Abstract: Techniques are described herein for applying access controls to logical secure elements (LSEs) running on the same secure element hardware platform. Embodiments include a firmware component that determines whether a message targeting an LSE is authorized to trigger an operation. For example, the firmware component may verify a signature of the received message using a public key, shared secret, or other access control key. Additionally or alternatively, access control policies may be defined to constrain the load of the LSEs on the SE platform hardware and/or to prioritize LSE access. For example, the access control policies may define usage thresholds, such as maximum threshold memory and/or processor utilization rates. As another example, the access controls may restrict the active time for an LSE to a threshold duration. If access constraints are violated or the message cannot be verified, then the firmware component may delay or deny the operation.

Abstract: Techniques are described herein for running multiple logical secure elements (LSEs) on the same physical secure element (SE) hardware. For example, embodiments may include running multiple logical Subscriber Identification Modules (SIM) cards on the same physical SIM card or universal integrated circuit card (UICC). Additionally or alternatively, embodiments may include running other secure element applications and services on the same SE hardware. The techniques allow for mobile devices users to access multiple security services, which may originate from different security service providers (SSPs), in a secure manner using the same SE hardware without requiring the integration of multiple physical slots on a mobile device or the physical exchange of different cards within the same slot.