Abstract: An easily manufacturable multilayer security element has an opaque functional layer that is arranged between two build-up layers of transmissive material. The opaque functional layer has at least one cutout. The layers are connected by lamination to form an areal body with planar surfaces. The cutout is filled up with transmissive material of the build-up layers. One build-up layer supports a feature carrier layer. A security feature, which is arranged at least partially below the cutout, is formed in the feature carrier layer and/or between the functional layer and the feature carrier layer. The cutout forms an inner window through which the security feature is recognizable.

Abstract: There is provided a method for creating an authentication entity derived from an original data carrier, wherein the original data carrier has a key pair that is individual to the original data carrier and comprises a public key and a secret key of the original data carrier, and a certificate for the public key of the original data carrier. The method comprises the following steps: deriving a secret key for the derived authentication entity from the secret key of the original data carrier by the original data carrier; forming derivation data for the derived authentication entity; transferring authentication data to the derived authentication entity, wherein the authentication data have the derivation data, the certificate of the public key of the original data carrier as well as a derived key pair which comprises the derived secret key and the public key of the original data carrier.

Abstract: A method for protecting an operation sequence executed by a portable data carrier from spying out, wherein the data carrier has at least a processor core, a main memory and a cache memory with a plurality of cache lines. The processor core is able to access, upon executing the operation sequence, at least two data values, with the data values occupying at least one cache line in the cache memory and being respectively divided into several portions so that the occurrence of a cache miss or a cache hit is independent of which data value is accessed. A computer program product and a device have corresponding features. The invention serves to thwart attacks based on an evaluation of the cache accesses during the execution of the operation sequence.

Abstract: The invention creates a mobile station comprising a mobile end device (ME) with a secured runtime environment (TEE) and a removable or firmly implemented security element (SE), with an end device send server (TEE-TSM) arranged in the security element (SE), which is arranged to send to the secured runtime environment (TEE) end device messages which can be received by the secured runtime environment (TEE). The end device messages are sent by a trusted service manager (SE-TSM), which is provided for the security element (SE), to the security element (SE), thereby higher efficiency being guaranteed at maintained security.

Abstract: The invention relates to a card-shaped data carrier (1) comprising a card body (2) provided with a graphical element (6) displayed thereon. The card body (2) is made of a plastic material for converting irradiated light into secondary light and for retransmitting the secondary light within the plastic material to the graphical element (6) or to a portion of the graphical element (6). The inventive card-shaped data carrier (1) is characterized in that the card body (2) is provided with a light source (18) for irradiating light into a shaped body (12) formed by the plastic material.

Abstract: A method for configuring an application for an end device having a predefined end-device configuration with a predefined security level. A query about the predefined end-device configuration is directed by means of the application to a central place in which a multiplicity of security levels of end-device configurations have respective application configurations associated therewith. In response to the query, the central place ascertains the predefined security level of the predefined end-device configuration from the multiplicity of security levels, and outputs it to the application together with the associated application configuration. In dependence on the output security level, one or several functions of the application are configured by means of the application on the basis of the output application configuration for the end device.

Abstract: A method of providing a secure element of a mobile terminal with a subscription profile in which the mobile terminal is configured to communicate with a cellular communications network and the subscription profile comprises a network specific portion related to the cellular communications network or a different cellular communications network as well as a hardware specific portion related to the hardware of the mobile terminal and/or the secure element. The method comprises the steps of: assembling the subscription profile, wherein the network specific portion of the subscription profile is provided by a first server and the hardware specific portion of the subscription profile is provided by a second server; and providing the subscription profile over-the-air to the secure element. A corresponding secure element, mobile terminal and subscription management backend system involves features of the method.

Abstract: A method for providing a secure element having a processor and a memory of a mobile terminal with a target subscription profile for communicating via a target mobile network comprises the steps of: providing as a first part of the target subscription profile a subscription management interface to the secure element; implementing the subscription management interface on the secure element; and providing as a second part of the target subscription profile subscription data in a format defined by the operator of the target mobile network to the secure element, wherein the subscription management interface allows the secure element to process the subscription data and to implement the target subscription profile thereon for allowing access to the target mobile network. A corresponding secure element, mobile terminal and subscription management backend system includes features associated with the method.

Abstract: The invention relates to a security feature having a luminescent component and a component camouflaging the luminescent component. The invention starts out from a security feature having a luminescent component having at least one luminophore consisting of a doped host lattice, and a component camouflaging the luminescent component, in which the camouflaging component has at least two substances, the first substance of the camouflaging component having an X-ray diffractogram which hides the X-ray diffractogram of the luminescent component, and the second substance of the camouflaging component having at least one cationic element of the luminescent component and at least one cationic element of the first substance of the camouflaging component, with the luminescent component and the first substance of the camouflaging component being formed of different cationic elements.

Abstract: A subscriber identity module for authenticating a subscriber on a communication network includes: a first set of subscriber identity data for authenticating the subscriber; a second set of subscriber identity data for authenticating the subscriber, with the first set of subscriber identity data differing from the second set of subscriber identity data; and a means for managing the first and second sets of subscriber identity data, with the managing being realized by management functions. The subscriber identity module can be extended to a method for managing the subscriber identity module, to a use of the subscriber identity module in a mobile end device, and to a system comprising subscriber end devices and a remote entity.

Abstract: A method for incorporating subscriber identity data into a subscriber identity module involves the subscriber identity module being incorporated in ready-to-operate condition in an end device. The subscriber identity module is arranged to manage a plurality of subscriber identity data and to receive subscriber identity data, and the subscriber identity data is stored in a file system. The method includes receiving a load command from a subscriber identity data management in the subscriber identity module; preparing the file system in the memory area of the subscriber identity module for storing subscriber identity data; receiving subscriber identity data in the subscriber identity module; storing the subscriber identity data in the prepared file system; and checking the data integrity of the received subscriber identity data by the subscriber identity module.

Abstract: The invention relates to a security element of at least one thin layer element in form of a multi-layer composition, capable of interference. The multi-layer composition, capable of interference, consists of at least one reflecting layer, at least one partially transmitting layer and at least one dielectric layer arranged between these layers. According to the invention the security element comprises in a first region a multitude of gaps in the reflecting layer and in a second region at least one gap or a multitude of gaps in the partially transmitting layer. Herein the second region is arranged at least partially within the first region and the total area of the second region, which is at least partially arranged within the first region, is smaller than the total area of the first region. Therefore the security element displays, when viewed from the partially transmitting layer, a different appearance in top view than in transmission view.

Abstract: The invention relates to a security feature with a luminescent pigment which has a host lattice doped with a luminophore and which is optically excitable to emit luminescent light. The luminescent light of the luminescent pigment has a luminescence spectrum with a first luminescence peak and a second luminescence peak whose peak intensities respectively depend on an amount fraction x of the luminophore in the luminescent pigment. In the luminescent pigment according to the invention, the host lattice and the luminophore and the amount fraction x of the luminophore are chosen such that even a slight increase or reduction of the amount fraction x of the luminophore causes a strong relative change of the peak intensities IA and IB. This increases the forgery-proofness of the luminescent pigment according to the invention.

Abstract: The present invention relates to a security element for security papers, value documents and the like, having a micro-optical moiré magnification arrangement having a first motif image that consists of a planar periodic or at least locally periodic arrangement of a plurality of first micromotif elements (38) that produce a hidden piece of image information, and a planar periodic or at least locally periodic arrangement of a plurality of microfocusing elements (34) for the moiré-magnified viewing of the first micromotif elements of the motif image, the first micromotif elements (38) being formed from nematic liquid crystal material and forming a phase-shifting layer for light from a specified wavelength range, and the magnified moiré image being perceptible substantially only upon viewing the security element through a polarizer.

Abstract: A method for operating a communication system comprises a transponder having at least one antenna, in particular in the form of a portable data carrier, and a reading device having at least one antenna. The reading device is configured to exchange data with the transponder. An exchange of data between the transponder and the reading device is possible within a predetermined range. A measurement and evaluation is effected of the time of a command transmitted from the reading device to the transponder and the receipt of a corresponding response of the transponder by the reading device. In so doing, a processing is effected of a card-individual length of time T_icc, wherein the card-individual length of time T_icc specifies how long the transponder takes for the receipt and the processing of a command received from the reading device and the sending of a corresponding response.

Abstract: Described is a method for providing measurement data for value documents to a specified purpose of use employing a value-document processing device which has a transport device for transporting the value documents, and a sensor device for capturing at least one property of value documents transported in the value-document processing apparatus by means of the transport device and forming measurement data describing the captured property, in which value documents are transported to the sensor device by means of the transport device and measurement data for these are respectively captured by means of the sensor device, it is tested whether the measurement data for the value documents meet a suitability criterion specified for the purpose of use, and measurement data for respectively one of the value documents either are permanently stored or discarded in dependence on the result of the testing.

Abstract: In a method for updating or installing a data storage medium application which can be executed on a secure data storage medium, the data storage medium is used in a telecommunications terminal. Updating data for the data storage medium application are first integrated into a terminal application certificate of a terminal application to be installed on the telecommunications terminal. Next the terminal application is installed in the telecommunications terminal and the data storage medium application in the data storage medium is configured according to the updating data. The terminal application certificate functions as a data container for the transparent updating data to be forwarded to the data storage medium. The updating data may relate to access rights of the terminal application to a data storage medium application already installed in the data storage medium or to a data storage medium application to be newly installed in the data storage medium.

Abstract: The present invention relates to a security element composed of at least one light-transmitting substrate on which a substantially opaque, screened layer composed of grid elements is located. According to the present invention, within the substantially opaque, screened layer composed of grid elements, at least one thin, solid, substantially opaque line is arranged that exhibits the form of at least one alphanumeric character, a graphic or a pattern. Such lines have line widths of at least 0.1 mm to 5 mm, preferably of 0.2 mm to 0.7 mm, particularly preferably of about 0.5 mm. Instead of lines, also extensive regions without any gap may be used, such that the alphanumeric character, pattern or graphic formed is perceptible only in transmitted light, but not in reflected light. The security element thus displays, at least when viewed from the side of the substantially opaque, screened layer, in top view, a different appearance than when looked through.

Abstract: The invention relates to a data carrier having a semiconductor chip. In order to prevent an attacker from determining secret data of the chip from intercepted signal patterns of the chip, security-relevant operations are performed only with commands or command strings of the operating program whose use does not permit the processed data to be inferred from the signal patterns.

Abstract: A method for checking the soiling of the windows of a measuring apparatus for checking sheet material, includes having at least two sensor rows oriented transversally to the transport direction of the sheet material. Each of the sensor rows detects the light emanating from the sheet material in a certain spectral channel. For checking the soiling of the window the sensor rows detect the light at several detection times at which no sheet material is present in the capture area of the sensor rows. At least two of the spectral channels are combined with each other and the temporal variation of the intensities of the combined spectral channel is evaluated for the purpose of the soiling check. A small temporal variation of the intensity of the combined spectral channel is employed as an indicator for the presence of a soiling of the window.