Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.

Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.

Abstract: This Application sets forth techniques for establishing a custodial relationship between a user device and a custodian device for recovering access to a user account and/or to encrypted user data with assistance provided by the custodian device to effect access recovery. A server of a cloud network service provides an anonymous identifier to associate with the custodian device and an account recovery key to store at the custodian device. Identity of an account of the cloud network service associated with the custodian device can be hidden from the server. The user device generates a data recovery key and provides a first portion of the data recovery key to the custodian device and a second portion of the data recovery key to the server. Integrity of the stored account recovery key and portions of the data recovery key are checked regularly by the custodian device and the user device.

Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.

Abstract: Systems and methods for secure storage and transmission of sensitive information in a cloud environment. The methods comprise: receiving sensitive information corresponding to a first resource associated with a first cloud, generating an encryption key for encrypting the sensitive information, encrypting the sensitive information using the encryption key, transmitting the encrypted sensitive information to a cloud connector via a first communication channel, and transmitting the encryption key to a configuration service. The configuration service is associated with a second cloud. The method may further comprise, by a cloud connector: receiving the encryption key from the second resource associated with the second cloud and using the encryption key to decrypt the encrypted sensitive information.

Abstract: Systems and methods for authenticating a user requesting access to a resource in a cloud-computing system. The methods comprise, by a resource service: receiving an access request for accessing a resource associated with the resource service from a computing device associated with a user, determining context information corresponding to the access request, and using the determined context information for identifying an authentication protocol for authenticating the user. The authentication protocol includes at least one authentication scheme. The methods further comprise generating an authentication challenge and transmitting the authentication challenge to the computing device. The authentication challenge includes an initial token and authentication parameters corresponding to the identified authentication protocol.

Abstract: This method makes it possible to fabricate a stopper (1) starting from a tubular skirt (12) suitable for surrounding a container neck, and provided both with retainer means for retaining it permanently around the neck, and also with fastener means for fastening it removably to the neck. In this method, the skirt and a blade (110) are moved in rotation relative to each other about the axis (X-X) of the skirt so that the blade cuts a peripheral line of weakness in the skirt, which line of weakness is made up firstly of through notches and secondly, between said notches around the periphery of the skirt, of breakable bridges that interconnect, in the same direction as the axis, a non-removable portion of the skirt, which portion is provided with the retainer means, and a removable portion of the skirt, which portion is provided with the fastener means.

Abstract: The invention concerns a method enabling a server manager to prove subsequently that the server was authorized to read a user's personal data in a terminal station (ST), comprising: transmitting server policy data (PS) to the station; comparing the server policy data with private policy data (PP) pre-stored in the station; determining a signature (SGST) of server policy data received in the station; and transmitting the signature with the personal data (DP) read in the station to the server when the compared policy data (PS, PP) are compatible.

Abstract: A method which improves the security of the authentication between two entities in a telecommunication network, and particularly between a mobile terminal and the fixed network, notably visitor location and nominal recorders and an authentication center, in a cellular radiotelephony network. Prior to a first authentication of the terminal, and more precisely of the SIM card therein, by the fixed network, a second authentication is based on an algorithm in which there are entered a random number produced and transmitted by the fixed network and a key different from the key for the first authentication. A transmitted signature and a signature result are produced by the fixed network and the terminal, and compared in the terminal in order to enable the first authentication in the event of equality.

Abstract: This method makes it possible to fabricate a stopper (1) starting from a tubular skirt (12) suitable for surrounding a container neck, and provided both with retainer means for retaining it permanently around the neck, and also with fastener means for fastening it removably to the neck. In this method, the skirt and a blade (110) are moved in rotation relative to each other about the axis (X-X) of the skirt so that the blade cuts a peripheral line of weakness in the skirt, which line of weakness is made up firstly of through notches and secondly, between said notches around the periphery of the skirt, of breakable bridges that interconnect, in the same direction as the axis, a non-removable portion of the skirt, which portion is provided with the retainer means, and a removable portion of the skirt, which portion is provided with the fastener means.

Abstract: A method for loading data and programs in the memory of an electronic component includes a first phase in which data is loaded in the memory of the component. A validation phase then verifies the data loaded in the component memory. A second phase of loading data in the memory is carried out only if the data loaded during the first loading phase is valid. The second phase includes at least a step in which data is loaded and then validated.

Abstract: The invention concerns a device and a method for controlling a portable object life cycle, in particular a smart card, the life cycle being determined by successive state transitions, which states determine the services offered by the object. The object includes a processing unit, program storage units and data storage units, each storage unit having a content defining a plurality of configurations. The device controls the transition from a first state to a second state of the object and, preferably triggers actions when the transition crossover from one state to another occurs or when a transition crossover request is denied. The actions are dependent on the type of transitions implied in the requests for state transition crossover applied to the object.

Abstract: A method for securing the execution of a session with a data processor, such as a smart card, under the control of at least two entities, such as servers. Session numbers and session keys are transmitted to the entities. The session number and key are applied to an algorithm in the data processor and the respective entity to produce a result and signature. The results and the signatures are transmitted to the data processor. A session corresponding to the results from the data processor is executed when the signatures are identical to the results. In another embodiment, one of the entities receives a delegation of a third entity to authorize execution of the session.

Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.

Abstract: A method for protection against modification of data sent by a user to a secure medium via a reader selects and stores some of the data. Confirmation of the authenticity of the selected data is obtained by verifying whether they are identical to those input on request by the user in a secure communication mode of the reader. The method is applicable to the protection against the modification of a command and/or a document signed with an electronic signature.

Abstract: Access rights lists, such as capacity or access control lists, are dynamically managed in a data processing element such as a smart card from an administrator server. To access an access rights list from the server, the list is signed in the server so that a signature can be transmitted to the card. The card compares the signature received from the server to signatures determined according to the access rights lists contained in the card and keys associated with those lists. Server access to an identified list is only authorized when it corresponds to a signature which is found among the determined signatures in the card and which is identical to the received signature.

Abstract: The invention concerns a method enabling a server manager to prove subsequently that the server was authorised to read a user's personal data in a terminal station (ST), comprising: transmitting server policy data (PS) to the station; comparing the server policy data with private policy data (PP) pre-stored in the station; determining a signature (SGST) of server policy data received in the station; and transmitting the signature with the personal data (DP) read in the station to the server when the compared policy data (PS, PP) are compatible.

Abstract: A method for protection against modification of data sent by a user to a secure medium via a reader selects and stores some of the data. Confirmation of the authenticity of the selected data is obtained by verifying whether they are identical to those input on request by the user in a secure communication mode of the reader. The method is applicable to the protection against the modification of a command and/or a document signed with an electronic signature.

Abstract: A method for loading data and programs in the memory of an electronic component includes a first phase in which data is loaded in the memory of the component. A validation phase then verifies the data loaded in the component memory. A second phase of loading data in the memory is carried out only if the data loaded during the first loading phase is valid. The second phase includes at least a step in which data is loaded and then validated.

Abstract: The invention concerns a method for making secure the execution of a session with processing means, such as a smart card (CA), under the control of at least two entities, such as servers (EX, EY), which consists in: transmitting (X2, Y2) session numbers (NSX, NSY) and session keys (KSX, KSY) to the entities; applying (X6, X, Y6, Y8) the session number and key to an algorithm (ASX, ASY) in the processing means and the respective entity to produce a result (REX, REY) and signature (SGY, SGY); transmitting (X7, Y7) the numbers and the signatures to the processing means; and executing (F10) the session corresponding to the numbers from the processing means when the signatures are identical (X9, Y9) to the results. In another embodiment, one of the entities receives a delegation of a third entity to authorise execution of the session.