Abstract: A method is provided for establishing a communication session in a communications system. The method includes providing a handshake layer functional block in a first communication peer, and providing a data communication layer functional block separate from the handshake layer functional block in the first communication peer. Functionality of the data communication layer is not duplicated in the handshake layer. If the data communication layer is unable to process a received encrypted message; transmitting, by the data communication layer, a configuration request message to the handshake layer, and transmitting, by the handshake layer, in response to the configuration request message, a set channel state message to enable the data communication layer to process application data after a handshake phase of the protocol session is complete. Then, application data can be communicated through the data communication layer functional block of the first communication peer to a second communication peer.

Abstract: A method is provided for establishing a communication session in a communications system. The method includes providing a handshake layer functional block in a first communication peer, and providing a data communication layer functional block separate from the handshake layer functional block in the first communication peer. Functionality of the data communication layer is not duplicated in the handshake layer. If the data communication layer is unable to process a received encrypted message; transmitting, by the data communication layer, a configuration request message to the handshake layer, and transmitting, by the handshake layer, in response to the configuration request message, a set channel state message to enable the data communication layer to process application data after a handshake phase of the protocol session is complete. Then, application data can be communicated through the data communication layer functional block of the first communication peer to a second communication peer.

Abstract: A method is provided for authenticating an IC device. The method includes provisioning an integrated circuit (IC) device with a unique identification number (UID). The IC device is configured to calculate a device-specific key (DSK) using the UID. The UID is used with a secure application separate from the IC device to calculate the DSK. The DSK calculated by the IC device is the same as the DSK calculated by the secure application. The UID and the DSK calculated by the secure application is provided to a provider of an online service. The provider of the online service is enabled to authenticate the IC device using the UID and the DSK calculated with the secure application in response to the IC device contacting the online service. The provider may authenticate the device using a standard cryptographic challenge-response protocol. If the IC device has knowledge of a particular DSK, then the IC device is a legitimate authorized device.

Abstract: A method is provided for generating a public/private key pair and certificate. The method includes providing an integrated circuit (IC) with an IC specific initial public and private key pair and a public key certificate signed by a manufacturer of the IC. A smartcard having stored thereon customer unique configuration data related to the IC is provided to a customer of the IC manufacturer. The smartcard enables the customer to generate a customization value and a customized public key using the customer unique configuration data. In response to the customer receiving the public key certificate signed by the IC manufacturer from the IC, the customer is enabled to provide the customization value, the customized public key, and a public key certificate signed by the customer to the IC. The IC is thus enabled to generate a customized private key, thus providing an IoT device with a public/private key pair and a certificate signed by the device manufacturer without the use of a trusted party.

Abstract: A method of producing a secure integrated circuit (IC), including: loading the IC with a unique identification number (UID); loading the IC with a key derivation data (KDD) that is based upon a secret value K and the UID; producing a secure application configured with a manufacturer configuration parameter (MCP) and the secret value K and configured to receive the UID from the IC; producing a manufacturer diversification parameter (MDP) based upon the MCP and the secret value K and loading the MDP into the IC; wherein secure IC is configured to calculate a device specific key (DSK) based upon the received MDP and the KDD, and wherein the secure application calculates the DSK based upon the MCP, K, and the received UID.

Abstract: A method is provided for generating a public/private key pair and certificate. The method includes providing an integrated circuit (IC) with an IC specific initial public and private key pair and a public key certificate signed by a manufacturer of the IC. A smartcard having stored thereon customer unique configuration data related to the IC is provided to a customer of the IC manufacturer. The smartcard enables the customer to generate a customization value and a customized public key using the customer unique configuration data. In response to the customer receiving the public key certificate signed by the IC manufacturer from the IC, the customer is enabled to provide the customization value, the customized public key, and a public key certificate signed by the customer to the IC. The IC is thus enabled to generate a customized private key, thus providing an IoT device with a public/private key pair and a certificate signed by the device manufacturer without the use of a trusted party.

Abstract: Embodiments utilizing secret keys for authentication and/or encrypted communication are described. In certain embodiments, authentication data is provided from a source network communication device to a target network communication device that allows a computing server to verify that the key migration is authorized by the source network communication device. The authentication data also enables the data provider and the target network communication device to independently determine a temporary key for establishing a secure communication channel between the service provider and the target network communication device and/or determine a new key for the target network communication device. In some implementations, the authentication data may be exchanged between the source and target network communication devices between offline without involvement of the computing server.

Abstract: A method is provided for authenticating an IC device. The method includes provisioning an integrated circuit (IC) device with a unique identification number (UID). The IC device is configured to calculate a device-specific key (DSK) using the UID. The UID is used with a secure application separate from the IC device to calculate the DSK. The DSK calculated by the IC device is the same as the DSK calculated by the secure application. The UID and the DSK calculated by the secure application is provided to a provider of an online service. The provider of the online service is enabled to authenticate the IC device using the UID and the DSK calculated with the secure application in response to the IC device contacting the online service. The provider may authenticate the device using a standard cryptographic challenge-response protocol. If the IC device has knowledge of a particular DSK, then the IC device is a legitimate authorized device.

Abstract: According to a first aspect of the present disclosure, a relay device for use in near field communication (NFC) transactions is provided, said relay device comprising a communication unit, wherein said communication unit comprises an NFC controller and a wireless communication controller which are operatively connected to each other through a physical interface, said NFC controller being arranged to establish communication with an NFC-enabled device that is external to the relay device, and said wireless communication controller being arranged to establish communication with a wireless device that is external to the relay device, wherein the communication unit is arranged to relay transaction data between the NFC-enabled device and the wireless device. According to a second aspect of the present disclosure, a corresponding method for facilitating near field communication (NFC) transactions is conceived.

Abstract: A third party device is authorized to access data associated with a user account at a service provider, wherein the third party device and a user device are in data communication with the service provider, and are both NFC-enabled. The method comprises obtaining a request token generated by the service provider, transmitting the request token from the third party device to the user device via NFC, authorizing the request token at the user device, transmitting the authorized request token from the user device to the third party device via NFC, and obtaining an access token generated by the service provider, corresponding to the authorized request token, wherein the access token allows the third party device to access data associated with the user account at the service provider.

Abstract: A method of producing a secure integrated circuit (IC), including: loading the IC with a unique identification number (UID); loading the IC with a key derivation data (KDD) that is based upon a secret value K and the UID; producing a secure application configured with a manufacturer configuration parameter (MCP) and the secret value K and configured to receive the UID from the IC; producing a manufacturer diversification parameter (MDP) based upon the MCP and the secret value K and loading the MDP into the IC; wherein secure IC is configured to calculate a device specific key (DSK) based upon the received MDP and the KDD, and wherein the secure application calculates the DSK based upon the MCP, K, and the received UID.

Abstract: The invention relates to a road toll system using a vehicle-mounted satellite navigation receiver, from which routes taken and road prices incurred are determined. A billing system bills a user in dependence on the road prices incurred. A portable activation device transmits information concerning the owner of the portable activation device to the vehicle-mounted unit, and the vehicle-mounted unit provides information to the billing system to enable identification of the owner of the portable activation device. In combination, the portable activation device and the vehicle-mounted unit can be considered to function in a similar way to a known vehicle-mounted OBU. However, by separating the data necessary to provide user-personalization into the portable activation device, the vehicle-mounted unit can become more standard, and the user is able to drive other vehicles more easily.

Abstract: There is disclosed a portable security device for securing a data exchange between a host device and a remote device, said portable security device comprising a processing unit, a secure element and a data interface, wherein: the secure element is arranged to store an encryption key and a decryption key; the processing unit is arranged to control the encryption of data to be transmitted from the host device to the remote device, wherein said encryption is performed using said encryption key; the processing unit is further arranged to control the decryption of data transmitted from the remote device to the host device, wherein said decryption is performed using said decryption key. Furthermore, a corresponding method for securing a data exchange between a host device and a remote device using a portable security device is disclosed, as well as a corresponding computer program product.

Abstract: Aspects of various embodiments are directed to applications utilizing secret keys for authentication and/or encrypted communication. In certain embodiments, authentication data is provided from a source network communication device to a target network communication device that allows a computing server to verify that the key migration has been is authorized by the source network communication device. The authentication data also enables the data provider and the target network communication device to independently determine a temporary key for establishing a secure communication channel between the service provider and the target network communication device and/or determine a new key for the target network communication device. In some implementations, the authentication data may be exchanged between the source and target network communication devices between offline without involvement of the computing server.

Abstract: There is disclosed a mobile device comprising: a near field communication unit, a further communication unit being connected to the near field communication unit and being arranged to communicate with an external input device, a secure element being connected to the near field communication unit and being arranged to execute at least one application, the near field communication unit further being arranged to request, via the further communication unit, user input data for said application from the external input device, to receive said user input data from the external input device via the further communication unit, and to forward said user input data to the secure element. Furthermore, a corresponding method for facilitating a transaction, a corresponding computer program, and a corresponding article of manufacture are disclosed.

Abstract: There is provided a display device comprising a processing unit, a display unit coupled to the processing unit and a near field communication unit coupled to the processing unit, wherein said processing unit is arranged to synchronize display messages to be displayed by the display unit with corresponding near field communication messages to be stored in the near field communication unit. Furthermore, a corresponding method of operating a display device is conceived. Furthermore, a corresponding computer program product is provided.

Abstract: According to a first aspect of the present disclosure, a relay device for use in near field communication (NFC) transactions is provided, said relay device comprising a communication unit, wherein said communication unit comprises an NFC controller and a wireless communication controller which are operatively connected to each other through a physical interface, said NFC controller being arranged to establish communication with an NFC-enabled device that is external to the relay device, and said wireless communication controller being arranged to establish communication with a wireless device that is external to the relay device, wherein the communication unit is arranged to relay transaction data between the NFC-enabled device and the wireless device. According to a second aspect of the present disclosure, a corresponding method for facilitating near field communication (NFC) transactions is conceived.

Abstract: According to an aspect of the invention, a security token for facilitating access to a remote computing service via a mobile device is conceived, said security token comprising an NFC interface, a smart card integrated circuit and a smart card applet stored in and executable by said smart card integrated circuit, wherein the smart card applet is arranged to support a cryptographic challenge-response protocol executable by the mobile device.

Abstract: A method for obfuscating functionality of computer software is disclosed. In an embodiment, the method involves determining a first set of instructions needed to perform a target operation and a second set of instructions for at least one or more additional operations. The second set of instructions is tuned to contain instructions such that, by executing the second set of instructions, the function of the first set of instructions can be performed. Once the first and second sets of instruction are determined and tuned, a code library is created and code fragments in the library correspond to code needed to perform the function of the first set of instructions when executed. Instructions are then added to the second set of instructions such that, when executed, will cause the functionality of the first set of instructions to be achieved.

Abstract: The invention provides an electric vehicle charging system in which the charging station and the vehicle each have a power transfer measurement unit, and a communication system for communicating data at least from the vehicle to the station. The power delivery is controlled based on a comparison of power transfer measurements made by the charging station and by the electric vehicle control system.