Abstract: In order to create and access a secure storage account in a non-volatile memory device, an account identification value is calculated. A memory identification value is read from a first non-volatile memory device. The memory identification value and the account identification value are transmitted to a second non-volatile memory device, and a calculated credential is received. A command is transmitted to create a secure storage account in the first non-volatile memory device, where the command contains the credential and the account identification value. To access the account, a sequence is transmitted, containing the account identification value and a value based on the credential. A secure storage system contains a first non-volatile memory device that stores a memory identification value and contains a secure partition accessible using a credential, a second non-volatile memory device that can compute the credential, and a host adapted to create and access the secure partition.

Abstract: In one embodiment, a method for managing information in a large capacity UICC is provided comprising storing content of a file in a mass storage file system of the large capacity UICC, associating the file in the mass storage file system with a file in an ISO file system of the large capacity UICC, wherein the ISO file is associated with a security configuration defining security requirements for allowing its access; and hiding the content of the file in the mass storage file system in order to make it inaccessible. The method can further comprise requesting access from the mass storage file system to content of a file in the mass storage file system; and, if hidden, delivering security requirements to the ISO file system and determining whether the delivered security requirements agree with the security configuration of the file in the ISO file system associated with the file in the mass storage file system; and, if so, revealing the content to make it accessible.

Abstract: A method of exchanging information comprising dynamic contents through an interne type network between a large capacity universal integrated circuit card located within a mobile equipment and a remote device, said large capacity universal integrated circuit card comprising a smart card web server and having at least one servlet installed, wherein said smart card web server is configured for managing and controlling the execution of said servlet. It comprises the following steps: said servlet installed in said large capacity universal integrated circuit card implements a functionality of remote application management and processes commands configured for being used by said functionality of remote application management; exchanging said commands between said large capacity universal integrated circuit card and said remote device using an http-type protocol layer.

Abstract: The present invention is related with the management of memory in environments of limited resources, such as those found for example in a smart card. In a more particular manner, the invention relates to a method of managing the data storage resources of volatile memory, the object of which is to reduce the size of volatile memory necessary to implement the stack of the system, and thereby to reserve more volatile memory available for other needs or procedures of the system or of other applications When the stack grows and comes close to its established limit, the system carries out a transfer of a stack block located in the volatile memory to an area of non-volatile memory, hence this transfer allows a compression of the stack increasing its size in a virtual manner.

Abstract: In order to create and access a secure storage account in a non-volatile memory device, an account identification value is calculated. A memory identification value is read from a first non-volatile memory device. The memory identification value and the account identification value are transmitted to a second non-volatile memory device, and a calculated credential is received. A command is transmitted to create a secure storage account in the first non-volatile memory device, where the command contains the credential and the account identification value. To access the account, a sequence is transmitted, containing the account identification value and a value based on the credential. A secure storage system contains a first non-volatile memory device that stores a memory identification value and contains a secure partition accessible using a credential, a second non-volatile memory device that can compute the credential, and a host adapted to create and access the secure partition.

Abstract: In order to create and access a secure storage account in a non-volatile memory device, an account identification value is calculated. A memory identification value is read from a first non-volatile memory device. The memory identification value and the account identification value are transmitted to a second non-volatile memory device, and a calculated credential is received. A command is transmitted to create a secure storage account in the first non-volatile memory device, where the command contains the credential and the account identification value. To access the account, a sequence is transmitted, containing the account identification value and a value based on the credential. A secure storage system contains a first non-volatile memory device that stores a memory identification value and contains a secure partition accessible using a credential, a second non-volatile memory device that can compute the credential, and a host adapted to create and access the secure partition.

Abstract: A system for enforcing a storage allocation usage right(s) for an application may include a controllable storage and a storage manager to control the access of the application to the storage according to an associated storage allocation usage right. A SIM card for enforcing a storage allocation usage right for an application may include an application register to store an access rule of the storage allocation usage right(s) and an APREC module to identify the application and thereby an access rule to enable controlling of the access of the application to storage according to the storage allocation usage right. A high-capacity SIM card for enforcing a storage allocation usage right for an application may include a storage; a storage manager to control the access of an application to the storage according to an associated access rule of the storage allocation usage right; and an APREC module.

Abstract: A method of installing an application on a SIM card is disclosed. A host agent in a host device installs an application on a Subscriber Identity Module card from a non-volatile storage device. The host agent coordinates mutual authentication between the non-volatile storage device and a Subscriber Identity Module card in the host device. If the mutual authentication is successful, the host agent reads an application from the non-volatile storage device and installs the application on the Subscriber Identity Module card, wherein installing the application enables the Subscriber Identity Module card to execute the application. The application may be protected from tampering or unauthorized copying during the host agent transfer by creation of a secure communication channel or transferring encrypted applications. The Subscriber Identity Module card may verify the signature associated with an application before installation to prevent the installation of unauthorized or tampered applications.

Abstract: A method of secure transfer of data between entities, which comprises: establishing a first secure channel (740, 840) between a first entity (710, 810) having at least one first credential (7101, 8101) and a second entity (720, 820) having at least one second credential (7201, 8201); establishing a second secure channel (750, 850) between said first entity (710, 810) and a third entity (780, 880), said third entity (780, 880) being trusted by said first entity (710, 810); through said second secure channel (750, 850) between said first entity (710, 810) and said third entity (780, 880), delegating (790, 890) said first secure channel (740, 840) from said first entity (710, 810) to said third entity (780, 880) for transferring data between said second entity (720, 820) and said third entity (780, 880).

Abstract: A method of exchanging information comprising dynamic contents through an internet type network (521, 821) between a large capacity universal integrated circuit card (520, 820) located within a mobile equipment (522, 822) and a remote device (574, 874), said large capacity universal integrated circuit card (521, 821) comprising a smart card web server (548, 848) and having at least one servlet (550, 850) installed, wherein said smart card web server (548, 848) is configured for managing and controlling the execution of said servlet (550, 850).

Abstract: A method for managing information in a large capacity UICC, comprising: storing content of a file in a mass storage file system of the large capacity UICC, associating the file in the mass storage file system with a file in an ISO file system of the large capacity UICC, wherein the ISO file is associated with a security configuration defining security requirements for allowing its access; hiding the content of the file in the mass storage file system in order to make it inaccessible. The method further comprises: requesting access from the mass storage file system to content of a file in the mass storage file system; and, if hidden, delivering security requirements to the ISO file system and determining whether the delivered security requirements agree with the security configuration of the file in the ISO file system associated with the file in the mass storage file system; and, if so, revealing the content to make it accessible.

Abstract: In order to create and access a secure storage account in a non-volatile memory device, an account identification value is calculated. A memory identification value is read from a first non-volatile memory device. The memory identification value and the account identification value are transmitted to a second non-volatile memory device, and a calculated credential is received. A command is transmitted to create a secure storage account in the first non-volatile memory device, where the command contains the credential and the account identification value. To access the account, a sequence is transmitted, containing the account identification value and a value based on the credential. A secure storage system contains a first non-volatile memory device that stores a memory identification value and contains a secure partition accessible using a credential, a second non-volatile memory device that can compute the credential, and a host adapted to create and access the secure partition.

Abstract: The present invention relates to a smart card provided with an integrated circuit for identifying a user, storing and exchanging information with an electronic device, such as for example a mobile telephone, a personal computer, etc. The smart card is provided with additional communication contacts apart from those that are conventionally arranged on the integrated circuit itself, and it incorporates means allowing one of these cards provided with additional contacts to be able to be used without any problems in card readers that do not support these additional contacts. The present invention consists of the fact that the arrangement of these new contacts is not located on the surface of the smart card, plastic body of the card or microchip, preventing the conductive parts of the reader which are in contact with the smart card from causing any type of malfunction thereof. The invention also relates to a method of manufacturing the previously mentioned smart card.

Abstract: The invention relates to the management of information such as data and/or procedures residing in the memory in systems with reduced processing and storing capacity, for example, those available in a smart card. A method and a device disclosed in the invention make it possible for various applications lodged in different memory parcels to safely share data and/or procedures by making optimum use of the processing capacity of the system to which the memory belongs. A strict sharing mechanism ensures that if an application has obtained a data item or a procedure from another application or the system itself in which it is lodged, it has done so because it is authorized to use it and therefore no verification has to be made. The sharing mechanism is based on the principle that data and procedures of one application can only be referenced by another application during its execution and through the sharing mechanisms defined in this invention.

Abstract: The present invention is related with the management of memory in environments of limited resources, such as those found for example in a smart card. In a more particular manner, the invention relates to a method of managing the data storage resources of volatile memory, the object of which is to reduce the size of volatile memory necessary to implement the stack of the system, and thereby to reserve more volatile memory available for other needs or procedures of the system or of other applications When the stack grows and comes close to its established limit, the system carries out a transfer of a stack block located in the volatile memory to an area of non-volatile memory, hence this transfer allows a compression of the stack increasing its size in a virtual manner.