A method of producing a data carrier (1) comprising at least one target element (2) comprises the steps of i) arranging a processing layer (3) and a background layer (4) above one another, ii) irradiating electromagnetic radiation (R) onto the processing layer (3), wherein the processing layer (3) at regions of impingement of the electromagnetic radiation (R) is cut and sealed to the background layer (4), and iii) removing the processing layer (3) after the irradiation of the electromagnetic radiation (R), wherein a remaining part (5) of the processing layer (3) being sealed to the background layer (4) remains on the background layer (4), whereby the at least one target element (2) is formed.
The invention relates to non-volatile memory circuit comprising a plurality of memory cells, a synchronization circuit for providing internal synchronization signals for controlling read amplifiers and performing a read operation on at least one of the memory cells when a reading signal is activated. The non-volatile memory comprises at least one check circuit (390), said check circuit (390) receiving at least one internal synchronization signal (ATD, SEN, DLA) and providing at least one check signal (CHKATD, CHKSEN, CHKDLA), said check signal toggling each time an internal synchronization signal (ATD, SEN, DLA) comprises an active edge.
G11C 16/22 - Circuits de sécurité ou de protection pour empêcher l'accès non autorisé ou accidentel aux cellules de mémoire
G11C 7/24 - Circuits de protection ou de sécurité pour cellules de mémoire, p. ex. dispositions pour empêcher la lecture ou l'écriture par inadvertanceCellules d'étatCellules de test
G11C 16/26 - Circuits de détection ou de lectureCircuits de sortie de données
G11C 7/22 - Circuits de synchronisation ou d'horloge pour la lecture-écriture [R-W]Générateurs ou gestion de signaux de commande pour la lecture-écriture [R-W]
G11C 7/12 - Circuits de commande de lignes de bits, p. ex. circuits d'attaque, de puissance, de tirage vers le haut, d'abaissement, circuits de précharge, circuits d'égalisation, pour lignes de bits
G11C 16/24 - Circuits de commande de lignes de bits
The invention relates to a non-volatile memory circuit (300) comprising a plurality of memory cells (MCj,i), a plurality of bit lines (BLi) and a plurality of word lines (WLj to WLj+2), each memory cell (MCj,i) comprising a floating gate transistor (Tfg) for memorizing a bit value and being located at the intersection of a bit line (BLi) and of a word line (WLj), said non-volatile memory circuit (300) comprising a polarization circuit (360) for polarizing the bit lines (BLi) with a constant current, and reading amplifiers (370) connected to bit lines (BLi) for reading the value of memory cells (MCj,i) selected by one of the word lines (WLj). The memory circuit (300) further comprises an attack detector (390) comprising at least one detection circuit (391) having a first input terminal connected to at least one bit line (BLi) for detecting an abnormal voltage on the bit line (BLi) and for providing an alarm signal (ALARM) on an output terminal when the abnormal voltage is detected.
G11C 16/22 - Circuits de sécurité ou de protection pour empêcher l'accès non autorisé ou accidentel aux cellules de mémoire
G11C 16/26 - Circuits de détection ou de lectureCircuits de sortie de données
G11C 7/24 - Circuits de protection ou de sécurité pour cellules de mémoire, p. ex. dispositions pour empêcher la lecture ou l'écriture par inadvertanceCellules d'étatCellules de test
The invention is a method for managing a contactless financial transaction involving a payment instrument (10) assigned to a user (50) and comprising both a sensor (52) and a contactless unit (16) able to communicate a in contactless mode with a payment terminal. During a first tap, the payment instrument gets a transaction data (61) from the payment terminal, and during a second tap after the first tap, the payment instrument sends to the payment terminal a decision data (71) reflecting an agreement or a refusal of the user to pursue the transaction. The payment instrument comprises a wireless unit (15) for communicating with a personal equipment (30). During the first tap, as soon as the payment instrument detects an electromagnetic field, the payment instrument immediately powers the wireless unit, then sends the transaction data to the personal equipment.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/073 - Dispositions particulières pour les circuits, p. ex. pour protéger le code d'identification dans la mémoire
5.
SYSTEM AND METHOD TO BRING AUTHENTICITY IN THE COMMUNICATION BETWEEN MOBILE CLIENT AND SERVER
A system (100) and method (800) for verifying the authenticity of communication between a mobile client (102) and a server (106) includes creating (802) a self-signed application binding certificate (104), establishing (804) a secure channel to communicate the application binding certificate with an application binding service (302), validating (806) the application binding certificate by the application binding service to register a public key at the server, setting (807) a validity and expiration for the application binding service, and sending (808) validation of the binding to the client. The system and method after successful binding, can sign (810) all sensitive requests at an HTTP level by the application binding private key that is verified by the application binding service ensuring the request's origin from a rightful mobile application and return (812) a verification status and application binding public key Id by the application binding service to a Backend Service (312).
H04W 12/48 - Dispositions de sécurité utilisant des modules d’identité utilisant la liaison sécurisée, p. ex. liant de manière sécurisée les modules d'identité aux dispositifs, aux services ou aux applications
H04W 12/069 - Authentification utilisant des certificats ou des clés pré-partagées
The invention relates to a method for detecting a reading error caused by a photoelectric or radiative attack of a non-volatile memory having memory cells (MCj,i) connected to at least one bit line (BLi), and comprising each a floating gate transistor, wherein the reading of a memory cell (MCj,i) is made by pre-charging a bit line (BLi) to a preload voltage and comparison of the bit line voltage to this preload voltage after a reading time during which a selected cell (MCj,i) charges or discharges the bit line (BLi) polarized by a constant current, the constant current being provided by a reference generator (320), characterized in that the detection of the photoelectric or radiative attack is made by a monitoring of the constant current, and wherein an alarm signal (ALARM) is provided when an abnormal constant current is detected.
G11C 16/22 - Circuits de sécurité ou de protection pour empêcher l'accès non autorisé ou accidentel aux cellules de mémoire
G11C 16/26 - Circuits de détection ou de lectureCircuits de sortie de données
G11C 7/24 - Circuits de protection ou de sécurité pour cellules de mémoire, p. ex. dispositions pour empêcher la lecture ou l'écriture par inadvertanceCellules d'étatCellules de test
The invention concerns a method for authentication a device (102) comprising an eUICC (104). The method comprises binding in a factory the eUICC (104) with an authorized device (102) comprising the eUICC (104). The binding is performed through storing in the eUICC (104) and the authorized device (102) at least a cryptographic key permitting to authenticate the authorized device (102) by the eUICC (104). The method comprises authenticating, upon an occurrence of an event, the device (102) by the eUICC (104) by performing a cryptographic operation and, if the authentication fails, determining that the device (102) comprising the eUICC (104) is not the authorized device (102), and, if the authentication is successful, determining that the device (102) comprising the eUICC (104) is the authorized device (102).
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 12/02 - Protection de la confidentialité ou de l'anonymat, p. ex. protection des informations personnellement identifiables [PII]
H04W 12/04 - Gestion des clés, p. ex. par architecture d’amorçage générique [GBA]
The invention is a method for managing a payment transaction involving a payment instrument (10) assigned to a user (50) and including both a sensor (52) and a credit transfer application (17) comprising an internal key and a first reference of a first banking. The credit transfer application receives from a payment terminal a request command (70) to authorize a money transfer from the first banking account to a second banking account assigned to a merchant. The request command comprises a transfer amount and a second reference of the second banking account. Upon receipt of the request command, the payment instrument detects whether the sensor is activated by the user or not. Only if the sensor turns out to be activated, the credit transfer application computes a signature using both the transfer amount, the internal key and said first and second references and sends the signature to the payment terminal.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/073 - Dispositions particulières pour les circuits, p. ex. pour protéger le code d'identification dans la mémoire
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
9.
A METHOD FOR ESTABLISHING A SECURE COMMUNICATION CHANNEL BETWEEN A MOBILE DEVICE AND AND A GNB OF A VISITED NETWORK AND CORRESPONDING EQUIPMENT
The invention relates to a method to perform a mutual authentication according to a predefined authentication scheme between a User Equipment UE and a 5G communication serving ground network in a context where the UE having a Subscription Permanent Identifier (SUPI) registered at a home network is connected via a non-geostationary satellite access in store and forward operation The invention proposes to reverse the authentication flow by initiating the authentication flow on the UE side.
The present invention relates to a method to create and manage a unique virtual identity, called ID-token, for a user. The ID-token enables user status verification across different virtual environments managed by different operators where the user has diverse identifiers. A trusted party receives and verifies personal identity data, selects parameters, and calculates the ID-token, which serves as proof of identity ownership and includes metadata for status verification. The ID-token is linked to a unique identifier and a smart contract. The ID-token and its smart contract are recorded on a blockchain accessible to virtual environment operators, with calculation data securely transferred to the user. Operators manage a banishment list of banished ID-tokens and validate registration requests by verifying the presence of ID-token in banishment list.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06Q 20/06 - Circuits privés de paiement, p. ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/12 - Architectures de paiement spécialement adaptées aux systèmes de commerce électronique
12.
A METHOD FOR INSTALLING A PROFILE ON AN EMBEDDED SIM
A virtual bound profile, created by the steps of generating by an In-Factory Binding Box a virtual eSIM, wherein the virtual eSIM comprises a virtual eSIM identifier and a virtual one-time key pair, wherein the virtual one-time key pair includes a virtual one-time public key and a virtual one-time private key; preparing by the In-Factory Binding Box an output file comprising the virtual eID and the virtual one-time public key of the virtual IFPP Key that corresponds to the virtual eSIM, and binding by a profile manager the virtual one-time public key of the output file with a profile to form the virtual bound profile. Other aspects are discussed.
The present invention provides a system or method for self-issued verifiable credentials (VC) can include a tamper-proof environment in the form of a secure element or trusted execution environment (SE/TEE) within or operatively coupled to an application and a master verifiable credential template secured and protected from unauthorized modification of credential data or from unauthorized modification of secrets of the master verifiable credential template, where the master verifiable credential template is a trusted application securely delegated by an issuer and executed inside the tamper-proof environment within a user's premises to issue a self-issued verifiable credential upon a verifiable presentation request by a verifier. The user's premises can be a client device or element such as a smart phone, a mobile phone, a subscriber identity module, a smart card, a lap top computer, a notebook computer, or a tablet computer.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
14.
SECURELY GENERATING AND MULTI-PARTY SHARING OF A ROOT OF TRUST IN A CLUSTERED CRYPTOSYSTEM
Provided is a system (100) for securely generating, and multi-party sharing of, a Root of Trust (RoT) in a clustered cryptosystem (110) by way of a secure enclave (55) within each node (50). It improves cluster loading crypto command performance such as digital signing and signature verification without use of an HSM. Each node attests to a Remote Server (40), submits a join request, and receives obfuscated key splitter logic. A different Remote Server provides a deobfuscator code to the node. Nodes share attestation information amongst themselves for joining the cluster (110). A primary node generates the RoT and splits it into partitions, which are then shared with other nodes. Each node thereafter regenerates the same RoT. Communications between secure enclaves are secured over a TLS channel. Other embodiments are disclosed.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The invention relates to a method to entrust requested data at a relying party, said requested data coming from an unsecure software component in a user equipment of a user, said user equipment having a secure component storing data hash of said data and having a pseudonym. The secure component produces a cryptogram being a concatenation of several ciphertexts successively obtained by chaining executions of a trust cryptography function using a secure component's secret key, said function being applied to successive plaintexts comprising at least the secure component's pseudonym and data hash of the data corresponding to data's references requested by the relying party which then receives and deciphers the requested data that has been enciphered by the software component using the last ciphertext concatenated in at least said cryptogram and an applicative cryptography algorithm. The cryptogram is sent to a trust service for de-concatenation and chaining executions of a trust cryptography function correlated to the trust cryptography function of the secure component to extract the secure component's pseudonym and the data hash of the data corresponding to the given data's reference in successive de-ciphered plaintexts. The method entrusts received deciphered data only if the extracted pseudonym corresponds to the received pseudonym, and if the data hash corresponding to the given data's reference extracted by the trust service corresponds to the data hash corresponding to the given data's reference calculated by the relying party.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The present invention relates to a method to manage transmission of a very small aperture terminal (VSAT UE) adapted to determine its geographical location and being in connection in new radio frequencies with a satellite access node (SAN) covering a Non-Terrestrial Network cell, where other Terrestrial Network user devices (TN UE) are active in new radio frequencies and/or where local regulations apply. Said method comprises exchanges of messages as predefined in (5G) NR RRC Connection Setup protocol, one of the predefined messages of the protocol sent from the VSAT UE to the SAN has a new field comprising at least a VSAT geographical location as determined by the VSAT UE and the SAN is configured to evaluate the interferences' situations and local regulations in the Non-Terrestrial Network cell in relation with the received VSAT UE location and to determine a transmission status to be applied to the VSAT UE accordingly. The subsequent predefined message as sent from the SAN to the VSAT UE has a new field comprising a VSAT transmission configuration command and the VSAT UE applies the transmission configuration command as received in the subsequent message.
The invention is a method for managing a monetary transaction for an amount involving a banking terminal (20) and a payment instrument (10) assigned to a user (75) and comprising a payment application (11) designed to participate to the monetary transaction in a first way by using a conventional account uniquely assigned to the user and in a second way by using a relay account uniquely assigned to another person (77). Responsive to a command (81) requesting a cryptogram to be generated, the payment instrument performs a selection procedure leading to select the second way only if a predefined condition is met. Only if the second way is selected, the payment instrument sends to the banking terminal a relay request comprising a first identifier of the relay account and requesting that the amount be paid from the relay account, subject to agreement of the person specifically for said monetary transaction.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/42 - Confirmation, p. ex. contrôle ou autorisation de paiement par le débiteur légal
A modular identity verification system includes an agent interface module (AIM) that interacts with at least one traveler interface module and one or more processors using computer instructions which when executed by the one or more processors causes the one or more processors to perform the function of arrayed parallel processing of traveler biometric inputs and credential inputs from the at least one traveler interface module and from a second traveler interface module. The traveler interface module can have one or more processors configured for at least biometric capture and recognition and for document scanning of credentials. In some embodiments, the modular identity verification system further includes a visual signaling indicating system that indicates a status to an agent and at least a waiting traveler.
The invention relates to a LED circuit breaker (23) intended to be mounted serially between a LED driver (21) and a LED source (22), the LED circuit breaker (23) comprising: - a controlled switch (231) serially mounted between the LED driver (21) and a LED source (22) for closing or opening the circuit, - a sensor (232) measuring the power provided by the LED driver (21) to the LED source (22), the sensor (232) providing a measure, - a control circuit (233) connected to the sensor (232) for receiving the measure and connected to the controlled switch (231) for controlling said switch, the control circuit (233) being configured for: o making a time integration of the measure for obtaining an illumination value (CNT) representative of a quantity of illumination, o opening the controlled switch (231) when the illumination value exceeds a predetermined threshold.
The invention provides a method for increasing the security of a FDO-compliant communication device, wherein the method comprises the following steps: • providing a hardware-based secure element comprising an IoT SAFE applet; wherein the IoT SAFE applet comprises at least one empty persistent container configured to store cryptographic data generated by the IoT SAFE applet; • providing the FDO-compliant communication device; • connecting the hardware-based secure element to the FDO-compliant communication device; • generating, by the IoT SAFE applet, a public and a private device key, the public and private keys being stored in the empty container of IoT SAFE applet; • producing a device certificate by using the public and private device keys of the IoT SAFE applet; and • computing a Device Initialization, DI, protocol to establish a device ownership chain.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 4/70 - Services pour la communication de machine à machine ou la communication de type machine
H04W 12/069 - Authentification utilisant des certificats ou des clés pré-partagées
H04W 4/35 - Services spécialement adaptés à des environnements, à des situations ou à des fins spécifiques pour la gestion de biens ou de marchandises
The invention is a method for manufacturing a smart card (10) including a card body (11) in which the body is provided with an antenna (30), first and second user interface sensors (24, 25) and a secure entity including a processing unit (21) having a wireless communication module (22) connected to the antenna and a sensor controller (23). The method comprises the steps of: providing the card body with a first connecting unit (26) connecting the sensor controller (23) to said first user interface sensor (24) and providing the body (ID with a second connecting unit (27) connecting the sensor controller (23) to said second user interface sensor (25); and providing the card body with an intermediate inlay (40) carrying an electrical circuit formed by a conductive wire integrated on the inlay. Said first and second user interface sensors are capacitive buttons and said electrical circuit constitutes both said first and second user interface sensors, said first and second connecting unit and the antenna.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
23.
COMPUTER-IMPLEMENTED METHOD FOR REFINED LOCALIZING AN IRIS OF AN EYE
The invention relates to a first computer-implemented method (1) for localizing an iris (20.0) of an eye (2), wherein said first computer-implemented method (1) comprising: - a detection of a first position (B1) of the iris (20.0) within a first image (11) of an eye (2), - a cropping of said first image (11) according to said first position (B1) so as to obtain a second image (I2), - a detection of a second position (B2) of the pupil (20.1) of said eye (2) based on said second image (I2), - a coarse estimation of the pupil (20.1) based on said second position (B2) of the pupil (20.1), - a refined localization of said iris (20.0) based on said first image (11) and on said pupil's coarse estimation.
G06V 10/25 - Détermination d’une région d’intérêt [ROI] ou d’un volume d’intérêt [VOI]
G06V 10/46 - Descripteurs pour la forme, descripteurs liés au contour ou aux points, p. ex. transformation de caractéristiques visuelles invariante à l’échelle [SIFT] ou sacs de mots [BoW]Caractéristiques régionales saillantes
G06V 40/18 - Caractéristiques de l’œil, p. ex. de l’iris
24.
METHOD FOR SECURELY PROTECTING EXECUTION OF A SOFTWARE CODE AGAINST FAULT INJECTION ATTACKS
The present invention relates to a method for protecting execution of a function of a software code against fault injection attacks, said method being performed by an electronic system comprising a hardware processor and comprising performed by said hardware processor: - a) saving (S1) an initial context of said function to be executed, - b) successively executing at least two times said function, said initial context being restored before each execution after a first one, until a comparison between at least two checksums computed from the context of said function after successive executions of the function is indicative that no effect of any fault injection attack has disturbed the last execution of said function (S2) and, - c) keeping a result of the last execution of said function as result of the function execution (S3).
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
The present invention relates to a method of securing a software code comprising at least one expression, said method generating a secure software code and comprising performed by a processor, the steps of: □ determining (S1) in the software code an expression to be protected comprising first variables, □ generating (S2) from said expression to be protected a modified expression by inserting a plurality of second variables in said expression to be protected such that said modified expression is equivalent to said expression to be protected when said second variables verify a first predetermined condition, □ generating (S3) a mixed Boolean-arithmetic expression semantically equivalent to said modified expression, □ selecting (S4) at least one variable among said second variables in said mixed Boolean-arithmetic expression and choosing a constant value for each of said at least one selected variable, □ partially evaluating (S5) said generated mixed Boolean-arithmetic expression by setting each of said at least one selected variable to said chosen constant value and replacing in the software code said expression to be protected with said partially evaluated mixed Boolean-arithmetic expression, □ securely ensuring (S6) that, when said partially evaluated mixed Boolean-arithmetic expression is evaluated at runtime, said first predetermined condition to be verified by said second variables is met.
A method for updating the firmware of a device while preserving a previously established set of diversification data, including creating a common firmware (FW) image for a plurality of devices and loading the FW image to the devices; generating per-device diversified data and loading the data to the devices; and for each device, generating diversified data and grouping the diversified data into a Binary Large Object (BLOB).
The invention relates to code updating method for updating a previous program code (100), the method comprising the loading of an updated program code (200) for replacing the previous program code (100) and the following steps: - allocating a duplication area (300) of non-volatile memory, - copying non-volatile data (DO(A), DL(A)) of the previous program code (100) into the duplication area after adding a signature of the data in a header of said data (DO(A), DL(A)), the signature authenticating the data to be originating from the previous program code (100), - formatting and transferring the copied data (DO(B), DL(B)) from the duplication area (300) to a non-volatile memory area (250) allocated for the non-volatile data of the updated program code (200), - validating the updated program code (200) replaces the previous program code, - releasing the non-volatile memory area (150) allocated for the non-volatile data of the previous program code (100).
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
The invention relates to tamper resistant elements and, more particularly, to rollback of code operable on tamper resistant elements and selective rollback of data related to code images. The tamper resistant element according to the invention provides a mechanism for selectively retaining data from a previous version, rolling back data to a version of a program being rolled back to, or rolling back to an original version of the program.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
The present invention relates to a method for securely protecting execution of a software code against physical attacks, said software code comprising calls to a plurality of functions and, before a call to a first function among said plurality of functions, an instruction storing the address of said first function into a global variable, said method being performed by an electronic system comprising a hardware processor, a non-volatile memory and a detection system configured to detect an attack on said electronic system during an execution of a function among said plurality of functions, and comprising: - detecting (S1), by said detection system, during an execution of said first function, an attack on said electronic system, - after said detection of an attack, retrieving the address from where the first function was called, storing said retrieved address in said non-volatile memory and stopping the execution of said first function (S2), - on the next startup of the electronic system (S3): o determining if an attack has occurred during a previous execution of said first function by checking if an address of a call to said first function is stored in said non- volatile memory, o when it is determined that an attack has occurred during a previous execution of said first function, updating the software code in said non-volatile memory by replacing at said address stored in said non-volatile memory the call to the first function by a call to a function which: activates security countermeasures, calls said first function using the address saved in said global variable and deactivates said activated security countermeasures after the execution of said first function.
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
30.
METHOD AND SYSTEM FOR UPGRADING THE FIRMWARE OF A DEVICE
A method for upgrading a firmware of a device by an upgrade agent, wherein the firmware comprises a persistent data and an operating system binary code, including determining by the upgrade agent whether the device is running in a regular mode, a loader mode, or a data upgrade mode; if the device is in regular mode, requesting that the device switches to loader mode; if the device is in loader mode, loading a new version of an operating system binary code, and requesting the device to switch to data upgrade mode; and if the device is in data upgrade mode, triggering an upgrade of a preexisting persistent data, and requesting the device to switch to regular mode.
A method for providing a safe backup for an operating system (OS) of an embedded device that is in communication with a server, wherein embedded device comprises the OS and a loader, wherein the loader is a component of the embedded device that is separate from the OS, the method includes detecting that there has been an interruption in a normal operation of the OS, and engaging a safe mode of the loader, wherein the safe mode sustains connectivity between the embedded device and the server, and diagnoses an error that caused the interruption.
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p. ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
The invention provides a method of generating a digital contract between at least a first user of a first terminal and a second user of a second terminal, wherein the method comprises: - obtaining (300) contract information, the contract information comprising a first identifier associated with the first user and a second identifier associated with the second user; - generating (301), based on the obtained contract information, a digital contract having a data structure with at least a first section including terms of the digital contract and a second section comprising the first identifier and the second identifier; - giving access (302) to the generated digital contract to the first terminal and to the second terminal, in order to obtain a first digital signature from the first user and a second digital signature from the second user.
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
G06Q 20/02 - Architectures, schémas ou protocoles de paiement impliquant un tiers neutre, p. ex. une autorité de certification, un notaire ou un tiers de confiance
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06Q 30/06 - Transactions d’achat, de vente ou de crédit-bail
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
The invention is a method for authenticating a user (50) using a biometric sensor (40) comprising capturing a candidate biometric data (60) of the user and extracting candidate elements (61). Based on a ranking (12), identifying a selected group (22) of reference templates stored in the portable device and initializing an incremental matching score (13); - While an ending condition is not met, iteratively performing the steps: - Identifying a selected reference template in the selected group based on metadata previously assigned to the selected reference template during a preliminary enrollment phase; - Updating the incremental matching score with both a result of a match checking between said candidate elements and the selected reference template and a result of an overlapping check between said candidate elements and the selected reference template; - If the incremental matching score is higher than a first threshold (15), considering the ending condition is met, then: - Computing a coherence score (16) by checking that relative positions of the reference templates used to compute the incremental matching score are consistent with affine transformations between the reference templates used for computing the matching score, - then considering the user is successfully authenticated only if the coherence score is higher than a second threshold (17).
The invention is a method for relay attack protection of a transaction involving a payment instrument (10) receiving a command (71) from a coupled terminal (20); the transaction having a transaction type and an amount. The method comprises the following steps: - upon receipt of the command, the payment instrument sends, through a wireless channel, to an appliance (30) a decision request (72) comprising said amount and transaction type; - responsive to the decision request, the appliance determine an agreement or a refusal of a user using said amount and transaction type; - the appliance sends to the payment instrument a decision message (73) reflecting said agreement or refusal; - upon receipt of the decision message, the payment instrument generates a cryptogram (84) either authorizing the transaction to continue only in case of agreement or refusing the transaction only in case of refusal; then sends it to the terminal.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/18 - Architectures de paiement impliquant des terminaux en libre-service, des distributeurs automatiques, des bornes ou des terminaux multimédia
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/06 - Circuits privés de paiement, p. ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/42 - Confirmation, p. ex. contrôle ou autorisation de paiement par le débiteur légal
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
35.
A METHOD FOR EXPORTING A TELECOMMUNICATION PROFILE FROM A SOURCE SECURE ELEMENT TO A TARGET SECURE ELEMENT AND CORRESPONDING SECURE ELEMENTS
The invention concerns a A method for exporting a telecommunication profile from a source secure element (10) to a target secure element (13) through the LPAs of devices comprising the source and target secure elements (10, 13), the method comprising: - sending from the source secure element (10) its certificate and at least a signed profile ID to the target secure element (13); - verifying at the target secure element (13) the validity of the certificate based on the source certificate and signed profile ID; - if the verification is positive, sending from the target secure element (13) to the source secure element (10) a signed download request of the profile and a certificate of the target secure element (13); - at the source secure element (10), verifying the certificate of the target secure element (13) authenticity, generating a Profile Encryption Key, PEK, and a Credential Encryption Key, CEK; - Ciphering the credentials of the profile with CEK; - Ciphering the profile including the ciphered credentials with PEK; - Ciphers CEK and PEK respectively into CEK* and PEK* with the target secure element (13) public key; - Sending from the source secure element (10) to the target secure element (13) the ciphered profile and the PEK*; - at the target secure element (13), deciphering the received PEK* with its private key to obtain PEK, deciphering the profile with PEK and installing the profile; - sending from the target secure element (13) to the source secure element (10) a first signed message indicating that the profile has been installed successfully; - at the source secure element (1O), when receiving the first signed message indicating that the profile has been installed successfully, removing the profile and sending to the target secure element (13) a second signed message with the source secure element (10) private key indicating that the profile in the source secure element (10) has been removed successfully and CEK*; - at the target secure element (13), verifying the validity of the second signed message, deciphering CEK* to obtain CEK and deciphering the credentials with CEK.
Filtering subjects subject to facial image processing in a face-tracking environment by capturing at least one image using an image capture device, defining an inclusion polygon having at least three vertices such that at least one angle formed at at least one of said vertices is not a right angle, identifying a plurality of faces in said at least one image, defining a geometric shape around each said identified plurality of faces, respectively, excluding from further processing any of said identified faces with a defined geometric shape that that fails an inclusion criteria. Performing further processing on not-excluded identified faces to thereby determine an identification-linked property linked to such identified faces.
A data carrier (1), in particular a smart card, comprises a first electronic module (2) being associated with first contact elements (3, 3a,...) and a second electronic module (4) being associated with second contact elements (5, 5a,...). At least one or exactly one first contact element (3) being associated with the first electronic module (2) is in electrical connection with at least two or exactly two second contact elements (5b, 5c) being associated with the second electronic module (4).
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
A data carrier (1) for a secure article (10) extends along an extension direction (E) and along a transverse direction (T) extending perpendicularly to the extension direction (E) and comprises at least one light guiding element (2) and at least one security element (3). The light guiding element (2) is configured to guide light such that light illuminating the light guiding element (2) is guided along the light guiding element (2). The light guiding element (2) and the security element (3) are arranged such, that light being guided along the light guiding element (2) is illuminating the security element (3). The security element (3) comprises or consists of at least one light scattering element (4) being configured to scatter light upon an illumination with light by the light guiding element (2).
The present invention provides a biometric enrollment apparatus for associating biometric data to a user identity, the apparatus comprising: - a first capturing module comprising at least one biometric data capturing device; - a second capturing module comprising at least one biometric data capturing device, the biometric data of this second capturing module being of the same kind as the biometric data of the first capturing module; - a data processing module configured to ○ receive biometric data from the first capturing module, ○ receive biometric data from the second capturing module, ○ authenticating locally the biometric data from the second capturing module against the data received from the first capturing module, outputting an authentication score; wherein, only if the authentication score is above a pre-defined score, the data processing module associates the biometric data from the first capturing module to the user identity.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p. ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06V 10/98 - Détection ou correction d’erreurs, p. ex. en effectuant une deuxième exploration du motif ou par intervention humaineÉvaluation de la qualité des motifs acquis
G06V 40/50 - Traitement de données biométriques ou leur maintenance
G06V 10/80 - Fusion, c.-à-d. combinaison des données de diverses sources au niveau du capteur, du prétraitement, de l’extraction des caractéristiques ou de la classification
G06V 40/18 - Caractéristiques de l’œil, p. ex. de l’iris
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
40.
METHOD TO SECURE A SOFTWARE CODE AGAINST SUPERVISED SIDE CHANNEL
The present invention relates to a method for securing against supervised side-channel attacks a secret data stored as at least one N-bit machine word and used in a sensitive operation to be executed by a processing device among a plurality of processing devices having M-bit words architectures, with M and N integers and N < M, wherein a pool of constant values is associated to each processing device of said plurality of processing devices, each pool of constant values associated to a processing device being different than the pool of constant values associated to the other processing devices of the plurality of processing devices, said method being performed by a processor of a first processing device among said plurality of processing devices and comprising: - for each N-bit machine word of said secret data: encoding and storing in a memory of said first processing device, said N-bit machine word as a M- bit machine word comprising said N bits of said N-bit machine word and a constant value selected from said pool of constant values associated to the first processing device (S1), - executing said sensitive operation using said secret data M-bit machine words stored in said memory (S2).
The invention relates to a method of indexing a human fingerprint image. The method of the invention comprises the steps of defining a plurality of classes, each class corresponding to a local pattern of a fingerprint; building a ground truth by allowing a machine learning model to determine the inference probability to each class for acquired fingerprint images; inputting an original fingerprint image; assigning by the machine learning model to the original fingerprint image a multi-dimensional vector according to the inference probability determined for each class based on the ground-truth; generating an indexing key from the multi-dimensional vector of the original fingerprint; and indexing the fingerprint indexing key, the indexing comprising multi-stage checks including both exclusive and continuous classification checks.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
The invention provides a presentation attack detection method comprising the steps of: - receiving (801) at least one thermal image from a thermal camera; - determining (802) whether a face of a target person is detected in the thermal image or not; - if the face of the target person is detected in the thermal image, performing (806) a domain translation based on the thermal image to obtain an image in a second spectral domain, the second spectral domain being distinct form a thermal domain; - determining (807) a first category indicating whether the target person is live or spoof, based on the image in the second spectral domain; - determining (808) a final decision representative of the liveness of the target person, based on the determined first category and/or based on whether the face of the target person is detected in the thermal image.
G06V 40/40 - Détection d’usurpation, p. ex. détection d’activité
G06V 10/143 - Détection ou éclairage à des longueurs d’onde différentes
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
43.
METHOD FOR ACTIVATING A SUBSCRIPTION AND CORRESPONDING SECURE ELEMENTS
The invention concerns a method for activating a subscription by a first secure element embedded or integrated in a first device (1), the subscription being called second subscription and being installed in a second secure element embedded or integrated in a second device (2), the method comprising: - sending an activation command from the first secure element to the second secure element, through a short range channel, after having performed a mutual authentication between the first and second secure elements; - sending from the second secure element to the first secure element an acknowledgment message through the short range channel, if the second secure element receives the activation command from the first secure element; - deactivating the subscription, called first subscription, in the first secure element upon receiving the acknowledgment message; - sending from the first secure element to the second secure element a transfer acknowledgment message through the short range channel; - activating the second subscription in the second secure element upon receiving the transfer acknowledgment message.
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 12/45 - Dispositions de sécurité utilisant des modules d’identité utilisant des modules multiples d’identité
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
Securing of Internet of Things (IoT) devices by compiling IoT applications against diversified virtual machines. IoT protection sets are defined and assigned diversification parameters. A virtual machine is diversified using the assigned parameters. An IoT application is diversified against the diversified virtual machine to be solely executable by the diversified virtual machines by applying the diversification parameters associated with the virtual machines, respectively. Loading diversified object programs for the diversified IoT applications and diversified virtual machines corresponding to respective IoT devices associated with the protection sets.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p. ex. par masquage
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
45.
A SYSTEM AND METHOD FOR ACTIVATING A PROFILE OF A CONNECTED DEVICE
A method for activating a profile of a connected device of a user is disclosed. The method includes transmitting, by the service provider, a resource address to the user; accessing, by the connected device, the resource address; launching, by the connected device, an application; downloading to the mobile device, by the application, a profile; and activating on the mobile device, by the application, the profile.
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 4/50 - Fourniture de services ou reconfiguration de services
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 36/00 - Dispositions pour le transfert ou la resélection
46.
METHOD FOR CONSTRUCTING A LIMITED-USE KEY REQUIRED FOR A FINANCIAL TRANSACTION
The invention is a method for constructing a limited-use key (80) required by a payment application (10) hosted in a portable device (30) and able to perform a financial transaction for an amount. The payment application is able to construct the limited-use key in two distinct ways, the first way and the second way. During the financial transaction the payment application or a payment terminal coupled to the portable device determines that the financial transaction is a High Value Transaction (HVT) if said amount is higher than a preset threshold and considers that the financial transaction is a Low Value Transaction (LVT) in the opposite case. Then the payment application constructs the limited-use key (80) either by said first way only in case of High Value Transaction or by said second way only in case of Low Value Transaction.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
47.
REMOVABLE SECURE ELEMENT HAVING IMPERSONATION PROTECTION
The present invention relates to a removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said removable secure element being dedicated to be inserted in a mobile equipment compliant with plastic roaming connecting and authenticating automatically the mobile equipment to a serving network using the security context stored in the removable secure element as soon as the universal user identifier stored in the removable secure element is the same as the one associated to the security context on the serving network side, said removable secure element further having an application to monitor an identifier of a mobile equipment in which the removable secure element is inserted, said application implementing a retrieval of the identifier of the mobile equipment in which the removable secure element is inserted, a check of the presence of the retrieved identifier in the stored list of mobile equipment identifiers as stored, and, if the retrieved identifier is present in the list, a deletion of the security context as stored.
H04W 12/48 - Dispositions de sécurité utilisant des modules d’identité utilisant la liaison sécurisée, p. ex. liant de manière sécurisée les modules d'identité aux dispositifs, aux services ou aux applications
H04W 12/126 - Dispositions antivol, p. ex. protection contre le clonage de module d’identité d’abonné [SIM]
The present invention relates to a method for securely verifying a candidate password value derived from user credentials against a reference password value dedicated to a client application on a client device storing a try counter, said method being performed by the client application of the client device, said client device comprising : a secure hardware component storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, a first application memory storing a current try counter value of said try counter, and a second application memory storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying (S1) the current try counter value stored in the first application memory and, - b) verifying (S2) that the current signature stored in the second application memory of the client device is a valid signature of the current try counter value stored in the first application memory using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component, - c) when the verifications of the current signature and of the value of the try counter are successful: • generating (S31) a new current cryptographic key pair, • updating (S32) said current try counter value, • generating (S33) a new current signature of the updated current try counter value with the generated new current private cryptographic key of the generated new current cryptographic key pair, - d) verifying (S4) the candidate password value against said reference password value.
The present invention relates to an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) configured for monitoring side channel emissions of said secure processor, wherein: - the integrated sensor is electrically disconnected from the secure processor, - said secure processor is configured for performing a processing operation generating a specific side channel emission called trigger side channel emission, - said integrated sensor is configured such that monitoring said trigger side channel emission causes the integrated sensor to switch to an operation mode depending on said trigger side channel emission.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c.-à-d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
50.
METHOD FOR PROTECTING AGAINST SOFTWARE- BASED SIDE CHANNEL ATTACKS AN ELECTRONIC SYSTEM COMPRISING A SECURE PROCESSOR AND AN INTEGRATED SENSOR
The present invention relates to a method for protecting an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) against software-based side channel attacks targeting said secure processor using said integrated sensor, said electronic system further comprising an untrusted processor (104), a sensor register (103) isolated from said untrusted processor for storing at least one output value of the integrated sensor, a blurring device (109) connected to the sensor register and configured for outputting at least one blurred sensor output value whose bits are at least partly blurred, and a memory mapped register (110) accessible by said untrusted processor and storing outputs of the blurring device, said method comprising: - measuring, by the integrated sensor, a physical quantity representative of an activity of the secure processor to obtain a sensor output value, - storing said sensor output value into said sensor register, - generating, by said blurring device, from said sensor output value stored in the sensor register, a blurred sensor output value wherein one or more bits of said blurred sensor output value are blurred according to a blurring device configuration, - storing said blurred sensor output value in said memory mapped register.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c.-à-d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
51.
CREATION OF A DIGITAL TWIN/AVATAR ENABLING PHYSICAL PERSON IDENTIFICATION
The present invention relates to a method to create a digital twin in a virtual environment dedicated to be visually displayed in real world, said digital twin being a visual representation in the virtual environment of an entity identifiable in real world, said method comprising the steps of determining at least one parameter enabling to uniquely identify the identifiable entity represented by said digital twin, said parameter being besides stored in a secure database associating the parameter to the identifiable entity, generating a readable tag from said parameter, said readable tag being suitable to be read, in real world, from any kind of visualization of the virtual environment in real world, to retrieve the parameter and to identify the identifiable entity, inserting the readable tag in the visual representation in the virtual environment of the entity identifiable in real world, said virtual tag being permanently displayed in the virtual environment whatever is the position of the digital twin in the virtual environment.
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06Q 10/08 - Logistique, p. ex. entreposage, chargement ou distributionGestion d’inventaires ou de stocks
G06Q 50/00 - Technologies de l’information et de la communication [TIC] spécialement adaptées à la mise en œuvre des procédés d’affaires d’un secteur particulier d’activité économique, p. ex. aux services d’utilité publique ou au tourisme
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p. ex. forme, nature, code
52.
DYNAMIC SET-UP AND ENROLMENT OF A LOGICAL SECURE ELEMENT
The present invention relates to a physical secure element installed in a communication device, said physical secure element having an operating system having a supervisor adapted to create various execution environments, said supervisor being further configured to: - receive, from a specific application enrolment server managing a key ecosystem dedicated to the specific application, a command to create a Logical Secure Element, said command comprising enrolment data comprising at least a type of Logical Secure Element to be created for the specific application and a set of keys to be used for subsequent remote provisioning in relation with the Logical Secure Element to be created, - create a Logical Secure Element of the type requested in the command as an execution environment onboard the secure element.
The present invention relates to a method of secure performing, by a system comprising a processing unit and a secure element and on request by a requesting device, at least one processing operation and a function whose execution by the processing unit in the homomorphic domain does not fulfill a predetermined criteria, said method comprising : -performing (S1), by said processing unit, said at least one processing operation, in the homomorphic domain, on data encrypted using a homomorphic encryption algorithm, to generate first ciphertexts, - determining (S2) by said processing unit that execution of said function taking as inputs said first ciphertexts is to be outsourced to said secure element, - sending (S3) to said secure element said generated first ciphertexts and said function, - decrypting (S4) said first ciphertexts into first cleartexts by said secure element, - applying (S5) said function to said first cleartexts by said secure element to generate a second cleartext.
The invention is a method for enrollment of a reference (51) in a portable device (10) embedding a biometric sensor (14) in which a first phase includes the following step executed for a plurality of transactions with one or more terminals (20): - during each current transaction of said plurality of transactions, capturing a candidate biometric data (60) from a subject identifier of a user (50), assigning an indicator (58) to the candidate biometric data (60), said indicator allowing to determine if the user was successfully authenticated during said current transaction and storing the candidate biometric data and said assigned indicator in the portable device; and in that the method comprises a second phase, in which, upon detection of an event, the portable device identifies a list of candidate biometric data whose assigned indicator reflects a successful authentication of the user, and builds the reference using only said list.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p. ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
A data carrier (1) for a secure article comprises a carrier body (2) and a security element (3) being provided on the carrier body (2). The security element (3) comprises at least one image (4) being printed on at least one surface structure (5) comprising elevations (8) extending away from the carrier body (2) and/or depressions (9) extending towards the carrier body (2) and extending along an extension direction (E). The image (4) comprises at least one primary image (6) and at least one secondary image (7) being encoded in the primary image (6). The primary image (6) is observable when the data carrier (1) is viewed under a first viewing angle and a second viewing angle. The secondary image (7) is hidden when the data carrier (1) is viewed under the first viewing angle but observable when the data carrier (1) is viewed under the second viewing angle.
A METHOD FOR INDICATING TO A READER OF AN EMBEDDED SECURE ELEMENT THAT THE EMBEDDED SECURE ELEMENT HAS DATA TO BE TRANSMITTED TO THE READER THROUGH A SPI BUS, CORRESPONDING EMBEDDED SECURE ELEMENT AND READER
The present invention concerns a method for indicating to a reader (10) of an embedded secure element (11) that the embedded secure element (11) has data to be transmitted to the reader (10) through a SPI bus, Serial Peripheral Interface, the reader (10) and the embedded secure element (11) being comprised in a device, the SPI bus comprising: - a CSN line, Chip/slave select; - a CLK line, Serial Clock; - a MOSI line, Master Out Slave In; - a MISO line, Master In Slave Out; - a SPI RST line, Reset, not directly part of the SPI bus but adding a hardware way to reset the SPI bus, the method comprising sending from the embedded secure element (11) to the reader (10) on the SPI RST line a signal for indicating that the embedded secure element (11) has data to transmit to the reader (10), in order that the reader (10) fetches data stored in the embedded secure element (11).
G06F 1/24 - Moyens pour la remise à l'état initial
G06F 13/24 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant l'interruption
G06F 13/42 - Protocole de transfert pour bus, p. ex. liaisonSynchronisation
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p. ex. les dispositifs connectés à un bus ou les dispositifs en ligne
Provided is a digital Virtual Function ID Wallet (VFIDW) (150) containing a Verifiable Identity Document (VID) (131), an Identifier (161), and Verifiable Credentials (VC) (141) and keys pairs (171) associated with a workload (151) of a Virtual Function (VF) instance of a VF to be executed and trusted The VFIDW (150) along with an Identity Agent (120) provide an identity presentation by way of a VID presentation to a Relying Party (160) to enable trust with the VF for the workload (151), by adding relevant attributes from the VFIDW (150) described in security policies that prove identity and correct instantiation of the workload (151) of the VF instance. Other embodiments disclosed.
A METHOD FOR SELECTING A VIRTUAL CARD AMONG TWO VIRTUAL CARDS COMPRISED IN A SECURE ELEMENT COOPERATING WITH A TERMINAL AND CORRESPONDING SECURE ELEMENT
The invention concerns a method for selecting a virtual card among two virtual cards comprised in a secure element cooperating with a terminal, a first of the virtual cards being compliant with ISO 14443-3 and the second virtual card being compliant with ISO 14443-3 and ISO 14443-4, the secure element communicating with a NFC, Near Field Communication, reader through a CLF, Contactless Frontend, comprised in the terminal, the method comprising: - activating the first and second virtual cards by the secure element; - provisioning by the secure element the CLF with the UID, Unique Identifier, of the first virtual card; - provisioning by the secure element the CLF with the default parameters of the second virtual card, according to Amendment C of GlobalPlatform Card Specification and ETSI 102.613; - if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 but not compliant with ISO 14443-4, switching the CLF to the UID of the first virtual card, in order to establish a communication between the first virtual card and the NFC reader; if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 and compliant with ISO 14443-4, keeping the default parameters of the second virtual card in the CLF, in order to establish a communication between the second virtual card and the NFC reader.
The present invention relates to a method for securing a trained neural network against adversarial attacks in a computer system, wherein said neural network comprises an input layer, hidden layers and an output layer whose parameters are subject to training and is defined by structural elements of the neural network, comprising functions and structural parameters, which are not subject to training, the method comprising : - programming the computer system with the trained neural network, - presenting, by the computer system, a test sample to the trained neural network, - selecting a value, for said test sample, of at least one of said structural elements based on input or output values of a layer of the trained network, - updating said trained neural network by applying said selected value of at least one of said structural elements to the trained neural network, - evaluating an output of said updated trained neural network for said test sample.
The present invention relates to an infrastructure for remote profile provisioning (RSP) comprising secure elements to be provisioned, a subscription manager adapted to prepare data to be routed to secure elements to be provisioned and a ledger storing keys. Secure elements have at least an identifier, a pre-stored key corresponding to one stored in the ledger and pre- stored generic profile elements as defined in an RSP template, at least one profile element necessitating credentials for the secure element to have an operational profile. Said subscription manager is adapted to receive a request for profile provisioning comprising a secure element identifier, to retrieve a key associated to the received identifier from the ledger, to retrieve credentials to be pushed in the secure element having the received identifier, to encode the retrieved credentials using the retrieved key, to route the encoded credentials to the secure element for the secure element to decode the credentials using the pre-stored key and to complete the pre-stored profile element of the template to have an operational profile.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 12/03 - Protection de la confidentialité, p. ex. par chiffrement
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 12/40 - Dispositions de sécurité utilisant des modules d’identité
A method or system of activating an administrator managed Fast Identity Online (FIDO) authenticator can include requesting a provisioning of a FIDO authenticator in an enterprise system at an administrator level for use by an end user where the enterprise system includes a server. As part of the provisioning, the system can designate or mark the FIDO authenticator as pending activation by the end user, and restrict use of the FIDO authenticator until the end user follows an activation flow that includes confirmation of the end user identity and includes proof of possession of the FIDO authenticator. The system allows the administrator to deliver the FIDO authenticator or token that is designated or marked as awaiting activation. The end user can then activate the FIDO authenticator or token by proving their user identity and proving possession of the FIDO authenticator.
Provided is a device (100), application (14) and method for multi-direction and rotary selection of individual data entry elements of an entry field (12) for entering data in a touchscreen (11). The application (14) detects a selection and visually overlays an alphanumeric short-list (107) of single symbols oriented along a directional vector. It detects a scrolling of the short-list responsive to fingertip sliding to-or-fro in a direction of the orientated short-list. As an example a PIN may be entered in this unique manner to unlock the touchscreen of a mobile device. Other embodiments are disclosed.
G06F 3/04883 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels pour l’entrée de données par calligraphie, p. ex. sous forme de gestes ou de texte
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
H04W 12/68 - Sécurité dépendant du contexte dépendant des gestes ou des comportements
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04W 12/37 - Gestion des politiques de sécurité pour des dispositifs mobiles ou pour le contrôle d’applications mobiles
G06F 3/04847 - Techniques d’interaction pour la commande des valeurs des paramètres, p. ex. interaction avec des règles ou des cadrans
63.
FINGERPRINT INDEXING USING CONVOLUTIONAL NEURAL NETWORK
The invention provides a method of filtering fingerprint candidates, the method being carried out by an indexing module arranged to access a Convolutional Neuronal Network, CNN configured to output at least one feature of an input image. The method comprises: - processing (204) an image representative of local information of a searched fingerprint, by the CNN to obtain at least one feature for the searched fingerprint; - retrieving (205) a candidate fingerprint in a database; - determining (206) whether at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint; - if the at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint, passing (207) the at least one candidate fingerprint to a matching module for further comparison between the candidate fingerprint and the searched fingerprint.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
G06V 10/771 - Sélection de caractéristiques, p. ex. sélection des caractéristiques représentatives à partir d’un espace multidimensionnel de caractéristiques
G06V 10/772 - Détermination de motifs de référence représentatifs, p. ex. motifs de valeurs moyennes ou déformantsGénération de dictionnaires
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
The invention is a method and a system for managing a batch (95) of hardware secure elements (20, 30) comprising a global certificate (22, 32) and their own local certificate (21, 31). Each secure element involved in an offline transaction, performs one or more checks based on the local and global certificates of the two secure elements so as to minimize the size of data exchanged between them.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
65.
METHOD TO CREATE BIOMETRICS FOR A DIGITAL TWIN/AVATAR IN METAVERSE
The present invention relates to a method to create biometrics for a digital twin/avatar to be used in a metaverse platform by a metaverse user, said method comprising the steps of: choosing attributes of the digital twin/avatar as appearing in the metaverse environment; retrieving biometrics of the user of the digital twin/avatar; calculating a digital twin/avatar biometrics as a cryptographic function of the retrieved biometrics and of the chosen digital twin/avatar' s attributes; storing the digital twin/avatar biometrics associated to the digital twin/avatar's attributes in a database of the metaverse platform.
The invention proposes a method for updating applications, called previous applications, installed in a plurality of secure elements (30) comprised in a device, the method comprising sending over the air for each of the secure elements (30) a script comprising a new ELF version containing the latest version of the applications, from an update server to a system manager connected to the secure elements (30), wherein the script contains for each of the secure elements (30): - an entire AID of the new ELF version; - a partial AID identifying the previous application, the method comprising, for each of the secure elements (30): - for each secure element (30) and corresponding partial AID, loading the latest version of the application identified by the entire AID and executing the latest version of the application in each of the secure elements (30); - if the execution of at least one application fails, for each of the secure elements (30), restoring the previous application the entire AID for designing the application to be updated.
The present invention provides a facial recognition system for alleviating ambient light during image capture, the system comprising: - a stereo camera configured to capture an image and send it to a face detection module, wherein the image comprises depth information of objects within the depth of field, - the face detection module configured to identify a face based on the depth information of the received image from the stereo camera, - an processing module configured to - split the image into a facial area and a non-facial area, wherein the facial area corresponds to the identified face region by the face detection module, and - outcome exposure adjustment factors for each area, these exposure adjustment factors being calculated based at least on a brightness values comparison of both facial and non-facial areas, - a dual-regional adjustment module configured to separately adjust the exposure of both the facial and non-facial areas according to the adjustment factors, and - a face matching module configure to verify or enroll person's face identity based on the exposure-adjusted facial area.
G06V 10/60 - Extraction de caractéristiques d’images ou de vidéos relative aux propriétés luminescentes, p. ex. utilisant un modèle de réflectance ou d’éclairage
G06V 10/94 - Architectures logicielles ou matérielles spécialement adaptées à la compréhension d’images ou de vidéos
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
G06V 40/50 - Traitement de données biométriques ou leur maintenance
G06V 10/14 - Caractéristiques optiques de l’appareil qui effectue l’acquisition ou des dispositifs d’éclairage
68.
SECURE COMPUTER-IMPLEMENTED METHOD FOR PREVENTING A RECOVERY OF EMBEDDED DATA WITHIN A NEURAL NETWORK MODEL
The invention relates to a secure computer-implemented method (1) for preventing a recovery of embedded data (d) within an neural network model (NN), said neural network model (NN) comprising a plurality of layers (L), each layer (L) having a related matrix of parameters (M) and being configured to receive at least one input tensor (t1), wherein said secure computed implemented method (1) comprises: - for at least one layer (L), permuting sets (s) of parameters (P) within its related matrix of parameters (M) so as to change their initial positions (p) in said matrix of parameters (M), - applying said matrix of permuted parameters (M') to the at least one input tensor (t1) so as to generate an output tensor (t2').
G06F 7/76 - Dispositions pour le réagencement, la permutation ou la sélection de données selon des règles prédéterminées, indépendamment du contenu des données
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
The present invention relates to a method method for optimizing the execution of the generation of a Crystals-Dilithium post-quantum digital signature a of a message M with a secret key sk. The digital signature generation comprising : • a) generating a masking vector y of polynomials with coefficients less than a second predetermined value y1, • b) computing a first vector of polynomials w = Ay, • c) determining a second vector of polynomials wl and a third vector of polynomials w0, • d) generating a challenge c based on the message and the second vector of polynomials w1, • e) performing rejection tests comprising testing if test vectors generated from said vectors, said challenge and said secret key fulfill predetermined conditions, and when said conditions are not fulfilled, restarting the signature generation from step a), else generating said signature, the steps a), b), c), d), and e) being repeated until the conditions are satisfied.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
70.
SYSTEM AND METHOD FOR SECURE TRANSFER OF BIOMETRIC TEMPLATES BETWEEN BIOMETRIC DEVICES
A system or method of authenticating a biometrically protected device without prior enrollment on that device can include one or more processors and memory where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations of receiving a biometric reading, obtaining an encrypted biometric template from a server if a biometric template is not locally stored on a biometrically protected device to compare with the biometric reading, decrypting the encrypted biometric template from the server in response to a password to provide a decrypted biometric template, storing the decrypted biometric template locally on the biometrically protected device, and authenticating the biometric reading when the decrypted biometric template matches the biometric reading. The encrypted biometric template was previously uploaded to the server via an alternate biometric device.
The present invention provides a method to reinforce the security of a conventional transaction performed by a Short-Range (SR) communication-enabled chip card, wherein the chip card is paired with at least one SR communication-enabled handset, the method comprising the steps of: initiating the conventional transaction between the chip card and a reader; wherein the method is characterized in that: sending, by the chip card, an authentication request to at least one of the at least one paired handsets over an established Short-Range (SR) communication channel; receiving, by a paired handset, the authentication request and computing an authentication result granting or refusing the transaction; sending, by the handset, an authentication response to the chip card over the established channel, the authentication response comprising the authentication result; and continuing or stopping, by the chip card, the conventional transaction with the reader depending on the authentication result.
H04W 12/63 - Sécurité dépendant du contexte dépendant de la localisationSécurité dépendant du contexte dépendant de la proximité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
72.
METHOD AND DEVICE FOR SECURE ENTRY OF A CODE IN A DEVICE
The invention is a method for secure entry of a code in a device (10) comprising a touch screen (18). The method comprises the following steps: displaying two or more streams (21,…,28) on the touch screen, each of said streams comprising its own plurality of symbols and scrolling in its own direction; detecting, by the device, a set comprising two or more of said symbols, each symbol of said set being specified by a user via a tap on the touch screen; and automatically building the code from the symbols of the set by applying a predefined rule.
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p. ex. claviers, souris ou commandes desdits claviers ou souris
73.
POSITIONING A COMMUNICATING USER EQUIPMENT WITHIN A NONTERRESTRIAL NETWORK USING A DILUTION OF PRECISION COMPUTED BY THE NETWORK
The present invention relates to a method for managing the determination of the positioning of a communicating user equipment having at least one non- geostationary satellite in view and appearing present at a network node, the method comprising the steps of, for an entity of the network: - determining a reference positioning of the user equipment; - computing at least one dilution-of-precision prediction computed as a function of ephemeris data of the satellite(s) concerned for at least one future instant and reference positioning of the user equipment; - comparing the dilution prediction with a maximum threshold; - reporting the determination of the non-accessible positioning in case of predicted dilution of precision greater than the maximum threshold; - otherwise, sending to the network node and to the user equipment instructions to perform a multi-round-trip time measurement procedure at the future instant.
G01S 5/00 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance
G01S 13/76 - Systèmes utilisant la reradiation d'ondes radio, p. ex. du type radar secondaireSystèmes analogues dans lesquels des signaux de type pulsé sont transmis
G01S 13/87 - Combinaisons de plusieurs systèmes radar, p. ex. d'un radar primaire et d'un radar secondaire
G01S 19/38 - Détermination d'une solution de navigation au moyen des signaux émis par un système de positionnement satellitaire à radiophares
G01S 7/00 - Détails des systèmes correspondant aux groupes , ,
G01S 5/02 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques
G01S 5/14 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques déterminant des distances absolues à partir de plusieurs points espacés d'emplacement connu
H04W 64/00 - Localisation d'utilisateurs ou de terminaux pour la gestion du réseau, p. ex. gestion de la mobilité
The invention is a system for managing a financial transaction between a payment terminal and a card. Upon a first tap with the terminal, the card gets a transaction data from the terminal. The card comprises a parameter indicating whether a three-tap option is enabled and monitors the parameter during the first tap. If the card detects that the three-tap option is enabled: it records a first indicator indicating that the transaction is in progress; in response to a second tap with a personal device, the personal device gets a subset of the transaction data and the card records a second indicator indicating that the card sent the subset, the personal device provides a user with the subset, in response to a third tap with the payment terminal, the card uses said first and second indicators for performing a check specified by a security policy specifying that the transaction should be in progress and the subset should have been. In case of successful check, the card continues treatments required by the transaction or rejects the transaction in case of unsuccessful check.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
75.
SECURE ON-BOARDING OF PERSONAL ATTRIBUTES ON AN EXTERNAL ENTITY
The invention provides a method for on-boarding at least one personal attribute of a user to an external entity, the method comprising: - authenticating, by a token of the user, to an issuing system; - if the token is authenticated, computing by the issuing system the following steps: o retrieving the at least one personal attribute of the user; o generating a master key, and deriving out as many derived keys as personal attributes are retrieved; o encrypting each personal attribute with a respective derived key; - sending, by the issuing system, the master key to the token, the token storing the master key; and - sending, by the issuing system, the at least one encrypted personal attribute to the external entity, the external entity storing the set of at least one encrypted personal attribute of said user.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/43 - Authentification de l’utilisateur par des canaux séparés pour les données de sécurité par des canaux sans fil
76.
A METHOD FOR SECURING A CENTRAL PROCESSING UNIT PIPELINE
The invention relates to a method for securing a central processing unit pipeline. According to the invention, the method comprises the steps of providing an integrity pipeline supervisor (IPS) comprising a decoder and a checker; providing the integrity pipeline supervisor with the instruction of the computer program; allowing the decoder of the integrity pipeline supervisor to decode the instruction provided to the integrity pipeline supervisor in order to obtain the decoded instruction structure; providing the checker with the structure of the instruction decoded by the decoder of the integrity pipeline supervisor; providing the checker with the structure of the instruction decoded by the decoder of the central processing unit; allowing the checker to compare the structure of the instruction decoded by the decoder of the integrity pipeline supervisor and the structure of the instruction decoded by the decoder of the central processing unit; and allowing an alarm indicator to be triggered if, as a result of the comparison, the checker detects a discrepancy between the structures.
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 11/16 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 9/30 - Dispositions pour exécuter des instructions machines, p. ex. décodage d'instructions
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
77.
EMBEDDED CHARACTERIZATION AND MEASUREMENT ENGINE FOR A VIRTUAL FUNCTION
The invention relates to an embedded characterization and measurement engine (CME1) for a virtual function (VF) within an infrastructure (I), wherein said embedded characterization and measurement engine (CME1) is configured to: - when the virtual function (VF) is instantiated within said infrastructure (I) and is running within said infrastructure (I), compute a fingerprint (F1) based on static characteristics (C1), said static characteristics (C1) being extracted from the whole or parts (P1) of the virtual function (VF), - perform a local attestation (A1) by comparing said fingerprint (F1) with an initial fingerprint (F0) or transmit said fingerprint (F1) to a distant verifier (V) for a remote attestation (A2), - if the fingerprint (F1) is different from said initial fingerprint (F0), sending a notification (N1, N2) to an external entity (E) for future action (Ac).
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
The present invention provides a smartcard configured to perform at least contactless transactions when powered by a terminal radiofrequency field, wherein the smartcard comprises: at least one touch sensor which activation is based on charge transfer, each of the at least one touch sensor comprising an electrode adapted to change its capacitance upon being touched by a human body part, a touch-sensing controller configured to measure the capacitance value of each of the at least one electrode and compared them with a reference value, wherein one of the at least one touch sensor is considered as being touched when the measured capacitance value is higher than the reference value.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
G06F 3/044 - Numériseurs, p. ex. pour des écrans ou des pavés tactiles, caractérisés par les moyens de transduction par des moyens capacitifs
H03K 17/955 - Commutateurs de proximité utilisant un détecteur capacitif
The invention provides a method for on-boarding at least one personal attribute from a token to an external entity (200), the method comprising: - authenticating (204) the external entity by the token; - if the external entity is authenticated, computing (206) at least one shared session key by both the external entity and the token; - ciphering at least one personal attribute stored by the token based on the at least one shared session key; - on boarding the at least one personal attribute from the token to the by transferring (207) the ciphered at least one personal attribute to the external entity, on a communication link between the token and the external entity.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The invention provides a method for determining liveness of a target person comprising: obtaining (511; 512) a series of n frames from a sequence of frames acquired by a frame capture device, n being equal to or greater than 2, at least some of the frames representing the target person. The n frames are processed by a multi-branch convolutional neural network, by determining (514.1) a first partial score for the series of n frames, determining (514.2) a second partial score for the series of n frames and determining (515) a fusion score based on the first and second partial scores, said fusion score being representative of liveness of the target person. The first partial score is determined based on first features among local spatial features, on global spatial features or on temporal features, and wherein the second partial score is determined based on second features that are different from the first features.
The invention is a method for managing a batch of secure elements comprising their own temporary trust code. When a point-to-point transaction occurs between a first and a second secure elements (22, 23), of the batch, the first secure element computes a result of a one-way cryptographic function applied tothe temporary trust code stored in the first secure element, then sends to the second secure element a transaction message (30) comprising the result and a transaction data. Following receipt of the transaction message, the second secure element performs a temporary trust code control to verify whether the result has been computed using a temporary trust code equal to the temporary trust code stored in the second secure element. If the temporary trust code control is positive, the second secure element accepts the point-to-point transaction, else depending on a risk assessment performed by the second secure element, transaction is rejected or accepted.
G06Q 20/06 - Circuits privés de paiement, p. ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
82.
A METHOD FOR GENERATING AN UNLINKED PROGRAM CODE TO BE TRANSFERRED FROM A SOURCE DEVICE TO A TARGET DEVICE
The present invention proposes a A method for generating an unlinked program code to be transferred from a source device to a target device, the source device comprising a program code linked to the device, called linked program code, the method comprising: - detecting bytes in the linked program code, the bytes belonging to a program to be transferred from the source device to the target device; - generating a Component, called Reverse Link Component, comprising bytes of the unlinked program code that have to be modified by the target device, by creating a linked program code, the bytes being concatenated in the Reverse Link Component in the order in which they are linked in the program code; - regenerating the unlinked program code to be transferred from the source device to the target device by using the Reverse Link Component, wherein the Reverse Link Component is created by: • using the Reference Location Component of a Cap file, the Reference Location Component indicating bytes of the Method Component to be linked, the bytes being ordered as they are linked in the Method Component, or • parsing the Method Component of a Cap file and detecting in the Method Component Javacard instructions preceding bytes to be linked.
This method for provisioning a user equipment with information of an end operator, the user equipment - UE - being equipped with an embedded universal integrated circuit card - eUICC - and with a radio module, is characterized by: deploying (205) a private mobile telephony network, connected to an IP network hosting a server storing said information; having an identifier management equipment of the private mobile telephony network dynamically assign (230) at least one temporary subscription identifier (IMSI) to the eUICC residing in the UE; connecting (240) the UE to the IP network via the private mobile telephony network using said at least one temporary subscription identifier; downloading (250) said information from the server; and disconnecting (260) the UE.
The present invention proposes a method for provisioning a user equipment 10 with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder 12 and a gNB/AMF or a eNB/MME, the method comprising: a) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a provisioning request; b) Establishing a PLS key between the user equipment 10 and the gNB/AMF or eNB/MME 11 thanks to Physical Layer Security; c) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a message comprising data permitting to identify the user of the user equipment and/or the user equipment 10, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; d) Sending from the gNB/AMF or eNB/MME 11 to the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; e) Verifying at the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; f) If the verification is positive, allocating at the credentials holder 12 a unique subscription identifier to the user equipment 10 and generating corresponding keys and security parameters; g) Sending from the credentials holder 12 to the gNB/AMF or eNB/MME 11 the unique subscription identifier, the corresponding keys and the security parameters; h) Sending from the gNB/AMF or eNB/MME 11 to the user equipment 10 in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the corresponding keys and the security parameters, the credentials comprising the subscription identifier, the corresponding keys and the security parameters.
The invention proposes a A method for provisioning a user equipment (10) with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder and a gNB/AMF or a eNB/MME, the method comprising: a) Sending (40) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a provisioning request; b) Establishing (41) a PLS key between the user equipment (10) and the gNB/AMF or eNB/MME (11) thanks to Physical Layer Security; c) Generating (42) at the user equipment (10) a master key; d) Sending (43) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a message comprising data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; e) Sending (44) from the gNB/AMF or eNB/MME (11) to the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key; f) Verifying (45) at the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10); g) If the verification is positive, allocating at the credentials holder (12) a unique subscription identifier to the user equipment (10) and generating corresponding keys, security parameters and a key derivation function; h) Sending (46) from the credentials holder (12) to the gNB/AMF or eNB/MME (11) the unique subscription identifier, the security parameters and the key derivation function; i) Sending (47) from the gNB/AMF or eNB/MME (11) to the user equipment (10) in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the security parameters and the key derivation function; j) Generating (48) at the user equipment (10) final keys, the credentials comprising the unique subscription identifier, the security parameters and the final keys.
The present invention relates to a method for securing against physical or logical attacks a software code comprising a first sequence of instructions performing, when executed by an execution device, a function declaring a plurality of local variables to allocate a memory space of a memory stack to each local variable, said method being performed by a first processor of a securing device and comprising the steps of: - identifying (S1 ) said plurality of local variables allocated in said function, - generating (S2) in the software code a second sequence of instructions, which, when executed at runtime by a second processor of said execution device, at each call of the function after said local variables have been declared : • determines (E1) randomly a permutation P, •shuffles (E2) the locations of the memory spaces allocated in said memory stack to said identified local variables by applying to them said determined permutation.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p. ex. par masquage
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
87.
CONNECTIVITY MANAGEMENT IN DEVICES COMPLIANT WITH SEVERAL TECHNOLOGIES
The present invention relates to a method to manage connectivity of a device having a native air interface enabling the device to connect to several networks of different technologies. The device, before entering in power saving mode, determines a technology to be used on the native air interface for subsequent power saving mode period, register at a central node active in relation with wake-up management nodes of the different technologies to centralize all wake-up triggers from the different technologies, said registration comprising an indication of the determined technology. The device, once entered in power saving mode, keeps active only the determined technology on the native air interface, and, for all wake-up triggers, is paged by the network using the determined technology on the native air interface.
The invention concerns a method for the relink of software components installed on a device being updated, the device comprising a CAP file, the method comprising creating a CAP file component, called Link Component (30), the Link Component (30) comprising a proprietary Constant Pool part (31), built by using the original Constant Pool component of the CAP file, and a proprietary Reference Location part (32), built by using the original Reference Location Component and the original Method Component of the CAP file.
The present invention relates to a method of securing a java software code to be run by a Java Virtual Machine comprising at least one call to a native method of a native language library, using a unique entry point, called JNI_OnLoad entry point as an interface between the java software code and the native language library and configured to register, to the Java Virtual Machine, native methods of the native language library, said method generating a secure native language library and comprising performed by a processor : - defining (S1) in the native language library a method, called JNI_OnLoad method, which when executed at runtime, when the native language library is loaded by the Java Virtual Machine, is configured for registering useless native methods of the native language library, - inserting (S2) in the native language library calls to a plurality of constructors, one of them being configured to trigger a thread, called zJNI thread, which is configured for, when executed at runtime, unregistering said useless native methods and registering said at least one native method of the native language library to be called by the java software code.
The invention concerns a method for recycling a smart card comprising the steps of: - inserting the smart card in a slot / card reader of an ATM (Automated Teller Machine), - requesting the recycling of the smart card, - conveying the smart cart to a punching platform of a card recycling device, said punching platform comprising a punch and an opening in alignment with said punch, - conveying at least part of the smart card to a recycling compartment.
G07F 19/00 - Systèmes bancaires completsDispositions à déclenchement par carte codée adaptées pour délivrer ou recevoir des espèces ou analogues et adresser de telles transactions à des comptes existants, p. ex. guichets automatiques
G06Q 10/30 - Administration du recyclage ou de l’élimination des produits
The invention is a method for providing a cardholder (50) with control over a payment instrument (10) wherein a payment instrument issuer stores a first set of security parameters in the payment instrument. During a customization phase, the cardholder configures and stores a second set (12) of security parameters in the payment instrument. During a transaction phase subsequent to the customization phase, a financial transaction starts with a terminal (20). The payment instrument checks which condition of the first set is satisfied by the transaction parameters received from the terminal and selects the security rule associated with the satisfied condition as a first selected security rule. The payment instrument checks which condition of the second set (12) is satisfied by the transaction parameters and selects the security rule associated with the satisfied condition as a second selected security rule and applies both said first and second selected security rules to the transaction.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
92.
OPTICAL VARIABLE ELEMENT BASED ON DIFFRACTIVE MOIRE PATTERNS
A personalized medium includes a core layer having at least a clear window or transparent portion, at least a first diffraction grating on an upper surface or a lower surface of the core layer, and a second diffraction grating on an opposing side of the core layer from the first diffraction grating, wherein the first and second diffraction gratings create a Moire pattern.
The invention concerns a method to allow traceability of USIM profile transfer from a source device 10 to a target device (11), the method comprising: - Performing (13) a mutual trust verification of the target device (11) by the source device (10) and vice versa; - Generating (14) a derivation data at the source device (10), the derivation data being verifiable by a remote server (12) connected to the home network of the source device (10); - Deriving (15) at the source device (10) a new long-term-key (K') from the source long term-key K of the source device (10) and the derivation data; - Generating (16) at the source device (10) a new USIM profile including the derived long-term-key K' and the derivation data; - Protecting (17) in confidentiality and integrity the new profile based on the target device (11')s public key in order to obtain an installation package; - Transferring 18 the installation package to the target device (11); - Deactivating (23) the source USIM profile at the source device (10) if the installation of the installation package at the target device (11) is successful; - Sending (25) from the target device (11) to the remote server (12) in a registration request as specified in 3GPP TS 23.501 at least its IMSI and the derivation data; - Retrieving (27) at the remote server (12) the source long term-key K of the source device (10) and the derivation data associated to the IMSI; - Verifying (28) the validity of the received derivation data based on subscription information associated to the IMSI by the remote server (12); - Deriving (29) a new long term-key K* from the source long-term key K and the received derivation data; - Performing (30) the authentication of the target device (11) based on K* and retrieved subscription data associated to the IMSI as specified in 3GPP TS 33.501; - If K* equals K', updating (32) at the home network its local subscriber information associated to the IMSI including the long-term-key associated to the IMSI with the new value of K*.
A media card (200 or 300) with an tunable inductive antenna pattern (203) includes an area (204) configured for receiving a wireless chip (306a, 306b, or 306d) operating at one of several given frequencies and an antenna with an antenna pattern printed on a core layer (202) and printed on the area configured for receiving the wireless chip, where the antenna pattern includes one or more selectable conductive extension segments (206a- 206g) In some embodiments, the one or more selectable conductive extension segments are selectively removed to tune the antenna for a frequency for the wireless chip operating at one of several given or predetermined frequencies.
H04B 5/00 - Systèmes de transmission en champ proche, p. ex. systèmes à transmission capacitive ou inductive
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
A card (200) having processed areas includes a core layer (104), an antenna pattern (102) on the core layer, and one or more bump-out areas (110) of the antenna pattern having a threshold distance towards a process boundary, where the card passes a continuity test if a cutting or a punching or a milling process fails to create an open circuit at the bump-out areas. The card fails a continuity test if the cutting or the punching or the milling processes creates the open circuit at the bump-out areas.
A data carrier (1) for a secure article (100) comprises at least one electronic module (2) comprising at least one module antenna (3), at least one booster antenna (4), and at least one light emitting device (5). The electronic module (2) is configured to communicate with a remote device being arranged remotely from the data carrier (1) via the module antenna (3). The booster antenna (4) is configured to communicate with the remote device in a wireless manner. The booster antenna (4) is further configured to power the module antenna (3) upon its communication with the remote device. The booster antenna (4) is configured to power the light emitting device (5) upon its communication with the remote device.
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one first antenna (3), at least one second antenna (4), and at least one light emitting device (5). The first antenna (3) is coupled to the electronic module (2). The first antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1). The electronic module (2) is configured to communicate with the remote device via the first antenna (3). The second antenna (4) is configured to communicate with the remote device, and wherein the second antenna (4) powers the light emitting device (5) upon a communication of the second antenna (4) with the remote device.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
98.
LED OR OLED CAPACITANCE ANTENNA FOR SMALL FORM FACTORS
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one antenna (3), and at least one light emitting device (4). The antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1) in a wireless manner. The electronic module (2) is configured to communicate with the remote device via the antenna (3). The antenna (3) is configured to power the electronic module (2) and the light emitting device (4) upon its communication with the remote device.
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
99.
SYSTEM AND METHOD OF UNVEILING HIGH-RESOLUTION VISIBLE FACE IMAGES FROM LOW-RESOLUTION FACE IMAGES
INRIA - INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE (France)
Inventeur(s)
Anghelone, David
Lannes, Sarah
Dantcheva, Antitza
Abrégé
The present invention provides a method or system of unveiling high-resolution visible face images from any low-resolution thermal face images can include inputting any number of thermal face images as an input through a generative adversarial network to perform spectrum translation of the low-resolution thermal face images to a number of high-resolution visible face images, training the generative adversarial network with at least a reference high resolution image, adapting or training the generative adversarial network for one or more among L1 loss, perceptual loss, and identity loss, and generating a high-resolution visible face image from any low-resolution thermal face images provided as an input to the generative adversarial network. In some embodiments, the method further adapts the generative adversarial network by further adapting or training for one or more among attribute loss and local loss. In some embodiments, the method simultaneously adapts for one or more of L1 loss, perceptual loss, identity loss, attribute loss and local loss.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
100.
PROCESSOR AND METHOD FOR MODIFYING PROCESSOR BEHAVIOR BASED ON MEMORY ATTRIBUTES AND INSTRUCTION TYPE
A central processing unit and method for modifying its behavior and controlling access to a memory (120) having a plurality of memory locations for storing data values can include address range storage (170) for storing information identifying address ranges for a plurality of regions within the memory, and attribute storage (185) for storing, for each region, attributes where the attributes are linked to security, safety, or functionality during a program execution. The central processing unit further includes configuration logic (150) for configuring addresses and attribute of memory regions during the program execution and one or more execution logic units (150) associating attributes (and optionally metadata) to data processed by the central processing unit when data is accessed by the central processing unit and modifying instruction behaviors based on an instruction type and the attributes associated with the data being processed.
G06F 21/78 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données
brevets
