Abstract: A method is provided for testing a card body with a metallic core layer for a contactless or dual-interface chip card, and a method is provided for manufacturing a contactless or dual-interface chip card. The method involves testing the functionality of the card body before the chip module employed for testing, or a corresponding chip module, is fixed into the cavity of the card body. A card body having impurities, a partial closure or full closure in the slot of its metallic core layer fails the test and is not used at all for fixing the chip module and for the subsequent manufacturing steps.

Abstract: An OTA Edge system, constructed to: (1) receive polling requests, dedicated to an OTA Core system, from one or several mobile end de-vices; wherein an offload filter implemented in the OTA Edge system and constructed to: (2) accept polling requests from mobile end devices for which contents are present on the OTA Core system, and (2?) reject polling re-quests from mobile end devices for which no contents are present on the OTA Core system.

Abstract: A method for authenticating a mobile device of a user versus a third-party such that instead of a mobile phone number MSISDN of the mobile device, a Universal Unique User Identifier, U3I, assigned to the mobile device is used, in combination with a secure routing service server constructed to communicate with a third-party server and with an MNO server. The secure routing service server and the MNO server interact to translate the Universal Unique User Identifier, U3I, to the mobile phone number MSISDN so as to enable sending the token to the mobile device.

Abstract: A method for managing subscription profiles of a security element, which is provided for use in a mobile end device and on which a profile manager and at least one first subscription profile is loaded, includes: loading a second subscription profile from a subscription management server; checking whether the at least one first loaded subscription profile satisfies a predetermined condition; and putting the at least one first subscription profile out of operation when the at least one first subscription profile satisfies the predetermined condition.

Abstract: The invention relates to a method for providing subscription profiles to a subscriber identity module, preferably an eUICC, by means of a subscription server, preferably an SM-DP, wherein: the subscription server has knowledge of a first subscription profile, which is installed in the subscriber identity module, has a first profile file structure and first profile data stored in the first profile file structure; and at least a portion of a second profile file structure of a second subscription profile is flagged in the subscription server and the second subscription profile is sent to the subscriber identity module, the flagged portion of the second subscription profile being sent without second profile data. The invention additionally relates to a corresponding method in a subscriber identity module, a subscriber identity module, a subscription server and a computer program product.

Abstract: The invention relates to a smart card, which includes: a card body, having an accommodating recess extending along its own thickness direction of the card body; a decorative part, at least part of the decorative part being embedded in the accommodating recess; in which the decorative part includes a base layer and decorative pieces, more than two decorative pieces are arranged on the base layer, the base layer is connected to the card body, the decorative pieces correspond to the accommodating recess along the thickness direction and are exposed to an external environment. The smart card of the invention can improve the stereoscopic sense, individuation and noble sense of the smart card by arranging the decorative parts with decorative pieces on the card body.

Abstract: A microprocessor device comprising an implementation of a cryptographic operation constructed to process parameters and generate an output, wherein at least some of the parameters are obfuscated such that the cryptographic operation processes the obfuscated parameters, wherein the parameters which are obfuscated are obfuscated in that they are encrypted according to an additive homomorphic cryptographic system.

Abstract: A chip card configured as a metal card is RFID-capable on both sides, by the windings of the transponder coil being formed by the metal layer itself. Gaps between the windings of the transponder coil are filled with insulating material. A chip module is arranged above the ends of the transponder coil such that these ends are not visible for the viewer.

Abstract: A method for managing partly and/or incompletely loaded subscription data is provided for a mobile device and/or another device. A communication connection is established between the mobile device and the other device. Then, it is ascertained whether the partly and/or incompletely loaded subscription data is available on the other device, and a managing action is carried out on the partly and/or incompletely loaded subscription data.

Abstract: A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.

Abstract: The present invention is directed to a method for efficiently distributing embedded control commands to one or several security elements, in particular so-called embedded universal integrated circuit cards, of mobile end devices. The invention allows several updates to be combined in a simple manner to form a so-called bundle, so that an update server does not have to issue and distribute any special updates. The present invention is also directed to a correspondingly adapted update arrangement and to a computer program product with control commands that implement the method and/or operate the update arrangement.

Abstract: A subscriber identity module (eUICC), comprises profiles for the utilization of a mobile terminal that include at least a first profile and at least a second profile, of which the second profile (Pr1, Pr2) is devised as an active profile. The first profile is designed as a root profile (PrR) which in a normal state of the subscriber identity module is in an inactive state, and which is devised to be activated in response to an authentication command (AUTHENTICATE) received at the subscriber identity module. The authentication command is specially parameterized for the root profile (PrR) with a specific root value of the network parameter (P2) to be activated during a change-over period. The initially active second profile (Pr1, Pr2) is deactivated during the change-over period. After the end of the change-over period, the first profile (PrR) is again deactivated and the second profile (Pr1, Pr2) is again activated.

Abstract: The identification card includes a glass substrate provided with first and second surfaces facing opposite directions. The first surface of the glass substrate is provided with at least one first recess, and the identification card includes a first resin material layer filled in the first recess; and at least one of a first information storage medium, a first security feature, and a first decorative feature bonded to the first resin material layer. In a variation, an identification card has a ceramic substrate with first and second surfaces facing in opposite directions. The first surface of the ceramic substrate is provided with at least one first recess, and the identification card includes a first resin material layer filled in the first recess(es); and at least one of a first information storage medium, a first security feature, and a first decorative feature bonded to the first resin material layer.

Abstract: A mobile terminal is adapted for mobile payment through payment in accordance with transaction data from the customer to a merchant via a payment service provider, and is adapted for a clearing of the payment between bank servers. The terminal is characterized in that a) in the secure runtime environment access data are stored for an authentication between the payment trust application and the payment service provider; and b) the agent is further adapted b1) upon an authentication between the payment trust application and the payment service provider, to transmit access data, or authentication data generated employing access data, between the secure runtime environment and the payment service provider, and b2) to accept from the payment trust application a transaction instruction for a payment in accordance with the transaction data and to send it to the payment service provider. A corresponding mobile payment method for a terminal is likewise specified.

Abstract: The invention produces a card device having functional applets and an AID applet, as well as a relaying table that forwards commands addressed to the AID applet to functional applets.

Abstract: Methods and devices for of conducting a payment transaction between a mobile terminal and a payment terminal in communication with a payment backend system involve: (a) sending a unique mobile terminal identifier from the mobile terminal to the payment backend system; (b) returning a cryptogram from the payment backend system to the mobile terminal, wherein the cryptogram comprises a unique transaction identifier in encrypted form; (c) transforming the cryptogram into a proximity payment token such that the proximity payment token contains the unique transaction identifier in encrypted form and transmitting the proximity payment token to the payment terminal via a proximity communication channel; (d) forwarding a transaction record including the unique transaction identifier in encrypted form and the amount of the payment transaction from the payment terminal to the payment backend system; and (e) decrypting the unique transaction data identifier in encrypted form and processing the payment transaction.

Abstract: A method in a system comprising at least one portable data carrier, an authentication server and at least one reading device of at least one service provider which is couplable to the authentication server. The data carrier is adapted to communicate contactlessly with the reading device and comprises a security marking which can be read contactlessly by the reading device and on the basis of which the data carrier can be authenticated by the authentication server. The method comprises the step of equipping the data carrier with a data-carrier management marking that encodes a piece of data-carrier management information and readable contactlessly by a portable terminal. The method includes contactlessly reading out the data-carrier management marking by a portable terminal, transferring the data-carrier management information encoded in the data-carrier management marking to the authentication server, and managing the data carrier in the system employing the data-carrier management information.

Abstract: A method for manufacturing a portable data carrier by means of a continuous manufacturing method, comprises the steps: providing at least one foil as a rolled good, unrolling at least one first foil, with at least a first foil being coated at least partly with an adhesive on at least one side, with at least the first foil being scored on at least one side along at least one creasing edge, with at least the first foil being folded up in precise fit along at least one creasing edge and bonded, with the foil being folded up in the direction of the side which is coated with adhesive, with the side coated with adhesive being arranged on the opposite side of the foil which has at least one scored creasing edge along which it is folded.