Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Jarnik, Claus
Eckardt, Monika
Abstract
Disclosed is a method, a computer program, a computer-readable data carrier, a user device having a device assembly on which a secure element, in particular an eUICC, is installed, and a device arrangement for user devices, for example mobile user devices, for participation in a telecommunication network. The method includes the following steps: predefining a command data set with operating commands for the user device; checking a binding between the device assembly and the secure element; and denying at least one of the operating commands if the check has indicated that no authorized binding is present.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Borase, Hermant Udhavrao
Abstract
A method for configuring a network device, a communication module configured to communicate via a telecommunication network, comprising a secure element, such as an eUICC, and a network device configured to communicate via a telecommunication network, comprising a secure element, such as an eUICC, are provided, the method comprising the steps of providing an application program, in particular an LPA and/or IPA, adapted to interact with a secure element, such as an eUICC, of the network device, and checking an authentication certificate authenticating an origin of the application program with the secure element, are provided.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Prat, Jordi Monter
Abstract
A method for configuring a user device, and a secure element, such as an eUICC, for a device are provided, the method comprising the steps of providing the secure element, with an installation program for loading at least one data component onto the secure element; installing the secure element on the user device, and loading the at least one data component onto the secure element involving the installation program; wherein the at least one data component comprises at least one of a user profile dataset and an operation system dataset for operating the secure element.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04W 12/30 - Security of mobile devicesSecurity of mobile applications
GIESECKE+DEVIRENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Heimerl, Stefan
Abstract
A system (10), for example a telematic system, includes a housing (100) with an interior space (105), an electric consumer (110) arranged in the interior space (105), a thermal insulating component (200), and an electric energy source (300). The housing (100) has an open side (102). The thermal insulating component (200) is arranged at the housing to cover the open side (102). The electric energy source (300) is arranged atop of the thermal insulating component (200). Thereby, the amount of thermal energy entering the interior space of the housing is substantially reduced and the lifetime of the electric consumer is increased.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Hartel, Karl Eglof
Abstract
A method for establishing, in a target eUICC, profile data of at least one profile, the profile data including at least a subscriber identity (IMSI; SUPI; NAI) and an authentication key K, the method characterized by the step of merging, in the target eUICC, at least at least a pre-provisioned network authentication key K into a downloaded profile lacking this key.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Patiño, David
Totev, Georgy
Ruau, Federico
Tejada, Raul Lorente
Gifre, Clara
Abstract
Systems, methods, and devices are disclosed having an eUICC that is for hosting, or constructed for hosting, at least one security domain profile, ISD-P, the ISD-P hosting, or constructed for hosting, at least one subscriber profile. A method can include comparing received identification information to pre-stored identification information. When the received identification information corresponds to the pre-stored identification information, the method includes identifying the device and the eUICC in a device-eUICC binding and allowing further operation of the eUICC.
H04W 12/48 - Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Abdalla, Noha
Leibfarth, Robert
Morawietz, Andreas
Hartel, Karl Eglof
Huber, Ulrich
Abstract
A method for establishing, in a target eUICC, profile data of at least one profile, the profile data including at least an authentication key K, the method comprising the step: a) receive at the eUICC MNO information including at least an indication which profile data shall be generated; the method characterized by the step performed after step a): b) generate, in the target eUICC, at least some of the profile data, herein at least a network authentication key K; c) after step b) export the profile data generated in the target eUICC, or at least part thereof, from the target eUICC to an external entity; d) receive at the external entity at least some or all of the exported profile data, herein at least the authentication key K; and e) initiate generation of a profile including the received authentication key, at the external entity, or at an entity called by the external entity.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Patino, David
Ruau, Federico
Gifre, Clara
Tolos, Nadia
Abstract
Methods and systems for transferring application data of at least one application of a first device is provided. A method includes determining, via the operating system and by a corresponding one of the at least one application, application data to be transferred, formatting, by the at least one application, the determined application data and sending the formatted application data to a storage module, saving the application data within the storage module, retrieving the saved application data from the storage module, and restoring the retrieved application data within at least one application by the at least one application.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Eckardt, Monika
Jarnik, Claus
Abstract
A method is for computer-aided personalization of a secure element onto which an image is loaded. An operating system of the secure element is integrated into the imageOne or more data sets provided individually for the secure element are written to a special memory area of the secure element. A sequence in which the data sets to be written are personalized is defined with a configuration command in the personalization of the secure element.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Schnellinger, Michael
Abstract
An eUICC includes a provisioning profile installed in the eUICC, and constructed for provisioning of profiles installed or scheduled to be installed in the eUICC; at least one profile, referred to as target profile, installed in the eUICC including a profile identifier, and present in a disabled status. The provisioning profile includes a profile enabler constructed to perform steps: E1) receive from the target profile the profile identifier; E2) receive from an enablement orchestration server an expected profile identifier of a profile installed in the eUICC; E3) enable the target profile only under the condition that the profile identifier retrieved from the target profile and the expected profile identifier retrieved from the enablement orchestration server match with each other; and optionally, when enabling the target profile, disable the provisioning profile.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Lorente, Raúl
Inguanzo, Miguel
Totev, Georgy
Abstract
The present invention relates to a method for allowing a UE, User Equipment, to automatically attach or connect to a private network, by using an eUICC, embedded Universal Integrated Circuit Card, application comprising the step of prioritizing, by the eUICC application, the private network by replacing content of public EHPLMN, Equivalent Home Public Land Mobile Network of a public profile, with a cumulative private EHPLMN list which contains the private network and when the UE tries to attach or connect to the private network, the step of switching, by the eUICC, to a private profile corresponding to the private network, while the public profile is still enabled, wherein the private profile contains credentials for the attachment or connection, as well as an eUICC application, an eUICC comprising the eUICC application and a computer program product for performing the method.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Prat, Jordi Monter
Abstract
Disclosed is a system and a method to enhance executable load file (EFL ) upgrade, the method comprises : receiving a request for the ELF upgrade; identifying a tag in the request, the tag indicating a new ELF version intended to be loaded; determining that the new ELF version is newer, equal or lower than a current ELF version; take a decision based on the indicated new ELF version whether to continue with the upgrade process or stop the process if for instance ELF downgrade; saving data instances of a current ELF, the data instances corresponding to the ELF upgrade; in response to saving the data instances of the current ELF, loading the ELF upgrade; and in response to loading the ELF upgrade, generating data instances for the ELF upgrade, based at least in part on the saved data instances.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gambihler, Jörg
Eckardt, Monika
Runge, Christa
Johnson, Eric
Abstract
The invention relates to a method of monitoring update operations (110) in a storage memory (10) of a universal integrated circuit card (UICC) (1), in particular an embedded universal integrated circuit (eUICC). The method comprises detecting one or more update operations (105) in a storage memory (10) of the UICC (1), the one or more update operations (105) being initiated by an application (21) executed on the UICC (1, S10). The method further comprises obtaining a counter information based on the one or more detected update operations (105) in the storage memory (10), the counter information being indicative of a number of detected update operations (105) performed in the storage memory (10) over a predetermined time period (S20). The method further comprises providing the counter information via a communication interface (2) of the UICC (1) to a terminal device (100, S30). Th invention also relates to an UICC (1) which is configured to perform said method.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Eichholz, Jan
Edwards, Michael
Abstract
A method for managing an application for the electronic identification of a user of a mobile terminal has a subscriber identity module in a mobile network. The method comprises: transmitting a request to generate a subscription profile, with the application, to a subscription manager data preparation (SM-DP+) server of the mobile network; generating a subscription profile with the application for the electronic identification of the user, wherein generating the subscription profile comprises generating a private asymmetric personalization key associated with the subscription profile and a public asymmetric personalization key associated with the subscription profile for the application; transmitting the public asymmetric personalization key to a server of the mobile network operator or to a server of an identification provider; encrypting identity data of the user using the public asymmetric personalization key; and distributing the subscription profile with the application, and the private asymmetric personalization key to the mobile terminal.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Flammensboeck, Christian
Abstract
Systems and methods for personalizing a chip module includes: loading initialization data into a memory of the chip module, the initialization data including an operating system and static configuration data for the chip module; executing the initialization data by the chip module and starting the operating system; loading individual personalization information into the memory using the operating system; executing a personalization sequence by the operating system on the chip module, wherein during execution of the personalization sequence the individual personalization information previously loaded into the memory is linked to the chip module.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
16.
SECURE ELEMENT, SYSTEM, AND METHOD FOR EFFICIENT AUTHENTICATION IN GENERIC BOOTSTRAPPING ARCHITECTURE (GBA)
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Patel, Praveen
Abstract
Provided is a secure element to securely communicate over a mobile communication network, the secure element comprising a secure control unit which is configured to determine, directly after a session with a mobile network entity via a mobile core network being initialized, whether a fresh bootstrapping operation is required, wherein the bootstrapping operation is configured to generate a shared key for establishing a secure communication channel to the mobile network entity, and subsequently establish the secure communication channel to the mobile network entity.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
H04W 12/069 - Authentication using certificates or pre-shared keys
17.
METHOD FOR CONFIGURING A CHIP MODULE WITH A PROFILE, CHIP MODULE, AND DEVICE COMPRISING SUCH A CHIP MODULE
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Huber, Ulrich
Abstract
The invention relates to a method (200) for configuring a chip module (10) with a profile, the method comprising the following steps: transmitting (201) an initial profile to the chip module (10); storing (202) the initial profile in a memory (14) of the chip module (10); transmitting (203) profile type information to the chip module (10) and linking the profile type information with the initial profile in order to generate a typified profile; requesting (204) profile data (53) from a profile provisioning unit (30); transmitting (205) the profile data (53) to a profile management unit (20) using the profile provisioning unit (30); transferring (206) the profile data (53) to the chip module (10) using the profile management unit (20); linking (207) the profile data (53) with the typified profile in order to generate a modified profile.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Patino, David
Totev, Georgy
Ruau, Federico
Lorente, Raul
Gifre, Clara
Abstract
Systems, methods, and devices are provided with an Embedded Universal Integrated Circuit Card (eUICC). The eUICC includes a device-eUICC binding applet being implemented in an issuer security domain root (ISD-R). The device-eUICC binding applet is constructed to, after each reset of the eUICC, effect the eUICC to be in a disabled state which prevents operation of the eUICC in the device.
NETWORK DETERMINATION ACTION CONTROLLED BY OPERATING SYSTEM OF DATA CARRIER BASED ON SECURE ELEMENT AFTER EVALUATING MEASURED NETWORK QUALITY OF DIFFERENT COMMUNICATION NETWORKS
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
GIESECKE AND DEVRIENT MOBILE SECURITY AMERICA INC. (USA)
Inventor
Borase, Hemant Udhavrao
Prat, Jordi Monter
Abstract
The present disclosure refers to a method of determining a communication connection (26) between an electronic device (20) and at least one communication network (12; 14), wherein said electronic device (20) comprises at least one data carrier (22; 24) based on a secure element (23) and equipped with an operating system (30), the method comprising: executing at least one communication action (28) between the data carrier (22; 24) and the electronic device (20) or between the data carrier (22; 24) and the communication network (12; 14) via the electronic device (20), said communication action (28) being controlled by the operating system (30) of said data carrier (22; 24); measuring at least one network quality parameter (34) in the course of said communication action (28); evaluating the measured network quality parameter (34) based on a pre-determined threshold (40) and/or based on a comparison of measured network quality parameters (34) corresponding to different communication networks (12; 14); executing a network determination action (44) controlled by the operating system (30) of the data carrier (22; 24) and based on said evaluation (42). The present disclosure further refers to a corresponding system (10), computer program (30; 32), data carrier (22; 24) and electronic device (20).
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Dietze, Claus
Abstract
The present invention relates to a method, a computer program (4), a computer-readable data carrier (5), a terminal (2) for participating in a communication network (1) and same, wherein the following steps are provided for transmitting a user dataset (P), in particular an eUICC dataset, from a source device (A) to at least one receiving device (B): identifying an export flag (E) relating to authorization of the export in the user dataset (P) on the source device (A); detecting whether the export flag (E) indicates that an export and/or import of the user dataset from the source device (A) and/or on the receiving device (B) is permissible; and authorizing the export of the user dataset (P) from the source device (A) to the receiving device (B) if the export flag (E) indicates that an export and/or import of the user dataset (P) is permissible.
09 - Scientific and electric apparatus and instruments
10 - Medical apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
44 - Medical, veterinary, hygienic and cosmetic services; agriculture, horticulture and forestry services
45 - Legal and security services; personal services for individuals.
Goods & Services
Electronic devices for locating individuals and mobile
objects, in particular, vehicles, containers and goods,
through use of GPS, cellular telephone networks and radio
frequency ranging and triangulation; electronic transponder
devices for property protection; signaling and checking
apparatus and instruments utilizing tracking and positioning
technologies, namely, transponders, GPS receivers, cellular
modems, radio ranging devices, laser or other ray-based
distance measuring devices which enable positioning by
triangulation for use in the dispatch, control, as well as
the prevention of unauthorized use of movable objects,
namely, persons, land, air, rail, ship, and space vehicles,
boxes, parcels, trailers, swap trailers, containers of all
types and sizes; electronic location transponders, in
particular for satellites and GPS systems; apparatus for
tracking and positioning of mobile objects, namely,
individuals, equipment, land, air, rail and space vehicles,
boats, boxes, parcels, trailers, swap trailers, containers
of all types and sizes; computer program for smartphones or
other electronic devices featuring technology enabling users
to remotely view, monitor, program, operate, dispatch and
control fleet vehicles or other mobile logistics objects;
Internet of Things gateways; Internet of Things sensors;
computer hardware modules for use with the Internet of
Things; computer application software for use in
implementing the Internet of Things; data processing
systems; data processing software; computer software for the
remote control of office machines and equipment; machine
control software; environmental control software;
application software to control lighting; software to
control building environmental, access and security systems;
software for monitoring, analyzing, controlling and running
physical world operations, Lighting control software for use
in commercial and industrial facilities; wireless
controllers to remotely monitor and control the function and
status of security systems; wireless controllers to remotely
monitor and control the function and status of electrical,
electronic, and mechanical devices or systems; measuring and
control devices for air conditioning technology; remote
control telemetering machines and instruments; vehicle
tracking apparatus; vehicle tracking systems; navigation,
guidance, tracking, targeting and map making devices;
automatic solar tracking sensors; downloadable computer
software for remote monitoring and analysis; environmental
monitoring software; computer software for use in remote
meter monitoring; cameras for monitoring and inspecting
equipment in a nuclear power station; sensors, detectors and
monitoring instruments; measuring, detecting, monitoring and
controlling devices; liquid level monitoring apparatus;
apparatus for monitoring gas consumption; apparatus for
monitoring heat consumption; apparatus for monitoring water
consumption; sensors for monitoring physical movements;
apparatus for monitoring electrical energy consumption. Diagnostic, examination, and monitoring equipment; patient
monitoring sensors and alarms; sensor apparatus for medical
use in monitoring the vital signs of patients; heart rate
monitoring apparatus; blood glucose monitoring apparatus;
patient monitoring instruments. Data processing; data processing management; data processing
services; automated data processing; data processing,
systematization and management; administrative support and
data processing services. Installation, maintenance and repair of temperature control
apparatus; advisory services relating to the maintenance of
environmental control systems; advisory services relating to
the repair of environmental control systems; providing
information relating to the repair or maintenance of water
pollution control equipment; repair of water pollution
control equipment; maintenance of water pollution control
equipment; maintenance and repair of physical access control
apparatus; maintenance and repair of access control systems
[hardware]; repair or maintenance of water pollution control
equipment; maintenance of passenger lifts via remote
monitoring systems. Providing telecommunications connections to the internet,
databases and software platforms for tracking, tracing,
positioning, visualizing on digital maps, and remote-control
of mobile objects; online services, namely, electronic
transmission of messages, in particular for
computer-assisted management and tracking, dispatching, and
controlling movable objects, namely, individuals, equipment,
land, air, rail and space vehicles, boats, boxes, parcels,
trailers, swap trailers, containers of all types and sizes. Location tracking of individuals and mobile objects using
computers, PCs, notebooks, tablets, cellphones or similar
devices; fleet control of motor vehicles and containers by
means of electronic navigation and tracking apparatus;
computer-aided tracking of motor vehicles, ships,
containers, installations, machines and individuals;
information relating to transport services by a website;
cargo tracking services; tracking and tracing of shipments;
electronic tracking of parcels for third parties; locating
and tracking of cargo for transportation purposes; tracking
of passenger vehicles by computer or via GPS; tracking of
passenger or freight vehicles by computer or via GPS;
advisory services relating to the tracking of goods in
transit; tracking, locating and monitoring of mobile objects
and devices, namely, individuals, equipment, land, air, rail
and space vehicles, boats, boxes, parcels, trailers, swap
trailers, containers of all types and sizes, for
transportation purposes, with the use of computers, PCs,
notebooks, tablets, cellphones or similar devices. Providing temporary use of non-downloadable computer
software in combination with online mapping services, for
tracking the location of individuals and mobile objects over
computer networks, intranet and the internet; hosting a
website featuring technology enabling users to remotely
view, monitor, program, operate, dispatch and control fleet
vehicles or other mobile logistics objects; creation of
control programs for automated measurement, assembly,
adjustment, and related visualization; design and
development of computer software for process control;
providing temporary use of non-downloadable computer
software for tracking packages over computer networks,
intranets and the internet; providing temporary use of
non-downloadable computer software for tracking freight over
computer networks, intranets and the internet; design and
development of software for control, regulation and
monitoring of solar energy systems; providing temporary use
of online, non-downloadable computer software for use in
broadcast monitoring applications; monitoring of computer
systems for security purposes; monitoring of computer
systems to detect breakdowns; monitoring of computer systems
for detecting unauthorized access or data breach; machine
condition monitoring; monitoring of building structures;
monitoring of contaminated land; condition monitoring
relating to fluids; condition monitoring relating to
greases; condition monitoring relating to lubricants;
condition monitoring relating to oils; services for
monitoring industrial processes; monitoring of contaminated
land for gas; airborne remote monitoring relating to
scientific explorations; monitoring the quality control of
seismic procedures; monitoring of activities which influence
the environment within buildings; monitoring of events which
influence the environment within buildings; monitoring of
events which influence the environment within civil
engineering structures; monitoring of activities which
influence the environment within civil engineering
structures; monitoring of commercial and industrial sites
for detection of volatile and non-volatile organic
compounds; environmental monitoring services; environmental
monitoring of waste storage areas; environmental monitoring
of waste treatment areas; airborne remote monitoring
relating to environmental explorations; monitoring of water
quality; monitoring of stream water quality; process
monitoring for quality assurance. Monitoring of patients; remote monitoring of medical data
for medical diagnosis and treatment. Stolen property tracking and location services, namely,
computer-assisted locating of vehicles, ships, equipment,
machines and individuals; stolen property tracking and
location services, namely, determining the location of
individuals and mobile objects by means of computers, PCs,
notebooks, tablets, cellphones or similar devices; locating
and tracking of lost property; monitoring fire alarms;
monitoring of alarms; medical alarm monitoring; monitoring
of security systems; monitoring fire detection systems; home
security alarm monitoring; monitoring burglar and security
alarms; monitoring of burglar and security alarms;
electronic monitoring services for security purposes.
22.
SECURE ELEMENT, TERMINAL DEVICE COMPRISING THE SECURE ELEMENT, SYSTEM COMPRISING THE TERMINAL DEVICE AND METHODS THEREOF
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Pandey, Ankit
Abstract
A secure element is provided to communicate over a mobile communication network securely. The secure element includes a secure storage unit in which a subscriber authentication key is stored. The secure element further has a secure control unit which is configured to firstly generate a session subscriber authentication key, e.g., during getting the identity of the secure element, and, based on receiving an authentication request from a core network entity, to authenticate the secure element to the core network entity using the previously generated session subscriber authentication key. Furthermore, a terminal device includes the secure element, a system comprising the terminal device, and a core network entity and corresponding methods of the secure element, the terminal device, and the system.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Liu, Yongjian
Chen, Hong
Abstract
Embodiments of the present application relate to the technical field of communications, and disclose a verification method and apparatus, a device, a readable storage medium, and a program product. The verification method is applied to a smart card, the smart card comprises a telecommunication card, and the smart card is communicatively connected to a terminal. The method comprises: when a first verification instruction is received, encrypting a first verification parameter by means of a first public key to obtain a first encryption result; signing the first encryption result by means of a second private key to obtain a first signature result, and sending the first encryption result and the first signature result to the terminal; when a second encryption result and a second signature result are received, performing signature verification on the second signature result by means of the first public key, and when the signature verification is passed, decrypting the second encryption result by means of the second private key to obtain a second verification parameter; and if verification of the second verification parameter is passed, determining that verification of the terminal is passed. The embodiments of the present application allow for verification of the legitimacy between a smart card and a terminal.
H04W 12/48 - Security arrangements using identity modules using secure binding, e.g. securely binding identity modules to devices, services or applications
24.
PROVIDING AN EUICC WITH PROFILE DATA OF AT LEAST ONE PROFILE
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Huber, Ulrich
Hartel, Karl Eglof
Morawietz, Andreas
Leibfarth, Robert
Abdalla, Noha
Abstract
A method for establishing, in a target eUICC, profile data of at least one profile, the profile data including at least a subscriber identity (IMSI; SUPI; NAI) and an authentication key K, the method characterized by the step: a) generate, in the target eUICC, at least some of the profile data, herein at least a network authentication key K.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Shingnapurkar, Rushikesh
Vinchhi, Tapan
Abstract
A terminal device is adapted to transfer data to a backend system over a mobile communication network, and includes: a secure element having an international mobile subscriber identifier which uniquely identifies the secure element at the mobile communication network such that the secure element is internationally fully personalized; a communication interface which is adapted to communicate via the mobile communication network. The terminal device is adapted to: receive data from a sensor unit; receive an authentication request from a core network entity, including a network challenge—RAND—and a network authentication token—AUTN; retrieve a sequence number—SQN—from the authentication request; verify the SQN; always declare the SQN to be invalid by returning a command response comprising a synchronization failure parameter—AUTS, the AUTS including at least one data field containing the data; and send the command response to the backend system via the communication interface.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Huber, Ulrich
Abstract
The invention relates to: a method for transmitting profiles to a chip module and for operating the chip module; a chip module for storing a plurality of optionally activatable profiles; and a device comprising a communication module and a chip module. A plurality of profiles of different profile types can be stored on the chip module, each profile being assigned the relevant profile type and profile data. The chip module is operated using one or more profiles. Depending on the profile type of the activated profile, the chip module operates in a first operating mode or a second operating mode.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Humpisch, Jens
Dietze, Claus
Abstract
The invention proposes a secure element (eUICC) having a secure storage area in which at least two subscription profiles (ISD-P) are installed, one of which is activated, and a control unit which is in communication with the secure storage area. The control unit is designed to receive a switching signal which has an origin independent of a network provider, and, on the basis of the switching signal, to generate and carry out a local switching function which deactivates the activated subscription profile and at the same time activates a predetermined subscription profile. The invention also proposes a corresponding terminal, a system and a method for locally switching subscription profiles without a third party being involved.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Pandey, Ankit
Mishra, Santosh Kumar
Abstract
A system and method are provided for enabling generation of Subscription Concealed Identifier (SUCI) in 5G network. The system performs encryption of a plain text associated with Subscription Permanent Identifier (SUPI) based on an Authenticated Encryption with Associated Data (AEAD)-Advanced Encryption Standard in Galois/Counter Mode (AES-GCM), an Initialization Vector (IV), and Additional authenticated data (AAD). The system obtains public key, cipher text and Message Authentication Code (MAC) tag in parallel process by the AEAD AES-GCM and Elliptic Curve Integrated Encryption Scheme (ECIES) process along with one or more parameters for enabling generation of the SUCI in the 5G network. The one or more parameters comprise at least one of a SUPI type, a Mobile Country Code (MCC), a Mobile Network Code (MNC), or/and a protection scheme ID. Finally, system transmits the generated SUCI in response to GET IDENTITY command received by the UICC.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Ruau, Mariano
Gifre, Clara
Garcia Farres, Andreu
Gomez Sol, Pablo Daniel
Abstract
A method for updating an installed software, in particular an operating system, OS, in a secure element includes the steps of providing an update agent in the secure element; securing specific data; required for operating the installed software; in a memory of the update agent; loading a software image; into the secure element, the software image representing an update of the installed software; and making the software image operable by the secured specific data. According to further aspects, a respective secure element, an update agent, and a computer-program product correspond to features of the aforementioned method.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Mishra, Santosh Kumar
Pandey, Ankit
Abstract
A method is for generating, in a UICC, a 5G subscriber concealed identifier, SUCI, for a 5G mobile communication network. The method includes the steps executed in a processing entity comprised in the UICC: (1) generation of a public/private key pair or an ECC public/private key pair; (2) DH or ECDH derivation of an Ephemeral shared key from the generated or ECC public/private key pair; (3) derivation of a symmetric encryption key from the Ephemeral shared key; (4) concealment of at least a part of a subscriber permanent identifier, SUPI, with the generated symmetric key to compute the SUCI. Steps (1, 2) are triggered by a deterministic event at the UICC, and storing the generated or ECC public/private key pair and Ephemeral shared key to a key memory provided in the UICC; and subsequently steps (3, 4) are triggered by receipt of a GET IDENTITY command.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Vinchhi, Tapan
Patil, Rushikesh
Khopade, Sandeep
Mohol, Ganesh
Shingnapurkar, Rushikesh
Abstract
A method for preparing contents to be provided from a hardware security module, HSM, to an integrated Secure Element, iSE, comprising: • a) provide in the HSM a pre-shared key, PSK, which is derived from a universal key-derivation constant, KDC, permanently stored in the iSE, and a first seed (SI), wherein the KDC is identical for a multitude of multiple iSEs, and the first seed (51) is specific or unique for a specific contents provider (CP) of said contents; • b) in the HSM, provide a second seed (S2) which is specific or unique for the iSE, and from the PSK and the second seed, apply a CEK-key-derivation scheme so as to derive a code encryption key, CEK; • c) in the HSM, encrypt the code package with the code encryption key, CEK, and by applying a code encryption scheme, so as to generate an encrypted code package (OS packet); • d) in the HSM, generate a header including the second seed (S2) and, if required: information on the code encryption scheme of step c) or/and information on the CEK-key-derivation scheme of step b); • e) in the HMS, encrypt the header with the PSK, or with a header encryption key derived from the PSK, and by applying a header encryption scheme, so as to generate an encrypted header (Header); • f) in the HSM, merge the encrypted code package (OS packet) and the encrypted header (Header) so as to create a binary large object, BLOB, to be transferred to the iSE.
G09C 1/00 - Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06K 19/077 - Constructional details, e.g. mounting of circuits in the carrier
32.
SWITCHING CONNECTIVITY BETWEEN FIRST AND SECOND MOBILE RADIO NETWORK
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Mishra, Santosh Kumar
Abstract
A method, in a SIM hosted in a mobile radio communication device, is for switching connectivity between a first mobile radio network and a second mobile radio network. The method includes a first ADFUSIM entry and a second ADFUSIM entry in the same profile; the switch of connectivity from the first to the second mobile radio network is performed by switching a configuration of the profile from using the first ADFUSIM entry and to using the second ADFUSIM entry.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Patel, Praveen
Abstract
A procedure is provided for initiating a secure communication session between a card and a host. A static encryption key is assigned to the card and stored in the card. Each of the card and the host provide a key version number and a key identifier of the static key.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
09 - Scientific and electric apparatus and instruments
10 - Medical apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
44 - Medical, veterinary, hygienic and cosmetic services; agriculture, horticulture and forestry services
45 - Legal and security services; personal services for individuals.
Goods & Services
(1) Electronic devices for locating individuals and mobile objects, in particular, vehicles, containers and goods, through use of GPS, cellular telephone networks and radio frequency ranging and triangulation; electronic transponder devices for property protection; signaling and checking apparatus and instruments utilizing tracking and positioning technologies, namely, transponders, GPS receivers, cellular modems, radio ranging devices, laser or other ray-based distance measuring devices which enable positioning by triangulation for use in the dispatch, control, as well as the prevention of unauthorized use of movable objects, namely, persons, land, air, rail, ship, and space vehicles, boxes, parcels, trailers, swap trailers, containers of all types and sizes; electronic location transponders, in particular for satellites and GPS systems; apparatus for tracking and positioning of mobile objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes; computer program for smartphones or other electronic devices featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; Internet of Things gateways; Internet of Things sensors; computer hardware modules for use with the Internet of Things; computer application software for use in implementing the Internet of Things; data processing systems; data processing software; computer software for the remote control of office machines and equipment; machine control software; environmental control software; application software to control lighting; software to control building environmental, access and security systems; software for monitoring, analyzing, controlling and running physical world operations, Lighting control software for use in commercial and industrial facilities; wireless controllers to remotely monitor and control the function and status of security systems; wireless controllers to remotely monitor and control the function and status of electrical, electronic, and mechanical devices or systems; measuring and control devices for air conditioning technology; remote control telemetering machines and instruments; vehicle tracking apparatus; vehicle tracking systems; navigation, guidance, tracking, targeting and map making devices; automatic solar tracking sensors; downloadable computer software for remote monitoring and analysis; environmental monitoring software; computer software for use in remote meter monitoring; cameras for monitoring and inspecting equipment in a nuclear power station; sensors, detectors and monitoring instruments; measuring, detecting, monitoring and controlling devices; liquid level monitoring apparatus; apparatus for monitoring gas consumption; apparatus for monitoring heat consumption; apparatus for monitoring water consumption; sensors for monitoring physical movements; apparatus for monitoring electrical energy consumption.
(2) Diagnostic, examination, and monitoring equipment; patient monitoring sensors and alarms; sensor apparatus for medical use in monitoring the vital signs of patients; heart rate monitoring apparatus; blood glucose monitoring apparatus; patient monitoring instruments. (1) Data processing; data processing management; data processing services; automated data processing; data processing, systematization and management; administrative support and data processing services.
(2) Installation, maintenance and repair of temperature control apparatus; advisory services relating to the maintenance of environmental control systems; advisory services relating to the repair of environmental control systems; providing information relating to the repair or maintenance of water pollution control equipment; repair of water pollution control equipment; maintenance of water pollution control equipment; maintenance and repair of physical access control apparatus; maintenance and repair of access control systems [hardware]; repair or maintenance of water pollution control equipment; maintenance of passenger lifts via remote monitoring systems.
(3) Providing telecommunications connections to the internet, databases and software platforms for tracking, tracing, positioning, visualizing on digital maps, and remote-control of mobile objects; online services, namely, electronic transmission of messages, in particular for computer-assisted management and tracking, dispatching, and controlling movable objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes.
(4) Location tracking of individuals and mobile objects using computers, PCs, notebooks, tablets, cellphones or similar devices; fleet control of motor vehicles and containers by means of electronic navigation and tracking apparatus; computer-aided tracking of motor vehicles, ships, containers, installations, machines and individuals; information relating to transport services by a website; cargo tracking services; tracking and tracing of shipments; electronic tracking of parcels for third parties; locating and tracking of cargo for transportation purposes; tracking of passenger vehicles by computer or via GPS; tracking of passenger or freight vehicles by computer or via GPS; advisory services relating to the tracking of goods in transit; tracking, locating and monitoring of mobile objects and devices, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes, for transportation purposes, with the use of computers, PCs, notebooks, tablets, cellphones or similar devices.
(5) Providing temporary use of non-downloadable computer software in combination with online mapping services, for tracking the location of individuals and mobile objects over computer networks, intranet and the internet; hosting a website featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; creation of control programs for automated measurement, assembly, adjustment, and related visualization; design and development of computer software for process control; providing temporary use of non-downloadable computer software for tracking packages over computer networks, intranets and the internet; providing temporary use of non-downloadable computer software for tracking freight over computer networks, intranets and the internet; design and development of software for control, regulation and monitoring of solar energy systems; providing temporary use of online, non-downloadable computer software for use in broadcast monitoring applications; monitoring of computer systems for security purposes; monitoring of computer systems to detect breakdowns; monitoring of computer systems for detecting unauthorized access or data breach; machine condition monitoring; monitoring of building structures; monitoring of contaminated land; condition monitoring relating to fluids; condition monitoring relating to greases; condition monitoring relating to lubricants; condition monitoring relating to oils; services for monitoring industrial processes; monitoring of contaminated land for gas; airborne remote monitoring relating to scientific explorations; monitoring the quality control of seismic procedures; monitoring of activities which influence the environment within buildings; monitoring of events which influence the environment within buildings; monitoring of events which influence the environment within civil engineering structures; monitoring of activities which influence the environment within civil engineering structures; monitoring of commercial and industrial sites for detection of volatile and non-volatile organic compounds; environmental monitoring services; environmental monitoring of waste storage areas; environmental monitoring of waste treatment areas; airborne remote monitoring relating to environmental explorations; monitoring of water quality; monitoring of stream water quality; process monitoring for quality assurance.
(6) Monitoring of patients; remote monitoring of medical data for medical diagnosis and treatment.
(7) Stolen property tracking and location services, namely, computer-assisted locating of vehicles, ships, equipment, machines and individuals; stolen property tracking and location services, namely, determining the location of individuals and mobile objects by means of computers, PCs, notebooks, tablets, cellphones or similar devices; locating and tracking of lost property; monitoring fire alarms; monitoring of alarms; medical alarm monitoring; monitoring of security systems; monitoring fire detection systems; home security alarm monitoring; monitoring burglar and security alarms; monitoring of burglar and security alarms; electronic monitoring services for security purposes.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Arbos, Noemi
Joshi, Mukesh
Garcia Del Pino, Luis Domingo
Abstract
A method for securely transmitting data from an IoT device to an application server via a telecommunication network, wherein a re-encryption server decrypts data encrypted by the IoT device and re-encrypts the decrypted data by an encryption key of the application server in such a way that the application server can obtain the data by decrypting the re-encrypted data. A re-encryption server is configured to enable secure transmission of data from an IoT device to an application server via a telecommunication network, and includes a cryptography means configured to decrypt data encrypted by the IoT device and to re-encrypt the decrypted data by an encryption key of the application server in such a way that the application server can obtain the data by decrypting the re-encrypted data. A system is configured for secure transmission of data from an IoT device to an application server via a telecommunication network.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Schnellinger, Michael
Abstract
A secure element includes an SE application implemented therein or configured to implement an SE application therein. The secure element includes: an SE terminal interface to a terminal, in conjunction with which the secure element is able to be operated; an ARA application (ARA-X) and ARA access rules, by way of which access operations from applications implemented in the terminal to SE applications implemented or able to be implemented in the secure element via the SE terminal interface are controlled. The secure element is: an ARA user interface (ARA-UI), which is configured: to receive user commands that are input by a user on a user interface provided on the terminal or on the secure element; to forward received user commands to the ARA application; and to prompt the ARA application to apply forwarded user commands to the ARA application.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Garcia Farres, Andreu
Moron I Peiro, Oriol
Abstract
Disclosed are methods, devices, and computer program products arranged for managing subscriber profiles on an eUICC. Within that context, a method for managing subscriber profiles stored in an eUICC includes an ISD-R and an API implemented on the eUICC, the API providing for executing or executing via the ISD-R a profile management operation concerning a subscriber profile of the eUICC. Further, an application installed on the eUICC instructs the API to exe-cute the profile management operation concerning the subscriber profile. A device has embedded therein a eUICC and computer program products representing the API and the application.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Jarnik, Claus
Eckardt, Monika
Abstract
A subscriber identity module for employment in a mobile device has a processor, a storage as well as a location determining device. The location determining device is adapted to determine a location of the subscriber identity module. The subscriber identity module makes a plurality of functions available.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Chen, Hong
Abstract
The present application discloses a method and apparatus for controlling the use of a universal integrated circuit card. The universal integrated circuit card is integrated on an electronic device, and a program file is run on the electronic device, the method being applied to at least one of the universal integrated circuit card and the program file. The method comprises: acquiring a use request of a target code number corresponding to the universal integrated circuit card; on the basis of the use request, acquiring a first location of the electronic device; looking up the first location in a first white list, the first white list comprising a permitted use location of the universal integrated circuit card; when the first location is found in the first white list, allowing the universal integrated circuit card to be used at the first location; when the first location is not found in the first white list, prohibiting use of the universal integrated circuit card at the first location. Thus, use of the eUICC card is limited.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Ruiz Litwinski, David
Abstract
A method for managing at least one eUICC information set (EIS) of a eUICC. The method comprises the following consecutive steps: generating a first request for registering the eUICC information set (EIS) at an eUICC manufacturer (EUM), the first request comprising a first Function Call Identifier (FCI); sending the first request from the eUICC manufacturer (EUM) to an intermediate buffer proxy; generating a response to the first request within the intermediate buffer proxy; and sending the response to the request to the eUICC manufacturer (EUM).
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Lim, Beegek
Rösner, Martin
Huber, Ulrich
Abstract
1. A method for provisioning an xUICC, destined to host one or more profiles for communication in a mobile communication network, comprising the steps: E1) Providing in the xUICC an OS load key, as a root of trust (RoT); E2) Loading and installing to the xUICC an xUICC operating system, xUICC OS, encrypted with the OS load key for the loading, the xUICC OS being designed to enable directly or indirectly receiving and installing in the xUICC one or several eSIM profiles; E3) Loading and storing to the xUICC xUICC unique data, encrypted with the OS load key for the loading, the xUICC unique data comprising at least one GSMA certificate, certifying the xUICC with the installed xUICC as certified for receiving and installing in the xUICC eSIM profiles; E4)* preparing the xUICC for a later downloading and installing step E4) of downloading and installing an eSIM profile, encrypted with the OS load key for the downloading, to the xUICC prepared with steps E1-E3, characterized in that the xUICC operating system, xUICC, of step E2), the xUICC unique data of step E3), and the eSIM profiles of step E4) are encrypted with the same OS load key provided in step E1).
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Nitsch, Nils
Li, Harry
Thorstensson, Tommy
Thorén, Dan
Haubner, Markus
Kitzmann, Andreas
Abstract
A method, at a data generation server, for generation of a profile image for downloading the profile image from the profile server to an eUICC hosted in a device, is provided for the purpose of installing a profile corresponding to the profile image in the eUICC. The method includes the steps: Ga) provide, on the data generation server, at least one global identifier and at least a first functionality identifier and a second functionality identifier different from the first functionality identifier; Gb) generate, on the data generation server, at least a first profile image and a second profile image; Gc) assign the at least first and second profile images to the same global identifier; Gd) store the at least first and second profile image as profile images assigned to the same global identifier, for providing the first and second profile image to the profile server for download to eUICCs.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gifre, Clara
Patino, David
Ruau, Federico
Abstract
A method, a data structure, and an update agent for implementing a scheme for downloading an operating system image onto a secure element. The update agent receives from an external device an installation package for installing an operating system onto the secure element. The update agent requests control of the secure element and loads the operating system received with the installation package into the secure element, after which control of the secure element is transferred to the operating system.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Perarnau, Xavier
Couto, Marta
Gifre, Clara
Patino, David
Ruau, Federico
Abstract
A method and an apparatus for updating software loaded on a secure element, SE, which SE comprises an update agent handler, and an update agent. In a first step, a request to backup a current version of software loaded on the SE is received at the SE. The request is sent from a device, external to the SE. Upon receiving the backup request, the SE performs a secure backup of the current software version, and returns the software backup to the device, to be stored thereon. In a further step, the SE performs an update process of the current software version, to obtain an updated software version. If the update process fails, a rollback is performed at the SE to restore the software backup as a new current soft-ware version on the SE.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Patino, David
Gifre, Clara
Ruau, Federico
Abstract
An update agent, a secure element containing the update agent, and a method for retrieving a software image to be stored onto the secure element includes a communication interface for providing connectivity to a storage module for downloading software images onto the SE. The update agent has a first memory storing authentication data for authenticating software images, and a second memory storing credentials for personalizing software images.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Dirnberger, Wolfgang
Abstract
A method in a secure element, SE, for generating at least one symmetric key and/or one SE-specific cryptographic key pair for creating and transmitting a response to an identity query, including a GET IDENTITY command, transmitted by a network. The invention additionally relates to an SE, a computer program product and a system comprising an SE and a network.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Perarnau, Xavier
Abstract
Methods, interfaces and devices for delegated management of profiles of an embedded Universal Integrated Circuit Card, eUICC, are included in a mobile device. Delegated management is provided to a profile selected from a list of profiles available at the eUICC by registering the eUICC with a server and joining with the selected profile an existing subscription group of profiles on the server or by creating a new subscription group on the server based on the selected profile.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Patino, David
Gifre, Clara
Ruau, Federico
Kornefalk, Bjorn
Abstract
An update agent, a secure element containing the update agent, and a method for loading and personalizing a software in the secure element are provided. In a first step, an update agent is loaded into the se-cure element. In a further step, software personalization data is loaded into the secure element, and stored in the update agent. Subsequently, the software is loaded into the secure element and personalized using the software personalization data stored in the update agent.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Kotkunde, Anjali Suresh
Abstract
A method is provided to effectively preempt or prevent any instance of fraudulent, or otherwise unauthorized and/or undesired use of a Card by dynamic, user-configurable profiling of user and/or usage pattern information. The system implementation includes a duo of Payment applet and Fraud Rule detection Applet in separate packages provided on the Card and a Mobile Applet on smart phone of the Card owner, which trio interactively enabling the Card holder to keep and configure the CRM rules for effectively safeguarding against fraudulent and/or undesired transactions using the Card.
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
50.
PROTECTION OF A KEY ENCAPSULATION MECHANISM, KEM, AGAINST FAULT INJECTION ATTACKS
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Guillen Hernandez, Oscar
Abstract
A first processing entity, comprising an implementation covering at least a Key Decapsulation Phase of a Key Encapsulation Mechanism, KEM, constructed to share a key to be shared between a second processing entity and said first processing entity, wherein the first processing entity, when executing the implementation of the Key Decapsulation Phase, executes a decapsulation method, the decapsulation method is characterized in that the decapsulation method comprises: a decapsulation count mechanism coupled to or integrated into the Key Decapsulation Phase of the KEM, comprising steps to: (i) detect and count and store in the processing entity decapsulation errors occurring when the Key Decapsulation Phase is executed, and (ii) when the count of decapsulation errors reaches or exceeds a predefined count limit, initiate an error measure.
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Schnellinger, Michael
Abstract
A method for generating at least one profile, for provisioning the profile to an eUICC designed to be hosted in a device, includes the steps: S1) providing profile generation data, including static profile data for generating a profile container (T_ISD-P[ ]) and dynamic; S2) generating a profile (P1), and a dynamic-data description file (D-XML) indicating content and storage location of at least the dynamic profile data in the profile; S3-1) creating, in the eUICC at least one profile container (T_ISD-P[ ]); S3-2) providing the profile (P1) and the dynamic-data description file (D-XML) to a Dynamic Converter, and at the Dynamic Converter, with support of the dynamic-data description file (D-XML), extracting the dynamic profile data from the profile (P1), for later transferring the extracted dynamic profile data (EDP-P1) to the eUICC, and installing the transferred extracted dynamic profile data (EDP-P1) into the profile container (T_ISD-P[ ]) created in step S3-1).
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Schnellinger, Michael
Abstract
A method for provisioning a profile to an eUICC designed to be hosted in a mobile device, includes the steps: providing an eUICC production machine comprising or having connected thereto an eUICC read/write facility, and being installed in a secure production environment; providing an IFPP Controller installed in the secure production environment; provide dynamic profile data to the IFPP Controller; providing the eUICC, with at least one already present created profile container created from static profile data, at the eUICC production machine; by the IFPP Controller, providing the dynamic profile data to the eUICC production machine; by the eUICC production machine, downloading the dynamic profile data via the eUICC read/write facility to the eUICC, and writing the dynamic profile data into the profile container, so as to install the profile and thereby provision the profile to the eUICC.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gifre, Clara
Patino, David
Ruau, Federico
Abstract
Methods, apparatus and systems are provided for implementing an encryption scheme for providing a software image to a secure element. The software image is converted into a sequence of ciphered blocks, which is protected with an authentication tag to obtain a sequence of protected blocks, which are then transmitted to an update agent on the secure element. The steps of converting the software image into a sequence of ciphered blocks and protecting the sequence of ciphered blocks with an authentication tag are implemented by an authenticated encryption function using a same block cipher.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Nitsch, Nils
Li, Harry
Thorstensson, Tommy
Thorén, Dan
Haubner, Markus
Kitzmann, Andreas
Abstract
A method, on a data generation server, is for preparing generating a profile image for download from a profile server to an eUICC hosted in a device, for the purpose of installing a profile corresponding to the profile image in the eUICC, the method comprising the steps: a) at a data generation server, generate, for multiple devices, multiple non-personalized profile images, each non-personalized profile image comprising at least one functionality identifier specific for the respective device, and each non-personalized profile image not comprising any individual global identifier specific of an individual eUICC, and store the generated multiple non-personalized profile images for providing to the profile server; b) at the data generation server, generate at least one profile-data image, said profile-data image comprising at least one individual global identifier of an individual eUICC, and store the generated at least one profile-data image for providing to the profile server.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gifre, Clara
Patino, David
Ruau, Federico
Abstract
A method, an update agent and an off-card entity are provided for implementing an authentication scheme for providing a software image to a secure element. An installation package includes a package binding function for linking the installation package to the secure element, a manifest, a manifest signature generated using a block-cipher algorithm, and a software image is received at an update agent within the secure element. The update agent implements an authentication and integrity scheme by verifying various signatures contained within the installation package and installing the software image in case of successful authentication and integrity verification.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Dirnberger, Wolfgang
Abstract
A method in a secure element (SE), includes the following method steps: obtaining, in the SE, an identity query, in particular a GET IDENTITY command, sent by a network; encrypting, by means of the SE, identity data stored on the SE, in order to generate encrypted identity data using a symmetrical key generated in the SE before the obtaining step; applying, by means of the SE, a message authentication code (MAC) algorithm to the generated encrypted identity data in order to obtain a MAC; and creating and sending a response to the identity query from the SE to the network, wherein the message contains the encrypted identity data and the MAC. An SE is provided for a computer program product, and a system comprising a SE and a network.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gifre, Clara
Patino, David
Ruau, Federico
Gomez Jimenez, Ruben
Abstract
A method for personalizing a software, in particular an operating system OS, in a secure element, SE, includes the steps of loading a software image into the memory of the SE; loading a software personalization record comprising personalization data into the memory of the SE; and personalizing the loaded software image using the software personalization data. Personalization of the software image is initiated by an internal agent of the SE. Initiation personalization of the software image by the internal agent is triggered by a trigger event that is detected by the internal agent, the trigger event being unrelated to software personalization.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
09 - Scientific and electric apparatus and instruments
10 - Medical apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
44 - Medical, veterinary, hygienic and cosmetic services; agriculture, horticulture and forestry services
45 - Legal and security services; personal services for individuals.
Goods & Services
Electronic devices for locating individuals and mobile objects, in particular, vehicles, containers and goods, through use of GPS, cellular telephone networks and radio frequency ranging and triangulation; electronic transponder devices for property protection; signaling and checking apparatus and instruments utilizing tracking and positioning technologies, namely, transponders, GPS receivers, cellular modems, radio ranging devices, laser or other ray-based distance measuring devices which enable positioning by triangulation for use in the dispatch, control, as well as the prevention of unauthorized use of movable objects, namely, persons, land, air, rail, ship, and space vehicles, boxes, parcels, trailers, swap trailers, containers of all types and sizes; electronic location transponders, in particular for satellites and GPS systems; apparatus for tracking and positioning of mobile objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes; computer program for smartphones or other electronic devices featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; Internet of Things gateways; Internet of Things sensors; Computer hardware modules for use with the Internet of Things in the field of transport and logistics; Computer application software for use in implementing the Internet of Things in the field of transport and logistics; Data processing systems in the field of transport and logistics; Data processing software in the field of transport and logistics; Computer software for the remote control of office machines and equipment; Machine control software; Environmental control software; Application software to control lighting; Software to control building environmental, access and security systems; Software for monitoring, analyzing, controlling and running physical world operations in the field of transport and logistics, Lighting control software for use in commercial and industrial facilities; Wireless controllers to remotely monitor and control the function and status of security systems; Wireless controllers to remotely monitor and control the function and status of electrical, electronic, and mechanical devices or systems; Measuring and control devices for air conditioning technology; Remote control telemetering machines and instruments; Vehicle tracking apparatus; Vehicle tracking systems; Navigation, guidance, tracking, targeting and map making devices; Automatic solar tracking sensors; Downloadable computer software for remote monitoring and analysis in the field of transport and logistics; Environmental monitoring software; Computer software for use in remote meter monitoring; Cameras for monitoring and inspecting equipment in a nuclear power station; Sensors, detectors and monitoring instruments; Measuring, detecting, monitoring and controlling devices; Liquid level monitoring apparatus; Apparatus for monitoring gas consumption; Apparatus for monitoring heat consumption; Apparatus for monitoring water consumption; Sensors for monitoring physical movements; Apparatus for monitoring electrical energy consumption. Diagnostic, examination, and monitoring equipment; Patient monitoring sensors and alarms; Sensor apparatus for medical use in monitoring the vital signs of patients; Heart rate monitoring apparatus; Blood glucose monitoring apparatus; Patient monitoring instruments. Data processing; Data processing management; Data processing services; Automated data processing; Data processing, systematization and management; Administrative support and data processing services. Installation, maintenance and repair of temperature control apparatus; Advisory services relating to the maintenance of environmental control systems; Advisory services relating to the repair of environmental control systems; Providing information relating to the repair or maintenance of water pollution control equipment; Repair of water pollution control equipment; Maintenance of water pollution control equipment; Maintenance and repair of physical access control; Maintenance and repair of access control systems; Repair or maintenance of water pollution control equipment; Maintenance of passenger lifts via remote monitoring systems. Providing telecommunications connections to the internet, databases and software platforms for tracking, tracing, positioning, visualizing on digital maps, and remote-control of mobile objects; online services, namely, electronic transmission of messages, in particular for computer-assisted management and tracking, dispatching, and controlling movable objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes. Location tracking of individuals and mobile objects using computers, PCs, notebooks, tablets, cellphones or similar devices; fleet control of motor vehicles and containers by means of electronic navigation and tracking apparatus; computer-aided tracking of motor vehicles, ships, containers, installations, machines and individuals; information relating to transport services by a website; Cargo tracking services; Tracking and tracing of shipments; Electronic tracking of parcels for third parties; Locating and tracking of cargo for transportation purposes; Tracking of passenger vehicles by computer or via GPS; Tracking of passenger or freight vehicles by computer or via GPS; Advisory services relating to the tracking of goods in transit; Tracking, locating, dispatching and monitoring of mobile objects & devices, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes, for commercial purposes with the use of computers, PCs, notebooks, tablets, cellphones or similar devices. Providing temporary use of non-downloadable computer software in combination with online mapping services, for tracking the location of individuals and mobile objects over computer networks, intranet and the internet in the field of transport and logistics; providing a website featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; Creation of control programs for automated measurement, assembly, adjustment, and related visualization; Design and development of computer software for process control in the field of transport and logistics; Providing temporary use of non-downloadable computer software for tracking packages over computer networks, intranets and the internet; Providing temporary use of non-downloadable computer software for tracking freight over computer networks, intranets and the internet; Design and development of software for control, regulation and monitoring of solar energy systems; Providing temporary use of online, non-downloadable computer software for use in broadcast monitoring applications in the field of transport and logistics; Monitoring of computer systems for security purposes; Monitoring of computer systems to detect breakdowns; Monitoring of computer systems for detecting unauthorized access or data breach; Machine condition monitoring; Monitoring of building structures; Monitoring of contaminated land; Condition monitoring relating to fluids; Condition monitoring relating to greases; Condition monitoring relating to lubricants; Condition monitoring relating to oils; Services for monitoring industrial processes; Monitoring of contaminated land for gas; Airborne remote monitoring relating to scientific explorations; Monitoring the quality control of seismic procedures; Monitoring of activities which influence the environment within buildings; Monitoring of events which influence the environment within buildings; Monitoring of events which influence the environment within civil engineering structures; Monitoring of activities which influence the environment within civil engineering structures; Monitoring of commercial and industrial sites for detection of volatile and non-volatile organic compounds; Environmental monitoring services; Environmental monitoring of waste storage areas; Environmental monitoring of waste treatment areas; Airborne remote monitoring relating to environmental explorations; Monitoring of water quality; Monitoring of stream water quality; Process monitoring for quality assurance. Monitoring of patients; Remote monitoring of medical data for medical diagnosis and treatment. Stolen property tracking and location services, namely, computer-assisted locating of vehicles, ships, equipment, machines and individuals; stolen property tracking and location services, namely, determining the location of individuals and mobile objects by means of computers, PCs, notebooks, tablets, cellphones or similar devices; Locating and tracking of lost property; Monitoring fire alarms; Monitoring of alarms; Medical alarm monitoring; Monitoring of security systems; Monitoring fire detection systems; Home security alarm monitoring; Monitoring burglar and security alarms; Monitoring of burglar and security alarms; Electronic monitoring services for security purposes.
59.
SECURE SESSION CAPABILITY BY ENCRYPTION OF RANDOM NUMBERS IN HANDSHAKE MESSAGES UNDER A PRESHARED KEY
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Patel, Praveen
Abstract
Disclosed herein is a method for ensuring secure TLS13 sessions in which the random data in client and server hello messages are encrypted under a unique ssPSK shared previously with both the client and the server, therein making it impossible for hackers / bots to ascertain said random data to generate the sessions key.
09 - Scientific and electric apparatus and instruments
10 - Medical apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
44 - Medical, veterinary, hygienic and cosmetic services; agriculture, horticulture and forestry services
45 - Legal and security services; personal services for individuals.
Goods & Services
Electronic devices for locating individuals and mobile objects, in particular, vehicles, containers and goods, through use of GPS, cellular telephone networks and radio frequency ranging and triangulation; electronic transponder devices for property protection; signaling and checking apparatus and instruments utilizing tracking and positioning technologies, namely, transponders, GPS receivers, cellular modems, radio ranging devices, laser or other ray-based distance measuring devices which enable positioning by triangulation for use in the dispatch, control, as well as the prevention of unauthorized use of movable objects, namely, persons, land, air, rail, ship, and space vehicles, boxes, parcels, trailers, swap trailers, containers of all types and sizes; electronic location transponders, in particular for satellites and GPS systems; apparatus for tracking and positioning of mobile objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes; computer program for smartphones or other electronic devices featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; Internet of Things gateways; Internet of Things sensors; Computer hardware modules for use with the Internet of Things; Computer application software for use in implementing the Internet of Things; Data processing systems; Data processing software; Computer software for the remote control of office machines and equipment; Machine control software; Environmental control software; Application software to control lighting; Software to control building environmental, access and security systems; Software for monitoring, analyzing, controlling and running physical world operations, Lighting control software for use in commercial and industrial facilities; Wireless controllers to remotely monitor and control the function and status of security systems; Wireless controllers to remotely monitor and control the function and status of electrical, electronic, and mechanical devices or systems; Measuring and control devices for air conditioning technology; Remote control telemetering machines and instruments; Vehicle tracking apparatus; Vehicle tracking systems; Navigation, guidance, tracking, targeting and map making devices; Automatic solar tracking sensors; Downloadable computer software for remote monitoring and analysis; Environmental monitoring software; Computer software for use in remote meter monitoring; Cameras for monitoring and inspecting equipment in a nuclear power station; Sensors, detectors and monitoring instruments; Measuring, detecting, monitoring and controlling devices; Liquid level monitoring apparatus; Apparatus for monitoring gas consumption; Apparatus for monitoring heat consumption; Apparatus for monitoring water consumption; Sensors for monitoring physical movements; Apparatus for monitoring electrical energy consumption. Diagnostic, examination, and monitoring equipment; Patient monitoring sensors and alarms; Sensor apparatus for medical use in monitoring the vital signs of patients; Heart rate monitoring apparatus; Blood glucose monitoring apparatus; Patient monitoring instruments. Data processing; Data processing management; Data processing services; Automated data processing; Data processing, systematization and management; Administrative support and data processing services. Installation, maintenance and repair of temperature control apparatus; Advisory services relating to the maintenance of environmental control systems; Advisory services relating to the repair of environmental control systems; Providing information relating to the repair or maintenance of water pollution control equipment; Repair of water pollution control equipment; Maintenance of water pollution control equipment; Maintenance and repair of physical access control; Maintenance and repair of access control systems; Repair or maintenance of water pollution control equipment; Maintenance of passenger lifts via remote monitoring systems. Providing telecommunications connections to the internet, databases and software platforms for tracking, tracing, positioning, visualizing on digital maps, and remote-control of mobile objects; online services, namely, electronic transmission of messages, in particular for computer-assisted management and tracking, dispatching, and controlling movable objects, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes. Location tracking of individuals and mobile objects using computers, PCs, notebooks, tablets, cellphones or similar devices; fleet control of motor vehicles and containers by means of electronic navigation and tracking apparatus; computer-aided tracking of motor vehicles, ships, containers, installations, machines and individuals; information relating to transport services by a website; Cargo tracking services; Tracking and tracing of shipments; Electronic tracking of parcels for third parties; Locating and tracking of cargo for transportation purposes; Tracking of passenger vehicles by computer or via GPS; Tracking of passenger or freight vehicles by computer or via GPS; Advisory services relating to the tracking of goods in transit; Tracking, locating, dispatching and monitoring of mobile objects & devices, namely, individuals, equipment, land, air, rail and space vehicles, boats, boxes, parcels, trailers, swap trailers, containers of all types and sizes, for commercial purposes with the use of computers, PCs, notebooks, tablets, cellphones or similar devices. Providing temporary use of non-downloadable computer software in combination with online mapping services, for tracking the location of individuals and mobile objects over computer networks, intranet and the internet; providing a website featuring technology enabling users to remotely view, monitor, program, operate, dispatch and control fleet vehicles or other mobile logistics objects; Creation of control programs for automated measurement, assembly, adjustment, and related visualization; Design and development of computer software for process control; Providing temporary use of non-downloadable computer software for tracking packages over computer networks, intranets and the internet; Providing temporary use of non-downloadable computer software for tracking freight over computer networks, intranets and the internet; Design and development of software for control, regulation and monitoring of solar energy systems; Providing temporary use of online, non-downloadable computer software for use in broadcast monitoring applications; Monitoring of computer systems for security purposes; Monitoring of computer systems to detect breakdowns; Monitoring of computer systems for detecting unauthorized access or data breach; Machine condition monitoring; Monitoring of building structures; Monitoring of contaminated land; Condition monitoring relating to fluids; Condition monitoring relating to greases; Condition monitoring relating to lubricants; Condition monitoring relating to oils; Services for monitoring industrial processes; Monitoring of contaminated land for gas; Airborne remote monitoring relating to scientific explorations; Monitoring the quality control of seismic procedures; Monitoring of activities which influence the environment within buildings; Monitoring of events which influence the environment within buildings; Monitoring of events which influence the environment within civil engineering structures; Monitoring of activities which influence the environment within civil engineering structures; Monitoring of commercial and industrial sites for detection of volatile and non-volatile organic compounds; Environmental monitoring services; Environmental monitoring of waste storage areas; Environmental monitoring of waste treatment areas; Airborne remote monitoring relating to environmental explorations; Monitoring of water quality; Monitoring of stream water quality; Process monitoring for quality assurance. Monitoring of patients; Remote monitoring of medical data for medical diagnosis and treatment. Stolen property tracking and location services, namely, computer-assisted locating of vehicles, ships, equipment, machines and individuals; stolen property tracking and location services, namely, determining the location of individuals and mobile objects by means of computers, PCs, notebooks, tablets, cellphones or similar devices; Locating and tracking of lost property; Monitoring fire alarms; Monitoring of alarms; Medical alarm monitoring; Monitoring of security systems; Monitoring fire detection systems; Home security alarm monitoring; Monitoring burglar and security alarms; Monitoring of burglar and security alarms; Electronic monitoring services for security purposes.
61.
INSTALLING AN OPERATING SYSTEM IN A PROCESSOR DEVICE, IN PARTICULAR A SAFETY MODULE
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Stocker, Thomas
Steinmeier, Steffen
Jager, Barbara
Abstract
The invention relates to a method for installing an operating system in a processor device, which operating system comprises a plurality of two or more sets of operating-system functionalities, or for installing parts of such an operating system, the method comprising the following steps: - loading the operating system, or the parts of the operating system, in the processor device; and - installing the loaded operating system, or the loaded parts of the operating system, in the processor device; characterised in that a) the operating system, or the parts of the operating system, is/are loaded in the form of at least one or more mutually separate operating-system modules, wherein the operating-system module or the operating-system module in question b) contains a code which is configured to install a set of operating-system functionalities in the processor device, which set corresponds to the operating-system module, and c) allows for the separate installation of only that set of operating-system functionalities that corresponds to the operating-system module in question, in particular without further sets of operating-system functions being installed.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Patino, David
Gifre, Clara
Ruau, Federico
Gomez Jimenez, Ruben
Abstract
A method is for updating an operating system, OS, administering a file system in a secure element, SE. The method includes the steps of providing an update agent in the SE; assuming control of the SE by the update agent from the operating system; loading an OS image into the SE, the OS image representing an update of the operating system; providing an updated operating system by installing the OS image; and handing over control of the SE by the update agent to the updated operating system. Within this update process, the update agent provides a provisional file system in the SE and administers the provisional file system as long as the update agent is in control of the SE. A respective secure element, a respective update agent, and to a respective computer-program product employ the method.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Patino, David
Gifre, Clara
Ruau, Federico
Abstract
A method and a device for upgrading an Executable Load File, ELF, having dependencies, on a Secure Element, SE. The method includes in a first step receiving a request for upgrading an ELF. The request involves a first identifier, identifying a first ELF version loaded on the SE, a second identifier, identifying a second ELF version loaded on the SE, and an upgrade option. Upon receiving the request, dependencies of the first ELF version from other ELFs loaded or stored on the SE are determined. Subsequently, if dependencies have been determined, it is checked whether the upgrade re-quest is allowed. If the update request is allowed, an upgrade session is started and the first ELF version is replaced with the second ELF version. The dependencies of the first ELF version are then linked to the second ELF version.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
64.
CHANGE AND RECOVERY OF PERSONALIZATION DATA IN A SECURE ELEMENT
Giesecke+Devrient Mobile Security Germany GmbH (Germany)
Inventor
Gifre, Clara
Patino, David
Gomez, Xavier
Naranjo Gallardo, Patricia
Abstract
A method is provided for changing and recovering personalization data of a trusted software in a secure element and changing and restoring diversified data. The method includes the steps of providing an update agent in the secure element; storing personalization data in the installed software; performing a Full Reflash to recover or update a software or operating system comprising the steps of first securing personalization data to a memory of the update agent before, in following step, recovering or loading a software image into the secure element. The method includes as a final step personalizing the software image by the personalization data secured during the first step of the Full Reflash.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/78 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Badawy, Waleed
Patel, Nirmalkumar Vasant
Korber, Frank
Ruiz Litwinski, David
Abstract
A profile provisioning platform, includes a profile database which allows access by at least two different profile providers or/and at least two different use case owners or/and at least two different UICC requesters; and which includes a business relation manager managing access of the different profile providers, use case owners and UICC requesters to data in the profile database.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Huber, Ulrich
Dietze, Claus
Abstract
The invention relates to a terminal (50) with an embedded identification module (70), which is designed to carry out profile management actions, with which a telecommunications profile (80) stored in the embedded identification module (70) can be changed or a new telecommunications profile (80) can be loaded. The embedded identification module (70) has a first assistance module (72), which provides a first interface to a remote management unit (20), and a second assistance module (72), which is connected to the embedded identification module (70) and provides a second interface to a profile provision entity (10). At the same time, either the first assistance module (72) or the second assistance module (52) is active. The terminal (50) obtains command data sets from the remote management unit (20), containing profile management actions. The first assistance module (72) is active and causes a profile management action to be carried out, if the profile management action relates to a change in the status of a telecommunications profile (80) stored in the embedded identification module (70). The second assistance module (52) is active and causes a profile management action to be carried out, if same relates to the loading of a new telecommunications profile (80).
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Lim, Beegek
Rosner, Martin
Abstract
A method for personalizing a secure element, had the following steps: receiving, in a data generator, a request for a bundle of storage images for a plurality of secure elements; obtaining, in the data generator, at least one subscription data set for at least one securing element to be personalized of the plurality of secure elements; providing an operating system or a part of the operating system for the secure element to be personalized; generating, by means of the data generator, a storage image for each of the secure elements according to the received request; and bundling the generated storage image and providing the bundled storage image in the form of a storage image bundle by means of the data generator in order to complete the terminal, thereby introducing at least the storage image of the secure element to be personalized into the secure element.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Sanchez, Alejandro
Dans, Martin
Garcia, Luis Domingo
Gallego, Ixent
Joshi, Mukesh
Arbós, Noemí
Gaur, Mudit
Abstract
The present invention is directed towards a computer-implemented method for operating a distribution server system which allows the reduction of traffic load and especially spam is avoided. Moreover, the present invention is directed towards the distribution server system as such, along with a computer program product comprising instructions for implementing the suggested method and operating the suggested distribution server system.
G06Q 10/107 - Computer-aided management of electronic mailing [e-mailing]
G06Q 30/02 - MarketingPrice estimation or determinationFundraising
H04L 12/18 - Arrangements for providing special services to substations for broadcast or conference
H04L 67/1036 - Load balancing of requests to servers for services different from user content provisioning, e.g. load balancing across domain name servers
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Shingnapurkar, Rushikesh
Rösner, Martin
Abstract
Exemplary embodiments of a method and a device for implementing a rest state mode for a smart card are provided. A rest state trigger command is received on the smart card by a terminal with which the smart card is in communicative connection. On the smart card, a maximum rest state time is determined and transmitted to the terminal, as a result of which the smart card transitions to the rest state mode.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Dietze, Claus
Abstract
A method of providing to a remote entity a Notification referring to a profile download to an eUICC, includes the following steps: downloading a profile to the eUICC from a Personalization Equipment, wherein the Personalization Equipment is constructed to effect or to support: to provision eUICCs by one or several of: downloading profiles, installing downloaded profiles in eUICCs or supporting such installing, and personalizing eUICCs and/or profiles downloaded to eUICCs or supporting such personalizing; after the profile download, generating at least one Notification referring to the profile download; providing the generated at least one Notification for sending it to a remote entity; generating and providing the at least one Notification at the Personalization Equipment.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Gifre, Clara
Patino, David
Ruau, Federico
Gomez Jimenez , Ruben
Abstract
The present invention relates to a method and an apparatus for managing multiple operating systems on a secure element. A secure element comprises an update agent configured to identify a first operating system, being actively used by the secure element, to identify inactive operating systems within the secure element, which are not actively used by the secure element, and to allocate the inactive operating systems to a storage provider.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Dietze, Claus
Abstract
A profile for implementation in a or implemented in a subscriber identity module (eUICC), wherein the profile can adopt at least a first and a second profile state. The profile including profile metadata. The profile metadata has a profile-state-management flag which can adopt a first and a second flag state of the profile-state-management flag. If the flag adopts the first flag state, any management servers are permitted to change the profile state of the profile.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Amoros, Luis Miguel
Bravo, Hector
De Antonio, Pablo
Gifre, Clara
Patino, David
Abstract
A method is for making sure that a piece of software to be installed on an end device is compatible with an existing software and especially the underlying hardware structure of the end device. Software components can be evaluated before installing them, thus preventing incompatible software components from being installed on an end device which would harm or destroy the same. A system arrangement is implemented in accordance with the suggested method along with a computer program product including control instructions for implementing the suggested method.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Eckardt, Stefan
Rosner, Martin
Lim, Beegek
Abstract
A method for personalizing an integrated secure element, which is permanently installed in a mobile end device. The method involves the agreement of a shared secret between the secure element and an HSM, encrypting an operating system, and possibly personalization data and/or one or several profiles, in the HSM based on the shared secret and transferring the encrypted operating system to the secure element, and re-encrypting the operating system in the secure element for storage in the NVM memory of the mobile end device.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Ruau, Mariano
Gifre, Clara
Garcia Farrés, Andreu
Gomez Soll, Pablo Daniel
Abstract
In a first aspect, the present invention relates to a method for updating an installed software (60a), in particular an operating system, OS, (30a) in a secure element (100). The method comprises the steps of providing S1 an update agent (10) in the secure element (100); securing S3 specific data (35a; 65a) required for operating the installed software (30a; 60a) in a memory (12) of the update agent (10); loading S4a a software image (30b); (60b) into the secure element (100), the software image (30b; 60b) representing an update of the installed software (30a; 60a); and making the software image (30b; 60b) operable by the secured specific data (35b; 65b). According to further aspects, the present invention relates to a respective secure element (100), an update agent (10), and a computerprogram product in relation to other aspects of the invention.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
76.
Backlog mechanism for subscriber profiles on EUICCs
GIESECKE-DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Larsson, Thomas
Abstract
Methods and devices are arranged for managing reset and re-downloaded profiles Over-the-Air on an eUICC. An operator system imports a profiles list from a server, each entry in the list comprising a flag indicating whether the corresponding profile has been downloaded onto the eUICC. Upon receiving, from a mobile network operator, MNO, a request to update a profile on the eUICC, the request comprising a profile identifier and an OTA campaign, the operator system performs a backlog of the OTA campaign for the profile indicated by the profile identifier under consideration of the flag in the corresponding profile entry.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with
telecommunications, mobility, telematic, identity,
authentication or financial services; integrated circuit
cards for use in connection with telecommunications,
mobility, telematic, identity, authentication or financial
services on mobile terminals, in particular on computer
networks and telecommunications networks; cards for use with
mobile terminals; encoded cards, in particular for
telecommunications, mobility, telematic, identity,
authentication or financial services; cards with a
contactless interface; smart cards; security tokens
[encryption devices]; wearable computers; smart meters; data
processing equipment for communication with the aforesaid
cards, in particular mobile terminals, tablets, laptop
computers; servers; cloud servers; server software;
operating system and applications software for the aforesaid
cards and data processing equipment; software for
telecommunications, mobility, telematic, identity,
authentication or financial services; personalisation and
management systems for cards with integrated circuits,
security tokens [encryption units] and other embedded
software; computer programs for development, maintenance and
management of the aforesaid software; computer encryption
and decryption software; downloadable software for
smartcards and mobile terminals. Arranging subscriptions to telecommunication services for
others, arranging subscriptions to telematics, telephone or
computer services; data processing for the collection of
data for business purposes; data management services;
business data analysis services; marketing research, all of
the aforesaid services being in particular in connection
with the manufacture and/or personalisation of chip cards
and other electronic data carriers; targeted data search for
others in computer files. Installation, maintenance and repair of computer systems and
networks [hardware], and telecommunications hardware for
network systems, internet access, telecommunications
systems, electronic commerce [e-commerce] and electronic
payment transactions; maintenance of computerised systems,
in particular of communication systems [hardware];
installation, maintenance and consultancy relating to
installation, maintenance and repair of computer hardware;
installation and maintenance of hardware for computer
networks and internet access. Telecommunication services; telecommunications consultancy,
telecommunications for operation of telecommunications
systems, mobile communications networks, wireless
communication services, telecommunications cabling, routing
and connection services, location-based-services for
telecommunications networks; data transfer, in particular in
connection with subscriptions to telematic, telephone or
computer services and in particular in connection with
remote maintenance of machines; providing access to
telecommunications infrastructures for others, in particular
for electronic payment services; telecommunications relating
to the processing of payment transactions in electronic
commerce via networks, in particular on the internet and via
mobile telecommunications networks; providing of access to a
platform for the processing of payment transactions on
networks, in particular on the internet and mobile
telecommunications networks; secured transmission of
information on networks and other telecommunications
networks; consultancy relating to communication systems. Scientific and technological consultancy, research and
development in connection with computer hardware, software,
portable data carriers and telecommunications; server
administration; server hosting; hosting of computerized
data, files, applications and information; design and
development of computerised systems, in particular
communication systems; providing virtual computer systems
through cloud computing; technological consultancy in
relation to computerised systems; design of software, in
particular for telecommunications systems; programming of
operating software for computer networks and servers;
providing of security services in relation to computers,
computer networks and computer transactions, in particular
in connection with mobile communications networks; data
security services; installation, maintenance and consultancy
with regard to software; development of concepts for the
safeguarding of electronic communication processes and
identity verification processes in the business and private
sectors based on cryptographic methods and authentication
processes, and installation and maintenance of related
software; certification agency computer security services
for issuing and administrating certified codes and
algorithms; authentication services and computer security
services for managing certified keys and algorithms; data
mining; it consultancy and programming for generating
digital identities; it consultancy and programming for
generating digital certificates; distribution [issuance] of
digital certificates.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with
telecommunications, mobility, telematic, identity,
authentication or financial services; integrated circuit
cards for use in connection with telecommunications,
mobility, telematic, identity, authentication or financial
services on mobile terminals, in particular on computer
networks and telecommunications networks; cards for use with
mobile terminals; encoded cards, in particular for
telecommunications, mobility, telematic, identity,
authentication or financial services; cards with a
contactless interface; smart cards; security tokens
[encryption devices]; wearable computers; smart meters; data
processing equipment for communication with the aforesaid
cards, in particular mobile terminals, tablets, laptop
computers; servers; cloud servers; server software;
operating system and applications software for the aforesaid
cards and data processing equipment; software for
telecommunications, mobility, telematic, identity,
authentication or financial services; personalisation and
management systems for cards with integrated circuits,
security tokens [encryption units] and other embedded
software; computer programs for development, maintenance and
management of the aforesaid software; computer encryption
and decryption software; downloadable software for
smartcards and mobile terminals. Arranging subscriptions to telecommunication services for
others, arranging subscriptions to telematics, telephone or
computer services; data processing for the collection of
data for business purposes; data management services;
business data analysis services; marketing research, all of
the aforesaid services being in particular in connection
with the manufacture and/or personalisation of chip cards
and other electronic data carriers; targeted data search for
others in computer files. Installation, maintenance and repair of computer systems and
networks [hardware], and telecommunications hardware for
network systems, internet access, telecommunications
systems, electronic commerce [e-commerce] and electronic
payment transactions; maintenance of computerised systems,
in particular of communication systems [hardware];
installation, maintenance and consultancy relating to
installation, maintenance and repair of computer hardware;
installation and maintenance of hardware for computer
networks and internet access. Telecommunication services; telecommunications consultancy,
telecommunications for operation of telecommunications
systems, mobile communications networks, wireless
communication services, telecommunications cabling, routing
and connection services, location-based-services for
telecommunications networks; data transfer, in particular in
connection with subscriptions to telematic, telephone or
computer services and in particular in connection with
remote maintenance of machines; providing access to
telecommunications infrastructures for others, in particular
for electronic payment services; telecommunications relating
to the processing of payment transactions in electronic
commerce via networks, in particular on the internet and via
mobile telecommunications networks; providing of access to a
platform for the processing of payment transactions on
networks, in particular on the internet and mobile
telecommunications networks; secured transmission of
information on networks and other telecommunications
networks; consultancy relating to communication systems. Scientific and technological consultancy, research and
development in connection with computer hardware, software,
portable data carriers and telecommunications; server
administration; server hosting; hosting of computerized
data, files, applications and information; design and
development of computerised systems, in particular
communication systems; providing virtual computer systems
through cloud computing; technological consultancy in
relation to computerised systems; design of software, in
particular for telecommunications systems; programming of
operating software for computer networks and servers;
providing of security services in relation to computers,
computer networks and computer transactions, in particular
in connection with mobile communications networks; data
security services; installation, maintenance and consultancy
with regard to software; development of concepts for the
safeguarding of electronic communication processes and
identity verification processes in the business and private
sectors based on cryptographic methods and authentication
processes, and installation and maintenance of related
software; certification agency computer security services
for issuing and administrating certified codes and
algorithms; authentication services and computer security
services for managing certified keys and algorithms; data
mining; it consultancy and programming for generating
digital identities; it consultancy and programming for
generating digital certificates; distribution [issuance] of
digital certificates.
79.
Token, particularly OTP, based authentication system and method
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Sangai, Shreyas
Abstract
A method for authenticating a mobile device of a user versus a third-party such that instead of a mobile phone number MSISDN of the mobile device, a Universal Unique User Identifier, U3I, assigned to the mobile device is used, in combination with a secure routing service server constructed to communicate with a third-party server and with an MNO server. The secure routing service server and the MNO server interact to translate the Universal Unique User Identifier, U3I, to the mobile phone number MSISDN so as to enable sending the token to the mobile device.
GIESECK+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Nitsch, Nils
Abstract
The invention relates to a method for setting up a subscription profile in a subscriber identity module, preferably an embedded UICC, wherein the following method steps take place in the subscriber identity module: receiving a subscription profile encrypted with a cryptographic key of a subscription server, wherein the cryptographic key for decrypting the subscription profile is unknown to the subscriber identity module at the time of receiving; storing the encrypted subscription profile without decrypting the subscription profile; receiving the cryptographic key at a time after the storing step; decrypting the encrypted subscription profile with the cryptographic key; and installing the decrypted subscription profile to set up the subscription profile in the subscriber identity module. The invention also relates to a corresponding method in a subscription server, a subscriber identity module, and a computer program product.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in connection with telecommunications, mobility, telematic, identity, authentication and financial services; integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in connection with telecommunications, mobility, telematic, identity, authentication and financial services on mobile terminals, in particular on computer networks and telecommunications networks; cards for use with mobile terminals, namely, SIM cards, embedded SIM cards, integrated SIM cards; encoded cards, namely, encoded chip cards for use in cryptographic methods, in particular for telecommunications, mobility, telematic, identity, authentication and financial services; cards with a contactless interface, namely, cards with integrated circuits; blank smart cards; security tokens [encryption devices]; wearable computers in the nature of smartwatches and smart glasses; smart meters being electricity meter; data processing equipment for communication with cards with integrated circuits, in particular mobile terminals, tablets, laptop computers; computer network servers; cloud servers; downloadable and recorded network access server operating software; downloadable and recorded operating system and applications software for telecommunications, mobility, telematic, identity, authentication and financial services in connection with the aforesaid cards and data processing equipment; downloadable and recorded software for telecommunications, mobility, telematic, identity, authentication and financial services for use in database management and cellular communication; personalisation and management systems in the nature of downloadable and recorded software programs for cellular communication and data services, database management, encryption, and decryption for use in connection with cards with integrated circuits, security tokens and other embedded software; downloadable and recorded computer programs for development, maintenance and management of the aforesaid software in the nature of programming software; downloadable and recorded computer software for use in encryption and decryption services; downloadable software for smartcards and mobile terminals, namely software for accessing, authenticating, tracking, encrypting, and transmitting information in the field of financial transactions. (1) Arranging subscriptions to telecommunication services for others, arranging subscriptions to telematics, telephone or computer services; data processing for the collection of data for business purposes; data management services, namely, data collection and data consolidation; business data analysis services in the field of information security; marketing research, all of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers; targeted data search for others in computer files.
(2) Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; maintenance of hardware for computerized systems, in particular of communication systems hardware; installation and maintenance of hardware for computer networks and internet access.
(3) Telecommunication services, namely, leasing of telecommunications equipment; telecommunications consultancy in the field of telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; data transfer by telecommunications, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; providing access to telecommunications infrastructures for others, in particular for electronic payment services; telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; providing of telecommunications access to an online platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; secured transmission of information on networks and other telecommunications networks; consultancy relating to communication systems.
(4) Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; server administration; server hosting; hosting of computerized data, files, applications and information; design and development of computerised systems, in particular communication systems; providing virtual computer systems through cloud computing; technological consultancy in relation to computerised systems; design of software, in particular for telecommunications systems; programming of operating software for computer networks and servers; providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; data security services; installation, maintenance and consultancy with regard to software; development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency computer security services for issuing and administrating certified codes and algorithms; authentication services and computer security services for managing certified keys and algorithms; data mining; it consultancy and programming for generating digital identities; it consultancy and programming for generating digital certificates; distribution [issuance] of digital certificates.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in connection with telecommunications, mobility, telematic, identity, authentication and financial services; integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in connection with telecommunications, mobility, telematic, identity, authentication and financial services on mobile terminals, in particular on computer networks and telecommunications networks; cards for use with mobile terminals, namely, SIM cards, embedded SIM cards, integrated SIM cards; encoded cards, namely, encoded chip cards for use in cryptographic methods, in particular for telecommunications, mobility, telematic, identity, authentication and financial services; cards with a contactless interface, namely, cards with integrated circuits; blank smart cards; security tokens [encryption devices]; wearable computers in the nature of smartwatches and smart glasses; smart meters being electricity meter; data processing equipment for communication with cards with integrated circuits, in particular mobile terminals, tablets, laptop computers; computer network servers; cloud servers; downloadable and recorded network access server operating software; downloadable and recorded operating system and applications software for telecommunications, mobility, telematic, identity, authentication and financial services in connection with the aforesaid cards and data processing equipment; downloadable and recorded software for telecommunications, mobility, telematic, identity, authentication and financial services for use in database management and cellular communication; personalization and management systems in the nature of downloadable and recorded software programs for cellular communication and data services, database management, encryption, and decryption for use in connection with cards with integrated circuits, security tokens and other embedded software; downloadable and recorded computer programs for development, maintenance and management of the aforesaid software in the nature of programming software; downloadable and recorded computer software for use in encryption and decryption services; downloadable software for smartcards and mobile terminals, namely software for accessing, authenticating, tracking, encrypting, and transmitting information in the field of financial transactions. (1) Arranging subscriptions to telecommunication services for others, arranging subscriptions to telematics, telephone or computer services; data processing for the collection of data for business purposes; data management services, namely, data collection and data consolidation; business data analysis services in the field of information security; marketing research, all of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers; targeted data search for others in computer files.
(2) Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; maintenance of hardware for computerized systems, in particular of communication systems hardware; installation and maintenance of hardware for computer networks and internet access.
(3) Telecommunication services, namely, leasing of telecommunications equipment; telecommunications consultancy in the field of telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; data transfer by telecommunications, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; providing access to telecommunications infrastructures for others, in particular for electronic payment services; telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; providing of telecommunications access to an online platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; secured transmission of information on networks and other telecommunications networks; consultancy relating to communication systems.
(4) Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; server administration; server hosting; hosting of computerized data, files, applications and information; design and development of computerised systems, in particular communication systems; providing virtual computer systems through cloud computing; technological consultancy in relation to computerised systems; design of software, in particular for telecommunications systems; programming of operating software for computer networks and servers; providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; data security services; installation, maintenance and consultancy with regard to software; development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency computer security services for issuing and administrating certified codes and algorithms; authentication services and computer security services for managing certified keys and algorithms; data mining; it consultancy and programming for generating digital identities; it consultancy and programming for generating digital certificates; distribution [issuance] of digital certificates.
83.
Method for providing subscription profiles, subscriber identity module and subscription server
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Nitsch, Nils
Abstract
The invention relates to a method for providing subscription profiles to a subscriber identity module, preferably an eUICC, by means of a subscription server, preferably an SM-DP, wherein: the subscription server has knowledge of a first subscription profile, which is installed in the subscriber identity module, has a first profile file structure and first profile data stored in the first profile file structure; and at least a portion of a second profile file structure of a second subscription profile is flagged in the subscription server and the second subscription profile is sent to the subscriber identity module, the flagged portion of the second subscription profile being sent without second profile data. The invention additionally relates to a corresponding method in a subscriber identity module, a subscriber identity module, a subscription server and a computer program product.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Morawietz, Andreas
Nitsch, Nils
Huber, Ulrich
Wimbock, Ulrich
Abstract
A method for managing subscription profiles of a security element, which is provided for use in a mobile end device and on which a profile manager and at least one first subscription profile is loaded, includes: loading a second subscription profile from a subscription management server; checking whether the at least one first loaded subscription profile satisfies a predetermined condition; and putting the at least one first subscription profile out of operation when the at least one first subscription profile satisfies the predetermined condition.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Laina Farell, Joan Carles
Honorato Garcia, José Ignacio
Patiño Piedra, David
Sanchez Muñoz, Blanca Esther
Abstract
It is provided a method for transferring and managing data packages between a first portable secure element, SE, server implemented in a portable device (100, 200) and a second portable SE server implemented in an embedded UICC, eUICC (120, 240), comprised in a user's device (110, 230) which is local to the portable device (100, 200), the first and second portable SE severs comprising Subscription Manager, SM, functionalities, the method comprises the first and the second portable SE servers establishing off-line communication using local data transport protocols in a secured mode, the first or the second portable SE server implementing first transfer functionalities (140) for performing secure transfer of the data packages and the first or the second portable SE server implementing second transfer functionalities (140) for performing end-to-end securing of the data packages after the secure transfer of the data packages.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services; Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, mobility, telematic, identity, authentication or financial services; Cards with a contactless interface; Smart cards; Security tokens [encryption devices]; Wearable computers; Smart meters; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Servers; Cloud servers; Server software; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, mobility, telematic, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, security tokens [encryption units] and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; computer encryption and decryption software; Downloadable software for smartcards and mobile terminals. Arranging subscriptions to telecommunication services for others, Arranging subscriptions to telematics, telephone or computer services; Data processing for the collection of data for business purposes; Data management services; Business data analysis services; Marketing research, All of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers; Targeted data search for others in computer files. Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; Maintenance of computerised systems, in particular of communication systems; Installation, maintenance and consultancy relating to the aforesaid hardware; Installation and maintenance of hardware for computer networks and Internet access. Telecommunication services; Telecommunications consultancy, telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; Data transfer, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; Providing access to telecommunications infrastructures for others, in particular for electronic payment services; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks; Consultancy relating to communication systems. Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; Server administration; sever hosting; Hosting of computerized data, files, applications and information; Design and development of computerised systems, in particular communication systems; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems; Design of software, in particular for telecommunications systems; Programming of operating software for computer networks and servers; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Installation, maintenance and consultancy with regard to the aforesaid software; Development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; Certification agency services (trust centres), in particular issuing and administration of certified codes and algorithms; Authentication services and fiduciary issue and management of certified keys and algorithms; Data mining; IT services for generating digital identities; IT services for generating digital certificates; Distribution [issuance] of digital certificates.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services; Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, mobility, telematic, identity, authentication or financial services; Cards with a contactless interface; Smart cards; Security tokens [encryption devices]; Wearable computers; Smart meters; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Servers; Cloud servers; Server software; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, mobility, telematic, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, security tokens [encryption units] and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; computer encryption and decryption software; Downloadable software for smartcards and mobile terminals. Arranging subscriptions to telecommunication services for others, Arranging subscriptions to telematics, telephone or computer services; Data processing for the collection of data for business purposes; Data management services; Business data analysis services; Marketing research, All of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers; Targeted data search for others in computer files. Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; Maintenance of computerised systems, in particular of communication systems; Installation, maintenance and consultancy relating to the aforesaid hardware; Installation and maintenance of hardware for computer networks and Internet access. Telecommunication services; Telecommunications consultancy, telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; Data transfer, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; Providing access to telecommunications infrastructures for others, in particular for electronic payment services; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks; Consultancy relating to communication systems. Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; Server administration; sever hosting; Hosting of computerized data, files, applications and information; Design and development of computerised systems, in particular communication systems; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems; Design of software, in particular for telecommunications systems; Programming of operating software for computer networks and servers; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Installation, maintenance and consultancy with regard to the aforesaid software; Development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency services (trust centers), In particular issuing and management of certified keys and algorithms; Authentication services and fiduciary issue and management of certified keys and algorithms; Data mining; IT services for generating digital identities; IT services for generating digital certificates; Distribution [issuance] of digital certificates.
88.
Polling from device to OTA core system via OTA edge system
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Hult, Jorgen
Thorstensson, Par
Thorstensson, Tommy
Kokeritz, Anders
Bolander, Mats
Eklund, Joachim
Gaur, Mudit
Ohlsson, Michael
Abstract
An OTA Edge system, constructed to: (1) receive polling requests, dedicated to an OTA Core system, from one or several mobile end de-vices; wherein an offload filter implemented in the OTA Edge system and constructed to: (2) accept polling requests from mobile end devices for which contents are present on the OTA Core system, and (2′) reject polling re-quests from mobile end devices for which no contents are present on the OTA Core system.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Amoros, Luis Miguel
Monter Prat, Jordi
Abstract
Methods, devices and systems are provided for performing remote file management, RFM, operations at a secure element, SE. A secure file update script is received at an OfflineRFMAgent, located within the SE, from an off card entity, OCE. The secure file update script has been generated offline by an SE issuer managing the OCE, using a decentralized remote file management, DRFM, platform, and comprises a plurality of remote management commands for carrying out file management operations on the SE. In a further step, a security level authentication between the OCE and SE based on the secure file update script is performed. If the security level authentication is successful, in a subsequent step a secure channel session between the OCE and the SE is established through the OfflineRFMAgent. Finally, the plurality of remote management commands is processed to remotely manage a file system on the SE.
09 - Scientific and electric apparatus and instruments
16 - Paper, cardboard and goods made from these materials
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services; Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, mobility, telematic, identity, authentication or financial services; Cards with a contactless interface; Smart cards; Security tokens [encryption devices]; Wearable computers; Smart meters; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Servers; Cloud servers; Server software; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, mobility, telematic, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, security tokens [encryption units] and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; computer encryption and decryption software; Downloadable software for smartcards and mobile terminals. Paper; Millboard; Folding boxes, made of the follwing materials, Paper, Millboard; mailing folders, Packaging boxes, made of the follwing materials, Paper, Millboard; Packaging materials made from paper or card; Packaging of paper or cardboard; Bags, pouches and goods of paper or cardboard for packaging, wrapping and storage purposes. Telecommunication services; Telecommunications consultancy; Operation of telecommunications systems; Wireless communications services; Mobile communication network services; Telecommunications routing and junction services; Location-based telecommunications network services; Computer network communications, Communication by computer terminals, Communications by fibreoptic networks; Radio communications services, Telephony communication services; Data transmission, Especially, In connection with subscriptions, in relation to the following fields, Telematics services, Telephone services, Computer service; Providing third party users with access to telecommunication infrastructure; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks; Consultancy relating to communication systems. Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; Server administration; sever hosting; Hosting of computerized data, files, applications and information; Design and development of computerised systems, in particular communication systems; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems; Design of software, in particular for telecommunications systems; Programming of operating software for computer networks and servers; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Installation, maintenance and consultancy with regard to the aforesaid software; Development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency services (trust centers), In particular issuing and management of certified keys and algorithms; Authentication services and fiduciary issue and management of certified keys and algorithms; Data mining; IT services for generating digital identities; IT services for generating digital certificates; Distribution [issuance] of digital certificates.
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Götze, Frank
Dietze, Claus
Eichholz, Jan
Abstract
A chip set for a terminal comprises at least one secure processor, in which a one-time programmable memory is integrated. At least one terminal serial number of the terminal is stored in the chip set. Information for securing the terminal serial number against tampering is stored in the one-time programmable memory.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with
telecommunications, mobility, telematic, identity,
authentication or financial services; integrated circuit
cards for use in connection with telecommunications,
mobility, telematic, identity, authentication or financial
services on mobile terminals, in particular on computer
networks and telecommunications networks; cards for use with
mobile terminals; encoded cards, in particular for
telecommunications, mobility, telematic, identity,
authentication or financial services; cards with a
contactless interface; smart cards; security tokens
[encryption devices]; wearable computers; smart meters; data
processing equipment for communication with the aforesaid
cards, in particular mobile terminals, tablets, laptop
computers; servers; cloud servers; server software;
operating system and applications software for the aforesaid
cards and data processing equipment; software for
telecommunications, mobility, telematic, identity,
authentication or financial services; personalisation and
management systems for cards with integrated circuits,
security tokens [encryption units] and other embedded
software; computer programs for development, maintenance and
management of the aforesaid software; computer encryption
and decryption software; downloadable software for
smartcards and mobile terminals. Arranging subscriptions to telecommunication services for
others, arranging subscriptions to telematics, telephone or
computer services; data processing for the collection of
data for business purposes; data management services;
business data analysis services; marketing studies, all of
the aforesaid services being in particular in connection
with the manufacture and/or personalisation of chip cards
and other electronic data carriers; targeted data search for
others in computer files. Installation, maintenance and repair of computer systems and
networks [hardware], and telecommunications hardware for
network systems, internet access, telecommunications
systems, electronic commerce [e-commerce] and electronic
payment transactions; maintenance of computerised systems,
in particular of communication systems; installation,
maintenance and consultancy relating to the aforesaid
hardware; installation and maintenance of hardware for
computer networks and internet access. Telecommunications; telecommunications consultancy,
telecommunications for operation of telecommunications
systems, mobile communications networks, wireless
communication services, telecommunications cabling, routing
and connection services, location-based-services for
telecommunications networks; data transfer, in particular in
connection with subscriptions to telematic, telephone or
computer services and in particular in connection with
remote maintenance of machines; providing access to
telecommunications infrastructures for others, in particular
for electronic payment services; telecommunications relating
to the processing of payment transactions in electronic
commerce via networks, in particular on the internet and via
mobile telecommunications networks; providing of access to a
platform for the processing of payment transactions on
networks, in particular on the internet and mobile
telecommunications networks; secured transmission of
information on networks and other telecommunications
networks; consultancy relating to communication systems. Scientific and technological consultancy, research and
development in connection with computer hardware, software,
portable data carriers and telecommunications; server
administration; server hosting; hosting of computerized
data, files, applications and information; design and
development of computerised systems, in particular
communication systems; providing virtual computer systems
through cloud computing; consultancy in relation to
computerised systems; design of software, in particular for
telecommunications systems; programming of operating
software for computer networks and servers; providing of
security services in relation to computers, computer
networks and computer transactions, in particular in
connection with mobile communications networks; data
security services; installation, maintenance and consultancy
with regard to the aforesaid software; development of
concepts for the safeguarding of electronic communication
processes and identity verification processes in the
business and private sectors based on cryptographic methods
and authentication processes, and installation and
maintenance of related software; certification agency
services (trust centers), in particular issuing and
management of certified keys and algorithms; authentication
services and fiduciary issue and management of certified
keys and algorithms; data mining; IT services for generating
digital identities; IT services for generating digital
certificates; distribution [issuance] of digital
certificates.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in cryptographic methods and authentication processes in connection with telecommunications, mobility, telematic, identity, authentication or financial services; integrated circuit cards, namely, encoded integrated circuit cards for use in cryptographic methods and authentication processes in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; cards for use with mobile terminals, namely, SIM cards, embedded SIM cards, integrated SIM cards, embedded secure elements in the nature of SIM cards, and integrated secure elements in the nature of SIM cards; encoded cards, namely, encoded electronic chip cards for use in cryptographic methods and authentication processes in connection with telecommunications, mobility, telematic, identity, authentication or financial services; cards with a contactless interface, namely, cards with integrated circuits; smart cards, namely, encoded integrated circuit cards for use in cryptographic methods and authentication processes; security tokens [encryption devices]; wearable computers, namely, smartwatch, wearable activity trackers, smartglasses; smart meters, for measuring energy and water consumption; data processing equipment, namely, mobile terminals, tablets, laptop computers for communication with integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in cryptographic methods and authentication processes, encoded cards, namely, encoded chip cards for use in cryptographic methods and authentication processes and smart cards, namely, encoded integrated circuit cards for use in cryptographic methods and authentication processes; servers, namely, computer servers, internet servers, network servers; cloud servers; operating software for network access servers; operating system software; downloadable computer application software for integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in cryptographic methods and authentication processes, encoded cards, namely, encoded chip cards for use in cryptographic methods and authentication processes and smart cards, namely, encoded integrated circuit cards for use in cryptographic methods and authentication processes and data processing equipment, namely, mobile computer terminals, tablets, laptop computers for enablement of cellular communication and data services, database management, encryption and decryption; recorded and downloadable software for telecommunications, mobility, telematic, identity, authentication or financial management services for cellular communication and data services, database management, encryption and decryption; personalization and management systems in the nature of recorded and downloadable programs for cellular communication and data services, database management, encryption, and decryption for cards with integrated circuits, security tokens [encryption units] and other embedded operating software; computer programs and computer software for development, maintenance and management of integrated circuit cards, namely, encoded integrated circuit cards containing programming for use in cryptographic methods and authentication processes, encoded cards, namely, encoded chip cards for use in cryptographic methods and authentication processes and smart cards, namely, encoded integrated circuit cards for use in cryptographic methods and authentication processes; computer software for use in the encryption and decryption of digital files; downloadable software for operating magnetically, optically and electronically smartcards and mobile terminals (1) Arranging subscriptions to telecommunication services for others, namely arranging of subscriptions to internet access, to telephone plans, arranging subscriptions to a telematics, telephone or computer service for others; acquisition, compilation and systematization of data in computer databases for business purposes, in particular for mobile systems and applications, in particular in connection with the manufacture and personalization of chip cards and other electronic data carriers, namely, encoded identity cards, identification cards with embedded chips, identification smart cards, updating and maintenance of data in computer databases and cloud computing web hosting services; economic consulting in the management of business activities, in particular with regard to the procurement of durable capital goods, in particular machine tools, in particular for the manufacture and personalization of chip cards and other electronic data carriers, namely, encoded identity cards, identification cards with embedded chips, identification smart cards; analysis of business data and market research in particular in connection with the manufacture and personalization of chip cards and other electronic data carriers, namely, encoded identity cards, identification cards with embedded chips, identification smart cards, and for mobile systems and applications; business consulting in the form of developing of marketing strategies, in particular for mobile systems and applications in connection with the manufacture and personalization of chip cards and other electronic data carriers, namely, encoded identity cards, identification cards with embedded chips, identification smart cards; office functions in the nature of targeted data search for others in computer files
(2) Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; maintenance of computerised systems, in particular of communication systems; installation and maintenance of computer hardware; consultancy relating to the aforesaid hardware, namely consultation about the maintenance and repair of computer hardware; installation and maintenance of hardware for computer networks and internet access
(3) Telecommunications, namely, leasing of telecommunication equipment namely, cell phones, mobile telephones, computers, wireless electronic payment terminals, network routes, network servers; telecommunications consultancy, telecommunications support in the nature of advisory services related to telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, and location-based-services for telecommunications networks; providing electronic transmission of digital data and digital images relating to subscriptions to internet, telematic and telephone access, tracking and navigating vehicles and tracking other mobile goods, persons and animals, computer maintenance and repair services and printed and electronic publications and manuals in the field of computer hardware and software and in the field of the remote servicing of machines; providing electronic transmission of credit card transaction data and electronic payment data via a global computer network; telecommunications relating to the processing of payment transactions in electronic commerce via networks in the nature of providing electronic transmission of contactless payment data in the internet, in particular on the internet and via mobile telecommunications networks; providing access to Internet platforms for credit card transactions and electronic payment via a global computer network; providing secure multiple user access to global computer information networks for the transfer and dissemination of a wide range of information; providing access to telecommunications infrastructures of other operators, namely, providing communication services for communication by computers in the nature of sending digital data and digital images and voice messages over computer networks, providing access to global communication networks, the Internet and wireless networks, providing Internet access; providing Internet access via wireless broadband networks and cellular phone networks to other providers with access to communication services for communication by computers in the nature of sending digital text and digital images and voice messages over computer networks, to global communication networks, the Internet and wireless networks, to Internet, to multiple-user wireless access to the Internet, to Internet via wireless broadband networks and cellular phone networks and electronic transmission of credit card transaction data and electronic payment data via a global computer network
(4) Scientific and technological consultancy in connection with design and development of computer hardware, software, portable data carriers and telecommunication computer hardware and computer software; scientific and technological research and development in connection with computer hardware, software, portable data carriers and telecommunication computer hardware and computer software; server administration; server hosting, namely web hosting; hosting of websites, computer-aided data and information, internet hosting and cloud hosting of computerized files and of applications of mobile computers and phones; design and development of computer software for computer-aided systems in particular communication systems for telematic purposes and the remote servicing of machines; providing virtual computer systems through cloud computing; consulting services relating to computer software for computer-aided systems for telematic purposes and the remote servicing of machines; design of software, in particular for telecommunications systems; programming of operating software for computer networks and servers; providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; data security services; installation, maintenance and consultancy with regard to the aforesaid software; development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency services (trust centers), in particular issuing and management of certified keys and algorithms; authentication services and fiduciary issue and management of certified keys and algorithms; data mining; IT consulting services for generating digital identities; distribution in the nature of issuance of digital certificates
09 - Scientific and electric apparatus and instruments
37 - Construction and mining; installation and repair services
39 - Transport, packaging, storage and travel services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Encoded keys; Encoded or magnetic key cards; Electronic keys for vehicles; Electronic key cards; USB web keys; Safety, security, protection and signalling devices; Access control devices; Electronic systems for communication between motor vehicles and road surveillance or toll systems; Access control systems for interlocked doors; Automatic access control equipment and systems; Electrical devices, In particular mobile devices, Smartphones and wearables [computers] for access control and to guarantee access security; Computer hardware and software; Computer programs for the enabling of access or entrance control; Downloadable software for smartcards and mobile terminals; Software for mobility, telematic, identity or authentication services; Navigation, guidance, tracking, targeting and map making devices. installation, maintenance and repair of access control systems; Installation and maintenance of hardware for safeguarding of electronic communications processes and identity verification processes; Installation, maintenance and repair of computers systems and networks (hardware). Car parking [valet] services; Car sharing services; Carpooling services. Application service provider services; Application service provider services; Software development; Research and development in connection with computer hardware and software; Design, development and maintenance of computerised systems; Cloud computing, Design and development of operating software for accessing and using a cloud computing network.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services; Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, mobility, telematic, identity, authentication or financial services; Cards with a contactless interface; Smart cards; Security tokens [encryption devices]; Wearable computers; Smart meters; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Servers; Cloud servers; Server software; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, mobility, telematic, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, security tokens [encryption units] and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; computer encryption and decryption software; Downloadable software for smartcards and mobile terminals. Arranging subscriptions to telecommunication services for others, Arranging subscriptions to telematics, telephone or computer services; Data processing for the collection of data for business purposes; Data management services; Business data analysis services; Marketing studies, All of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers; Targeted data search for others in computer files. Installation, maintenance and repair of computer systems and networks [hardware], and telecommunications hardware for network systems, internet access, telecommunications systems, electronic commerce [e-commerce] and electronic payment transactions; Maintenance of computerised systems, in particular of communication systems; Installation, maintenance and consultancy relating to the aforesaid hardware; Installation and maintenance of hardware for computer networks and Internet access. Telecommunications; Telecommunications consultancy, telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; Data transfer, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; Providing access to telecommunications infrastructures for others, in particular for electronic payment services; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks; Consultancy relating to communication systems. Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; Server administration; sever hosting; Hosting of computerized data, files, applications and information; Design and development of computerised systems, in particular communication systems; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems; Design of software, in particular for telecommunications systems; Programming of operating software for computer networks and servers; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Installation, maintenance and consultancy with regard to the aforesaid software; Development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; certification agency services (trust centers), In particular issuing and management of certified keys and algorithms; Authentication services and fiduciary issue and management of certified keys and algorithms; Data mining; IT services for generating digital identities; IT services for generating digital certificates; Distribution [issuance] of digital certificates.
09 - Scientific and electric apparatus and instruments
16 - Paper, cardboard and goods made from these materials
42 - Scientific, technological and industrial services, research and design
Goods & Services
Data processing programs, included in class 9. Data processing programmes in printed form; Printed matter in the field of information and data technology. Development, generation and renting of data processing programs.
97.
Method for managing partly and/or incompletely loaded subscription data
GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH (Germany)
Inventor
Kurtz, Volker
Abstract
A method for managing partly and/or incompletely loaded subscription data is provided for a mobile device and/or another device. A communication connection is established between the mobile device and the other device. Then, it is ascertained whether the partly and/or incompletely loaded subscription data is available on the other device, and a managing action is carried out on the partly and/or incompletely loaded subscription data.
H04W 8/18 - Processing of user or subscriber data, e.g. subscribed services, user preferences or user profilesTransfer of user or subscriber data
H04W 4/70 - Services for machine-to-machine communication [M2M] or machine type communication [MTC]
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04W 80/06 - Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
09 - Scientific and electric apparatus and instruments
37 - Construction and mining; installation and repair services
38 - Telecommunications services
42 - Scientific, technological and industrial services, research and design
45 - Legal and security services; personal services for individuals.
Goods & Services
Integrated circuit cards for use in connection with telecommunications, health, mobility, telematics, identity, authentication or finance services, in particular SIM cards; Cards with integrated circuits for use in connection with telecommunications, health, mobility, telematics, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, health, mobility, telematics, identity, authentication or financial services, and as bank cards, debit cards and credit cards; Smart meters; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Data carriers with programs stored thereon for telecommunications, health, mobility, telematics, identity, authentication or financial services; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, health, mobility, telematics, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, tokens and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; Downloadable software for smartcards and mobile terminals. Installation, maintenance and repair of computer systems and networks (hardware), and telecommunications hardware for network systems, internet access and telecommunications systems; Installation and maintenance of hardware for the development of concepts for safeguarding electronic communications processes and identity verification processes in commercial and private sectors based on cryptographic methods and authentication processes. Telecommunications; Telecommunications consultancy, telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; Data transfer, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; Providing access to telecommunications infrastructures for others, in particular for electronic payment services; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks. Scientific and technological consultancy, research and development in connection with computer hardware and software; Server hosting and administration; Hosting of computerized data, files, applications and information; Development, programming and implementation of operating system software, middleware and application software for data carriers and data processing apparatus; Updating, installation, upkeep and maintenance of the aforesaid operating system software, middleware and application software; Consultancy with regard to using and applying the aforesaid operating system software, middleware and the aforesaid application software; Development, programming, implementation and maintenance of computer-aided systems, in particular communications systems; Consultancy and development in relation to computer software and hardware; computer software and hardware rental services; Remote server administration; Remote maintenance of computer software and computer hardware; Cloud computing, design and development of operating software, middleware and application software for access to and the use of cloud computing networks; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems, in particular communications systems; Design of software, in particular for telecommunications systems; Consultancy in relation to security on computers, computer networks and for computer transactions and computer applications, in particular in connection with mobile communication networks; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Development of concepts for ensuring security in information and communications technology, for electronic commerce, electronic payment transactions, in particular mobile payment transactions; Consultancy with regard to the development of the aforesaid concepts; Development of software and hardware for ensuring security in information and communications technology, for electronic commerce, electronic payment transactions, in particular mobile payment transactions; Installation, maintenance and consultancy with regard to the aforesaid software; Technical consultancy with regard to the aforesaid hardware; Data mining; Targeted data searching; Design and development of data storage systems; Data security consultancy; Development of concepts, and software and hardware for ensuring security in information and communications technology; Development of concepts for the safeguarding of electronic communication processes and identity verification processes in the business and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of related software; Encryption, decryption and authentication of information, messages and data; IT security, protection and restoration; certification agency services (trust centers), In particular issuing and management of certified keys and algorithms; Authentication in connection with certified keys and algorithms; Fiduciary functions (IT security) in connection with certified keys and algorithms; Digital watermarking; Monitoring of computer systems for detecting unauthorized access or data breach. Licensing of computer software [legal services]; Licensing of technology; Consultancy in the field of security, in particular relating to security solutions for computer networks and digital applications; Providing authentication of personal identification information [identification verification services]; Authentication of identification data for identifying machines, tokens, integrated circuit cards and other items connected with a computer network (identity verification); Consultancy in the field of data theft and identity theft; Identity validation services; Identity verification; Conducting identity verification; Creation, management and administration of digital identities; Creation, management and administration of digital certificates.
09 - Scientific and electric apparatus and instruments
35 - Advertising and business services
38 - Telecommunications services
41 - Education, entertainment, sporting and cultural services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services; Integrated circuit cards for use in connection with telecommunications, mobility, telematic, identity, authentication or financial services on mobile terminals, in particular on computer networks and telecommunications networks; Cards for use with mobile terminals; Encoded cards, in particular for telecommunications, health, mobility, telematics, identity, authentication or financial services, and as bank cards, debit cards and credit cards; Cards with a contactless interface; Smart cards; Tokens; Wearables; Smart meters; Electronic security tags; Data processing equipment for communication with the aforesaid cards, In particular mobile terminals, Tablets, Laptop computers; Recording media with programs recorded thereon for telecommunications, mobility, telematic, identity, authentication or financial services; Operating system and applications software for the aforesaid cards and data processing equipment; Software for telecommunications, mobility, telematic, identity, authentication or financial services; Personalisation and management systems for cards with integrated circuits, tokens and other embedded software; Computer programs for development, maintenance and management of the aforesaid software; computer encryption and decryption software; Downloadable software for smartcards and mobile terminals. Advertising, marketing and promotional services; Arranging of exhibitions for business purposes; Business management; Arranging subscriptions to telecommunication services for others, Arranging subscriptions to telematics, telephone or computer services; Business administration; Capture, compilation and systemisation of data into computer databases for business purposes, data management, business data analysis, marketing studies, development of business strategies (business consultancy), information relating to the movement of goods, economic forecasting and analysis; Office functions; All of the aforesaid services being in particular in connection with the manufacture and/or personalisation of chip cards and other electronic data carriers. Telecommunications; Telecommunications consultancy, telecommunications for operation of telecommunications systems, mobile communications networks, wireless communication services, telecommunications cabling, routing and connection services, location-based-services for telecommunications networks; Data transfer, in particular in connection with subscriptions to telematic, telephone or computer services and in particular in connection with remote maintenance of machines; Providing access to telecommunications infrastructures for others, in particular for electronic payment services; Telecommunications relating to the processing of payment transactions in electronic commerce via networks, in particular on the internet and via mobile telecommunications networks; Providing of access to a platform for the processing of payment transactions on networks, in particular on the internet and mobile telecommunications networks; Secured transmission of information on networks and other telecommunications networks. Tuition, providing of training, instruction and education in the field of telecommunications and the manufacture of electronic data carriers, all of the aforesaid services also being provided online; Publishing of publications, providing of electronic publications; Arranging and conducting of exhibitions, trade fairs, conferences, seminars, symposia and workshops; Teaching and providing of training in connection with telecommunications services. Scientific and technological consultancy, research and development in connection with computer hardware, software, portable data carriers and telecommunications; Server administration; sever hosting; Hosting of computerized data, files, applications and information; Design, development and maintenance of computerised systems, in particular of communication systems; Cloud computing, Design and development of operating software for accessing and using a cloud computing network; Providing virtual computer systems through cloud computing; Consultancy in relation to computerised systems, in particular communications systems; Design of software, in particular for telecommunications systems; Programming of operating software for computer networks and servers; Consultancy in relation to security on computers, computer networks and for computer transactions and computer applications, in particular in connection with mobile communication networks; Providing of security services in relation to computers, computer networks and computer transactions, in particular in connection with mobile communications networks; Data security services; Development of concepts for ensuring security in information and communications technology, for electronic commerce, electronic payment transactions, in particular mobile payment transactions; Consultancy with regard to the development of the aforesaid concepts; Development of software and hardware for ensuring security in information and communications technology, for electronic commerce, electronic payment transactions, in particular mobile payment transactions; Installation, maintenance and consultancy with regard to the aforesaid software; Technical consultancy with regard to the aforesaid hardware; Development of concepts for safeguarding electronic communications processes and identity verification processes in commercial and private sectors based on cryptographic methods and authentication processes, and installation and maintenance of software and hardware relating thereto; Key extraction prevention; Encryption, decryption and authentication of information, messages and data; Management of IT security, protection and repair; certification agency services (trust centers), In particular issuing and management of certified keys and algorithms; Authentication services and trusteeship relating to certified codes and algorithms; Data mining; Targeted data searching; Chip design.
09 - Scientific and electric apparatus and instruments
16 - Paper, cardboard and goods made from these materials
37 - Construction and mining; installation and repair services
42 - Scientific, technological and industrial services, research and design
Goods & Services
Electronic data processing equipment; Computer hardware; Integrated circuit chips; Application-specific and customised integrated circuits; Microprocessors; System-on-chip devices; Processors (central processing units); secure microprocessor cores, In particular application-specific and customised high-performance microprocessor cores; Semiconductors; semiconductor intellectual property cores; configurable SIP cores; Interfaces for computers, in particular computer instruction set architectures, in particular RISC-based computer instruction set architectures; Computer software for use in the design, development, modelling, simulation, compilation, troubleshooting, verification, construction and interfacing of integrated circuits, microprocessors, microprocessor cores, secure microprocessor cores, semi-conductor intellectual property cores; computer software used in, and for use in the design, development, modelling, simulation, compiling, de-bugging, verification, construction and interfacing of application software and operating system software to run on integrated circuit based devices; Computer software for use in the design and development of application software and operating systems software for use in integrated circuit devices; microprocessor design file software; Software for electronic design automation; security and cryptographic software; Computer operating system software. Printed matter, namely instruction, user and development manuals, datasheets and brochures, all the aforesaid in the field of design and development of integrated circuits, microprocessors, microprocessor cores, macrocells, microcontrollers, bus interfaces and printed circuit boards; Printed matter, namely instruction, user and development manuals, datasheets and brochures, all the aforesaid in the field of computer software for use in the design, development and troubleshooting of application software and operating system software. Maintenance relating to electronic data processing equipment, microprocessors, system-on-chip devices, processors [central processing units], chips [integrated circuits], secure microprocessor cores, application-specific integrated circuits, graphics processing units, semi-conductors, semi-conductor intellectual property cores, computer instruction set architectures and RISC-based computer instruction set architectures; Maintenance relating to processor-based devices, integrated circuits, computer hardware, integrated circuit-based devices, electronic devices that send and receive data in a connected network, microprocessor cores, macrocells, microcontrollers, bus interfaces and printed circuit boards. Development, design, technical consultancy, technical support, troubleshooting, all the aforesaid relating to electronic data processing equipment, microprocessors, system-on-chip devices, processors [central processing units], chips [integrated circuits], secure microprocessor cores, application-specific integrated circuits, graphics processing units, semi-conductors, semi-conductor intellectual property cores, computer instruction set architectures and RISC-based computer instruction set architectures; Research, development, design, technical consultancy, technical support, troubleshooting, all the aforesaid relating to processor-based devices, integrated circuits, computer hardware, computer software, integrated circuit-based devices, electronic devices that send and receive data in a connected network, microprocessor cores, macrocells, microcontrollers, bus interfaces and printed circuit boards; Maintenance services for computer software; Research, development, design, technical consultancy, maintenance and technical support, all the aforesaid relating to computer software, in particular for use in servers, operating system software, web services software, and security and encryption software; Research, development, design, maintenance, technical consultancy and technical support, all the aforesaid relating to computer software for use in the design, development, modelling, simulation, compilation, troubleshooting, verification, construction and interfacing of integrated circuits, microprocessors, microprocessor cores, secure microprocessor cores and semiconductor intellectual property cores; Research, development, design, maintenance, technical consultancy and technical support, all the aforesaid relating to computer software for use in the design, development, modelling, simulation, compilation, troubleshooting, verification, construction and interfacing of macrocells, system-on-chip devices, microcontrollers, bus interfaces and printed circuit boards; Research, development, design, maintenance, technical consultancy and technical support, all the aforesaid relating to computer software for use in the design, development, modelling, simulation, compilation, troubleshooting, verification, construction and interfacing of integrated circuits, microprocessors, microprocessor cores, semiconductor intellectual property cores, architecture extensions to semiconductor intellectual property cores, macrocells, microcontrollers, bus interfaces and printed circuit boards.
