Abstract: A secure element includes an SE application implemented therein or configured to implement an SE application therein. The secure element includes: an SE terminal interface to a terminal, in conjunction with which the secure element is able to be operated; an ARA application (ARA-X) and ARA access rules, by way of which access operations from applications implemented in the terminal to SE applications implemented or able to be implemented in the secure element via the SE terminal interface are controlled. The secure element is: an ARA user interface (ARA-UI), which is configured: to receive user commands that are input by a user on a user interface provided on the terminal or on the secure element; to forward received user commands to the ARA application; and to prompt the ARA application to apply forwarded user commands to the ARA application.

Abstract: Systems and methods for participation in a telecommunications network. A secure element manages at least one profile data set for secure operation of a user device. An element identifier is provided for identifying the secure element. A location identifier is provided for a home location register of a telecommunications network. At least one login credentials item is provided for logging on the user device.

Abstract: A method and system for configuring a user device for participation in a telecommunications network are disclosed, with a secure element, such as an eUICC, which is configured to administrate at least one profile dataset for secure operation of the user device. An installation dataset is provided for accompanying at least part of an installation process for installing data on the secure element. An auxiliary profile data set is provided to enable access to a telecommunications network.

Abstract: A method for installing at least one target profile (P1) to at least one eUICC with an eUICC hardware identifier (EID) involves: (1) preparing a batch comprising at least one Batch Bound Profile Package (BB PP) with the target profile (P1) to be installed to the eUICC; (2) using the OEM production machine to download the BBPP from the profile storage to the eUICC; (3) installing the target profile (P1) in the eUICC. Before step 2, the eUICC must have a Secure Channel Protocol keyset (SCP03-K). To download the target profile (P1) in step 2, the profile storage establishes a Secure Channel Protocol Session with the eUICC based on the eUICC hardware identifier (EID). Then, the BBPP is downloaded from the profile storage to the eUICC over the Secure Channel Protocol Session.

Abstract: An eUICC includes a provisioning profile installed in the eUICC, and constructed for provisioning of profiles installed or scheduled to be installed in the eUICC; at least one profile, referred to as target profile, installed in the eUICC including a profile identifier, and present in a disabled status. The provisioning profile includes a profile enabler constructed to perform steps: E1) receive from the target profile the profile identifier; E2) receive from an enablement orchestration server an expected profile identifier of a profile installed in the eUICC; E3) enable the target profile only under the condition that the profile identifier retrieved from the target profile and the expected profile identifier retrieved from the enablement orchestration server match with each other; and optionally, when enabling the target profile, disable the provisioning profile.

Abstract: A secure element includes an SE application implemented therein or configured to implement an SE application therein. The secure element includes: an SE terminal interface to a terminal, in conjunction with which the secure element is able to be operated; an ARA application (ARA-X) and ARA access rules, by way of which access operations from applications implemented in the terminal to SE applications implemented or able to be implemented in the secure element via the SE terminal interface are controlled. The secure element is: an ARA user interface (ARA-UI), which is configured: to receive user commands that are input by a user on a user interface provided on the terminal or on the secure element; to forward received user commands to the ARA application; and to prompt the ARA application to apply forwarded user commands to the ARA application.

Abstract: A method for generating at least one profile, for provisioning the profile to an eUICC designed to be hosted in a device, includes the steps: S1) providing profile generation data, including static profile data for generating a profile container (T_ISD-P[ ]) and dynamic; S2) generating a profile (P1), and a dynamic-data description file (D-XML) indicating content and storage location of at least the dynamic profile data in the profile; S3-1) creating, in the eUICC at least one profile container (T_ISD-P[ ]); S3-2) providing the profile (P1) and the dynamic-data description file (D-XML) to a Dynamic Converter, and at the Dynamic Converter, with support of the dynamic-data description file (D-XML), extracting the dynamic profile data from the profile (P1), for later transferring the extracted dynamic profile data (EDP-P1) to the eUICC, and installing the transferred extracted dynamic profile data (EDP-P1) into the profile container (T_ISD-P[ ]) created in step S3-1).

Abstract: A method for provisioning a profile to an eUICC designed to be hosted in a mobile device, includes the steps: providing an eUICC production machine comprising or having connected thereto an eUICC read/write facility, and being installed in a secure production environment; providing an IFPP Controller installed in the secure production environment; provide dynamic profile data to the IFPP Controller; providing the eUICC, with at least one already present created profile container created from static profile data, at the eUICC production machine; by the IFPP Controller, providing the dynamic profile data to the eUICC production machine; by the eUICC production machine, downloading the dynamic profile data via the eUICC read/write facility to the eUICC, and writing the dynamic profile data into the profile container, so as to install the profile and thereby provision the profile to the eUICC.

Abstract: A method and a system for subscription management in a security element for a mobile end device, wherein one subscription profile is associated with one subscription. For a subscription profile, an access to functionalities of the security element is subscription-profile-specifically restricted.

Abstract: A method and a system for subscription management in a security element for a mobile end device, wherein one subscription profile is associated with one subscription. For a subscription profile, an access to functionalities of the security element is subscription-profile-specifically restricted.

Abstract: A method is described for communicating with an application on a portable data carrier, as well as such a portable data carrier. The method comprises the following steps of: forwarding a command transmitted by an external entity to the portable data carrier, from a runtime environment implemented on the portable data carrier to a proxy application implemented on the portable data carrier; forwarding the command from the proxy application via the runtime environment to the application; and monitoring the communication between the external entity and the application in the form of the command and/or intervening in the communication by the proxy application.

Abstract: A method includes communicating with an application on a portable data carrier, as well as such a portable data carrier. The method comprises the following steps of: forwarding a command transmitted by an external entity to the portable data carrier, from a runtime environment implemented on the portable data carrier to a proxy application implemented on the portable data carrier; forwarding the command from the proxy application via the runtime environment to the application; and monitoring the communication between the external entity and the application in the form of the command and/or intervening in said communication by the proxy application.