Abstract: In accordance with a first aspect of the present disclosure, a method is conceived for providing a digital representation of a transaction card in a mobile device, comprising: detecting, by a near field communication unit of said mobile device, that the transaction card is in proximity of the mobile device; upon or after said detecting, performing, by a processing unit of said mobile device, the following steps: retrieving the digital representation of the transaction card from a digitization server; loading the digital representation of the transaction card into a memory of the mobile device; activating the digital representation of the transaction card for a predefined validity period; invalidating the digital representation of the transaction card if no successful near field communication transaction has been performed within said validity period. In accordance with other aspects of the present disclosure, a corresponding computer program and a corresponding mobile device are provided.

Abstract: Embodiments of a method and an apparatus for wireless localization are disclosed. In an embodiment, a method for wireless localization involves obtaining, by an Ultra-Wideband (UWB) radio of a localization device, UWB timing data from UWB anchors, transmitting, via a non-UWB transceiver of the localization device, the UWB timing data to a localization engine, and determining, by the localization engine, a location of the localization device using the UWB timing data.

Abstract: In accordance with a first aspect of the present disclosure, a method is conceived for providing a digital representation of a transaction card in a mobile device, comprising: detecting, by a near field communication unit of said mobile device, that the transaction card is in proximity of the mobile device; upon or after said detecting, performing, by a processing unit of said mobile device, the following steps: retrieving the digital representation of the transaction card from a digitization server; loading the digital representation of the transaction card into a memory of the mobile device; activating the digital representation of the transaction card for a predefined validity period; invalidating the digital representation of the transaction card if no successful near field communication transaction has been performed within said validity period. In accordance with other aspects of the present disclosure, a corresponding computer program and a corresponding mobile device are provided.

Abstract: There is disclosed a method for managing content, including generating, by a service provider, an authenticable management script configured to manage content comprised in a secure element; providing, by the service provider, the authenticable management script to the secure element. Furthermore, there is disclosed a method for managing content, comprising: receiving, by a secure element, an authenticable management script for managing content comprised in the secure element; authenticating, by the secure element, the authenticable management script; executing, by the secure element, the management script if the management script is authentic. Furthermore, there are disclosed corresponding computer program products and a corresponding secure element.

Abstract: There is disclosed a method of providing a software update to a secure element comprised in a host device, comprising converting the software update into a sequence of ciphertext blocks using a chained encryption scheme, and transmitting said sequence of ciphertext blocks to the host device. Furthermore, there is disclosed a method of installing a software update on a secure element comprised in a host device, comprising receiving, by the host device, a sequence of ciphertext blocks generated by a method of providing a software update of the kind set forth, converting said sequence of ciphertext blocks into the software update, and installing the software update on the secure element. Furthermore, corresponding computer program products and a corresponding host device are disclosed.

Abstract: As may be implemented in accordance with one or more embodiments, and apparatus and/or method may involve a first circuit that initiates secure operations by interfacing with a user and providing operation trigger data that is signed cryptographically and secured from alteration, based on the interfacing. A second circuit, including a secure element, stores data secured from access by the first circuit, and executes secure operations separately from operations executed by the first circuit based on one or more commands provided by the first circuit. Validation circuitry validates and controls accesses to the second circuit by verifying a characteristic of the operation trigger data by executing stored validation instructions with the operation trigger data, and communicating information to the second circuit based on the verifying. The second circuit is responsive to the communicated information by initiating execution of the secure operations.

Abstract: According to an aspect of the invention, a method for personalizing a secure element for a mobile device is conceived, wherein an application is stored in the secure element and wherein the application is pre-provisioned by loading secure credentials into the application without tying said secure credentials to a specific user of the secure element.

Abstract: Various embodiments relate to a method, device, and non-transitory medium including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving at least one session key using the master key; generating a new master key value based on the master key; deleting the current master key value; and using the new master key value as the master key.

Abstract: Various embodiments relate to a method, device, and non-transitory medium including: determining a master key value for use in secure communications with a different device, wherein the master key value is used as a master key; deriving at least one session key using the master key; generating a new master key value based on the master key; deleting the current master key value; and using the new master key value as the master key.

Abstract: A method for managing a secure element which is embedded into a host unit. The described method comprises (a) transmitting a request for a management script from the host unit to a program element of the secure element, (b) at the program element, generating a management script in accordance with the request and encrypting the generated management script, (c) transmitting the encrypted management script from the program element to the host unit, (d) transmitting the encrypted management script from the host unit to a secure domain of the secure element, and (e) at the secure domain, decrypting and executing the management script.

Abstract: There is disclosed a method for managing content, comprising: generating, by a service provider, an authenticable management script configured to manage content comprised in a secure element; providing, by said service provider, the authenticable management script to the secure element. Furthermore, there is disclosed a method for managing content, comprising: receiving, by a secure element, an authenticable management script for managing content comprised in said secure element; authenticating, by said secure element, said authenticable management script; executing, by said secure element, the management script if the management script is authentic. Furthermore, there are disclosed corresponding computer program products and a corresponding secure element.

Abstract: There is disclosed a method for configuring a secure element, the method comprising: storing an application in the secure element; storing a master key in the secure element; storing a key derivation program in the secure element; generating, by the key derivation program, at least one application key for use by the application, wherein said generating comprises deriving the application key from the master key and an identifier of the secure element. Furthermore, a corresponding key derivation program, computer program product and configurable secure element are disclosed.

Abstract: There is described a method for initializing a secure element (112, 122, 212, 222) for use with a host unit (121, 221), the method comprising (a) storing a set of initial keys and a master key in a memory of a secure element (112, 122, 212, 222), (b) providing an identifier of a host (121, 221) unit associated with the secure element, (c) generating a modified set of keys based on the initial set of keys, the master key and the identifier of the host unit, and (d) storing the modified set of keys in the memory of the secure element. There is also described a secure element (112, 122, 212, 222) adapted for being embedded into a host unit (121, 221). Furthermore, there is described a system for initializing a secure element, a computer program and a computer program product.

Abstract: There is disclosed a method of providing a software update to a secure element comprised in a host device, comprising converting the software update into a sequence of ciphertext blocks using a chained encryption scheme, and transmitting said sequence of ciphertext blocks to the host device. Furthermore, there is disclosed a method of installing a software update on a secure element comprised in a host device, comprising receiving, by the host device, a sequence of ciphertext blocks generated by a method of providing a software update of the kind set forth, converting said sequence of ciphertext blocks into the software update, and installing the software update on the secure element. Furthermore, corresponding computer program products and a corresponding host device are disclosed.

Abstract: According to an aspect of the invention, a method for personalizing a secure element for a mobile device is conceived, wherein an application is stored in the secure element and wherein the application is pre-provisioned by loading secure credentials into the application without tying said secure credentials to a specific user of the secure element.

Abstract: A method for managing a secure element which is embedded into a host unit. The described method comprises (a) transmitting a request for a management script from the host unit to a program element of the secure element, (b) at the program element, generating a management script in accordance with the request and encrypting the generated management script, (c) transmitting the encrypted management script from the program element to the host unit, (d) transmitting the encrypted management script from the host unit to a secure domain of the secure element, and (e) at the secure domain, decrypting and executing the management script.

Abstract: There is described a method for initializing a secure element (112, 122, 212, 222) for use with a host unit (121, 221), the method comprising (a) storing a set of initial keys and a master key in a memory of a secure element (112, 122, 212, 222), (b) providing an identifier of a host (121, 221) unit associated with the secure element, (c) generating a modified set of keys based on the initial set of keys, the master key and the identifier of the host unit, and (d) storing the modified set of keys in the memory of the secure element. There is also described a secure element (112, 122, 212, 222) adapted for being embedded into a host unit (121, 221). Furthermore, there is described a system for initializing a secure element, a computer program and a computer program product.