Abstract: The invention relates to a method and system for managing and checking different identity data relating to a person. According to the invention, a derived-identity management server generates for the person at least part of the identity data with which said person can be authenticated in relation to a service provider for the derived-identity domain, on the basis of information derived from identity data from parent domains. The identity data generation processing ensures that no link can be established from two authentications in two separate domains in the absence of link information. If necessary, said link information is transmitted by a parent domain to a derived-identity server so that the latter establishes the link between the identity data of the derived-identity domain and the identity data of the parent domain, e.g. for the cascade revocation of a person from various domains.

Abstract: A server-implemented method encrypting at least two pieces of indexed data as lists of elements, each element belonging to a finite set of indexed symbols on an alphabet. The data is encrypted to form a protected set, including: the server randomly generates, for each datum, a corresponding encoding function; if at least one element that constitutes a datum is the symbol of the alphabet, the server determines the image of the symbol of the alphabet via the encoding function corresponding to the datum to obtain a codeword coordinate and adds the codeword coordinate to an indexed set corresponding to the element of the alphabet; then the server completes the indexed set with error-inducing points; the server randomly reindexes the elements of the indexed set corresponding to the symbol of the alphabet; and the server adds the indexed set to the protected set. The method can identify an individual.

Abstract: The invention relates to a secure method of processing data in which method is implemented the evaluation of a function that may be written as a linear combination of sub-functions with two binary inputs, in which a client and a server each possess a binary code, comprising n indexed bits, the method comprising the evaluation of the function with the binary codes of the client and of the server as inputs, without one of the client or the server obtaining information about the code of the other, the method being characterized in that it comprises the following steps: —the server randomly generates n indexed values and calculates the linear combination of these values with the same linear combination as that applied to the sub-functions to obtain the function, —the client implements, for each bit of his binary code, a technique of unconscious transfer to obtain from the server an intermediate data item comprising the randomly generated value of same index as the bit of the code of the client, increased by the v

Abstract: The present invention concerns a method of generating a biometric certificate of a user performed by a data processing device of a certifying authority, comprising a step of generating (E4) a certificate for said user comprising data related to the identity of the user and truncated authentication data of said user generated using a method of generating a biometric authentication datum, comprising steps of: acquiring (E1) first biometric data of said user; generating (E2) a first a proof of knowledge of said first biometric data from the first acquired biometric data and from a pseudo-random function; generating (E3) a first truncated authentication datum by applying a truncation function to said first generated proof of knowledge.

Abstract: The invention provides a method of generating at least one derived identity of an individual 1, the method comprising the following steps: generating a first identifier id1 from biometric data of the individual; defining a serial number ns associated with the individual; generating first check data ctrl1 for verifying consistency between the first identifier id1 and the serial number ns; and concatenating the serial number ns, the first identifier id1, and the first check data ctrl1 in such a manner as to form a first derived identity ident1 of the individual.

Abstract: The invention relates to an authentication method for authenticating a client device having an authentication token generated by means of a pseudo-homomorphic function and based on a secret element (PIN) known only by the client device, to a server, comprising: the generation (A1), by the client device, of proof of knowledge of the secret element based on a proof generation key masked with a first mask data item, said masked proof generation key being dependent on said secret element, the transmission to the server by the client device, of said generated proof of knowledge of the secret element (A2) and of the authentication token (J) masked using the mask data item (A3), the verification of the validity of the masked authentication token (A4) and of the validity of the proof of knowledge by the server (A6) by a zero-knowledge proof, proving the knowledge of said secret element by the client device without revealing it.

Abstract: The invention relates to a processing method, including the calculation of one function between a datum to be compared and a reference datum. The function can be written in the form of a sum of: a term that depends on the datum to be compared, a term that depends on the reference datum, and a polynomial, such that all the monomials of the polynomial include at least one coordinate of each datum. The method includes an initialization step including: generating masking data; scrambling reference data by means of a server unit on the basis of said masking data; and calculating, by means of a client unit, the term of the function that depends on the datum to be compared.

Abstract: The invention presents a process for obtaining candidate reference data to compare to a data to be identified, implemented in a system comprising a client unit and a storage server comprising two databases, in which: —the first database comprises indexed memory blocks each comprising a corresponding encrypted indexed reference data, and—the second database comprises memory blocks indexed by all possible hash values obtained by a plurality of k indexed hash functions, and wherein each block contains a list of the indexes of the reference data which hashing by one of said hash function results in the hash value corresponding to said block, said process comprising the steps during which: —the client unit hashes the data to be identified with each of the plurality of hash functions, and reads the k memory blocks of the second database corresponding to the hash values thus obtained, the client unit identifies indexes contained in at least t out of k read memory blocks, and—the client unit reads the memory blocks o

Abstract: The invention relates to a data-processing method that includes encoding a plurality of data of n bits into code words having a predefined constant Hamming weight, characterized in that said method also includes using (4000) encryption operations or arithmetic operations on the resulting code word(s) and also in that encoding each datum includes: decomposing (100) the datum into a plurality of m bit sequences to be encoded, m strictly being less than n; encoding (300) each bit sequence into a partial code word, each having a predefined Hamming weight, such that the sum of the Hamming weights of the partial code words are equal to the Hamming weights of the code word; and concatenating (300) the partial code words such as to produce the code word corresponding to the datum. The invention also relates to a data transmission method and to an electronic circuit configured to implement said methods.

Abstract: The invention relates to a method for signing a message (m), implemented by processing means of a user device of a member (Mi) belonging to a group of members (G), said user device having a secret signature key (ski), said method including a step of generating (E301) a group signature (?) for the message (m), enabling said member (Mi) to prove his membership in the group (G), and a step of generating (E302) a pseudonym (nymij) identifying the member (Mi) within a domain (Dj) of a service provider (SPj), said domain including a set of terminals in communication with a server of said service provider, said signature (?) being designed such that said member (Mi) can prove, by signing the message (m), his knowledge of said secret signature key without disclosing it, said group signature (?) being designed such that the membership of the member (Mi) in the group is verifiable independently from the pseudonym (nymij), said pseudonym and said signature being a function of a portion (xi) of said secret signature k

Abstract: The description relates in particular to a method of secure distributed storage, to a secure access method and to a distributed storage, and to devices, systems, computer programs and storage medium for the implementation of such methods.

Abstract: Techniques for associating an electronic identifier of a user equipment (UE) with a user of the UE are described. In embodiments of an apparatus, system, method, and computer program of the present disclosure, a UE may transmit an electronic identifier associated with the UE via peer discovery, for receiving by a second UE. A perceivable cue associated with the electronic identifier may be indicated to a second user. The UE or the user of the UE may indicate the perceivable cue to the second user. Selection of the perceivable cue by the second user may cause the initiation of communications between the UE and the second UE.

Abstract: The invention relates to a secure method of processing data in which method is implemented the evaluation of a function that may be written as a linear combination of sub-functions with two binary inputs, in which a client and a server each possess a binary code, comprising n indexed bits, the method comprising the evaluation of the function with the binary codes of the client and of the server as inputs, without one of the client or the server obtaining information about the code of the other, the method being characterized in that it comprises the following steps: —the server randomly generates n indexed values and calculates the linear combination of these values with the same linear combination as that applied to the sub-functions to obtain the function, —the client implements, for each bit of his binary code, a technique of unconscious transfer to obtain from the server an intermediate data item comprising the randomly generated value of same index as the bit of the code of the client, increased by the v

Abstract: The invention concerns a method for generating an electronic signature key and an associated public key certificate, implemented by a client unit and a server unit, the method comprising a step during which the client unit and/or the server unit generate(s) a signature key comprising a private key and a public key, and a public key certificate comprising said public key, the method being characterised in that the client unit acquires an item of biometric data of an individual, and in that the signature key and/or the public key certificate are generated from at least a portion of said biometric data, and in that the portion of biometric metric data from which the signature key and/or the public key certificate have been generated is ephemeral and is not memorised after the signature key and the public key certificate have been generated. The invention also concerns a method for transferring a message and a system designed to implement the method for generating a signature key.

Abstract: The invention relates to an enrolment method for enrolling biometric data in a database, each data item comprising an information vector on a biometric feature, and a mask vector, determining those bits of the information vector to be taken into account for data comparison, the method comprising the application of permutation to the bits of the vectors, the method being characterized in that it further comprises a step to encode the vectors using an enrolment code, the permutation being applied to the encoded vectors, and the said encoding comprising: the representation of each bit of the mask vector in a sequence of several bits, such that the mean weight of the representations of all the bits of the mask vector is constant or statistically constant irrespective of the values of the bits of the mask vector; and the representation of each bit of the information vector in a sequence comprising at least one bit drawn randomly, the randomly drawn bits following the same law of distribution as the bits of the

Abstract: The invention relates to a database (10) suitable for combining biometric data (b) and an identifier (Id(b)). For this purpose, biometric data (bref) are collected (101). Next, a plurality of keywords is generated (102) by means of applying a family (H) of hash functions to the biometric data. Then, a plurality of addresses (@i) is obtained (103) by means of applying an addressing function (F) to the plurality of keywords and to a secret key. Finally, the identifier is stored (104) at said plurality of addresses.

Abstract: A functional program stored in a memory area of an electronic card may be protected against an attack by disturbance of electrical origin intended to modify at least one logic state of at least one code of this program. The method may include: a storage step during which codes of the functional program and codes of a check program intended to check the logical behaviour of the functional program are stored in the memory of the card; and a step of executing at least one code of the functional program followed by a step of checking the logic states of the functional program by executing the check program. During the storage step, the codes of the check program are stored in a memory area formed by addresses that are defined so that the attack by disturbance of electrical origin has no influence on the logic states of this program.

Abstract: The description relates in particular to a method for encoding information represented in the form of a function P, and to a corresponding method for decoding information. The encoding comprises the encoding of secondary information. These methods may be implemented within a context of biometric enrollment and (respectively) biometric authentication. The description also relates to an electronic device, a computer program, and a storage medium for the implementation of such methods.

Abstract: An embedded system and, in particular, a communication protocol suitable for a data transmission using auxiliary physical channels of such an embedded system. A transmission method suitable for such a channel includes the transmission of a data signal based on the encoding of three symbols. The message consists of a preamble allowing recognition of the symbols used, followed by the significant part of the message. The decoding of the message comprises a first step of learning the symbols used, prior to the decoding of the significant part of the message.

Abstract: Method of identification or of authorization using a system comprising at least one sensor for acquiring biometric data and one secure module storing a set of digital data obtained starting from a set of respective biometric data by means of a digitization algorithm. According to this method, a biometric data value is obtained, acquired by the sensor; a digital value is obtained by application of the digitization algorithm to the acquired biometric data value; within the secure module, at least some of the digital data from said set of digital data are ranked according to their proximity to the digital value obtained; and a biometric data value is obtained from said set of biometric data by taking into account a position of the corresponding digital data within the ranking.