Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of the operating system when executed by the processor, performs a cryptographic operation when processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory stores the operating system. A communication interface receives data over a communication network. The processor retrieves the boot program code from the first memory area and executes the boot program code to start execution of the operating system. The processor terminates execution of the boot program code. The processor is configured to re-execute the boot program code while the operating system is executed to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A provisioning control apparatus couples to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The provisioning control apparatus has a communication interface which transmits the program code to the provisioning equipment server for provisioning the electronic device(s) with the program code and to receive an electronic provisioning token having provisioning control data. The provisioning control apparatus includes a processor that controls the transmission of the program code via the communication interface to the provisioning equipment server. The electronic provisioning token has time adjustment information for adjusting the clock, and the processor adjusts the time of the clock. A provisioning control system includes the provisioning control apparatus and a method involves provisioning the electronic device(s).

Abstract: A data provisioning device is arranged for provisioning a data processing entity from a set of data processing entities sharing the same joint decryption key. The data provisioning device comprises: a network interface configured to receive the provisioning data for provisioning the data processing entity, a joint encryption key associated with the joint decryption key, and control information indicating a processing scheme to be deployed by the data provisioning device when provisioning the data processing entity; a processor configured to process the provisioning data according to the control information to obtain processed provisioning data, to cryptographically encrypt the processed provisioning data using the received joint encryption key to obtain encrypted processed provisioning data; and a device interface configured to transmit the encrypted processed provisioning data to the data processing entity.

Abstract: A method for completing a transaction includes: a backend server executes an application backend of a transaction application; a first terminal device executes a first application frontend of the transaction application; the first application frontend, for starting a transaction, transmits a transaction request indicating the transaction to be started and a second application frontend different from the first application frontend and comprising transaction data associated with the indicated transaction to the application backend; a second terminal device executes the second application frontend of the transaction application; the application backend provides a transaction link for being connected to by the second application frontend and transmits an authorization request to the second application frontend; the second application frontend authorizes the requested transaction and transmits a transaction authorization to the application backend; and the application backend completes the transaction.

Abstract: A method for configuring a mobile Point-of-Sales (mPOS) application for executing a transaction includes: installing an application frontend of the mPOS application on a terminal device connected to a communication network; installing an application backend of the mPOS application on an edge cloud server of the communication network; configuring the application frontend to act, upon launch, as an I/O interface and to communicate with the application backend via a secure connection provided by the communication network; and splitting I/O drivers comprised by computer program code of the mPOS application into a low-level driver executed on the terminal device as part of the I/O interface and a high-level driver executed in the application backend at the edge cloud server.

Abstract: A method for completing a transaction includes: a backend server connected to a communication network executes an application backend of a transaction application; a first terminal device connected to the communication network via a first connection executes a first application frontend of the transaction application; the first application frontend transmits a transaction request indicating the transaction to be started and a second application frontend and comprising transaction data associated with the indicated transaction to the application backend via the first connection; a second terminal device connected to the communication network via a second connection executes the second application frontend of the transaction application; the application backend transmits an authorization request to the second application frontend via the second connection; the second application frontend authorizes the requested transaction and transmits a transaction authorization to the application backend via the second conn

Abstract: A method for operating a mobile Point-of-Sales (mPOS) application for executing a transaction includes: a Universal Integrated Circuit Card (UICC) card connected to a terminal device executes in interaction with the terminal device an application frontend of the mPOS application that provides, upon launch, an I/O interface with a human machine interface displayed by a touchscreen of the terminal device and a machine-to-machine interface; and the application frontend, for starting a transaction, captures transaction data associated with the transaction to be started via the human machine interface, reads further transaction data via the machine-to-machine interface from a transaction device separate from the terminal device and arranged close to the terminal device, generates a transaction authorization authorizing the requested transaction, and transmits the transaction authorization, the transaction data and the further transaction data via a connection to a remote backend server for completing the transacti

Abstract: A method for operating a mobile Point-of-Sales (mPOS) application includes: an application frontend of the mPOS application is installed and launched on a terminal device connected to a communication network via a secure connection; an application backend of the mPOS application is installed and launched on an edge cloud server of the communication network; the application frontend, for starting a transaction associated with the mPOS application, transmits a transaction request indicating the transaction to be started and comprising transaction data associated with the indicated transaction to the application backend via the connection; the application backend transmits an authorization request to the application frontend via the connection; the application frontend authorizes the requested transaction and transmits a transaction authorization to the application backend via the connection; and the application backend completes the transaction.

Abstract: A method for authenticating a user includes: an application frontend of a face recognition application, upon receipt of a face recognition request from an application backend of the face recognition application, causes a terminal device to activate a camera of the terminal device; the application frontend receives a video stream of a face of the user captured by the camera of the terminal device; the application frontend transmits the received video stream to the application backend; the application backend, upon receipt of the video stream, extracts a face characteristic of the user from the received video stream in real-time; and the application backend compares the extracted face characteristic with a stored reference face characteristic of the user and authenticates the user based on the extracted face characteristic matching the stored reference face characteristic.

Abstract: A method for operating a mobile Point-of-Sales (mPOS) application includes: an application frontend, for starting a transaction, captures transaction data associated with the transaction to be started and transmits a transaction request to the application backend via the connection; an application backend transmits an authorization request and a layout for a human machine interface for entering a personal key to the application frontend; the application frontend provides the human machine interface with the received layout, captures the personal key entered via the human machine interface, and generates and transmits a transaction authorization comprising the captured personal key to the application backend; and the application backend checks the captured personal key and, depending on the check, completes the transaction.

Abstract: A provisioning apparatus for performing a provisioning procedure with an electronic component for an electronic device. The provisioning procedure includes providing provisioning data to the electronic component and processing the provisioning data by the electronic component. The provisioning apparatus has a provisioning and sensing unit electrically connected with the electronic component for performing the provisioning procedure. The provisioning and sensing unit detects a power profile of the electronic component, which represents the electric power consumed by the electronic component and/or the electromagnetic power. The provisioning apparatus has a provisioning control unit configured to receive the power profile from the provisioning and sensing unit and to compare the power profile with a reference power profile for the electronic component.

Abstract: A provisioning control apparatus couples to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The provisioning control apparatus has a communication interface which transmits the program code to the provisioning equipment server for provisioning the electronic device(s) with the program code and to receive an electronic provisioning token having provisioning control data. The provisioning control apparatus includes a processor that controls the transmission of the program code via the communication interface to the provisioning equipment server. The electronic provisioning token has time adjustment information for adjusting the clock, and the processor adjusts the time of the clock. A provisioning control system includes the provisioning control apparatus and a method involves provisioning the electronic device(s).

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with electronic device(s) for provisioning the electronic device(s) with a program code according to a first provisioning service tier of provisioning service tiers. The provisioning control apparatus comprises a communication interface for receiving an electronic provisioning token and a processor for determining the basis of the electronic provisioning token a second provisioning service tier afforded by the electronic provisioning token. The communication interface can transmit the program code towards the provisioning equipment server; the processor prohibits a transmission of the program code towards the provisioning equipment server if the second provisioning service tier afforded by the electronic provisioning token is insufficient for provisioning of the electronic device(s) by the provisioning equipment server in accordance with the first provisioning service tier.

Abstract: A provisioning control apparatus is configured to be coupled to a provisioning equipment server, which is electrically connectable with one or more electronic devices for provisioning the one or more electronic devices with first or second program codes. The provisioning control apparatus comprises: a communication interface configured to receive an electronic credit token having a credit counter; and a processor. The communication interface is configured to transmit the first and second program codes towards the provisioning equipment server. The processor is configured to update a value of the credit counter for each transmission of the first and second program codes to obtain an updated credit counter, and to prohibit a further transmission of the first or second program codes if the updated credit counter indicates that a number of transmissions is reached. A provisioning control system comprises the apparatus and a corresponding method for provisioning one or more electronic devices.

Abstract: A provisioning control apparatus is configured for coupling to a provisioning equipment server electrically connectable with an electronic device(s) for provisioning the electronic device(s) with a program code. The apparatus comprises: a communication interface configured to receive an electronic provisioning token including a provisioning counter indicating a total of transmissions of the program code towards the provisioning equipment server; and a processor configured to retrieve the provisioning counter from the received token. The interface can transmit the program code towards server; the processor can update a value of the counter for each transmission of the program code towards the server for an updated counter. The processor prohibits transmission of the program code towards the server if the updated counter indicates a total number of transmissions has been reached.

Abstract: A data provisioning device is arranged for provisioning a data processing entity from a set of data processing entities sharing the same joint decryption key. The data provisioning device comprises: a network interface configured to receive the provisioning data for provisioning the data processing entity, a joint encryption key associated with the joint decryption key, and control information indicating a processing scheme to be deployed by the data provisioning device when provisioning the data processing entity; a processor configured to process the provisioning data according to the control information to obtain processed provisioning data, to cryptographically encrypt the processed provisioning data using the received joint encryption key to obtain encrypted processed provisioning data; and a device interface configured to transmit the encrypted processed provisioning data to the data processing entity.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of an operating system when executed by the processor, and performs a cryptographic operation when the processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory area stores the operating system. The processor retrieves the boot program code from the first memory area and executes the boot program code to start the execution of the operating system. The processor re-executes the boot program code to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.

Abstract: A processor system includes a processor and a first memory area storing a boot program code. The boot program code starts execution of the operating system when executed by the processor, performs a cryptographic operation when processor executes the boot program code. A second memory area stores one or more cryptographic keys and is only accessible to the boot program code. A third memory stores the operating system. A communication interface receives data over a communication network. The processor retrieves the boot program code from the first memory area and executes the boot program code to start execution of the operating system. The processor terminates execution of the boot program code. The processor is configured to re-execute the boot program code while the operating system is executed to cryptographically encrypt data upon the basis of the cryptographic keys stored in the second memory area.