Abstract: The invention relates to an authentication method for authenticating a client device having an authentication token generated by means of a pseudo-homomorphic function and based on a secret element (PIN) known only by the client device, to a server, comprising: the generation (A1), by the client device, of proof of knowledge of the secret element based on a proof generation key masked with a first mask data item, said masked proof generation key being dependent on said secret element, the transmission to the server by the client device, of said generated proof of knowledge of the secret element (A2) and of the authentication token (J) masked using the mask data item (A3), the verification of the validity of the masked authentication token (A4) and of the validity of the proof of knowledge by the server (A6) by a zero-knowledge proof, proving the knowledge of said secret element by the client device without revealing it.

Abstract: The present invention relates to a method of identifying a user, the method being implemented by means of a database containing personal data of users and containing for each user at least one unmodified biometric characteristic (E1,i), at least one biometric characteristic (E2,i) that has been modified and that is accessible from the unmodified biometric characteristic, and at least one item of identification data (D) that is accessible from a code identifying the modification that has implemented on the second biometric characteristic. The method comprises the steps of comparing first and second biometric characteristics (e1,i) read from the user with the characteristics in the database in order to determine (5) what modification has been implemented and to deduce therefrom the code identifying the modification; and extracting (6) the identification data by means of the code as deduced in this way. The invention also provides a database for implementing the method.

Abstract: A method for signing up a person for biometric verification purposes is provided, the method including: acquiring an image of a biological attribute of the person, the biological attribute including a set of characteristic elements, defining, within the acquired image, at least one area that includes at least part of the biological attribute, and storing, in a biometric database, at least one piece of information indicating that the number of characteristic elements included in said defined area is less than a respective predetermined integer. A related biometric verification method is also provided.

Abstract: The invention presents a process for obtaining candidate reference data to compare to a data to be identified, implemented in a system comprising a client unit and a storage server comprising two databases, in which: —the first database comprises indexed memory blocks each comprising a corresponding encrypted indexed reference data, and—the second database comprises memory blocks indexed by all possible hash values obtained by a plurality of k indexed hash functions, and wherein each block contains a list of the indexes of the reference data which hashing by one of said hash function results in the hash value corresponding to said block, said process comprising the steps during which: —the client unit hashes the data to be identified with each of the plurality of hash functions, and reads the k memory blocks of the second database corresponding to the hash values thus obtained, the client unit identifies indexes contained in at least t out of k read memory blocks, and—the client unit reads the memory blocks o

Abstract: The invention relates to a method for signing a message (m), implemented by processing means of a user device of a member (Mi) belonging to a group of members (G), said user device having a secret signature key (ski), said method including a step of generating (E301) a group signature (?) for the message (m), enabling said member (Mi) to prove his membership in the group (G), and a step of generating (E302) a pseudonym (nymij) identifying the member (Mi) within a domain (Dj) of a service provider (SPj), said domain including a set of terminals in communication with a server of said service provider, said signature (?) being designed such that said member (Mi) can prove, by signing the message (m), his knowledge of said secret signature key without disclosing it, said group signature (?) being designed such that the membership of the member (Mi) in the group is verifiable independently from the pseudonym (nymij), said pseudonym and said signature being a function of a portion (xi) of said secret signature k

Abstract: The invention concerns a method for encrypting a binary data item characterised in that it comprises the steps consisting of: —generating a public key and a private key, the public key being a sparse matrix comprising m rows and n columns, m being greater than the number I of bits of the binary data item, I being an integer strictly greater than 1, and the private key being a set of I indexed sets of integers between 1 and m such that for each set, the sum of the elements of the rows of the sparse matrix indexed by the elements of a set is zero, and—generating a binary sequence b comprising m bits, such that b=Mx+e+y in which o x is a random binary vector, o e is a random binary noise vector, and o y is a linear encoding of data item c. The invention also concerns a method for calculating a Hamming distance on data encrypted by the method of encryption.

Abstract: The description relates in particular to a method of secure distributed storage, to a secure access method and to a distributed storage, and to devices, systems, computer programs and storage medium for the implementation of such methods.

Abstract: The invention relates to a secure method of processing data in which method is implemented the evaluation of a function that may be written as a linear combination of sub-functions with two binary inputs, in which a client and a server each possess a binary code, comprising n indexed bits, the method comprising the evaluation of the function with the binary codes of the client and of the server as inputs, without one of the client or the server obtaining information about the code of the other, the method being characterized in that it comprises the following steps: —the server randomly generates n indexed values and calculates the linear combination of these values with the same linear combination as that applied to the sub-functions to obtain the function, —the client implements, for each bit of his binary code, a technique of unconscious transfer to obtain from the server an intermediate data item comprising the randomly generated value of same index as the bit of the code of the client, increased by the v

Abstract: The invention concerns a method for generating an electronic signature key and an associated public key certificate, implemented by a client unit and a server unit, the method comprising a step during which the client unit and/or the server unit generate(s) a signature key comprising a private key and a public key, and a public key certificate comprising said public key, the method being characterised in that the client unit acquires an item of biometric data of an individual, and in that the signature key and/or the public key certificate are generated from at least a portion of said biometric data, and in that the portion of biometric metric data from which the signature key and/or the public key certificate have been generated is ephemeral and is not memorised after the signature key and the public key certificate have been generated. The invention also concerns a method for transferring a message and a system designed to implement the method for generating a signature key.

Abstract: The invention relates to an enrolment method for enrolling biometric data in a database, each data item comprising an information vector on a biometric feature, and a mask vector, determining those bits of the information vector to be taken into account for data comparison, the method comprising the application of permutation to the bits of the vectors, the method being characterized in that it further comprises a step to encode the vectors using an enrolment code, the permutation being applied to the encoded vectors, and the said encoding comprising: the representation of each bit of the mask vector in a sequence of several bits, such that the mean weight of the representations of all the bits of the mask vector is constant or statistically constant irrespective of the values of the bits of the mask vector; and the representation of each bit of the information vector in a sequence comprising at least one bit drawn randomly, the randomly drawn bits following the same law of distribution as the bits of the

Abstract: The invention relates to a database (10) suitable for combining biometric data (b) and an identifier (Id(b)). For this purpose, biometric data (bref) are collected (101). Next, a plurality of keywords is generated (102) by means of applying a family (H) of hash functions to the biometric data. Then, a plurality of addresses (@i) is obtained (103) by means of applying an addressing function (F) to the plurality of keywords and to a secret key. Finally, the identifier is stored (104) at said plurality of addresses.

Abstract: The invention relates to an authentication device (1), characterized in that it comprises a support (10) provided with a surface (12), said surface comprising a plurality of peaks (14) and valleys (15) forming a pattern (13) capable of being acquired by a digital fingerprint sensor. The invention also relates to a method of manufacturing such a device.

Abstract: Method of identification or of authorization using a system comprising at least one sensor for acquiring biometric data and one secure module storing a set of digital data obtained starting from a set of respective biometric data by means of a digitization algorithm. According to this method, a biometric data value is obtained, acquired by the sensor; a digital value is obtained by application of the digitization algorithm to the acquired biometric data value; within the secure module, at least some of the digital data from said set of digital data are ranked according to their proximity to the digital value obtained; and a biometric data value is obtained from said set of biometric data by taking into account a position of the corresponding digital data within the ranking.

Abstract: A server-implemented method encrypting at least two pieces of indexed data as lists of elements, each element belonging to a finite set of indexed symbols on an alphabet. The data is encrypted to form a protected set, including: the server randomly generates, for each datum, a corresponding encoding function; if at least one element that constitutes a datum is the symbol of the alphabet, the server determines the image of the symbol of the alphabet via the encoding function corresponding to the datum to obtain a codeword coordinate and adds the codeword coordinate to an indexed set corresponding to the element of the alphabet; then the server completes the indexed set with error-inducing points; the server randomly reindexes the elements of the indexed set corresponding to the symbol of the alphabet; and the server adds the indexed set to the protected set. The method can identify an individual.

Abstract: The invention is about an identification process of an individual or object, in a system comprising a control server and a management server of a database comprising N indexed data of N stored individuals, in which, to identify the individual or object, its datum is compared to each of the N data of the base.

Abstract: Biometric data relating to a biological part are processed by obtaining, on the one hand, a first set of transformed biometric data (f(B1)) by applying at least one irreversible transformation to a first set of biometric data (B1), and, on the other hand, a second set of transformed biometric data (f(B2)) by applying said transformation to a second set of biometric data (B2). Thereafter, a decision is made as to whether the second biometric data set corresponds to the first biometric data set on the basis of a comparison between the first transformed biometric data set and the second transformed biometric data set, said comparison being performed at the bit level of a digital representation of said first and second transformed biometric data sets as a function of an error corrector code word.

Abstract: In a method for searching for an entity belonging to a set of entities, a verifier device and the entities are arranged so as to exchange information via at least one communication channel. Each entity has a first respective identifier from which a plurality of representatives can be obtained. According to the method, a first identification word (mi; p(Xi)), which is related to an entity for which a search is carried out, is obtained in the verifier device. The first identification word is formed by applying a first encoding function to the first identifier of the entity for which the search is being carried out so as to depend on a sub-portion of the plurality of representatives that can be obtained from said first identifier. The sub-portion is predetermined by at least one variable parameter. The first identification word, obtained on the communication channel, is transmitted from the verifier device.

Abstract: A device is controlled by a controller on the basis of a password. A determination is made at the device or at the controller, on the basis of a random value r1, of a point P(X,Y) on an elliptic curve in a finite body Fq, q being an integer, according to: Ea,b(x, y):x3+ax+b=y2. First and second parameters k and k? are obtained such that P(X,Y)=F(K,k?), where F is a surjective function of Fq×Fq, in Fq. The first and second parameters are obtained in an encrypted format by encryption in accordance with the password. The first and second encrypted parameters are then transmitted to the controller. During the control, the function F is used, such that, whatever the values of z and z? which are input elements of Fq, F(z,z?) is a point on the elliptic curve and the input elements do not satisfy the equation.

Abstract: The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.

Abstract: A database comprising biometric data stored in encrypted form is managed by a management unit. It comprises a set of filters respectively associated with filter identifiers. A biometric data item is received at a management unit; next, said biometric data item is stored in an encrypted form at a given address in the database. Then keywords are obtained on the basis of a first set of hash functions and of the biometric data item. A subset of indexing filters is associated with each keyword by selecting, for each keyword, filters as a function of the respectively associated filter identifiers, of said keywords, and of a second set of hash functions; and the given address is associated with each of the filters of the subset of filters.