Abstract: A Bluetooth communication method implemented between first and second electronic devices, including establishing a communication in a connected mode between the first and second devices including a key exchange operation between these two devices, and establishing a communication in an advertising mode between the first and second devices including a periodic broadcast by the second device to the first device of a message including a payload and a calculated tag from this key.

Abstract: A method of authenticating a transponder communicating with a server, including: calculating a one-time password in the transponder with a dedicated algorithm, on the basis of the state of a counter and a physical quantity, such as a transmission delay determined in the transponder during reading by a reading device; transmitting the password to the server by the reading device, which determines a transmission delay of the transponder, and transmitting to the server, in addition to the password, the information about the transmission delay determined in the reading device; decrypting by the dedicated algorithm the password, and checking if the decrypted transmission delay of the received password corresponds to the transmission delay determined by the reading device within a determined temporal margin, and if the state of the counter is different from a received previous state of the counter so as to authenticate the transponder.

Abstract: The method enables banking data to be programmed in an integrated circuit of a watch by an asymmetric encryption and decryption algorithm. The method includes the steps of: transmitting a public key of the integrated circuit and a digital certificate generated by a certification authority on the basis of a private key of the certification authority and of the integrated circuit public key, from the portable object to a bank, verifying the digital certificate in the bank by a public key of the authority, and if the digital certificate is validated, transmitting encrypted confidential data personalized to an owner of the portable object from the bank to the portable object, and decrypting the encrypted data received by the application-specific integrated circuit of the portable object by means of a private key of the integrated circuit, to store the decrypted confidential data personalized to the portable object owner.

Abstract: A method of authenticating a transponder in communication with a server. The method includes the steps of defining a word in the transponder with a previous state of a counter of the transponder, incremented by a random number generated in the transponder, calculating a one-time password in the transponder with the aid of an HOTP algorithm and of a secret key on the basis of the word, transmitting the word and the one-time password to the server, calculating another one-time password in the server with the word received from the transponder by the HOTP algorithm and with one and the same secret key, and checking whether the passwords are identical so as to authenticate the transponder and authorize access to a site determined by the server.

Abstract: A method of authenticating a transponder communicating with a server, including: calculating a one-time password in the transponder with a dedicated algorithm, on the basis of the state of a counter and a physical quantity, such as a transmission delay determined in the transponder during reading by a reading device; transmitting the password to the server by the reading device, which determines a transmission delay of the transponder, and transmitting to the server, in addition to the password, the information about the transmission delay determined in the reading device; decrypting by the dedicated algorithm the password, and checking if the decrypted transmission delay of the received password corresponds to the transmission delay determined by the reading device within a determined temporal margin, and if the state of the counter is different from a received previous state of the counter so as to authenticate the transponder.

Abstract: A method of authenticating a transponder in communication with a server. The method includes the steps of defining a word in the transponder with a previous state of a counter of the transponder, incremented by a random number generated in the transponder, calculating a one-time password in the transponder with the aid of an HOTP algorithm and of a secret key on the basis of the word, transmitting the word and the one-time password to the server, calculating another one-time password in the server with the word received from the transponder by the HOTP algorithm and with one and the same secret key, and checking whether the passwords are identical so as to authenticate the transponder and authorize access to a site determined by the server.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: The present invention concerns a mutual authentication method in a communication system. According to the method, a first communication device (1), such as an RFID reader, authenticates a second communication device (3), such as an RFID tag, by using an asymmetric authentication protocol based on a generated a session key. The tag authenticates the reader by using a symmetric communication protocol based on a generated other session key. At least a portion of the session key is used to generate the other session key.

Abstract: The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.

Abstract: The method enables banking data to be programmed in an integrated circuit of a watch by an asymmetric encryption and decryption algorithm. The method includes the steps of: transmitting a public key of the integrated circuit and a digital certificate generated by a certification authority on the basis of a private key of the certification authority and of the integrated circuit public key, from the portable object to a bank, verifying the digital certificate in the bank by a public key of the authority, and if the digital certificate is validated, transmitting encrypted confidential data personalized to an owner of the portable object from the bank to the portable object, and decrypting the encrypted data received by the application-specific integrated circuit of the portable object by means of a private key of the integrated circuit, to store the decrypted confidential data personalized to the portable object owner.

Abstract: A device (CD) is intended for controlling authenticity of a code received with a message by an electronic device (ED2) and resulting from application to this message of a bijective algorithm with at least one predetermined key. This device (CD) has i) a first computation means (CM1) arranged for applying partly this bijective algorithm with this predetermined key, from a starting step to a chosen intermediate step, to the received message, in order to get a first result, ii) a second computation means (CM2) arranged for applying partly in a reverse manner the bijective algorithm with the predetermined key, from an ending step to this chosen intermediate step, to the received code while using the received message, in order to get a second result, and iii) a comparison means (CM3) arranged for comparing these first and second results and for outputting an information representative of the authenticity of the received code when the first and second results are identical.

Abstract: The present invention concerns a mutual authentication method in a communication system. According to the method, a first communication device (1), such as an RFID reader, authenticates a second communication device (3), such as an RFID tag, by using an asymmetric authentication protocol based on a generated a session key. The tag authenticates the reader by using a symmetric communication protocol based on a generated other session key. At least a portion of the session key is used to generate the other session key.

Abstract: The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.

Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.

Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.

Abstract: The invention relates to a method for securing the execution of a cryptographic algorithm A against fault attacks. Given a cryptographic key KO and a message M, the cryptographic algorithm A is set to compute a value A(KO,M). Given a relationship R between A(KO,M) and A(f(K0),g(M)), where f and g are two bijections, and where f is different from the identity function, the method comprises: a. computing the expected result A(KO,M) of the cryptographic algorithm b. computing a modified result A(f(K0),g(M)), by applying the cryptographic algorithm A on a modified key f(K0) and on a message g(M), c. checking whether the relationship R between the values A(KO,M) and A(f(K0),g(M)) computed in the two preceding steps is verified d. detecting an attack if the relationship R is not verified. The invention also relates to a cryptographic device embodying the above method.

Abstract: The invention relates to a method for protecting a sensitive operation by checking the integrity of at least a subset of the data manipulated by the sensitive operation. Data to be checked are divided into blocks, an intermediate integrity check value being computed for each block, the intermediate integrity check values being computed in random order. The invention also relates to a cryptographic device wherein at least one sensitive operation of the cryptographic device is protected by a method according to the invention.

Abstract: The invention relates to a method for checking the integrity of a set of data packets received by a receiving communication device from a sending communication device, the data packets of the set being received in unpredictable order. The invention also relates to a communication device implementing a method according to the invention, in particular to a smart card.

Abstract: The invention relates to a method for securing the execution of a cryptographic algorithm A against fault attacks. Given a cryptographic key K0 and a message M, the cryptographic algorithm A is set to compute a value A(KO,M). Given a relationship R between A(KO,M) and A(f(K0),g(M)), where f and g are two bijections, and where f is different from the identity function, the method comprises: a. computing the expected result A(KO,M) of the cryptographic algorithm b. computing a modified result A(f(K0),g(M)), by applying the cryptographic algorithm A on a modified key f(K0) and on a message g(M), c. checking whether the relationship R between the values A(KO,M) and A(f(K0),g(M)) computed in the two preceding steps is verified d. detecting an attack if the relationship R is not verified. The invention also relates to a cryptographic device embodying the above method.

Abstract: An authentication method including operation of a personal token, a personal token for a terminal in a communication network, an authentication server, and a computer program for an authentication server. The secure server producing derived key material on the basis of a random and a secret key (K), said personal token including program instructions for re-computing the derived key material (Ck, Ik) on the basis of the received random and the secret key (K) as stored in the personal token. The personal token includes program instructions for using a re-computed part of the derived key material in order to interpret the received additional data.