Abstract: A secure element of a mobile device receives a first authentication token, which may have an encrypted portion and a non-encrypted portion, from a network gateway device to which the mobile device is connected. The secure element determines whether the first authentication token is valid based on a sequence number included in the first authentication token. If the secure element determines that the first authentication token is valid, the secure element generates a second authentication token that indicates a result of an authentication operation performed by the secure element. The second authentication token is sent to the network gateway device. The secure element derives a pre-shared key using a key derivation function, where the pre-shared key is usable to establish a secure communication channel with the network gateway device.

Abstract: A secure element device for use in a connected device includes a first interface configured to enable communication with a communication module and a second interface configured to enable communication with an action module of the connected device. A processor coupled to the first interface and the second interface, executes a first set of computer-readable instructions, stored in a memory of the secure element device, to authenticate, via the first interface, the connected device on the communication network. The processor also executes a second set of computer-readable instructions, stored in the memory, to perform one or both of (i) obtaining, via the second interface, data from the action module, the data to be transmitted over the communication network and (ii) controlling, via the second interface, the action module to cause the action module to perform one or more operations based on an instruction received over the communication network.

Abstract: A method for anonymously carrying out a transaction, wherein one-time passwords encrypted by means of a one-way function are sent by an authentication server to a service device. The non-encrypted one-time passwords are sent by the authentication server to a secure element of a mobile device. In order for a transaction to be effected, the secure element sends the one-time passwords to the service device.

Abstract: An activation code to be provided to a cardholder associated with a payment card is generated. The activation code is an electronically scannable code that encodes payment card information associated with the payment card. The activation code is subsequently received from a user device, the activation code having been electronically scanned by the user device. The payment card information, associated with the payment card, is extracted from the activation code received from the user device. Activation of the payment card is performed using the payment card information extracted from the activation code received from the user device.

Abstract: The invention provides a system for encryptedly storing product data of a product having an attached tag centrally on a product data server, and reading out the centrally stored product data by production stations which are to process the product. The product data are encrypted with a document key which in turn is encrypted with a public key of the tag. The tag contains access information for the centrally stored product data. When a production station accesses product data on the product data server, the tag carries out a re-encryption of the document key from the key system of the tag to that of the accessing production station.

Abstract: An apparatus and method are provided for checking the authenticity of the security element of a value document. For checking the authenticity of the security element, reversed bright/dark modulation is examined. For this purpose, for determining a combination course, the remission course and the transmission course along the longitudinal direction of the security element are set off against each other pixel by pixel and the combination course obtained by setting off pixel by pixel is checked with regard to an intensity modulation along the longitudinal direction of the security element.

Abstract: A method and system performing the method includes receiving currency inventory information from a plurality of cash-points. The method also includes receiving a currency shipment request from a first cash-point. The method further includes determining a set of eligible cash-points from the plurality of cash-points based on the currency inventory information, each eligible cash-point being associated with a respective currency inventory having sufficient currency reserves to fulfill the currency shipment request. The method still further includes receiving an offer from each eligible cash-point, each offer indicative of an asking price for fulfilling the currency shipment request. The method additionally includes determining a selected cash-point to fulfill the currency shipment request based on the offers. The method even further includes initiating shipment of currency from the selected cash-point to the first cash-point.

Abstract: The invention relates to an apparatus and a method for checking value documents marked with feature substances, and to the corresponding feature substances. The feature substances are detected on the basis of Raman or SERS spectroscopy also at high transport speeds with a spatial resolution in the low millimeter region or better and reliably identified.

Abstract: A centralized gateway server receives a first user request, configured to operate with a first development platform, indicating a first operation to be performed on behalf of a first user. The centralized gateway server generates a first service request for performing the first operation, and transmits the first service request to a server associated with a service, to cause the server to perform the first operation on behalf of the first user. The centralized gateway server also receives a second user request indicating a second operation. The second user request is configured to operate with a second development platform different from the first development platform. The centralized gateway server generates a second service request for performing the second operation, and transmits the second service request to the server to cause the server to perform the second operation.

Abstract: A method for loading a subscription into an embedded security element of a system configured on a chip of a mobile end device, wherein the system comprises an application processor, a non-volatile memory and a secure processor. The application processor and the secure processor can access the non-volatile memory via a bus. In the process, the subscription is loaded by a provisioning service into the non-volatile memory, so that the secure processor can load the subscription from the memory and execute it. The provisioning service is executed by the secure processor and the subscription is loaded by the provisioning service into a region of the non-volatile memory readable and writeable only by the secure processor.

Abstract: A secure element device for use in a connected device includes a first interface configured to enable communication with a communication module and a second interface configured to enable communication with an action module of the connected device. A processor coupled to the first interface and the second interface, executes a first set of computer-readable instructions, stored in a memory of the secure element device, to authenticate, via the first interface, the connected device on the communication network. The processor also executes a second set of computer-readable instructions, stored in the memory, to perform one or both of (i) obtaining, via the second interface, data from the action module, the data to be transmitted over the communication network and (ii) controlling, via the second interface, the action module to cause the action module to perform one or more operations based on an instruction received over the communication network.

Abstract: A method for operating a security element of a mobile terminal with a memory unit includes using a first subscription profile with a first operating system for the security element, and a second subscription profile with a second operating system for the security element. The method involves operating the security element with the first operating system to communicate with the first subscription profile via a first mobile communication network; switching from the first operating system to the second operating system of the security element through a boot loader in the memory unit loading and executing the second operating system following a reboot of the security element; and operating the security element with the second operating system, to be able to communicate with the second subscription profile via a second mobile communication network. A corresponding security element and a corresponding mobile terminal are provided.

Abstract: A profile management engine receives, from a mobile device management (MDM) server configured to manage one or more mobile devices, an activation request to activate a subscription for a mobile device of the plurality of mobile devices. The profile management engine generates a download request for preparing a download of an electronic subscriber profile to the mobile device, transmits the download request to a subscription management system of a network operator, and subsequently receives a download response from the subscription management system. The download response includes an identifier that identifies an electronic subscriber profile generated for the mobile device.

Abstract: A layer arrangement is provided for manufacturing an interference-optimized, metal and card-shaped data carrier and to a layer laminate comprising the layer arrangement.

Abstract: Techniques are disclosed which can allow a mobile device, which is no longer being updated by the device manufacturer, to receive updates from the manufacturer. In an implementation, an international mobile equipment identity (IMEI) is received from the mobile device that identifies a model of the mobile device. The mobile device can have at least one application that is unable to communicate with a server of the mobile device's manufacturer. A provisioning server may determine that the mobile device is depreciated based upon the IMEI, and obtain a key unique to the mobile device. The key and at least one Access Point Name may be transmitted to the mobile device, which can allow the mobile device to direct its data traffic to the server of the manufacturer.

Abstract: A system for self-activation of a portable device on a wireless network includes a first server that receives a first message from a particular portable device with a unique identifier that indicates the device type of the device that is at least one of a first type or a second type of portable device. A second message comprising data including the device type corresponding to the portable device is sent to a second server. The second server sends an activation message in response to receiving the second message when the device type determined is the first type; and the second server sends the activation message after a delay interval that is longer than a boot-up sequence time when the device type determined is the second type. The activation message prompts the user to activate the device for use on the wireless network.

Abstract: A data carrier with detachable parts, a method of forming a data carrier comprising a primary card body, a data carrier puncher for removing detachable parts of data carriers, and a method of removing a form changing part from a data carrier using a puncher are disclosed. The data carrier with detachable parts comprising: a primary card body having a first size; a form changing part disposed within the primary card body and having a second size, the form changing part connected to the primary card body by at least one fixing portion, and the form changing part configured to be removed from the primary card body by breaking the at least one fixing portion; an integrated circuit component embedded in the form changing part; and at least one notch disposed at a first position on a first end of the primary card body.

Abstract: A credit card provider server device collects data indicative of at least one of i) environment of a user, ii) activities of the user, and iii) other characteristics of the user. When the credit card provider server device receives, from a payment issuer server device, a context request requesting a user context at a time a payment request is made, the credit card provider server device generates a user context for the user. The user context includes one or more indications related to the one or both of the environment of the user and the activities of the user at the time of the payment request. The credit card provider server device transmits the user context to the payment issuer server device for use in authenticating the payment request.

Abstract: A method and system performing the method includes receiving a request to activate an additional profile in a subscriber identity module that comprises at least one active profile associated with a first basic logical channel. The additional profile is in an inactive state. The method also includes requesting, using the first basic logical channel, the subscriber identity module to associate the additional profile with a second basic logical channel for communicating with the first profile. The method further includes transmitting a command to the additional profile using the second basic logical channel while the at least one active profile associated with the first basic logical channel is in an active state.