Abstract: A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed.

Abstract: A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.

Abstract: A method for transmitting a coded information to a user via a graphical display. The method comprises the step of obtaining coded information by a scanner, which has to be positioned near the graphical display. The coded information is transmitted to a number of code points that are arranged in the direction of the fast refresh rate of the display.

Abstract: An opthalmologic device and an opthalmologic measuring method in accordance with an embodiment of the present application in which, cross-sectional images of cross-sectional portions illuminated from different instrument positions by a light projector are captured in Scheimpflug configuration. Furthermore, corresponding top view images are also captured from the different instrument positions. At least one reference section and at least one comparative section are extracted from an initial instrument position or from an advanced instrument position, respectively. The displacement between the reference section and the comparative section is determined and the cross-sectional images are positioned relative to one another, based on the displacement. A coherent examination of the entire eye is made possible in which the relative movements of the eye with respect to the device, particularly rotational movements, are taken into consideration.

Abstract: A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.

Abstract: A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.

Abstract: A security token includes (a) a personal data memory configured to store digital identity credentials related to personal data of a user; (b) an input appliance configured to check said personal data; (c) a key record data memory configured to store at least one identity credential of an authentication server or of an application operator; (d) a transmitter and receiver unit configured to create a secure channel directly or indirectly to said authentication server or application operator to handle said key record relating to said authentication server or application operator, respectively; (e) a control unit configured to control the transmitter and receiver unit and the key record data memory in view of said handling, wherein the control unit is configured to perform one of: interpreting, deciphering, creating, checking, renewing, withdrawing and further key record handling actions. A method for authentication of a user using the security token is also disclosed.

Abstract: An opthalmologic device and an opthalmologic measuring method in accordance with an embodiment of the present application in which, cross-sectional images of cross-sectional portions illuminated from different instrument positions by a light projector are captured in Scheimpflug configuration. Furthermore, corresponding top view images are also captured from the different instrument positions. At least one reference section and at least one comparative section are extracted from an initial instrument position or from an advanced instrument position, respectively. The displacement between the reference section and the comparative section is determined and the cross-sectional images are positioned relative to one another, based on the displacement. A coherent examination of the entire eye is made possible in which the relative movements of the eye with respect to the device, particularly rotational movements, are taken into consideration.

Abstract: Current electronic cards, such as, for example, proximity cards, smartcards for short, can transmit data to a reader unit over a range of up to about 10 cm. Boosters are used to improve convenience which in essence represent a wireless extension. This is however not adequate with regards to autonomy, function (as a result of termination) and for the differing applications. A method is disclosed in which the transmission of service-specific codes, stored on a number of different smartcards, to a portable device is carried out. The portable device then transmits one or more of the codes via several different communication connections so that access to a service can be activated. By providing services to the corresponding authorized communication connection a modular system is achieved, permitting multiple access for a user to services.

Abstract: A method for transmitting a coded information to a user via a graphical display. The method comprises the step of obtaining coded information by a scanner, which has to be positioned near the graphical display. The coded information is transmitted to a number of code points that are arranged in the direction of the fast refresh rate of the display.

Abstract: A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.

Abstract: A method for coded-aperture imaging includes the steps of providing an image containing coded information, convoluting said image with an aperture code to obtain a light emitting intermediate image, and subjecting the light emitting intermediate image to decoding mask means to obtain an image on detector means. This method can take advantage of the use of photo detectors which can easily be integrated on silicon, allowing all together to construct an extremely small camera to reconstitute a computer generated convoluted image.

Abstract: The invention relates to an authentication system having a security apparatus which can check all three authenticating factor types for authentications (personal subject matter, secret, biometric characteristic), having an authorizing device and having a certifying institution, in which case their private keys, the public keys on the subscribing authorizing devices and the public keys of the connected users can be stored in this certifying institution. Furthermore, authentication means are provided there, by means of which an appropriately coded report can be produced, which can be passed via the authorizing device to the user. The user decodes this message and transmits the resultant authorization code via the authorizing device to the certifying institution. After checking the code in this certifying institution, a response which comprises confirmation or rejection is transmitted to the authorizing device.