Securing of Internet of Things (IoT) devices by compiling IoT applications against diversified virtual machines. IoT protection sets are defined and assigned diversification parameters. A virtual machine is diversified using the assigned parameters. An IoT application is diversified against the diversified virtual machine to be solely executable by the diversified virtual machines by applying the diversification parameters associated with the virtual machines, respectively. Loading diversified object programs for the diversified IoT applications and diversified virtual machines corresponding to respective IoT devices associated with the protection sets.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
2.
METHOD FOR ACTIVATING A SUBSCRIPTION AND CORRESPONDING SECURE ELEMENTS
The invention concerns a method for activating a subscription by a first secure element embedded or integrated in a first device (1), the subscription being called second subscription and being installed in a second secure element embedded or integrated in a second device (2), the method comprising: - sending an activation command from the first secure element to the second secure element, through a short range channel, after having performed a mutual authentication between the first and second secure elements; - sending from the second secure element to the first secure element an acknowledgment message through the short range channel, if the second secure element receives the activation command from the first secure element; - deactivating the subscription, called first subscription, in the first secure element upon receiving the acknowledgment message; - sending from the first secure element to the second secure element a transfer acknowledgment message through the short range channel; - activating the second subscription in the second secure element upon receiving the transfer acknowledgment message.
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 12/45 - Dispositions de sécurité utilisant des modules d’identité utilisant des modules multiples d’identité
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
A method for activating a profile of a connected device of a user is disclosed. The method includes transmitting, by the service provider, a resource address to the user; accessing, by the connected device, the resource address; launching, by the connected device, an application; downloading to the mobile device, by the application, a profile; and activating on the mobile device, by the application, the profile.
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 4/50 - Fourniture de services ou reconfiguration de services
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 36/00 - Dispositions pour le transfert ou la resélection
4.
METHOD FOR CONSTRUCTING A LIMITED-USE KEY REQUIRED FOR A FINANCIAL TRANSACTION
The invention is a method for constructing a limited-use key (80) required by a payment application (10) hosted in a portable device (30) and able to perform a financial transaction for an amount. The payment application is able to construct the limited-use key in two distinct ways, the first way and the second way. During the financial transaction the payment application or a payment terminal coupled to the portable device determines that the financial transaction is a High Value Transaction (HVT) if said amount is higher than a preset threshold and considers that the financial transaction is a Low Value Transaction (LVT) in the opposite case. Then the payment application constructs the limited-use key (80) either by said first way only in case of High Value Transaction or by said second way only in case of Low Value Transaction.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
5.
REMOVABLE SECURE ELEMENT HAVING IMPERSONATION PROTECTION
The present invention relates to a removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said removable secure element being dedicated to be inserted in a mobile equipment compliant with plastic roaming connecting and authenticating automatically the mobile equipment to a serving network using the security context stored in the removable secure element as soon as the universal user identifier stored in the removable secure element is the same as the one associated to the security context on the serving network side, said removable secure element further having an application to monitor an identifier of a mobile equipment in which the removable secure element is inserted, said application implementing a retrieval of the identifier of the mobile equipment in which the removable secure element is inserted, a check of the presence of the retrieved identifier in the stored list of mobile equipment identifiers as stored, and, if the retrieved identifier is present in the list, a deletion of the security context as stored.
H04W 12/48 - Dispositions de sécurité utilisant des modules d’identité utilisant la liaison sécurisée, p.ex. liant de manière sécurisée les modules d'identité aux dispositifs, aux services ou aux applications
H04W 12/126 - Dispositions antivol, p.ex. protection contre le clonage de module d’identité d’abonné [SIM]
The present invention relates to a method for securely verifying a candidate password value derived from user credentials against a reference password value dedicated to a client application on a client device storing a try counter, said method being performed by the client application of the client device, said client device comprising : a secure hardware component storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, a first application memory storing a current try counter value of said try counter, and a second application memory storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying (S1) the current try counter value stored in the first application memory and, - b) verifying (S2) that the current signature stored in the second application memory of the client device is a valid signature of the current try counter value stored in the first application memory using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component, - c) when the verifications of the current signature and of the value of the try counter are successful: • generating (S31) a new current cryptographic key pair, • updating (S32) said current try counter value, • generating (S33) a new current signature of the updated current try counter value with the generated new current private cryptographic key of the generated new current cryptographic key pair, - d) verifying (S4) the candidate password value against said reference password value.
The present invention relates to an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) configured for monitoring side channel emissions of said secure processor, wherein: - the integrated sensor is electrically disconnected from the secure processor, - said secure processor is configured for performing a processing operation generating a specific side channel emission called trigger side channel emission, - said integrated sensor is configured such that monitoring said trigger side channel emission causes the integrated sensor to switch to an operation mode depending on said trigger side channel emission.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c. à d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
8.
METHOD FOR PROTECTING AGAINST SOFTWARE- BASED SIDE CHANNEL ATTACKS AN ELECTRONIC SYSTEM COMPRISING A SECURE PROCESSOR AND AN INTEGRATED SENSOR
The present invention relates to a method for protecting an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) against software-based side channel attacks targeting said secure processor using said integrated sensor, said electronic system further comprising an untrusted processor (104), a sensor register (103) isolated from said untrusted processor for storing at least one output value of the integrated sensor, a blurring device (109) connected to the sensor register and configured for outputting at least one blurred sensor output value whose bits are at least partly blurred, and a memory mapped register (110) accessible by said untrusted processor and storing outputs of the blurring device, said method comprising: - measuring, by the integrated sensor, a physical quantity representative of an activity of the secure processor to obtain a sensor output value, - storing said sensor output value into said sensor register, - generating, by said blurring device, from said sensor output value stored in the sensor register, a blurred sensor output value wherein one or more bits of said blurred sensor output value are blurred according to a blurring device configuration, - storing said blurred sensor output value in said memory mapped register.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c. à d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
9.
CREATION OF A DIGITAL TWIN/AVATAR ENABLING PHYSICAL PERSON IDENTIFICATION
The present invention relates to a method to create a digital twin in a virtual environment dedicated to be visually displayed in real world, said digital twin being a visual representation in the virtual environment of an entity identifiable in real world, said method comprising the steps of determining at least one parameter enabling to uniquely identify the identifiable entity represented by said digital twin, said parameter being besides stored in a secure database associating the parameter to the identifiable entity, generating a readable tag from said parameter, said readable tag being suitable to be read, in real world, from any kind of visualization of the virtual environment in real world, to retrieve the parameter and to identify the identifiable entity, inserting the readable tag in the visual representation in the virtual environment of the entity identifiable in real world, said virtual tag being permanently displayed in the virtual environment whatever is the position of the digital twin in the virtual environment.
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06Q 10/08 - Logistique, p.ex. entreposage, chargement ou distribution; Gestion d’inventaires ou de stocks
G06Q 50/00 - Systèmes ou procédés spécialement adaptés à un secteur particulier d’activité économique, p.ex. aux services d’utilité publique ou au tourisme
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
10.
DYNAMIC SET-UP AND ENROLMENT OF A LOGICAL SECURE ELEMENT
The present invention relates to a physical secure element installed in a communication device, said physical secure element having an operating system having a supervisor adapted to create various execution environments, said supervisor being further configured to: - receive, from a specific application enrolment server managing a key ecosystem dedicated to the specific application, a command to create a Logical Secure Element, said command comprising enrolment data comprising at least a type of Logical Secure Element to be created for the specific application and a set of keys to be used for subsequent remote provisioning in relation with the Logical Secure Element to be created, - create a Logical Secure Element of the type requested in the command as an execution environment onboard the secure element.
The present invention relates to a method of secure performing, by a system comprising a processing unit and a secure element and on request by a requesting device, at least one processing operation and a function whose execution by the processing unit in the homomorphic domain does not fulfill a predetermined criteria, said method comprising : -performing (S1), by said processing unit, said at least one processing operation, in the homomorphic domain, on data encrypted using a homomorphic encryption algorithm, to generate first ciphertexts, - determining (S2) by said processing unit that execution of said function taking as inputs said first ciphertexts is to be outsourced to said secure element, - sending (S3) to said secure element said generated first ciphertexts and said function, - decrypting (S4) said first ciphertexts into first cleartexts by said secure element, - applying (S5) said function to said first cleartexts by said secure element to generate a second cleartext.
The invention is a method for enrollment of a reference (51) in a portable device (10) embedding a biometric sensor (14) in which a first phase includes the following step executed for a plurality of transactions with one or more terminals (20): - during each current transaction of said plurality of transactions, capturing a candidate biometric data (60) from a subject identifier of a user (50), assigning an indicator (58) to the candidate biometric data (60), said indicator allowing to determine if the user was successfully authenticated during said current transaction and storing the candidate biometric data and said assigned indicator in the portable device; and in that the method comprises a second phase, in which, upon detection of an event, the portable device identifies a list of candidate biometric data whose assigned indicator reflects a successful authentication of the user, and builds the reference using only said list.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
A data carrier (1) for a secure article such as a passport comprises a carrier body (2) and at least one security element (3) being provided on the carrier body (2). The security element (3) comprises at least one image (4) being printed on at least one surface structure (5) extending along an extension direction (E). The image (4) comprises at least one primary image (6) and at least one secondary image (7) being encoded in the primary image (6). The surface structure (5) is configured to decode the secondary image (7) when the data carrier (1) is viewed under different viewing angles and/or illuminated under different illumination angles, whereby the secondary image (7) becomes observable.
A METHOD FOR INDICATING TO A READER OF AN EMBEDDED SECURE ELEMENT THAT THE EMBEDDED SECURE ELEMENT HAS DATA TO BE TRANSMITTED TO THE READER THROUGH A SPI BUS, CORRESPONDING EMBEDDED SECURE ELEMENT AND READER
The present invention concerns a method for indicating to a reader (10) of an embedded secure element (11) that the embedded secure element (11) has data to be transmitted to the reader (10) through a SPI bus, Serial Peripheral Interface, the reader (10) and the embedded secure element (11) being comprised in a device, the SPI bus comprising: - a CSN line, Chip/slave select; - a CLK line, Serial Clock; - a MOSI line, Master Out Slave In; - a MISO line, Master In Slave Out; - a SPI RST line, Reset, not directly part of the SPI bus but adding a hardware way to reset the SPI bus, the method comprising sending from the embedded secure element (11) to the reader (10) on the SPI RST line a signal for indicating that the embedded secure element (11) has data to transmit to the reader (10), in order that the reader (10) fetches data stored in the embedded secure element (11).
G06F 1/24 - Moyens pour la remise à l'état initial
G06F 13/24 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant l'interruption
G06F 13/42 - Protocole de transfert pour bus, p.ex. liaison; Synchronisation
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne
Provided is a digital Virtual Function ID Wallet (VFIDW) (150) containing a Verifiable Identity Document (VID) (131), an Identifier (161), and Verifiable Credentials (VC) (141) and keys pairs (171) associated with a workload (151) of a Virtual Function (VF) instance of a VF to be executed and trusted The VFIDW (150) along with an Identity Agent (120) provide an identity presentation by way of a VID presentation to a Relying Party (160) to enable trust with the VF for the workload (151), by adding relevant attributes from the VFIDW (150) described in security policies that prove identity and correct instantiation of the workload (151) of the VF instance. Other embodiments disclosed.
A METHOD FOR SELECTING A VIRTUAL CARD AMONG TWO VIRTUAL CARDS COMPRISED IN A SECURE ELEMENT COOPERATING WITH A TERMINAL AND CORRESPONDING SECURE ELEMENT
The invention concerns a method for selecting a virtual card among two virtual cards comprised in a secure element cooperating with a terminal, a first of the virtual cards being compliant with ISO 14443-3 and the second virtual card being compliant with ISO 14443-3 and ISO 14443-4, the secure element communicating with a NFC, Near Field Communication, reader through a CLF, Contactless Frontend, comprised in the terminal, the method comprising: - activating the first and second virtual cards by the secure element; - provisioning by the secure element the CLF with the UID, Unique Identifier, of the first virtual card; - provisioning by the secure element the CLF with the default parameters of the second virtual card, according to Amendment C of GlobalPlatform Card Specification and ETSI 102.613; - if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 but not compliant with ISO 14443-4, switching the CLF to the UID of the first virtual card, in order to establish a communication between the first virtual card and the NFC reader; if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 and compliant with ISO 14443-4, keeping the default parameters of the second virtual card in the CLF, in order to establish a communication between the second virtual card and the NFC reader.
The present invention relates to a method for securing a trained neural network against adversarial attacks in a computer system, wherein said neural network comprises an input layer, hidden layers and an output layer whose parameters are subject to training and is defined by structural elements of the neural network, comprising functions and structural parameters, which are not subject to training, the method comprising : - programming the computer system with the trained neural network, - presenting, by the computer system, a test sample to the trained neural network, - selecting a value, for said test sample, of at least one of said structural elements based on input or output values of a layer of the trained network, - updating said trained neural network by applying said selected value of at least one of said structural elements to the trained neural network, - evaluating an output of said updated trained neural network for said test sample.
The present invention relates to an infrastructure for remote profile provisioning (RSP) comprising secure elements to be provisioned, a subscription manager adapted to prepare data to be routed to secure elements to be provisioned and a ledger storing keys. Secure elements have at least an identifier, a pre-stored key corresponding to one stored in the ledger and pre- stored generic profile elements as defined in an RSP template, at least one profile element necessitating credentials for the secure element to have an operational profile. Said subscription manager is adapted to receive a request for profile provisioning comprising a secure element identifier, to retrieve a key associated to the received identifier from the ledger, to retrieve credentials to be pushed in the secure element having the received identifier, to encode the retrieved credentials using the retrieved key, to route the encoded credentials to the secure element for the secure element to decode the credentials using the pre-stored key and to complete the pre-stored profile element of the template to have an operational profile.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 12/03 - Protection de la confidentialité, p.ex. par chiffrement
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 12/40 - Dispositions de sécurité utilisant des modules d’identité
A method or system of activating an administrator managed Fast Identity Online (FIDO) authenticator can include requesting a provisioning of a FIDO authenticator in an enterprise system at an administrator level for use by an end user where the enterprise system includes a server. As part of the provisioning, the system can designate or mark the FIDO authenticator as pending activation by the end user, and restrict use of the FIDO authenticator until the end user follows an activation flow that includes confirmation of the end user identity and includes proof of possession of the FIDO authenticator. The system allows the administrator to deliver the FIDO authenticator or token that is designated or marked as awaiting activation. The end user can then activate the FIDO authenticator or token by proving their user identity and proving possession of the FIDO authenticator.
Provided is a device (100), application (14) and method for multi-direction and rotary selection of individual data entry elements of an entry field (12) for entering data in a touchscreen (11). The application (14) detects a selection and visually overlays an alphanumeric short-list (107) of single symbols oriented along a directional vector. It detects a scrolling of the short-list responsive to fingertip sliding to-or-fro in a direction of the orientated short-list. As an example a PIN may be entered in this unique manner to unlock the touchscreen of a mobile device. Other embodiments are disclosed.
G06F 3/04883 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels pour l’entrée de données par calligraphie, p.ex. sous forme de gestes ou de texte
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
H04W 12/68 - Sécurité dépendant du contexte dépendant des gestes ou des comportements
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04W 12/37 - Gestion des politiques de sécurité pour des dispositifs mobiles ou pour le contrôle d’applications mobiles
G06F 3/04847 - Techniques d’interaction pour la commande des valeurs des paramètres, p.ex. interaction avec des règles ou des cadrans
21.
FINGERPRINT INDEXING USING CONVOLUTIONAL NEURAL NETWORK
The invention provides a method of filtering fingerprint candidates, the method being carried out by an indexing module arranged to access a Convolutional Neuronal Network, CNN configured to output at least one feature of an input image. The method comprises: - processing (204) an image representative of local information of a searched fingerprint, by the CNN to obtain at least one feature for the searched fingerprint; - retrieving (205) a candidate fingerprint in a database; - determining (206) whether at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint; - if the at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint, passing (207) the at least one candidate fingerprint to a matching module for further comparison between the candidate fingerprint and the searched fingerprint.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p.ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersections; Analyse de connectivité, p.ex. de composantes connectées
G06V 10/771 - Sélection de caractéristiques, p.ex. sélection des caractéristiques représentatives à partir d’un espace multidimensionnel de caractéristiques
G06V 10/772 - Détermination de motifs de référence représentatifs, p.ex. motifs de valeurs moyennes ou déformants; Génération de dictionnaires
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
The invention is a method and a system for managing a batch (95) of hardware secure elements (20, 30) comprising a global certificate (22, 32) and their own local certificate (21, 31). Each secure element involved in an offline transaction, performs one or more checks based on the local and global certificates of the two secure elements so as to minimize the size of data exchanged between them.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
23.
METHOD TO CREATE BIOMETRICS FOR A DIGITAL TWIN/AVATAR IN METAVERSE
The present invention relates to a method to create biometrics for a digital twin/avatar to be used in a metaverse platform by a metaverse user, said method comprising the steps of: choosing attributes of the digital twin/avatar as appearing in the metaverse environment; retrieving biometrics of the user of the digital twin/avatar; calculating a digital twin/avatar biometrics as a cryptographic function of the retrieved biometrics and of the chosen digital twin/avatar' s attributes; storing the digital twin/avatar biometrics associated to the digital twin/avatar's attributes in a database of the metaverse platform.
The invention proposes a method for updating applications, called previous applications, installed in a plurality of secure elements (30) comprised in a device, the method comprising sending over the air for each of the secure elements (30) a script comprising a new ELF version containing the latest version of the applications, from an update server to a system manager connected to the secure elements (30), wherein the script contains for each of the secure elements (30): - an entire AID of the new ELF version; - a partial AID identifying the previous application, the method comprising, for each of the secure elements (30): - for each secure element (30) and corresponding partial AID, loading the latest version of the application identified by the entire AID and executing the latest version of the application in each of the secure elements (30); - if the execution of at least one application fails, for each of the secure elements (30), restoring the previous application the entire AID for designing the application to be updated.
The present invention provides a facial recognition system for alleviating ambient light during image capture, the system comprising: - a stereo camera configured to capture an image and send it to a face detection module, wherein the image comprises depth information of objects within the depth of field, - the face detection module configured to identify a face based on the depth information of the received image from the stereo camera, - an processing module configured to - split the image into a facial area and a non-facial area, wherein the facial area corresponds to the identified face region by the face detection module, and - outcome exposure adjustment factors for each area, these exposure adjustment factors being calculated based at least on a brightness values comparison of both facial and non-facial areas, - a dual-regional adjustment module configured to separately adjust the exposure of both the facial and non-facial areas according to the adjustment factors, and - a face matching module configure to verify or enroll person's face identity based on the exposure-adjusted facial area.
G06V 10/60 - Extraction de caractéristiques d’images ou de vidéos relative aux propriétés luminescentes, p.ex. utilisant un modèle de réflectance ou d’éclairage
G06V 10/94 - Architectures logicielles ou matérielles spécialement adaptées à la compréhension d’images ou de vidéos
G06V 40/16 - Visages humains, p.ex. parties du visage, croquis ou expressions
G06V 40/50 - Traitement de données biométriques ou leur maintenance
G06V 10/14 - Caractéristiques optiques de l’appareil qui effectue l’acquisition ou des dispositifs d’éclairage
26.
SECURE COMPUTER-IMPLEMENTED METHOD FOR PREVENTING A RECOVERY OF EMBEDDED DATA WITHIN A NEURAL NETWORK MODEL
The invention relates to a secure computer-implemented method (1) for preventing a recovery of embedded data (d) within an neural network model (NN), said neural network model (NN) comprising a plurality of layers (L), each layer (L) having a related matrix of parameters (M) and being configured to receive at least one input tensor (t1), wherein said secure computed implemented method (1) comprises: - for at least one layer (L), permuting sets (s) of parameters (P) within its related matrix of parameters (M) so as to change their initial positions (p) in said matrix of parameters (M), - applying said matrix of permuted parameters (M') to the at least one input tensor (t1) so as to generate an output tensor (t2').
G06F 7/76 - Dispositions pour le réagencement, la permutation ou la sélection de données selon des règles prédéterminées, indépendamment du contenu des données
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
The present invention relates to a method method for optimizing the execution of the generation of a Crystals-Dilithium post-quantum digital signature a of a message M with a secret key sk. The digital signature generation comprising : • a) generating a masking vector y of polynomials with coefficients less than a second predetermined value y1, • b) computing a first vector of polynomials w = Ay, • c) determining a second vector of polynomials wl and a third vector of polynomials w0, • d) generating a challenge c based on the message and the second vector of polynomials w1, • e) performing rejection tests comprising testing if test vectors generated from said vectors, said challenge and said secret key fulfill predetermined conditions, and when said conditions are not fulfilled, restarting the signature generation from step a), else generating said signature, the steps a), b), c), d), and e) being repeated until the conditions are satisfied.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
28.
SYSTEM AND METHOD FOR SECURE TRANSFER OF BIOMETRIC TEMPLATES BETWEEN BIOMETRIC DEVICES
A system or method of authenticating a biometrically protected device without prior enrollment on that device can include one or more processors and memory where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations of receiving a biometric reading, obtaining an encrypted biometric template from a server if a biometric template is not locally stored on a biometrically protected device to compare with the biometric reading, decrypting the encrypted biometric template from the server in response to a password to provide a decrypted biometric template, storing the decrypted biometric template locally on the biometrically protected device, and authenticating the biometric reading when the decrypted biometric template matches the biometric reading. The encrypted biometric template was previously uploaded to the server via an alternate biometric device.
The present invention provides a method to reinforce the security of a conventional transaction performed by a Short-Range (SR) communication-enabled chip card, wherein the chip card is paired with at least one SR communication-enabled handset, the method comprising the steps of: initiating the conventional transaction between the chip card and a reader; wherein the method is characterized in that: sending, by the chip card, an authentication request to at least one of the at least one paired handsets over an established Short-Range (SR) communication channel; receiving, by a paired handset, the authentication request and computing an authentication result granting or refusing the transaction; sending, by the handset, an authentication response to the chip card over the established channel, the authentication response comprising the authentication result; and continuing or stopping, by the chip card, the conventional transaction with the reader depending on the authentication result.
H04W 12/63 - Sécurité dépendant du contexte dépendant de la proximité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
30.
METHOD AND DEVICE FOR SECURE ENTRY OF A CODE IN A DEVICE
The invention is a method for secure entry of a code in a device (10) comprising a touch screen (18). The method comprises the following steps: displaying two or more streams (21,…,28) on the touch screen, each of said streams comprising its own plurality of symbols and scrolling in its own direction; detecting, by the device, a set comprising two or more of said symbols, each symbol of said set being specified by a user via a tap on the touch screen; and automatically building the code from the symbols of the set by applying a predefined rule.
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
31.
POSITIONING A COMMUNICATING USER EQUIPMENT WITHIN A NONTERRESTRIAL NETWORK USING A DILUTION OF PRECISION COMPUTED BY THE NETWORK
The present invention relates to a method for managing the determination of the positioning of a communicating user equipment having at least one non- geostationary satellite in view and appearing present at a network node, the method comprising the steps of, for an entity of the network: - determining a reference positioning of the user equipment; - computing at least one dilution-of-precision prediction computed as a function of ephemeris data of the satellite(s) concerned for at least one future instant and reference positioning of the user equipment; - comparing the dilution prediction with a maximum threshold; - reporting the determination of the non-accessible positioning in case of predicted dilution of precision greater than the maximum threshold; - otherwise, sending to the network node and to the user equipment instructions to perform a multi-round-trip time measurement procedure at the future instant.
G01S 5/00 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de position; Localisation par coordination de plusieurs déterminations de distance
G01S 13/76 - Systèmes utilisant la reradiation d'ondes radio, p.ex. du type radar secondaire; Systèmes analogues dans lesquels des signaux de type pulsé sont transmis
G01S 13/87 - Combinaisons de plusieurs systèmes radar, p.ex. d'un radar primaire et d'un radar secondaire
G01S 19/38 - Détermination d'une solution de navigation au moyen des signaux émis par un système de positionnement satellitaire à radiophares
G01S 7/00 - DÉTERMINATION DE LA DIRECTION PAR RADIO; RADIO-NAVIGATION; DÉTERMINATION DE LA DISTANCE OU DE LA VITESSE EN UTILISANT DES ONDES RADIO; LOCALISATION OU DÉTECTION DE LA PRÉSENCE EN UTILISANT LA RÉFLEXION OU LA RERADIATION D'ONDES RADIO; DISPOSITIONS ANALOGUES UTILISANT D'AUTRES ONDES - Détails des systèmes correspondant aux groupes , ,
G01S 5/02 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de position; Localisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques
G01S 5/14 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de position; Localisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques déterminant des distances absolues à partir de plusieurs points espacés d'emplacement connu
H04W 64/00 - Localisation d'utilisateurs ou de terminaux pour la gestion du réseau, p.ex. gestion de la mobilité
The invention is a system for managing a financial transaction between a payment terminal and a card. Upon a first tap with the terminal, the card gets a transaction data from the terminal. The card comprises a parameter indicating whether a three-tap option is enabled and monitors the parameter during the first tap. If the card detects that the three-tap option is enabled: it records a first indicator indicating that the transaction is in progress; in response to a second tap with a personal device, the personal device gets a subset of the transaction data and the card records a second indicator indicating that the card sent the subset, the personal device provides a user with the subset, in response to a third tap with the payment terminal, the card uses said first and second indicators for performing a check specified by a security policy specifying that the transaction should be in progress and the subset should have been. In case of successful check, the card continues treatments required by the transaction or rejects the transaction in case of unsuccessful check.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
33.
SECURE ON-BOARDING OF PERSONAL ATTRIBUTES ON AN EXTERNAL ENTITY
The invention provides a method for on-boarding at least one personal attribute of a user to an external entity, the method comprising: - authenticating, by a token of the user, to an issuing system; - if the token is authenticated, computing by the issuing system the following steps: o retrieving the at least one personal attribute of the user; o generating a master key, and deriving out as many derived keys as personal attributes are retrieved; o encrypting each personal attribute with a respective derived key; - sending, by the issuing system, the master key to the token, the token storing the master key; and - sending, by the issuing system, the at least one encrypted personal attribute to the external entity, the external entity storing the set of at least one encrypted personal attribute of said user.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06F 21/43 - Authentification de l’utilisateur par des canaux séparés pour les données de sécurité par des canaux sans fil
34.
A METHOD FOR SECURING A CENTRAL PROCESSING UNIT PIPELINE
The invention relates to a method for securing a central processing unit pipeline. According to the invention, the method comprises the steps of providing an integrity pipeline supervisor (IPS) comprising a decoder and a checker; providing the integrity pipeline supervisor with the instruction of the computer program; allowing the decoder of the integrity pipeline supervisor to decode the instruction provided to the integrity pipeline supervisor in order to obtain the decoded instruction structure; providing the checker with the structure of the instruction decoded by the decoder of the integrity pipeline supervisor; providing the checker with the structure of the instruction decoded by the decoder of the central processing unit; allowing the checker to compare the structure of the instruction decoded by the decoder of the integrity pipeline supervisor and the structure of the instruction decoded by the decoder of the central processing unit; and allowing an alarm indicator to be triggered if, as a result of the comparison, the checker detects a discrepancy between the structures.
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 11/16 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
35.
EMBEDDED CHARACTERIZATION AND MEASUREMENT ENGINE FOR A VIRTUAL FUNCTION
The invention relates to an embedded characterization and measurement engine (CME1) for a virtual function (VF) within an infrastructure (I), wherein said embedded characterization and measurement engine (CME1) is configured to: - when the virtual function (VF) is instantiated within said infrastructure (I) and is running within said infrastructure (I), compute a fingerprint (F1) based on static characteristics (C1), said static characteristics (C1) being extracted from the whole or parts (P1) of the virtual function (VF), - perform a local attestation (A1) by comparing said fingerprint (F1) with an initial fingerprint (F0) or transmit said fingerprint (F1) to a distant verifier (V) for a remote attestation (A2), - if the fingerprint (F1) is different from said initial fingerprint (F0), sending a notification (N1, N2) to an external entity (E) for future action (Ac).
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
The present invention provides a smartcard configured to perform at least contactless transactions when powered by a terminal radiofrequency field, wherein the smartcard comprises: at least one touch sensor which activation is based on charge transfer, each of the at least one touch sensor comprising an electrode adapted to change its capacitance upon being touched by a human body part, a touch-sensing controller configured to measure the capacitance value of each of the at least one electrode and compared them with a reference value, wherein one of the at least one touch sensor is considered as being touched when the measured capacitance value is higher than the reference value.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
G06F 3/044 - Numériseurs, p.ex. pour des écrans ou des pavés tactiles, caractérisés par les moyens de transduction par des moyens capacitifs
H03K 17/955 - Commutateurs de proximité utilisant un détecteur capacitif
The invention provides a method for on-boarding at least one personal attribute from a token to an external entity (200), the method comprising: - authenticating (204) the external entity by the token; - if the external entity is authenticated, computing (206) at least one shared session key by both the external entity and the token; - ciphering at least one personal attribute stored by the token based on the at least one shared session key; - on boarding the at least one personal attribute from the token to the by transferring (207) the ciphered at least one personal attribute to the external entity, on a communication link between the token and the external entity.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The invention provides a method for determining liveness of a target person comprising: obtaining (511; 512) a series of n frames from a sequence of frames acquired by a frame capture device, n being equal to or greater than 2, at least some of the frames representing the target person. The n frames are processed by a multi-branch convolutional neural network, by determining (514.1) a first partial score for the series of n frames, determining (514.2) a second partial score for the series of n frames and determining (515) a fusion score based on the first and second partial scores, said fusion score being representative of liveness of the target person. The first partial score is determined based on first features among local spatial features, on global spatial features or on temporal features, and wherein the second partial score is determined based on second features that are different from the first features.
The invention is a method for managing a batch of secure elements comprising their own temporary trust code. When a point-to-point transaction occurs between a first and a second secure elements (22, 23), of the batch, the first secure element computes a result of a one-way cryptographic function applied tothe temporary trust code stored in the first secure element, then sends to the second secure element a transaction message (30) comprising the result and a transaction data. Following receipt of the transaction message, the second secure element performs a temporary trust code control to verify whether the result has been computed using a temporary trust code equal to the temporary trust code stored in the second secure element. If the temporary trust code control is positive, the second secure element accepts the point-to-point transaction, else depending on a risk assessment performed by the second secure element, transaction is rejected or accepted.
G06Q 20/06 - Circuits privés de paiement, p.ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
40.
A METHOD FOR GENERATING AN UNLINKED PROGRAM CODE TO BE TRANSFERRED FROM A SOURCE DEVICE TO A TARGET DEVICE
The present invention proposes a A method for generating an unlinked program code to be transferred from a source device to a target device, the source device comprising a program code linked to the device, called linked program code, the method comprising: - detecting bytes in the linked program code, the bytes belonging to a program to be transferred from the source device to the target device; - generating a Component, called Reverse Link Component, comprising bytes of the unlinked program code that have to be modified by the target device, by creating a linked program code, the bytes being concatenated in the Reverse Link Component in the order in which they are linked in the program code; - regenerating the unlinked program code to be transferred from the source device to the target device by using the Reverse Link Component, wherein the Reverse Link Component is created by: • using the Reference Location Component of a Cap file, the Reference Location Component indicating bytes of the Method Component to be linked, the bytes being ordered as they are linked in the Method Component, or • parsing the Method Component of a Cap file and detecting in the Method Component Javacard instructions preceding bytes to be linked.
This method for provisioning a user equipment with information of an end operator, the user equipment - UE - being equipped with an embedded universal integrated circuit card - eUICC - and with a radio module, is characterized by: deploying (205) a private mobile telephony network, connected to an IP network hosting a server storing said information; having an identifier management equipment of the private mobile telephony network dynamically assign (230) at least one temporary subscription identifier (IMSI) to the eUICC residing in the UE; connecting (240) the UE to the IP network via the private mobile telephony network using said at least one temporary subscription identifier; downloading (250) said information from the server; and disconnecting (260) the UE.
The present invention proposes a method for provisioning a user equipment 10 with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder 12 and a gNB/AMF or a eNB/MME, the method comprising: a) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a provisioning request; b) Establishing a PLS key between the user equipment 10 and the gNB/AMF or eNB/MME 11 thanks to Physical Layer Security; c) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a message comprising data permitting to identify the user of the user equipment and/or the user equipment 10, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; d) Sending from the gNB/AMF or eNB/MME 11 to the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; e) Verifying at the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; f) If the verification is positive, allocating at the credentials holder 12 a unique subscription identifier to the user equipment 10 and generating corresponding keys and security parameters; g) Sending from the credentials holder 12 to the gNB/AMF or eNB/MME 11 the unique subscription identifier, the corresponding keys and the security parameters; h) Sending from the gNB/AMF or eNB/MME 11 to the user equipment 10 in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the corresponding keys and the security parameters, the credentials comprising the subscription identifier, the corresponding keys and the security parameters.
The invention proposes a A method for provisioning a user equipment (10) with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder and a gNB/AMF or a eNB/MME, the method comprising: a) Sending (40) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a provisioning request; b) Establishing (41) a PLS key between the user equipment (10) and the gNB/AMF or eNB/MME (11) thanks to Physical Layer Security; c) Generating (42) at the user equipment (10) a master key; d) Sending (43) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a message comprising data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; e) Sending (44) from the gNB/AMF or eNB/MME (11) to the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key; f) Verifying (45) at the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10); g) If the verification is positive, allocating at the credentials holder (12) a unique subscription identifier to the user equipment (10) and generating corresponding keys, security parameters and a key derivation function; h) Sending (46) from the credentials holder (12) to the gNB/AMF or eNB/MME (11) the unique subscription identifier, the security parameters and the key derivation function; i) Sending (47) from the gNB/AMF or eNB/MME (11) to the user equipment (10) in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the security parameters and the key derivation function; j) Generating (48) at the user equipment (10) final keys, the credentials comprising the unique subscription identifier, the security parameters and the final keys.
The present invention relates to a method for securing against physical or logical attacks a software code comprising a first sequence of instructions performing, when executed by an execution device, a function declaring a plurality of local variables to allocate a memory space of a memory stack to each local variable, said method being performed by a first processor of a securing device and comprising the steps of: - identifying (S1 ) said plurality of local variables allocated in said function, - generating (S2) in the software code a second sequence of instructions, which, when executed at runtime by a second processor of said execution device, at each call of the function after said local variables have been declared : • determines (E1) randomly a permutation P, •shuffles (E2) the locations of the memory spaces allocated in said memory stack to said identified local variables by applying to them said determined permutation.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p.ex. par masquage
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p.ex. pour empêcher l'ingénierie inverse
45.
CONNECTIVITY MANAGEMENT IN DEVICES COMPLIANT WITH SEVERAL TECHNOLOGIES
The present invention relates to a method to manage connectivity of a device having a native air interface enabling the device to connect to several networks of different technologies. The device, before entering in power saving mode, determines a technology to be used on the native air interface for subsequent power saving mode period, register at a central node active in relation with wake-up management nodes of the different technologies to centralize all wake-up triggers from the different technologies, said registration comprising an indication of the determined technology. The device, once entered in power saving mode, keeps active only the determined technology on the native air interface, and, for all wake-up triggers, is paged by the network using the determined technology on the native air interface.
The invention concerns a method for the relink of software components installed on a device being updated, the device comprising a CAP file, the method comprising creating a CAP file component, called Link Component (30), the Link Component (30) comprising a proprietary Constant Pool part (31), built by using the original Constant Pool component of the CAP file, and a proprietary Reference Location part (32), built by using the original Reference Location Component and the original Method Component of the CAP file.
The present invention relates to a method of securing a java software code to be run by a Java Virtual Machine comprising at least one call to a native method of a native language library, using a unique entry point, called JNI_OnLoad entry point as an interface between the java software code and the native language library and configured to register, to the Java Virtual Machine, native methods of the native language library, said method generating a secure native language library and comprising performed by a processor : - defining (S1) in the native language library a method, called JNI_OnLoad method, which when executed at runtime, when the native language library is loaded by the Java Virtual Machine, is configured for registering useless native methods of the native language library, - inserting (S2) in the native language library calls to a plurality of constructors, one of them being configured to trigger a thread, called zJNI thread, which is configured for, when executed at runtime, unregistering said useless native methods and registering said at least one native method of the native language library to be called by the java software code.
The invention concerns a method for recycling a smart card comprising the steps of: - inserting the smart card in a slot / card reader of an ATM (Automated Teller Machine), - requesting the recycling of the smart card, - conveying the smart cart to a punching platform of a card recycling device, said punching platform comprising a punch and an opening in alignment with said punch, - conveying at least part of the smart card to a recycling compartment.
G07F 19/00 - Systèmes bancaires complets; Dispositions à déclenchement par carte codée adaptées pour délivrer ou recevoir des espèces ou analogues et adresser de telles transactions à des comptes existants, p.ex. guichets automatiques
G06Q 10/30 - Administration du recyclage ou de l’élimination des produits
The invention is a method for providing a cardholder (50) with control over a payment instrument (10) wherein a payment instrument issuer stores a first set of security parameters in the payment instrument. During a customization phase, the cardholder configures and stores a second set (12) of security parameters in the payment instrument. During a transaction phase subsequent to the customization phase, a financial transaction starts with a terminal (20). The payment instrument checks which condition of the first set is satisfied by the transaction parameters received from the terminal and selects the security rule associated with the satisfied condition as a first selected security rule. The payment instrument checks which condition of the second set (12) is satisfied by the transaction parameters and selects the security rule associated with the satisfied condition as a second selected security rule and applies both said first and second selected security rules to the transaction.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
50.
OPTICAL VARIABLE ELEMENT BASED ON DIFFRACTIVE MOIRE PATTERNS
A personalized medium includes a core layer having at least a clear window or transparent portion, at least a first diffraction grating on an upper surface or a lower surface of the core layer, and a second diffraction grating on an opposing side of the core layer from the first diffraction grating, wherein the first and second diffraction gratings create a Moire pattern.
The invention concerns a method to allow traceability of USIM profile transfer from a source device 10 to a target device (11), the method comprising: - Performing (13) a mutual trust verification of the target device (11) by the source device (10) and vice versa; - Generating (14) a derivation data at the source device (10), the derivation data being verifiable by a remote server (12) connected to the home network of the source device (10); - Deriving (15) at the source device (10) a new long-term-key (K') from the source long term-key K of the source device (10) and the derivation data; - Generating (16) at the source device (10) a new USIM profile including the derived long-term-key K' and the derivation data; - Protecting (17) in confidentiality and integrity the new profile based on the target device (11')s public key in order to obtain an installation package; - Transferring 18 the installation package to the target device (11); - Deactivating (23) the source USIM profile at the source device (10) if the installation of the installation package at the target device (11) is successful; - Sending (25) from the target device (11) to the remote server (12) in a registration request as specified in 3GPP TS 23.501 at least its IMSI and the derivation data; - Retrieving (27) at the remote server (12) the source long term-key K of the source device (10) and the derivation data associated to the IMSI; - Verifying (28) the validity of the received derivation data based on subscription information associated to the IMSI by the remote server (12); - Deriving (29) a new long term-key K* from the source long-term key K and the received derivation data; - Performing (30) the authentication of the target device (11) based on K* and retrieved subscription data associated to the IMSI as specified in 3GPP TS 33.501; - If K* equals K', updating (32) at the home network its local subscriber information associated to the IMSI including the long-term-key associated to the IMSI with the new value of K*.
A media card (200 or 300) with an tunable inductive antenna pattern (203) includes an area (204) configured for receiving a wireless chip (306a, 306b, or 306d) operating at one of several given frequencies and an antenna with an antenna pattern printed on a core layer (202) and printed on the area configured for receiving the wireless chip, where the antenna pattern includes one or more selectable conductive extension segments (206a- 206g) In some embodiments, the one or more selectable conductive extension segments are selectively removed to tune the antenna for a frequency for the wireless chip operating at one of several given or predetermined frequencies.
H04B 5/00 - Systèmes de transmission à induction directe, p.ex. du type à boucle inductive
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
A card (200) having processed areas includes a core layer (104), an antenna pattern (102) on the core layer, and one or more bump-out areas (110) of the antenna pattern having a threshold distance towards a process boundary, where the card passes a continuity test if a cutting or a punching or a milling process fails to create an open circuit at the bump-out areas. The card fails a continuity test if the cutting or the punching or the milling processes creates the open circuit at the bump-out areas.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
54.
LED OR OLED CAPACITANCE ANTENNA FOR INDUCTIVE CARDS
A data carrier (1) for a secure article (100) comprises at least one electronic module (2) comprising at least one module antenna (3), at least one booster antenna (4), and at least one light emitting device (5). The electronic module (2) is configured to communicate with a remote device being arranged remotely from the data carrier (1) via the module antenna (3). The booster antenna (4) is configured to communicate with the remote device in a wireless manner. The booster antenna (4) is further configured to power the module antenna (3) upon its communication with the remote device. The booster antenna (4) is configured to power the light emitting device (5) upon its communication with the remote device.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one first antenna (3), at least one second antenna (4), and at least one light emitting device (5). The first antenna (3) is coupled to the electronic module (2). The first antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1). The electronic module (2) is configured to communicate with the remote device via the first antenna (3). The second antenna (4) is configured to communicate with the remote device, and wherein the second antenna (4) powers the light emitting device (5) upon a communication of the second antenna (4) with the remote device.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
56.
LED OR OLED CAPACITANCE ANTENNA FOR SMALL FORM FACTORS
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one antenna (3), and at least one light emitting device (4). The antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1) in a wireless manner. The electronic module (2) is configured to communicate with the remote device via the antenna (3). The antenna (3) is configured to power the electronic module (2) and the light emitting device (4) upon its communication with the remote device.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
57.
SYSTEM AND METHOD OF UNVEILING HIGH-RESOLUTION VISIBLE FACE IMAGES FROM LOW-RESOLUTION FACE IMAGES
INRIA - INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE (France)
Inventeur(s)
Anghelone, David
Lannes, Sarah
Dantcheva, Antitza
Abrégé
The present invention provides a method or system of unveiling high-resolution visible face images from any low-resolution thermal face images can include inputting any number of thermal face images as an input through a generative adversarial network to perform spectrum translation of the low-resolution thermal face images to a number of high-resolution visible face images, training the generative adversarial network with at least a reference high resolution image, adapting or training the generative adversarial network for one or more among L1 loss, perceptual loss, and identity loss, and generating a high-resolution visible face image from any low-resolution thermal face images provided as an input to the generative adversarial network. In some embodiments, the method further adapts the generative adversarial network by further adapting or training for one or more among attribute loss and local loss. In some embodiments, the method simultaneously adapts for one or more of L1 loss, perceptual loss, identity loss, attribute loss and local loss.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p.ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersections; Analyse de connectivité, p.ex. de composantes connectées
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 40/16 - Visages humains, p.ex. parties du visage, croquis ou expressions
58.
PROCESSOR AND METHOD FOR MODIFYING PROCESSOR BEHAVIOR BASED ON MEMORY ATTRIBUTES AND INSTRUCTION TYPE
A central processing unit and method for modifying its behavior and controlling access to a memory (120) having a plurality of memory locations for storing data values can include address range storage (170) for storing information identifying address ranges for a plurality of regions within the memory, and attribute storage (185) for storing, for each region, attributes where the attributes are linked to security, safety, or functionality during a program execution. The central processing unit further includes configuration logic (150) for configuring addresses and attribute of memory regions during the program execution and one or more execution logic units (150) associating attributes (and optionally metadata) to data processed by the central processing unit when data is accessed by the central processing unit and modifying instruction behaviors based on an instruction type and the attributes associated with the data being processed.
G06F 21/78 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données
59.
SECURITY MEASURES PROTECTING DIGITAL SECURITY DEVICES WHEN PERFORMING CRYPTOGRAPHIC OPERATIONS
Enhancement of security of a computerized digital security device against horizontal side-channel analysis attacks randomizes sequences of actual operations and dummy operations. Depending on a value of a random value, the performing a first sequence in which a dummy operation precedes an actual operation or a second sequence in which a dummy operation follows an actual operation thereby obfuscating a value of a secret being manipulated by the computerized digital security device.
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
60.
METHOD FOR AUTHENTICATING A USER OF A PAYMENT INSTRUMENT DURING A FACE-TO-FACE PAYMENT TRANSACTION
The invention is a method for authenticating a user of a payment instrument (10) during a proximity payment transaction between the instrument and a terminal (20). During the payment transaction, an entity consisting of the payment instrument and the terminal performs a selection procedure leading to a selection of an out-of- band method for authenticating the user. Responsive to the method selection, the terminal sends to an authentication system (30) an authentication request for user authentication through the out-of-band method. Upon receipt of the authentication request, the authentication system attempts to authenticate the user by exchanging data with a mobile apparatus (40) of the user. The authentication system generates an authentication code (31) reflecting a result of the user authentication attempt and sends the authentication code to the terminal that uses the authentication code for requesting either a payment authorization or a payment initiation to complete the payment transaction.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/18 - Architectures de paiement impliquant des terminaux en libre-service, des distributeurs automatiques, des bornes ou des terminaux multimédia
Provided is a method to monitor the management of network slices by a communication device (ME) having a secure element (USIM), said 5 communication device being compliant with at least a technology implementing network slicing using a route selection policy, said communication device further supporting a USIM application toolkit framework implementing event download envelops, said secure element having a memory to store rules for the route selection policies, said method comprising the steps of, for the communication device active in a network of the technology implementing network slicing. It receives a slice status and slice information from the network, and pushes the slice status and slice information to the secure element using an event download envelop as defined in the USIM application toolkit framework supported by the communication device.
A system or method of just-in-time conversion of non-interoperable digital documents from a first secure standard (such as ISO) to a second secure standard (such as Verifiable Credentials) includes a wallet and issuer of the first secure standard, a verifier and a just- in-time issuer and converter of the second standard, where the wallet performs the functions of making a service request of the verifier, sending a proposed presentation to the verifier, generating a token and consented attributes with the just-in-time issuer and converter which forwards the token to the issuer and securely builds a presentation request for the second secure standard, receiving the presentation request from the just-in-time issuer and converter, forwarding the presentation request to the verifier, and presenting information about a converted presentation of a digital document of the second secure standard in the wallet of the first secure standard.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/30 - Authentification, c. à d. détermination de l’identité ou de l’habilitation des responsables de la sécurité
G06F 21/33 - Authentification de l’utilisateur par certificats
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
63.
METHOD FOR SECURING AGAINST PHYSICAL OR LOGICAL ATTACKS AN EXECUTION OF A MACHINE LANGUAGE INSTRUCTIONS CODE
The present invention relates to a method for securing against physical or logical attacks an execution of a machine language instructions code comprising a plurality of operation codes, said operation codes being defined by a determined instruction set architecture ISA defining for each operation code one or more elementary operations to be performed when executing an instruction corresponding to said operation code, said method being performed by an electronic system comprising a processor configured for executing instructions in both a non-secure mode of execution and at least one secure mode of execution securing an execution of said instructions against attacks, wherein : - executing an instruction in said non-secure mode comprises executing, by the processor, only said elementary operations defined in the determined instruction set architecture for the operation code corresponding to this instruction, - executing an instruction in one of said secure modes comprises triggering, by the processor, an execution of a different set of elementary operations than said elementary operations defined in the determined instruction set architecture for the operation code corresponding to this instruction, and said method comprising, performed by the processor: detecting (S1) in said code successive operation codes forming a determined sequence of operation codes called a gadget, executing (S2) one or more instructions comprised in said code in a secure mode of execution based on said detected gadget.
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c. à d. avec au moins un mode sécurisé
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
The invention is a method for capturing a numerical code in a device (10) comprising a touch sensor (18) configured to handle six separate sensing areas (01,..., 06) numbered according to a Braille matrix. The detector engine (11) of the device detects a plurality of sequential taps on said sensing areas, identifies which symbol (22) of the Antoine notation corresponds to said plurality of taps and captures a digit (23) corresponding to said identified symbol. The detector engine interprets tapping on the sensing area (06) number six both as a part of said identified symbol and as an order validating the entry of the identified symbol.
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p.ex. claviers virtuels ou menus
G06F 3/023 - Dispositions pour convertir sous une forme codée des éléments d'information discrets, p.ex. dispositions pour interpréter des codes générés par le clavier comme codes alphanumériques, comme codes d'opérande ou comme codes d'instruction
G06F 3/0487 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer
G06F 3/04883 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels pour l’entrée de données par calligraphie, p.ex. sous forme de gestes ou de texte
A system and method for authentication during a login process using electroencephalography (EEG) signals can include one or more processors, and a memory containing computer instructions which when executed causes the one or more processors to perform certain steps. Such steps can include recognizing a user identity as an input for access to a secure computer resource, collecting EEG data from one or more sensors, initiating an EEG authentication process using an access management and authentication service via a Brain Computer Interface (BCI) server in communication with a BCI Authentication module upon detecting the user identity and the EEG data, forwarding the EEG data to the BCI Authentication module, receiving a result from the BCI Authentication module, notifying the access management and authentication service of the result from the BCI Authentication module, and granting access to the secure computer resource if the result is a success.
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04L 67/02 - Protocoles basés sur la technologie du Web, p.ex. protocole de transfert hypertexte [HTTP]
66.
SYSTEM AND METHOD OF ELECTROENCEPHALOGRAPHY (EEG) CONTINUOUS AUTHENTICATION AND MENTAL AND SYNCHRONY ASSESSMENTS
A system and method for authentication during a login process using electroencephalography (EEG) signals can include collecting EEG data from one or more sensors for a claimed identity, initiating an EEG authentication process comparing the EEG data with a stored model of the claimed identity, granting authentication and access to the claimed identity to a secure computer resource if the EEG data match at or above a threshold value with the stored model, maintaining authentication and access by continuous skin-contact monitoring, and performing a mental state assessment based on EEG features of the EEG data collected while the method continues to grant access to the secure computer resources while no degraded mental state is detected. The method can further perform a synchrony assessment based EEG data collected from one or more sensors from the claimed identity and from at least a second claimed identity in team collaboration.
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
H04L 67/02 - Protocoles basés sur la technologie du Web, p.ex. protocole de transfert hypertexte [HTTP]
67.
A TELECOMMUNICATION ARRANGEMENT FOR SWITCHING FROM A FALLBACK SUBSCRIPTION TO AN OPERATIONAL SUBSCRIPTION
The invention concerns a telecommunication arrangement 10 for switching from a fallback subscription 14 to an operational subscription 11-13, the telecommunication arrangement 10 comprising a first agent 16, PSA, having a list of operational profiles available for the telecommunication arrangement 10, each operational profile corresponding to a subscription from a MNO, and which of the operational profiles can be used when a telecommunication terminal comprising the telecommunication arrangement 10 enters under the coverage of an operational network, the telecommunication arrangement 10 also comprising a second agent 15, PSCA, able to configure the fallback subscription 14 in order for the first agent 16 to switch from the fallback subscription 14 to the operational network under which the telecommunication terminal enters under coverage.
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
68.
METHOD FOR SECURING AN OPERATION USING A PRIVATE KEY AGAINST SIDE-CHANNEL ATTACKS
The present invention relates to a method for securing against side channel attacks an execution of a cryptographic process comprising a modular exponentiation operation using a secret key d comprising: computing (S3) a result of said operation by: for i an integer and j is the lowest integer bigger than i such that a pair of the jthbits of the masked key and of the masking value is neither equal to (0,0) nor equal to (1,1), storing in a first accumulator and in a second accumulator at round i intermediate values obtained by performing operations on the content of the first or second accumulator depending on the values of the pair of the ithbits of the masked key and of the masking value and on the pair of the jth bits of the masked key and of the masking value.
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c. à d. une représentation de nombres sans base; Dispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
69.
DATA CARRIER WITH INDEPENDENT LIGHT SOURCE AND METHOD OF PRODUCING IT
A data carrier (1) for a secure article comprises a carrier body (2) defining an extension direction (E), and at least one light emitting element (4) being arranged in the carrier body (2). The carrier body (2) comprises at least one light guiding element (3). The light emitting element (4) is at least partially and preferably entirely arranged in the light guiding element (3). The light guiding element (3) is configured to guide light being emitted from the light emitting element (4) within the light guiding element (3) and along a transverse direction (T) extending perpendicularly to the extension direction (E).
B42D 25/00 - Cartes ou structures de type feuille portant des informations caractérisées par leurs éléments d’identification ou de sécurité; Leur fabrication
B42D 25/351 - Pièces translucides ou en partie translucides, p.ex. fenêtres
B42D 15/02 - Cartes postales; Cartes de vœux, menus, cartes commerciales ou cartes analogues; Cartes-lettres
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
70.
METHOD FOR PROVIDING A USER WITH CONTROL OVER A PAYMENT CARD
The invention is a method for providing a user (30) with control over a payment instrument (10). The method comprises the following steps: a financial application (62) hosted in a mobile apparatus (60) generates an enciphered payload (61) comprising an indicator reflecting an agreement of the user to perform a financial transaction involving the payment instrument; the financial application triggers the starting of BLE advertising by the mobile apparatus, advertising data broadcasted by the mobile apparatus comprising the enciphered payload; when engaged in the financial transaction, the payment instrument automatically checks a rule (74) and starts scanning for BLE advertising data if said rule requires a control based on the proximate presence of the mobile apparatus; and the payment instrument retrieves said indicator by deciphering the enciphered payload and contributes to the financial transaction according to the indicator.
cmcnbcmcnbxe2bcni-1x-1-1 is equal to the value 0, storing the Ne least significant bits of the intermediate value Ri as the ithcncncncmii as the jthee-bits right shift operation to the intermediate value Ri, b) performing said cryptographic algorithm using said determined polynomial result.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
72.
CONNECTION MANAGEMENT BETWEEN A USER EQUIPMENT AND A SATELLITE
The present invention relates to a method to manage connection between a user equipment having a fixed position and a satellite having a nominal visibility window for the user equipment, said nominal visibility window being preliminarily calculated by a network managing said satellite, said method comprising the following steps of, for the network: - receiving a visibility information from the user equipment, - altering the calculated nominal visibility window in function of the received visibility information, to obtain an altered visibility window, - for next connection, paging the user equipment, from the satellite, according to the altered visibility window or providing a PSM information modified according to the altered visibility window.
The present invention provides a method for determining the quality of a captured image of an identification document, wherein the identification document comprises machine-recognizable text fields, the method comprising the following steps: - identifying at least two regions of the captured image, the identified regions forming substantially the complete area of the identification document, - applying a text recognition function to the captured image and registering the text fields detected associated with each region, - determining whether at least one text field has been detected per region, and - if at least one text field has been detected in a number of regions greater than a pre-established number, then the quality of the captured image is consider as acceptable.
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06V 30/413 - Classification de contenu, p.ex. de textes, de photographies ou de tableaux
G06V 30/414 - Extraction de la structure géométrique, p.ex. arborescence; Découpage en blocs, p.ex. boîtes englobantes pour les éléments graphiques ou textuels
G06V 30/42 - Reconnaissance des formes à partir d’images axée sur les documents basées sur le type de document
74.
A METHOD FOR DOWNLOADING A PROFILE FROM A SM-DP+ TO A SECURE ELEMENT AND CORRESPONDING SM-DP+
The invention concerns a method for downloading a profile from a SM-DP+ (22) to a secure element cooperating with a device (23), the SM-DP+ (22) storing profiles classified in three categories: - Preferred profile type, a profile type that has been successfully downloaded in a previous secure element; - Authorized profile type, a profile type that is authorized to be downloaded to the secure element by the MNO providing the profile type to the SM-DP+ (22); - Forbidden profile type, a profile type that has been downloaded on a previous device with failure, the method comprising: - Retrieving by the SM-DP+ (22) a device type identifier of the device (23) and selecting in the categories a Preferred profile type or an Authorized profile type in function of the device type identifier; - Downloading from the SM-DP+ (22) to the device (23) a profile selected in the Preferred profile type or Authorized profile type in function of the device type identifier.
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
A security document (1) comprises a document body (2) and at least one personalization element (3) comprising at least a first personalization partial element (4) and at least a second personalization partial element (5) being arranged at least partially above one another with respect to an extension direction (E). The first personalization partial element (4) comprises a print and the second personalization partial element (5) is configured to exhibit at least a first appearance (P1) when the security document (1) is viewed under a first viewing angle (α1) and/or when the security document (1) is illuminated under a first illumination angle (β1) and to further exhibit a second appearance (P2) when the security document (1) is viewed under a second viewing angle (α2) and/or when the security document (1) is illuminated under a second illumination angle (β2) such, that the personalization element (3) exhibits a first appearance (A1) when the security document (1) is viewed under the first viewing angle (α1) and/or when the security document (1) is illuminated under the first illumination angle (β1) and further exhibits a second appearance (A2) when the security document (1) is viewed under the second viewing angle (α2) and/or when the security document (1) is illuminated under the second illumination angle (β2).
The invention provides a system for determining liveness of a target person comprising a frame capture module (101), a face detection module (102) and a frame quality module (103) configured to determine at least one quality feature from each frame. A quality filtering module (104) is configured to reject or accept each frame based on a comparison between a predefined capture condition and a first quality feature. A first scoring module (105) is arranged, and to determine a first score based on the detected face of a frame, if it is accepted. A second scoring module (106) is arranged to determine a second score based on at least one second quality feature extracted from a frame, if it is accepted. A fusion module (107) is configured for attributing a final score representative of liveness of the target person based on the first and second scores.
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 10/00 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos
77.
MANAGING DYNAMIC ACCESS CONTROL AND SINGLE LOG-OUT FOR CURRENT AND FUTURE SESSIONS IN FEDERATED IDENTITY MANAGEMENT SYSTEMS
Dynamically adjustment of access control in response to one or more events observed by one of the plurality of nodes. The dynamic adjustment of access control by storing, by a first node, e.g., an identity provider or service provider, dynamic access control rules defining actions the first node takes in response to event messages received from at least one other node of said plurality of nodes; receiving, by the first node, an event message from the at least one other node of said plurality of nodes; upon receiving, by the first node, the event message, determining whether the described event triggers a rule of said stored dynamic access control rules; and upon determining that the described event triggers a rule of said stored dynamic access control rules, executing the action indicated by said triggered rule.
The invention is a method for managing a biometric pattern (51) in a card (10) comprising: - the card records the biometric pattern in its memory during an enrollment phase, then identifies a pattern orientation (61) of the biometric pattern; - during a subsequent calibration phase: - the card acquires a first data (52) of a finger and if the first data matches the biometric pattern, the card identifies a first orientation (81) of the first data, computes an angle offset (64) between the first orientation (81) and the pattern orientation (61), then uniquely assigns the angle offset to the calibration orientation (41); - the card being configured to capture a second data during a subsequent presentation of a finger, if the second data matches the biometric pattern, to identify a second orientation (91) of the second data, the card being configured to consider that the second orientation (91) corresponds to the calibration orientation (41) only if the difference (94) between the second orientation (91) and the pattern orientation (61) is equal to the angle offset (64) plus or minus a predefined tolerance value (59).
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
The invention concerns a method for consolidating at least a tracking area deployment for a non-geostationary orbital satellite constellation in a system comprising a terminal 11 cooperating with a secure element 10, this method comprising: - sending 27 from the terminal 11 to a server 13, 14 of a mobile network operator through the network 12 of the mobile network operator a message comprising a tracking area list composed of one or more tracking area identifiers along with the GNSS coordinates of the terminal; - checking at the server 13, 14 if the tracking area list corresponds to the GNSS coordinates and: o if yes, consolidating a geo-localized tracking areas map at the server 13, 14; o if no, raising an inconsistency alarm for the terminal at the server 13, 14.
G01S 5/00 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de position; Localisation par coordination de plusieurs déterminations de distance
H04W 12/104 - Intégrité de la localisation, p.ex. géolocalisation sécurisée
H04W 64/00 - Localisation d'utilisateurs ou de terminaux pour la gestion du réseau, p.ex. gestion de la mobilité
A personalized medium includes at least a core layer, a magnetic stripe on the core layer, and an opaque silk-screening layer above the magnetic stripe that hides the magnetic stripe from view, where the silk-screening layer comprises iron tetroxide combined with ink. In some embodiments, the iron tetroxide comes in the form of a paste or powder having low granulometry.
B42D 25/369 - Matériaux magnétisés ou magnétisables
B42D 25/455 - Fabrication associant plusieurs couches en utilisant la chaleur
B42D 25/46 - Fabrication associant plusieurs couches en utilisant la pression
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
The present invention relates to a method for detecting a deviating model among a plurality of different models trained using a supervised learning method, said method being performed by a computer system programmed with the trained models and comprising : − acquiring a test dataset, − presenting said test dataset to each of the trained models and generating answers of each trained model to said test dataset, − performing at least one homogeneity test based on said answers generated by at least two models of the plurality of trained models, − when said homogeneity test fails, performing a predetermined action indicative that one of said at least two models has been detected as deviating with regard to the other trained models.
The present invention relates to a method for transmitting dynamic coverage availability information between a core network, comprising an access and mobility management function and collaborative with an access network having dynamic coverage, and a user equipment able to connect to the access network, the method comprising the following steps, for the access and mobility management function: - receiving a set of points characterizing anticipated positions of the user equipment, - retrieving dynamic coverage availability information for at least one point belonging to the anticipated positions of the user equipment, - sending to the user equipment a signaling message, in the Non-Access Stratum NAS layer, comprising the retrieved dynamic coverage availability information.
A system or method for using a subscriber identity module (SIM) as a pseudonym certificate authority (PCA) to anonymize and mitigate the tracking of a device having the SIM. The system or method can include one or more processors that can validate a device identity presented by the device where the SIM serves as a Registration Authority and that can issue a new certificate in response to a certificate sign request (CSR) submitted by the device where the SIM serves as a Certificate Authority (CA). In some embodiments, the SIM is an applet stored within the device. In some embodiments, the SIM acts as the PCA to generate short-live end-entity certificates dedicated to sign broadcast messages. Other embodiments are disclosed.
H04W 12/069 - Authentification utilisant des certificats ou des clés pré-partagées
H04W 4/40 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour les véhicules, p.ex. communication véhicule-piétons
H04L 9/16 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes qui sont changés pendant l'opération
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 67/12 - Protocoles spécialement adaptés aux environnements propriétaires ou de mise en réseau pour un usage spécial, p.ex. les réseaux médicaux, les réseaux de capteurs, les réseaux dans les véhicules ou les réseaux de mesure à distance
The invention is a method for managing card (10) participating to a payment transaction with a terminal. The card comprises a profile data set (51) defining two or more card payment profiles, and is configured to have at most one activated card payment profile at a time. The card comprises a payment profile repository (52) comprising two or more records (91), each of said records comprising a profile field (11) identifying a card payment profile, and one or more criterion fields (12), each of the criterion fields identifying a selection criterion. The method comprises the following steps: - getting a transaction parameter (71) intrinsic to the payment transaction, - identifying a target record comprising a selection criterion matching said transaction parameter then activating the card payment profile identified by the target record; and - performing internal treatments required for participating to the payment transaction using the activated card payment profile.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
85.
A METHOD FOR INFORMING A MOBILE NETWORK OPERATOR SERVER WHICH PROFILE OF A PROFILETYPE SHOULD BE DOWNLOADED FROM A SM-DP+ TO A SECURE ELEMENT
The invention concerns a method for informing a mobile network operator (21) server which profile should be downloaded from a SM-DP+ (22) to a secure element cooperating with a device (23), the SM-DP+ (22) storing profiles classified in three categories: - Preferred profile type, a profile type that has been successfully downloaded in a previous secure element; - Authorized profile type, a profile type that is authorized to be downloaded to the secure element by the MNO providing the profile type to the SM-DP+ (22); - Forbidden profile type, a profile type that is forbidden to be downloaded to the secure element by the MNO providing the profile to the SM-DP+ (22), the method comprising: - generating and sharing between the mobile network operator server (21) and the SM-DP+ (22) an EligibilityId and transmitting the EligibilityId from the device (23) to the SM-DP+ (22) along with information on the secure element and the device (23); - transmitting from the SM-DP+ (22) to the mobile network operator (21) server the information on the profile to be downloaded in the secure element, based on the EligibilityId and the information on the secure element and the device (23).
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
86.
A METHOD FOR SENDING DATA TO A USER EQUIPMENT COOPERATING WITH A SECURE ELEMENT AND CORRESPONDING SERVER
The present invention concerns a method for sending data to a user equipment (10) cooperating with a secure element, said method comprising: - exchanging in signaling messages information between said secure element and a server (11) acting as an AUSF/UDM in order to transmit to said secure element a temporary IMSI, wherein in consist in using the procedure for steering of user equipment in VPLMN during registration as defined by 3GPP TS 33.501 V17.5.0 (2022-03) entitled "3rd Generation Partnership Project, Technical Specification Group Services and System Aspects, Security architecture and procedures for 5G system (Release 17) in order to send from said server (11) to said secure element said data.
H04W 12/30 - Sécurité des dispositifs mobiles; Sécurité des applications mobiles
H04W 12/40 - Dispositions de sécurité utilisant des modules d’identité
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/26 - Adressage ou numérotation de réseau pour support de mobilité
H04W 60/04 - Rattachement à un réseau, p.ex. enregistrement; Suppression du rattachement à un réseau, p.ex. annulation de l'enregistrement utilisant des événements déclenchés
The invention is a method for operating a predefined treatment in a card (10) comprising a body (20) and a communication interface (15) able to operate according to ISO/IEC 7816 standard. A system comprises the card and a bio-battery removably bonded to an outer surface (22) of the body. The battery comprises two connectors (41, 42) placed opposite two connection pads (16, 17) belonging to the communication interface. The system comprises a moveable component (50) preventing the battery to power the card when placed in an initial position. The method comprises the following steps: the battery powers the card using a boot protocol different from those specified by ISO/IEC 7816 standard as soon as the moveable component is placed in a triggering position; and the card performs a detection that the physical communication interface is powered using said boot protocol and starts said predefined treatment only in case of successful detection.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
88.
IDENTITY AND PRIVACY PRESERVATION IN ASYNCHRONOUS COMMUNICATIONS
Ensuring user privacy in a publisher-subscriber communications environment. Storing, by a user-identifier mapping server, a user-identity database mapping user identity to subscriber-anonymized user identifier and subscriber identifier for users of said plurality of subscribers. Receiving, by the user-identifier mapping server, an information-request message from a subscriber, the information-request message concerning a notification message from a publisher, the notification message including an anonymized username of a first user of the publisher and wherein the username of the first user is anonymized using the one-way anonymization function. Upon receiving, by the user-identifier mapping server, the information-request message, determining from the user-identity database whether the first user is a user of the subscriber and transmitting a response message to subscriber indicating whether the first user is a user of the subscriber.
The invention relates to a secured semiconductor device and method for securing such a device, the device comprising an additional secured bus for transfer of data from/to the central processing unit to/from a primary memory or an additional dedicated memory, the additional secured bus bypassing the micro-architectural load port and/or the micro-architectural line fill buffer, and/or the cache memory, and the instructions set of the central processing unit further implements two operations for a secured transfer, a first operation allowing to securely load data in the central processing unit from the primary memory through the additional secured bus, and a second operation allowing to securely store data from the central processing unit in the primary memory through the additional secured bus.
G06F 12/02 - Adressage ou affectation; Réadressage
G06F 12/0804 - Adressage d’un niveau de mémoire dans lequel l’accès aux données ou aux blocs de données désirés nécessite des moyens d’adressage associatif, p.ex. mémoires cache avec mise à jour de la mémoire principale
G06F 12/0897 - Mémoires cache caractérisées par leur organisation ou leur structure avec plusieurs niveaux de hiérarchie de mémoire cache
G06F 12/0888 - Adressage d’un niveau de mémoire dans lequel l’accès aux données ou aux blocs de données désirés nécessite des moyens d’adressage associatif, p.ex. mémoires cache utilisant la mémorisation cache sélective, p.ex. la purge du cache
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
A method of manufacturing a smart card (1) such as a SIM card extending along an extension direction (E) comprises the steps of providing at least one reel tape (2) extending along a longitudinal direction (L), and providing a plurality of electronic chips (3) on the reel tape (2). The reel tape (2) comprises at least one electrically conductive layer (4) and at least one dielectric layer (5). The electronic chips (3) are in connection with the electrically conductive layer (4) of the reel tape (2). The method further comprises the step of laminating at least a first card body layer in reel (7) to the reel tape (2) and laminating at least a second card body layer in reel (8) to the first card body layer (7). The first card body layer (7) at least partially embeds the electronic chips (3), and the second card body layer (8) covers the electronic chips (3) towards an outside.
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
A method of manufacturing a smart card (1) such as a SIM card comprises the steps of providing at least one reel tape (2) extending along a longitudinal direction (L) and laminating at least a first card body layer (5) to the reel tape (2). The reel tape (2) comprises at least one electrically conductive layer (3) and at least one dielectric layer (4). The first card body layer (5) comprises a plurality of apertures (6, 6a, …). The apertures (6, 6a, …) are configured to at least partially receive a plurality of electronic chips (7, 7a, …).
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
92.
RSIM STAND ALONE MANUFACTURING WITH LAMINATION AND WITHOUT INDEXATION
A method of producing a smart card (1) such as a SIM card extending along an extension direction (E) comprises the steps of providing at least one reel tape (2) extending along a longitudinal direction (L), and providing a plurality of electronic chips (3) on the reel tape (2). The reel tape (2) comprises at least one electrically conductive layer (4) and at least one dielectric layer (5). The electronic chips (3) are in connection with the electrically conductive layer (4) of the reel tape (2). The method further comprises the step of laminating at least one card body layer (6) to the reel tape (2). The card body layer (6) extends entirely across the electronic chips (3) when seen along the longitudinal direction (L).
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
The present invention relates to a network function referred to as the integrated coverage management network function in a fifth-generation network core configured to operate in collaboration with a satellite system having dynamic coverage, the network core collaborating with an access network (RAN), the coverage management network function meeting the requirements defined for an architecture based on the services for a network function, this coverage management network function further being configured to collect coverage information via the satellite system, to process this coverage information according to at least one geographical area defined by another network function of the network core, the coverage management network function meeting the requirements defined for an architecture based on the services in order to generate and provide real-time information on the availability of the access network to said other network function of the network core.
H04L 41/00 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets
H04W 4/00 - Services spécialement adaptés aux réseaux de télécommunications sans fil; Leurs installations
A data carrier (1) for a secure article such as a passport comprises a carrier body (2), and at least one security element (3) being provided on the carrier body (2). The security element (3) comprises at least one surface structure extending along at least one extension direction (E) and at least one print (5) being at least partially arranged on the surface structure. The security element (3), in the region of the surface structure, is configured to exhibit different appearances when being observed under different viewing angles.
Provided is a method for classifying a type (151) of identification (ID) document (102) by way of Artificial Intelligence (AI) deep machines. An inference phase (100) is disclosed for detecting (200) and identifying (300) said type (151), applying a nearest neighbor search (321) within the reference database (322), and from results of said search (321), presenting a list (150) of ID document types (151) ranked (323) according to a most probable match of the ID document (102). A training phase (400) is disclosed for acquiring learned information of said types from a dataset (161) of images, building AI models for each of location (CNN 210), orientation (CNN 230) and recognition (CNN 310), and creating a reference database (322) of embedding vectors.
The present invention relates to a method for a secure execution of a first instruction by a processor of an electronic system comprising at least one memory configured to be coupled to the processor, and said processor comprises processor registers (103) and executions units comprising a load and store unit (104a), said method comprising: − fetching (S1) said first instruction in an execution pipeline of the processor, − determining (S2) if said first instruction to be executed is a load instruction to be protected for loading protected data and associated security information from said at least one memory to the processor registers or a store instruction to be protected for storing protected data and associated security information from the processor registers to said at least one memory, − when said first instruction to be executed is a load instruction to be protected or a store instruction to be protected, executing sequentially by said processor at least a first operation (S4), a second operation (S5) and a third operation (S6), wherein : • when said first instruction is a load instruction to be protected, said first operation is a load operation for loading said protected data from said at least one memory to said load and store unit, said second operation is a load operation for loading said security information associated to said protected data from said at least one memory to said load and store unit, and said third operation is a write operation for copying said protected data and said associated security information from said load and store unit to the processor registers, • when said first instruction is a store instruction to be protected, said first operation is a write operation for copying said protected data and said associated security information from the processor registers to said load and store unit, said second operation is a store operation for storing said copied protected data from said load and store unit to said at least one memory and said third operation is a store operation for storing said copied associated security information from said load and store unit to said at least one memory, said security information associated to protected data being data enabling to transform said protected data into plain data and/or integrity data enabling to verify integrity of said protected data.
G06F 9/30 - Dispositions pour exécuter des instructions machines, p.ex. décodage d'instructions
G06F 21/72 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information dans les circuits de cryptographie
G06F 21/79 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données dans les supports de stockage à semi-conducteurs, p.ex. les mémoires adressables directement
The present invention relates to a method for securing a biometric recognition of a user to be recognized against one or more templates Tj, with j in [0, J-1] and J a non zero integer, corresponding to registered users identities, using a biometric sample of said user, in a biometric recognition system (100) comprising a plurality of computation devices (102), a global scoring computation device (104) and a recognition device (105), wherein each of said templates is split, using an additive splitting modulo a predetermined integer N, into a plurality of template shares TH stored in said computation devices, with i in [0, n-1 ] and n a non zero integer, said method comprising, for said at least one template Tjii jSi i (Tii jj PP. - by said global scoring computation device, computing a global scoring for said at least one template by combining said shares of the global scoring computed for said template by said plurality of computation devices according to the formula: (I), - by said recognition device, recognizing said user to be recognized based on said global scorings computed for said at least one template.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
98.
METHOD FOR EXECUTING AN AUTHENTICATION OF A USER FOR A TRANSACTION
The invention is a method for executing an authentication of a user (50) for a transaction. A card captures (S20) a biometric data from the user and checks said biometric data passes an anti-spoofing test. The card retrieves (S30) a security indicator (28) updated during a previous transaction, and if said biometric data passed the anti-spoofing test, the card updates (S40) the security indicator by using a measured spoofing score computed during the anti-spoofing test. The card generates a result (12) by checking (S50) whether the security indicator complies with a pre-established safety rule (27) and selects (S60) a security policy (23) depending on the result. The card contributes (S70) to the authentication of the user according to the security policy or reject (S80) the authentication.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p.ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06K 19/073 - Dispositions particulières pour les circuits, p.ex. pour protéger le code d'identification dans la mémoire
G06Q 20/40 - Autorisation, p.ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasin; Examen et approbation des payeurs, p.ex. contrôle des lignes de crédit ou des listes négatives
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
A connection device (1) for connection to a data device (2) and for connecting the data device (2) to a secure article comprises at least one security element (4) that is produced by ultrasonic welding. A data carrier (3) for a secure article comprises such a connection device and at least one data device (2). A secure article comprises or consists of such a data carrier (3).
The invention concerns a secure element application for triggering a mobile equipment to perform preferred network selection procedure to attach to a private network after an optimum period of time and after at least a specific location change, the optimum period of time and the specific location changes being learnt from a continuous learning phase, the application comprising instructions for, during the continuous learning phase: – attempting to attach to the private network though successive trials of: - known methods to trigger the mobile equipment to perform network selection, or - trigger the mobile equipment to perform network selection at known locations where the private network is expected to become available, or - varying the time and frequency to trigger the mobile equipment to perform network selection after a given location change, the optimum period of time being derived from previously recorded time periods, measured from the location change event until a successful switch to the private network.
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 48/18 - Sélection d'un réseau ou d'un service de télécommunications