Provided is a method for non-repudiable endorsement of a private attestation. The method includes receiving an attestation from a Private Attribute Provider responsive to a request from a user declaring the attestation, securely binding pivotal attributes in the Attestation selected by the user once authenticated to an Issuing Authority, and securely binding the user to the attestation by way of their connected device. The method produces an endorsed attestation that includes signed server proof. This is provided by the user through their connected device to a service provider for receiving a service otherwise requiring third party trusted proof. Other embodiments are disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The present invention provides a biometric enrollment apparatus for associating biometric data to a user identity, the apparatus comprising: - a first capturing module comprising at least one biometric data capturing device; - a second capturing module comprising at least one biometric data capturing device, the biometric data of this second capturing module being of the same kind as the biometric data of the first capturing module; - a data processing module configured to ○ receive biometric data from the first capturing module, ○ receive biometric data from the second capturing module, ○ authenticating locally the biometric data from the second capturing module against the data received from the first capturing module, outputting an authentication score; wherein, only if the authentication score is above a pre-defined score, the data processing module associates the biometric data from the first capturing module to the user identity.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p. ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06V 10/98 - Détection ou correction d’erreurs, p. ex. en effectuant une deuxième exploration du motif ou par intervention humaineÉvaluation de la qualité des motifs acquis
G06V 40/50 - Traitement de données biométriques ou leur maintenance
G06V 10/80 - Fusion, c.-à-d. combinaison des données de diverses sources au niveau du capteur, du prétraitement, de l’extraction des caractéristiques ou de la classification
G06V 40/18 - Caractéristiques de l’œil, p. ex. de l’iris
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
3.
SYSTEM AND METHOD FOR INDEXING A HUMAN FINGERPRINT IMAGE
The invention relates to a method of indexing a human fingerprint image. The method of the invention comprises the steps of defining a plurality of classes, each class corresponding to a local pattern of a fingerprint; building a ground truth by allowing a machine learning model to determine the inference probability to each class for acquired fingerprint images; inputting an original fingerprint image; assigning by the machine learning model to the original fingerprint image a multi-dimensional vector according to the inference probability determined for each class based on the ground-truth; generating an indexing key from the multi-dimensional vector of the original fingerprint; and indexing the fingerprint indexing key, the indexing comprising multi-stage checks including both exclusive and continuous classification checks.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
The present invention relates to a method for securing against supervised side-channel attacks a secret data stored as at least one N-bit machine word and used in a sensitive operation to be executed by a processing device among a plurality of processing devices having M-bit words architectures, with M and N integers and N < M, wherein a pool of constant values is associated to each processing device of said plurality of processing devices, each pool of constant values associated to a processing device being different than the pool of constant values associated to the other processing devices of the plurality of processing devices, said method being performed by a processor of a first processing device among said plurality of processing devices and comprising: - for each N-bit machine word of said secret data: encoding and storing in a memory of said first processing device, said N-bit machine word as a M- bit machine word comprising said N bits of said N-bit machine word and a constant value selected from said pool of constant values associated to the first processing device (S1), - executing said sensitive operation using said secret data M-bit machine words stored in said memory (S2).
The invention provides a presentation attack detection method comprising the steps of: - receiving (801) at least one thermal image from a thermal camera; - determining (802) whether a face of a target person is detected in the thermal image or not; - if the face of the target person is detected in the thermal image, performing (806) a domain translation based on the thermal image to obtain an image in a second spectral domain, the second spectral domain being distinct form a thermal domain; - determining (807) a first category indicating whether the target person is live or spoof, based on the image in the second spectral domain; - determining (808) a final decision representative of the liveness of the target person, based on the determined first category and/or based on whether the face of the target person is detected in the thermal image.
G06V 40/40 - Détection d’usurpation, p. ex. détection d’activité
G06V 10/143 - Détection ou éclairage à des longueurs d’onde différentes
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
6.
A SYNCHRONOUS CODE EXECUTION FOR ENHANCED PERFORMANCE AND SECURITY MEASURES PROTECTING DIGITAL SECURITY DEVICES
Provided is a method and device for protecting a computerized digital security device against side-channel, fault injection, and timing attacks, the method comprising identifying asynchronous tasks to be performed by the computerized digital security device by placing identified asynchronous tasks in an asynchronous task queue; and executing a first application, including non-linearizing execution of the application by selecting at least one task from the asynchronous task queue, executing the selected at least one task, removing the selected at least one task from the asynchronous task queue. Other embodiments disclosed.
The invention concerns a method for activating a subscription by a first secure element embedded or integrated in a first device (1), the subscription being called second subscription and being installed in a second secure element embedded or integrated in a second device (2), the method comprising: - sending an activation command from the first secure element to the second secure element, through a short range channel, after having performed a mutual authentication between the first and second secure elements; - sending from the second secure element to the first secure element an acknowledgment message through the short range channel, if the second secure element receives the activation command from the first secure element; - deactivating the subscription, called first subscription, in the first secure element upon receiving the acknowledgment message; - sending from the first secure element to the second secure element a transfer acknowledgment message through the short range channel; - activating the second subscription in the second secure element upon receiving the transfer acknowledgment message.
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 12/45 - Dispositions de sécurité utilisant des modules d’identité utilisant des modules multiples d’identité
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 4/80 - Services utilisant la communication de courte portée, p. ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
Securing of Internet of Things (IoT) devices by compiling IoT applications against diversified virtual machines. IoT protection sets are defined and assigned diversification parameters. A virtual machine is diversified using the assigned parameters. An IoT application is diversified against the diversified virtual machine to be solely executable by the diversified virtual machines by applying the diversification parameters associated with the virtual machines, respectively. Loading diversified object programs for the diversified IoT applications and diversified virtual machines corresponding to respective IoT devices associated with the protection sets.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p. ex. par masquage
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
9.
A SYSTEM AND METHOD FOR ACTIVATING A PROFILE OF A CONNECTED DEVICE
A method for activating a profile of a connected device of a user is disclosed. The method includes transmitting, by the service provider, a resource address to the user; accessing, by the connected device, the resource address; launching, by the connected device, an application; downloading to the mobile device, by the application, a profile; and activating on the mobile device, by the application, the profile.
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 4/50 - Fourniture de services ou reconfiguration de services
H04W 8/20 - Transfert de données utilisateur ou abonné
H04W 8/18 - Traitement de données utilisateur ou abonné, p. ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateurTransfert de données utilisateur ou abonné
H04W 36/00 - Dispositions pour le transfert ou la resélection
10.
A METHOD FOR REPLACING BY A HPLMN OR A USER EQUIPMENT A SET OF URSP RULES USED BY SAID USER EQUIPMENT AND CORRESPONDING SECURE ELEMENT
A method for replacing by a HPLMN or a user equipment a set of URSP rules used by the user equipment communicating with a MNO network, the set of URSP rules being called current set of URSP rules, by another set of URSP rules, called new set of URSP rules, the user equipment cooperating with a secure element, the method including storing in the secure element a plurality of URSP rules; when the home network or the user equipment decides to switch from the current set of rules to the new set of rules, sending to the secure element a switching command comprising a list of selection criteria of the new set of URSP rules; replacing in the secure element the current set of URSP rules by the new set of URSP rules, and sending a refresh command.
Provided is a method for managing a card comprising a user output interface. The method comprises a control operation of the card for getting, by the card, a parameter which can evolve dynamically during card lifespan, generating, by the card, a decision which may be positive or negative by executing a preset function applied to said parameter, and, only if said decision is positive, identifying, by the card, a message and notifying a user of the card directly through the user output interface that the card has the message to deliver to the user. Other embodiments disclosed.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
12.
METHOD TO STORE DATA PERSISTENTLY BY A SOFTWARE PAYLOAD
A method to store data persistently by a payload of an owner, the method including establishing a secure channel between the owner and the software payload itself when running into a hardware-based trusted executed environment, HW TEE, at the instance of a cloud service provider; generating, by the owner, a payload identifier using information shared from the payload during the establishment of the secure channel; generating, by the owner, a key initiator and persistently storing at the owner side the key initiator associated to the payload identifier; sending, by the owner, the payload identifier and the key initiator to the payload; using the key initiator, by the payload, to encrypt data; and persistently storing, by the payload, the encrypted data and the payload identifier.
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
Provided is a data carrier of significantly improved level of security that introduces only a minor modification into their manufacturing process. Other embodiments disclosed. In a first aspect a data carrier is provided, wherein the data carrier comprises at least one carrier body, at least one printing layer, at least one marking layer, and at least one security element. The carrier body comprises a top surface, wherein the printing layer is arranged on the top surface of the carrier body. The printing layer and the marking layer are arranged at least partially above one another with respect to an extension direction. The marking layer is configured to interact with impinging electromagnetic radiation such, that a marking element is generated in the marking layer upon the irradiation of electromagnetic radiation.
Provided is a secure execution of a first instruction by processing means of an electronic system, comprising fetching (S1) said first instruction in an execution pipeline of the processing means, determining (S2) that said first instruction to be executed is an instruction sensitive to a determined attack, selecting (S3), based on said determined attack, from an internal memory of said processing means, at least one second instruction, which, when executed by the processing means, causes the processing means to perform a combination of said first function and a dedicated security countermeasure against said determined attack, and executing (S4) said selected second instructions instead of said first instruction.
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
Method to establish a secure channel between the party of a software payload and the software payload itself when running into a hardware-based trusted execution environment, HW TEE, at the instance of a cloud service provider, including sending, by the party, a nonce to the software payload; generating, by the software payload, a payload key pair: public key and private key; mixing, by the software payload, the payload public key with the nonce; computing, by the HW TEE, an attestation using this nonce mixed with the payload public key; sending, by the software payload, the attestation, and the payload public key to the party; verifying, by the party, the attestation using the sent nonce mixed with the received payload public key; generating, by the software payload and the party, a session key; and establishing a secure channel between the party and the software payload running into the HW TEE.
H04L 9/14 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité utilisant plusieurs clés ou algorithmes
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
16.
METHOD FOR CONSTRUCTING A LIMITED-USE KEY REQUIRED FOR A FINANCIAL TRANSACTION
The invention is a method for constructing a limited-use key (80) required by a payment application (10) hosted in a portable device (30) and able to perform a financial transaction for an amount. The payment application is able to construct the limited-use key in two distinct ways, the first way and the second way. During the financial transaction the payment application or a payment terminal coupled to the portable device determines that the financial transaction is a High Value Transaction (HVT) if said amount is higher than a preset threshold and considers that the financial transaction is a Low Value Transaction (LVT) in the opposite case. Then the payment application constructs the limited-use key (80) either by said first way only in case of High Value Transaction or by said second way only in case of Low Value Transaction.
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
17.
REMOVABLE SECURE ELEMENT HAVING IMPERSONATION PROTECTION
The present invention relates to a removable secure element having a memory to store at least a universal user identifier, a security context, a list of mobile equipment identifiers in which the removable secure element was previously inserted, said removable secure element being dedicated to be inserted in a mobile equipment compliant with plastic roaming connecting and authenticating automatically the mobile equipment to a serving network using the security context stored in the removable secure element as soon as the universal user identifier stored in the removable secure element is the same as the one associated to the security context on the serving network side, said removable secure element further having an application to monitor an identifier of a mobile equipment in which the removable secure element is inserted, said application implementing a retrieval of the identifier of the mobile equipment in which the removable secure element is inserted, a check of the presence of the retrieved identifier in the stored list of mobile equipment identifiers as stored, and, if the retrieved identifier is present in the list, a deletion of the security context as stored.
H04W 12/48 - Dispositions de sécurité utilisant des modules d’identité utilisant la liaison sécurisée, p. ex. liant de manière sécurisée les modules d'identité aux dispositifs, aux services ou aux applications
H04W 12/126 - Dispositions antivol, p. ex. protection contre le clonage de module d’identité d’abonné [SIM]
The present invention relates to a method for securely verifying a candidate password value derived from user credentials against a reference password value dedicated to a client application on a client device storing a try counter, said method being performed by the client application of the client device, said client device comprising : a secure hardware component storing a current cryptographic key pair comprising a current public cryptographic key and a current private cryptographic key specific to the client device, a first application memory storing a current try counter value of said try counter, and a second application memory storing a current signature of a try counter value with a private cryptographic key of a cryptographic key pair, and said method comprising : - a) verifying (S1) the current try counter value stored in the first application memory and, - b) verifying (S2) that the current signature stored in the second application memory of the client device is a valid signature of the current try counter value stored in the first application memory using the current public cryptographic key of the current cryptographic key pair stored in said secure hardware component, - c) when the verifications of the current signature and of the value of the try counter are successful: • generating (S31) a new current cryptographic key pair, • updating (S32) said current try counter value, • generating (S33) a new current signature of the updated current try counter value with the generated new current private cryptographic key of the generated new current cryptographic key pair, - d) verifying (S4) the candidate password value against said reference password value.
The present invention relates to an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) configured for monitoring side channel emissions of said secure processor, wherein: - the integrated sensor is electrically disconnected from the secure processor, - said secure processor is configured for performing a processing operation generating a specific side channel emission called trigger side channel emission, - said integrated sensor is configured such that monitoring said trigger side channel emission causes the integrated sensor to switch to an operation mode depending on said trigger side channel emission.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c.-à-d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
20.
METHOD FOR PROTECTING AGAINST SOFTWARE- BASED SIDE CHANNEL ATTACKS AN ELECTRONIC SYSTEM COMPRISING A SECURE PROCESSOR AND AN INTEGRATED SENSOR
The present invention relates to a method for protecting an electronic system (1) comprising a secure processor (102) and an integrated sensor (101) against software-based side channel attacks targeting said secure processor using said integrated sensor, said electronic system further comprising an untrusted processor (104), a sensor register (103) isolated from said untrusted processor for storing at least one output value of the integrated sensor, a blurring device (109) connected to the sensor register and configured for outputting at least one blurred sensor output value whose bits are at least partly blurred, and a memory mapped register (110) accessible by said untrusted processor and storing outputs of the blurring device, said method comprising: - measuring, by the integrated sensor, a physical quantity representative of an activity of the secure processor to obtain a sensor output value, - storing said sensor output value into said sensor register, - generating, by said blurring device, from said sensor output value stored in the sensor register, a blurred sensor output value wherein one or more bits of said blurred sensor output value are blurred according to a blurring device configuration, - storing said blurred sensor output value in said memory mapped register.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c.-à-d. avec au moins un mode sécurisé
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
21.
DATA CARRIER WITH SECURED SURFACE PERSONALIZATION ELEMENT
Provided is a data carrier that extends along an extension axis and comprises a carrier body having a top surface, at least one personalization element being arranged on the top surface of the carrier body, and at least one security element. The security element is at least partially arranged at least on and/or in a top surface of the personalization element and at least partially at least on and/or in the top surface of the carrier body and/or at least partially within the carrier body. Other embodiments disclosed.
The present invention relates to a method to create a digital twin in a virtual environment dedicated to be visually displayed in real world, said digital twin being a visual representation in the virtual environment of an entity identifiable in real world, said method comprising the steps of determining at least one parameter enabling to uniquely identify the identifiable entity represented by said digital twin, said parameter being besides stored in a secure database associating the parameter to the identifiable entity, generating a readable tag from said parameter, said readable tag being suitable to be read, in real world, from any kind of visualization of the virtual environment in real world, to retrieve the parameter and to identify the identifiable entity, inserting the readable tag in the visual representation in the virtual environment of the entity identifiable in real world, said virtual tag being permanently displayed in the virtual environment whatever is the position of the digital twin in the virtual environment.
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06Q 10/08 - Logistique, p. ex. entreposage, chargement ou distributionGestion d’inventaires ou de stocks
G06Q 50/00 - Technologies de l’information et de la communication [TIC] spécialement adaptées à la mise en œuvre des procédés d’affaires d’un secteur particulier d’activité économique, p. ex. aux services d’utilité publique ou au tourisme
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p. ex. forme, nature, code
23.
DYNAMIC SET-UP AND ENROLMENT OF A LOGICAL SECURE ELEMENT
The present invention relates to a physical secure element installed in a communication device, said physical secure element having an operating system having a supervisor adapted to create various execution environments, said supervisor being further configured to: - receive, from a specific application enrolment server managing a key ecosystem dedicated to the specific application, a command to create a Logical Secure Element, said command comprising enrolment data comprising at least a type of Logical Secure Element to be created for the specific application and a set of keys to be used for subsequent remote provisioning in relation with the Logical Secure Element to be created, - create a Logical Secure Element of the type requested in the command as an execution environment onboard the secure element.
A contactless electronic module for a data carrier comprises a substrate, at least one electronic chip, and at least one electrical connector. The electronic chip is arranged on the substrate, and the electrical connector is in connection with the electronic chip. The substrate is electrically non-conductive. Other embodiments disclosed.
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
G06K 19/02 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par l'utilisation de matériaux spécifiés, p. ex. pour éviter l'usure pendant le transport à travers la machine
Provided is a method for securely executing an application, wherein a memory space of said application comprises an execution enclave configured to access a memory of the second device storing sealed data obtained by a sealing enclave by sealing on a first device a predetermined message with a first hardware key associated to said first device based on a value depending on an identity of said sealing enclave, and comprising, performed by said execution enclave to verify that the second device is authorized to execute the application. Other embodiments disclosed.
G06F 21/51 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade du chargement de l’application, p. ex. en acceptant, en rejetant, en démarrant ou en inhibant un logiciel exécutable en fonction de l’intégrité ou de la fiabilité de la source
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
26.
METHOD OF SECURELY PERFORMING A PROCESSING OPERATION AND A FUNCTION IN THE HOMOMORPHIC DOMAIN
The present invention relates to a method of secure performing, by a system comprising a processing unit and a secure element and on request by a requesting device, at least one processing operation and a function whose execution by the processing unit in the homomorphic domain does not fulfill a predetermined criteria, said method comprising : -performing (S1), by said processing unit, said at least one processing operation, in the homomorphic domain, on data encrypted using a homomorphic encryption algorithm, to generate first ciphertexts, - determining (S2) by said processing unit that execution of said function taking as inputs said first ciphertexts is to be outsourced to said secure element, - sending (S3) to said secure element said generated first ciphertexts and said function, - decrypting (S4) said first ciphertexts into first cleartexts by said secure element, - applying (S5) said function to said first cleartexts by said secure element to generate a second cleartext.
Provided is a method of manufacturing a data carrier, in particular a smartcard, comprising steps for providing at least one carrier body, and providing at least one metallic foil. The method further comprises the step of providing at least one transferring element being at least temporarily in connection with the metallic foil. The metallic foil is transferred from the transferring element to the carrier body in a step of transferring. Other embodiments disclosed.
Provided is a data carrier that comprises at least one carrier body, at least one electronic module, at least one antenna, and at least one metallic layer. The electronic module is at least partially arranged in the carrier body. The antenna is in connection with the electronic module. The metallic layer comprises at least one recess, and the antenna comprises an electrically conducting wire that is at least partially arranged in the recess. At least part of the metallic layer is part of the antenna. Other embodiments disclosed.
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
29.
METHOD FOR ENROLLMENT OF A BIOMETRIC REFERENCE IN A PORTABLE DEVICE
The invention is a method for enrollment of a reference (51) in a portable device (10) embedding a biometric sensor (14) in which a first phase includes the following step executed for a plurality of transactions with one or more terminals (20): - during each current transaction of said plurality of transactions, capturing a candidate biometric data (60) from a subject identifier of a user (50), assigning an indicator (58) to the candidate biometric data (60), said indicator allowing to determine if the user was successfully authenticated during said current transaction and storing the candidate biometric data and said assigned indicator in the portable device; and in that the method comprises a second phase, in which, upon detection of an event, the portable device identifies a list of candidate biometric data whose assigned indicator reflects a successful authentication of the user, and builds the reference using only said list.
G06F 21/32 - Authentification de l’utilisateur par données biométriques, p. ex. empreintes digitales, balayages de l’iris ou empreintes vocales
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
Provided is a method for managing a till e-receipt during a payment transaction involving an Electronic Cash Register and a smart card. The method comprises the steps of: sending a URL from the Electronic Cash Register to the smart card, receiving by the Electronic Cash Register a card identifier which has been permanently allocated to the smart card, sending the card identifier and the till e-receipt from the Electronic Cash Register to a first server, and uniquely associating said card identifier and till e-receipt to the URL, such that the e-receipt can be subsequently retrieved by connecting to the URL. Other embodiments disclosed.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
31.
SECURITY DEVICE FOR SECURING AN ARTICLE SUCH AS A PASSPORT
Provided is a security device for securing a substrate comprises at least one connection device, and at least one output device. The security device is configured to be connected to the substrate via the connection device. The output device is configured to emit at least one output signal. The output signal is outputted to an outside of the security device when the connection device and the output device are coupled to one another. A change in the coupling between the connection device and the output device results in a change in the output signal or in an absence of the output signal, and wherein the change in the output signal or the absence of the output signal is indicative of a manipulation of the security device and/or of the substrate. Other embodiments disclosed.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
A data carrier (1) for a secure article such as a passport comprises a carrier body (2) and at least one security element (3) being provided on the carrier body (2). The security element (3) comprises at least one image (4) being printed on at least one surface structure (5) extending along an extension direction (E). The image (4) comprises at least one primary image (6) and at least one secondary image (7) being encoded in the primary image (6). The surface structure (5) is configured to decode the secondary image (7) when the data carrier (1) is viewed under different viewing angles and/or illuminated under different illumination angles, whereby the secondary image (7) becomes observable.
A METHOD FOR INDICATING TO A READER OF AN EMBEDDED SECURE ELEMENT THAT THE EMBEDDED SECURE ELEMENT HAS DATA TO BE TRANSMITTED TO THE READER THROUGH A SPI BUS, CORRESPONDING EMBEDDED SECURE ELEMENT AND READER
The present invention concerns a method for indicating to a reader (10) of an embedded secure element (11) that the embedded secure element (11) has data to be transmitted to the reader (10) through a SPI bus, Serial Peripheral Interface, the reader (10) and the embedded secure element (11) being comprised in a device, the SPI bus comprising: - a CSN line, Chip/slave select; - a CLK line, Serial Clock; - a MOSI line, Master Out Slave In; - a MISO line, Master In Slave Out; - a SPI RST line, Reset, not directly part of the SPI bus but adding a hardware way to reset the SPI bus, the method comprising sending from the embedded secure element (11) to the reader (10) on the SPI RST line a signal for indicating that the embedded secure element (11) has data to transmit to the reader (10), in order that the reader (10) fetches data stored in the embedded secure element (11).
G06F 1/24 - Moyens pour la remise à l'état initial
G06F 13/24 - Gestion de demandes d'interconnexion ou de transfert pour l'accès au bus d'entrée/sortie utilisant l'interruption
G06F 13/42 - Protocole de transfert pour bus, p. ex. liaisonSynchronisation
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p. ex. les dispositifs connectés à un bus ou les dispositifs en ligne
Provided is a digital Virtual Function ID Wallet (VFIDW) (150) containing a Verifiable Identity Document (VID) (131), an Identifier (161), and Verifiable Credentials (VC) (141) and keys pairs (171) associated with a workload (151) of a Virtual Function (VF) instance of a VF to be executed and trusted The VFIDW (150) along with an Identity Agent (120) provide an identity presentation by way of a VID presentation to a Relying Party (160) to enable trust with the VF for the workload (151), by adding relevant attributes from the VFIDW (150) described in security policies that prove identity and correct instantiation of the workload (151) of the VF instance. Other embodiments disclosed.
A secure device for securing an article that includes at least one connection element, at least one data carrier, and at least one security element. The connection element is configured to be connected to the article, and the data carrier is in connection with the connection element and is configured to be connected to the article via the connection element. The connection element is configured to interact with impinging electromagnetic radiation such, that at least one marking element is generated in the connection element upon the impingement of the electromagnetic radiation. The data carrier is configured to interact with impinging electromagnetic radiation such, that at least one further marking element is generated in the data carrier upon the impingement of the electromagnetic radiation. The security element comprises or consists of the marking element of the connection element and of the further marking element of the data carrier.
The disclosure proposes a method for switching from a first subscription of a first telecommunication network operator to a second subscription of a second telecommunication network operator on a plurality of smart cards, the method comprising, for each smart card pre-provisioning the smart card with a batch of secret keys at the level of a personalization factory; thanks to a first input file transmitted by the first telecommunication network operator to the personalization factory, generating at the personalization factory an output file comprising a first secret key selected in the batch, a corresponding first IMSI and a first ciphered operator code; transmitting the output file to the first telecommunication network operator; and transmitting OTA keys and the first IMSI to an OTA server of a service provider managing the smart card in order to attach the smart card to the first telecommunication network.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
37.
A METHOD FOR SELECTING A VIRTUAL CARD AMONG TWO VIRTUAL CARDS COMPRISED IN A SECURE ELEMENT COOPERATING WITH A TERMINAL AND CORRESPONDING SECURE ELEMENT
The invention concerns a method for selecting a virtual card among two virtual cards comprised in a secure element cooperating with a terminal, a first of the virtual cards being compliant with ISO 14443-3 and the second virtual card being compliant with ISO 14443-3 and ISO 14443-4, the secure element communicating with a NFC, Near Field Communication, reader through a CLF, Contactless Frontend, comprised in the terminal, the method comprising: - activating the first and second virtual cards by the secure element; - provisioning by the secure element the CLF with the UID, Unique Identifier, of the first virtual card; - provisioning by the secure element the CLF with the default parameters of the second virtual card, according to Amendment C of GlobalPlatform Card Specification and ETSI 102.613; - if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 but not compliant with ISO 14443-4, switching the CLF to the UID of the first virtual card, in order to establish a communication between the first virtual card and the NFC reader; if the CLF detects that the communication protocol used by the NFC reader is compliant with ISO 1443-3 and compliant with ISO 14443-4, keeping the default parameters of the second virtual card in the CLF, in order to establish a communication between the second virtual card and the NFC reader.
The present invention relates to a method for securing a trained neural network against adversarial attacks in a computer system, wherein said neural network comprises an input layer, hidden layers and an output layer whose parameters are subject to training and is defined by structural elements of the neural network, comprising functions and structural parameters, which are not subject to training, the method comprising : - programming the computer system with the trained neural network, - presenting, by the computer system, a test sample to the trained neural network, - selecting a value, for said test sample, of at least one of said structural elements based on input or output values of a layer of the trained network, - updating said trained neural network by applying said selected value of at least one of said structural elements to the trained neural network, - evaluating an output of said updated trained neural network for said test sample.
The present invention relates to an infrastructure for remote profile provisioning (RSP) comprising secure elements to be provisioned, a subscription manager adapted to prepare data to be routed to secure elements to be provisioned and a ledger storing keys. Secure elements have at least an identifier, a pre-stored key corresponding to one stored in the ledger and pre- stored generic profile elements as defined in an RSP template, at least one profile element necessitating credentials for the secure element to have an operational profile. Said subscription manager is adapted to receive a request for profile provisioning comprising a secure element identifier, to retrieve a key associated to the received identifier from the ledger, to retrieve credentials to be pushed in the secure element having the received identifier, to encode the retrieved credentials using the retrieved key, to route the encoded credentials to the secure element for the secure element to decode the credentials using the pre-stored key and to complete the pre-stored profile element of the template to have an operational profile.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04W 12/03 - Protection de la confidentialité, p. ex. par chiffrement
H04W 12/30 - Sécurité des dispositifs mobilesSécurité des applications mobiles
H04W 12/40 - Dispositions de sécurité utilisant des modules d’identité
Provided is a method for generating a signed container image from a base container image comprising a plurality of container image layers, and for pushing said signed container image to an image registry of a container hosting environment. The environment comprises a pipeline server of an image provider, a master node configured for acting as orchestrator and a plurality of worker nodes configured for running a container instantiating said signed container image after pulling said signed container image from said image registry. The pipeline server generates a signed container image by adding a first layer and a second layer to said base container image, said first layer comprising a manifest of said base container image and said second layer comprising a digital signature of a digest of said manifest generated using a private key of said image provider, and pushing said signed container image to said image registry.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
41.
SYSTEM AND METHOD FOR ACTIVATION FLOW FOR ADMINISTRATION MANAGED FIDO AUTHENTICATORS
A method or system of activating an administrator managed Fast Identity Online (FIDO) authenticator can include requesting a provisioning of a FIDO authenticator in an enterprise system at an administrator level for use by an end user where the enterprise system includes a server. As part of the provisioning, the system can designate or mark the FIDO authenticator as pending activation by the end user, and restrict use of the FIDO authenticator until the end user follows an activation flow that includes confirmation of the end user identity and includes proof of possession of the FIDO authenticator. The system allows the administrator to deliver the FIDO authenticator or token that is designated or marked as awaiting activation. The end user can then activate the FIDO authenticator or token by proving their user identity and proving possession of the FIDO authenticator.
The present disclosure provides an ICC reader including a microcontroller configured to exchange data with an insertable ICC while the insertable ICC is inserted and powered, and with an end-user entity, an ICC connector configured to allow the exchange of data between the microcontroller and the inserted ICC, and an end-user entity interface connector configured to allow the exchange of data between the microcontroller and an end-user entity, wherein the ICC reader further includes an activatable 2-position built-in switch defining two states: a first state wherein the exchange of data between the microcontroller and the inserted ICC is allowed, and a second state wherein the exchange of data between the microcontroller and the inserted ICC is interrupted emulating an ICC withdrawal.
G06K 7/00 - Méthodes ou dispositions pour la lecture de supports d'enregistrement
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
43.
MULTI-DIRECTION AND ROTARY SELECTION DATA ENTRY ON A TOUCH SCREEN
Provided is a device (100), application (14) and method for multi-direction and rotary selection of individual data entry elements of an entry field (12) for entering data in a touchscreen (11). The application (14) detects a selection and visually overlays an alphanumeric short-list (107) of single symbols oriented along a directional vector. It detects a scrolling of the short-list responsive to fingertip sliding to-or-fro in a direction of the orientated short-list. As an example a PIN may be entered in this unique manner to unlock the touchscreen of a mobile device. Other embodiments are disclosed.
G06F 3/04883 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels pour l’entrée de données par calligraphie, p. ex. sous forme de gestes ou de texte
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
H04W 12/68 - Sécurité dépendant du contexte dépendant des gestes ou des comportements
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
H04W 12/37 - Gestion des politiques de sécurité pour des dispositifs mobiles ou pour le contrôle d’applications mobiles
G06F 3/04847 - Techniques d’interaction pour la commande des valeurs des paramètres, p. ex. interaction avec des règles ou des cadrans
44.
FINGERPRINT INDEXING USING CONVOLUTIONAL NEURAL NETWORK
The invention provides a method of filtering fingerprint candidates, the method being carried out by an indexing module arranged to access a Convolutional Neuronal Network, CNN configured to output at least one feature of an input image. The method comprises: - processing (204) an image representative of local information of a searched fingerprint, by the CNN to obtain at least one feature for the searched fingerprint; - retrieving (205) a candidate fingerprint in a database; - determining (206) whether at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint; - if the at least one feature of the retrieved candidate fingerprint matches with the at least one feature of the searched fingerprint, passing (207) the at least one candidate fingerprint to a matching module for further comparison between the candidate fingerprint and the searched fingerprint.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
G06V 10/771 - Sélection de caractéristiques, p. ex. sélection des caractéristiques représentatives à partir d’un espace multidimensionnel de caractéristiques
G06V 10/772 - Détermination de motifs de référence représentatifs, p. ex. motifs de valeurs moyennes ou déformantsGénération de dictionnaires
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
The invention is a method and a system for managing a batch (95) of hardware secure elements (20, 30) comprising a global certificate (22, 32) and their own local certificate (21, 31). Each secure element involved in an offline transaction, performs one or more checks based on the local and global certificates of the two secure elements so as to minimize the size of data exchanged between them.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
46.
METHOD TO CREATE BIOMETRICS FOR A DIGITAL TWIN/AVATAR IN METAVERSE
The present invention relates to a method to create biometrics for a digital twin/avatar to be used in a metaverse platform by a metaverse user, said method comprising the steps of: choosing attributes of the digital twin/avatar as appearing in the metaverse environment; retrieving biometrics of the user of the digital twin/avatar; calculating a digital twin/avatar biometrics as a cryptographic function of the retrieved biometrics and of the chosen digital twin/avatar' s attributes; storing the digital twin/avatar biometrics associated to the digital twin/avatar's attributes in a database of the metaverse platform.
Provided is a method for securing against side channel attacks. An elliptic curve cryptographic process comprises a multiple points multiplication operation using predetermined scalar values, Pi being points of an elliptic curve over a finite field defined by parameters (F, E, G, N) together with the point addition law where F is a field over which is defined the curve, E is an equation of the curve, G is a base point in E over F and N is the order of the base point G. The method comprises generating (S1) a masking value iRand, multiplicatively masking (S2) each predetermined scalar value di with said generated masking value iRand to obtain masked scalars di′, computing (S3) a masked multiple points multiplication operation result, and obtaining (S4) said multiple points multiplication operation result R by unmasking said masked multiple points multiplication operation result R′.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
48.
A METHOD FOR UPDATING APPLICATIONS INSTALLED IN A PLURALITY OF SECURE ELEMENTS COMPRISED IN A DEVICE
The invention proposes a method for updating applications, called previous applications, installed in a plurality of secure elements (30) comprised in a device, the method comprising sending over the air for each of the secure elements (30) a script comprising a new ELF version containing the latest version of the applications, from an update server to a system manager connected to the secure elements (30), wherein the script contains for each of the secure elements (30): - an entire AID of the new ELF version; - a partial AID identifying the previous application, the method comprising, for each of the secure elements (30): - for each secure element (30) and corresponding partial AID, loading the latest version of the application identified by the entire AID and executing the latest version of the application in each of the secure elements (30); - if the execution of at least one application fails, for each of the secure elements (30), restoring the previous application the entire AID for designing the application to be updated.
The disclosure concerns a method for preventing transmission of hidden information in a communication channel during a telecommunication terminal authentication phase including transmitting from a telecommunication terminal cooperating with a secure element to a visited PLMN a unique identifier of the secure element; generating at the visited PLMN a required information and sending the unique identifier and the required information to a home PLMN identified by a MCC/MNC in the unique identifier; generating a random value and computing a cryptographic value based on the random value and the required information; generating an authentication vector based on the cryptographic value and the long term key of the secure element, the long term key being associated to the unique identifier, and sending the authentication vector and the random value or only the authentication vector containing the random value instead of the cryptographic value to the visited PLMN.
Provided is a chip for managing a Physically Unclonable Function, PUF, and chip public key. The chip includes at least one PUF type element and at least one hardcoded key, and is configured to receive, from an entity, a request for getting a signed PUF chip public key certificate, generate, as a PUF chip private key, based on the request, a private key relating to the at least one PUF element, and determine, as a PUF chip public key, a public key relating to the at least one PUF element, generate, as a PUF chip public key certificate, a certificate relating to the PUF chip public key, and sign the PUF chip public key certificate using the hardcoded key. Other embodiments disclosed.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
51.
FACIAL RECOGNITION SYSTEM FOR ALLEVIATING AMBIENT LIGHT DURING IMAGE CAPTURE
The present invention provides a facial recognition system for alleviating ambient light during image capture, the system comprising: - a stereo camera configured to capture an image and send it to a face detection module, wherein the image comprises depth information of objects within the depth of field, - the face detection module configured to identify a face based on the depth information of the received image from the stereo camera, - an processing module configured to - split the image into a facial area and a non-facial area, wherein the facial area corresponds to the identified face region by the face detection module, and - outcome exposure adjustment factors for each area, these exposure adjustment factors being calculated based at least on a brightness values comparison of both facial and non-facial areas, - a dual-regional adjustment module configured to separately adjust the exposure of both the facial and non-facial areas according to the adjustment factors, and - a face matching module configure to verify or enroll person's face identity based on the exposure-adjusted facial area.
G06V 10/60 - Extraction de caractéristiques d’images ou de vidéos relative aux propriétés luminescentes, p. ex. utilisant un modèle de réflectance ou d’éclairage
G06V 10/94 - Architectures logicielles ou matérielles spécialement adaptées à la compréhension d’images ou de vidéos
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
G06V 40/50 - Traitement de données biométriques ou leur maintenance
G06V 10/14 - Caractéristiques optiques de l’appareil qui effectue l’acquisition ou des dispositifs d’éclairage
52.
SECURE COMPUTER-IMPLEMENTED METHOD FOR PREVENTING A RECOVERY OF EMBEDDED DATA WITHIN A NEURAL NETWORK MODEL
The invention relates to a secure computer-implemented method (1) for preventing a recovery of embedded data (d) within an neural network model (NN), said neural network model (NN) comprising a plurality of layers (L), each layer (L) having a related matrix of parameters (M) and being configured to receive at least one input tensor (t1), wherein said secure computed implemented method (1) comprises: - for at least one layer (L), permuting sets (s) of parameters (P) within its related matrix of parameters (M) so as to change their initial positions (p) in said matrix of parameters (M), - applying said matrix of permuted parameters (M') to the at least one input tensor (t1) so as to generate an output tensor (t2').
G06F 7/76 - Dispositions pour le réagencement, la permutation ou la sélection de données selon des règles prédéterminées, indépendamment du contenu des données
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
The present invention relates to a method method for optimizing the execution of the generation of a Crystals-Dilithium post-quantum digital signature a of a message M with a secret key sk. The digital signature generation comprising : • a) generating a masking vector y of polynomials with coefficients less than a second predetermined value y1, • b) computing a first vector of polynomials w = Ay, • c) determining a second vector of polynomials wl and a third vector of polynomials w0, • d) generating a challenge c based on the message and the second vector of polynomials w1, • e) performing rejection tests comprising testing if test vectors generated from said vectors, said challenge and said secret key fulfill predetermined conditions, and when said conditions are not fulfilled, restarting the signature generation from step a), else generating said signature, the steps a), b), c), d), and e) being repeated until the conditions are satisfied.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
54.
SYSTEM AND METHOD FOR SECURE TRANSFER OF BIOMETRIC TEMPLATES BETWEEN BIOMETRIC DEVICES
A system or method of authenticating a biometrically protected device without prior enrollment on that device can include one or more processors and memory where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations of receiving a biometric reading, obtaining an encrypted biometric template from a server if a biometric template is not locally stored on a biometrically protected device to compare with the biometric reading, decrypting the encrypted biometric template from the server in response to a password to provide a decrypted biometric template, storing the decrypted biometric template locally on the biometrically protected device, and authenticating the biometric reading when the decrypted biometric template matches the biometric reading. The encrypted biometric template was previously uploaded to the server via an alternate biometric device.
The present invention provides a method to reinforce the security of a conventional transaction performed by a Short-Range (SR) communication-enabled chip card, wherein the chip card is paired with at least one SR communication-enabled handset, the method comprising the steps of: initiating the conventional transaction between the chip card and a reader; wherein the method is characterized in that: sending, by the chip card, an authentication request to at least one of the at least one paired handsets over an established Short-Range (SR) communication channel; receiving, by a paired handset, the authentication request and computing an authentication result granting or refusing the transaction; sending, by the handset, an authentication response to the chip card over the established channel, the authentication response comprising the authentication result; and continuing or stopping, by the chip card, the conventional transaction with the reader depending on the authentication result.
H04W 12/63 - Sécurité dépendant du contexte dépendant de la localisationSécurité dépendant du contexte dépendant de la proximité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
56.
SYSTEM AND METHOD FOR SECURE TRANSFER OF BIOMETRIC TEMPLATES BETWEEN BIOMETRIC DEVICE
A system or method of authenticating a biometrically protected device without prior enrollment on that device can include one or more processors and memory where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations of receiving a biometric reading, obtaining an encrypted biometric template from a server if a biometric template is not locally stored on a biometrically protected device to compare with the biometric reading, decrypting the encrypted biometric template from the server in response to a password to provide a decrypted biometric template, storing the decrypted biometric template locally on the biometrically protected device, and authenticating the biometric reading when the decrypted biometric template matches the biometric reading. The encrypted biometric template was previously uploaded to the server via an alternate biometric device.
The invention is a method for secure entry of a code in a device (10) comprising a touch screen (18). The method comprises the following steps: displaying two or more streams (21,…,28) on the touch screen, each of said streams comprising its own plurality of symbols and scrolling in its own direction; detecting, by the device, a set comprising two or more of said symbols, each symbol of said set being specified by a user via a tap on the touch screen; and automatically building the code from the symbols of the set by applying a predefined rule.
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p. ex. claviers, souris ou commandes desdits claviers ou souris
58.
POSITIONING A COMMUNICATING USER EQUIPMENT WITHIN A NONTERRESTRIAL NETWORK USING A DILUTION OF PRECISION COMPUTED BY THE NETWORK
The present invention relates to a method for managing the determination of the positioning of a communicating user equipment having at least one non- geostationary satellite in view and appearing present at a network node, the method comprising the steps of, for an entity of the network: - determining a reference positioning of the user equipment; - computing at least one dilution-of-precision prediction computed as a function of ephemeris data of the satellite(s) concerned for at least one future instant and reference positioning of the user equipment; - comparing the dilution prediction with a maximum threshold; - reporting the determination of the non-accessible positioning in case of predicted dilution of precision greater than the maximum threshold; - otherwise, sending to the network node and to the user equipment instructions to perform a multi-round-trip time measurement procedure at the future instant.
G01S 5/00 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance
G01S 13/76 - Systèmes utilisant la reradiation d'ondes radio, p. ex. du type radar secondaireSystèmes analogues dans lesquels des signaux de type pulsé sont transmis
G01S 13/87 - Combinaisons de plusieurs systèmes radar, p. ex. d'un radar primaire et d'un radar secondaire
G01S 19/38 - Détermination d'une solution de navigation au moyen des signaux émis par un système de positionnement satellitaire à radiophares
G01S 7/00 - Détails des systèmes correspondant aux groupes , ,
G01S 5/02 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques
G01S 5/14 - Localisation par coordination de plusieurs déterminations de direction ou de ligne de positionLocalisation par coordination de plusieurs déterminations de distance utilisant les ondes radioélectriques déterminant des distances absolues à partir de plusieurs points espacés d'emplacement connu
H04W 64/00 - Localisation d'utilisateurs ou de terminaux pour la gestion du réseau, p. ex. gestion de la mobilité
The invention is a system for managing a financial transaction between a payment terminal and a card. Upon a first tap with the terminal, the card gets a transaction data from the terminal. The card comprises a parameter indicating whether a three-tap option is enabled and monitors the parameter during the first tap. If the card detects that the three-tap option is enabled: it records a first indicator indicating that the transaction is in progress; in response to a second tap with a personal device, the personal device gets a subset of the transaction data and the card records a second indicator indicating that the card sent the subset, the personal device provides a user with the subset, in response to a third tap with the payment terminal, the card uses said first and second indicators for performing a check specified by a security policy specifying that the transaction should be in progress and the subset should have been. In case of successful check, the card continues treatments required by the transaction or rejects the transaction in case of unsuccessful check.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
60.
SECURE ON-BOARDING OF PERSONAL ATTRIBUTES ON AN EXTERNAL ENTITY
The invention provides a method for on-boarding at least one personal attribute of a user to an external entity, the method comprising: - authenticating, by a token of the user, to an issuing system; - if the token is authenticated, computing by the issuing system the following steps: o retrieving the at least one personal attribute of the user; o generating a master key, and deriving out as many derived keys as personal attributes are retrieved; o encrypting each personal attribute with a respective derived key; - sending, by the issuing system, the master key to the token, the token storing the master key; and - sending, by the issuing system, the at least one encrypted personal attribute to the external entity, the external entity storing the set of at least one encrypted personal attribute of said user.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p. ex. clés électroniques ou cartes à puce intelligentes
G06F 21/43 - Authentification de l’utilisateur par des canaux séparés pour les données de sécurité par des canaux sans fil
61.
A METHOD FOR SECURING A CENTRAL PROCESSING UNIT PIPELINE
The invention relates to a method for securing a central processing unit pipeline. According to the invention, the method comprises the steps of providing an integrity pipeline supervisor (IPS) comprising a decoder and a checker; providing the integrity pipeline supervisor with the instruction of the computer program; allowing the decoder of the integrity pipeline supervisor to decode the instruction provided to the integrity pipeline supervisor in order to obtain the decoded instruction structure; providing the checker with the structure of the instruction decoded by the decoder of the integrity pipeline supervisor; providing the checker with the structure of the instruction decoded by the decoder of the central processing unit; allowing the checker to compare the structure of the instruction decoded by the decoder of the integrity pipeline supervisor and the structure of the instruction decoded by the decoder of the central processing unit; and allowing an alarm indicator to be triggered if, as a result of the comparison, the checker detects a discrepancy between the structures.
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 11/16 - Détection ou correction d'erreur dans une donnée par redondance dans le matériel
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 9/30 - Dispositions pour exécuter des instructions machines, p. ex. décodage d'instructions
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
A data carrier comprises at least one substrate layer and at least one processing layer. The substrate layer and the processing layer are arranged at least partially above one another with respect to an extension direction. The substrate layer is at least regionally transparent. The processing layer comprises pigments that are configured to change an appearance, in particular a translucency and/or an opacity and/or a glossiness and/or a colour, upon an irradiation of electromagnetic radiation.
The invention relates to an embedded characterization and measurement engine (CME1) for a virtual function (VF) within an infrastructure (I), wherein said embedded characterization and measurement engine (CME1) is configured to: - when the virtual function (VF) is instantiated within said infrastructure (I) and is running within said infrastructure (I), compute a fingerprint (F1) based on static characteristics (C1), said static characteristics (C1) being extracted from the whole or parts (P1) of the virtual function (VF), - perform a local attestation (A1) by comparing said fingerprint (F1) with an initial fingerprint (F0) or transmit said fingerprint (F1) to a distant verifier (V) for a remote attestation (A2), - if the fingerprint (F1) is different from said initial fingerprint (F0), sending a notification (N1, N2) to an external entity (E) for future action (Ac).
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
64.
SECURE END-TO-END PAIRING OF SECURE ELEMENT TO MOBILE DEVICE
Establishing a secure link on a second protocol between a secure element and a smart device via a link on a first protocol by establishing a link on the first protocol between the secure element and the smart device, and generating, by the secure element, a communication encryption key and associating a status with the encryption key and assigning the status a first level. Transmitting the key and the status of the key from the secure element to the smart device over the link on the first protocol. The secure element and the smart device are paired over the second protocol thereby establishing a second-protocol link. Transmitting a message encrypted using the key to the smart device over the second-protocol link. Upon verifying the cardholder as an authorized cardholder for the secure element, elevating the status of the communication encryption key from the first level to a second level.
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
H04W 12/47 - Dispositions de sécurité utilisant des modules d’identité utilisant la communication en champ proche [NFC] ou des modules d’identification par radiofréquence [RFID]
The present invention provides a smartcard configured to perform at least contactless transactions when powered by a terminal radiofrequency field, wherein the smartcard comprises: at least one touch sensor which activation is based on charge transfer, each of the at least one touch sensor comprising an electrode adapted to change its capacitance upon being touched by a human body part, a touch-sensing controller configured to measure the capacitance value of each of the at least one electrode and compared them with a reference value, wherein one of the at least one touch sensor is considered as being touched when the measured capacitance value is higher than the reference value.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G07F 7/08 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
G06F 3/044 - Numériseurs, p. ex. pour des écrans ou des pavés tactiles, caractérisés par les moyens de transduction par des moyens capacitifs
H03K 17/955 - Commutateurs de proximité utilisant un détecteur capacitif
The invention provides a method for on-boarding at least one personal attribute from a token to an external entity (200), the method comprising: - authenticating (204) the external entity by the token; - if the external entity is authenticated, computing (206) at least one shared session key by both the external entity and the token; - ciphering at least one personal attribute stored by the token based on the at least one shared session key; - on boarding the at least one personal attribute from the token to the by transferring (207) the ciphered at least one personal attribute to the external entity, on a communication link between the token and the external entity.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method for authenticating a device, comprising:
sending, from a user device to a server, a data request;
retrieving a predetermined encryption key;
generating and at least a random and a cryptogram using the encryption key and the random;
sending, to the or another user device, the cryptogram and the random, as a data request response;
extracting, from the data request response, the random and storing, at least in a temporary manner, the reference random;
sending, to at least the device, the cryptogram;
decrypting the cryptogram using a predetermined decryption key and obtaining a random;
sending, to the user device, the random;
verifying whether the received random matches or not the reference random; and
authenticating, only if yes, the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The invention provides a method for determining liveness of a target person comprising: obtaining (511; 512) a series of n frames from a sequence of frames acquired by a frame capture device, n being equal to or greater than 2, at least some of the frames representing the target person. The n frames are processed by a multi-branch convolutional neural network, by determining (514.1) a first partial score for the series of n frames, determining (514.2) a second partial score for the series of n frames and determining (515) a fusion score based on the first and second partial scores, said fusion score being representative of liveness of the target person. The first partial score is determined based on first features among local spatial features, on global spatial features or on temporal features, and wherein the second partial score is determined based on second features that are different from the first features.
The invention is a method for managing a batch of secure elements comprising their own temporary trust code. When a point-to-point transaction occurs between a first and a second secure elements (22, 23), of the batch, the first secure element computes a result of a one-way cryptographic function applied tothe temporary trust code stored in the first secure element, then sends to the second secure element a transaction message (30) comprising the result and a transaction data. Following receipt of the transaction message, the second secure element performs a temporary trust code control to verify whether the result has been computed using a temporary trust code equal to the temporary trust code stored in the second secure element. If the temporary trust code control is positive, the second secure element accepts the point-to-point transaction, else depending on a risk assessment performed by the second secure element, transaction is rejected or accepted.
G06Q 20/06 - Circuits privés de paiement, p. ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
70.
SECURE ONLINE AUTHENTICATION METHOD USING MOBILE ID DOCUMENT
Provided is a secure online authentication method of a user by a relying party using a mobile ID document uses a secret to consent to a retrieval of a dedicated data field, wherein an access token is generated, including a proof, which is used by the relying party to transmit an access request to the mobile document issuer, trading the token for an authentication document comprising the personal data related to the dedicated data field by the document issuer to the relying party, wherein the proof verification material is extracted from the authentication document and checked to access said personal data and accepting the online authentication of the user. Other embodiments disclosed.
Provided is a method for post-quantum resistant authentication of a service provider device to a user device, using a legacy certificate of said service provider device and a quantum safe cryptography (QSC) certificate of said service provider device. The method includes verifying by a trusted third party device, using said identifier of the legacy certificate comprised in the QSC certificate, a binding of said QSC certificate to the legacy certificate of the service provider device, and verifying a validity of said QSC certificate by said trusted third party device. The binding and validity have been successfully verified by the trusted third party device, authentication of the service provider device to said user device, using said legacy certificate of the service provider device from which can be obtained said identifier comprised in the QSC certificate whose validity has been verified.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/44 - Authentification de programme ou de dispositif
72.
A METHOD FOR GENERATING AN UNLINKED PROGRAM CODE TO BE TRANSFERRED FROM A SOURCE DEVICE TO A TARGET DEVICE
The present invention proposes a A method for generating an unlinked program code to be transferred from a source device to a target device, the source device comprising a program code linked to the device, called linked program code, the method comprising: - detecting bytes in the linked program code, the bytes belonging to a program to be transferred from the source device to the target device; - generating a Component, called Reverse Link Component, comprising bytes of the unlinked program code that have to be modified by the target device, by creating a linked program code, the bytes being concatenated in the Reverse Link Component in the order in which they are linked in the program code; - regenerating the unlinked program code to be transferred from the source device to the target device by using the Reverse Link Component, wherein the Reverse Link Component is created by: • using the Reference Location Component of a Cap file, the Reference Location Component indicating bytes of the Method Component to be linked, the bytes being ordered as they are linked in the Method Component, or • parsing the Method Component of a Cap file and detecting in the Method Component Javacard instructions preceding bytes to be linked.
This method for provisioning a user equipment with information of an end operator, the user equipment - UE - being equipped with an embedded universal integrated circuit card - eUICC - and with a radio module, is characterized by: deploying (205) a private mobile telephony network, connected to an IP network hosting a server storing said information; having an identifier management equipment of the private mobile telephony network dynamically assign (230) at least one temporary subscription identifier (IMSI) to the eUICC residing in the UE; connecting (240) the UE to the IP network via the private mobile telephony network using said at least one temporary subscription identifier; downloading (250) said information from the server; and disconnecting (260) the UE.
The present invention proposes a method for provisioning a user equipment 10 with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder 12 and a gNB/AMF or a eNB/MME, the method comprising: a) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a provisioning request; b) Establishing a PLS key between the user equipment 10 and the gNB/AMF or eNB/MME 11 thanks to Physical Layer Security; c) Sending from the user equipment 10 to the gNB/AMF or eNB/MME 11 a message comprising data permitting to identify the user of the user equipment and/or the user equipment 10, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; d) Sending from the gNB/AMF or eNB/MME 11 to the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; e) Verifying at the credentials holder 12 the data permitting to identify the user of the user equipment and/or the user equipment 10; f) If the verification is positive, allocating at the credentials holder 12 a unique subscription identifier to the user equipment 10 and generating corresponding keys and security parameters; g) Sending from the credentials holder 12 to the gNB/AMF or eNB/MME 11 the unique subscription identifier, the corresponding keys and the security parameters; h) Sending from the gNB/AMF or eNB/MME 11 to the user equipment 10 in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the corresponding keys and the security parameters, the credentials comprising the subscription identifier, the corresponding keys and the security parameters.
The invention proposes a A method for provisioning a user equipment (10) with credentials in a private telecommunication network, the private telecommunication network comprising a credentials holder and a gNB/AMF or a eNB/MME, the method comprising: a) Sending (40) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a provisioning request; b) Establishing (41) a PLS key between the user equipment (10) and the gNB/AMF or eNB/MME (11) thanks to Physical Layer Security; c) Generating (42) at the user equipment (10) a master key; d) Sending (43) from the user equipment (10) to the gNB/AMF or eNB/MME (11) a message comprising data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key, the message being protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key; e) Sending (44) from the gNB/AMF or eNB/MME (11) to the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10) and the master key; f) Verifying (45) at the credentials holder (12) the data permitting to identify the user of the user equipment (10) and/or the user equipment (10); g) If the verification is positive, allocating at the credentials holder (12) a unique subscription identifier to the user equipment (10) and generating corresponding keys, security parameters and a key derivation function; h) Sending (46) from the credentials holder (12) to the gNB/AMF or eNB/MME (11) the unique subscription identifier, the security parameters and the key derivation function; i) Sending (47) from the gNB/AMF or eNB/MME (11) to the user equipment (10) in a message protected in integrity and confidentiality by the PLS key or by keys derived from the PLS key the unique subscription identifier, the security parameters and the key derivation function; j) Generating (48) at the user equipment (10) final keys, the credentials comprising the unique subscription identifier, the security parameters and the final keys.
Provided is a method for controlling a smart card allocated to a user comprising the steps of establishing a wireless communication channel between the smart card and a portable apparatus; determining by the smart card that control of authentication of said user depends on the portable apparatus and requesting accordingly a permission data reflecting a specific right allocated to a function provided by the smart card; capturing an input data from a user through an interface embedded in the portable apparatus; performing, by the portable apparatus, an authentication of the user based on said input data; depending on a result of said authentication, identifying said permission data by the portable apparatus and sending the permission data to the smart card; and activating or deactivating said specific right in the smart card according to the permission data.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
Provided is a method for protecting a program in an integrated circuit product. The method includes creating one or more opcode blocs to respectively replace one or more original opcodes of said program, said opcode bloc comprising a number of fictional opcodes and the corresponding original opcode, said fictional opcodes being to be executed without taking into account their results and without impacting an expected result of said program, said number and a position of the original opcode in said opcode bloc being randomly determined by a random or pseudo random number generator of said integrated circuit product, and executing said one or more opcode blocs.
Provided is a card comprising an antenna connected to a chip, the card comprising: A central PVC core made of recycled PVC supporting the antenna; Two recycled PVC layers, a front side PVC layer and a back side PVC layer, each PVC layer being laminated on a side of the central PVC core, the front side PVC layer being laminated on the side of the PVC core supporting the antenna; Two transparent PET layers, a front side PET layer and a back side PET layer, the PET layers being glued on each of the recycled PVC layers, the front side PET layer being metalized by an aluminum foil; and Two PVC transparent overlays glued on each external face of the card.
The invention concerns a system for receiving by a gNB a location information sent by a GNSS chipset comprised in a mobile equipment, the location information being part of a signalling message as part of an initial access procedure, before network dedicated signaling ciphering setup procedure occurs, the GNSS chipset returning to the mobile equipment the location information concealed by a crypto scheme that does not need any diversification from one chipset to another, the concealed location information being de-concealed by a deciphering server at the level of the gNB by a reversed crypto scheme that does not need any diversification from one chipset to another for sending the location information in clear to a dedicated 5G core network, the dedicated 5G core network being the one able to handle a communication with the mobile equipment.
The present invention relates to a method for securing against physical or logical attacks a software code comprising a first sequence of instructions performing, when executed by an execution device, a function declaring a plurality of local variables to allocate a memory space of a memory stack to each local variable, said method being performed by a first processor of a securing device and comprising the steps of: - identifying (S1 ) said plurality of local variables allocated in said function, - generating (S2) in the software code a second sequence of instructions, which, when executed at runtime by a second processor of said execution device, at each call of the function after said local variables have been declared : • determines (E1) randomly a permutation P, •shuffles (E2) the locations of the memory spaces allocated in said memory stack to said identified local variables by applying to them said determined permutation.
G06F 21/14 - Protection des logiciels exécutables contre l’analyse de logiciel ou l'ingénierie inverse, p. ex. par masquage
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/75 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information par inhibition de l’analyse de circuit ou du fonctionnement, p. ex. pour empêcher l'ingénierie inverse
81.
CONNECTIVITY MANAGEMENT IN DEVICES COMPLIANT WITH SEVERAL TECHNOLOGIES
The present invention relates to a method to manage connectivity of a device having a native air interface enabling the device to connect to several networks of different technologies. The device, before entering in power saving mode, determines a technology to be used on the native air interface for subsequent power saving mode period, register at a central node active in relation with wake-up management nodes of the different technologies to centralize all wake-up triggers from the different technologies, said registration comprising an indication of the determined technology. The device, once entered in power saving mode, keeps active only the determined technology on the native air interface, and, for all wake-up triggers, is paged by the network using the determined technology on the native air interface.
The invention concerns a method for the relink of software components installed on a device being updated, the device comprising a CAP file, the method comprising creating a CAP file component, called Link Component (30), the Link Component (30) comprising a proprietary Constant Pool part (31), built by using the original Constant Pool component of the CAP file, and a proprietary Reference Location part (32), built by using the original Reference Location Component and the original Method Component of the CAP file.
The present invention relates to a method of securing a java software code to be run by a Java Virtual Machine comprising at least one call to a native method of a native language library, using a unique entry point, called JNI_OnLoad entry point as an interface between the java software code and the native language library and configured to register, to the Java Virtual Machine, native methods of the native language library, said method generating a secure native language library and comprising performed by a processor : - defining (S1) in the native language library a method, called JNI_OnLoad method, which when executed at runtime, when the native language library is loaded by the Java Virtual Machine, is configured for registering useless native methods of the native language library, - inserting (S2) in the native language library calls to a plurality of constructors, one of them being configured to trigger a thread, called zJNI thread, which is configured for, when executed at runtime, unregistering said useless native methods and registering said at least one native method of the native language library to be called by the java software code.
The invention concerns a method for recycling a smart card comprising the steps of: - inserting the smart card in a slot / card reader of an ATM (Automated Teller Machine), - requesting the recycling of the smart card, - conveying the smart cart to a punching platform of a card recycling device, said punching platform comprising a punch and an opening in alignment with said punch, - conveying at least part of the smart card to a recycling compartment.
G07F 19/00 - Systèmes bancaires completsDispositions à déclenchement par carte codée adaptées pour délivrer ou recevoir des espèces ou analogues et adresser de telles transactions à des comptes existants, p. ex. guichets automatiques
G06Q 10/30 - Administration du recyclage ou de l’élimination des produits
85.
A METHOD FOR GRANTING A USER ACCESS THROUGH A USER ACCESS DEVICE HOSTING A CLIENT APPLICATION TO A SERVICE COMING FROM A SET OF SERVICES OF A SERVER APPLICATION HOSTED BY A DISTANT SERVER
A method for granting a user access through a user access device hosting a client application to a service of a server application hosted by a server includes sending by a server application a user authentication request, a primary challenge, an URL, and a unique user identifier to a secure peripheral device hosting a device application, checking the user identity, building a flag using the result of a comparison between user data signals and the ones that have been stored during a user-device binding process, generating a primary response, sending the primary response to the server, verifying the validity of the primary response, and granting or denying the user access to the service.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
The invention is a method for providing a cardholder (50) with control over a payment instrument (10) wherein a payment instrument issuer stores a first set of security parameters in the payment instrument. During a customization phase, the cardholder configures and stores a second set (12) of security parameters in the payment instrument. During a transaction phase subsequent to the customization phase, a financial transaction starts with a terminal (20). The payment instrument checks which condition of the first set is satisfied by the transaction parameters received from the terminal and selects the security rule associated with the satisfied condition as a first selected security rule. The payment instrument checks which condition of the second set (12) is satisfied by the transaction parameters and selects the security rule associated with the satisfied condition as a second selected security rule and applies both said first and second selected security rules to the transaction.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
87.
OPTICAL VARIABLE ELEMENT BASED ON DIFFRACTIVE MOIRE PATTERNS
A personalized medium includes a core layer having at least a clear window or transparent portion, at least a first diffraction grating on an upper surface or a lower surface of the core layer, and a second diffraction grating on an opposing side of the core layer from the first diffraction grating, wherein the first and second diffraction gratings create a Moire pattern.
The invention concerns a method to allow traceability of USIM profile transfer from a source device 10 to a target device (11), the method comprising: - Performing (13) a mutual trust verification of the target device (11) by the source device (10) and vice versa; - Generating (14) a derivation data at the source device (10), the derivation data being verifiable by a remote server (12) connected to the home network of the source device (10); - Deriving (15) at the source device (10) a new long-term-key (K') from the source long term-key K of the source device (10) and the derivation data; - Generating (16) at the source device (10) a new USIM profile including the derived long-term-key K' and the derivation data; - Protecting (17) in confidentiality and integrity the new profile based on the target device (11')s public key in order to obtain an installation package; - Transferring 18 the installation package to the target device (11); - Deactivating (23) the source USIM profile at the source device (10) if the installation of the installation package at the target device (11) is successful; - Sending (25) from the target device (11) to the remote server (12) in a registration request as specified in 3GPP TS 23.501 at least its IMSI and the derivation data; - Retrieving (27) at the remote server (12) the source long term-key K of the source device (10) and the derivation data associated to the IMSI; - Verifying (28) the validity of the received derivation data based on subscription information associated to the IMSI by the remote server (12); - Deriving (29) a new long term-key K* from the source long-term key K and the received derivation data; - Performing (30) the authentication of the target device (11) based on K* and retrieved subscription data associated to the IMSI as specified in 3GPP TS 33.501; - If K* equals K', updating (32) at the home network its local subscriber information associated to the IMSI including the long-term-key associated to the IMSI with the new value of K*.
A media card (200 or 300) with an tunable inductive antenna pattern (203) includes an area (204) configured for receiving a wireless chip (306a, 306b, or 306d) operating at one of several given frequencies and an antenna with an antenna pattern printed on a core layer (202) and printed on the area configured for receiving the wireless chip, where the antenna pattern includes one or more selectable conductive extension segments (206a- 206g) In some embodiments, the one or more selectable conductive extension segments are selectively removed to tune the antenna for a frequency for the wireless chip operating at one of several given or predetermined frequencies.
H04B 5/00 - Systèmes de transmission en champ proche, p. ex. systèmes à transmission capacitive ou inductive
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
A card (200) having processed areas includes a core layer (104), an antenna pattern (102) on the core layer, and one or more bump-out areas (110) of the antenna pattern having a threshold distance towards a process boundary, where the card passes a continuity test if a cutting or a punching or a milling process fails to create an open circuit at the bump-out areas. The card fails a continuity test if the cutting or the punching or the milling processes creates the open circuit at the bump-out areas.
A data carrier (1) for a secure article (100) comprises at least one electronic module (2) comprising at least one module antenna (3), at least one booster antenna (4), and at least one light emitting device (5). The electronic module (2) is configured to communicate with a remote device being arranged remotely from the data carrier (1) via the module antenna (3). The booster antenna (4) is configured to communicate with the remote device in a wireless manner. The booster antenna (4) is further configured to power the module antenna (3) upon its communication with the remote device. The booster antenna (4) is configured to power the light emitting device (5) upon its communication with the remote device.
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one first antenna (3), at least one second antenna (4), and at least one light emitting device (5). The first antenna (3) is coupled to the electronic module (2). The first antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1). The electronic module (2) is configured to communicate with the remote device via the first antenna (3). The second antenna (4) is configured to communicate with the remote device, and wherein the second antenna (4) powers the light emitting device (5) upon a communication of the second antenna (4) with the remote device.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
93.
LED OR OLED CAPACITANCE ANTENNA FOR SMALL FORM FACTORS
A data carrier (1) for a secure article (100) comprises at least one electronic module (2), at least one antenna (3), and at least one light emitting device (4). The antenna (3) is configured to communicate with a remote device being arranged remotely from the data carrier (1) in a wireless manner. The electronic module (2) is configured to communicate with the remote device via the antenna (3). The antenna (3) is configured to power the electronic module (2) and the light emitting device (4) upon its communication with the remote device.
G06K 19/077 - Détails de structure, p. ex. montage de circuits dans le support
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p. ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
Provided is a data carrier (1) extending along an extension direction (E) comprises at least one first colour element (2), wherein the first colour element (2) exhibits an appearance under a first illumination and/or exhibits an appearance under a second illumination being different from the first illumination, at least one second colour element (3), wherein the second colour element (3) exhibits an appearance under the first illumination being different from the appearance of the first colour element (2) under the first illumination and/or exhibits an appearance under the second illumination that is different from the appearance of the first colour element (2) under the second illumination.
INRIA - INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE (France)
Inventeur(s)
Anghelone, David
Lannes, Sarah
Dantcheva, Antitza
Abrégé
The present invention provides a method or system of unveiling high-resolution visible face images from any low-resolution thermal face images can include inputting any number of thermal face images as an input through a generative adversarial network to perform spectrum translation of the low-resolution thermal face images to a number of high-resolution visible face images, training the generative adversarial network with at least a reference high resolution image, adapting or training the generative adversarial network for one or more among L1 loss, perceptual loss, and identity loss, and generating a high-resolution visible face image from any low-resolution thermal face images provided as an input to the generative adversarial network. In some embodiments, the method further adapts the generative adversarial network by further adapting or training for one or more among attribute loss and local loss. In some embodiments, the method simultaneously adapts for one or more of L1 loss, perceptual loss, identity loss, attribute loss and local loss.
G06V 10/44 - Extraction de caractéristiques locales par analyse des parties du motif, p. ex. par détection d’arêtes, de contours, de boucles, d’angles, de barres ou d’intersectionsAnalyse de connectivité, p. ex. de composantes connectées
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 40/16 - Visages humains, p. ex. parties du visage, croquis ou expressions
96.
PROCESSOR AND METHOD FOR MODIFYING PROCESSOR BEHAVIOR BASED ON MEMORY ATTRIBUTES AND INSTRUCTION TYPE
A central processing unit and method for modifying its behavior and controlling access to a memory (120) having a plurality of memory locations for storing data values can include address range storage (170) for storing information identifying address ranges for a plurality of regions within the memory, and attribute storage (185) for storing, for each region, attributes where the attributes are linked to security, safety, or functionality during a program execution. The central processing unit further includes configuration logic (150) for configuring addresses and attribute of memory regions during the program execution and one or more execution logic units (150) associating attributes (and optionally metadata) to data processed by the central processing unit when data is accessed by the central processing unit and modifying instruction behaviors based on an instruction type and the attributes associated with the data being processed.
G06F 21/78 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du stockage de données
97.
SECURITY MEASURES PROTECTING DIGITAL SECURITY DEVICES WHEN PERFORMING CRYPTOGRAPHIC OPERATIONS
Enhancement of security of a computerized digital security device against horizontal side-channel analysis attacks randomizes sequences of actual operations and dummy operations. Depending on a value of a random value, the performing a first sequence in which a dummy operation precedes an actual operation or a second sequence in which a dummy operation follows an actual operation thereby obfuscating a value of a secret being manipulated by the computerized digital security device.
G06F 7/72 - Méthodes ou dispositions pour effectuer des calculs en utilisant une représentation numérique non codée, c.-à-d. une représentation de nombres sans baseDispositifs de calcul utilisant une combinaison de représentations de nombres codées et non codées utilisant l'arithmétique des résidus
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
98.
METHOD FOR MANAGING A TRANSACTION WITH A SMART CARD
Provided is a method for managing a transaction with a card allocated to a user comprising establishing a first communication link between the card and a terminal, receiving by the card, a transaction command comprising a parameter specific to the transaction, and, in response to detecting a preset event, turning on an internal battery embedded in the card, using power provided by said internal battery to send the parameter to a portable apparatus distinct from the terminal through a wireless communication channel, then turning off the internal battery, and in response to receipt of the parameter, providing the user with the parameter by the portable apparatus. Other embodiments disclosed.
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p. ex. cartes à puces ou cartes magnétiques
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
Provided is a method for controlling an apparatus configured to perform a plurality of actions. The method comprises the step of establishing a communication channel between the apparatus and a smart card embedding a biometric sensor, the step of retrieving, through the communication channel, a value reflecting a non-biometric data captured by the biometric sensor, and the step of identifying and performing, by the apparatus, one action of said plurality of actions depending on said value. Other embodiments disclosed.
The invention is a method for authenticating a user of a payment instrument (10) during a proximity payment transaction between the instrument and a terminal (20). During the payment transaction, an entity consisting of the payment instrument and the terminal performs a selection procedure leading to a selection of an out-of- band method for authenticating the user. Responsive to the method selection, the terminal sends to an authentication system (30) an authentication request for user authentication through the out-of-band method. Upon receipt of the authentication request, the authentication system attempts to authenticate the user by exchanging data with a mobile apparatus (40) of the user. The authentication system generates an authentication code (31) reflecting a result of the user authentication attempt and sends the authentication code to the terminal that uses the authentication code for requesting either a payment authorization or a payment initiation to complete the payment transaction.
G06Q 20/20 - Systèmes de réseaux présents sur les points de vente
G06Q 20/32 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des dispositifs sans fil
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/18 - Architectures de paiement impliquant des terminaux en libre-service, des distributeurs automatiques, des bornes ou des terminaux multimédia
brevets
