Abstract: Establishing a secure link on a second protocol between a secure element and a smart device via a link on a first protocol by establishing a link on the first protocol between the secure element and the smart device, and generating, by the secure element, a communication encryption key and associating a status with the encryption key and assigning the status a first level. Transmitting the key and the status of the key from the secure element to the smart device over the link on the first protocol. The secure element and the smart device are paired over the second protocol thereby establishing a second-protocol link. Transmitting a message encrypted using the key to the smart device over the second-protocol link. Upon verifying the cardholder as an authorized cardholder for the secure element, elevating the status of the communication encryption key from the first level to a second level.

Abstract: Provided is a method for enrolling a cardholder of a biometric payment card by using a biometric sensor located on the biometric payment card. Other embodiments disclosed. The method includes receiving biometric information from the biometric sensor, adding the received biometric information to a biometric template for the cardholder, determining whether the biometric information completes a biometric template, and verifying the cardholder of the payment card as being a legitimate user of the payment card. Upon positive verification of the cardholder and positive determination that the biometric template is complete, the method transmits a notification of completed biometric-use authentication enrollment. Other embodiments disclosed.

Abstract: The present invention relates to a method to create a trusted NDEF record in an NFC device, comprising the steps of: providing an NDEF application in said NFC device, having a first NDEF record contained in an NFC device, wherein said NDEF application is configured to generate a second NDEF record different from a previous first one, based on data collected, as a result of a detection or upon a receipt of a request of an NFC reader or after collection of new data. The invention also relates to the use of above method to make secure mobile application activations or for realizing a strong customer authentication.

Abstract: There is described a method for Java Card application memory footprint optimization which relies on the separation in advance of the code related to the personalization from the rest of the code. It allows this code to perform the personalization of an application installed from a main package while being itself included and installed from a separated package dedicated to the personalization, namely the Card Personalization Specifications (CPS) package. This way, the CPS package and all the code inherent to the personalization can be removed once all the personalization steps have been completed.

Abstract: There is described a method for Java Card application memory footprint optimization which relies on the separation in advance of the code related to the personalization from the rest of the code. It allows this code to perform the personalization of an application installed from a main package while being itself included and installed from a separated package dedicated to the personalization, namely the Card Personalization Specifications (CPS) package. This way, the CPS package and all the code inherent to the personalization can be removed once all the personalization steps have been completed.

Abstract: A method of loading a Java Card memory with a Java Card package through a Card Personalization Specification (CPS) flow. The method proposes to encapsulate the Java Card package destined to be loaded into the Java Card memory in an extra proprietary Data Grouping Identifier (DGI) added at the beginning of a standard DGI sequence. By adding the extra DGI containing a Java Card package at the beginning of the DGI sequence, the Java Card application writes the Java Card package into the Java Card memory. The Java Card package then receives the rest of the DGIs from the application and handles the personalization process by writing itself the personalized data into the memory.

Abstract: Modification of the execution of a platform-independent first method of an application within an integrated circuit card having a first non-volatile memory, a second rewritable non-volatile memory, a virtual machine and a processor unit, wherein said platform-independent first method includes a first operations sequence and a second operations sequence.

Abstract: Modification of the execution of a platform-independent first method of an application within an integrated circuit card having a first non-volatile memory, a second rewritable non-volatile memory, a virtual machine and a processor unit, wherein said platform-independent first method includes a first operations sequence and a second operations sequence.

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract: The invention is a method of communicating between a caller device and an executor device wherein the executor device comprises a memory having a layout which defines formats and addresses used for storing data in the memory. The executor device comprises an application including a service and the method comprises the steps of: providing the caller device with the layout and an indicator reflecting the service during the handshake phase, sending to the executor device a data block corresponding to a command targeting the service, wherein the data block complies with the layout and is devoid of metadata, sending to the caller device a response block which complies with the layout and which corresponds to a result generated by execution of the command.

Abstract: To access a service, each user device stores one first key. The user device is connected to a first server. A terminal sends to a second server a connection request. The second server responds with first data relating to a transaction identifier and an associated challenge. The terminal determines a first result depending upon the first data and the first key. The terminal sends to the first server the first result and user device data. The first server identifies a user device based upon the user device data and sends to the device the first result. The device determines the challenge and the transaction identifier based upon the first result and the first key and sends to the second server the challenge and the transaction identifier. The second server verifies whether the data received from the device matches the first data and, if so, authorizes the terminal to connect.

Abstract: The invention relates to a personal token for a mobile telecommunication network, hosting application software. The personal token is operable to receive an over-the-air SMS message encapsulating commands directed to the application, open the SMS and extract the commands from the SMS. The steps of opening the SMS and extracting the commands from the SMS are performed by a software entity in the personal token which is distinct from the application, so that the software entity initiates transmission of the extracted commands to the application.

Abstract: The invention relates to a personal token storing a javacard application code lying over an area of the memory of the personal token, the personal token being able to run such javacard application so as to deliver HTML page data to an external device for the external device to display an HTML page on the basis of the such delivered HTML page data, said personal token further storing data to be used as a constructing part of the HTML page, characterized in that the data to be used as a contributing part of the HTML page are in at least one file which is separate from the memory area over which the Javacard application code is lying, and the personal token is programmed for opening the at least one file storing the contributing part of the HTML page when such data are requested for delivering said HTML page data to said external device.

Abstract: (EN) The invention makes it possible to allow several applications to coexist in the same card; the implementation of the applications uses reading and writing of data by the reader in the same memory location. The invention is a method for exchanging data between a mobile authentication device 3 supporting several applications Z1 to Z3 and a reader dedicated to one application in which the reader sends an authentication command and at least one read and/or write command. The authentication command allows the mobile device to authorise a transaction for at least part of an application Z1 to Z3 supported by the said mobile device. In response to the authentication command, the mobile device selects the application of the device that corresponds to the reader. The read and/or write command is carried out by addressing a definite block of data. In response to the read and/or write command, the mobile device addresses the block of the selected application.

Abstract: The invention is a method of executing an application embedded in a portable electronic device. The application comprises one instruction handling an object. The electronic device comprises a firewall which is intended to check the compliance of the object with preset security rules. The portable electronic device comprises a volatile memory area intended to store a data set uniquely associated to the object. The data set comprises an indicator reflecting the result of the checking of the compliance of the object with the preset security rules. The method comprises the following steps before execution of the instruction, checking the presence in the volatile memory area of a data set associated to the object and comprising an indicator reflecting a successful checking of security rules, and if successful in the checking of the data set, authorizing the execution of the instruction without further security rules checking done by the firewall.

Abstract: The invention relates to a personal token storing a javacard application code lying over an area of the memory of the personal token, the personal token being able to run such javacard application so as to deliver HTML page data to an external device for the external device to display an HTML page on the basis of the such delivered HTML page data, said personal token further storing data to be used as a constructing part of the HTML page, characterized in that the data to be used as a contributing part of the HTML page are in at least one file which is separate from the memory area over which the Javacard application code is lying, and the personal token is programmed for opening the at least one file storing the contributing part of the HTML page when such data are requested for delivering said HTML page data to said external device.

Abstract: The invention relates to a personal token for a mobile telecommunication network, hosting application software. The personal token is operable to receive an over-the-air SMS message encapsulating commands directed to the application, open the SMS and extract the commands from the SMS. The steps of opening the SMS and extracting the commands from the SMS are performed by a software entity in the personal token which is distinct from the application, so that the software entity initiates transmission of the extracted commands to the application.

Abstract: A method of managing information in a distributed system context including a local system and a remote system and using a remote invocation method of the JAVA language, said language including instructions and enabling creation of objects from classes having hierarchical relations between them, which method includes defining in the local system classes replicating a hierarchy of classes of the remote system and including means of access to said classes of the remote system in order to enable use in the local system of instructions specific to classes defined in the remote system.

Abstract: A method of managing keyboard events for a graphical user interface configured in the form of a tree of graphical elements. Each graphical element of the tree is associated with a list of keys, and each listed key is associated with an action to be initiated on receipt of a keyboard event corresponding to the key and the graphical element.