Abstract: Provided is a method to update an OS installed in a secure element on an OS update platform exposing the same ES9+ interface as an SM-DP+, the secure element being an eUICC or an iUICC cooperating with a terminal, the secure element and the terminal being comprised in a device. The method comprises loading an OS update script in the OS update platform of the secure element manufacturer, triggering the LPA of the terminal to connect to the OS update platform by using the ES9+ SM-DP+ protocol, downloading by the LPA the OS update script in an ISD-P of the secure element and installing the OS update script in the ISD-P of the secure element, and after the installation of the OS update script in the ISD-P, return by the secure element an execution result to the OS update platform through the LPA.

Abstract: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.

Abstract: Provided is a method for patching an operating system 100 on a secure element 103 embedded in a terminal. The method comprises transmitting from a platform 101 to a SM-SR 102 an order to create on the secure element 103 an ISD-P 104, establishing between the platform 101 and the ISD-P or the secure element 103 a secure channel, transmitting from the SM-SR 102 to the secure element 103 a patch of the operating system, executing in the ISD-P 104 the patch of the operating system, and sending from the secure element 103 to the platform 101 a message informing the platform 101 of the result of the execution of the patch.

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: The invention relates to a method for sending data to at least one device. According to the invention, a data sending control server sends to at least one data storage server at least one predetermined rule or a first request for sending data to at least one data processing server. The data storage server sends, based upon the at least one predetermined rule or the first request for sending data, data to the data processing server. The data sending control server sends to the data processing server a second request for sending to the device the data received or to be received by the data processing server. The data processing server sends, based upon the second request for sending the data, the received data to the at least one device.

Abstract: The invention is a method for managing profiles in a secure element that has several profiles comprising files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ks)Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)K) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.

Abstract: The invention is a method for managing profiles in a secure element that has several profiles comprising files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Abstract: The present invention relates to a method to manage subscriptions in a provisioning server (PS) able to communicate with a Hardware Security Module (HSM) having an HSM key (K). Said method being such that the HSM comprising a load and a reload function, the secure device key ((Ke1)K) and the storage key ((Ks)K) as encrypted and stored are provided (S1) to one of said functions, said functions outputting, the storage key ((Ks)Ke1)K) encrypted using the provided secure device (SE1) key (Ke1) and the HSM key K, and an APDU_putkey command ((APDU_PUTKEY((Ke1))Ke1), encrypted using the provided secure device (SE1) key (Ke1), to put the retrieved storage key ((Ks)Ke1) also encrypted using the provided secure device key (Ke1), the storage key as previously stored ((Ks)K) is overwritten (S6) with the storage key (((Ks)Ke1)k) encrypted using the secure device key (Ke1) and the HSM key (K) returned by the function.

Abstract: A first device stores a subscription manager and at least two subscriptions. A first subscription is active and a second subscription is non-active. A second device sends a request for switching to the second subscription. The subscription manager sets a first variable relating to a next active subscription to the second subscription. The subscription manager sends to the first device a message requesting the first device to re-launch an execution of the subscription manager and to read data. The first device sends to the subscription manager a message including a command for re-launching an execution of the subscription manager. The subscription manager de-activates, based upon the first variable value, the first subscription. The subscription manager activates, based upon the first variable value, the second subscription, and sends to the first device operating system data relating to the second subscription, as a current active subscription.

Abstract: A first device stores a subscription manager and at least two subscriptions. A first subscription is active and a second subscription is non-active. A second device sends a request for switching to the second subscription. The subscription manager sets a first variable relating to a next active subscription to the second subscription. The subscription manager sends to the first device a message requesting the first device to re-launch an execution of the subscription manager and to read data. The first device sends to the subscription manager a message including a command for re-launching an execution of the subscription manager. The subscription manager de-activates, based upon the first variable value, the first subscription. The subscription manager activates, based upon the first variable value, the second subscription, and sends to the first device operating system data relating to the second subscription, as a current active subscription.