifier server, a client device being configured to hold a private key and a corresponding public key and comprising steps of: offline precomputation (103) by a hardware security module of a signature token, a result of encryption by means of a homomorphic encryption function, storage (104) of said signature token; generation (105) of said signature of said encrypted message by means of said homomorphic encryption function from the result of the encryption by said homomorphic encryption function of the private key stored by the client device, of the signature token and of said message, said signature being intended to be validated by said verifier server by means of said public key.

Abstract: The invention relates to a method of signature with pseudonym ? of a message m by a user device storing a secret signature key sk dependent at least on a first part of key f, on a second part of key x and on a third part of key A equal to (g1hf)1/(x+y) and comprising the following steps: —generation of a pseudonym nym equal to hfdpkx, with dpk a public domain parameter, —determination of random numbers a, r_a, r_f, r_x, r_b, r_d, —calculation of signature coefficients R1 equal to hr_Jdpkr_x, R2 equal to nymr_ah?r_ddpk?r_b, R3 equal to Zr_xVa?r_x?r_f?r_bW?r_a, with Z, V and W respectively equal to e(A, g2), e(h, g2) and e(h,w), —obtaining of a first signature parameter T equal to Aha, —calculation of a second signature parameter c by applying a cryptographic hash function H, to the public domain parameter dpk, to the pseudonym nym, to the first signature parameter T, to the signature coefficients R1, R2, R3 and to the message m, —calculation of signature parameters s_f, s_x, s_a, s_b, s_d, respectively equal t

Abstract: The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.

Abstract: A server-implemented method encrypting at least two pieces of indexed data as lists of elements, each element belonging to a finite set of indexed symbols on an alphabet. The data is encrypted to form a protected set, including: the server randomly generates, for each datum, a corresponding encoding function; if at least one element that constitutes a datum is the symbol of the alphabet, the server determines the image of the symbol of the alphabet via the encoding function corresponding to the datum to obtain a codeword coordinate and adds the codeword coordinate to an indexed set corresponding to the element of the alphabet; then the server completes the indexed set with error-inducing points; the server randomly reindexes the elements of the indexed set corresponding to the symbol of the alphabet; and the server adds the indexed set to the protected set. The method can identify an individual.

Abstract: The invention relates to a secure method of processing data in which method is implemented the evaluation of a function that may be written as a linear combination of sub-functions with two binary inputs, in which a client and a server each possess a binary code, comprising n indexed bits, the method comprising the evaluation of the function with the binary codes of the client and of the server as inputs, without one of the client or the server obtaining information about the code of the other, the method being characterized in that it comprises the following steps: —the server randomly generates n indexed values and calculates the linear combination of these values with the same linear combination as that applied to the sub-functions to obtain the function, —the client implements, for each bit of his binary code, a technique of unconscious transfer to obtain from the server an intermediate data item comprising the randomly generated value of same index as the bit of the code of the client, increased by the v

Abstract: The present invention concerns a method of generating a biometric certificate of a user performed by a data processing device of a certifying authority, comprising a step of generating (E4) a certificate for said user comprising data related to the identity of the user and truncated authentication data of said user generated using a method of generating a biometric authentication datum, comprising steps of: acquiring (E1) first biometric data of said user; generating (E2) a first a proof of knowledge of said first biometric data from the first acquired biometric data and from a pseudo-random function; generating (E3) a first truncated authentication datum by applying a truncation function to said first generated proof of knowledge.

Abstract: The invention provides a method of generating at least one derived identity of an individual 1, the method comprising the following steps: generating a first identifier id1 from biometric data of the individual; defining a serial number ns associated with the individual; generating first check data ctrl1 for verifying consistency between the first identifier id1 and the serial number ns; and concatenating the serial number ns, the first identifier id1, and the first check data ctrl1 in such a manner as to form a first derived identity ident1 of the individual.