Provided is a method (200) for non-repudiable endorsement of a private attestation (111). The method includes receiving an attestation from a Private Attribute Provider (110) responsive to a request from a user declaring the attestation, securely binding pivotal attributes in the Attestation selected by the user once authenticated to an Issuing Authority (120), and securely binding the user to the attestation by way of their connected device (100). The method produces an endorsed attestation (400) that includes signed server proof (360). This is provided by the user through their connected device to a service provider for receiving a service (151) otherwise requiring third party trusted proof. Other embodiments are disclosed.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A contactless electronic module (1) for a data carrier (2) comprises a substrate (3), at least one electronic chip (4), and at least one electrical connector (5). The electronic chip (4) is arranged on the substrate (3), and the electrical connector (5) is in connection with the electronic chip (4). The substrate (3) is electrically non-conductive.
G06K 19/02 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par l'utilisation de matériaux spécifiés, p.ex. pour éviter l'usure pendant le transport à travers la machine
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
A method of manufacturing a data carrier (1), in particular a smartcard, comprises the steps of providing at least one carrier body (4), and providing at least one metallic foil (2). The method further comprises the step of providing at least one transferring element (8) being at least temporarily in connection with the metallic foil (2). The metallic foil (2) is transferred from the transferring element (8) to the carrier body (4) in a step of transferring.
B42D 25/455 - Fabrication associant plusieurs couches en utilisant la chaleur
B42D 25/46 - Fabrication associant plusieurs couches en utilisant la pression
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
A secure device (1) for securing an article (2) comprises at least one connection element (3), at least one data carrier (4), and at least one security element (5). The connection element (3) is configured to be connected to the article (2), and the data carrier (4) is in connection with the connection element (3) and is configured to be connected to the article (2) via the connection element (3). The connection element (3) is configured to interact with impinging electromagnetic radiation such, that at least one marking element (6) is generated in the connection element (3) upon the impingement of the electromagnetic radiation. The data carrier (4) is configured to interact with impinging electromagnetic radiation such, that at least one further marking element (7) is generated in the data carrier (4) upon the impingement of the electromagnetic radiation. The security element (5) comprises or consists of the marking element (6) of the connection element (3) and of the further marking element (7) of the data carrier (4).
A data carrier (1) comprises at least one substrate layer (2, 2a,...) and at least one processing layer (3). The substrate layer (2, 2a,...) and the processing layer (3) are arranged at least partially above one another with respect to an extension direction (E). The substrate layer (2, 2a...) is at least regionally transparent. The processing layer (3) comprises pigments (4) that are configured to change an appearance, in particular a translucency and/or an opacity and/or a glossiness and/or a colour, upon an irradiation of electromagnetic radiation.
A data carrier (1) extending along an extension direction (E) comprises at least one first colour element (2), wherein the first colour element (2) exhibits an appearance under a first illumination and/or exhibits an appearance under a second illumination being different from the first illumination, at least one second colour element (3), wherein the second colour element (3) exhibits an appearance under the first illumination being different from the appearance of the first colour element (2) under the first illumination and/or exhibits an appearance under the second illumination that is different from the appearance of the first colour element (2) under the second illumination, at least one personalization element (4, 6), and at least one security element (7). The first colour element (2) and the second colour element (3) are arranged staggered with respect to the extension direction (E). The security element at least partially comprises the first colour element (2), the second colour element (3) and the personalization element (4, 6). The security element (7) exhibits a first appearance under the first illumination and a second appearance being different from the first appearance under the second illumination.
A secure online authentication method of a user by a relying party using a mobile ID document uses a secret to consent to a retrieval of a dedicated data field, wherein an access token is generated, including a proof, which is used by the relying party to transmit (30) an access request to the mobile document issuer (30), trading (31, 32) the token for an authentication document comprising the personal data related to the dedicated data field by the document issuer to the relying party, wherein the proof verification material is extracted (34) from the authentication document and checked (35) to access (36) said personal data and accepting (37, 38) the online authentication of the user.
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/33 - Authentification de l’utilisateur par certificats
The present invention relates to a low capability device (UE) active in a communication system comprising a plurality of satellites (Si, Sj) insuring a temporally continuous communication coverage for the low capability device (UE), said satellites being further grouped in families (S1x), satellites of a same family (S1x) sharing same and common access information, said device (UE) comprises a power saving module to send to the serving satellite (S11), during a first data session, a next access request for a next or continued data session with time indications including at least a desired next time interval to be granted for communication, to receive and process assigned timing information for a next connection to a next satellite (S12) of the same family (S1x), to adapt the idle mode according to received idle mode synchronization information in order for the device (UE) to receive information from the next satellite (S12) of the same family (S1x) and to connect to the next designated satellite (S12) of the same family (S1x), reusing same and common access information as read for the previously serving satellite (S11).
H04W 52/28 - Commande de puissance d'émission [TPC Transmission power control] le TPC étant effectué selon des paramètres spécifiques utilisant le profil utilisateur, p.ex. la vitesse, la priorité ou l'état du réseau, p.ex. en attente, libre ou absence de transmission
17 A SECURITY ASSEMBLY AND METHOD FOR MANUFACTURING THE SAME ABSTRACT A security assembly 10 includes at least one substrate element 11, 120, 130, 140 at least one first pattern 121, 131; 22 and at least one second pattern 14; 24. The at 5 least one first pattern is associated with the at least one substrate element. The at least one first pattern is at least in part translucent or transparent. The at least one second pattern is associated with the at least one substrate element. Each of the at least one first pattern overlaps at least in part the at least one second pattern. Upon viewing the assembly, the at least one first pattern 22 and the at least one second pattern 24 are 10 configured to generate, at at least one side of the assembly, at least one third pattern 26, each of the at least one third pattern including an optically variable image. Figure 1
A data carrier (1) comprises at least one optically variable element (2), at least one surface element (3a), and at least one security element (4) comprising at least part of the at least one optically variable element (2) and at least part of the at least one surface element (3a). The at least one surface element (3a) is configured to guide impinging electromagnetic radiation (EM) towards the at least one optically variable element (2). The data carrier (1) is configured such, that electromagnetic radiation (EM) is impinging on the at least one surface element (3a) under at least a first arrival angle (?1) when the data carrier (1) is seen under a first observation angle (?1), and such, that electromagnetic radiation (EM) is impinging on the at least one surface element (3a) under at least a second arrival angle (?1) being different from the first arrival angle (?1) when the data carrier (1) is seen under a second observation angle (?2) being different from the first observation angle (?1). The at least one optically variable element (2) is configured to reflect at least a first reflection spectrum (R1a) upon impingement of the electromagnetic radiation (EM) being impinging on the at least one surface element (3a) under the first arrival angle (?1), whereby the at least one security element (4) appears according to at least a first appearance (A1a), and is further configured to reflect at least a second reflection spectrum (R2a) upon impingement of the electromagnetic radiation (EM) being impinging on the at least one surface element (3a) under the second arrival angle (?1), whereby the at least one security element (4) appears according to at least a second appearance (A2a) being different from the first appearance (A1a).
The present invention relates to a method for recognizing an individual by fusing a first match result generated by a first single-modal biometric recognition system of a first biometric modality and a second match result generated by at least one second single-modal biometric recognition system of a second biometric modality into a fused match result, comprising: receiving (303) a training request for optimizing parameters of a fusion model to achieve a target performance metric; retrieving (304) the fusion model, initial parameters, and training sample sets of the biometric modalities; performing (305) a machine leaning based training on the retrieved data to obtain optimized parameters meeting the target performance metric; updating (306) the parameters of the fusion model with the optimized parameters in the database; receiving (307a, 307b) a message comprising a fusion request, the first and second match results; obtaining (310) from the message the first and second match results; retrieving (311) the optimized parameters of the fusion model; applying (315a, 315b) the fusion model, with the optimized parameters, to the first and second match results to calculate a fused match result for recognizing the individual.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06V 10/80 - Fusion, c. à d. combinaison des données de diverses sources au niveau du capteur, du prétraitement, de l’extraction des caractéristiques ou de la classification
A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06F 21/30 - Authentification, c. à d. détermination de l’identité ou de l’habilitation des responsables de la sécurité
13.
SLAP SEGMENTATION OF CONTACTLESS FINGERPRINT IMAGES
The present invention relates to a method to segment slap images and to generate accurately labelled individual fingerprints, said method comprising the following steps: - reception of inputs images from a contactless fingerprint reader under controlled lighting conditions; - computation of a variance in the received images to estimate a slap area as a foreground slap mask in the input images; - identification of individual fingers by finding boundary of each finger; - verification of a number of fingers and of geometric constraints; - calculation of pose and orientation based on shape and geometry information; - identification of effective fingertip area on each detected finger according the pose, orientation, as well as geometric information; - output of individual fingerprints.
G06V 10/26 - Segmentation de formes dans le champ d’image; Découpage ou fusion d’éléments d’image visant à établir la région de motif, p.ex. techniques de regroupement; Détection d’occlusion
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p.ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersections; Analyse de connectivité, p.ex. de composantes connectées
A method to generate a slap/fingers foreground mask for image processing of fingerprints on an image acquired using a contactless fingerprint reader having a flash light, includes: acquiring one images of the slap/fingers in a contactless position near the reader with flash light, and another without flash light; calculating a difference map between the images; calculating an adaptive binarization threshold of the difference map for each pixel based on a flashlight compensation factor determined in a corresponding map using an image of a non-reflective blank target acquired with flash light and a background enhancement factor determined in a corresponding map using the image acquired without flash light; binarizing the difference map by attributing a first or a second value to pixels depending on whether the calculated threshold value is respectively higher or lower than the corresponding value in the difference map, the binarized image being the slap/fingers foreground mask.
A multipage security document has a first verification lens located in a see-through portion and corresponding to a first verification feature and a second verification lens collocated with the first verification lens as an adjacent layer to the first verification lens in the see-through portion and corresponding to a second verification feature.
Secure patching of an operating system of the integrated circuit chip. A patch server encrypts a patch to the operating system of the integrated circuit chip and transmits the encrypted patch to an issuing-authority server. The issuing- authority server appends the encrypted patch into a digital certificate in an extension to the digital certificate and transmits the digital certificate including the encrypted patch to a terminal. The terminal transmits the digital certificate the integrated circuit chip. The integrated circuit chip recovers the extension to the second digital certificate and decrypts the extension using a decryption key of the manufacturer of the integrated circuit chip thereby recovering the patch to the operating system of the integrated circuit chip and installs the patch into the operating system of the integrated circuit chip.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/77 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les cartes à puce intelligentes
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
17.
METHOD AND SYSTEM FOR IMPLEMENTING A VIRTUAL SMART CARD SERVICE
The invention relates to a method (20) and a system for implementing a virtual smart card service.The virtual smart card service corresponds to an execution of a smart card application. At least one key is stored at a server side. The smart card application uses application metadata to emulate a smart card application logic. The method comprises: - processing (24), by at least one client (12), the smart card application logic; - running (26), by the at least one client, the smart card application while retrieving smart card data from the smart card application logic; - identifying (28), by the at least one client, while running the smart card application, at least one key operation within the smart card application; - generating (210), by the at least one client, while running the smart card application, a key operation request by using the at least one identified key operation and data relating to the client; - sending (212, 214), by the at least one client, through the smart card application, to the first server the generated key operation request; - processing (216), by the first (14) or a second (16) server, the generated key operation request by using the at least one key and the client data, the second server being connected to the first server; - getting, by the first or second server, a key operation result, the key operation result being the result of the at least one identified key operation on the client data; and - sending (218), by the first or second server, through the smart card application, to the client the key operation result.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/02 - Architectures, schémas ou protocoles de paiement impliquant un tiers neutre, p.ex. une autorité de certification, un notaire ou un tiers de confiance
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
18.
DATA CARRIER WITH TACTILE PRINTED AREA FOR INK WRITING DATA
The present invention relates generally to a data carrier comprising a data sheet. Said data sheet comprises a substrate material wherein at least one printed area is printed. Said printed area is configured for ink written signature. Said printed area is produced by imprinting via intaglio printing and comprises tactile perceptibility structured embossed pattern produced by the imprinting. Said tactile structured embossed pattern is configured to hold the ink of the ink written. The present invention prevents unwanted smudging or spreading when writing on the printed area. Moreover, the present invention addresses also the forgery and manipulation drawbacks on ink written data on data carrier.
Privacy-preserving smart metering for a smart grid. Issuing a privacy-enhanced credential to a consumer node having smart meter. Operating the consumer node to associate an id with the credential and to use the id to report usage. Other systems and methods are disclosed.
20.
METHOD FOR DOWNLOADING A SUBSCRIPTION IN AN UICC EMBEDDED IN A TERMINAL
The invention proposes a method for downloading a subscription in an UlCC embedded in a terminal, this method consisting in: transferring an ICCID to the terminal; sending the ICCID over an IP link to a secure vault; selecting in the secure vault a subscription corresponding to the ICCID; transmitting the subscription to the terminal over the IP link; storing the subscription in the terminal.
H04W 8/20 - Transfert de données utilisateur ou abonné
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée