Abstract: In a method for adapting a firmware configured to control a wireless communication device, a first firmware is stored in a first storage area, and at least one delta encoding package is stored in at least one second storage area. A rule manager is configured to provide identification information indicating at least one delta encoding package. Bootstrap software is configured to, upon startup, retrieve the first firmware from the first storage area, retrieve from the rule manager identification information indicating at least one delta encoding package retrieve the indicated at least one delta encoding package from the second storage area, combine said first firmware and the at least one delta encoding package to a second firmware by way of a differential upgrade, and start the second firmware.

Abstract: A remote server is connected to at least one energy box, each energy box being connected to at least one energy consuming device, and each energy box being connected to a metering device. The remote server sends to the energy box a transaction demand. The energy box sends to at least one energy consuming device an energy consumption reduction request. The metering device measures energy consumption of the energy consuming device. The metering device sends to the energy box the measured energy consumption. The energy box verifies whether the demanded transaction has been carried out based upon at least one test, the test depending on at least one measured energy consumption. If the demanded transaction has been carried out, the energy box sends to a remote server a transaction response.

Abstract: A system, method and computer-readable storage medium for decrypting a code c using a modified Extended Euclidean Algorithm (EEA) having an iteration loop independent of the Hamming weight of inputs to the EEA and performing a fixed number of operations regardless of the inputs to the EEA thereby protecting a cryptographic device performing the decryption from side-channel attacks.

Abstract: A method for interaction of a wireless communication device with an identification unit, the wireless communication device being connected with said identification unit, the wireless communication device further operating within a cellular network by means of said identification unit, said identification unit being configured to carry information representing a subscription for operating a wireless communication device in the cellular network, the wireless communication device and the identification unit being adapted to provide each a set of capabilities of operation within the cellular network, includes the steps of: determining a first set of information representing the capabilities of the wireless communication device, determining a second set of information representing the capabilities of the identification unit, analysing the first and the second set of information for differences, carrying out measures for handling of differences, in case differences have been detected at the analysing step.

Abstract: The present invention relates to a method to access a data store previously locked using a passphrase from a device. The method includes the following steps, when the user requests access to the data store: requesting the user to enter the personal code; generating an access code by applying a first function to at least the entered personal code; sending out, to the server, at least an identifier of the device and the access code; for the server, comparing the access code with the preliminary received first function; for the server, if the access code is correct, returning the passphrase to the device; and for the device, unlocking the data store using the received passphrase in combination with the entered personal code.

Abstract: The invention is a system comprising a host device and a secure element including a plurality of virtual profiles and an execution component configured to run simultaneously several of said virtual profiles. The system comprises a discovery agent configured to provide a subset of the plurality of virtual profiles, configuration data for each virtual profile of said subset and capability data reflecting the maximum of logical channels handled by the host device. The system comprises an allocating agent configured to cooperate with the discovery agent to allocate a range of logical channels to each virtual profile of the subset based on the capability data and to determine in each of the ranges a main logical channel which remains permanently available when the virtual profile to which the range is allocated has been booted.

Abstract: The invention proposes a method consisting in: opening, at the request of the UICC, a data channel between the terminal and the server; performing a mutual authentication between the UICC and the server by using the bootstrap credentials; requesting, from the UICC to the server, the delivery of a subscription profile by using the unique serial number; if a subscription profile exists for the UICC, downloading the subscription profile to the UICC.

Abstract: A system, method and computer-readable storage medium with instructions for protecting an electronic device against fault attack. The technology includes operating the electronic device to determine two half-size exponents, dp and dq, from the exponent d; to split the base m into two sub-bases mp and mq determined from the base m; and to iteratively compute a decryption result S by repeatedly multiplying an accumulator A by m, mp, mq or 1 depending on the values of the i-th bit of dp and dq for each iteration I?. Other systems and methods are disclosed.

Abstract: The invention relates to a virtual machine. The virtual machine is set to recognize, in addition to a set of conventional bytecodes, at least one secure bytecode functionally equivalent to one of the conventional bytecodes. It is set to process secure bytecodes with increased security, while it is set to process conventional bytecodes with increased speed. The invention also relates to a computing device comprising such a virtual machine, to a procedure for generating bytecode executable by such a virtual machine, and to an applet development tool comprising such procedure.

Abstract: In a method for downloading subscription information to an identification unit connected to a wireless communication device operating within a cellular network, which includes at least one packet gateway node and a remote provisioning server being connected to it, the wireless communication device operates in a mode with limited access to the remote provisioning server.

Abstract: A system, method and computer-readable storage medium with instructions for operating a processor of an electronic device to protect against unauthorized manipulation of the code pointer by maintaining and updating a code pointer complement against which the code pointer may be verified. Other systems and methods are disclosed.

Abstract: The invention is a method for managing a response from an application embedded in a secure token acting as an UICC, in response to a command requesting opening a proactive session. The command is sent by an applicative server to the secure token via an OTA server providing a security layer. The method comprises the steps of sending another command from the applicative server to the secure token using the security layer provided by the OTA server, and in response to this second command, the secure token send the response of the first command to the applicative server using the security layer provided by the OTA server.

Abstract: A mechanism for using a mobile device connected to a security device to authenticate a user to a service provider using a security device operating according to an applet without storing keys or user interface text on the security device or the mobile device. Registration and authentication messages to the mobile device are routed to a security device. These messages include a nonce. The security device encrypts responses from the user using the nonce and transmits an encrypted response message including the encrypted response to the authentication server, wherein the nonce is unique for each communication between the authentication server and the security device. Other systems and methods are disclosed.

Abstract: The present invention discloses a communication method for machine-type-communication (MTC) between a MTC server and MTC equipments, which comprises: the MTC server broadcasts a target content related to an application, receives availability information related to the target content from candidate MTC equipments which satisfy the target content, selects any one or more MTC equipments from the candidate MTC equipments based on the availability information, establishes a session connection with each of the selected MTC equipments, and receives content uploaded by the selected MTC equipments. The invention furthermore discloses a communication method for MTC between the MTC equipments and the MTC server, and discloses the corresponding MTC server and the MTC equipment.

Abstract: A method, corresponding client, server and system for communicating between a server and a client. The server and the client access at least one session extension key and/or a key associated with the session extension key, as an associated key. The server authorizes to extend an open communication session with the client until an expiration time only if the client sends to the server authentication data allowing the server to authenticate at least the client on a basis of the session extension key. The expiration time is a time at which the communication session is open completed by a predetermined extension time period.

Abstract: A mobile terminal includes a detector configured to detect presence of a first possible connection to a mobile network and a second possible connection to the mobile network, the first possible connection being a connection of a first technology and the second possible connection being a connection of a second technology. A selector identifies which of the first possible connection and the second possible connection causes less energy consumption in the mobile terminal in its low-power mode of operation, and a controller connects the mobile terminal to the mobile network through the identified possible connection. The disclosure is also directed to a corresponding operating method, a corresponding computer program, and a network entity for supporting a mobile terminal in performing a power consumption sensitive cell reselection.

Abstract: The invention is a method for managing profiles in a secure element that has several profiles comprising files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Abstract: In one embodiment, the method includes encrypting, at a device, data with a first key, and forming a message that includes a device identifier and the encrypted data. The device identifier identifies the device. A signaling message is formed that includes a class identifier, the message and an action code. The class identifier identifies a group of devices to which one or more devices belong. The action code indicates the type of data, and may be part of the message. The signaling message is sent to a network, for example, a wireless network. The wireless network identifies and routes the message portion of the signaling message based on the class identifier. And, using the class identifier and perhaps a device identifier, the wireless network may signal the device to change an operating parameter.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)k) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.

Abstract: The invention relates to a vehicle (1) comprising: a multiplexed communication bus (2); an engine control unit (4) connected to the communication bus (2); a secure element (6) hosted in the vehicle and configured to communicate through the communication bus, the secure element securely storing (64) security data related to the vehicle.