Abstract: A method includes performing, by a terminal with an access card, a first relay attack check for the access card in accordance with a local value associated with the terminal and a local value associated with the access card; determining, by the terminal, that the access card has passed the first relay attack check, and based thereon, performing, by the terminal with the access card, an authentication check of the access card in accordance with the local value associated with the terminal, the local value associated with the access card, and a local challenge value associated with the terminal; and determining, by the terminal, that the access card has passed the first relay attack check and the authentication check, and based thereon, validating, by the terminal, the access card.

Abstract: Described is a method for performing the execution of an application in a Secure Element (SE), comprising a host sending an APDU command to the SE comprising the application, processing at the SE the APDU command for execution by the application, performing a determined plurality of operations of the application commanded by the APDU command, the application determining among the plurality of application operations commanded by the APDU command a first set of operations to be executed by the application upon receiving the APDU command and at least a second set of operations. The SE performs the first set of operations to be executed by the application upon receiving the APDU command, performing a deferred execution of a second set of operations upon communication of completion of the execution of the first set of operations from the SE to the host.

Abstract: A method includes preserving custom objects and system objects of an application during an operative system update operation in a secure element. The custom objects and system objects are saved. The application is uninstalled and a new instance of the application is created. The saved custom objects and the saved system objects are recovered, and the new instance of the application is updated with the recovered custom objects and system objects. Saving a system object includes acquiring information content of fields of the system object, encoding and storing the information content into a data serialization format in a reserved area of a non-volatile memory of the secure element. Recovering the saved system object includes reading and decoding the encoded information content from the reserved area of the non-volatile memory of the secure element. The system object is recovered using the obtained information content of the fields.

Abstract: A method includes performing, by a terminal with an access card, a first relay attack check for the access card in accordance with a local value associated with the terminal and a local value associated with the access card; determining, by the terminal, that the access card has passed the first relay attack check, and based thereon, performing, by the terminal with the access card, an authentication check of the access card in accordance with the local value associated with the terminal, the local value associated with the access card, and a local challenge value associated with the terminal; and determining, by the terminal, that the access card has passed the first relay attack check and the authentication check, and based thereon, validating, by the terminal, the access card.

Abstract: A method includes performing, by a terminal with an access card, a first relay attack check for the access card in accordance with a local value associated with the terminal and a local value associated with the access card; determining, by the terminal, that the access card has passed the first relay attack check, and based thereon, performing, by the terminal with the access card, an authentication check of the access card in accordance with the local value associated with the terminal, the local value associated with the access card, and a local challenge value associated with the terminal; and determining, by the terminal, that the access card has passed the first relay attack check and the authentication check, and based thereon, validating, by the terminal, the access card.

Abstract: A tamper resistant device can be used for an integrated circuit card. The device includes memory storing a first security domain that includes a telecommunication profile and a second security domain that includes an application profile. A first physical interface is configured to be coupled to a baseband processor configured to operate with a mobile telecommunications network. A second physical interface configured to be coupled to an application processor. The first physical interface configured to allow the baseband processor to access the telecommunication profile and the second physical interface is configured to allow the application processor to access the application profile. The tamper resistant device is configured to enable accessibility to the application profile if corresponding commands are received at the first interface and to enable accessibility to the telecommunication profile if corresponding commands are received at the second interface.

Abstract: A method includes performing, by a terminal with an access card, a first relay attack check for the access card in accordance with a local value associated with the terminal and a local value associated with the access card; determining, by the terminal, that the access card has passed the first relay attack check, and based thereon, performing, by the terminal with the access card, an authentication check of the access card in accordance with the local value associated with the terminal, the local value associated with the access card, and a local challenge value associated with the terminal; and determining, by the terminal, that the access card has passed the first relay attack check and the authentication check, and based thereon, validating, by the terminal, the access card.

Abstract: A tamper resistant device can be used for an integrated circuit card. The device includes memory storing a first security domain that includes a telecommunication profile and a second security domain that includes an application profile. A first physical interface is configured to be coupled to a baseband processor configured to operate with a mobile telecommunications network. A second physical interface configured to be coupled to an application processor. The first physical interface configured to allow the baseband processor to access the telecommunication profile and the second physical interface is configured to allow the application processor to access the application profile. The tamper resistant device is configured to enable accessibility to the application profile if corresponding commands are received at the first interface and to enable accessibility to the telecommunication profile if corresponding commands are received at the second interface.

Abstract: A transaction method manages the storing of persistent data to be stored in at least one memory region of a non-volatile memory device before the execution of update operations that involve portions of the persistent data. Values of the persistent data are stored in a transaction stack that includes a plurality of transaction entries before the beginning of the update operations so that the memory regions involved in such an update are restored in a consistent state if an unexpected event occurs. A push extreme instruction reads from the memory cells a remaining portion of the persistent data that is not involved in the update operation, and stores the remaining portion in a subset of the transaction entries. The push extreme instruction is executed instead of a push instruction when the restoring of the portion of persistent data is not required after the unexpected event. The restoring corresponds to the values that the persistent data had before the beginning of the update operations.

Abstract: A transaction method manages the storing of persistent data to be stored in at least one memory region of a non-volatile memory device before the execution of update operations that involve portions of the persistent data. Values of the persistent data are stored in a transaction stack that includes a plurality of transaction entries before the beginning of the update operations so that the memory regions involved in such an update are restored in a consistent state if an unexpected event occurs. A push extreme instruction reads from the memory cells a remaining portion of the persistent data that is not involved in the update operation, and stores the remaining portion in a subset of the transaction entries. The push extreme instruction is executed instead of a push instruction when the restoring of the portion of persistent data is not required after the unexpected event. The restoring corresponds to the values that the persistent data had before the beginning of the update operations.

Abstract: A compression method for a backup data buffer includes a plurality of backup entries for storing persistent data of a non-volatile memory device during at least one update operation. An address of the persistent data in the non-volatile memory device is stored in a driver buffer including address pages. Each address page includes address entries. The compression method includes the functions for marking as erasable an address entry included in a first address page of the driver buffer when the at least one update operation on the persistent data is completed. Address entries not marked as erasable or non-erasable are copied from the first address page to a second address page of the driver buffer. The second address page contains address entries not marked as erasable. The first address page is erased for rendering it ready to be written. The content of the second address page is written to the first, and the second address page is for future writings.