Abstract: A method for recognizing and/or identifying a user (9) with a chip (C) in an electronic identity object storing a digital identity (24), the method comprising steps of: —establishing a wireless or electrical connection between the electronic identity object (C) and a verification terminal (T); —verifying, in the electronic identity object, if the verification terminal is authorized to communicate with the electronic identity object (C), and in response of a positive verification sharing a secret (K): using the shared secret (K) for establishing an encrypted symmetric data link (5) between the electronic identity object and the verification terminal (T); transmitting, through the encrypted data link (5), said digital identity (24) stored in the electronic identity object to the verification terminal (T); and verifying in the verification terminal (T) the authenticity of said digital identity (24).

Abstract: A method for controlling access of users to desktops, comprising: 1. a user enters a login; 2. an organization server verifies if the user is authorized to access the desktop, and returns a pseudo of the user; 3. the user scans a pattern of fingerveins of one finger with a biometric scanner comprising cameras at different angles; 4. a file corresponding to said images is encrypted by said biometric scanner (B) with a public key of a biometric server and signed with a private key of said biometric scanner, and sent to the desktop; 5. the desktop forwards said file to said biometric server; 6. the biometric server decrypts the file, verifies the signature of the biometric scanner, and matches the received images with reference images associated with said pseudo; 7. the biometric server decides if the recognition succeeded, failed, or if an additional scan is needed.

Abstract: The invention is related to a method allowing a prover holding a secret key (x) to prove its identity to a verifier and to prove to this verifier that he is within a predetermined distance of this verifier, said method comprising an initialization phase during which: the prover picks a first nonce (Np) and communicates this first nonce to the verifier; the verifier picks a first random vector (a), a leak function (L?), and a second nonce (Nv); the verifier uses said leak function (L?) to compute a modified secret (x?) depending on the leak (L?(x)) of said secret; the verifier transmits to said prover said leak function and said second nonce; the prover retrieves said first random vector and said modified secret, wherein said first random vector and said modified secret are used by said prover for computing responses (ri) to challenges (ci).

Abstract: A wireless validation method between an first apparatus and a second apparatus comprising the following steps of communicating between the first apparatus and the second apparatus for agreeing in a protected way on a common symmetric key and performing a symmetric distance bounding validation between the first apparatus and the second apparatus over a wireless communication link on the basis of the agreed common symmetric key.

Abstract: The invention is related to a method allowing a prover holding a secret key (x) to prove its identity to a verifier and to prove to this verifier that he is within a predetermined distance of this verifier, said method comprising an initialization phase during which: the prover picks a first nonce (Np) and communicates this first nonce to the verifier; the verifier picks a first random vector (a), a leak function (L?), and a second nonce (Nv); the verifier uses said leak function (L?) to compute a modified secret (x?) depending on the leak (L?(x)) of said secret; the verifier transmits to said prover said leak function and said second nonce; the prover retrieves said first random vector and said modified secret, wherein said first random vector and said modified secret are used by said prover for computing responses (ri) to challenges (ci).

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: A method for providing efficient management of certificate revocation may comprise storing a list of identifiers of digital certificates including a revocation list defining a list of revoked certificates in an accumulator, storing a witness value in association with at least some entries in the revocation list in which the witness value provides proof of the membership or non-membership of an identifier in the revocation list, enabling generation of a new accumulator and a new witness value responsive to each insertion or deletion of an entry in the revocation list, and enabling batch updates to the revocation list using a reduced bitlength value generated based on to a ratio of a value generated based on elements added to the revocation list to a value generated based on elements deleted from the revocation list. A corresponding apparatus is also provided.

Abstract: Provided is a method to generate sub-keys based on a main key in a case in which, each sub-key gives no information to recover the main key. The method has the steps of obtaining a first value by applying to the main key a linear diversification by mixing the main key with a constant and applying to the first value a non-linear transformation. The non-linear transformation includes obtaining a second value by applying the first value to a substitution layer, obtaining a third value formed of N blocks of the same size by using a diffusion box of multi-permutation type based on the second value, obtaining the fourth value formed by blocks, obtaining the fifth value by applying to the fourth value a substitution layer, obtaining the sub-key by applying to the fifth value a symmetrical encryption module. The first value serves as the key input for this method.

Abstract: The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed. This aim is achieved by a method to encrypt or decrypt blocks of data X to Y, based on a main key R, this method using several serially connected modules, each module using a sub-key RA derived from the main key R.

Abstract: The aim of the invention is to propose the generation, verification and denial of an undeniable signature which has a size smaller than the currently available undeniable signatures, i.e. less than 80 bits. This aim is achieved by the method to generate an undeniable signature (y1, . . . , yt) on a set of data, this method comprising the following steps: (1) transforming the set of data (m) to a sequence of a predetermined number (t) of blocks (x1, . . . , xt), these blocks being members of an Abelian group, this transformation being a one way function, and (2) applying to each block (xi) a group homomorphism (f) to obtain a resulting value(yi), in which the number of elements of the initial group (G) is larger than the number of elements (d) of the destination group (H).

Abstract: The aim of the invention is to propose the generation, verification and denial of an undeniable signature which has a size smaller than the currently available undeniable signatures, i.e. less than 80 bits. This aim is achieved by the method to generate an undeniable signature (y1, . . . , yt) on a set of data, this method comprising the following steps: transforming the set of data (m) to a sequence of a predetermined number (t) of blocks (x1, . . . , xt), these blocks being members of an Abelian group, this transformation being a one way function, applying to each block (xi) a group homomorphism (f) to obtain a resulting value (yi), in which the number of elements of the initial group (G) is larger than the number of elements (d) of the destination group (H).

Abstract: The aim of this invention is to propose a method to generate sequences or sub-keys based on a main key, in which each sub-key gives no information to recover the main key or any other sub-keys.

Abstract: The purpose of this invention is to propose a new encryption method which offers a high level of security combined with a high execution speed.

Abstract: Method for the cryptography of data recorded on a medium usable by a computing unit in which the computing unit processes an input information x using a key for supplying an information F(x) encoded by a function F. The function uses a decorrelation module Mk such that F(x)=[F′(Mk)](x), in which K is a random key and F′ a cryptographic function. This Abstract is neither intended to define the invention disclosed in this specification nor intended to limit, in any manner, the scope of the invention.

Abstract: Method of public key cryptography based on the discrete logarithm that makes use of the computation of the variable r=g.sup.k modp where p is a prime number called a modulus, the exponent k is a random number usually with a length of N bits and g is an integer called a base, wherein an entity E carries out operations of authentication and/or of signature, including exchanges of signals with another entity in which this variable comes into play.