Abstract: A system for authenticating an electronic device by means of an authentication server in order to authenticate a user of said electronic device. The system is adapted to perform an authentication based on a fictive payment transaction and includes the authentication server which is adapted to execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution to receive a first cryptogram from said electronic device; send said first cryptogram to a banking server; and receive from said banking server an acknowledgment if said first cryptogram is valid; when said fictive payment transaction has been executed, compute an authentication identification based on said electronic device's data; said electronic device which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server and during said execution to send said first cryptogram to said authentication server.

Abstract: This invention relates to a physical key for provisioning a communication device with data allowing said communication device to access a vehicle resource by operating remotely a vehicle lock system in which a first cryptographic key called master key is stored, comprising a secure enclave also storing the master key, the physical key being configured to: establish a communication link with the communication device; derive by the secure enclave a second cryptographic key called derived key from the master key; transmit to the communication device via the secure communication link the derived key for enabling the communication device to answer a security challenge from the vehicle lock system and the vehicle lock system to verify said answer, the access to the vehicle resource being allowed if the answer is successfully verified.

Abstract: A system for authenticating an electronic device by means of an authentication server in order to authenticate a user of said electronic device. The system is adapted to perform an authentication based on a fictive payment transaction and includes the authentication server which is adapted to execute a fictive payment transaction with a predetermined transaction amount with said electronic device and during said execution to receive a first cryptogram from said electronic device; send said first cryptogram to a banking server; and receive from said banking server an acknowledgment if said first cryptogram is valid; when said fictive payment transaction has been executed, compute an authentication identification based on said electronic device's data; said electronic device which is a payment electronic device and which is adapted to execute said fictive payment transaction with said authentication server and during said execution to send said first cryptogram to said authentication server.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: Method and System for enhanced privacy in privacy-preserving identity solutions. The technology provides for a redirect of a request to generate a proof of an attribute from a service provider to a separator. The separator removes source identification from the attribute-proof request and redirects the attribute-proof request, free of original source identification, to a credential issuer which issues the credential. A security device of the user generates a presentation token from the privacy-preserving credential and presents the presentation token to the service provider as proof of the attribute. Other systems and methods are disclosed.

Abstract: A method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server, in which the keys to be provisioned via the method remain unknown. The method includes the steps of, for the source secure device, encrypting a key to be transferred using a transport key so that only the target secure device can decrypt, and sending the encrypted key to the provisioning server and, for the target secure device, when available, getting the encrypted transferred key, and decrypting the transferred key using the transport key.

Abstract: The present invention relates to a method to securely and asynchronously provisioning keys from one source secure device to a target secure device through a key provisioning server for which the keys to be provisioned through the method remain unknown.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit use two hardware device protocols readily supported by computer operating systems. Other systems and methods are disclosed.

Abstract: The invention relates to a personal token (10) for being associated with a mobile telecommunication device (20) and for storing credentials for access to an operator's network, characterized that the personal token (10) is arranged for loading the credentials into a memory (23) of the mobile telecommunication device (20), so that the mobile telecommunication device (20) is taken away from the personal token (10) and operative for connecting to the operator's network with the credentials in its memory (23).

Abstract: A boot sequence method comprises a determination step 110 and 200, a first starting step 120, 210 or 240 for starting a first interface, a first negotiation step 140 or 220 wherein a power negotiation is performed, a second negotiation step 140 or 230 for determining the interfaces to activate simultaneously, and a second starting step 150 or 230 wherein the interfaces that can be activated simultaneously are started one after each other.

Abstract: The invention relates to a personal token storing a javacard application code lying over an area of the memory of the personal token, the personal token being able to run such javacard application so as to deliver HTML page data to an external device for the external device to display an HTML page on the basis of the such delivered HTML page data, said personal token further storing data to be used as a constructing part of the HTML page, characterized in that the data to be used as a contributing part of the HTML page are in at least one file which is separate from the memory area over which the Javacard application code is lying, and the personal token is programmed for opening the at least one file storing the contributing part of the HTML page when such data are requested for delivering said HTML page data to said external device.

Abstract: In general, the invention relates to a method for executing at least a portion of a server operation. The method includes providing an extension to a client connected to the server, where the extension includes a portable object connected to the client. The method further includes performing at least the portion of server operation by the extension, where performing at least the portion of the server operation includes executing a copy of at least a portion of server software stored on the portable object.

Abstract: The invention is a method of managing flash memory-allocation in an electronic token. Said token has a memory comprising a list area and a managed area. Said managed area comprises allocated spaces and at least one free memory chunk. Said list area comprises at least one valid entry referencing a free memory chunk. Said valid entry comprises a state field. Said method comprises the step of selecting a free memory chunk further to an allocation request where said free memory chunk is referenced by an old entry, and the step of identifying a new allocated space in the selected free memory chunk. The state field of said valid entry is preset with a virgin state. Said method comprises the step of invalidating the old entry referencing the selected free memory chunk.

Abstract: A boot sequence method comprises a determination step 110 and 200, a first starting step 120, 210 or 240 for starting a first interface, a first negotiation step 140 or 220 wherein a power negotiation is performed, a second negotiation step 140 or 230 for determining the interfaces to activate simultaneously, and a second starting step 150 or 230 wherein the interfaces that can be activated simultaneously are started one after each other.

Abstract: The invention relates to a personal token (10) for being associated with a mobile telecommunication device (20) and for storing credentials for access to an operator's network, characterized that the personal token (10) is arranged for loading the credentials into a memory (23) of the mobile telecommunication device (20), so that the mobile telecommunication device (20) is taken away from the personal token (10) and operative for connecting to the operator's network with the credentials in its memory (23).

Abstract: The invention relates to a personal token storing a javacard application code lying over an area of the memory of the personal token, the personal token being able to run such javacard application so as to deliver HTML page data to an external device for the external device to display an HTML page on the basis of the such delivered HTML page data, said personal token further storing data to be used as a constructing part of the HTML page, characterized in that the data to be used as a contributing part of the HTML page are in at least one file which is separate from the memory area over which the Javacard application code is lying, and the personal token is programmed for opening the at least one file storing the contributing part of the HTML page when such data are requested for delivering said HTML page data to said external device.

Abstract: A method to control access to a sector of a flash type memory of an electronic module. The method includes receiving a write request to write data to an area of a partition, wherein the partition is located within the sector and, prior to writing to the data, determining whether an owner of the data to be written has write access to the partition of the sector and permission to erase the entire sector in which the partition is located.

Abstract: The invention is a method of managing flash memory-allocation in an electronic token. Said token has a memory comprising a list area and a managed area. Said managed area comprises allocated spaces and at least one free memory chunk. Said list area comprises at least one valid entry referencing a free memory chunk. Said valid entry comprises a state field. Said method comprises the step of selecting a free memory chunk further to an allocation request where said free memory chunk is referenced by an old entry, and the step of identifying a new allocated space in the selected free memory chunk. The state field of said valid entry is preset with a virgin state. Said method comprises the step of invalidating the old entry referencing the selected free memory chunk.

Abstract: The present invention concerns a method and a system for extending a server connected with at least one client(s), characterized in that it consists in providing said extension on the client side by means of a portable object which is connected to said client and which performs at least one of the server's operation(s) in part or entirely.

Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer having a central processing unit use two hardware device protocols readily supported by computer operating systems. Other systems and methods are disclosed.