Abstract: A method for operating an external secure unit comprises at least a memory for storing data, a processor for processing the data, at least one interface for receiving data from a communication device or sending them thereto, wherein the communication device comprises at least a memory for storing at least one application program, a processor for processing and executing the application program, at least a first interface for sending data to the external secure unit or receiving them therefrom, at least a second interface for sending data to a transmission network or receiving them therefrom, wherein the method is wherein security-relevant data necessary for executing the application program in the communication device are stored in the external secure unit, and the communication device requests the security-relevant data from the external secure unit for executing the application program.

Abstract: A method for managing a profile for a subscription in a subscriber identity module comprises the steps of (a) sending a management message from a server to the subscriber identity module; (c) carrying out a management measure corresponding to the management message in the subscriber identity module; wherein the following step b) which is effected before step c): (b) requesting and receiving a user input at the subscriber identity module; and carrying out step (c) only on the occasion of a successful carrying out of step (b).

Abstract: A method to protect computational, in particular cryptographic, devices having multi-core processors from DPA and DFA attacks is disclosed herein. The method implies: Defining a library of execution units functionally grouped into business function related units, security function related units and scheduler function related units; Designating at random one among the plurality of processing cores on the computational device to as a master core for execution of the scheduler function related execution units; and Causing, under control of the scheduler, execution of the library of execution units, so as to result in a randomized execution flow capable of resisting security threats initiated on the computational device.

Abstract: The invention relates to a method for producing portable data carriers (10, 11), wherein first there are provided a module carrier band (20), on which are arranged chip modules (26) with contact surfaces (21) arranged on one side of the module carrier band (20), and at least one substrate foil (31, 32, 33), respectively as rolled goods. The module carrier band (20) and the at least one substrate foil (31, 32, 33) are unrolled from the respective roll (51, 52, 53) and continuously brought together. Then, the module carrier band (20) is permanently connected with the at least one substrate foil (31, 32, 33) in such a way that the contact surfaces (21) of the chip modules (26) point outward. From the composite (40) there can be detached in particular portable data carriers in the format ID-000 (10) or mini-UICC (11).

Abstract: A method for individualizing a portable data carrier, in particular a chip card includes an end device that supplies data for configuring and/or updating one or more functions of the portable data carrier. The data are transmitted by the end device to the portable data carrier via a communication connection between the end device and the portable data carrier. A configurating and/or updating of the function or functions of the portable data carrier is effectuated by means of the data transmitted to the portable data carrier.

Abstract: A method is provided for managing a plurality of subscriptions on a security element of a mobile end device for logging into a respective mobile radio network, and such a security element. The security element has a plurality of memory locations for storing the plurality of subscriptions, wherein the plurality of subscriptions comprises a primary subscription and at least one secondary subscription. In the primary subscription there is deposited a set of rules which determines whether the at least one secondary subscription on the security element can be used.

Abstract: In order to support the access of a terminal to a mobile communication network, a network subscriber identifier and a plurality of authentication data sets relating to this network user identifier are transferred to the terminal by an access support server. The plurality of authentication data sets are generated previously by a server of the mobile communication network, after the access support server has transmitted the network subscriber identifier to the server. In order to check an authentication information item of the terminal upon logging into the mobile communication network, an authentication server of the mobile communication network transmits an authentication data set from the plurality of authentication data sets, for example via the server.

Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.

Abstract: A PKI key pair comprising a private key and a public key is arranged for the end device. The public key is stored at the communication partner. The communication partner is arranged to provide a session key, encrypt data using the session key, encrypt the session key using the public key and convey the encrypted data to the end device. The communication system is further characterized in that it comprises a server system, remote from the mobile end device, in which the private key is stored in a secure environment. For this, the communication partner is furthermore arranged to transmit the encrypted session key to the server system. Moreover, the server system is arranged to decrypt the session key for the end device with the private key and to transmit it in decrypted form to the end device for decrypting the data.

Abstract: A method is for limiting a voltage in the reverse direction of a light emitting diode is disposed on a secure element. The light emitting diode is electrically connected in parallel to a coil and to operating voltage connectors of an integrated circuit. The coil serves for supplying energy to the integrated circuit and to the light emitting diode because an electrical voltage is induced in the coil with an electromagnetic field produced by an external terminal, and for the contactless data transmission between the integrated circuit and the external terminal. The integrated circuit serves for processing data transmitted between the terminal and the integrated circuit. A shunt regulator regulates the operating voltage required for the operation of the integrated circuit to a value within an allowable range and limits the operating voltage, so a maximally permissible voltage in the reverse direction of the light emitting diode is not exceeded.

Abstract: A method of performing a switch from a first mobile network to a second mobile network by a mobile terminal comprising a secure element comprises the steps of: (a) requesting attachment to the first mobile network using a first identification data element, preferably a first IMSI, of a first subscription profile; (b) requesting attachment to the second mobile network using a second identification data element, preferably a second IMSI, of a second subscription profile; and (c) requesting attachment to the first mobile network. The second mobile network or another mobile network uses a confirmation data element, wherein the confirmation data element has the same format as the first and the second identification data element and is configured such that the attachment request is forwarded to a subscription management server in order to inform the subscription management server whether the attachment to the second mobile network was successful.

Abstract: A method for producing a portable data carrier by means of a continuous production method, in particular a roll-to-roll method, includes the step of processing at least one foil in the form of roll goods. The unrolled foil is coated with an adhesive at least partially on at least one side. Subsequently, the foil is scored along at least one fold edge on at least one side of the foil. The foil is then folded along the scored fold edge in exact register and bonded. For this purpose the foil is folded in the direction of the side that is coated with adhesive, wherein the side coated with adhesive is arranged on the opposite side of the foil which has at least one scored fold edge, along which the folding is effected. Finally, data carriers are punched out in exact register from the at least one folded and bonded foil.

Abstract: This disclosure includes a method for manufacturing a portable data carrier, an inlay for a data carrier, and a data carrier. A data carrier body has a gap for a chip and a chip is incorporated into the gap. In a subsequent step a cover layer is laid on the data carrier body, and the data carrier body and the cover layer are laminated. After the incorporation of the chip and before the lamination, a stabilizing agent is applied into the gap of the core layer, which remains soft or flexible during the lamination and cures or is activated (e.g. by means of UV radiation) only after the lamination, in order for mechanical tensions to be avoided.

Abstract: A method is provided for executing a code sequence on a security module. The code sequence comprises codes to be replaced and codes to be interpreted. A temporary replacement takes place of a respective code to be replaced by a partial code sequence that comprises at least one code having an interpretable code value. The replacement taking place is dependent on the code value of the code to be replaced. An interpretation of the codes to be interpreted in the code sequence and in the partial code sequence takes place with the aid of interpretation information for code values. During the replacement step, the partial code sequence for the code value of the code to be replaced is additionally produced in dependence on a piece of selection information.

Abstract: A method for setting up a subscriber identity module for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server includes generating one or several exchange keys from keys of the provisioning server and of the subscriber identity module on a production server and are transmitted into the subscriber identity module and stored, so that the subscriber identity module is put particularly into a state as though it had generated the exchange keys itself. In a method for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server, the subscriber identity module sends its public key to the provisioning server, which subsequently generates the exchange keys.

Abstract: A method for manufacturing a portable data carrier by means of a continuous manufacturing method, comprises the steps: providing at least one foil as a rolled good, unrolling at least one first foil, with at least a first foil being coated at least partly with an adhesive on at least one side, with at least the first foil being scored on at least one side along at least one creasing edge, with at least the first foil being folded up in precise fit along at least one creasing edge and bonded, with the foil being folded up in the direction of the side which is coated with adhesive, with the side coated with adhesive being arranged on the opposite side of the foil which has at least one scored creasing edge along which it is folded.

Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon, which algorithm is adapted to produce an output text from an input text employing a secret key K. The implementation of the algorithm comprises a key-dependent computing step S which comprises a key combination of input values x derived directly or indirectly from the input text with key values SubK derived directly or indirectly from the key; the key-dependent computing step S is represented by a table which is masked with input masking and/or output masking to form a masked table TabSSubK; and a new masked table TabSKneu is generated in the processor device.

Abstract: A method is provided for operating a security module of a mobile terminal, and a security module. The security module is developed to communicate over one of a plurality of mobile communication networks. The security module comprises different system configurations for different mobile communication networks of the plurality of mobile communication networks. The security module receives subscription data for logging into one mobile communication network of the plurality of mobile communication networks, analyzes the subscription data, and identifies the mobile communication network out of the plurality of mobile communication networks. Subsequently, the security module selects a system configuration in accordance with the mobile communication network, identified in the preceding step, of the plurality of mobile communication networks. The security module is operated with the selected system configuration in the identified mobile communication network.

Abstract: A method for loading a profile for a mobile radio subscription from a data preparation server into a subscriber identity module, comprises the steps: (a) providing a profile at the data preparation server; (b) generating a single executable program code module of the profile provided according to (a), which program code module is arranged such that by executing the executable program code module the profile is installed in the subscriber identity module; (c?) loading the single executable program code module into the subscriber identity module. A method for installing a profile in the subscriber identity module, comprises the steps: (d) sending an APDU command from the data preparation server to the subscriber identity module; (e) in reaction to a reception of the APDU command at the subscriber identity module, executing the executable program code module and by executing installing the profile in the subscriber identity module.

Abstract: A loading package is adapted for loading a profile for a subscription into a subscriber identity module. A loading sequence through the implementation of which in the subscriber identity module the profile is set up in the subscriber identity module. A profile loading counter sequence is generated on the basis of a counter reading of a profile loading counter maintained at a data preparation server; is adapted to load into the subscriber identity module a profile loading counter with the generated counter reading; and is loaded into the subscriber identity module before the loading sequence. The profile loading counter sequence is further adapted if no implemented profile loading counter is present in the subscriber identity module, to implement the profile-loading counter in the subscriber identity module with a counter reading which determines an admissible number of times which the loading package may be loaded into the subscriber identity module.