The present invention relates to a method to counter DCA attacks of order 2 and higher order applied on an encoded table-based (TCabi,j) implementation of block-cipher of a cryptographic algorithm to be applied to a message (m), said method comprising the steps of: —translating a cryptographic algorithm block-cipher to be applied on a message (m) into a series of look-up tables (Tabi,j),—applying secret invertible encodings to get a series of look-up tables (TCi,j),—computing message-dependent masking values, comprising the computation of at least two shares of masking value (mmask1, mmask2) for the input of the table network based on at least two different message derivation functions (F1, F2),—re-randomizing the tables (TCi,j) using the computed message-dependent masking values (mmask1, mmask2),—computing rounds to be applied on the message (m) based on the randomized network of tables (TCi,j).
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/06 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p.ex. système DES
2.
Method for accessing a roaming device and corresponding proxy network
A roaming device sends, through a visited network and a proxy network, to a home network, an identifier for a first subscription. The home network sends, through the proxy network, to the visited network, data relating to the first subscription. The proxy network sends to the home network a first temporary address. The visited network sends to the proxy network a second temporary address. The device activates a second subscription. The device sends, through the visited network and the proxy network, to the roaming provider network, an identifier for the second subscription. The roaming provider network sends, through the proxy network, to the visited network, data relating to the second subscription. The proxy network registers the first subscription identifier, the second subscription identifier, the first temporary address and the second temporary address. The proxy network sends to the roaming provider network the first temporary address.
H04W 8/12 - Transfert de données de mobilité entre registres de localisation ou serveurs de mobilité
H04W 8/02 - Traitement de données de mobilité, p.ex. enregistrement d'informations dans un registre de localisation nominal [HLR Home Location Register] ou de visiteurs [VLR Visitor Location Register]; Transfert de données de mobilité, p.ex. entre HLR, VLR ou réseaux externes
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 8/06 - Enregistrement dans un registre de localisation de réseau-serveur, un VLR ou un serveur de mobilité des utilisateurs
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
H04W 48/18 - Sélection d'un réseau ou d'un service de télécommunications
H04M 15/00 - Dispositions de comptage, de contrôle de durée ou d'indication de durée
3.
UICCs embedded in terminals or removable therefrom
The invention proposes several improvements related to the management of secure elements, like UICCs embedding Sim applications, these secure elements being installed, fixedly or not, in terminals, like for example mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.
H04W 8/22 - Traitement ou transfert des données du terminal, p.ex. statut ou capacités physiques
H04B 1/3816 - TRANSMISSION - Détails des systèmes de transmission non caractérisés par le milieu utilisé pour la transmission Émetteurs-récepteurs, c. à d. dispositifs dans lesquels l'émetteur et le récepteur forment un ensemble structural et dans lesquels au moins une partie est utilisée pour des fonctions d'émission et de réception avec des connecteurs pour programmer des dispositifs d’identification
H04W 8/18 - Traitement de données utilisateur ou abonné, p.ex. services faisant l'objet d'un abonnement, préférences utilisateur ou profils utilisateur; Transfert de données utilisateur ou abonné
H04W 84/04 - Réseaux à grande échelle; Réseaux fortement hiérarchisés
4.
Method and device for managing a subscriber device
A method for managing a subscriber device includes a first detection step in which a first device detects a first status relating to a presence of a subscriber device under a radio coverage of a home mobile network. In the first detection step, the first device intercepts a message for requesting whether the subscriber device has or has not been stolen, as request message, the request message originating from a Mobile Switching Center relating to the home mobile network and being addressed to an Equipment Identity Register relating to the home mobile network. A corresponding first device is also disclosed.
H04M 1/66 - COMMUNICATIONS TÉLÉPHONIQUES Équipement de sous-station, p.ex. pour utilisation par l'abonné avec des moyens pour empêcher les appels non autorisés ou faux appels
H04W 8/22 - Traitement ou transfert des données du terminal, p.ex. statut ou capacités physiques
H04M 15/00 - Dispositions de comptage, de contrôle de durée ou d'indication de durée
H04W 48/18 - Sélection d'un réseau ou d'un service de télécommunications
H04W 8/00 - Gestion de données relatives au réseau
H04W 8/10 - Transfert de données de mobilité entre registre de localisation et réseaux externes
H04W 8/02 - Traitement de données de mobilité, p.ex. enregistrement d'informations dans un registre de localisation nominal [HLR Home Location Register] ou de visiteurs [VLR Visitor Location Register]; Transfert de données de mobilité, p.ex. entre HLR, VLR ou réseaux externes
H04W 36/14 - Resélection d'un réseau ou d'une interface hertzienne
H04W 64/00 - Localisation d'utilisateurs ou de terminaux pour la gestion du réseau, p.ex. gestion de la mobilité
H04W 92/24 - Interfaces entre des dispositifs hiérarchiquement similaires entre des dispositifs formant réseau fédérateur
5.
Non alterable structure including cryptographic material
The present invention relates to a method to build a non-alterable structure and to such a non-alterable structure including data relative to a set of cryptographic material generated randomly or derived from a secret key linked to a business use, the non-alterable structure being intended to be transferred from a first entity to a second entity, the entities sharing at least an encryption/decryption key and a signature key, the structure comprising at least business data relative to the intended use of cryptographic material, an encrypted protection key encrypted with the encryption key, an encrypted set of cryptographic material encrypted with the protection key, a signature of the set of cryptographic material, the protection key and the data relative to the intended use of cryptographic material signed with the signature key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
6.
Method for registering at least one public address in an IMS network, and corresponding application
The invention relates, in particular, to a method for registering at least one public address in an IMS network including a terminal that interacts with a security element. According to the invention, the security element includes an application that invites the user of the terminal, upon the occurrence of an event, to enter a public address, selected by the user, via the man/machine interface of the terminal, the application transmitting the public address, accompanied by at least one identifier of the security element, to a remote network via the terminal such that the remote network associates the public address with the identifier.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
H04L 29/08 - Procédure de commande de la transmission, p.ex. procédure de commande du niveau de la liaison
H04W 8/04 - Enregistrement dans un registre de localisation nominal ou un serveur d'abonnés locaux [HSS Home Subscriber Server]
The invention relates to a method for initiating an OTA session in a mobile radio communication network at the request of a user of a mobile terminal. The OTA session is established between the mobile terminal and a remote OTA server, the mobile terminal including a security element such as a UICC card. According to the invention, the method comprises: i) entering a special code using the man/machine interface of said mobile terminal; ii) said security element intercepting said special code; and iii) opening said OTA session between said mobile terminal and said remote server in a secure mode.
The invention concerns a method for attaching a roaming telecommunication terminal to a visited network, the terminal having a security element. The method includes transmitting from the home network to the terminal a rejection message that is function of the features of the terminal and the security element.
H04W 4/00 - Services spécialement adaptés aux réseaux de télécommunications sans fil; Leurs installations
H04W 8/02 - Traitement de données de mobilité, p.ex. enregistrement d'informations dans un registre de localisation nominal [HLR Home Location Register] ou de visiteurs [VLR Visitor Location Register]; Transfert de données de mobilité, p.ex. entre HLR, VLR ou réseaux externes
H04W 60/06 - Annulation de l'enregistrement ou détachement
The present invention relates to cryptographic method that are resistant to fault injection attacks, to protect the confidentiality and the integrity of secret keys. For that, the invention describes a method to protect a key hardware register against fault attack, this register being inside an hardware block cipher BC embedded inside an electronic component, said component containing stored inside a memory area a cryptographic key K, characterized in that it comprises following steps: A.) loading the key Kram inside said register; B.) computing a value X such as K=BC(K,X); C.) after at least one sensitive operation, computing a value V such as V=BC(K,X); D.) matching the value V with the key Kram value stored in the memory area; E.) if the matching is not ok detecting that a fault occurs.
A method for exporting on a UICC in a terminal. An export request signed by the UICC, is transmitted by the terminal to a secure server. The server verifies the signed export request by comparing the signature and the identity of the UICC. The server sends a signed export certificate to the UICC via the terminal. An export package containing the data is prepared, signed and encrypted by the UICC, and sent to the terminal. The terminal transmits the export package to the server. The server signs an acknowledgment message and transmits it to the UICC via the terminal. In the UICC, the data that have been exported is destroyed, and a signed acknowledge message is sent to the server via the terminal. The server makes the data available for a further transfer to a new terminal or UICC.
System and method for allowing a mobile telecom device to use multiple profiles. The system and method includes operating a security function to perform a cryptographic operation on a profile using a cryptography key of the security function thereby producing a cryptographically protected profile, storing the cryptographically protected profile, and activating the cryptographically protected profile by operating the security function to verify that the cryptographically protected profile has been cryptographically protected using the cryptography key of the security function, and upon verifying that the cryptographically protected profile has been protected using the cryptography key of the security function, activating the cryptographically protected profile.
The invention relates to a method for personalizing an electronic device using an encryption device adaptable to standard certified apparatuses. The encryption device makes it possible to ensure the confidentiality of the transfer of a secret code from the user to a possible personalization server.
G06F 7/10 - Sélection, c. à d. obtention des données d'une catégorie à partir de ceux des supports d'enregistrement qui sont identifiables par les données d'une seconde catégorie dans un ensemble de supports d'enregistrement placés dans un certain ordre ou dispo
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/38 - Architectures, schémas ou protocoles de paiement - leurs détails
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
13.
Group based mobility optimization method and device in machine-type communication
The present invention relates to a method and device of performing Tracking Area Update TAU for a group of Machine-Type Communication MTC devices in a communication network. According to an embodiment of the present invention, the group comprises a first MTC device and at least one second MTC device that have the same group ID and location information, the communication network comprises an old Mobility Management Entity MME and a new Mobility Management Entity MME before and after TAU, respectively, for providing mobility management to the group of MTC devices, and the method comprises: after the new MME receives a TAU request about the first MTC device, obtaining a context of the first MTC device from the old MME; the new MME checking the context of the first MTC device to find the group ID of the group; and if the group ID is included in the context of the first MTC device, the new MME utilizing the group ID to obtain from the old MME a context of the at least one second MTC device.
The invention is aimed at optimizing the life of the power supply of mobile equipment with a radiofrequency communication interface by switching off the power to it when it reaches a given state. A mobile device (102) has a battery (206), a radiofrequency circuit (201) allowing the mobile device (102) to exchange information with a host device (101). The mobile device (102) comprises an electronic switch (202) connected between the battery (206) and at least the radiofrequency circuit (201), where the switch makes it possible to supply power or not to the radiofrequency circuit. A power control circuit (203) is capable of controlling the electronic switch (202) so that it ceases to power the radiofrequency circuit as soon a break in communication is detected.
G06K 19/07 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré
G06K 19/077 - Supports d'enregistrement avec des marques conductrices, des circuits imprimés ou des éléments de circuit à semi-conducteurs, p.ex. cartes d'identité ou cartes de crédit avec des puces à circuit intégré - Détails de structure, p.ex. montage de circuits dans le support
The invention relates to a process to make secure a personal portable object comprising a body of the personal portable object, a microchip, a printed image and a device to enable said personal portable object to communicate with an entity external to the device. The process includes using an image file and an insertion algorithm to generate an image feature vector Vsi(num), storing the image feature vector Vsi(num) in the microchip, using the printed image obtained by a scanning device to generate an image feature vector Vsi(dig), and using a read-back algorithm to match the image feature vector Vsi(num) and the image feature vector Vsi(dig).
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
The present invention relates to a method for providing data during an Application Selection process from a processing device to an interface device, wherein it comprises a step of modifying dynamically at least a part of said data from transaction to transaction, said at least part of data being a dynamic data.
G06F 17/30 - Recherche documentaire; Structures de bases de données à cet effet
G07F 7/10 - Mécanismes actionnés par des objets autres que des pièces de monnaie pour déclencher ou actionner des appareils de vente, de location, de distribution de pièces de monnaie ou de papier-monnaie, ou de remboursement par carte d'identité codée ou carte de crédit codée utilisée simultanément avec un signal codé
G06Q 20/34 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des cartes, p.ex. cartes à puces ou cartes magnétiques
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
17.
Method for securely creating a new user identity within an existing cloud account in a cloud computing system
The invention proposes a method for securely creating a new user identity within an existing cloud account in a cloud computing system, said cloud computing system providing cloud services and resources, said cloud account comprising cloud user identities, said method comprising enabling a first user to access the cloud services and resources using a first security device, wherein it comprises authenticating to the first security device, creating a new user identity within the cloud account for a second user using the first security device.
The invention relates to an identification document (21) comprising a non-transparent core (6), and one or more layers of a transparent material (14) arranged on at least a back (13) or a front surface (12) of said core. In order to achieve an identification document where forgery attempts are visibly detectable, the identification document (21) has a translucent security element in a region (7) where the thickness of the non-transparent core (6) material is smaller as compared to the thickness of the non-transparent core material in other parts of said core (6).
G06F 7/04 - Contrôle d'égalité, c. à d. pour valeurs égales ou non
B42D 25/41 - Marquage par rayonnement électromagnétique
B42D 25/00 - Cartes ou structures de type feuille portant des informations caractérisées par leurs éléments d’identification ou de sécurité; Leur fabrication
19.
Process for securing an identification document and secure identification document
The invention relates to a process for securing an identification document and to a secure identification document. More particularly, the process uses UV sensitive ink(s) to define a pattern only visible under UV radiations, by printing a first layer of a transparent ablation varnish (13), printing a layer (14) of UV sensitive ink(s) over said first layer of transparent ablation varnish, removing parts of the layer (14) of UV sensitive ink(s), by means of a laser beam, some remaining areas of said UV sensitive ink(s) defining said pattern to be revealed in color under UV radiations, and some areas, where the UV sensitive ink(s) has been removed and the laser beam has interacted with the ablation varnish (13), absorbing the UV radiations with effect of creating black color. Other systems and methods are disclosed.
B42D 25/387 - Encres spéciales absorbant ou reflétant la lumière ultraviolette
B42D 25/351 - Pièces translucides ou en partie translucides, p.ex. fenêtres
B42D 25/435 - Marquage par enlèvement de matière par rayonnement électromagnétique, p.ex. laser
B42D 25/00 - Cartes ou structures de type feuille portant des informations caractérisées par leurs éléments d’identification ou de sécurité; Leur fabrication
A method for producing a portable electronic object having contact pads arranged on a plane with a thickness which differs from the thickness of a standard smartcard. The object is electrically connected to data transfer station connectors, by delivering a data transfer station having an electric probe connector and submitting the object to the data transfer station in such a way that the contact pads thereof are accessible to the electric probes in a direction perpendicular to the plane. Objects obtainable include UBS keys or PCMCIA cards or readers.
G06K 7/06 - Méthodes ou dispositions pour la lecture de supports d'enregistrement avec des moyens qui sont conducteurs de courant quand une marque est présente ou absente, p.ex. balais ou pointe de contact pour perforation, balais de contact pour marques conductrices
21.
Radiofrequency communication device with an offset antenna
The invention relates to a radiofrequency communication device that comprises a gripping beating body having a surface; an electronic and/or electric circuit extending in the gripping beating body; at least one antenna provided in the vicinity of the electronic circuit. The device includes a connection circuit for connection to the antenna, that is provided at least partially in the gripping beating body and extends from the electronic circuit up to connection points of the antenna, said antenna connection points being accessible from the outside of the beating body.
D mod N against invasive attacks. The invention comprises applying a mask to the message m, and after the modular exponentiation is carried out, in verifying that the exponentiation was not altered thanks to properties introduced by the mask.
An electronic object carries out at least one operation on one element of an application installed in a computer. The method includes transmitting a random value of the electronic object to the computer, when such operation is completed, while maintaining in the electronic object the right of access to the electronic object by the user; storing the random value in the computer; giving access to the electronic object by the application and, in the case of a new access to the electronic object by the application; transmitting the random values stored in the computer to the electronic object; comparing, in the electronic object, the random value received from the computer with the random value previously transmitted to the computer; and, in case the random values are matching, re-establishing the previously acquired rights in the electronic object and thereby giving the application the access to the electronic object.
The invention relates to a method to select a telecommunication network with a mobile equipment (10,20) comprising a mobile communication device (10) and a personal token (20), the method operating an algorithm (25) which selects at least one network to be operated by the mobile equipment among a plurality of available networks, wherein in the method, the algorithm is stored and run in the personal token (20).
H04J 3/17 - Systèmes multiplex à division de temps dans lesquels le canal de transmission attribué à un premier usager peut être repris et assigné à un second usager si le premier devient non actif, p.ex. TASI
25.
Method of managing flash memory allocation in an electronic token
The invention is a method of managing flash memory-allocation in an electronic token. Said token has a memory comprising a list area and a managed area. Said managed area comprises allocated spaces and at least one free memory chunk. Said list area comprises at least one valid entry referencing a free memory chunk. Said valid entry comprises a state field. Said method comprises the step of selecting a free memory chunk further to an allocation request where said free memory chunk is referenced by an old entry, and the step of identifying a new allocated space in the selected free memory chunk. The state field of said valid entry is preset with a virgin state. Said method comprises the step of invalidating the old entry referencing the selected free memory chunk.
G06F 12/06 - Adressage d'un bloc physique de transfert, p.ex. par adresse de base, adressage de modules, extension de l'espace d'adresse, spécialisation de mémoire
26.
Method and apparatus for two dimensional image processing
In one embodiment, the present invention is a system for organizing data flow for two dimensional digital image processing. The system includes a memory access module for accessing an external memory containing image data to be processed, and a data flow organizer module for preparing a data stream from the input image data accessed by the memory access module. The data flow organizer module predicts future data needed for processing, and the memory access module pre-fetches the predicted data from the memory. A data processing module processes the pre-fetched data from the data flow organizer module. Address generation for accessing the memory is performed independent and in parallel with processing the pre-fetched data.
G06K 9/54 - Combinaisons de fonctions de prétraitement
G06K 9/00 - Méthodes ou dispositions pour la lecture ou la reconnaissance de caractères imprimés ou écrits ou pour la reconnaissance de formes, p.ex. d'empreintes digitales
27.
Data medium, identity document and corresponding security-protection method
A data medium has at least first and second parts joined together, each having an outer face turned towards the outside and a hidden inner face. At least one of the first and second parts bears, at a certain distance from the outer faces, hidden markings corresponding to personalization data. This first part and preferably the second part of the medium are, at least locally, opaque with respect to through-transmission of laser radiation liable to modify the hidden markings.
H04L 9/00 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité
H04L 9/28 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité utilisant un algorithme de chiffrement particulier
29.
Dongle which is intended to be connected to a port of a telecommunications device
A dongle is formed by a module having an integrated circuit chip which is connected to contact pads which are flush with the surface of the module. The dongle is intended to be connected to a port of a telecommunications device, having electric connecting pins. The contact pads correspond to the electric connecting pins in such a way that the pads can be directly connected to the pins.
H01R 33/00 - Dispositifs de couplage spécialement conçus pour supporter un appareil et munis d'une pièce de couplage assurant la fonction de support et la connexion électrique par l'intermédiaire d'une pièce complémentaire qui est structurellement associée à l'ap; Leurs pièces détachées
30.
Portable device for securing packet traffic in a host platform
A device, such as a chip card, is connected to a host platform that is linked to a packet network such as the Internet. The device detects security policy designation parameters in packets leaving and entering the platform and processes the packets according to stored security policies designated by the designation parameters detected. The security information linked to a user can therefore be moved from one platform to another and it is not processed by the platform. Security policies are managed by a server with which the device can initiate a communication when no security policy corresponding to the policy designation parameters detected in a packet is recognized, so that the server can assist the device in negotiating a security policy.
G06F 17/00 - TRAITEMENT ÉLECTRIQUE DE DONNÉES NUMÉRIQUES Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
31.
Method and apparatus for protecting electronic commerce from distributed denial-of-service attacks
An Internet Service Provider (ISP), in consideration of being remunerated in some manner by an e-merchant, carries the packets of a designated subset of that e-merchant's clients, designated as VIPs, in a privileged class of service as compared to an unprivileged class of service that is used to carry the packets of the e-merchant's other regular clients. In this way, the adverse effects on performance due to congestion in the unprivileged class of service, whether due to an ongoing denial-of-service attack or not, will not affect the performance of packets sent by and to VIPs using the privileged class of service. An e-merchant may select its VIPs from among those clients that bring in a majority of the e-merchant's revenues. An e-merchant turns a regular client into a VIP by granting it a VIP right. VIP gates, preferable implemented in an ISP's access gateways, monitor the packets sent by clients and mark for the privileged class of service those packets whose source has an active VIP right issued by the packet's destination.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
G06F 15/173 - Communication entre processeurs utilisant un réseau d'interconnexion, p.ex. matriciel, de réarrangement, pyramidal, en étoile ou ramifié
A mechanism is provided that enables an application to interact directly with certain types of communication messages, while at the same time retaining the advantages of a semantics-based framework, such as remote method invocation. A set of standard entry points are defined that can be employed by any application to receive and interact with communication messages. In one implementation of the invention, three such entry points are established as invokable methods that are called within the application. These three methods respectively relate to data processing operations, pre-processing operations and post-processing operations.