Abstract: Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

Abstract: A method for accessing a private key is provided. The method includes storing, by a first device, the private key and an associated public key, generating an access token, sending to a second device, the access token, sending, to a first server, an address relating to a decentralized identifier and the access token, sending, by the first server, to a ledger, a request for getting a decentralized identifier along with the decentralized identifier address. By way of the method a solution is provided for accessing, by a first server to be accessed from a second device, based on a decentralized identifier readable from a ledger, a second server, as a proxy to a first device. It allows for authenticating a first device to a first server while keeping the private key only at the first device side (and not at the second device side).

Abstract: Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.

Abstract: A method for accessing a private key is provided. The method includes storing, by a first device, the private key and an associated public key, generating an access token, sending to a second device, the access token, sending, to a first server, an address relating to a decentralized identifier and the access token, sending, by the first server, to a ledger, a request for getting a decentralized identifier along with the decentralized identifier address. By way of the method a solution is provided for accessing, by a first server to be accessed from a second device, based on a decentralized identifier readable from a ledger, a second server, as a proxy to a first device. It allows for authenticating a first device to a first server while keeping the private key only at the first device side (and not at the second device side).

Abstract: The present invention relates to a method to create a trusted NDEF record in an NFC device, comprising the steps of: providing an NDEF application in said NFC device, having a first NDEF record contained in an NFC device, wherein said NDEF application is configured to generate a second NDEF record different from a previous first one, based on data collected, as a result of a detection or upon a receipt of a request of an NFC reader or after collection of new data. The invention also relates to the use of above method to make secure mobile application activations or for realizing a strong customer authentication.

Abstract: This invention concerns the implementation of end-to-end security for the communication between objects in the domain of the Internet of Things (or Internet of Objects). The purpose of the patent is dealing with the setup of secure authorized information channel between data source (M2M device) and data consumers (consumer entity). According to the present invention, the access to a M2M device by a consumer entity (consumer application) is controlled by a M2M authorization server. The M2M authorization server is the entity in charge of managing access rights for the M2M device and makes the decision regarding the access to the resource by the consumer entity (consumer application). The M2M server is an entity that enforces the decision and enables the access to the M2M device.

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: This invention concerns the implementation of end-to-end security for the communication between objects in the domain of the Internet of Things (or Internet of Objects). The purpose of the patent is dealing with the setup of secure authorized information channel between data source (M2M device) and data consumers (consumer entity). According to the present invention, the access to a M2M device by a consumer entity (consumer application) is controlled by a M2M authorization server. The M2M authorization server is the entity in charge of managing access rights for the M2M device and makes the decision regarding the access to the resource by the consumer entity (consumer application). The M2M server is an entity that enforces the decision and enables the access to the M2M device.

Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: A wireless device presents a predetermined identifier and at least one code comprising connection data. A terminal communicates over a short range radio-frequency link, with a wireless device. The terminal has a camera and a display screen. The terminal detects, through the camera, an identifier relating to a wireless device in a vicinity of the terminal. The terminal presents, through the display screen, at least one object for each detected identifier, the object being associated with a wireless device. A terminal user selects, through the display screen, one object amongst the presented objects. The terminal reads or extracts the connection data comprised within the selected code associated with the corresponding selected wireless device. And the terminal establishes, a connection, over the short range radio-frequency link, to the corresponding selected wireless device.

Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract: A wireless device presents a predetermined identifier and at least one code comprising connection data. A terminal communicates over a short range radio-frequency link, with a wireless device. The terminal has a camera and a display screen. The terminal detects, through the camera, an identifier relating to a wireless device in a vicinity of the terminal. The terminal presents, through the display screen, at least one object for each detected identifier, the object being associated with a wireless device. A terminal user selects, through the display screen, one object amongst the presented objects. The terminal reads or extracts the connection data comprised within the selected code associated with the corresponding selected wireless device. And the terminal establishes, a connection, over the short range radio-frequency link, to the corresponding selected wireless device.