Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

Abstract: The invention is a method for communication between a server and a user equipment through a set of command/response pairs. The user equipment uses an IMSI field of an Attach Request frame as defined by ETSI TS 124.008 to convey a command to the server. The server uses an Authentication parameter RAND field or an Authentication parameter AUTN field of an Authentication Request frame as defined by ETSI TS 124.008 to convey a response corresponding to the received command. The server sends the Authentication Request frame in response to the Attach Request frame.

Abstract: A secure element equips a device usable by N image owners, and comprises a first non-volatile memory divided into N parts storing image owner data, a second non-volatile memory storing a primary boot loader, a third non-volatile memory divided into N parts storing image owner session private data, a first random access memory divided into N parts associated to the N first non-volatile memory parts, a second random access memory for temporarily storing image owner data during an access session, and a controller activated by the primary boot loader when the device starts an access session, and then controlling accesses to the non-volatile memories and random access memories according to rules, and erasing the second random access memory each time the device starts an access session.

Abstract: A device for managing multiple accesses to a secure module of a system on chip of an apparatus, and comprises a stream ciphering means arranged for computing on the fly and in a single pass an integrity check for data to be transferred between secure and non secure modules of the system on chip with a seed and an encryption key, and for encrypting/decrypting on the fly and in this single pass these data with the encryption key, and a control means for providing the encryption key and seed to the stream ciphering means and for requesting data transfer and retrieving status to the secure and non secure modules for allowing the transfer of encrypted/decrypted data between the secure and non secure modules.

Abstract: The present invention relates to a method, for a provider entity belonging to a provider group, to authenticate its belonging to an attribute provider group to a verification entity in a non-traceable manner without necessitating to share secret or large constants compromising privacy. Both entities comprise at least one attribute group arborescence, this attribute group arborescence being shared by the provider entity and the verification entity when the provider entity has the attribute. According to the invention, when a verification is triggered, the verification entity calculates a certificate from the attribute group arborescence, said certificate being calculated from the authentication tokens of the groups along the arborescence from the attribute verification group's token to the consumer group's token.

Abstract: The invention related to a method for an eUICC embedded into a machine type communication device to trigger the download of a subscription profile from a first network operator, the eUICC being provisioned with an eUICC identifier and a pre-loaded data set memorizing a range of International Mobile Subscription Identifiers-associated to a second network operator, the method comprising the steps of: selecting randomly by the eUICC an IMSI number in the range memorized in the pre-loaded data set; sending an attachment request comprising the randomly selected IMSI; receiving in an authentication request message the request for getting the eUICC identifier; as a response, sending to the discovery server a authentication failure message; receiving in an authentication request message a temporary IMSI from the discovery server so that the machine type communication device is able to attach to the first network operator and download the pending subscription profile.

Abstract: The invention is a method for communication between a server and a user equipment through a set of command/response pairs. The the user equipment uses an IMSI field of an Attach Request frame as defined by ETSI TS 124.008 to convey a command to the server. The server uses an Authentication parameter RAND field or an Authentication parameter AUTN field of an Authentication Request frame as defined by ETSI TS 124.008 to convey a response corresponding to the received command. The server sends the Authentication Request frame in response to the Attach Request frame.

Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

Abstract: The invention proposes a method for cloning a first secure element from a backup secure element of a user, said backup secure element comprising at least credentials of said user. The method comprises a preliminary phase of checking the authenticity of the first secure element using a second secure element, said second secure element being able to be paired with a third secure element.

Abstract: A secure element equips a device usable by N image owners, and comprises a first non-volatile memory divided into N parts storing image owner data, a second non-volatile memory storing a primary boot loader, a third non-volatile memory divided into N parts storing image owner session private data, a first random access memory divided into N parts associated to the N first non-volatile memory parts, a second random access memory for temporarily storing image owner data during an access session, and a controller activated by the primary boot loader when the device starts an access session, and then controlling accesses to the non-volatile memories and random access memories according to rules, and erasing the second random access memory each time the device starts an access session.

Abstract: This invention relates to a method for controlling remotely the rights of a target secure element to an execute an operation, said target secure element being configured to load a profile image and to store a first set of at least one parameter indicating if the secure element is locked or unlocked and, in case it is locked, who is the locker of said secure element. The method is operated by an image delivery server, said method and comprises the following steps: receiving a second set of at least one parameter and an operation code OP defining a requested operation to be performed by the target secure element, receiving a profile image to be transmitted to the secure element; generating a security scheme descriptor (SSD) file adapted to bind the profile image with the target secure element and further comprising the second set of at least one parameter and the operation code OP; sending the received image profile and the associated security scheme descriptor (SSD) file to the target secure element.

Abstract: A device is intended for controlling access of a communication equipment of a user to virtual stores of network operators accessible into servers. This device comprises a control means arranged, when this user provides the communication equipment of the user equipment with an access code associated to a virtual store of a network operator, for determining a communication identifier of a virtual store page corresponding to this access code and to data defining a context of the communication equipment into a table establishing correspondences between access codes and communication identifiers of pages of virtual stores providing offers corresponding to communication equipment contexts, then for triggering access by the communication equipment to the virtual store page associated to the determined communication identifier to allow the user to select an offer contained into this virtual store page.

Abstract: A device for managing multiple accesses to a secure module of a system on chip of an apparatus, and comprises a stream ciphering means arranged for computing on the fly and in a single pass an integrity check for data to be transferred between secure and non secure modules of the system on chip with a seed and an encryption key, and for encrypting/decrypting on the fly and in this single pass these data with the encryption key, and a control means for providing the encryption key and seed to the stream ciphering means and for requesting data transfer and retrieving status to the secure and non secure modules for allowing the transfer of encrypted/decrypted data between the secure and non secure modules.

Abstract: The invention relates to a secure element device comprising at least one processor, at least one communication interface, at least one memory RAM and NVM and at least one bus access controller, wherein the bus access controller defines at least a first area PBL, a second area SBL and a secure area MZ. The first area comprises a first loader program capable of loading a program package in the second area. The secure area comprises an authentication key capable of authenticating the program package loaded in the second area. After authentication of the program package loaded in the second area, the access right of the first loader program is changed in such a way that a program in the first area can no more access the second area.

Abstract: The present invention relates to a method, for a provider entity belonging to a provider group, to authenticate its belonging to an attribute provider group to a verification entity in a non-traceable manner without necessitating to share secret or large constants compromising privacy. Both entities comprise at least one attribute group arborescence, this attribute group arborescence being shared by the provider entity and the verification entity when the provider entity has the attribute. According to the invention, when a verification is triggered, the verification entity calculates a certificate from the attribute group arborescence, said certificate being calculated from the authentication tokens of the groups along the arborescence from the attribute verification group's token to the consumer group's token.

Abstract: The invention relates to a communication system comprising a terminal (10), a first device (1) adapted to exchange data with said terminal (10), a second device (2) adapted to exchange data with said terminal (10), characterized in that it comprises means for pairing said first (1) and second (2) devices so as said second device (2) exchanges data with said terminal (10) through said first device (1).

Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

Abstract: A two-way communication device has a master transmitter connected to at least one slave transmitter by an active connection wire. The master transmitter and the slave transmitter have a common reference. The master transmitter can transmit a master signal to the slave transmitter and the slave transmitter can transmit a slave signal to the master transmitter. The master signal is a digital modulation in voltage. The slave signal is a digital modulation in current.

Abstract: The invention proposes a method for cloning a first secure element from a backup secure element of a user, said backup secure element comprising at least credentials of said user. The method comprises a preliminary phase of checking the authenticity of the first secure element using a second secure element, said second secure element being able to be paired with a third secure element.

Abstract: A two-way communication device has a master transmitter connected to at least one slave transmitter by an active connection wire. The master transmitter and the slave transmitter have a common reference. The master transmitter can transmit a master signal to the slave transmitter and the slave transmitter can transmit a slave signal to the master transmitter. The master signal is a digital modulation in voltage. The slave signal is a digital modulation in current.