Abstract: A method for personalizing embedded secure elements, eSE, allows for simplified manufacturing before being integrated into host devices. An eSE implements services executed by an embedded operating system, OS, whereupon it is loaded into the eSE. The non-personalized eSE comprises an OS loader and a master cryptographic key common to a plurality of secure elements. It can therefore be produced in large numbers. The OS loader obtains an operating system package from a server and installs it. In response to the installation, the OS loader generates a derivation cryptographic key by diversifying the master cryptographic key, and then the OS generates personalized data by deriving pre-personalization data with the derivation key. The eSE, deployed in the field in a simple non-personalized state, is fully personalized without exchanging secret personalized data.

Abstract: A profile management device is provided. The device comprises a profile management module capable of dynamically creating and executing an execution task to respond to a need for remote management of a communication profile in a secure element embedded in a terminal; a communication module capable of setting up a first communications channel between the execution task and a communication profile manager; the execution task being capable of obtaining the communication profile from the manager via the first communications channel; the communication module being capable of setting up a communications session between the execution task and a communication agent configured to send to the secure element, at least one management command of the profile encapsulated in at least one message sent by the execution task in terms of the session; and a module configured to delete the execution task when an action responding to the need has been performed.

Abstract: A secure element (30) has a local store of file property data (50). A method of preparing a script to send to the secure element (30) to remotely provision a profile (31) at the secure element includes preparing the script such that the script lacks a command to create a file if the local store of file property data (50) at the secure element includes file property data which can be used to locally create that file. A script may include an entry of reduced length which refers to the file to be locally created, such as a SELECT FILE command and an identifier of the file.

Abstract: An embedded subscriber identity module (eUICC1) and a method of controlling such a module. The embedded subscriber identity module (eUICC1) is suitable for maintaining numerous communication profiles (P) simultaneously in the active state, and each active communication profile (P) allows the communications terminal (T) containing the embedded subscriber identity module to communicate with a mobile telephone network (R) associated with that communication profile.

Abstract: An embedded subscriber identity module (eUICC1), which includes communication profiles, and that co-operates with a communications terminal (T). The module includes at least two communication profiles (P) that are active at the same time so as to allow the communications terminal to communicate with each mobile telephone network (R1, R2) associated with the active communication profiles, a receive module for receiving, from the terminal (T), a command (CMD) that has one of the active communication profiles as its destination (P), (referred to as the destination profile), and a determination module for determining the destination profile from among the active communication profiles on the basis of a destination profile identifier included in the command.

Abstract: Authentication device and method for a system that includes a subscriber device and a companion device. The authentication method includes the subscriber device delivering to the companion device a temporary profile and an authentication response signed by the subscriber device for sending to a server, installing the temporary profile to configure a second wireless communication interface of the companion device, and requesting a second authentication from the server via the second interface by using the delivered authentication response so as to authorize the second interface when the companion device and the subscriber device are not in communication with each other via the first communication interface. The device and method may be used by systems that include a subscriber device (e.g., a mobile telephone) and a companion device, e.g. a connected watch or object.

Abstract: Devices and methods for managing a mobile communications profile stored in a nonvolatile memory of a secure element and performed by the secure element are disclosed. The devices and methods may include operations such as reading the state of a flag stored in the nonvolatile memory of the secure element and indicating whether the profile may be deleted; determining the active or inactive state of the profile; and if the flag indicates that the profile may be deleted and if it is determined that the profile is inactive, then deleting the profile.

Abstract: In the field of electronic devices, there is disclosed a secure module for housing at least one subscriber profile and an interface allowing the local configuration of a profile. The secure module also includes an activation agent including a unit for detection of a mode of local management of the profile for authorising and/or prohibiting the processing of the local configuration requests by a local manager according to the result of the detection. Also disclosed is a detachable integrated circuit cards or secure elements soldered into the device communicating via a mobile telecommunication network.

Abstract: An embedded subscriber identity module (eUICC1) and a method of controlling such a module. The embedded subscriber identity module (eUICC1) is suitable for maintaining numerous communication profiles (P) simultaneously in the active state, and each active communication profile (P) allows the communications terminal (T) containing the embedded subscriber identity module to communicate with a mobile telephone network (R) associated with that communication profile.

Abstract: An embedded subscriber identity module (eUICC1), which includes communication profiles, and that co-operates with a communications terminal (T).

Abstract: In the field of electronic devices, there is disclosed a secure module for housing at least one subscriber profile and an interface allowing the local configuration of a profile. The secure module also includes an activation agent including a unit for detection of a mode of local management of the profile for authorising and/or prohibiting the processing of the local configuration requests by a local manager according to the result of the detection. Also disclosed is a detachable integrated circuit cards or secure elements soldered into the device communicating via a mobile telecommunication network.

Abstract: A method for administering life cycles of communication profiles that are managed by a subscriber identity module (100) embedded in a telecommunications terminal (110) may be performed by the module (100), which is suitable for using at least one process for administering the life cycles of communication profiles. The process uses a set of at least one command and/or of at least one rule. The method includes operations for receiving (B610) a message (M610) issued by the terminal (110) and representative of the capabilities of the terminal (110); selecting or not selecting (B615) the set used by the process as a function of the capabilities of the terminal (110); and if the set is selected, administering at least one life cycle of at least one of the profiles by using the set of at least one command and/or of at least one rule.

Abstract: Authentication device and method for a system that includes a subscriber device and a companion device. The authentication method includes the subscriber device delivering to the companion device a temporary profile and an authentication response signed by the subscriber device for sending to a server, installing the temporary profile to configure a second wireless communication interface of the companion device, and requesting a second authentication from the server via the second interface by using the delivered authentication response so as to authorize the second interface when the companion device and the subscriber device are not in communication with each other via the first communication interface. The device and method may be used by systems that include a subscriber device (e.g., a mobile telephone) and a companion device, e.g. a connected watch or object.

Abstract: A secure element (30) has a local store of file property data (50). A method of preparing a script to send to the secure element (30) to remotely provision a profile (31) at the secure element includes preparing the script such that the script lacks a command to create a file if the local store of file property data (50) at the secure element includes file property data which can be used to locally create that file. A script may include an entry of reduced length which refers to the file to be locally created, such as a SELECT FILE command and an identifier of the file.

Abstract: A method for administering life cycles of communication profiles that are managed by a subscriber identity module (100) embedded in a telecommunications terminal (110) may be performed by the module (100), which is suitable for using at least one process for administering the life cycles of communication profiles. The process uses a set of at least one command and/or of at least one rule. The method includes operations for receiving (B610) a message (M610) issued by the terminal (110) and representative of the capabilities of the terminal (110); selecting or not selecting (B615) the set used by the process as a function of the capabilities of the terminal (110); and if the set is selected, administering at least one life cycle of at least one of the profiles by using the set of at least one command and/or of at least one rule.

Abstract: A method for modifying the profile in a device (D) including a communication module for communicating on a communication network, the device (D) being provided with a microcircuit storing connection data used by the communication module and associated with a profile, the method including the following steps: reception, by the microcircuit and via the communication module, of a request to deactivate (E6) the profile; transmission, by the microcircuit, of a first message (E10) to the device; transmission, by the device and to the microcircuit, of a response (E14) indicative of the existence of a critical situation; following the receipt of the response (E14) by the microcircuit, implementation of a time delay mechanism (E18); upon expiry of the time delay (E18), transmission, by the microcircuit and to the device, of a second message (E22) resulting in the deactivation of the profile. An associated device and microcircuit are also described.

Abstract: Devices and methods for managing a mobile communications profile stored in a nonvolatile memory of a secure element and performed by the secure element are disclosed. The devices and methods may include operations such as reading the state of a flag stored in the nonvolatile memory of the secure element and indicating whether the profile may be deleted; determining the active or inactive state of the profile; and if the flag indicates that the profile may be deleted and if it is determined that the profile is inactive, then deleting the profile.