A method for replacing by a HPLMN or a user equipment a set of URSP rules used by the user equipment communicating with a MNO network, the set of URSP rules being called current set of URSP rules, by another set of URSP rules, called new set of URSP rules, the user equipment cooperating with a secure element, the method including storing in the secure element a plurality of URSP rules; when the home network or the user equipment decides to switch from the current set of rules to the new set of rules, sending to the secure element a switching command comprising a list of selection criteria of the new set of URSP rules; replacing in the secure element the current set of URSP rules by the new set of URSP rules, and sending a refresh command.
Provided is a method for managing a card comprising a user output interface. The method comprises a control operation of the card for getting, by the card, a parameter which can evolve dynamically during card lifespan, generating, by the card, a decision which may be positive or negative by executing a preset function applied to said parameter, and, only if said decision is positive, identifying, by the card, a message and notifying a user of the card directly through the user output interface that the card has the message to deliver to the user. Other embodiments disclosed.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
3.
METHOD TO STORE DATA PERSISTENTLY BY A SOFTWARE PAYLOAD
A method to store data persistently by a payload of an owner, the method including establishing a secure channel between the owner and the software payload itself when running into a hardware-based trusted executed environment, HW TEE, at the instance of a cloud service provider; generating, by the owner, a payload identifier using information shared from the payload during the establishment of the secure channel; generating, by the owner, a key initiator and persistently storing at the owner side the key initiator associated to the payload identifier; sending, by the owner, the payload identifier and the key initiator to the payload; using the key initiator, by the payload, to encrypt data; and persistently storing, by the payload, the encrypted data and the payload identifier.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
Provided is a data carrier of significantly improved level of security that introduces only a minor modification into their manufacturing process. Other embodiments disclosed. In a first aspect a data carrier is provided, wherein the data carrier comprises at least one carrier body, at least one printing layer, at least one marking layer, and at least one security element. The carrier body comprises a top surface, wherein the printing layer is arranged on the top surface of the carrier body. The printing layer and the marking layer are arranged at least partially above one another with respect to an extension direction. The marking layer is configured to interact with impinging electromagnetic radiation such, that a marking element is generated in the marking layer upon the irradiation of electromagnetic radiation.
Provided is a secure execution of a first instruction by processing means of an electronic system, comprising fetching (S1) said first instruction in an execution pipeline of the processing means, determining (S2) that said first instruction to be executed is an instruction sensitive to a determined attack, selecting (S3), based on said determined attack, from an internal memory of said processing means, at least one second instruction, which, when executed by the processing means, causes the processing means to perform a combination of said first function and a dedicated security countermeasure against said determined attack, and executing (S4) said selected second instructions instead of said first instruction.
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
Method to establish a secure channel between the party of a software payload and the software payload itself when running into a hardware-based trusted execution environment, HW TEE, at the instance of a cloud service provider, including sending, by the party, a nonce to the software payload; generating, by the software payload, a payload key pair: public key and private key; mixing, by the software payload, the payload public key with the nonce; computing, by the HW TEE, an attestation using this nonce mixed with the payload public key; sending, by the software payload, the attestation, and the payload public key to the party; verifying, by the party, the attestation using the sent nonce mixed with the received payload public key; generating, by the software payload and the party, a session key; and establishing a secure channel between the party and the software payload running into the HW TEE.
H04L 9/14 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
7.
DATA CARRIER WITH SECURED SURFACE PERSONALIZATION ELEMENT
Provided is a data carrier that extends along an extension axis and comprises a carrier body having a top surface, at least one personalization element being arranged on the top surface of the carrier body, and at least one security element. The security element is at least partially arranged at least on and/or in a top surface of the personalization element and at least partially at least on and/or in the top surface of the carrier body and/or at least partially within the carrier body. Other embodiments disclosed.
A contactless electronic module for a data carrier comprises a substrate, at least one electronic chip, and at least one electrical connector. The electronic chip is arranged on the substrate, and the electrical connector is in connection with the electronic chip. The substrate is electrically non-conductive. Other embodiments disclosed.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
G06K 19/02 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par l'utilisation de matériaux spécifiés, p.ex. pour éviter l'usure pendant le transport à travers la machine
Provided is a method for securely executing an application, wherein a memory space of said application comprises an execution enclave configured to access a memory of the second device storing sealed data obtained by a sealing enclave by sealing on a first device a predetermined message with a first hardware key associated to said first device based on a value depending on an identity of said sealing enclave, and comprising, performed by said execution enclave to verify that the second device is authorized to execute the application. Other embodiments disclosed.
G06F 21/51 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p.ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
Provided is a method of manufacturing a data carrier, in particular a smartcard, comprising steps for providing at least one carrier body, and providing at least one metallic foil. The method further comprises the step of providing at least one transferring element being at least temporarily in connection with the metallic foil. The metallic foil is transferred from the transferring element to the carrier body in a step of transferring. Other embodiments disclosed.
B42D 25/455 - Fabrication associant plusieurs couches en utilisant la chaleur
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
Provided is a data carrier that comprises at least one carrier body, at least one electronic module, at least one antenna, and at least one metallic layer. The electronic module is at least partially arranged in the carrier body. The antenna is in connection with the electronic module. The metallic layer comprises at least one recess, and the antenna comprises an electrically conducting wire that is at least partially arranged in the recess. At least part of the metallic layer is part of the antenna. Other embodiments disclosed.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
12.
SECURITY DEVICE FOR SECURING AN ARTICLE SUCH AS A PASSPORT
Provided is a security device for securing a substrate comprises at least one connection device, and at least one output device. The security device is configured to be connected to the substrate via the connection device. The output device is configured to emit at least one output signal. The output signal is outputted to an outside of the security device when the connection device and the output device are coupled to one another. A change in the coupling between the connection device and the output device results in a change in the output signal or in an absence of the output signal, and wherein the change in the output signal or the absence of the output signal is indicative of a manipulation of the security device and/or of the substrate. Other embodiments disclosed.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
Provided is a method for managing a till e-receipt during a payment transaction involving an Electronic Cash Register and a smart card. The method comprises the steps of: sending a URL from the Electronic Cash Register to the smart card, receiving by the Electronic Cash Register a card identifier which has been permanently allocated to the smart card, sending the card identifier and the till e-receipt from the Electronic Cash Register to a first server, and uniquely associating said card identifier and till e-receipt to the URL, such that the e-receipt can be subsequently retrieved by connecting to the URL. Other embodiments disclosed.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
A secure device for securing an article that includes at least one connection element, at least one data carrier, and at least one security element. The connection element is configured to be connected to the article, and the data carrier is in connection with the connection element and is configured to be connected to the article via the connection element. The connection element is configured to interact with impinging electromagnetic radiation such, that at least one marking element is generated in the connection element upon the impingement of the electromagnetic radiation. The data carrier is configured to interact with impinging electromagnetic radiation such, that at least one further marking element is generated in the data carrier upon the impingement of the electromagnetic radiation. The security element comprises or consists of the marking element of the connection element and of the further marking element of the data carrier.
The disclosure proposes a method for switching from a first subscription of a first telecommunication network operator to a second subscription of a second telecommunication network operator on a plurality of smart cards, the method comprising, for each smart card pre-provisioning the smart card with a batch of secret keys at the level of a personalization factory; thanks to a first input file transmitted by the first telecommunication network operator to the personalization factory, generating at the personalization factory an output file comprising a first secret key selected in the batch, a corresponding first IMSI and a first ciphered operator code; transmitting the output file to the first telecommunication network operator; and transmitting OTA keys and the first IMSI to an OTA server of a service provider managing the smart card in order to attach the smart card to the first telecommunication network.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
16.
METHOD FOR SECURELY PULLING A SIGNED CONTAINER IMAGE
Provided is a method for generating a signed container image from a base container image comprising a plurality of container image layers, and for pushing said signed container image to an image registry of a container hosting environment. The environment comprises a pipeline server of an image provider, a master node configured for acting as orchestrator and a plurality of worker nodes configured for running a container instantiating said signed container image after pulling said signed container image from said image registry. The pipeline server generates a signed container image by adding a first layer and a second layer to said base container image, said first layer comprising a manifest of said base container image and said second layer comprising a digital signature of a digest of said manifest generated using a private key of said image provider, and pushing said signed container image to said image registry.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The present disclosure provides an ICC reader including a microcontroller configured to exchange data with an insertable ICC while the insertable ICC is inserted and powered, and with an end-user entity, an ICC connector configured to allow the exchange of data between the microcontroller and the inserted ICC, and an end-user entity interface connector configured to allow the exchange of data between the microcontroller and an end-user entity, wherein the ICC reader further includes an activatable 2-position built-in switch defining two states: a first state wherein the exchange of data between the microcontroller and the inserted ICC is allowed, and a second state wherein the exchange of data between the microcontroller and the inserted ICC is interrupted emulating an ICC withdrawal.
G06K 7/00 - Méthodes ou dispositions pour la lecture de supports d'enregistrement
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
18.
METHOD FOR SECURING A MULTIPLE POINT MULTIPLICATION OPERATION AGAINST SIDE-CHANNEL ATTACKS
Provided is a method for securing against side channel attacks. An elliptic curve cryptographic process comprises a multiple points multiplication operation using predetermined scalar values, Pi being points of an elliptic curve over a finite field defined by parameters (F, E, G, N) together with the point addition law where F is a field over which is defined the curve, E is an equation of the curve, G is a base point in E over F and N is the order of the base point G. The method comprises generating (S1) a masking value iRand, multiplicatively masking (S2) each predetermined scalar value di with said generated masking value iRand to obtain masked scalars di′, computing (S3) a masked multiple points multiplication operation result, and obtaining (S4) said multiple points multiplication operation result R by unmasking said masked multiple points multiplication operation result R′.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
19.
METHOD, CHIP, AND SYSTEM FOR MANAGING A PHYSICALLY UNCLONABLE FUNCTION CHIP PUBLIC KEY
Provided is a chip for managing a Physically Unclonable Function, PUF, and chip public key. The chip includes at least one PUF type element and at least one hardcoded key, and is configured to receive, from an entity, a request for getting a signed PUF chip public key certificate, generate, as a PUF chip private key, based on the request, a private key relating to the at least one PUF element, and determine, as a PUF chip public key, a public key relating to the at least one PUF element, generate, as a PUF chip public key certificate, a certificate relating to the PUF chip public key, and sign the PUF chip public key certificate using the hardcoded key. Other embodiments disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
20.
METHOD TO PREVENT HIDDEN COMMUNICATION ON A CHANNEL DURING DEVICE AUTHENTICATION, CORRESPONDING VPLMN AND HPLMN
The disclosure concerns a method for preventing transmission of hidden information in a communication channel during a telecommunication terminal authentication phase including transmitting from a telecommunication terminal cooperating with a secure element to a visited PLMN a unique identifier of the secure element; generating at the visited PLMN a required information and sending the unique identifier and the required information to a home PLMN identified by a MCC/MNC in the unique identifier; generating a random value and computing a cryptographic value based on the random value and the required information; generating an authentication vector based on the cryptographic value and the long term key of the secure element, the long term key being associated to the unique identifier, and sending the authentication vector and the random value or only the authentication vector containing the random value instead of the cryptographic value to the visited PLMN.
A system or method of authenticating a biometrically protected device without prior enrollment on that device can include one or more processors and memory where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations of receiving a biometric reading, obtaining an encrypted biometric template from a server if a biometric template is not locally stored on a biometrically protected device to compare with the biometric reading, decrypting the encrypted biometric template from the server in response to a password to provide a decrypted biometric template, storing the decrypted biometric template locally on the biometrically protected device, and authenticating the biometric reading when the decrypted biometric template matches the biometric reading. The encrypted biometric template was previously uploaded to the server via an alternate biometric device.
A data carrier comprises at least one substrate layer and at least one processing layer. The substrate layer and the processing layer are arranged at least partially above one another with respect to an extension direction. The substrate layer is at least regionally transparent. The processing layer comprises pigments that are configured to change an appearance, in particular a translucency and/or an opacity and/or a glossiness and/or a colour, upon an irradiation of electromagnetic radiation.
Establishing a secure link on a second protocol between a secure element and a smart device via a link on a first protocol by establishing a link on the first protocol between the secure element and the smart device, and generating, by the secure element, a communication encryption key and associating a status with the encryption key and assigning the status a first level. Transmitting the key and the status of the key from the secure element to the smart device over the link on the first protocol. The secure element and the smart device are paired over the second protocol thereby establishing a second-protocol link. Transmitting a message encrypted using the key to the smart device over the second-protocol link. Upon verifying the cardholder as an authorized cardholder for the secure element, elevating the status of the communication encryption key from the first level to a second level.
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
H04W 12/47 - Dispositions de sécurité utilisant des modules d’identité utilisant la communication en champ proche [NFC] ou des modules d’identification par radiofréquence [RFID]
A method for authenticating a device, comprising:
sending, from a user device to a server, a data request;
retrieving a predetermined encryption key;
generating and at least a random and a cryptogram using the encryption key and the random;
sending, to the or another user device, the cryptogram and the random, as a data request response;
extracting, from the data request response, the random and storing, at least in a temporary manner, the reference random;
sending, to at least the device, the cryptogram;
decrypting the cryptogram using a predetermined decryption key and obtaining a random;
sending, to the user device, the random;
verifying whether the received random matches or not the reference random; and
authenticating, only if yes, the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is a secure online authentication method of a user by a relying party using a mobile ID document uses a secret to consent to a retrieval of a dedicated data field, wherein an access token is generated, including a proof, which is used by the relying party to transmit an access request to the mobile document issuer, trading the token for an authentication document comprising the personal data related to the dedicated data field by the document issuer to the relying party, wherein the proof verification material is extracted from the authentication document and checked to access said personal data and accepting the online authentication of the user. Other embodiments disclosed.
Provided is a method for post-quantum resistant authentication of a service provider device to a user device, using a legacy certificate of said service provider device and a quantum safe cryptography (QSC) certificate of said service provider device. The method includes verifying by a trusted third party device, using said identifier of the legacy certificate comprised in the QSC certificate, a binding of said QSC certificate to the legacy certificate of the service provider device, and verifying a validity of said QSC certificate by said trusted third party device. The binding and validity have been successfully verified by the trusted third party device, authentication of the service provider device to said user device, using said legacy certificate of the service provider device from which can be obtained said identifier comprised in the QSC certificate whose validity has been verified.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/44 - Authentification de programme ou de dispositif
Provided is a method for controlling a smart card allocated to a user comprising the steps of establishing a wireless communication channel between the smart card and a portable apparatus; determining by the smart card that control of authentication of said user depends on the portable apparatus and requesting accordingly a permission data reflecting a specific right allocated to a function provided by the smart card; capturing an input data from a user through an interface embedded in the portable apparatus; performing, by the portable apparatus, an authentication of the user based on said input data; depending on a result of said authentication, identifying said permission data by the portable apparatus and sending the permission data to the smart card; and activating or deactivating said specific right in the smart card according to the permission data.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
Provided is a method for protecting a program in an integrated circuit product. The method includes creating one or more opcode blocs to respectively replace one or more original opcodes of said program, said opcode bloc comprising a number of fictional opcodes and the corresponding original opcode, said fictional opcodes being to be executed without taking into account their results and without impacting an expected result of said program, said number and a position of the original opcode in said opcode bloc being randomly determined by a random or pseudo random number generator of said integrated circuit product, and executing said one or more opcode blocs.
Provided is a card comprising an antenna connected to a chip, the card comprising: A central PVC core made of recycled PVC supporting the antenna; Two recycled PVC layers, a front side PVC layer and a back side PVC layer, each PVC layer being laminated on a side of the central PVC core, the front side PVC layer being laminated on the side of the PVC core supporting the antenna; Two transparent PET layers, a front side PET layer and a back side PET layer, the PET layers being glued on each of the recycled PVC layers, the front side PET layer being metalized by an aluminum foil; and Two PVC transparent overlays glued on each external face of the card.
B32B 27/30 - Produits stratifiés composés essentiellement de résine synthétique comprenant une résine acrylique
B32B 15/20 - Produits stratifiés composés essentiellement de métal comportant de l'aluminium ou du cuivre
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
30.
A SYSTEM FOR RECEIVING BY A GNB A LOCATION INFORMATION, CORRESPONDING DECIPHERING SERVER AND GNSS CHIPSET
The invention concerns a system for receiving by a gNB a location information sent by a GNSS chipset comprised in a mobile equipment, the location information being part of a signalling message as part of an initial access procedure, before network dedicated signaling ciphering setup procedure occurs, the GNSS chipset returning to the mobile equipment the location information concealed by a crypto scheme that does not need any diversification from one chipset to another, the concealed location information being de-concealed by a deciphering server at the level of the gNB by a reversed crypto scheme that does not need any diversification from one chipset to another for sending the location information in clear to a dedicated 5G core network, the dedicated 5G core network being the one able to handle a communication with the mobile equipment.
G01S 19/37 - Récepteurs - Détails de construction ou détails de matériel ou de logiciel de la chaîne de traitement des signaux - Détails de matériel ou de logiciel de la chaîne de traitement des signaux
H04W 12/03 - Protection de la confidentialité, p.ex. par chiffrement
H04W 12/40 - Dispositions de sécurité utilisant des modules d’identité
31.
A METHOD FOR GRANTING A USER ACCESS THROUGH A USER ACCESS DEVICE HOSTING A CLIENT APPLICATION TO A SERVICE COMING FROM A SET OF SERVICES OF A SERVER APPLICATION HOSTED BY A DISTANT SERVER
A method for granting a user access through a user access device hosting a client application to a service of a server application hosted by a server includes sending by a server application a user authentication request, a primary challenge, an URL, and a unique user identifier to a secure peripheral device hosting a device application, checking the user identity, building a flag using the result of a comparison between user data signals and the ones that have been stored during a user-device binding process, generating a primary response, sending the primary response to the server, verifying the validity of the primary response, and granting or denying the user access to the service.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is a data carrier (1) extending along an extension direction (E) comprises at least one first colour element (2), wherein the first colour element (2) exhibits an appearance under a first illumination and/or exhibits an appearance under a second illumination being different from the first illumination, at least one second colour element (3), wherein the second colour element (3) exhibits an appearance under the first illumination being different from the appearance of the first colour element (2) under the first illumination and/or exhibits an appearance under the second illumination that is different from the appearance of the first colour element (2) under the second illumination.
Provided is a method for managing a transaction with a card allocated to a user comprising establishing a first communication link between the card and a terminal, receiving by the card, a transaction command comprising a parameter specific to the transaction, and, in response to detecting a preset event, turning on an internal battery embedded in the card, using power provided by said internal battery to send the parameter to a portable apparatus distinct from the terminal through a wireless communication channel, then turning off the internal battery, and in response to receipt of the parameter, providing the user with the parameter by the portable apparatus. Other embodiments disclosed.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
Provided is a method for controlling an apparatus configured to perform a plurality of actions. The method comprises the step of establishing a communication channel between the apparatus and a smart card embedding a biometric sensor, the step of retrieving, through the communication channel, a value reflecting a non-biometric data captured by the biometric sensor, and the step of identifying and performing, by the apparatus, one action of said plurality of actions depending on said value. Other embodiments disclosed.
The disclosure concerns a method of replacing a current key in a security element co-operating with a terminal in a network operated by a network operator, the method includes trying to decrypt the encrypted message by using the current key; selecting in a table stored in the secure element another key and try to decrypt the encrypted message by using the other key; replacing atomically the current key by the rescue key and do not use the current key anymore, the rescue key replacing the current key and, otherwise, try to decrypt the encrypted message by using another rescue key of the window if such another rescue key exists, until all rescue keys have been selected and used for decrypting the encrypted message and, if none of the rescue keys permit to decrypt the encrypted message, select the blocking key; and blocking the corresponding functionality of the security element.
H04W 12/03 - Protection de la confidentialité, p.ex. par chiffrement
H04W 12/047 - Gestion des clés, p.ex. par architecture d’amorçage générique [GBA] sans l’utilisation d’un nœud de réseau fiable comme ancre de confiance
36.
METHOD TO MONITOR THE MANAGEMENT OF NETWORK SLICES
Provided is a method to monitor the management of network slices by a communication device (ME) having a secure element (USIM), said communication device being compliant with at least a technology implementing network slicing using a route selection policy, said communication device further supporting a USIM application toolkit framework implementing event download envelops, said secure element having a memory to store rules for the route selection policies, said method comprising the steps of, for the communication device active in a network of the technology implementing network slicing. It receives a slice status and slice information from the network, and pushes the slice status and slice information to the secure element using an event download envelop as defined in the USIM application toolkit framework supported by the communication device.
Provided is a low capability device (UE) active in a communication system comprising a plurality of satellites (Si, Sj) insuring a temporally continuous communication coverage for the low capability device (UE), said satellites being further grouped in families (S1x), satellites of a same family (S1x) sharing same and common access information, said device (UE) comprises a power saving module to send to the serving satellite (S11), during a first data session, a next access request for a next or continued data session with time indications including at least a desired next time interval to be granted for communication. Other embodiments disclosed.
A device comprises a hash tree including a root node and a leaf node. An issuing authority having agreed to generate a signature of the root node after having successfully checked validity of an attribute stored in the leaf node. The device identifies a subset of nodes by using a template specifying the structure of the hash tree, said subset comprising, for all paths of the hash tree that do not comprise said leaf node, the node which is the closest to the reference root node and which does not belong to the path comprising said leaf node. A verifier computes a test hash and then computes a test root node by applying a preset rule. The verifier checks that the signature is valid using a data whose authenticity is certified by the issuing authority.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
39.
ASSEMBLY FOR SHIELDING AT LEAST ONE RADIO-FREQUENCY CHIP AND METHOD FOR MAKING THE SAME
Provided is an assembly that includes a first shield part and a second shield part. The first shield part is foldable on the second shield part. Each of the first shield part and the second shield part includes or is connected to at least one closure element, so that the at least one closure element associated with the first shield part is in contact with at least one corresponding closure element associated with the second shield part. The contact allows ensuring an electrical continuity between the first shield part and the second shield part and generating a Faraday cage. Other embodiments disclosed.
Provided is a method for steering a terminal cooperating with a secure element in a telecommunication network to the user's home MNO or MVNO. The method includes steps of Detecting (10) a cell ID change in the telecommunication network; Verifying (11) that the terminal is present in another country than his MNO/MVNO; Verifying (12) if the secure element is connected to his MNO/MVNO; Verifying (13) if the cell ID is already memorized in the terminal or the secure element; Clearing the location information files of the secure element and make a Refresh (14) of the secure element; Verifying (15) again if the secure element is connected to the home MNO or MVNO; and G-Storing (16) the cell ID of the current telecommunication network in the terminal or in the secure element with the associated national MNO partner if it has not been previously stored.
H04W 48/18 - Sélection d'un réseau ou d'un service de télécommunications
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 48/16 - Exploration; Traitement d'informations sur les restrictions d'accès ou les accès
41.
A Method to Enable a Multi-IMSI Solution within 5G Networks
Provided is a method for attaching a terminal cooperating with a secure element to the network of a MNO of a visited country. The method includes steps of switching a set of files of said secure element to a new value, including a new SUPI, called entity support SUPI; Building at the level of said secure element an entity support SUCI; Routing an attachment request to said support entity with said entity support SUCI; Decrypting in said support entity said entity support SUCI back in said entity support SUPI; and Swapping said support entity SUPI to the SUPI corresponding to the MNO of the home country. If an authentication is performed that is positive, an attachment acknowledgement message is sent to connect said terminal to said network of said MNO of said visited country.
H04W 60/04 - Rattachement à un réseau, p.ex. enregistrement; Suppression du rattachement à un réseau, p.ex. annulation de l'enregistrement utilisant des événements déclenchés
H04W 12/0431 - Distribution ou pré-distribution de clés; Mise en accord de clés
Provided is a telecommunications system comprising a core network, an Integrated Access Backhaul donor arranged in connection with the core network; and a plurality of Integrated Access Backhaul nodes connected to one Integrated Access Backhaul donor, either directly or by means of other Integrated Access Backhaul nodes. At least some of the Integrated Access Backhaul nodes are configured to operate in different backhauling profiles, and at least some of these Integrated Access Backhaul nodes comprise a UICC which is configured to manage a set of backhauling profiles of the corresponding Integrated Access Backhaul node.
Provided is a method for performing a plurality of cryptographic operations, that upon reception of a request to perform one of said cryptographic operations, prevents an execution by said processing system of said requested cryptographic operation until a predetermined waiting time (G) has elapsed, and before said predetermined waiting time has elapsed, receives one or more requests to perform another cryptographic operation, and after said predetermined waiting time (G) has elapsed, answers (S3) said requests by executing operations comprising mutualized calculations. The method determines said waiting time depending on execution times of said cryptographic operations to be performed and of said mutualized calculations.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
44.
NEURAL NETWORK CRYPTOGRAPHY COPROCESSOR PROVIDING COUNTERMEASTURE AGAINST SIDE-CHANNEL ANALYSIS
Provided is a method for securing a security device against side-channel analysis attacks while performing a sensitive operation. It includes training an attack neural network to perform a side-channel attack against the security device while performing a sensitive operation, creating a training data set for a protective neural network by applying a plurality of elementary protection combinations to the sensitive operation while performing the sensitive operation, training a protective neural network executing on a coprocessor of the security device using the training data set for the protective neural network, and programming the coprocessor of the security device with the set of parameters for the protective neural network. Other embodiments disclosed.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
Provided is an authentication method, the method comprising sending, by an entity, to a chip, at least one request for getting data; receiving, by the entity, from the chip, data; and, authenticating, by the entity, based on the received data, a family relating to the chip. Other embodiments disclosed.
The present disclosure relates to a method for securing an execution of an algorithm of a cryptographic process comprising several operations Oj with n,j integers and j in [0 . . . n−1], to be executed each once for a complete execution of said algorithm and which may be executed independently,
said method being performed by a processor of a cryptographic device and comprising, for one execution of said algorithm, repeating the following steps, until each of said several operations has been executed at least once:
drawing at random an operation to be executed among all several operations comprised in the algorithm,
executing said drawn operation.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
47.
Contactless system and method for reducing electromagnetic disturbances of said contactless system
Provided is a contactless electronic system configured for contactless communications with a reader over an electromagnetic field and comprising a power supply, a current monitor, a processing system comprising a hardware processor configured for performing operations, a dynamic extra current loader and a clock generator, wherein the power supply includes a clamp circuit, and wherein, continuously until the end of an execution phase of said hardware processor. The current monitor is configured for determining the maximal current Imax that can be provided by the power supply to the processing system from the electromagnetic field by comparing a current into the clamp circuit to at least one predetermined threshold. Other embodiments disclosed.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
Provided is a method for providing a One-Time-Password by an OTP device that when configured establishes a communication session between the OTP device and a card embedding a biometric sensor, sends to the card, a request to get a cryptographic value computed from an identifier of the card, tries to authenticate a user through said biometric sensor and automatically releasing the cryptographic value in case of success only, sends the cryptographic value from the card to the OTP device, checks, by the OTP device, the cryptographic value by using a reference value, and provides the One-Time-Password by the OTP device only in case of success. Other embodiments disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A neural network is trained to match digital samples to categories in a set of categories and when presented with at least one golden sample, which is a sample outside the set of categories, to output a probability vector indicative of a preposterous result that the golden sample is matched to a predefined category in the set of categories. The secure computer system is programmed with the trained neural network, adapted to receive digital samples and to present the digital samples to the trained neural network. As an integrity check, the computer system, is caused to present the golden sample to the trained neural network and if the neural network outputs a probability vector classifying the golden sample into a predefined category in a way that is a preposterous result, declaring the neural network as uncompromised and, otherwise, declaring the neural network as compromised.
Provided is a security assembly including at least one substrate element, at least one first pattern, and at least one second pattern. The at least one first pattern is associated with the at least one substrate element. The at least one first pattern is at least in part translucent or transparent. The at least one second pattern is associated with the at least one substrate element. Each of the at least one first pattern overlaps at least in part the at least one second pattern. Upon viewing the assembly, the at least one first pattern and the at least one second pattern are configured to generate, at at least one side of the assembly, at least one third pattern, each of the at least one third pattern including an optically variable image. Other embodiments disclosed.
Provided is a method to update an OS installed in a secure element on an OS update platform exposing the same ES9+ interface as an SM-DP+, the secure element being an eUICC or an iUICC cooperating with a terminal, the secure element and the terminal being comprised in a device. The method comprises loading an OS update script in the OS update platform of the secure element manufacturer, triggering the LPA of the terminal to connect to the OS update platform by using the ES9+ SM-DP+ protocol, downloading by the LPA the OS update script in an ISD-P of the secure element and installing the OS update script in the ISD-P of the secure element, and after the installation of the OS update script in the ISD-P, return by the secure element an execution result to the OS update platform through the LPA.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/30 - Authentification, c. à d. détermination de l’identité ou de l’habilitation des responsables de la sécurité
H04W 8/20 - Transfert de données utilisateur ou abonné
52.
METHOD FOR SECURING AN AES BLOCK CIPHER ALGORITHM AGAINST HIGH-ORDER SIDE-CHANNEL ATTACKS
Provided is a method for securing against high-order side-channel attacks wherein a substep of field inversion is performed by a cryptographic device. The method includes computing (S1) a Dirac output value, adding (S2) said Dirac output value to one of said shares of the first set of shares to obtain a second set of shares, performing a conversion of the second set of shares (S3) from said (n+1) additive sharing to a (n+1)-multiplicative sharing, performing an inversion of each share of the (n+1)-multiplicative sharing (S4), performing a conversion of the inverted shares (S5) from said multiplicative sharing to a (n+1)-additive sharing to obtain a third set of shares, and adding (S6) said Dirac output value to one of said shares of the third set of shares. Other embodiments disclosed.
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
53.
Method for manufacturing a smart card with positioning of a metal insert
Provided is a method for manufacturing a metal smart card comprising a metal insert having a peripheral edge extending to the peripheral edge of the card and at least one printed cover sheet. The method comprises the steps of assembling a printed support sheet and at least one insert using an assembly tray comprising elements for positioning the support sheet and each insert, and extracting each metal smart card from the printed support sheet by cutting or machining the sheet around a periphery of the insert. Other embodiments disclosed.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
54.
METHOD FOR SECURE, TRACEABLE AND PRIVACY-PRESERVING DIGITAL CURRENCY TRANSFER WITH ANONYMITY REVOCATION ON A DISTRIBUTED LEDGER
The present disclosure relates to a method for secure, traceable and privacy-preserving with anonymity revocation digital currency transfer to at least a first user from a second user among a plurality of banked and unbanked users by using a distributed ledger comprising a plurality of ledger nodes, wherein said users perform Digital Currency transfers by adding transactions on this ledger using user devices configured to be connected to said nodes, to a registration authority and to a revocation authority, said authorities owning each one a public/private key pair, comprising:
an enrollment phase, performed by a user device of said first user, comprising:
sending to the registration authority evidence of the first user's identity,
generating a first user identification key pair comprising a first user identification public key and a first user identification secret key,
sending to the registration authority said generated first user identification public key,
receiving from the registration authority a signed token generated by the registration authority after the registration authority verified first user's identity based on said evidence, said signed token being generated by signing with the registration authority secret key a token comprising said first user identification public key and said first user's identity encrypted with said revocation authority public key,
a transaction phase, performed by said user device of said first user, comprising: participating with said second users in a Digital Currency transfer transaction to be added to the distributed ledger,
wherein said signed token enables the revocation authority to revoke first user's anonymity by retrieving first user's identity.
G06Q 20/10 - Architectures de paiement spécialement adaptées aux systèmes de banque à domicile
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is an execution system including a central processing unit (CPU), a system memory (SM) storing a genuine program (cGC) having ciphered instructions (Cl) stored at determined addresses. A secure agent component (SAC) is dedicated to the protection of the execution of the cGC. The SAC comprises a signature register (SR) storing an instruction flow signature depending on previously executed instructions and a ciphering/deciphering module. A new instruction flow signature is determined depending on instruction and on an instruction flow signature of the previous instruction in the instruction flow of the cGC before storing this new instruction flow signature in the signature register (SR). Other embodiments disclosed.
Provided is a system on chip comprising a memory controller having a clock synchronization circuitry based on a locked loop. The system on chip further comprises a voltage glitch attack detector configured to monitor a clock synchronization signal generated by the clock synchronization circuitry and check whether the monitored clock synchronization signal is a nominal signal or a signal characteristic of a voltage glitch attack. The voltage glitch attack detector may be a software detector executed by a processing unit. Other embodiments disclosed.
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
G06F 21/81 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur en agissant sur l’alimentation, p.ex. en branchant ou en débranchant l’alimentation, les fonctions de mise en veille ou de reprise
H03L 7/081 - Commande automatique de fréquence ou de phase; Synchronisation utilisant un signal de référence qui est appliqué à une boucle verrouillée en fréquence ou en phase - Détails de la boucle verrouillée en phase avec un déphaseur commandé additionnel
Provided is a system for execution protection using data colouring. The system includes a central processing unit (CPU), a system memory (SM) and a secure agent component (SAC). The SAC monitors memory access instructions occurring between the CPU and SM. The SAC comprises a colour memory (CM) storing a colour tag for each memory address of the system memory (SM). The SAC stores instructions at a destination address, and copies the colour tag stored at the instruction address in the colour memory to the destination address in the colour memory (CM) while storing data. The SAC loads instruction at a retrieval address, and compares the colour tag stored at the retrieval address and the colour tag at the load instruction in the colour memory (CM). A dysfunction is detected if colour tags are different. Other embodiments disclosed.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
Provided is a method for recognizing an individual by fusing a first match result generated by a first single-modal biometric recognition system of a first biometric modality and a second match result generated by at least one second single-modal biometric recognition system of a second biometric modality into a fused match result. Machine leaning based on training of retrieved data is performed to obtain optimized parameters meeting a target performance metric. Parameters of a fusion model are updated with the optimized parameters in a database, which is then applied to match results to recognize the individual. Other embodiments disclosed.
Ensuring user privacy in a publisher-subscriber communications environment. Storing, by a user-identifier mapping server, a user-identity database mapping user identity to subscriber-anonymized user identifier and subscriber identifier for users of said plurality of subscribers. Receiving, by the user-identifier mapping server, an information-request message from a subscriber, the information-request message concerning a notification message from a publisher, the notification message including an anonymized username of a first user of the publisher and wherein the username of the first user is anonymized using the one-way anonymization function. Upon receiving, by the user-identifier mapping server, the information-request message, determining from the user-identity database whether the first user is a user of the subscriber and transmitting a response message to subscriber indicating whether the first user is a user of the subscriber.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The present disclosure relates to a method for sending a message from a remote server to a terminal, the remote server and the terminal sharing a secret key, the method comprising:
i—Sending from the terminal to the remote server a first identity;
ii—Retrieving at the remote server the first identity and retrieving the secret key based on the first identity;
iii—At the remote server, choosing a random number and generating a second identity thanks to the first identity, the random number and the secret key;
iv—At the remote server, generating a signature from the first identity, the message, a counter value, the random number and the secret key;
v—At the remote server, generating a first response for the terminal, the first response being a concatenation of the message, a counter value, the signature and the random number, and ciphering the first response with the secret key and sending the first ciphered response to the terminal;
vi—At the terminal, deciphering the first ciphered response with the secret key to obtain the first response, retrieving the message, the counter value, the signature and the random number, deriving the expected signature of the first response, verifying that the signature is equal to the expected signature and verifying that the counter value is correct, and if it is correct, derive the second identity from the first identity, the secret key and the random number.
Provided is a method for generating a physical unclonable function PUF response by a PUF circuit of an electronic device, said PUF circuit comprising pairs of electronic components called PUF primitives implementing said physical unclonable function, by obtaining a challenge (S1), generating PUF output bits (S2) by applying said physical unclonable function to said obtained challenge, and generating said PUF response (S3) from said generated PUF output bits verifying υ > δυ +|T| or υ < -δυ -|T| with δυ a predetermined threshold. In some embodiments it maximizes a PUF response entropy based only on the analog differential values generated by the comparators of the electronic device. Other embodiments disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H03K 19/17768 - Circuits logiques, c. à d. ayant au moins deux entrées agissant sur une sortie; Circuits d'inversion utilisant des éléments spécifiés utilisant des circuits logiques élémentaires comme composants disposés sous forme matricielle - Détails structurels des ressources de configuration pour la sécurité
62.
METHOD OF IMPLEMENTING A PHYSICAL UNCLONABLE FUNCTION
Provided is an electronic device and a method thereof for repairing response bits of a physical unclonable function of an electronic device, said physical unclonable function outputting said response bits and additional output bits. The method includes generating a PUF response from said response bits (S1), detecting an error in the PUF response (S2), determining erroneous response bits of the PUF response (S3), determining a match (S4) between each determined erroneous response bit and a selected additional output bit such that replacing the erroneous response bits by the matching additional output bits corrects the error in the PUF response, storing said determined match in a repair list (S5), and replacing (S6) in the PUF response said erroneous response bits with the matching additional output bits in the repair list. Other embodiments disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
63.
METHOD, USER DEVICE, VERIFIER DEVICE, SERVER AND SYSTEM FOR AUTHENTICATING USER DATA WHILE PRESERVING USER PRIVACY
A method comprises:
receiving, by a user device, from a verifier device, a request for user data;
retrieving a first cryptogram and a decryption key;
sending and, to a server, the first cryptogram;
retrieving a random and a second cryptogram generated using reference user authentication data concatenated with the random;
sending, to the verifier device, the second cryptogram and the random;
storing the reference random;
sending, to the user device, the second cryptogram;
decrypting the second cryptogram using the decryption key;
extracting the reference user authentication data and the random;
providing, the user device, with user authentication data;
verifying that it matches the reference user authentication data;
providing, the verifier device, with the random;
verifying that it matches the reference random; and
authenticating the user data.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is a method for enrolling a cardholder of a biometric payment card by using a biometric sensor located on the biometric payment card. Other embodiments disclosed. The method includes receiving biometric information from the biometric sensor, adding the received biometric information to a biometric template for the cardholder, determining whether the biometric information completes a biometric template, and verifying the cardholder of the payment card as being a legitimate user of the payment card. Upon positive verification of the cardholder and positive determination that the biometric template is complete, the method transmits a notification of completed biometric-use authentication enrollment. Other embodiments disclosed.
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
65.
Method for manufacturing a metal chip card with mini relay antenna
Provided is a method for manufacturing a radiofrequency chip card. The method comprises the steps of: forming a card body comprising a relay antenna and an insulating cover layer on at least one main face of the card, arranging a module equipped with a radiofrequency module antenna on the card body opposite the relay antenna for radiofrequency coupling; forming a metal insert in the card body, the insert extending up to the edges of the card and comprising a space permeable to the radiofrequency field opening on at least one of the two main faces of the insert and comprising the relay antenna inside and/or opposite this space. Provided also is a corresponding card produced by the method.
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
The present invention relates to a method for protecting a program in a computer system, the method comprising:
when a subroutine of said program is called, pushing a return address on to a stack to start forming a stack frame;
when pushing said return address, generating a checksum for said stack frame;
each time a predetermined opcode is detected for said subroutine, updating said checksum according to an operand associated with said predetermined opcode;
if the predetermined opcode is a pop opcode, in addition to said updating, determining whether the operand associated with said pop opcode is said return address;
if it is determined that said operand is said return address, verifying said checksum before executing said predetermined opcode in order to detect an attack.
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
67.
Manufacturing method of a radio-frequency smart card with a metal inlay assembly
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
The present invention relates to a method for authenticating a document comprising at least one line of anti-counterfeit patterns spaced from each other, the positions of the anti-counterfeit patterns being random, and a partial anti-counterfeit pattern being provided at an edge line of said document, the method comprising the following steps of:
The present invention relates to a method for authenticating a document comprising at least one line of anti-counterfeit patterns spaced from each other, the positions of the anti-counterfeit patterns being random, and a partial anti-counterfeit pattern being provided at an edge line of said document, the method comprising the following steps of:
receiving a digital image of said document, said digital image comprising said partial anti-counterfeit pattern in a first edge area corresponding to said edge line;
The present invention relates to a method for authenticating a document comprising at least one line of anti-counterfeit patterns spaced from each other, the positions of the anti-counterfeit patterns being random, and a partial anti-counterfeit pattern being provided at an edge line of said document, the method comprising the following steps of:
receiving a digital image of said document, said digital image comprising said partial anti-counterfeit pattern in a first edge area corresponding to said edge line;
selecting said first edge area;
The present invention relates to a method for authenticating a document comprising at least one line of anti-counterfeit patterns spaced from each other, the positions of the anti-counterfeit patterns being random, and a partial anti-counterfeit pattern being provided at an edge line of said document, the method comprising the following steps of:
receiving a digital image of said document, said digital image comprising said partial anti-counterfeit pattern in a first edge area corresponding to said edge line;
selecting said first edge area;
copy-pasting said first edge area adjacent to a second edge area of the digital image to generate a combined digital image, said second edge area being opposite to said first edge area, wherein content, which is comprised in said second edge area and located on the same line as said partial anti-counterfeit pattern, and said partial anti-counterfeit pattern jointly form a combined pattern;
The present invention relates to a method for authenticating a document comprising at least one line of anti-counterfeit patterns spaced from each other, the positions of the anti-counterfeit patterns being random, and a partial anti-counterfeit pattern being provided at an edge line of said document, the method comprising the following steps of:
receiving a digital image of said document, said digital image comprising said partial anti-counterfeit pattern in a first edge area corresponding to said edge line;
selecting said first edge area;
copy-pasting said first edge area adjacent to a second edge area of the digital image to generate a combined digital image, said second edge area being opposite to said first edge area, wherein content, which is comprised in said second edge area and located on the same line as said partial anti-counterfeit pattern, and said partial anti-counterfeit pattern jointly form a combined pattern;
authenticating said document by taking into account said combined pattern.
G06V 30/40 - Reconnaissance des formes à partir d’images axée sur les documents
G06V 10/70 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique
Provided is a method for facilitating the renewing of a digital identity document. It includes receiving a request for renewing a digital identity document; checking whether said digital identity document can be renewed, if the check result is positive, creating an up-to-date validity-related data item to be associated with said digital identity document and to be inspected by a verifier when the validity of said digital identity document must be assessed; and sending said up-to-date validity-related data item to a device of a user of said digital identity document so that a validity-related data item previously associated with said digital identity document can be replaced by said up-to-date validity-related data item at the user's side.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is a data carrier comprising a card body, wherein the card body is configured to interact with impinging electromagnetic radiation (R) such, that a laser marking (M1) having a first appearance (A1) is generated in the card body in the region of impingement. The data carrier further comprises at least one protection element that is configured to interact with impinging electromagnetic radiation (R) such, that a laser marking (M2) having a second appearance (A2) is generated in the card body, wherein said second appearance (A2) differs from the first appearance (A1).
Provided is a method and device for securing a software code. The steps include determining a salt value, generating an encrypted sensitive string by applying to said sensitive string an encryption process depending on the salt value and on an encryption key, concatenating the salt value and the encrypted sensitive string to obtain a concatenated result, and replacing in said software code said sensitive string by a protected value depending on said concatenated result. Other embodiments disclosed.
Provided is a process for manufacturing a standard chip-card module comprising metallized contacts (P1-P6) defining a graphic design comprising visible parts formed from lines, segments or dots, a first portion (2A, 12A) of which passes right through the thickness of the metallized contacts (P1-P6) and a second portion (2B, 12B) of which is formed only superficially on the upper external surface of the metallized contacts (P1-P6). The second portion (2A, 12A) is produced in the continuity of the first portion, to form said graphic design. Other embodiments directed to a module resulting from the process is disclosed.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
G06K 1/12 - Méthodes ou dispositions pour marquer les supports d'enregistrement sous la forme numérique autrement que par poinçonnage
73.
Method for transmitting an existing subscription profile from a MNO to a secure element, corresponding servers and secure element
A method for transmitting a subscription profile that includes transmitting from a POS of the MNO the unique identifier of the secure element to a SM-DP; creating or reserving the subscription profile at the SM-DP; provisioning in a D-HSS server having the first MCC/MNC the unique identifier and a temporary IMSI including a second MCC, a second MNC; provisioning in the HSS of the MNO the temporary IMSI and an ephemeral Ki; at the first attempt of the secure element to connect to the D-HSS server with its temporary profile, exchanging data in signaling messages between the secure element and the D-HSS for provisioning the secure element with the temporary IMSI; at the next attempt of the secure element to connect to the MNO network with the temporary IMSI, open an APN and send from the SM-DP to the secure element the subscription profile.
H04M 1/66 - COMMUNICATIONS TÉLÉPHONIQUES Équipement de sous-station, p.ex. pour utilisation par l'abonné avec des moyens pour empêcher les appels non autorisés ou faux appels
H04L 5/14 - Fonctionnement à double voie utilisant le même type de signal, c. à d. duplex
H04W 4/50 - Fourniture de services ou reconfiguration de services
H04W 4/70 - Services pour la communication de machine à machine ou la communication de type machine
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/26 - Adressage ou numérotation de réseau pour support de mobilité
H04W 12/04 - Gestion des clés, p.ex. par architecture d’amorçage générique [GBA]
Provided is a an electronic system (1) comprising a plurality of sub blocks (21, 22, . . . ), a differential amplifier (3), a voltage regulation loop comprising a first transistor (40) and a variable resistor (5), and a plurality of additional transistors (41, 42, . . . ). The input reference voltage (VRF) and the variable resistor are configured such that a first sub block (21) is supplied with its required power supply output voltage (VDD1) by the transistor to which it is connected. The amplifier is configured to output on each of its outputs a power supply reference voltage (VG1, VG2 . . . ) such that each sub block (22, . . . ) other than the first sub block is supplied with its required power supply output voltage (VDD2 . . . ) by the transistor to which it is connected.
G06F 1/26 - Alimentation en énergie électrique, p.ex. régulation à cet effet
H02M 3/155 - Transformation d'une puissance d'entrée en courant continu en une puissance de sortie en courant continu sans transformation intermédiaire en courant alternatif par convertisseurs statiques utilisant des tubes à décharge avec électrode de commande ou des dispositifs à semi-conducteurs avec électrode de commande utilisant des dispositifs du type triode ou transistor exigeant l'application continue d'un signal de commande utilisant uniquement des dispositifs à semi-conducteurs
75.
METHODS AND SYSTEMS FOR TRAINING A MACHINE LEARNING MODEL
A computer-implemented method for training a machine learning model, the method comprising: obtaining a machine learning model comprising a plurality of computational layers, the layers being arranged such that outputs from one or more of the layers serve as inputs to other ones of the layers; identifying one or more of the layers as comprising one or more functions that are not compatible with a homomorphic encryption scheme; replacing the one or more functions with alternative functions, wherein the alternative functions are functions that are compatible with the homomorphic encryption scheme and which provide an approximation of the respective functions that they replace; and sending the model to a third party to train the model using a set of training data.
Provides is an assembly for sealing a juncture of a cable in a wall. The wall includes at least one aperture. The aperture is used for coupling a connector comprised in the cable. A cable end is provided with at least one flange. The flange surrounds at least in part the cable end. The assembly includes at least one strain relief element. The strain relief element is configured, once in a position to cooperate with the wall and the flange, to press, directly or indirectly, the flange against the wall when the connector is coupled while the strain relief element remains attached to the wall, so that the flange surrounds, directly or indirectly, the aperture and prevents, directly or indirectly, any foreign matter from passing the juncture of the cable at the aperture.
Provided is a method for managing a sensitive data in which each authentication factor in a set of authentication factors has been uniquely assigned a group containing several secret shares generated by using a secret sharing scheme. It includes verifying via an authentication factor to generate a score reflecting a level of confidence of the verification, wherein a subset of the secret share(s) assigned to the authentication factor is added to a collection, the subset comprising a number of secret share(s) depending on both said score and a predefined parameter associated with the authentication factor. Sensitive data is built from the secret shares of the collection by applying a predefined algorithm associated with the secret sharing scheme.
Provided is a method for securely performing a public key algorithm comprising cryptographic computations using a private key. It includes selecting (S1), by a server device, a set of mutually coprime integers (p1,...,pn) as a base of a Residue Number System (RNS-base B), with n an integer; computing (S2), by said server device, a RNS representation of said private key, said RNS representation of an integer x in [0, P-1], with P the product of every elements of the base, being the list (x1, ...xn) with xi = x mod pi, i being an integer in [1,n]; sending (S3), by said server device, the computed RNS representation to a client device; and performing (S4), by said client device, the cryptographic computations of the public key algorithm in said RNS base using said sent RNS representation.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
Provided is a method for managing a biometric sensor configured to collect a captured biometric data and a secure element able to communicate with the biometric sensor through a communication channel. The method comprises receiving a specific data by the biometric smart card, and checking the specific data by using a control data pre-stored in the biometric smart card. Only if said checking is successful, it then executes an erasing command for removing said reference biometric data from the biometric smart card and a disabling command for permanently deactivating the communication channel.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/88 - Détection ou prévention de vol ou de perte
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
80.
Deep learning based fingerprint minutiae extraction
Provided is a computer-implemented deep-learning-based method for extracting minutiae from a latent friction ridge image. The method comprises training a minutiae extraction model though a deep-learning network with ground truth latent friction ridge images as training samples, and, inputting a latent friction ridge image into the minutiae extraction model to extract minutiae of the latent friction ridge image, wherein the model outputs locations and directions for the extracted minutiae. The deep-learning network includes a base network configured to generate a minutiae feature map from a latent friction ridge image, a Region Proposal Network (RPN) configured to propose minutiae locations and directions from the minutiae feature map, and a Region-Based Convolutional Neural Network (RCNN) configured to definitely decide minutiae locations and directions from RPN's proposal.
G06F 18/21 - Conception ou mise en place de systèmes ou de techniques; Extraction de caractéristiques dans l'espace des caractéristiques; Séparation aveugle de sources
G06F 18/2113 - Sélection du sous-ensemble de caractéristiques le plus significatif en classant ou en filtrant l'ensemble des caractéristiques, p.ex. en utilisant une mesure de la variance ou de la corrélation croisée des caractéristiques
G06F 18/214 - Génération de motifs d'entraînement; Procédés de Bootstrapping, p.ex. ”bagging” ou ”boosting”
G06T 5/20 - Amélioration ou restauration d'image en utilisant des opérateurs locaux
G06T 5/90 - Modification de la plage dynamique d'images ou de parties d'images
G06V 10/50 - Extraction de caractéristiques d’images ou de vidéos en utilisant l’addition des valeurs d’intensité d’image; Analyse de projection
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 20/20 - RECONNAISSANCE OU COMPRÉHENSION D’IMAGES OU DE VIDÉOS Éléments spécifiques à la scène dans les scènes de réalité augmentée
81.
METHOD FOR TESTING IF A DATA ELEMENT BELONGS TO A LIST OF REFERENCE DATA ELEMENTS
Provided is a method for testing if a candidate data element, belongs to a list of reference data elements, performed by a client device (102) and comprising the steps of generating an encrypted candidate data element (y′) by encrypting said candidate data element (x′) with a leveled fully homomorphic encryption scheme, transmitting said encrypted candidate data element (y′) to a server device (103), storing said reference data elements (xi) receiving, from said server device, a delta value depending on a product of differences, decrypting said delta value with said leveled fully homomorphic encryption scheme, based on said decrypted delta value, determining whether said candidate data element (x′) belongs to said list of reference data elements (xi). Other embodiments disclosed.
Provided is a method for pushing data to a mobile network operator (MNO), the method being suitable to be implemented by a server and comprising the following steps of: receiving, from the MNO, a message comprising at least one communication pattern associated with at least one device identifier identifying a type or a provider of a device; receiving, from a user, a request for downloading a subscription profile of the MNO; sending, in response to the request, the subscription profile to a device of the user; identifying, from the at least one communication pattern, a communication pattern applicable to the subscription profile according to device data obtained from the request; and pushing data comprising an identifier of the subscription profile and the applicable communication pattern to the MNO.
Provided is a method for connecting a terminal cooperating with a secure element to a second network, the secure element having a subscription from a first network whilst the secure element is roaming on a third network, the secure element storing the PLMN code of the second network, called second PLMN code, and the PLMN code of the third network, called third PLMN code, the second PLMN code having a higher priority than the third PLMN code in the OPLMN roaming file, the second PLMN having no roaming agreement with the first network nor the third network, and the third network having a coverage that overlaps at least a part of the coverage of the second network, the method comprising, when it is detected that the second network has rejected the attachment request of the terminal.
H04W 48/18 - Sélection d'un réseau ou d'un service de télécommunications
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 8/02 - Traitement de données de mobilité, p.ex. enregistrement d'informations dans un registre de localisation nominal [HLR Home Location Register] ou de visiteurs [VLR Visitor Location Register]; Transfert de données de mobilité, p.ex. entre HLR, VLR ou réseaux externes
84.
Method for securely diversifying a generic application stored in a secure processor of a terminal
Provided is a method for securely diversifying a generic application stored in a secure processor of a terminal, said method comprising: Generating at the request of a manager application hosted in an application processor of said terminal, at the level of a distant server, a server challenge; Sending said server challenge to said application; Generating a first message at said application, said first message being function of said server challenge, an application challenge and an unique identifier of said application; Sending said first message to a Root-Of-Trust service hosted in a secure processor of said terminal, said Root-of-Trust service generating an attestation of said first message, said attestation guaranteeing that said first message has not been modified and originates from said secure processor; and Transmitting said attestation of said first message to said distant server in an enablement request message.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
Provided is a method for establishing a secure connection from a chip to a network. The method comprises sending a connection request with a decentralized identifier address, sending a request for getting a decentralized identifier, sending, to the network, the decentralized identifier, sending, to the chip, an authentication request with data, and determining and sending, to the network, authentication data, and authenticating the chip. It further include sending, to the ledger, a request for getting subscription data associated with the decentralized identifier address, verifying, whether the decentralized identifier address is associated with a subscription wallet address or a subscription address in an operator wallet sending, to the network, associated subscription data, verifying whether valid, and establishing, when valid, a connection to the chip.
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
86.
CONTACTLESS SYSTEM AND METHOD FOR REDUCING ELECTROMAGNETIC DISTURBANCES OF SAID CONTACTLESS SYSTEM
Provided is a contactless electronic system configured for contactless communications with a reader over an electromagnetic field and comprising a power supply, a current monitor, a processing system comprising a hardware processor configured for performing operations, a dynamic extra current loader and a clock generator. The current monitor is configured for determining maximal current Imax that can be provided by the power supply to the processing system from the electromagnetic field, and is configured for comparing, during an execution phase of said hardware processor, said determined maximal current Imax and a current drawn by the processing system.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
87.
METHOD FOR SECURE EXECUTING OF A SECURITY RELATED PROCESS
Provided is a method for executing a security related process comprising at least a first operation and a subsequent programming operation of a memory area in a first memory row of a first memory of a system and using as input security data stored in said second memory of said system, wherein said first memory is a non-volatile memory and said system comprises a first memory charge pump. The method comprises, when the execution of said security related process is triggered: opening (S2) the first memory row, charging (S3) said first memory charge pump, performing (S4) said first operations of the security related process, based on said security data from the second memory, and performing (S5) said programming operation of said memory area in said opened first memory row using said charged charge pump.
G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p.ex. les mémoires adressables directement
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
88.
METHOD FOR SECURING A SECURITY DOCUMENT AND SECURITY DOCUMENT OBTAINED WITHI THIS METHOD
Provided is a method for securing a security document comprising at least personal data pages and a cover sheet placed outside the personal data pages, the method comprising, during security document manufacturing, a step of stitching the personal data pages and the cover sheet together by means of an upper thread and a lower thread interlaced together and a step of treating at least a part of the stitching with ultrasonic welding so as to structurally modify the thread.
Provided is an anti-counterfeit label with multi-focus multi-layer depth-of-field images. The anti-counterfeit label is sequentially provided with a multi-focus microlens array layer, a transparent base membrane layer and a microtext array layer from top to bottom in a laminating mode, and a metal reflective layer is arranged under the microtext array layer; the multi-focus microlens array layer comprises microlenses which are distributed in an array mode and have multiple focuses; the microtext array layer comprises one set or multiple sets of subunit pattern periodic ordered arrays. The anti-counterfeit label has the advantages that the microtext array layer can be amplified by 80-800 times by the multi-focus microlens array layer. The anti-counterfeit label is particularly suitable for popular anti-counterfeiting and can effectively improve the anti-counterfeit capacity.
METHOD TO DYNAMICALLY SELECT A MOBILE OPERATOR SUBSCRIPTION BASED ON THE TERMINAL LOCATION, ON THE RECEIVED SIGNAL STRENGTHS AND ON BUSINESS AGREEMENTS, CORRESPONDING SECURE ELEMENT AND HOME SUBSCRIBER SERVER
Provided is a method for dynamically selecting a mobile subscription for a secure element cooperating with a terminal in a telecommunication system comprising a network visited by the terminal and a HSS of a server The method includes sending from the secure element a random e-IMSI ephemeral IMSI in a first attachment request message to the HSS through the visited network, the visited network having the best received signal and having a roaming agreement with an e-IMSI service provider; and transmitting 101 from the HSS to the secure element in a signaling message a PLMN list of all the local operators having a commercial agreement with the e-IMSI service provider.
H04M 15/00 - Dispositions de comptage, de contrôle de durée ou d'indication de durée
H04W 8/02 - Traitement de données de mobilité, p.ex. enregistrement d'informations dans un registre de localisation nominal [HLR Home Location Register] ou de visiteurs [VLR Visitor Location Register]; Transfert de données de mobilité, p.ex. entre HLR, VLR ou réseaux externes
H04W 8/26 - Adressage ou numérotation de réseau pour support de mobilité
91.
METHOD AND SYSTEM FOR COMMUNICATION BETWEEN A CHIP CARD READER AND AN EXTERNAL DEVICE
The invention relates to a method for performing a transaction with a system (1, 1A, 1B, 10) comprising a terminal (2) and a chip device (3), said system being configured to communicate to a user (6), during said transaction, transaction information from the terminal via an adapter (4), said adapter being configured to receive, by wire or wirelessly, said information (5) and to translate it into voice or another form, said information being obtained or collected in or via said chip device (3), characterized in that said chip device (3) is configured with a first communication interface with proximity radiofrequency or electrical (M3) contacts included in the device in order to receive the transaction information directly from a communication interface of the terminal. The invention also relates to the corresponding system.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
92.
METHOD FOR CO-ORDINATION OF PAGING IN A USER EQUIPMENT
Provided is a method to operate a user equipment communicatively connected to at least two subscriber identity modules, which are at least assigned to a first and a cellular network, wherein the user equipment has assigned an independent paging identity in each of the first and second cellular networks for registration in said cellular networks. Other embodiments disclosed.
Provided is a method to operate a secure chip card for connecting to a user equipment operating in a cellular network comprising a plurality of network slices, wherein for at least one network slice a slice authentication server is operational, the secure chip card comprising a secured memory with at least one slice authentication application
Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting:
(i) instruction for the cancellation of the previous version of the abstract; and
(ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii).
RE i)
Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting:
(i) instruction for the cancellation of the previous version of the abstract; and
(ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii).
RE i)
Please cancel the previous version of the abstract.
RE ii)
Per CFR 1.121, Applicant hereby amends the abstract of the application by substitute abstract, by submitting:
(i) instruction for the cancellation of the previous version of the abstract; and
(ii) a substitute abstract in compliance with 37 CFR § 1.121(b)(2)(ii).
RE i)
Please cancel the previous version of the abstract.
RE ii)
A clean version of the substitute Abstract is set forth on the following page.
No new matter has been added.
A system, mobile device, and method for managing security policies for data items stored in an electronic identification (eID) wallet on the mobile device. Security policies are associated with each of a plurality of supported namespaces on a mobile device and a verifier terminal operates to select a namespace to access a data item stored on the mobile device based on the security policies associated with the plurality of supported namespaces on the mobile device.
A central server for communicating with a user equipment and a cellular network is provided. The server is configured to exchange with the cellular network information relating to at least one preconfigured qualifier assigned to the user equipment and assigned to the central server. The server receives a payload item from the cellular network transmitted by the user equipment to said cellular network by means of an authentication failure message for authenticating a user equipment at a cellular network during an attach comprising the payload item, instead of receiving a SMS or establishing an IP connection with the user equipment. The payload item can result from a latest measurement data of user equipment regularly transmitting data to said central server and/or a sensor connectively coupled to the user equipment when operating as an Internet of Things (IoT) smart-metering device.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/40 - Authentification de l’utilisateur sous réserve d’un quorum, c. à d. avec l’intervention nécessaire d’au moins deux responsables de la sécurité
Provided is a method to implement a Virtual Primary Platform (VPP) using a Tamper Resistant Element (TRE) and an External Execution Environment (EEE).The Virtual Primary Platform (VPP) comprises a VPP Low Level Operating System (VPP LLOS) distributed across a VPP Process Execution Environment (VPEE) in the Tamper Resistant Element (TRE). The VPP Low Level Operating System (VPP LLOS) comprises VPP LLOS API stubs installed in the VPP Process Execution Environment (VPEE) and routes communications between the VPP Process Execution Environment (VPEE) and the External Execution Environment (EEE) and an external agent (EA) installed therein.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
Provided is a method for determining a match between a candidate fingerprint and a reference fingerprint characterized by minutiae local features. The method includes extracting several minutiae from the candidate fingerprint, computing from said extracted minutiae a plurality of minutiae local features of the candidate fingerprint, computing a first global matching score between the candidate fingerprint and the reference fingerprint based on the first similarity scores of said matching local feature pairs; computing a second global matching score between the candidate fingerprint and the reference fingerprint based on said computed second similarity scores; and determining a match between the candidate fingerprint and the reference fingerprint comprising: comparing the first and second global matching scores and, comparing the first matching score to a matching threshold. Other embodiments disclosed.
Provided is a method for determining a match between a candidate fingerprint and a reference fingerprint characterized by minutiae local features. The method includes evaluating a similarity of the candidate fingerprint local feature and the reference fingerprint local feature of a current local feature pair, and determining a match depending on the similarity evaluation and geometric coherence evaluations performed for said current local feature pair. Other embodiments are disclosed.