A security feature for a valuable document, includes at least one unit of information, a luminescent material designed to emphasize the unit of information being provided in the region of said unit of information.
The invention relates to a method for producing a security feature (20) for a card-shaped data carrier (10), comprising the following steps: providing (100) at least one first material (30) in a main extruder of an extrusion apparatus (40); providing (101) at least one second material (32) in a secondary extruder of the extrusion apparatus (40), wherein the first material (30) and the second material (32) have a different thermoplastic behavior; heating (102) the first material (30) for forming a first melt (31) and the second material (32) for forming a second melt (33); co-extrusion (103) of the first melt (31) and the second melt (33) for forming a multilayer film (34), wherein, in the region of a nozzle outlet gap (41a) of the extrusion apparatus (40), in particular after the escape of the first and the second melt (31, 33) from the nozzle outlet gap (41a), a pressure (P) is exerted (104) on the extruded multilayer film (34), whereby a stress distribution pattern (21) is formed as a security feature (20) on the multilayer film (34). The invention further relates to a security feature (20) and to a card-shaped data carrier (10).
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
B29C 48/16 - Articles comprising two or more components, e.g. co-extruded layers
The present invention relates to a method for securely transmitting data from an loT device (101) to an application server (102) via a telecommunication network, wherein a re-encryption server (103) decrypts (S111) data encrypted by the loT device (101) and re-encrypts (S112) the decrypted data by an encryption key of the application server (102) in such a way that the application server (102) can obtain the data by decrypting the re-encrypted data. The invention further relates to a re-encryption server (103) configured to enable secure transmission of data from an loT device (101) to an application server (102) via a telecommunication network, wherein the re-encryption server (103) comprises a cryptography means configured to decrypt data encrypted by the loT device and to re-encrypt the decrypted data by an encryption key of the application server (102) in such a way that the application server (102) can obtain the data by decrypting the re-encrypted data. Moreover, the invention relates to a system (100) configured for secure transmission of data from an loT device (101) to an application server (102) via a telecommunication network, wherein the system 100 comprises the loT device (101) configured to encrypt the data, a re-encryption server (103) configured to re-encrypt the data encrypted by the loT device (101) and the application server (102) configured to decrypt data re-encrypted by the re-encryption server (103).
The invention provides a secure element comprising an SE application implemented therein or configured to implement an SE application therein. The secure element furthermore comprises: - an SE terminal interface to a terminal, in conjunction with which the secure element is able to be operated; - an ARA application (ARA-X) and ARA access rules, by way of which access operations from applications implemented in the terminal to SE applications implemented or able to be implemented in the secure element via the SE terminal interface are controlled. The secure element is characterized by: - an ARA user interface (ARA-UI), which is configured: ** to receive user commands that are input by a user on a user interface provided on the terminal or on the secure element; ** to forward received user commands to the ARA application; and ** to prompt the ARA application to apply forwarded user commands to the ARA application.
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
H04W 12/086 - Access security using security domains
H04W 92/08 - Interfaces between hierarchically different network devices between user and terminal device
7.
CARD-SHAPED DATA CARRIER WITH A BACK-INJECTED LAYER, AND METHOD FOR PRODUCING A CARD-SHAPED DATA CARRIER
The invention relates to a card-shaped data carrier (10), in particular a smart card, comprising a card body (11) with at least one arranging region (16) for receiving a chip module (20), said chip module (20) being arranged in the arranging region (16) of the card body (11). The chip module (20) comprises at least one chip, a contact structure (21), and at least one antenna, and the card body (11) is made of at least two layers (12, 13), wherein a first layer (12) is designed as a metal layer (30) with at least one slot (30a) which extends from a peripheral surface (31) of the metal layer (30) into the region of the arranging region (16) for the chip module (20) and through the entire thickness of the metal layer (30). A second layer (13) is produced in the form of a back-injected layer (40) by means of a back-injection process, said back-injected layer comprising a back-injection material (41). The back-injected layer (40) is arranged on the metal layer (30) such that the slot (30a) of the metal layer (30) is at least partly filled by the back-injection material (41). The invention additionally relates to a method for producing a card-shaped data carrier.
The present invention relates to methods, devices, and computer program products for man- aging subscriber profiles on an eLIICC 130. Within that context, a method for managing sub- scriber profiles stored in an eLIICC 130 comprises an ISD-R 131 and an API 132 implemented on the eLIICC 130, the API 132 providing for executing or executing via the ISD-R 131 a profile management operation concerning a subscriber profile of the eLIICC 130. Further, an applica- tion 133 installed on the eLIICC 130 instructs the API 132 to execute the profile management operation concerning the subscriber profile. The invention further relates to an according eLIICC 130, a device 150 having embedded therein a eLIICC 130 and computer program prod- ucts representing the API 132 and the application 133.
The invention relates to a data storage medium (10) in the form of a card, comprising: - a flexible inlay (19) with a contact structure (15) located on an upper face of the inlay (19), wherein the inlay (19) has an integrated circuit (20) spaced apart from the contact structure (15) and has at least one antenna (21); - an upper layer (17), which is located above the inlay (19), wherein the upper layer (17) has an opening (14), in which the contact structure (15) is located; and - a lower layer (18), which is located below the inlay (19); wherein the upper layer (17) comprises a continuous metal layer (34) and a ferrite layer (35), the ferrite layer (35) being located between the metal layer (34) and the flexible inlay (19). The invention also relates to a method for producing a data storage medium in the form of a card.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
10.
SECURITY FEATURE FOR AN IDENTIFICATION DOCUMENT, IDENTIFICATION DOCUMENT AND METHOD FOR PRODUCING A SECURITY FEATURE
The invention relates to a security feature (11) for an identification document (10), comprising a film (14), in the volume of which optically variable pigments (15) are introduced, and a marking (11a) which extends at least over a part of the optically variable pigments (15), wherein at least a part of the pigments (15) are carbonized.
In a method according to the invention for providing a virtual transaction card (100) for a user, a digital image (110) of the virtual transaction card (100) is created (S20), a data set (120) containing personalization data relating to the user is provided (S21), and the digital image (110) is linked to the data set (120) (S30) and is provided as a virtual transaction card (100). A virtual transaction card (100) provided in this manner comprises a digital image (120), representing a corresponding physical transaction card belonging to the user, and a data set (120) comprising personalization data from a corresponding physical transaction card belonging to the user.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
A method according to the invention for authorizing an application (12) installed on a security element (3) comprises the steps of transferring (42) authorization information from a user verification element (100) to the security element (3), comparing (43) the authorization information with respect to at least one requirement of a list on the security element (3); and selecting (45) the application (12) on the security element (3) and/or carrying out (46) a transaction using the application (12) provided that the authorization information meets the requirements of the list.
A hot stamping process comprises the following steps: performing first hot stamping on a to-be-printed object by using a first mold to form a bottom pattern on the to-be-printed object; or laminating a laser mirror substrate on a body of the to-be-printed object to form the to-be-printed object, and printing ink on one side of the to-be-printed object provided with the laser mirror substrate to form the bottom pattern on the to-be-printed object (101); performing second hot stamping on the bottom pattern by using a second mold, wherein the second mold is a mold with gridded light and shadow lines formed in advance, and the gridded light and shadow lines comprise a plurality of grid regions with different refractive index textures (102). The hot stamping process can make different regions of the final pattern visually present light and dark differences, so that the printed pattern has a stereoscopic light and shadow effect; moreover, only two hot stamping procedures are needed to obtain the printed pattern with the stereoscopic light and shadow effect, and the molds used in these two procedures can directly operate on the to-be-printed object, so the hot stamping process is simple with low costs.
B41M 5/382 - Contact transfer or sublimation processes
B41F 19/06 - Printing and embossing between a negative and a positive forme after inking and wiping the negative formePrinting from an ink band treated with colour or "gold"
The method according to the invention for authorizing an application (12) installed on a security element (3) comprises the steps of detecting (41) a user feature by means of a sensor (6) of a user verification element (100) and generating sensor data which characterize the user feature; deriving (42) a user verification status from the sensor data by means of the user verification element (100); and transmitting (43) the user verification status from the user verification element (100) to the security element (3) for authorizing the application (12) by the security element (3).
The invention relates to a method for managing at least one eUICC information set (EIS) of a eUICC. The method comprises the following consecutive steps: - generating (110) a first request for registering the eUICC information set (EIS) at an eUICC manufacturer (EUM), the first request comprising a first Function Call Identifier (FCI); - sending (120) the first request from the eUICC manufacturer (EUM) to an intermediate buffer proxy (20); - generating (130) a response to the first request within the intermediate buffer proxy (20); and - sending (140) the response to the request to the eUICC manufacturer (EUM).
The invention relates to a method for generating a memory image (IM) for a security element (SE) with the aid of a computer, wherein an operating system (OS) is integrated into the memory image (IM) in order to operate the security element (SE), and one or more objects (O1, O2) are allocated in the memory image (IM). Each object (O1, O2) is provided with a corresponding data set (DA1, DA2) for description purposes, said data sets being individually allocated to the security element (SE).
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
The present invention relates to a card-shaped data carrier (10), in particular a smart card, comprising: an electronic chip module (12) having at least one chip and a contact structure (12a); and a card body (11) having an arrangement region (14) for receiving the chip module (12), wherein: the chip module (12) is arranged in the arrangement region (14) of the card body (11); the card-shaped data carrier (10) has at least a first wood layer (20) and at least a second wood layer (30); the card-shaped data carrier (10) can be bent out of a rest position into a bent position by the application of an external force; at least one restoring element (13) for increasing the restoring force of the card-shaped data carrier (10) is arranged between the first wood layer (20) and the second wood layer (30); and the restoring element (13) is designed such that the card-shaped data carrier (10) can be automatically, in particular elastically, returned from the bent position to the rest position when the external force is no longer applied.
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
The present invention relates to a card-type data carrier (10), more particularly a smart card, comprising an electronic chip module (12) having at least one chip and a contact structure (12a), and a card body (11) with an arrangement region (16) for receiving the chip module (12), the chip module (12) being arranged in the arrangement region (16) of the card body (11). The card-type data carrier (10) consists of at least two different materials and comprises at least one label element (20) that includes the individual material composition of the card-type data carrier (10).
The invention relates to a UICC (1), preferably a subscriber identity module, comprising at least one profile (173a-c) and a subscription manager (174), the or each profile (173a-c) having a status that is active or inactive. The at least one profile (173a-c) further has a releasable interface object (SIO), which enables the subscription manager (174) to access each profile (173a-c) regardless of the status of the particular profile (137a-c).
The present invention relates to a laminate (10) for a cardlike data medium, more particularly a smart card, comprising at least three layers (11, 12, 13) with a first layer (11), a second layer (12) and a third layer (13), where the second layer (12) is disposed between the first layer (11) and the third layer (13), where the first layer (11) and the third layer (13) comprise polylactide, PLA, and the second layer (12) comprises a PLA-free laser polymer mixture (16), where the laser polymer mixture (16) comprises at least one first plastic (14a), at least one second plastic (14b) and at least one laser additive (15), where a material of the first plastic (14a) is different from a material of the second plastic (14b). The invention further relates to a cardlike data medium and to a method.
The present invention relates to a card-like data carrier (10), in particular a Smart Card, comprising an electronic chip module (12) having at least one chip and a contact structure and a card body (11) with an arrangement region (16) for receiving the chip module (12), the chip module (12) being arranged in the arrangement region (16) of the card body (11) and being connected to the card body (11) by means of at least one adhesive (21), wherein the adhesive (21) is designed so as to be thermolytically and/or chemically dissolvable in a predefined temperature range for separating the connection between the chip module (12) and the card body (11). The invention further relates to a method for detaching an adhesive connection for a card-like data carrier (10).
The application provides a smart card, which comprises a central area and an edge area surrounding the central area comprising a first protection layer, a function layer and a second protection layer which are sequentially stacked, wherein the function layer comprises: a read-write module, comprising a first chip and a first coil, wherein the first chip is located in the central area, and the first coil comprises a first winding part arranged around the central area and first electrical connection terminals electrically connected with the first chip; a light-emitting module, comprising a second chip, a second coil and controlled light sources, wherein the second chip is located in the central area, and the second coil comprises a second winding part arranged around the central area and second electrical connection terminals, wherein the second winding part is insulated from the first winding part, and the second electrical connection terminals and the controlled light sources are electrically connected with the second chip respectively. The smart card provided by the application greatly facilitates the user to know a use state of the smart card, thereby largely avoiding the user from making payment or repeating payment without knowledge, which facilitates ensuring property safety.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
The invention relates to a method in a secure element, SE, for generating at least one symmetric key and/or one SE-specific cryptographic key pair in order to create and transmit a response to an identity query transmitted by a network, in particular a GET IDENTITY command, comprising the following method steps: First step: generating, in the SE, at least one SE-specific cryptographic key pair on the basis of an ECC algorithm and storing the at least one SE-specific cryptographic key pair in a non-volatile memory; and/or Second step: generating, in the SE, the at least one symmetric key using the stored private key portion of the first SE-specific cryptographic key pair and a public key portion of a network key pair in the SE and storing the symmetric key in the non-volatile memory, wherein the first step and/or the second step has/have already been executed before the reception of the identity query transmitted by the network, wherein the public key portion, generated in the first step, of the SE-specific cryptographic key pair and the symmetric key generated in the second step are used to create and transmit the response to the identity query transmitted by the network, wherein the start of the second step is executed in a temporally decoupled manner following the execution of the first step. The invention additionally relates to an SE, to a computer program product and to a system comprising an SE and a network.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
G06F 21/77 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
The invention relates to a security feature (11) for a data medium (10), comprising a substrate (15), an encrypted representation (16) of the safety feature (11), said encrypted representation (16) being disposed in or on the substrate (15) and containing multiple individual representations, said multiple representations being disposed in a pitch (T) over a dimension of the security feature (11), the security feature (11) further comprising a decoder (17) with a grid (17a), a grid spacing in the grid (17a) corresponding to the pitch (T), an integer multiple of the pitch (T) or a binary fraction of the pitch (T).
The invention relates to a method in a secure element (SE), comprising the following method steps: obtaining, in the SE, an identity query, in particular a GET IDENTITY command, sent by a network; encrypting, by means of the SE, identity data stored on the SE, in order to generate encrypted identity data using a symmetrical key generated in the SE before the obtaining step; applying, by means of the SE, a message authentication code (MAC) algorithm to the generated encrypted identity data in order to obtain a MAC; and creating and sending a response to the identity query from the SE to the network, wherein the message contains the encrypted identity data and the MAC. The invention also relates to a SE, to a computer program product, and to a system comprising a SE and a network.
Proposed is a method for producing a security feature (11) for a data medium (1), involving the steps of: - providing a molding means having a molding structure (23) of a representation (16) of the security feature (11); - introducing the representation (16) into a substrate (10) by molding the molding structure (23); and - disposing a diffractive or refractive structure (17) on the substrate (10).
The present invention relates to methods, interfaces and devices for delegated management of profiles of an embedded Universal Integrated Circuit Card, eUICC, included in a mobile device. Delegated management is provided to a 5 profile selected from a list of profiles available at the eUICC by registering the eUICC with a server and joining with the selected profile an existing subscription group of profiles on the server or by creating a new subscription group on the server based on the selected profile.
H04W 12/069 - Authentication using certificates or pre-shared keys
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04W 12/30 - Security of mobile devicesSecurity of mobile applications
The present invention relates to an update agent, a secure element containing the update agent, and a method for loading and personalizing a software in the secure element. In a first step, an update agent is loaded into the secure element. In a further step, software personalization data is loaded into the secure element, and stored in the update agent. Subsequently, the software is loaded into the secure element and personalized using the software personalization data stored in the update agent.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
29.
UPDATE AGENT WITH PROVISIONING CONNECTIVITY AND SECURE ELEMENT COMPRISING THE SAME
The present invention relates to an update agent, a secure element containing the update agent, and a method for retrieving a software image to be stored onto the secure element. The update agent comprises a communication interface for providing connectivity to a storage module for downloading software images onto the SE. The update agent comprises further a first memory storing authentication data for authenticating software images, and a second memory storing credentials for personalizing software images.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
A method for personalizing a software, in particular an operating system OS, in a secure element, SE, (100) comprises the steps of loading S2 a software image (30; 30a, 30b) into the memory (20) of the SE (100); loading S3 a software personalization record 40 comprising personalization data (41) into the memory (20) of the SE (100); and personalizing S7, S8 the loaded software image (30; 30a, 30b) using the software personalization data (41). According to the invention, personalization of the software image (30; 30a, 30b) is initiated S5 by an internal agent (10) of the SE (100). Preferably, initiation S5 personalization of the software image (30; 30a, 30b) by the internal agent (10) is triggered by a trigger event (200) that is detected S4 by the internal agent (10), the trigger event (200) being unrelated to software personalization.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
31.
UPDATE BACKUP AND FAILSAFE ROLLBACK IN SECURE ELEMENTS
The present invention relates a method and an apparatus for updating software loaded on a secure element, SE, which SE comprises an update agent handler, and an update agent. In a first step, a request to backup a current version of software loaded on the SE is received at the SE. The request is preferably sent from a device, external to the SE. Upon receiving the backup request, the SE performs a secure backup of the current software version, and returns the software backup to the device, to be stored thereon. In a further step, the SE performs an update process of the current software version, to obtain an updated software version. If the update process fails, a rollback is performed at the SE to restore the software backup as a new current software version on the SE.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
32.
USER PATTERN ORIENTED METHOD AND SYSTEM FOR PREVENTION OF RISK IN CARD BASED TRANSACTIONS
Disclosed herein is a method is provided to effectively preempt or prevent any instance of fraudulent, or otherwise unauthorized and /or undesired use of a Card by dynamic, user-configurable profiling of user and / or usage pattern information. Characteristically, the system implementation includes a duo of Payment applet (02) and Fraud Rule detection Applet (03) in separate packages provided on the Card (01) and a Mobile Applet (04) on smart phone of the Card owner, which trio interactively enabling the Card holder to keep and configure the CRM rules for effectively safeguarding against fraudulent and / or undesired transactions using the Card.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
33.
UPDATE OF AN OPERATING SYSTEM IN A SECURITY ELEMENT
The present invention relates to a method for updating an operating system, OS, (30) administering a file system (32) in a secure element, SE, (100). The method comprises the steps of providing SI an update agent (10) in the SE (100); assuming control S3 of the SE (100) by the update agent (10) from the operating system (30); loading S4 an OS image (31) into the SE (100), the OS image (31) representing an update of the operating system (30); providing S5a an updated operating system (30) by installing the OS image (31); and handing over control S6 of the SE (100) by the update agent (10) to the updated operating system (30). Within this update process, the update agent (10) provides Sla a provisional file system (12) in the SE (100) and administers S5a the provisional file system (12) as long as the update agent (10) is in control of the SE (100). The present invention also relates to a respective secure element (100), a respective update agent (10), and to a respective computer-program product.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 9/44 - Arrangements for executing specific programs
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Identification document (10) having a base element (20), which has a surface (30) with a personalization region (PB), where a first personalization layer (P1) is integrated at a depth (T) below the surface into the base element in the personalization region; and a second personalization layer (P2) is located on and/or in the surface (21) in the personalization region; where a laser additive is contained in the second personalization layer and/or in a protective layer (S) disposed over the second personalization layer. The first personalization layer is a laser engraving (LG) formed by carbonizing the material of the base element. The laser additive (LA) contains particles, such as carbon black particles and/or nanoscale metal oxide particles, which absorb energy from a laser. A sensitization for laser beams in the base element may be weaker than in the second personalization layer and/or in the protective layer. The first personalization layer may contain a black component and the second personalization layer may contain a coloured component of a colour image.
The present invention relates a method and a device for upgrading an Executable Load File, ELF, having dependencies, on a Secure Element, SE. The method comprises in a first step receiving a request for upgrading an ELF, the request comprising a first identifier, identifying a first ELF version loaded on the SE, a second identifier, identifying a second ELF version loaded on the SE, and an upgrade option. Upon receiving the request, dependencies of the first ELF version from other ELFs loaded or stored on the SE are determined. Subsequently, if dependencies have been determined, it is checked whether the upgrade request is allowed. If the update request is allowed, an upgrade session is started and the first ELF version is replaced with the second ELF version. The dependencies of the first ELF version are then linked to the second ELF version.
In a method for producing a chip card body having a metallic core layer (15) for a contactless or dual-interface chip card (150, 250, 350) a slot (25) in the metallic core layer (15) for reducing eddy currents is generated not in the metallic multiple-copy sheet (10) itself but instead only in the metallic core layer (15) extracted from the metallic multiple-copy sheet (10). In this way there are no short-circuit-forming metal chips left in the slot (25), since the slot (25) is generated only after the extraction of the metallic core layer (15) from the multiple-copy sheet (10).
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
The present invention relates to a method, a data structure, and an update agent for implementing a scheme for downloading an operating system image onto a secure element. The update agent receives from an external device an installation package for installing an operating system onto the secure element. The update agent requests control of the secure element and loads the operating system received with the installation package into the secure element, after which control of the secure element is transferred to the operating system.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
1. A method, at a data generation server, for generation of a profile image for downloading the profile image from the profile server to an eUlCC hosted in a device, for the purpose of installing a profile corresponding to the profile image in the eUlCC, the method comprising the steps: Ga) provide, on the data generation server, at least one global identifier (Gl) and at least a first functionality identifier (Fll) and a second functionality identifier (FI2) different from the first functionality identifier (Fll); Gb) generate, on the data generation server, at least a first profile image (Pl) and a second profile image (P2), - the first profile image (Pl) based on the global identifier (Gl) and the first functionality identifier (Fll), and - the second profile image (P2) based on the global identifier (Gl) and the second functionality identifier (FI2); Gc) assign the at least first and second profile images (Pl, P2) to the same global identifier (Gl); Gd) store the at least first and second profile image (Pl, P2) as profile images assigned to the same global identifier (Gl), for providing the at least first and second profile image (Pl, P2) to the profile server for download to eUlCCs.
A method, on a data generation server, for preparing generating a profile image for download from a profile server to an eUlCC hosted in a device, for the purpose of installing a profile corresponding to the profile image in the eUlCC, the method comprising the steps: a) at a data generation server, generate, for multiple devices, multiple non-personalized profile images (PI), each non-personalized profile image (PI) comprising at least one functionality identifier specific for the respective device, and each non-personalized profile image (PI) not comprising any individual global identifier specific of an individual eUlCC, and store the generated multiple non-personalized profile images (PI) for providing (GP) to the profile server; b) at the data generation server, generate at least one profile-data image (RD), said profile-data image (RD) comprising at least one individual global identifier of an individual eUlCC, and store the generated at least one profile-data image (RD) for providing (GD) to the profile server.
The present invention relates to a method, an update agent and an off-card entity for implementing an authentication scheme for providing a software image to a secure element. An installation package comprising a package binding function for linking the installation package to the secure element, a manifest, a manifest signature generated using a block-cipher algorithm, and a software image is received at an update agent within the secure element. The update agent implements an authentication and integrity scheme by verifying various signatures contained within the installation package and install the software image in case of successful authentication and integrity verification.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The present invention relates to methods, apparatus and systems for implementing an encryption scheme for providing a software image to a secure element. The software image is converted into a sequence of ciphered blocks, which is protected with an authentication tag to obtain a sequence of protected blocks, which are then transmitted to an update agent on the secure element. The steps of converting the software image into a sequence of ciphered blocks and protecting the sequence of ciphered blocks with an authentication tag are implemented by an authenticated encryption function using a same block cipher.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
42.
METHOD FOR CALCULATING A TRANSITION FROM A BOOLEAN MASKING TO AN ARITHMETIC MASKING
The invention relates to a method for changing a masking from a Boolean mask to an arithmetic mask with a modulus (2m *p), wherein m is a whole number which is greater than or equal to null, and p has at least one prime divisor which is not equal to 2 so that a carry is generated. The carry is masked or balanced in order to protect the carry against an access violation.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
G06F 21/75 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation, e.g. to counteract reverse engineering
G06F 7/72 - Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radixComputing devices using combinations of denominational and non-denominational quantity representations using residue arithmetic
G06F 7/76 - Arrangements for rearranging, permuting or selecting data according to predetermined rules, independently of the content of the data
H04W 12/47 - Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
43.
DATA-BEARING CARD AND SEMI-FINISHED PRODUCT AND WIRING LAYOUT FOR SAME, AND METHOD FOR PRODUCING SAME
The invention proposes several alternatives of how to electrically connect two electronic components (2, 15) of a chip card to one another. According to the invention, two contact terminals of one of the two electronic components (15) are electrically connected to each other either directly or via associated contact pads (14B, 14C) inside the card body (1).
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
44.
PAYMENT SOLUTION, ESPECIALLY DIGITAL PAYMENT SOLUTION
A payment solution provisioning system comprising a payment card credential transfer interface means between a payment card production system and a remote SIM provisioning system, and by a payment card credential storage at the remote SIM provisioning system, storing payment card credentials received at the remote SIM provisioning system from the payment card production system, storing such that the payment card credentials can be downloaded to an eUlCC the way normally subscription profiles are downloaded to a eUlCC. The payment card credentials stored in the eUlCC are a digital payment solution. The same payment card credentials personalized into a physical payment card at the payment card production system are a physical payment solution. Both together build a combined digital and physical payment solution. A mobile device comprises a payment application comprising a payment card credential interface which is constructed to send to a SIM provisioning system, via an RSP infrastructure, a payment card credential download request, and to manage receipt of requested payment card credentials from the SIM provisioning system, via the RSP infrastructure, and to store the received payment card credentials to the eUlCC.
The invention relates to a security feature (11) for a valuable document (10), comprising at least one unit of information (14), a luminescent material (20) designed to emphasise the unit of information (14) being provided in the region of said unit of information (14).
The invention relates to a security feature (11) for a valuable document (10), into which markings (19, 20) are introduced by at least one laser beam, having at least one laser-sensitive recording layer (16) which is transparent in the visible spectral range, light-diffracting or light-refracting structures (18) arranged on a first side of the recording layer (16), at least one first marking (19) which is introduced into the at least one recording layer (16) by a laser beam from at least one direction (21, 22) through the light-diffracting or light-refracting structures (18) into the at least one recording layer (16) and is visible when viewed from the same direction (21, 22) from a second side, at least one second marking (20) which is introduced into the at least one recording layer (16, 17) with a laser beam from the second side of the recording layer (16) and is visible when viewed from the first and the second side.
In order to prevent, in a contactlessly communicating chip card, in particular a dual-interface chip card, an undesired outflow of the soldering material (40) intended to establish an electrical connection between a contact connection (21) of an antenna coil (20) extending in a card body (10) and an antenna pad (37) of a chip module (30) inserted in the card body (10), a solder stop mask is applied to a conductor path (36) of the chip module (30) close to the antenna pad (37) and blocks a solder flow along the conductor path, said solder stop mask consisting of the same plastic as the one used to embed a chip (33) of the chip module.
The invention relates to a method for personalizing a secure element, having the following steps: receiving, in a data generator, a request for a bundle of storage images for a plurality of secure elements, wherein each requested storage image of the received bundle relates to a secure element of the plurality of secure elements, and each secure element of the plurality of secure elements is securely installed in a corresponding terminal of a plurality of terminals; obtaining, in the data generator, at least one subscription data set for at least one securing element to be personalized of the plurality of secure elements, said subscription data set being obtained from a subscription managing server; providing, by means of the data generator, an operating system or a part of the operating system for the secure element to be personalized; generating, by means of the data generator, a storage image for each of the secure elements according to the received request, said storage image of the secure element to be personalized comprising the provided operating system or the part of the operating system and additionally the obtained at least one subscription data set; and bundling the generated storage image and providing the bundled storage image in the form of a storage image bundle by means of the data generator in order to complete the terminal, thereby introducing at least the storage image of the secure element to be personalized into the secure element in order to personalize the secure element.
H04W 12/40 - Security arrangements using identity modules
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
49.
CHIP BODY FOR A CHIP CARD, CHIP CARD, AND METHOD FOR PRODUCING A CHIP BODY
The invention relates to a card body (10) for a chip card (20), having two metal layers (16, 18), between which a non-conductive central layer (17) is arranged, wherein a module opening (14) for receive a chip module (21) is already produced in one metal layer (16) and in the aforementioned metal layer (17) or can still be produced in a module opening zone, and two slots (15), one of which extends from the peripheral surface (13) of the card body (10) to the module opening (14) or to the module opening zone in a metal layer (16, 17) and severs each of the metal layers (16, 17) at a respective height. The entry angle (a) of the two slots (15) into the metal layer (16) does not equal 90° relative to the surface (11) of the metal layer (16) in each case, and the two slots (15) have opposite inclinations relative to a surface normal of the surface (11) of the metal layer (16).
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
50.
CARD ELEMENT, CHIP CARD, AND PROCESS FOR MANUFACTURING A CARD ELEMENT FOR A CHIP CARD
The invention relates to a card element (10) for a chip card (30), comprising an outer metal layer (16) with a flat surface interrupted only by a module opening (14) for receiving a chip module (31), the module opening (14) extending to an inner side , further comprising a ferrite layer (17) which is located on the inner side and through which the module opening (14) extends, an inner metal layer (18) which is disposed on the ferrite layer (17) and through which a portion (14a) of the module opening (14) having a reduced cross-section extends, a slit (15) which extends from a peripheral surface (13) of the inner metal layer (18) to the module opening (14) and which extends through the entire thickness of the inner metal layer (18), and a final layer (19, 20) which is made of a plastic material and is disposed on the inner metal layer (18).
The invention relates to a chip card (10) comprising a flexible inlay (19) which has chip card (10) contacts (15) on an upper face of the inlay (19) and which supports an integrated circuit (20) and an antenna (21), both of which are spaced apart from the contacts (15), further comprising a top layer (17) with a recess (14) in which the contacts (15) are placed, and a metal layer (25) which is located below the inlay (19) and includes a slit (16) that extends from a peripheral surface (13) of the metal layer (25) to the area of the recess (14) and extends through the entire thickness of the metal layer (25).
The invention relates to a method for determining a value of an electromagnetic field strength (H) by means of a chip card (10), having the steps of - providing a chip card (10) having a coil (16) and an integrated circuit (14); - calibrating the chip card (10) by means of different values of an electromagnetic field strength (H), wherein a power of the integrated circuit (14) is determined in each case for a specific value of the electromagnetic field strength (H); - correlating the different values of the electromagnetic field strengths with a corresponding power of the integrated circuit (14) in each case; - applying an electromagnetic field strength (H) of an unknown value to the chip card (10); - determining a power of the integrated circuit (14); and - determining the value of the electromagnetic field strength (H) corresponding to this power by means of the correlation.
G06K 17/00 - Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups , e.g. automatic card files incorporating conveying and reading operations
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 7/10 - Methods or arrangements for sensing record carriers by electromagnetic radiation, e.g. optical sensingMethods or arrangements for sensing record carriers by corpuscular radiation
53.
CARD BODY, CHIP CARD, METHOD FOR SWITCHING A WIRELESS FUNCTION OF A CHIP CARD AND METHOD FOR PRODUCING A CARD BODY FOR A CHIP CARD
The invention relates to a card body (10) for a chip card (30), having a metal main body (11) with two opposite main surfaces (12, 13), wherein a module opening (17) for receiving a chip module (31) with a coil (32) is already made in the main body (11) or is yet to be made in a module opening zone, and having a slot (18) which extends from a circumferential surface (16) of the main body (11) to the module opening (17) or to the module opening zone and which extends between the two main surfaces (12, 13), wherein a switching apparatus (20) with a switching element (22) and a switching recess (21) is provided for switching a wireless function of the chip card (30), wherein the switching recess (21) is arranged in contact with the slot (18) and/or inside the module opening (17) or the module opening zone, wherein the switching element (22) is provided in or on the switching recess (21), wherein the switching element (22) electrically bridges the slot (18) and/or the coil (32) and/or blocks a magnetic flux in the module opening (17) in an off position, and wherein the switching element (22) electrically clears the slot (18) and/or the coil (32) and/or allows the magnetic flux in the module opening (17) in an on position.
The invention relates to a method for producing a chip card (20), said chip card (20) comprising a card body (10) and a chip module (21) arranged thereon. The method has the steps of providing (100) a card body (10); producing (110) a cavity (16) for receiving the chip module (21); producing (120) at least one component opening (18) for each of one or more electronic components (28, 29) in an overlap region (16b), which is covered by the chip module (20) arranged later; applying (130) soldering material onto the electronic component(s) (28, 29), into the at least one component opening (18), and/or onto a lower face of the chip module (21); placing (140) the electronic component(s) (28, 29) in the at least one component opening (18); introducing (150) the chip module (21) into the cavity (16); and heating (160) the soldering material.
The invention relates to a card body (10) for a chip card (30), comprising a metal layer (11) made of a steel alloy, wherein the steel alloy of the metal layer (11) contains 0.07 to 4 wt.%, preferably 0.1 to 3 wt.%, of carbon, and/or the steel alloy of the metal layer (11) contains 0.01 to 0.3 wt.%, preferably 0.02 to 0.04 wt.%, of sulfur.
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
The invention relates to a card body (10) for a chip card (20), comprising a module opening (14) for receiving a chip module (30) having a coil (32), a metal layer (11) having a slot (15) which extends from an outer edge of the metal layer (11) to the module opening (14), and a plastic layer (12) which is applied to one side of the metal layer (11). The module opening (14) comprises a blind hole (14a) cut out of the plastic layer (12) and the metal layer (11) and an outer area (14b) which surrounds the blind hole (14a) which is cut out of only part of the height of the plastic layer (12). A further slot (16, 17) is provided in the outer region (14b) in the metal layer (11).
G06K 19/04 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the shape
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
57.
METHOD FOR PRODUCING A CARD BODY, CARD BODY FOR A CHIP CARD, AND CHIP CARD
The invention relates to a method for producing a card body (10) for a chip card (30), having the steps of: - providing (100) a metal main part (11) with two main surfaces (12, 13) lying opposite each other and a peripheral surface (14) which connects the two main surfaces (12, 13), wherein a module opening (17) for receiving a chip module (30) is already produced in the main part (11) or is to be produced in a module opening zone, and - producing (200) a slot (18) on the peripheral surface (14) between the two main surfaces (12, 13), wherein the slot (18) is formed from the peripheral surface (14) to the module opening (17) or to the module opening zone, and an insert angle (α) of the slot (18) in at least one of the two main surfaces (12) is an unequal to 90° relative to the main surface (12).
G06K 19/063 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code the carrier being marginally punched or notched, e.g. having elongated slots
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
58.
METHOD FOR PRODUCING A CARD BODY, METHOD FOR PRODUCING A CHIP CARD, CARD BODY FOR A CHIP CARD, AND CHIP CARD
The invention relates to a method for producing a card body (10) for a chip card (20), having the steps of: providing (100) a flat card body (10) with a metal core (12), wherein at least the main surface (12a) of the metal core (12) is at least partly covered by a plastic layer (13), and the metal core (12) has a slot (16) running from the outer edge (12b) of the main surface (12a) into the main surface; and introducing (110) a cavity (15) with a base surface (17) for receiving a chip module (21) into the plastic layer (13) such that the cavity (15) at least partly covers the slot (16) and such that excess material (18), relative to the base surface (17), remains at least along the slot (16).
According to a method for producing a multi-layer card body (11; 12) including a metal core layer (2) and at least one cover layer (17) for a wireless or dual-interface chip card (13) an adhesive (5) is applied to at least one face (8; 9) of the metal core layer (2) such that the adhesive (5) fills a slot (3) in the metal core layer (2). The metal core layer (2) is then laminated with the cover layer (17) by means of the adhesive (5). As a result, no short-circuit is provoked in the slot (3), e.g. by metal chips left in the slot (3), because the slot (3) has already been filled with the adhesive (5).
G06K 19/07 - Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards with integrated circuit chips
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
60.
IDENTIFICATION CARD AND MANUFACTURING METHOD OF IDENTIFICATION CARD
An identification card, including: a ceramic substrate (1) which includes a main body and an anti-fingerprint film (4), herein the main component of the main body is zirconia powder, the main body has opposite surfaces, the anti-fingerprint film is arranged on each of the surfaces, and an accommodating slot is provided on the ceramic substrate, the accommodating slot is located on at least one side surface of the main body and penetrates the anti-fingerprint film on the surface, and the accommodating slot has a bottom surface and an opening opposite to the bottom surface; and an information identification part arranged in the accommodating slot, herein the information identification part includes a chip part (2) and an information marking part (3), orthographic projections of chip part and information marking part on the ceramic substrate do not overlap, the chip part has opposite lower and upper surfaces, the lower surface faces the bottom surface of the accommodating slot for accommodating the chip part, and the upper surface does not protrude from the opening of the accommodating slot for accommodating the chip part. The ceramic substrate is formed of zirconia powder with high hardness, high density, and tight structure, this can further enhance the bending and wear resistance of the identification card, and increase the service life of the identification card.
H01L 21/48 - Manufacture or treatment of parts, e.g. containers, prior to assembly of the devices, using processes not provided for in a single one of the groups or
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
The present invention is directed towards a method for making sure that a piece of software to be installed on an end device is compatible with an existing software and especially the underlying hardware structure of the end device. Consequently, it is an advantage of the present invention that new software components can be evaluated before installing them, thus preventing incompatible software components from being installed on an end device which would harm or destroy the same. Furthermore, the present invention is directed towards a system arrangement implemented in accordance with the suggested method along with a computer program product comprising control instructions for implementing the suggested method.
The identification card includes a glass substrate provided with first and second surfaces facing opposite directions. The first surface of the glass substrate is provided with at least one first recess, and the identification card includes a first resin material layer filled in the first recess; and at least one of a first information storage medium, a first security feature, and a first decorative feature bonded to the first resin material layer. In a variation, an identification card has a ceramic substrate with first and second surfaces facing in opposite directions. The first surface of the ceramic substrate is provided with at least one first recess, and the identification card includes a first resin material layer filled in the first recess(es); and at least one of a first information storage medium, a first security feature, and a first decorative feature bonded to the first resin material layer.
G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
The invention discloses an identification card, which comprises a ceramic substrate with opposite surfaces, and at least one surface is provided with an accommodating part; wherein a marking joint part is arranged in the accommodating part, and the orthogonal projection of the accommodating part on the ceramic substrate covers the orthogonal projection of the marking joint part on the ceramic substrate, and the marking joint part comprises a bearing layer and a marking part arranged on the bearing layer, wherein the bearing layer and the marking part are of an integrated structure. The ceramic substrate is provided with an accommodating part for setting an marking joint part to ensure the flatness of the identification card, and the orthogonal projection of the accommodating part on the ceramic substrate covers the orthogonal projection of the marking joint part on the ceramic substrate, which makes it convenient for placing the marking joint part. The bearing layer of the marking joint part and the marking part are of an integrated structure, which has high structural strength and is not easy to separate. The identification card of this disclosure has higher material hardness and structural strength and is not easy to deform.
G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
64.
INFORMATION READING METHOD, APPARATUS, SYSTEM AND STORAGE MEDIUM
The application discloses a method, an apparatus, a system and a storage medium for information reading. The method comprises the following steps: sending request information to a server, wherein the request information includes a first vehicle identity and a preset time length for a server to determine digital key information according to a first vehicle identity and a preset time length; the first vehicle identity is an identity of the vehicle that is pre-controlled by a terminal, and the preset time length is the time length for the terminal to control the vehicle; the digital key information sent by the server is received for the vehicle to read the digital key information in the terminal through near field communication, thus improving the user experience.
An identification card which comprises a card body, wherein the card body have a first surface and a second surface which are opposite to each other and a plurality of side surfaces connected with the first surface and the second surface, a bending part is formed at the intersection between every two adjacent side surfaces, the outer edgeof the bending part is covered with a first protective layer, and the shape of the first protective layer is matched with the shape of the bending part. The bending part of the card body is easier to be worn and damaged, so the first protective layer is arranged at the outer edge of the bending part, and the shape of the first protective layer matches the shape of the bending part. The first protective layer is made of metal or other materials with high hardness to prevent it from being damaged, thus effectively protecting the bending part of the card body from being in contact with the outside, avoiding scratch and damage, extending the service life of the identification card and increasing the added value of the card.
According to a method for updating a software in vehicles (50) of a vehicle fleet, at least one vehicle (50) of the vehicle fleet (S2) is identified, the software (SW) of which vehicle is to be updated, and the software (SW) of the vehicle identified (50) is then updated via a radio connection (40) in accordance with predefined updating conditions (B) (S12, S13). According to the invention, the updating conditions (B) are determined (S8; S8b) in such a manner that a machine learning model (13; 13a, 13b), which models transmission qualities (Q) of radio connections (40), predicts a sufficient transmission quality (Q) for the radio connection (40) in order to update (S12, S13) the software (SW) of the at least one vehicle (50).
The invention discloses an identity authentication method, apparatus, device and storage medium. the method comprises extracting M first feature points from a target identity feature of a target user; generating N target shapes according to the M first feature points; determining a parameter value of each target shape of the N target shapes; generating N asymmetric public and private keys according to the parameter values of the N target shapes; and authenticating an identity of the target user according to private keys in the N asymmetric public and private keys and acquired Q public keys, and when a number of the private keys of the N private keys matched with the Q public keys is larger than a preset threshold, passing the identity authentication of the target user; wherein the public keys are public key of the asymmetric public and private key generated according to parameter values of target shapes; and the parameter values of the target shapes are determined by W second feature points in the target identity feature of the target user. According to the embodiment of the invention, the loss or leakage of user identity feature information can be avoided, and the security of an identity authentication mode can be improved.
A subscriber identity module (eUICC), comprises profiles for the utilization of a mobile terminal that include at least a first profile and at least a second profile, of which the second profile (Pr1, Pr2) is devised as an active profile. The first profile is designed as a root profile (PrR) which in a normal state of the subscriber identity module is in an inactive state, and which is devised to be activated in response to an authentication command (AUTHENTICATE) received at the subscriber identity module. The authentication command is specially parameterized for the root profile (PrR) with a specific root value of the network parameter (P2) to be activated during a change-over period. The initially active second profile (Pr1, Pr2) is deactivated during the change-over period. After the end of the change-over period, the first profile (PrR) is again deactivated and the second profile (Pr1, Pr2) is again activated.
The invention relates to a method for testing a card element comprising a metal core layer for a contactless or dual-interface chip card, and a method for producing a corresponding contactless or dual-interface chip card. One basic idea of the present invention involves testing the functionality of the card element before the chip module used for testing, or a corresponding chip module, is fixed into the cavity of the card element. A card element having impurities, a partial closure or full closure of the slot in its metal core layer fails the test and will not be used for fixing the chip module and for the following production steps.
The present invention relates to methods and devices for installing and hiding applets onto smart cards devices. In a first step, a request for installing an instance of a first applet is received at the card device from an off-card entity, the request comprising a first applet identifier. An applet instance is then installed with the first applet identifier in a registry of the card device's operating system. In a further step, a request for hiding the instance of the first applet identified by the first applet identifier is received at the card device from the off-card entity. After receiving the hiding request, the smart card operating system finds the applet instance with the give applet identifier and hides it.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
The invention provides a method for personalizing an integrated secure element permanently installed in a mobile terminal, comprising agreeing a shared secret between the secure element and an HSM, encrypting an operating system – and possibly personalization data and/or one or more profiles – in the HSM on the basis of the shared secret and transmitting the encrypted operating system to the secure element, and converting the coding of the operating system in the secure element for storage in the NVM of the mobile terminal.
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
H04W 12/42 - Security arrangements using identity modules using virtual identity modules
H04W 12/40 - Security arrangements using identity modules
H04W 12/04 - Key management, e.g. using generic bootstrapping architecture [GBA]
H04W 12/00 - Security arrangementsAuthenticationProtecting privacy or anonymity
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method of adaptive generation of a profile package is constructed to install a profile in the eUICC. The method includes adaptive generation of a code package constructed to install an executable code in the device. A batch of multiple profile (or code) descriptions is provided. The target eUICC/target device or some other competent instance is arranged to provide the transfer server with configuration information of the target eUICC/target device. The transfer server retrieves, instead of a ready-made profile (code) package (eSIM), only a profile (code) description and profile (code) data. The transfer server then generates the profile package adaptively, there-in flexibly considering the configuration information on the target eUICC/target device. By this adaptive way of profile generation, profile packages matching with the real target eUICC/target device are generated. Such a matching profile package can be successfully installed in the eUICC.
The present invention is directed to a method for preventing a relay attack between a mobile phone and a starting device of an automobile, which allows to prevent stealing a vehicle. According to the invention, very specific movement profiles of an authorized driver or user are recognized and thereby it is prevented that an unauthorized user starts the vehicle and then steals it, in various application scenarios. This is based, among other things, on the underlying hardware components' sensor technology used. Further, the invention relates to an analogously arranged system arrangement and to a computer program product with control commands which implement the method or operate the system arrangement.
The application provides a processing method based on a fingerprint card and a fingerprint card, wherein the fingerprint card comprises a security chip, a microcontroller and a fingerprint sensor, and the method comprises the following steps: the security chip obtaining a service request, triggering the microcontroller to control the fingerprint sensor to collect user fingerprint data according to the service request, and triggering the security chip to enter a sleep state; triggering the security chip to wake up when it is determined that the microcontroller obtains the user fingerprint data and that the microcontroller controls the fingerprint sensor to enter a sleep state; after obtaining the user fingerprint data, the security chip verifying the user fingerprint data, and after the verification is successful, processing a service corresponding to a service identifier in the service request according to the service request. It can reduce the power consumption and ensure the fingerprint card to work normally.
The present invention relates to methods, devices and systems for performing remote file management, RFM, operations at a secure element, SE. A secure file update script is received at an OfflineRFM Agent, located within the SE, from an off card entity, OCE. The secure file update script has been generated offline by an SE issuer managing the OCE, using a decentralized remote file management, DRFM, platform, and comprises a plurality of remote management commands for carrying out file management operations on the SE. In a further step, a security level authentication between the OCE and SE based on the secure file update script is performed. If the security level authentication is successful, in a subsequent step a secure channel session between the OCE and the SE is established through the OfflineRFMAgent. Finally, the plurality of remote management commands is processed to remotely manage a file system on the SE.
The present invention discloses a method for securely paying for at least one means of transport (4) comprising - a trust centre (2), which is connected to the means of transport (4) via a data link in order to exchange data, - at least one service provider (6), which is connected to the trust centre (2) via a data link in order to exchange data, the service provider (6) offering a fee-incurring service at least at one location, and the means of transport (4) transmitting its physical position to the trust centre (2), - wherein the trust centre (2) compares the physical position of the means of transport (4) with at least one physical position of at least one service provider (6) in order to identify whether the means of transport (4) is located at a location of the service provider (6) where the service provider (6) offers a fee-incurring service, - wherein the trust centre (2) is informed by the means of transport (4) of the utilised service of the service provider (6), - wherein the trust centre (2) calculates a fee for the utilised service and sends the fee to the means of transport (4), the fee being paid to the trust centre (2), - wherein the trust centre (2) forwards the paid fee to the service provider (6), - wherein the service provider (6) does not receive any data from the trust centre (2) as to what means of transport (4) or what user of the means of transport (4) has utilised the service offered by the service provider (6).
G06Q 20/02 - Payment architectures, schemes or protocols involving a neutral third party, e.g. certification authority, notary or trusted third party [TTP]
G07B 15/00 - Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
G07B 15/02 - Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points taking into account a variable factor such as distance or time, e.g. for passenger transport, parking systems or car rental systems
77.
METHOD FOR AUTOMATICALLY DETERMINING AND PAYING A CHARGE USING A MEANS OF TRANSPORTATION
The invention relates to a method for automatically determining and paying a charge for a utilized service of at least one provider using a means of transportation (2). The means of transportation (2) is designed to store data, process data, and transmit and receive data. The method has the steps of - determining the local position of the means of transportation (2), - storing at least one local region of at least one provider where a charge is to be paid when a service offered by the provider is utilized, - comparing the determined position of the means of transportation (2) with the stored local region of the provider, - on the basis of the comparison, determining whether the means of transportation (2) is located in the local region where a charge must be paid, - determining whether a service has been utilized in the local region of the provider, - calculating a charge for the utilized service, and - paying the calculated charge, wherein the means of transportation (2) is designed to automatically carry out the aforementioned steps.
G06Q 30/06 - Buying, selling or leasing transactions
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G07B 15/02 - Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points taking into account a variable factor such as distance or time, e.g. for passenger transport, parking systems or car rental systems
A smart card (1) and a manufacturing method thereof. The smart card (1) includes a backplane layer (10); a metal layer (20) laminated on the backplane layer (10), wherein the metal layer (20) has embedding holes (21), and the embedding holes (21) are recessed from a surface of the metal layer away from the backplane layer (10) toward the backplane layer (10); and decorative pieces (30) embedded in the embedding holes (21). The smart card (20) can improve individuality and aesthetics by embedding decorative pieces (30) with stereoscopy on the metal layer (20).
The invention relates to a smart card, which includes: a card body, having an accommodating recess extending along its own thickness direction of the card body; a decorative part, at least part of the decorative part being embedded in the accommodating recess; in which the decorative part includes a base layer and decorative pieces, more than two decorative pieces are arranged on the base layer, the base layer is connected to the card body, the decorative pieces correspond to the accommodating recess along the thickness direction and are exposed to an external environment. The smart card of the invention can improve the stereoscopic sense, individuation and noble sense of the smart card by arranging the decorative parts with decorative pieces on the card body.
G06K 19/06 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
A flat security element has a main plane and microreflector arranged in a microreflector pattern and present at least one motif that, when the security element is tilted, has a motif effect that relates to the main plane. The microreflector pattern causes a first and a second motif effect, wherein the first motif effect occurs during a tilting movement about a primary axis, if the security element is at the same time oriented within a first tilting angle range about a secondary axis, and the second motif effect occurs during the tilting movement about the primary axis, if the security element is at the same time oriented within a second tilting angle range about the secondary axis.
ccccccccctt. The invention also specifies a method for authentication and key agreement between a client and a terminal using such a method for key generation, in particular for authentication and key agreement based on the PACE protocol in a form modified according to the invention.
The invention relates to a method for personalizing a secure identification element (200) by means of a personalization system (100) with a database (104) which contains personalization data (208). First, the secure identification element (200) is equipped (10) with a generic electronic base configuration (204) which configures the secure identification element (200) for a later personalization process (207). The secure identification element (200) is then connected (11) to the personalization system (100), and the personalization data (208) from the database (104) is transmitted (12) to the secure identification element (200) by means of the personalization system (100). The transmission process (12) as well as the process of generating (13) a personalization (207) of the secure identification element (200) using the personalization data (208) is secured using security information contained in the base configuration (204).
Method, apparatus, device and medium for card surface detection. The method comprises: determining a target picture to make the target picture cover a preset area of a card surface to be detected; detecting the Alpha channel values of the vertices of the preset area; and detecting whether the target picture completely covers on the preset area of the card surface to be detected based on the Alpha channel values of the vertices of the preset area. The card surface detection method, apparatus, device and medium provided according to the embodiments can automatically detect whether an uploaded pattern completely covers the entire card surface when a user customizes the card surface pattern, which does not need manual verification, and improves the efficiency and accuracy of card surface detection.
A method for detecting a card surface picture comprises the following steps of: identifying region information of an image to be shown in a target picture (S101); generating a picture to be detected according to the region information of the image to be shown (S102); synthesizing the picture to be detected and a preset picture to obtain a synthesized picture (S103); and in response to that it is detected that a fourth pixel value is contained in the synthesized picture, determining that the target picture is unqualified (S104), which improves the efficiency or picture review and further improves the efficiency of card fabrication.
A method for downloading a profile from a subscription management server (SM-DP+) to a security enclave comprised in an enterprise mobile radio device. An eSIM Device Enablement Service (eDES) Discovery Service (DS) enabling forwarding profile activation data received from a subscription management server (SM-DP+) to a device client of an enterprise mobile radio device, so as to initiate the identified enterprise mobile radio device to request download of a profile from the subscription management server (SM-DP+).
The present invention is directed to a method for efficiently distributing embedded control commands to one or several security elements, in particular so-called embedded universal integrated circuit cards, of mobile end devices. The invention allows several updates to be combined in a simple manner to form a so-called bundle, so that an update server does not have to issue and distribute any special updates. The present invention is also directed to a correspondingly adapted update arrangement and to a computer program product with control commands that implement the method and/or operate the update arrangement.
G06F 9/44 - Arrangements for executing specific programs
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 8/654 - Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
The present invention relates to a method for making available a security key, wherein a smart card adapted according to the invention is employed for the production thereof. In this case, an expedient method sequence is proposed which makes it possible for the smart card to make available, for example, a so-called one-time password or a dynamic check number in interaction with a token server. The present invention further relates to a correspondingly adapted computing arrangement and to a computer program product with control commands which implement the method and/or operate the computing arrangement.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/45 - Structures or tools for the administration of authentication
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
The invention provides a method that allows an issuer system, e.g. of a bank, to have generated a plurality of anonymous accounts and cards for working up a stock and to only personalize them individually if required. In the personalization step at the card issuer, e.g. in the bank branch, a printing of the back side does not have to be performed, instead all the necessary printing of the back side is already effected at the card manufacturer during the manufacturing of the anonymous card. As a result, a simple, low-cost printer without a back-side printing option can be utilized for the personalization of the anonymous card.
G06Q 20/00 - Payment architectures, schemes or protocols
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
A chipset for an end device comprises at least a Secure Processor into which a one-time programmable memory storage is integrated, wherein in the chipset at least an end-device serial number of the end device is stored, wherein in the one-time programmable memory information is stored for securing the end-device serial number against tampering.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
90.
Card device having applets and transfer of APDUS to applets
The invention produces a card device having functional applets and an AID applet, as well as a relaying table that forwards commands addressed to the AID applet to functional applets.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
The invention relates to a chip card (1) which is designed as a metal card and has RFID capability on both sides, wherein the windings (4a, 4b, 4c) of the transponder coil (4) are formed by the metal layer (2) itself. Interspaces (5a, 5b) between the windings (4a, 4b, 4c) of the transponder coil (4) are filled with insulating material. A chip module (3) is arranged above the ends of the transponder coil (4) such that these ends are not visible for an observer.
G06K 19/02 - Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the selection of materials, e.g. to avoid wear during transport through the machine
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
A method for protection against a relay attack on a system is composed of at least a first and a second communication device. Data are transmitted wirelessly between the first and the second communication device. The first communication device ascertains a first spectrum of all wirelessly transmitted signals to be received at the location of the first communication device within a frequency band. The second communication device likewise ascertains a second spectrum of all wirelessly transmitted signals to be received at the location of the second communication device within the frequency band. The frequency band is limited by a minimum and a maximum frequency. The second communication device transmits the second spectrum to the first communication device. The first communication device compares the first spectrum with the second spectrum in order to ascertain whether the second communication device is located at the location of the first communication device.
A system for registering an MSISDN with a device hosting the UICC and in which the UICC is or can be operated includes a UICC provisioning server operated by an UICC different from the MNO. A Local Profile Assistant LPA is installed within the device or the UICC, and enables establishment of secured data sessions between the UICC and the UICC provisioning server. A modem is installed within the device or UICC. The modem enables communication of the device within a mobile network operator MNO mobile network. An MSISDN retrieval logic is associated with the LPA. A logic is constructed to perform a retrieval sequence with the foregoing components and data.
The invention relates to a method for setting up a subscription profile in a subscriber identity module, preferably an embedded UICC, wherein the following method steps are carried out in the subscriber identity module: receiving a subscription profile encrypted by a cryptographic key of a subscription server, wherein the cryptographic key for decrypting the subscription profile is unknown to the subscriber identity module at the time of receipt; storing the encrypted subscription profile without decrypting the subscription profile; receiving the cryptographic key at a time after the storing step; decrypting the encrypted subscription profile using the cryptographic key; and installing the decrypted subscription profile for setting up the subscription profile in the subscriber identity module. The invention additionally relates to a corresponding method in a subscription server, a subscriber identity module and a computer program product.
A method for the confidential verification of an electronic identity includes applying block chain. The method allows an acting party to recognize a block-chain identity while at the same time a level of confidentiality of the respective identity and its identity attributes is maintained. A correspondingly adapted identity system and a computer program product with control commands are arranged to implement the method and/or operate the proposed system arrangement.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
96.
Profile download to enterprise mobile radio device
GIESECKE+DEVRIENT MOBILE SECURITY AMERICA, INC. (USA)
Inventor
Larsson, Thomas
De Figueiredo, Jr., Ivan
Abstract
A method for downloading a profile from a subscription management server (SM-DP+) to a security enclave comprised in an enterprise mobile radio device.
The invention relates to a method for authenticating an end user (10) to a dependent service (11) by providing, by means of an intermediary service (15), an attribute (9) of a verified digital identity (2) stored in a federated identity provider (21). An attribute (9) is provided only if the end user (10) has successfully authenticated himself or herself as the owner of the verified digital identity (2) to the federated identity provider (21) and has released the attribute (9) for use by the dependent service (11).
The invention relates to a method for assigning a terminal (4) to a type class. The terminal (4) is designed for contactlessly connecting to a security element (1). The following steps are carried out: a) receiving a first command (5) of the terminal (4) by means of the security element (1) at a first point in time (7); b) receiving a second command (6) of the terminal (4) by means of the security element (1) at a second point in time (8) differing from the first point in time (7); c) determining a time difference (9) between the first point in time (7) and the second point in time (8); d) comparing the time difference (9) with at least one reference time difference (10) of a reference time collection (12); and e) assigning the terminal (4) to a type class using the comparison.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
G07F 7/08 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card
An activation code to be provided to a cardholder associated with a payment card is generated. The activation code is an electronically scannable code that encodes payment card information associated with the payment card. The activation code is subsequently received from a user device, the activation code having been electronically scanned by the user device. The payment card information, associated with the payment card, is extracted from the activation code received from the user device. Activation of the payment card is performed using the payment card information extracted from the activation code received from the user device.
G06Q 20/32 - Payment architectures, schemes or protocols characterised by the use of specific devices using wireless devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
A microprocessor device comprising an implementation of a cryptographic operation constructed to process parameters and generate an output, wherein at least some of the parameters are obfuscated such that the cryptographic operation processes the obfuscated parameters, characterized in that the parameters which are obfuscated are obfuscated in that they are encrypted according to an additive homomorphic cryptographic system.
