Abstract: A device comprises a hash tree including a root node and a leaf node. An issuing authority having agreed to generate a signature of the root node after having successfully checked validity of an attribute stored in the leaf node. The device identifies a subset of nodes by using a template specifying the structure of the hash tree, said subset comprising, for all paths of the hash tree that do not comprise said leaf node, the node which is the closest to the reference root node and which does not belong to the path comprising said leaf node. A verifier computes a test hash and then computes a test root node by applying a preset rule. The verifier checks that the signature is valid using a data whose authenticity is certified by the issuing authority.

Abstract: A method comprises: receiving, by a user device, from a verifier device, a request for user data; retrieving a first cryptogram and a decryption key; sending and, to a server, the first cryptogram; retrieving a random and a second cryptogram generated using reference user authentication data concatenated with the random; sending, to the verifier device, the second cryptogram and the random; storing the reference random; sending, to the user device, the second cryptogram; decrypting the second cryptogram using the decryption key; extracting the reference user authentication data and the random; providing, the user device, with user authentication data; verifying that it matches the reference user authentication data; providing, the verifier device, with the random; verifying that it matches the reference random; and authenticating the user data.

Abstract: A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.

Abstract: The present invention relates to a method of privacy-preserving during an access to a restricted e-service requiring user private data from a smart card. The invention relates more particularly to the field of methods implemented so that the user has the guarantee that only the private data needed to access to the e-service are extracted from the smart card. It is to guarantee that the user has a perfect knowledge of his private data provided by his smart card to a requester. With the invention a message notifying to the user the very nature of the identity assertion is displayed on the screen of the smart card. By doing so, the card ensure 100% security with regard to user consent: the data read out of his card cannot differ comparing to the data requested by the service provider through the terminal.

Abstract: The present invention provides a method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (skc,pkc), said remote server generating an ephemeral key (sks,pks), the method comprising a mutual authentication step wherein the client (C) sends a public key (pkc) of said long-term key pair (skc, pkc) and the proof that said public key (pkc) is valid to the server (S), and wherein the remote server (S) sends the public key (pks) of said ephemeral key pair (sks,pks) to the client (C). The client (C) generates an ephemeral key pair (skCc,pkCc) and sends the public key (pKcc) of said ephemeral key pair (skcc,pkcc) to the server (S) so as to generate a secret common to the client (C) and to the remote server (S) for opening the secure communication channel.

Abstract: This invention relates to a method used by an authorized user for the verification of a document having electronic verification means, The method comprises the various steps consisting in:—reading, with electronic reading equipment with which the authorized user is equipped, of information stored in the electronic verification means of the verified document;—transferring verification information, established on the basis of the information saved in the electronic verification means, from the electronic reading equipment to a viewing device of the authorized user, which viewing device is positioned, in normal conditions of use, in front of the eyes of the authorized user, the said viewing device being transparent to allow the said authorized user to see through it.

Abstract: The invention relates to a secured identity document having an externally readable chip storing a cryptographic configuration of the chip, defining the cryptographic security levels supported by the chip, for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; a support to which the chip is fastened, the support having a machine optically readable area, the data encoded in this area including the cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form and the cryptographic configuration of the chip ciphered based on said private key.

Abstract: The present invention relates to a method of privacy-preserving during an access to a restricted e-service requiring user private data from a smart card. The invention relates more particularly to the field of methods implemented so that the user has the guarantee that only the private data needed to access to the e-service are extracted from the smart card. It is to guarantee that the user has a perfect knowledge of his private data provided by his smart card to a requester. With the invention a message notifying to the user the very nature of the identity assertion is displayed on the screen of the smart card. By doing so, the card ensure 100% security with regard to user consent: the data read out of his card cannot differ comparing to the data requested by the service provider through the terminal.

Abstract: This invention relates to a method used by an authorised user for the verification of a document having electronic verification means, The method comprises the various steps consisting in:—reading, with electronic reading equipment with which the authorised user is equipped, of information stored in the electronic verification means of the verified document;—transferring verification information, established on the basis of the information saved in the electronic verification means, from the electronic reading equipment to a viewing device of the authorised user, which viewing device is positioned, in normal conditions of use, in front of the eyes of the authorised user, the said viewing device being transparent to allow the said authorised user to see through it.

Abstract: The invention relates to a portable token (SC) comprising a capability query mechanism (CQM). The capability query mechanism (CQM) is set to inform entities (PC, MW) willing to communicate with the portable token (SC) of at least a subset of the command(s) (C) available in the portable token (SC). The portable token (SC) is arranged to set a flag when the capability query mechanism (CQM) is invoked. When a command (C) is called, the portable token (SC) enforces first access conditions (AC1) for the command (C) if the flag is set, or second access conditions (AC2) if the flag is cleared.

Abstract: The invention relates to a secured identity document (1), comprising: —an externally readable chip (2) storing a cryptographic configuration of the chip for establishing a secure communication with a controlling terminal, storing a private key of a cryptography key pair and adapted to cipher data based on the stored private key; —a support (7) to which the chip is fastened, the support having a machine optically readable area (5), the data encoded in this area including: —said cryptographic configuration of the chip for establishing a secure communication with a controlling terminal in non ciphered form; —the cryptographic configuration of the chip ciphered based on said private key.

Abstract: The present invention provides a method for establishing a secure communication channel between a client (C) and a remote server (S), said client (C) and remote server (S) exchanging data through an intermediate entity (G), said client (C) having a long-term key pair (skc,pkc), said remote server generating an ephemeral key (sks,pks), the method comprising a mutual authentication step wherein the client (C) sends a public key (pkc) of said long-term key pair (skc, pkc) and the proof that said public key (pkc) is valid to the server (S), and wherein the remote server (S) sends the public key (pks) of said ephemeral key pair (sks,pks) to the client (C). The client (C) generates an ephemeral key pair (skCc,pkCc) and sends the public key (pKcc) of said ephemeral key pair (skcc,pkcc) to the server (S) so as to generate a secret common to the client (C) and to the remote server (S) for opening the secure communication channel.

Abstract: A method for connecting to a remote server from a browser enabled with a browser's extension on a host device, wherein upon connection of a data processing device with a data processing device reader linked to the host device, the browser's extension receives data contained in a targeted file stored in said data processing device, said data being able to be interpreted by the browser so as to trigger a connection to the remote server and to display a subscribed service portal, said data being sent by the data processing device upon execution of a command transmitted by the browser's extension.

Abstract: The invention relates to a portable token (SC) comprising a capability query mechanism (CQM). The capability query mechanism (CQM) is set to inform entities (PC, MW) willing to communicate with the portable token (SC) of at least a subset of the command(s) (C) available in the portable token (SC). The portable token (SC) is arranged to set a flag when the capability query mechanism (CQM) is invoked. When a command (C) is called, the portable token (SC) enforces first access conditions (AC1) for the command (C) if the flag is set, or second access conditions (AC2) if the flag is cleared.