Abstract: The invention is a method for managing profiles in a secure element that has several profiles comprising files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Abstract: The invention proposes a method for downloading files from an OTA platform over-the-air to secure elements cooperating with terminals, these files comprising roaming information allowing the secure elements to connect to networks different from their Home Public Land Mobile Networks. The method includes, for each secure element: Polling the OTA platform by the secure element; Checking if a new release of at least one file for which the owner of the secure element has contracted a subscription is available; and, If this check is positive, sending only the new release to the secure element and storing this new release in the secure element.

Abstract: The invention proposes an authentication server of a cellular telecommunication network, the authentication server being arranged for generating an authentication token to be transmitted to a telecommunication terminal, the authentication token comprising a message authentication code and a sequence number, wherein the message authentication code is equal to: MACx=KIdx XOR f1(AMF,SQNx,RAND,K) with KIdx being a key index information in the form of a bias of a MAC equal to: MAC=f1(K,AMF,SQNx,RAND) with f1 being a function, K a key, RAND a random number and SQNx a sequence counter relative to a corresponding key Kx derived from the key K and KIdx, and AMF the content of an authentication management field as defined in 3GPP TS 33.102.

Abstract: The invention relates to a method for managing data access. The method includes receiving at least one request for accessing data; capturing data relating to at least one current context signal during each data access request; comparing, as a current authorization step, the data relating to at least one captured current context signal to predetermined reference data relating to at least one corresponding context signal according to at least one corresponding predetermined authorization policy; determining, based upon the current authorization result and at least one predetermined dynamic data access policy, whether the data access is or is not authorized, as a data access decision; and issuing the data access decision. The invention also relates to corresponding first device, second device and system.

Abstract: The present invention relates to a method for transmitting system information from a base station to a user equipment, the user equipment being a limited-bandwidth device, camping on the base station, wherein the system information is divided in a plurality of system information blocks, which are at least once transmitted during one broadcast channel modification period, wherein the minimum broadcast channel modification period for limited-bandwidth devices lasts at least 10.24 seconds.

Abstract: A method of loading a Java Card memory with a Java Card package through a Card Personalization Specification (CPS) flow. The method proposes to encapsulate the Java Card package destined to be loaded into the Java Card memory in an extra proprietary Data Grouping Identifier (DGI) added at the beginning of a standard DGI sequence. By adding the extra DGI containing a Java Card package at the beginning of the DGI sequence, the Java Card application writes the Java Card package into the Java Card memory. The Java Card package then receives the rest of the DGIs from the application and handles the personalization process by writing itself the personalized data into the memory.

Abstract: A wireless terminal for operating in a cellular network includes a transceiver, at least one processor and a memory. The transceiver is configured to receive system information respectively transmitted by base stations comprising area system information transmitted by one of the base stations. The area system information is common for a local area covered by said base station and at least one other base station. The processor is configured to store received area system information in the memory. The processor is configured to process a later transmitted area system information only in case of detection of: an area identifier transmitted with the system information indicating a change of area, or a system value change field transmitted with the system information indicating a change of values of area system information values, or an overrun field transmitted with the system information indicating an overrun of the system value change field.

Abstract: A server accesses a user identifier associated with a first user device and a reference image, as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image, the server authenticates the user.

Abstract: A method for producing an authenticity information item of a security element, which serves for checking the correct combination of carrier parts. The security element comprises at least one first partial element having a first partial information item and a second partial element having a second partial information item. The two partial elements are movable into a check position, in which the two partial elements overlay one another. The information items in the check position represent the information item. In an alignment step, the two partial elements are provided with at least one processing means, with which waves the first partial information item and the second partial information item are produced. One of the two partial elements is processed with the waves directly, and the other of the two partial elements is processed through the one partial element.

Abstract: The invention is a method for managing applications in a secure element comprising a communication interface. An application is installed in the secure element and configured to be implicitly selected on the communication interface. The method comprises the following steps: —the secure element receives a command requesting the installation of a new application configured to be implicitly selected on the communication interface, —upon receipt of the command, the secure element installs the new application, configures the new application to be implicitly selected on the communication interface and keeps the previous application unchanged.

Abstract: A cellular network comprises a plurality of base nodes, including an active base node, to which the wireless device is currently associated. The wireless device transmits data according to a periodicity related transmission mode to the active base node. The method comprises providing information from wireless device to the active base node relating to periodicity of said data transmission, responding at the active base node comprising an indication of assigned resources for multiple transmissions, setting a timer at the active base node relating to said periodicity, upon expiration of the timer, reserving resources at the active base node for reception of the data transmission, transmitting data from the wireless device according to the periodicity, receiving transmitted data at active base node, conducting an acknowledging procedure at the active base node in response to said data reception.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ks)Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)K) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.

Abstract: The present invention relates to a method for operating a wireless device in a cellular network, the wireless device operating with a base node of the cellular network, the method comprises upon noticing a barring indication received from the base node at the wireless device the step of suppressing access to the base node under the conditions: the wireless device is operating in an intensive use mode and the wireless device is operating in a non-privileged service.

Abstract: The invention relates in particular to a method for updating security elements cooperating with telecommunications terminals, the updates being performed by an OTA platform on the basis of queries formulated by the security elements, the security elements transmitting PSK-IDs to the OTA platform, the method comprising transmitting, from the security elements to the OTA platform, identities defining an order of priority of requests for handling the queries of same by the OTA platform.

Abstract: A method for provisioning an applet in a security element with credentials of a terminal application provided by an application server comprises: Sending a request to provision the applet with credentials from the terminal application to the applet; Sending an SMS message containing an identifier of the applet from the applet to an OTA platform; Adding the MSISDN of the security element by an SMSC located in front of the OTA platform in the header of the SMS; Requesting the credentials from the OTA platform to the application server; Sending from the application server to the OTA platform the credentials to be associated with the MSISDN; Sending from the OTA platform to the applet the credentials associated with the MSISDN; and Sending from the applet to the terminal application a message that it has been provisioned with credentials of the terminal application.

Abstract: The present invention relates to a method to authenticate two devices to establish a secure channel, one belonging to a first group of devices, the second belonging to a second group of devices, in a non-traceable manner without the need to share a secret, each group being authenticated by an authority that stores a group secret key into the devices under its authority. The method uses a set of authentication tokens, one for each of the other groups with which the device is intended to communicate, said authentication token comprising at least a random number and a cipher of at least this random number by the secret key of each of these other groups, said authentication tokens being further renewed at each communication with a device from another group.

Abstract: The present invention relates to a method for transmitting system information from a base station to a user equipment, the user equipment being a limited-bandwidth device, camping on the base station, wherein the system information is divided in a plurality of system information blocks, and the system information further has associated a validity period, the validity period indicating how long the transmitted system information stays valid, while no change of system information occurs, wherein the validity period for system information relating to limited-bandwidth devices is longer than for system information relating to non-limited-bandwidth devices.

Abstract: The present invention relates to a mobile communication device for communicating with a cellular network by means of a serving base node, the mobile communication device further being connected to a subscriber identity module, the mobile communication device being configured to operate in a power optimization mode wherein the power optimization mode comprises extended paging periods, and the mobile communication device is further configured to set up a communication context with the base node using authentication means of the subscriber identity module, wherein the mobile communication device is further configured, in case of detection of a removal of the subscriber identity module and when the power optimization mode is activated: to send an removal alert message to the serving base node by means of said communication context, afterwards to terminate the communication context.

Abstract: The present invention relates to a device having a central processing unit, RAM memory and at least two hardware elementary operations, using registers of greater size than the one of the central processing unit, said device being such that construction of at least one part of RAM memory is managed only by the hardware elementary operations, hardware elementary operations themselves and masking of inputs/outputs/intermediary data are monitored by software instructions, said software instructions being able to address different cryptographic functionalities using said hardware elementary operations according to several ways depending on each concerned functionality, said software instructions being further able to address several levels of security in the execution of the different functionalities.

Abstract: A method for downloading subscription information to an identification unit connected to a wireless communication device operating within a cellular network having at least one packet gateway node. A remote provisioning server is connected to the packet gateway node. The wireless communication device comprises basic packet based communication protocol means, and operates in a mode with limited access to the remote provisioning server within the cellular network. The identification unit comprises a controller having advanced packet based communication protocol means by using said basic packet based communication protocol means provided by the wireless communication device.