Abstract: A method for protecting a network access profile against cloning. A first mobile equipment includes a first security module havng the network access profile. A second mobile equipment is designed to receive the network access profile and includes a second security module. The first and second security modules are designed to establish a logic communication channel with each other. The method is implemented by the first security module and includes: generating a secret key; using the secret key to encrypt a data packet associated with the network access profile; sending the encrypted packet to the second security module through the logic communication channel; receiving, from the second security module, an acknowledgement of a correct receipt of the encrypted data packet; deleting the data packet associated with the network access profile; and then sending the secret key to the second security module through the logic communication channel.

Abstract: A method for obtaining a command relating to a network access profile of an eUICC security module incorporated into a communication device and associated with a physical identifier. The communication terminal: obtains the physical identifier and an anonymous identifier of the security module is calculated from the physical identifier and a random parameter; transmits a request to obtain the command, via an “operator server”, to a “preparation server”, the request to obtain including the anonymous identifier of the security module; obtains the random parameter and calculates the anonymous identifier from the physical identifier of the security module and the random parameter; and sends, to a “discovery server”, a request to obtain information intended to obtain the command, this request to obtain information including the anonymous identifier, in order to obtain, in response, from the discovery server, an address of the preparation server.

Abstract: A method for administering a profile for access to a communication network by using a security module. The security module receives a request to perform an administrative action relating to an access profile originating from an administration entity. The request includes a certificate from the administration entity. The security module verifies that the certificate received is legitimate and that it carries information indicating that the entity is authorised to request the action and, if so, sends an authorisation to perform the action in conjunction with the administration entity. Otherwise, the security module rejects the request.

Abstract: A method for obtaining a command relating to a profile for a security module of the equipment to access a network by mobile equipment. The method includes: sending, to a first server, a request including an anonymous identifier of the security module based on a physical identifier of the module and a random variable; receiving, from the first server, an address of a second server, which prepared the command and associated the command with the anonymous identifier, a request of the command having been previously received from a third server via the second server; sending, to the second server, the physical identifier of the module and of the random variable; receiving, from the second server, the command when a verification by the second server that the anonymous identifier of the security module has been computed on the basis of the received physical identifier and of the random variable is positive.

Abstract: A technique for downloading a profile for access to a communication network by a security module. This access profile has been prepared by a network operator and is available from a server configured to provide this access profile by downloading to the security module. The security module obtains a first verification datum prepared by the network operator. A secure downloading session is established thereafter. During establishment, session keys are jointly generated between the server and the security module and the server is authenticated by the security module using a public downloading key. The security module verifies authenticity of the public downloading key by using the first verification datum enabling verification that the server uses a secret downloading key corresponding to that provided by the network operator during preparation of the first verification datum. When the public downloading key is not authentic, the security module interrupts downloading of the access profile.

Abstract: A method for setting up an execution rule of an operating environment for a communication terminal in a mobile network of an operator. The environment is referred to as a operator profile. The operator profile is stored in a subscriber module embedded in the terminal. According to the method, the subscriber module: obtains a first token signed by the operator and includes information relative to the identification of the rule; obtains a second token signed by a third party other than the operator and including a first element for verifying the authenticity of the first token; verifies the authenticity of the first token by using the first verification element; verifies the authenticity of the second token by using a second verification element; and sets up the rule in the subscriber module if the authenticity of the first and second tokens is verified.

Abstract: A method for anonymously identifying a security module by a server. The method includes: receiving, from the module, a request for the address of a server managing subscription data of an operator, the request including a current identification value of the module, which depends on an identifier of the module and a current date; searching for the current identification value in at least one set of identification values, the set being associated with an operator and including, for a given module, a plurality of identification values, which are calculated depending on the identifier of the module and a date, the date varying for the plurality of identification values of the set between a start date and an end date; and sending, to the security module, the address of the server managing subscription data associated with the operator when the current identification value appears in the set of identification values.

Abstract: A method is provided of installing a subscription profile, taken out with an operator of a mobile telecommunications network, on a mobile communication terminal containing an embedded module for subscriber identification. This method can include sending a domain name resolution request to a domain name server, this request including an identifier of a network server, and receiving, in response to this request, a response message containing a network address of the network server allowing the triggering of the loading of the profile. The subscription profile can then be loaded into the embedded module from a supply server of the network. A mobile terminal, a supply server and a domain name server can be configured to implement this method.

Abstract: A method for obtaining a command relating to a profile for a security module of the equipment to access a network by mobile equipment. The method includes: sending, to a first server, a request including an anonymous identifier of the security module based on a physical identifier of the module and a random variable; receiving, from the first server, an address of a second server, which prepared the command and associated the command with the anonymous identifier, a request of the command having been previously received from a third server via the second server; sending, to the second server, the physical identifier of the module and of the random variable; receiving, from the second server, the command when a verification by the second server that the anonymous identifier of the security module has been computed on the basis of the received physical identifier and of the random variable is positive.

Abstract: A technique for downloading a profile for access to a communication network by a security module. This access profile has been prepared by a network operator and is available from a server configured to provide this access profile by downloading to the security module. The security module obtains a first verification datum prepared by the network operator. A secure downloading session is established thereafter. During establishment, session keys are jointly generated between the server and the security module and the server is authenticated by the security module using a public downloading key. The security module verifies authenticity of the public downloading key by using the first verification datum enabling verification that the server uses a secret downloading key corresponding to that provided by the network operator during preparation of the first verification datum. When the public downloading key is not authentic, the security module interrupts downloading of the access profile.

Abstract: A method for setting up an execution rule of an operating environment for a communication terminal in a mobile network of an operator. The environment is referred to as a operator profile. The operator profile is stored in a subscriber module embedded in the terminal. According to the method, the subscriber module: obtains a first token signed by the operator and includes information relative to the identification of the rule; obtains a second token signed by a third party other than the operator and including a first element for verifying the authenticity of the first token; verifies the authenticity of the first token by using the first verification element; verifies the authenticity of the second token by using a second verification element; and sets up the rule in the subscriber module if the authenticity of the first and second tokens is verified.

Abstract: A method for anonymously identifying a security module by a server. The method includes: receiving, from the module, a request for the address of a server managing subscription data of an operator, the request including a current identification value of the module, which depends on an identifier of the module and a current date; searching for the current identification value in at least one set of identification values, the set being associated with an operator and including, for a given module, a plurality of identification values, which are calculated depending on the identifier of the module and a date, the date varying for the plurality of identification values of the set between a start date and an end date; and sending, to the security module, the address of the server managing subscription data associated with the operator when the current identification value appears in the set of identification values.

Abstract: A method is provided of installing a subscription profile, taken out with an operator of a mobile telecommunications network, on a mobile communication terminal containing an embedded module for subscriber identification. This method can include sending a domain name resolution request to a domain name server, this request including an identifier of a network server, and receiving, in response to this request, a response message containing a network address of the network server allowing the triggering of the loading of the profile. The subscription profile can then be loaded into the embedded module from a supply server of the network. A mobile terminal, a supply server and a domain name server can be configured to implement this method.

Abstract: A method is provided for activating, on a second network, a terminal having a memory module including a temporary identification datum and being associated in a central database with a first predetermined network. The method includes a first step of authenticating the memory module with the central database by way of the temporary identification datum, a step of determining a new identification datum following an activation of the terminal in the second network, and transmitting this new identification datum to the memory module for storage on the memory module. Also provided are an associated computing entity and a terminal containing the associated memory module.

Abstract: Provided are an electronic storage module, a method for assigning contacts of an electronic storage module and a method for implementing an assignment. Exemplary modules include chip cards such as SIM cards (Subscriber Identification Modules), in particular but not limited to cards that use six contacts. The electronic storage module has a plurality of contacts, including at least one reset contact and at least one first set of contacts forming a first communication interface between the electronic storage module and an electronic device including the electronic storage module. The set of contacts constitutes at least one second communication interface. The reset contact makes it possible to indicate which one of the first or second communication interfaces the first set of contacts uses at a given time.

Abstract: A method is provided for activating, on a second network, a terminal having a memory module including a temporary identification datum and being associated in a central database with a first predetermined network. The method includes a first step of authenticating the memory module with the central database by way of the temporary identification datum, a step of determining a new identification datum following an activation of the terminal in the second network, and transmitting this new identification datum to the memory module for storage on the memory module. Also provided are an associated computing entity and a terminal containing the associated memory module.

Abstract: Provided are an electronic storage module, a method for assigning contacts of an electronic storage module and a method for implementing an assignment. Exemplary modules include chip cards such as SIM cards (Subscriber Identification Modules), in particular but not limited to cards that use six contacts. The electronic storage module has a plurality of contacts, including at least one reset contact and at least one first set of contacts forming a first communication interface between the electronic storage module and an electronic device including the electronic storage module. The set of contacts constitutes at least one second communication interface. The reset contact makes it possible to indicate which one of the first or second communication interfaces the first set of contacts uses at a given time.

Abstract: A technique for managing access to protected digital content stored in a content broadcasting server (11) and transmitted to a mobile terminal (10) connected to a cellular mobile network (20). A copy of a right of use being stored in a right-of-use management server (12), said management system is adapted to transmit to said mobile terminal (10) a message updating said right to use the digital content without any request for a connection from said mobile terminal (10) to said right-of-use management server (12).