The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
2.
Method for accessing a roaming device and corresponding proxy network
A roaming device sends, through a visited network and a proxy network, to a home network, an identifier for a first subscription. The home network sends, through the proxy network, to the visited network, data relating to the first subscription. The proxy network sends to the home network a first temporary address. The visited network sends to the proxy network a second temporary address. The device activates a second subscription. The device sends, through the visited network and the proxy network, to the roaming provider network, an identifier for the second subscription. The roaming provider network sends, through the proxy network, to the visited network, data relating to the second subscription. The proxy network registers the first subscription identifier, the second subscription identifier, the first temporary address and the second temporary address. The proxy network sends to the roaming provider network the first temporary address.
H04W 8/12 - Mobility data transfer between location registers or mobility servers
H04W 8/02 - Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]Transfer of mobility data, e.g. between HLR, VLR or external networks
H04W 8/18 - Processing of user or subscriber data, e.g. subscribed services, user preferences or user profilesTransfer of user or subscriber data
H04W 8/06 - Registration at serving network Location Register, VLR or user mobility server
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
H04W 48/18 - Selecting a network or a communication service
H04M 15/00 - Arrangements for metering, time-control or time-indication
3.
UICCs embedded in terminals or removable therefrom
The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.
H04W 8/22 - Processing or transfer of terminal data, e.g. status or physical capabilities
H04B 1/3816 - Mechanical arrangements for accommodating identification devices, e.g. cards or chipsTransceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving with connectors for programming identification devices
A method for managing a subscriber device includes a first detection step in which a first device detects a first status relating to a presence of a subscriber device under a radio coverage of a home mobile network. In the first detection step, the first device intercepts a message for requesting whether the subscriber device has or has not been stolen, as request message, the request message originating from a Mobile Switching Center relating to the home mobile network and being addressed to an Equipment Identity Register relating to the home mobile network. A corresponding first device is also disclosed.
H04W 8/10 - Mobility data transfer between location register and external networks
H04W 8/02 - Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]Transfer of mobility data, e.g. between HLR, VLR or external networks
H04W 36/14 - Reselecting a network or an air interface
H04W 64/00 - Locating users or terminals for network management purposes, e.g. mobility management
H04W 92/24 - Interfaces between hierarchically similar devices between backbone network devices
5.
Non alterable structure including cryptographic material
The present invention relates to a method to build a non-alterable structure and to such a non-alterable structure including data relative to a set of cryptographic material generated randomly or derived from a secret key linked to a business use, the non-alterable structure being intended to be transferred from a first entity to a second entity, the entities sharing at least an encryption/decryption key and a signature key, the structure comprising at least business data relative to the intended use of cryptographic material, an encrypted protection key encrypted with the encryption key, an encrypted set of cryptographic material encrypted with the protection key, a signature of the set of cryptographic material, the protection key and the data relative to the intended use of cryptographic material signed with the signature key.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
6.
Method for registering at least one public address in an IMS network, and corresponding application
The invention relates, in particular, to a method for registering at least one public address in an IMS network including a terminal that interacts with a security element. According to the invention, the security element includes an application that invites the user of the terminal, upon the occurrence of an event, to enter a public address, selected by the user, via the man/machine interface of the terminal, the application transmitting the public address, accompanied by at least one identifier of the security element, to a remote network via the terminal such that the remote network associates the public address with the identifier.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
H04W 8/04 - Registration at HLR or HSS [Home Subscriber Server]
The invention relates to a method for initiating an OTA session in a mobile radio communication network at the request of a user of a mobile terminal. The OTA session is established between the mobile terminal and a remote OTA server, the mobile terminal including a security element such as a UICC card. According to the invention, the method comprises: i) entering a special code using the man/machine interface of said mobile terminal; ii) said security element intercepting said special code; and iii) opening said OTA session between said mobile terminal and said remote server in a secure mode.
The invention concerns a method for attaching a roaming telecommunication terminal to a visited network, the terminal having a security element. The method includes transmitting from the home network to the terminal a rejection message that is function of the features of the terminal and the security element.
H04W 4/00 - Services specially adapted for wireless communication networksFacilities therefor
H04W 8/02 - Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]Transfer of mobility data, e.g. between HLR, VLR or external networks
The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.
A method for exporting on a UICC in a terminal. An export request signed by the UICC, is transmitted by the terminal to a secure server. The server verifies the signed export request by comparing the signature and the identity of the UICC. The server sends a signed export certificate to the UICC via the terminal. An export package containing the data is prepared, signed and encrypted by the UICC, and sent to the terminal. The terminal transmits the export package to the server. The server signs an acknowledgment message and transmits it to the UICC via the terminal. In the UICC, the data that have been exported is destroyed, and a signed acknowledge message is sent to the server via the terminal. The server makes the data available for a further transfer to a new terminal or UICC.
System and method for allowing a mobile telecom device to use multiple profiles. The system and method includes operating a security function to perform a cryptographic operation on a profile using a cryptography key of the security function thereby producing a cryptographically protected profile, storing the cryptographically protected profile, and activating the cryptographically protected profile by operating the security function to verify that the cryptographically protected profile has been cryptographically protected using the cryptography key of the security function, and upon verifying that the cryptographically protected profile has been protected using the cryptography key of the security function, activating the cryptographically protected profile.
The invention is aimed at optimizing the life of the power supply of mobile equipment with a radiofrequency communication interface by switching off the power to it when it reaches a given state. A mobile device (102) has a battery (206), a radiofrequency circuit (201) allowing the mobile device (102) to exchange information with a host device (101). The mobile device (102) comprises an electronic switch (202) connected between the battery (206) and at least the radiofrequency circuit (201), where the switch makes it possible to supply power or not to the radiofrequency circuit. A power control circuit (203) is capable of controlling the electronic switch (202) so that it ceases to power the radiofrequency circuit as soon a break in communication is detected.
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
The present invention relates to a method for providing data during an Application Selection process from a processing device to an interface device, wherein it comprises a step of modifying dynamically at least a part of said data from transaction to transaction, said at least part of data being a dynamic data.
G06F 17/30 - Information retrieval; Database structures therefor
G07F 7/10 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card together with a coded signal
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
14.
Method for securely creating a new user identity within an existing cloud account in a cloud computing system
The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.
The invention relates to a process for securing an identification document and to a secure identification document. More particularly, the process uses UV sensitive ink(s) to define a pattern only visible under UV radiations, by printing a first layer of a transparent ablation varnish (13), printing a layer (14) of UV sensitive ink(s) over said first layer of transparent ablation varnish, removing parts of the layer (14) of UV sensitive ink(s), by means of a laser beam, some remaining areas of said UV sensitive ink(s) defining said pattern to be revealed in color under UV radiations, and some areas, where the UV sensitive ink(s) has been removed and the laser beam has interacted with the ablation varnish (13), absorbing the UV radiations with effect of creating black color. Other systems and methods are disclosed.
The invention relates to a radiofrequency communication device that comprises a gripping beating body having a surface; an electronic and/or electric circuit extending in the gripping beating body; at least one antenna provided in the vicinity of the electronic circuit. The device includes a connection circuit for connection to the antenna, that is provided at least partially in the gripping beating body and extends from the electronic circuit up to connection points of the antenna, said antenna connection points being accessible from the outside of the beating body.
D mod N against invasive attacks. The invention comprises applying a mask to the message m, and after the modular exponentiation is carried out, in verifying that the exponentiation was not altered thanks to properties introduced by the mask.
An electronic object carries out at least one operation on one element of an application installed in a computer. The method includes transmitting a random value of the electronic object to the computer, when such operation is completed, while maintaining in the electronic object the right of access to the electronic object by the user; storing the random value in the computer; giving access to the electronic object by the application and, in the case of a new access to the electronic object by the application; transmitting the random values stored in the computer to the electronic object; comparing, in the electronic object, the random value received from the computer with the random value previously transmitted to the computer; and, in case the random values are matching, re-establishing the previously acquired rights in the electronic object and thereby giving the application the access to the electronic object.
The invention relates to a method to select a telecommunication network with a mobile equipment (10,20) comprising a mobile communication device (10) and a personal token (20), the method operating an algorithm (25) which selects at least one network to be operated by the mobile equipment among a plurality of available networks, wherein in the method, the algorithm is stored and run in the personal token (20).
H04J 3/17 - Time-division multiplex systems in which the transmission channel allotted to a first user may be taken away and re-allotted to a second user if the first user becomes inactive, e.g. TASI
20.
Data medium, identity document and corresponding security-protection method
A data medium has at least first and second parts joined together, each having an outer face turned towards the outside and a hidden inner face. At least one of the first and second parts bears, at a certain distance from the outer faces, hidden markings corresponding to personalization data. This first part and preferably the second part of the medium are, at least locally, opaque with respect to through-transmission of laser radiation liable to modify the hidden markings.
A device, such as a chip card, is connected to a host platform that is linked to a packet network such as the Internet. The device detects security policy designation parameters in packets leaving and entering the platform and processes the packets according to stored security policies designated by the designation parameters detected. The security information linked to a user can therefore be moved from one platform to another and it is not processed by the platform. Security policies are managed by a server with which the device can initiate a communication when no security policy corresponding to the policy designation parameters detected in a packet is recognized, so that the server can assist the device in negotiating a security policy.
patents
