Abstract: To allow access to encrypted data stored in the memory of a user terminal, the corresponding secret encryption key is stored in a secure element integrated into the user terminal and this secure element serves as a highly secure relay toward an access device to this data, used by a third party. To do so, a secure communication channel is established between the third party and the secure element. The EAC standard allows mutual authentication accompanied by the establishment of such a secure communication channel. The secure element performs an encryption conversion of the data so that the latter is protected by a session (or transport) key associated with the secure communication channel, and no longer by the initial secret key. The third party can thus access the encrypted data without even knowing the initial secret key.

Abstract: Disclosed is a method for loading, by a manager, a profile into a memory of a secure element, SE. A profile allows the SE to identify itself to a service. The profile includes a profile element created by reference to a template. A template is identified by an OID identifier, which it keeps despite changes. The manager may transmit an audit request or update the operating system of the SE in order to obtain, in response, a piece of information representative of the version of the template stored by the SE. The manager then identifies any difference in version with the corresponding template it holds. In case of difference, the template of the SE or the template of the manager is updated so as to align their versions. Thus, a profile generated on the basis of this version of the template will be loaded, without malfunction, by the SE.

Abstract: Disclosed is management of a plurality of active subscriber profiles at the same time within the same secure element integrated in a host terminal. A baseband processor of the terminal and a communication interface controller of the secure element together establish different separate links for each one of the active profiles. It is thus possible to address, and therefore to simultaneously use, a plurality of profiles. A link can be the conventional ISO 7816 link. The HCI/SWP interface allows a large number of logical links (or HCI pipes) to be established using a single additional tab for connecting the secure element in the terminal. Each active profile is thus associated with an HCI pipe for routing messages relating thereto. As a variant or in combination, an SPI interface allows master-slave logical links to be established.

Abstract: A secure element (30) has a local store of file property data (50). A method of preparing a script to send to the secure element (30) to remotely provision a profile (31) at the secure element includes preparing the script such that the script lacks a command to create a file if the local store of file property data (50) at the secure element includes file property data which can be used to locally create that file. A script may include an entry of reduced length which refers to the file to be locally created, such as a SELECT FILE command and an identifier of the file.

Abstract: An embedded subscriber identity module (eUICC1) and a method of controlling such a module. The embedded subscriber identity module (eUICC1) is suitable for maintaining numerous communication profiles (P) simultaneously in the active state, and each active communication profile (P) allows the communications terminal (T) containing the embedded subscriber identity module to communicate with a mobile telephone network (R) associated with that communication profile.

Abstract: An embedded subscriber identity module (eUICC1), which includes communication profiles, and that co-operates with a communications terminal (T). The module includes at least two communication profiles (P) that are active at the same time so as to allow the communications terminal to communicate with each mobile telephone network (R1, R2) associated with the active communication profiles, a receive module for receiving, from the terminal (T), a command (CMD) that has one of the active communication profiles as its destination (P), (referred to as the destination profile), and a determination module for determining the destination profile from among the active communication profiles on the basis of a destination profile identifier included in the command.

Abstract: A control method and associated devices in an embedded subscriber identity module (eUICC1) co-operating with a terminal (T) includes operations for: receiving identifiers (ID) of services associated with a communications profile (P) to be executed when the profile is in the active state; determining whether each service (S) is supported by an operating system (OS1) of the embedded subscriber identity module (eUICC1), and if not, sending a request to update the operating system (OS1); installing the update enabling the operating system to run the communications profile (P); and sending a request to receive or to continue receiving the communications profile (P) for installing in the embedded subscriber identity module (eUICC1). Also described is a control method performed by a profile provisioning server for supplying the embedded subscriber identity module (eUICC1) with the service identifiers.

Abstract: An embedded subscriber identity module (2) includes: a first memory zone (Z1) for storing an operating system (OS1); a second memory zone (Z2) for storing user data (DT) in memory that is accessible by the operating system (OS1); and a third memory zone (Z3) for storing a data model (MD) defining at least one criterion (CT) that is to be complied with by the user data (DT) contained in the second memory zone (Z2). The embedded subscriber identity module (2) further includes a determination module (8) configured to determine whether the user data (DT) complies with the at least one criterion; and a processor module (10) configured to cause at least one first predetermined action as defined in the data model (MD) to be executed if the user data (DT) is not in compliance with the at least one criterion.

Abstract: A method of managing profiles in a secure element where the secure element includes an active first profile associated with a first communication network and a second profile associated with a second communication network. The method includes deactivating the first profile and activating the second profile, where the deactivation and the activation are implemented following detection of a failure during a local verification pertaining to the first profile for the use of this the first profile. A local verification may be a verification in the secure element of the authorization of access of a user to the first profile, for example three failures of PIN or PUK code or of biometric authentication data, the local verification being performed in the secure element, and the failure being relative to a security failure of the first profile or to an operating failure of the first profile.

Abstract: To allow access to encrypted data stored in the memory of a user terminal, the corresponding secret encryption key is stored in a secure element integrated into the user terminal and this secure element serves as a highly secure relay toward an access device to this data, used by a third party. To do so, a secure communication channel is established between the third party and the secure element. The EAC standard allows mutual authentication accompanied by the establishment of such a secure communication channel. The secure element performs an encryption conversion of the data so that the latter is protected by a session (or transport) key associated with the secure communication channel, and no longer by the initial secret key. The third party can thus access the encrypted data without even knowing the initial secret key.

Abstract: Disclosed is management of a plurality of active subscriber profiles at the same time within the same secure element integrated in a host terminal. A baseband processor of the terminal and a communication interface controller of the secure element together establish different separate links for each one of the active profiles. It is thus possible to address, and therefore to simultaneously use, a plurality of profiles. A link can be the conventional ISO 7816 link. The HCI/SWP interface allows a large number of logical links (or HCI pipes) to be established using a single additional tab for connecting the secure element in the terminal. Each active profile is thus associated with an HCI pipe for routing messages relating thereto. As a variant or in combination, an SPI interface allows master-slave logical links to be established.

Abstract: A control method and associated devices in an embedded subscriber identity module (eUICC1) co-operating with a terminal (T), includes operations for: receiving identifiers (ID) of services associated with a communications profile (P) to be executed when the profile is in the active state; determining whether each service (S) is supported by an operating system (OS1) of the embedded subscriber identity module (eUICC1), and if not, sending a request to update the operating system (OS1); installing the update enabling the operating system to run the communications profile (P); and sending a request to receive or to continue receiving the communications profile (P) for installing in the embedded subscriber identity module (eUICC1). Also described is a control method performed by a profile provisioning server for supplying the embedded subscriber identity module (eUICC1) with the service identifiers.

Abstract: An embedded subscriber identity module (2) includes: a first memory zone (Z1) for storing an operating system (OS1); a second memory zone (Z2) for storing user data (DT) in memory that is accessible by the operating system (OS1); and a third memory zone (Z3) for storing a data model (MD) defining at least one criterion (CT) that is to be complied with by the user data (DT) contained in the second memory zone (Z2). The embedded subscriber identity module (2) further includes a determination module (8) configured to determine whether the user data (DT) complies with the at least one criterion; and a processor module (10) configured to cause at least one first predetermined action as defined in the data model (MD) to be executed if the user data (DT) is not in compliance with the at least one criterion.

Abstract: The disclosure relates to the notification of an SM-SR subscription management server by an eUICC card or an eSE element. The card includes, in local memory, at least one short number (or “short code”), and more generally an address identifier, unique to a mobile-phone operator, wherein the number is associated with an operator subscriber profile within the secure card. The card is configured to retrieve, from the local memory, a short code associated with a subscriber profile in use to send, using the retrieved short code, a card status notification to the SM-SR server. In the absence of a short code, the card uses a unique international telephone number as the recipient of the notification.

Abstract: Disclosed is a method for loading, by a manager, a profile into a memory of a secure element, SE. A profile allows the SE to identify itself to a service. The profile includes a profile element created by reference to a template. A template is identified by an OID identifier, which it keeps despite changes. The manager may transmit an audit request or update the operating system of the SE in order to obtain, in response, a piece of information representative of the version of the template stored by the SE. The manager then identifies any difference in version with the corresponding template it holds. In case of difference, the template of the SE or the template of the manager is updated so as to align their versions. Thus, a profile generated on the basis of this version of the template will be loaded, without malfunction, by the SE.

Abstract: An embedded subscriber identity module (eUICC1) and a method of controlling such a module. The embedded subscriber identity module (eUICC1) is suitable for maintaining numerous communication profiles (P) simultaneously in the active state, and each active communication profile (P) allows the communications terminal (T) containing the embedded subscriber identity module to communicate with a mobile telephone network (R) associated with that communication profile.

Abstract: An embedded subscriber identity module (eUICC1), which includes communication profiles, and that co-operates with a communications terminal (T).

Abstract: A method for administering life cycles of communication profiles that are managed by a subscriber identity module (100) embedded in a telecommunications terminal (110) may be performed by the module (100), which is suitable for using at least one process for administering the life cycles of communication profiles. The process uses a set of at least one command and/or of at least one rule. The method includes operations for receiving (B610) a message (M610) issued by the terminal (110) and representative of the capabilities of the terminal (110); selecting or not selecting (B615) the set used by the process as a function of the capabilities of the terminal (110); and if the set is selected, administering at least one life cycle of at least one of the profiles by using the set of at least one command and/or of at least one rule.

Abstract: Method of managing profiles in a secure element, the secure element including a first profile associated with a first communication network and a second profile associated with a second communication network, the first profile being active. The method includes steps of deactivation of the first profile and activation of the second profile. The steps of deactivation and of activation are implemented following the detection of a failure during a local verification pertaining to the first profile for the use of this the first profile. A local verification may be a verification in the secure element of the authorization of access of a user to the first profile, for example three failures of PIN or PUK code or of biometric authentication data.

Abstract: An example of an emergency call system includes a device for triggering an emergency call and a communications device having a secure element. In various implementations, the secure element includes at least two profiles, one of which is an emergency profile; and a receiver that receives, over a local communications channel, an event issued by the device for triggering an emergency call. The communications device may also include means for activating the emergency profile, which enables emergency calls to be made in a communications network if the emergency profile is not already active. The communications device may also include means for calling an emergency number in the communications network in order to make the emergency call.