Abstract: A method is described for implementing a current service of a chain of n services, the method including receiving, from the service preceding the current service in the chain, a first routing token comprising message routing data between the services in the chain, and verifying that the current service is a legitimate recipient of the first routing token. After implementing a function of the current service, the method also includes generating a current chaining token from a data of evidence of a passage through the current service, and transmitting, to the service following the current service in the chain, the current chaining token and a second routing token determined from the first routing token.

Abstract: A method is described for implementing a current service, of a chain of n services, the method including receiving, from the service preceding the current service in the chain, a first routing token comprising message routing data between the services of the chain and a first chaining token comprising data of evidence of a passage through the previous service, and verifying that the current service is a legitimate recipient of the first routing token. The method also includes implementing a function of the current service, generating a second chaining token based on the first chaining token and a second routing token determined from the first routing token, and transmitting, to the service following the current service in the chain, the second chaining token and the second routing token.

Abstract: Present system relates to a method for authenticating a first device, the method being executed by a second device, the second device comprising a database, the database storing a profile associated to a user of the first device, the second device using the profile of the user to generate a first challenge comprising a question and a corresponding response for authentication of the first device, the method comprising, upon successful authentication of the first device using the first challenge, the steps of collecting contextual information from the first device and updating the profile associated to the user of the first device with the received contextual information for a subsequent generation of a second challenge for authentication of the first device.

Abstract: The invention relates to a method for securing a request for executing a first application (P1) in a first device (11) of a secured environment, by a second application (P2) located in a second device (10), said method including the following steps: receiving a first request to execute the first application, from the second application; generating a random number and a session key that is dependent on the random number, sending said random number to a trusted entity (12), said random number being intended for enabling the trusted entity to generate the session key, receiving a second request for executing the first application, from a third application (P3) generated by the trusted entity and transmitted to the second device, said third application including the session key, authenticating the third application by means of the session key, said authentication being the condition for the execution of the first application.

Abstract: Present system relates to a method for authenticating a first device, the method being executed by a second device, the second device comprising a database, the database storing a profile associated to a user of the first device, the second device using the profile of the user to generate a first challenge comprising a question and a corresponding response for authentication of the first device, the method comprising, upon successful authentication of the first device using the first challenge, the steps of collecting contextual information from the first device and updating the profile associated to the user of the first device with the received contextual information for a subsequent generation of a second challenge for authentication of the first device.

Abstract: The invention relates to a method for securing a request for executing a first application (P1) in a first device (11) of a secured environment, by a second application (P2) located in a second device (10), said method including the following steps: receiving a first request to execute the first application, from the second application; generating a random number and a session key that is dependent on the random number, sending said random number to a trusted entity (12), said random number being intended for enabling the trusted entity to generate the session key, receiving a second request for executing the first application, from a third application (P3) generated by the trusted entity and transmitted to the second device, said third application including the session key, authenticating the third application by means of the session key, said authentication being the condition for the execution of the first application.

Abstract: The method allows communications means to be listed, for end-to-end broadcasting of information other than that required for managing multimedia sessions. After a selection (52) of communications channels through an infrastructure for managing multimedia sessions, the method provides via the application level, the establishment of a communication specifically using the selected communications channel(s). Purely descriptive/explanatory fields of characteristics of a session may be selected at an application level and used for conveying additional information in addition to the signaling protocol. It is thus possible to change the conditions for consuming/using the multimedia contents or the established flux. Instantaneity of the services and service use conditions may be obtained by requesting for example renegotiation in real time of a service when the conditions of use are modified (iconification of a TV/Video streaming flux in order to reduce the bandwidth used).

Abstract: To secure the execution of an application on an intelligent mobile telephone, each application is identified by an identifier and a table or rights is associated with each resource on the mobile telephone. Through a table of rights, access rights to the resource can be associated with an application identifier. This makes it possible to manage, for each resource, the applications that are allowed to invoke the resource. Moreover, the rights associated with a resource can only be modified by the owner of the resource.

Abstract: To manage the security of the communications coming from and sent to a mobile terminal, these communications including voice communications because the mobile terminals are capable of setting up communications known as voice on IP (VoIP), a local proxy server is installed in a local proxy server. This management is furthermore secured by protection via mechanisms of security of the configuration of the proxy server enabling the management of this security. This security is, by the same read/write mechanisms, managed in a centralized way through a server producing and broadcasting the configurations.

Abstract: The method allows communications means to be listed, for end-to-end broadcasting of information other than that required for managing multimedia sessions. After a selection (52) of communications channels through an infrastructure for managing multimedia sessions, the method provides via the application level, the establishment of a communication specifically using the selected communications channel(s). Purely descriptive/explanatory fields of characteristics of a session may be selected at an application level and used for conveying additional information in addition to the signaling protocol. It is thus possible to change the conditions for consuming/using the multimedia contents or the established flux. Instantaneity of the services and service use conditions may be obtained by requesting for example renegotiation in real time of a service when the conditions of use are modified (iconification of a TV/Video streaming flux in order to reduce the bandwidth used).

Abstract: To secure the execution of an application on an intelligent mobile telephone, each application is identified by an identifier and a table or rights is associated with each resource on the mobile telephone. Through a table of rights, access rights to the resource can be associated with an application identifier. This makes it possible to manage, for each resource, the applications that are allowed to invoke the resource. Moreover, the rights associated with a resource can only be modified by the owner of the resource.

Abstract: A method in which a telephony operator acts as a recording authority and certification authority for secured transactions between a subscriber and a provider. Communications between the subscriber (101) and the operator (113) are signed with a symmetrical algorithm (108c, 117C). The communications between the operator and the provider are countersigned according to PKI technologies (117E, 124A), and an asymmetrical algorithm. Two configurations are possible: either the operator signs the contents of each of the subscriber/provider transactions with his own dual key, after validation, or the operator implements a secure and repudiable signature transfer, in his network, to a remote terminal (using a secret key technology This reduces the resources needed for a subscriber's terminal. It also gives the operator greater visibility of the operations occurring in his network and ensures the validity of the transactions.

Abstract: To prevent piracy against mobile communications due to the weakening of the A5/2 algorithm, the GMS infrastructure is provided with means to measure the time taken by a telephone to respond to a request (121) for the use of the A5/1 algorithm. If this time is greater (115) than the predetermined period, then it is assumed that there is piracy and the call connection is interrupted.

Abstract: To limit the illegal use of digital contents, these digital contents are watermarked as a function of the civil-status identity of the person who legally acquires the digital content. A user uses a terminal to control a digital content through a presentation server. The presentation server asks an identification server for an identification of the user. A watermarking server produces a watermarked digital content with a secret-key algorithm. The watermark incorporates at least the civil-status identity obtained by the presentation server. The digital content thus watermarked is conveyed up to the user either through an Internet type network or through a physical carrier. It is therefore possible, at any time, for an entity having access to the secret key, to know who is responsible for the fact that a digital content is out of control.

Abstract: To protect the privacy of a user subscribing to a mobile telephony operator, the operator produces an isolating identifier by which the user can link up anonymously with a content provider. The operator/producer alone is capable of relating the isolating identifier to the user on request. An isolating identifier is, furthermore, either an isolating session identifier, hence one that changes at each connection of a user to a provider, or an isolating context identifier, hence one that persists over several connections. Furthermore, a context identifier is proper to a user/provider pair. This even further isolates the user.

Abstract: A method for the generation of small permutations on digits, for example between 7 and 30 digits, uses basic functions that are classic, one-way functions (generally non-bijective) defined on bits, and uses these functions in a generalized Feistel scheme that has at least five rounds.

Abstract: Method and device for the certification of a transaction A problem of the real-time revocation or neutralization of an X509 type certificate available belatedly in a public database (BD) is resolved by the direct neutralization, in a mobile telephone (1), of a sub-program (26) for the signing and/or transmission of certificates pertaining to transactions to be validated. It is shown that this action leads to neutralization within ten minutes following the signalization, or the neutralization request, whereas 24 to 48 hours are needed with normal administrative channels (AE, PB).

Abstract: In order to offer the greatest possible flexibility in the configuration of privacy management, a recording in a database (112) is associated with each user. This database is addressed by a user identifier (IDU). It enables the definition of a isolating identifier nature (113.b) that has to be produced, by a service provider, for the user as a function of a content provider to which the user wishes to link up through the service provider. This database also enables the validation of the service requests sent by a content provider for a user X. This database enables an association between a pair formed by a user and a content provider and a list (113.c) of authorized services. A service request is validated only if the required service is present in a list determined from the pair consisting of the user X and the content provider.

Abstract: To protect the privacy of a user subscribing to a mobile telephony operator, the operator produces an isolating identifier by which the user can link up anonymously with a content provider. The operator/producer is the only entity capable of relating the isolating identifier to the user on request. An isolating identifier is, furthermore, either an isolating session identifier, hence one that changes at each connection of a user to a provider, or an isolating context identifier, hence one that persists over several connections. Furthermore, a context identifier is proper to a user/provider pair. This even further isolates the user. The format of the isolating identifier is compatible with the format of the NDS field, defined in the telephony standards.

Abstract: Security through data transfers through one or several telecommunications networks is accomplished by providing a data transfer process through a secure channel that enables a subscriber and a service provider to communicate in the secure manner without any action by, or even unknown to, the subscriber's attachment network operator. The process is characterized in that it comprises firstly a process for initial registration of the said subscriber with the service provider through the operator, and secondly a process in which each of the communication sessions between the subscriber and the service provider are executed, the initial registration process consisting of an exchange of authentication data (DeviceID, R1; Login, mdp) online or off line, and the encrypted channel may then be setup at the beginning of each session after mutual authentication involving cryptographic functions, and then calculation of an encryption key Kses without transmission of a secret element on the network(s).