Abstract: The cryptographic scheme subdivides time into periods with an index j=0, 1, 2, etc. A public key indicates elements u and v of a first cyclic group G1 of prime order p and, for each period j, an integer sj between 0 and p?1 and elements g1,j of the group G1 and g2,j, wj and hj of another cyclic group G2 of order p. The private key of a member of the group indicates an integer xi between 0 and p?1 and, for each period j, an element Ai,j of the group G1 such that Ai,n=[Ai,n-1/g1,n-1]1/(xi?sn) for 1?n?j. To sign a message during a period j?0, the member selects two integers ? and ? between 0 and p?1, calculates T1=u?, T2=Ai,j·v?, S1=g2,j? and S2=e(Ai,j, hj)? where e(., .) is a bilinear map of G1×G2 onto GT, and determines according to the message the data that justify the fact that the elements T1, T2, S1 and S2 are correctly formed with knowledge of the private key of the member for the period with index j.

Abstract: A method for authenticating an entity by a verifier, the entity having an identifier, the verifier having a pair of private and public keys, comprising: sending to the entity a first random number selected by the verifier; a step wherein the entity encrypts a value by means of the public key of the verifier, said value including the first random number and an authentication datum on which the identifier of the entity depends; and the entity of said encrypted value sending a reply to authenticate said entity. The invention can be applied to the field of low-cost cryptography, especially the field of radio-identification.

Abstract: The invention relates to a method of authenticating a radio tag by a radio reader, the tag possessing an identifier accessible to the reader via a database of tag identifiers, comprising: dispatching an authentication request by the reader to the tag, dispatching by the tag, a response, calculated by applying a first function to at least the identifier, a calculation by the tag and by the reader of a new identifier, by applying a second function to the identifier, comprising: if the response dispatched by the tag corresponds to a result obtained by applying said first function to an identifier of the base, a dispatching by the reader a first value, calculated by applying a third function to said identifier of the base.

Abstract: The present invention relates to a method of access to a service consisting in i) identifying and registering a client (C), ii) authenticating the client to an anonymous certification authority, iii) authenticating the client by producing an anonymous signature and opening and maintaining an anonymous authentication session with a server (Se), and iv) selectively allowing contact between the server (Se) and the anonymous certification authority (ACA) to revoke the anonymity of the client (C) using the signature provided in step iii). The invention also relates to a system for opening and maintaining an authentication session guaranteeing non-repudiation.

Abstract: The invention relates to a method for unique authentication of a user (U) by at least one service provider (SP), said method including a preliminary identity federation stage of federating an identity (user@sp) of said user for said service provider and an identity (user@idp) of the user (U) for an identity provider (IdP).

Abstract: The invention concerns a system enabling a member (M) of a group (G) to produce, by means of customized data (z; K), a message (m) accompanied by a signature (8) proving to a verifier that the message originates from a member of the group (G). The invention is characterized in that the customized data is in the form of an electronic physical medium (26). Advantageously, the latter also incorporates: encrypting means (B3) for producing a customized cipher (C) from the customized data prior to the signature S of the message (m), means (B5) for producing a combination of a message m to be signed and the cipher (C) associated with said message, for example in the form of a concatenation of the message (m) with the cipher (C), and means (B6) for signing (Sig) the message (m) with the customized data (z; K) in the form of a cipher (C) associated with said message. Advantageously, the physical medium is a smart card (26) or the like.

Abstract: The invention concerns a list signature method comprising: an organization phase whereby reliable authority defines parameters for implementing an anonymous electronic signature; a phase which consists in registering persons on a list of authorized members to generate a list signature, during which each person calculates a private key, and the reliable authority delivers to each person a certificate for membership of the list; a phase which consists in defining a serial number; a phase wherein a member of the list generates by means of certificate a signature containing an element common to all the signatures issued by one single member with one single serial number; a phase which consists in verifying whether the signature has been generated by a member of the list and whether the serial number has been used to generate the signature.

Abstract: An anonymous and secure on-line payment system and method based on the partially blind signature cryptographic method with revocable anonymity. To this end, an Anonymity Server (SA) enables the Customer (C) to acquire on-line anonymous payment means on the basis of a protocol that does not enable the Anonymity Server to link the payment means to the Customer (C). The Payment Server (SdP) comprises means for opening an anonymous account using the anonymous payment means (50). A Customer (C) can make an on-line purchase from a Merchant Site (SM) without having to give a bank card number and remaining anonymous to the merchant and more generally to any entity present in the transaction or absent therefrom. However, this anonymity may be revoked by a trusted entity in the event of fraud on the Customer. Finally, a Customer can make payments when on the move.

Abstract: In a fair blind signature process, a user interacts with a signer in order to complete a 7-tuple (A,e,s,t,xu,x,m) such that Ae=a0a1xa2ma3xua4ta5s (mod n), where a0, a1, a2, a3, a4 and a5 and n are elements of the Signer's public key (PUBKs). During the signature-issuing phase the user (U) provides the signer (S) with a data element (a1x) encrypted according to a key (f) known to a trusted authority (TA), and this data element (a1x) is disclosed during transmission of the signed message. Similarly, the signed message is transmitted associated with second encrypted data comprising a second data element (a3xu) encrypted according to a key (f) known to the trusted authority (TA), and this second data element (a3xu) is disclosed to the Signer during the signature-issuing phase. Thus, the trusted authority (TA) can revoke the anonymity of the digital signature.

Abstract: A cryptographic method and apparatus for anonymously signing a message. Added to the anonymous signature is another signature which is calculated (operation 13) using a private key common to all the members of a group authorized to sign and unknown to all revoked members. The private key is updated (operations 8, 11) at group level on each revocation within the group and at member level only on anonymous signing of a message by the member.

Abstract: A portable device, a terminal, a system, and a method of storing data relating to transactions by terminals (1) of merchants in portable loyalty devices (3) of customers of at least one group comprising at least one merchant, said transaction being stored by the terminal (1) of said merchant in the portable device (3) by executing the following steps in any order: storing a first record corresponding to said transaction encrypted with an encryption key (C1) of the customer; and storing a second record corresponding to said transaction encrypted with a key (M1) associated with said group to which said merchant belongs.

Abstract: A system for managing sensitive personal data (DD_A) includes two databases (45, 35) hosted by two independent subsystems (40, 30). One of these databases associates data (ID_A) identifying a person (A) with a common key (IDC_A) shared with the second database, which associates that common key (IDC_A) with the sensitive personal data (DD_A) of that person (A).

Abstract: A cryptographic method and a chip card which is used to carry out the method. Before any calculation is performed by a computing means of the chip card, the chip card reads (2) an integral list, in a storage means of a second entity, of identifiers of first proprietary entities of a chip card. Such list is linked to each status assigned to each of the first entities by the second entity. Subsequently, the chip card compares (3) the identifier stored in a storage means of the chip card with the contents of the list, in order to authorize (5) or prohibit (4) any calculation by the computing means depending on the result of the comparison.

Abstract: An anonymous and secure on-line payment system and method based on the partially blind signature cryptographic method with revocable anonymity. To this end, an Anonymity Server (SA) enables the Customer (C) to acquire on-line anonymous payment means on the basis of a protocol that does not enable the Anonymity Server to link the payment means to the Customer (C). The Payment Server (SdP) comprises means for opening an anonymous account using the anonymous payment means (50). A Customer (C) can make an on-line purchase from a Merchant Site (SM) without having to give a bank card number and remaining anonymous to the merchant and more generally to any entity present in the transaction or absent therefrom. However, this anonymity may be revoked by a trusted entity in the event of fraud on the Customer. Finally, a Customer can make payments when on the move.

Abstract: The invention relates to a method for generating a list signature for a message to be signed, said method comprising steps which are carried out by an electronic material support of a member of a list. During said step, the electronic material support only generates an electronic signature according to a sequence number supplied to the electronic material support by a certifying authority, according to evidence of belonging to the list of members, to data relating to the electronic material support, and optionally to a key of an authority qualified to lift the anonymity of the generated signature.

Abstract: In an electronic voting process, a voter (Vi) encrypts his vote (vi) according to the encryption scheme (ETM) of a tallier mix-net (50) used to tally up the votes cast. The voter (Vi) obtains on his encrypted vote, (xi), from an admin server module (20), a digital signature according to a fair blind signature scheme (FBSS). The encrypted vote (xi) is encrypted a second time, together with the unblinded digital signature (yi) thereof by the admin server, using the encryption scheme (EM) of a randomizing mix-net (40), to yield an output (ci), and the voter uses his own signature scheme (Si) to sign this, giving (?i). The voter sends an ID code and data including (ci,?i) to a bulletin board server (30). Discrepancies in this vote data can be detected and their origin traced by prompting the randomizing mix-net servers (40) to provide proofs of correctness, and using the signature-tracing mechanism of FBSS.

Abstract: The present invention relates to a method of access to a service consisting in i) identifying and registering a client (C), ii) authenticating the client to an anonymous certification authority, iii) authenticating the client by producing an anonymous signature and opening and maintaining an anonymous authentication session with a server (Se), and iv) selectively allowing contact between the server (Se) and the anonymous certification authority (ACA) to revoke the anonymity of the client (C) using the signature provided in step iii). The invention also relates to a system for opening and maintaining an authentication session guaranteeing non-repudiation.

Abstract: The invention concerns a list signature method comprising: an organization phase whereby reliable authority defines parameters for implementing an anonymous electronic signature; a phase which consists in registering persons on a list of authorized members to generate a list signature, during which each person calculates a private key, and the reliable authority delivers to each person a certificate for membership of the list; a phase which consists in defining a serial number; a phase wherein a member of the list generates by means of certificate a signature containing an element common to all the signatures issued by one single member with one single serial number; a phase which consists in verifying whether the signature has been generated by a member of the list and whether the serial number has been used to generate the signature.

Abstract: In a fair blind signature process, a user interacts with a signer in order to complete a 7-tuple (A,e,s,t,xu,x,m) such that Ae=a0?1x ?2m ?3u ?4t ?5s (mod n), where a0, a1, a2, a3, a4 and a5 and n are elements of the Signer's public key (PUBKs). During the signature-issuing phase the user (U) provides the signer (S) with a data element (?1x) encrypted according to a key (f) known to a trusted authority (TA), and this data element (?1x) is disclosed during transmission of the signed message. Similarly, the signed message is transmitted associated with second encrypted data comprising a second data element (?3xu) encrypted according to a key (f) known to the trusted authority (TA), and this second data element (?3xu) is disclosed to the Signer during the signature-issuing phase. Thus, the trusted authority (TA) can revoke the anonymity of the digital signature.

Abstract: A cryptographic method and apparatus for anonymously signing a message. Added to the anonymous signature is another signature which is calculated (operation 13) using a private key common to all the members of a group authorized to sign and unknown to all revoked members. The private key is updated (operations 8, 11) at group level on each revocation within the group and at member level only on anonymous signing of a message by the member.