EP2939457A1 - Procédé de gestion de données - Google Patents

Procédé de gestion de données

Info

Publication number
EP2939457A1
EP2939457A1 EP13830035.5A EP13830035A EP2939457A1 EP 2939457 A1 EP2939457 A1 EP 2939457A1 EP 13830035 A EP13830035 A EP 13830035A EP 2939457 A1 EP2939457 A1 EP 2939457A1
Authority
EP
European Patent Office
Prior art keywords
security module
terminal
data
external
date
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP13830035.5A
Other languages
German (de)
English (en)
Inventor
Vidyaranya VUPPU
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Giesecke and Devrient GmbH
Original Assignee
Giesecke and Devrient GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient GmbH filed Critical Giesecke and Devrient GmbH
Publication of EP2939457A1 publication Critical patent/EP2939457A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1847File system types specifically adapted to static storage, e.g. adapted to flash memory or SSD
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • the present invention relates to a method for managing data.
  • the present invention relates to a method for providing data through a security module.
  • the security module receives from a terminal a read access to a stored in an internal memory of the security module date. The security module then opens access information for the internal date. The security module checks the entry of the access information and determines the storage location of the internal date.
  • the demand for storage space has increased. To meet the need, manufacturers are required to provide equipment with sufficient storage space. For example, mobile devices, such as cell phones, can be upgraded with memory cards.
  • users may store data in a "cloud", for example by means of a storage service on an internet server.
  • US 2008/0020800 AI describes a connection element for the simultaneous use of a SIM card and a memory card.
  • WO 2009/156406 AI discloses a method for memory expansion of a smart card.
  • the SmartCard is connected to a mobile telecommunication device.
  • a data exchange between the SmartCard and the telecommunication device takes place via a separate connection.
  • the document US 2009/0020602 Al discloses a mobile phone with a SIM card.
  • the SIM card is connected to a memory card via the mobile phone.
  • data for the use of a mobile terminal can be stored on a memory extension. To read the data, the mobile terminal accesses the data.
  • a link to the memory extension is provided instead of the stored data. In view of the increasing amounts of data, there are therefore a large number of links. Even if the
  • left-side links typically require minimal disk space relative to the underlying data, so a collection of links still requires a lot of disk space. Furthermore, multiple links are difficult to manage, so a large number of outsourced data can lead to inconsistencies and thus malfunction.
  • the security module receives a read access to an internal date from a terminal.
  • the internal date is from the point of view of the terminal in memory of the security module.
  • the security module opens access information for the internal data on the read access.
  • the security module checks an entry in the access information regarding the internal date and determines therefrom the storage location of the internal data.
  • the entry in the access information refers to a storage location outside the security module.
  • the security module causes the terminal to load an external datum, ie a datum not stored on the security module, from the determined memory location.
  • the security module receives the external date from the terminal and sends the received external date to the terminal as the requested internal date.
  • the security module may be a portable data carrier, such as a smart card, a secure mass storage card or a USB token, for example, by means of contact-based or contactless connection, a data transmission to a Kiruxiikationspartner, such as a reader manufactures.
  • Portable data carriers can - for a contact-type communication with a terminal - be reversibly inserted into the terminal.
  • NFC Near Field Communication, Near Field Communication
  • RFID Radio Frequency Identification
  • the security module can be provided as a separate component. For this purpose, in particular standardized designs, such as ID-0 or ID-1, or free forms into consideration.
  • the security module can also be a security module permanently installed in a terminal, for example a trusted platform module (TPM), M2M module, a user identification module or a decoder module.
  • the security module is a hardware security module.
  • the security module preferably has a processor on which an operating system runs or is capable of running.
  • Access information is an entry or a collection of entries. For example, access information may be a file header, a file descriptor, and / or a file allocation table, and / or a combination thereof. From the access information, a data management system receives information for accessing a date, in particular to a file.
  • a storage location such as a physical address, a pointer to a collection of memory locations and / or a link to a memory address, determined /
  • the access information handling instructions for accessing the date such as information an encoding / decoding, for unpacking / packaging and / or the compilation of the date to be included.
  • the terminal serves as communication partner for communication with the security module.
  • the terminal may communicate with the security module via a contactless or contact connection.
  • the terminal can be a mobile device, for example a mobile phone, a tablet PC, a PDA or a mobile card reader at a checkout.
  • the terminal can act as an immobile device, for example as a permanently installed card reader for access control or for payment to POS systems.
  • date can be, for example, a telephone book, a data element of a collection or a compilation of data , a variety of data, a service or an application or a file, for example a voice file.
  • the date may be for use by a user, the terminal, the security module, or a third party. With the solution according to the invention, it is possible to provide the terminal without additional link file a date available. After using the date, this can be stored by the security module in the storage location. The date on the security module is preferably cleared after transmission to the terminal.
  • the security module can also choose a new location. For this purpose, however, an update of the access information by the security module is necessary. Furthermore, a storage of the date by the terminal can be made, and accordingly an updating of the access information by the terminal would be necessary. The space available on the security module can thus be used for other purposes, such as sensitive data such as keys or certificates. With the present invention, the terminal can always be provided with a current date. In particular, security-critical data can be outsourced to an external memory.
  • the security module is now temporarily set to an active mode, a so-called "master mode.”
  • the security module now gives instructions and requests to the terminal
  • the terminal is also set from the master mode to the passive mode, the so-called “slave mode” and now executes instructions of the security module.
  • the security module has an operating System, which performs in particular the steps of the security module in terms of access information.
  • the internal date requested by the terminal may already be virtually present on the security module during the request for read access to the internal date.
  • the actual storage location on the other hand, can be determined by the security module and can be external storage, for example in a cloud.
  • the security module stores the external date as an internal datum after being received by the terminal.
  • the security module can have intelligent memory management, which monitors the frequency of data accesses and, correspondingly, at low activity. outsourced to an external storage location. Accordingly, the access information is updated.
  • a version comparison with the external date on the external access location can be performed.
  • a third party manages the external date.
  • a service provider could provide an external datum to an external datastore and update the external datum.
  • the terminal is thus always a current date ready.
  • telecommunications providers can, for example, always provide data on roaming partners to current customers.
  • third parties could be authorized to change access information of the date.
  • the security module can use a browser of the terminal.
  • a browser can easily access remotely stored data.
  • Security functions such as password and authentication can be used for the external date.
  • the external date can be received by the security module via a standing connection to the location. Alternatively, a transmission of the date by SMS or MMS take place. The terminal wins the external date from the SMS or MMS and sends it to the security module.
  • the security module comprises a computing unit and an internal memory. Farther the security module is designed to provide an external date to the security module.
  • the internal memory and / or the arithmetic unit comprises access information relating to the external date.
  • the access information has an entry with a location of the external date, wherein the location of the external date is described by a link.
  • An external memory may for example be a memory card connected to a terminal or an internet server, e.g. Via a cloud.
  • An external memory may for example be a memory card connected to a terminal or an internet server, e.g. Via a cloud.
  • no link file or an entry in the user data necessary, which also contributes to the saving of memory space.
  • the storage location may already be included in the file header or descriptor. An additional entry in a file body is not necessary. Even with pointer-oriented file management, an entry in the file body can be dispensed with. Here only an entry of the storage location in the file header would be necessary.
  • an entry regarding transmission and / or security information is contained in the access information.
  • keys can be provided to receive the external date or unpack the external date.
  • information about the data connection may be included, for example, whether a transmission via the Internet or via SMS takes place.
  • information about the composition of the external date for example, that the external date consists of several parts, may be included.
  • the external datum may be virtually available as an internal datum for devices connected to the security module. The devices connected to the security module can not immediately detect that the date has actually been outsourced. The performance and handling of the date is not affected. Rather, the maintenance of the security module can be improved. Furthermore, use of the external date of various security modules is possible.
  • the security module can have a service, in particular an application, with which the entries of the access information, in particular with regard to the external date on the external memory, can be configured.
  • This service is preferably executed in a secure environment of the security module, for example in a TEE (Trusted Execution Environment).
  • TEE Trusted Execution Environment
  • a potential service provider could be a telecommunications provider or a trusted service manager.
  • the service is available as Trustlet® on the security module.
  • Providing an internal date in the location that can be accessed through the security module can be accomplished by using the security module.
  • This requires, for example, the security module to save the date on the internal memory of the security module.
  • the security module decides, based on certain specifications, where the internal date is physically stored.
  • the date is preferably stored on a memory of the terminal, for example, if the date is needed only for one session and / or often an access is expected by the security module to a request for access by terminal.
  • the security module prefers an additional memory connected to the terminal, for example an SD card or an external hard disk, if the date is large, the date is required for different sessions, terminals and / or the security module and / or a frequent access the security module is expected on the date.
  • a network memory of a communications provider of the network connected to the terminal is used as the storage location of a datum if no frequent access of the security module to the datum is expected.
  • the date is preferably stored on the network memory of the Ltdurdkations Kunststoffs if the date has a large memory requirement and / or the date is related to the communication provider.
  • the saving of the date in a cloud is chosen in particular if the date is to be made available to other security modules and / or applications.
  • the saving of the date can be initiated both by the security module and by a device connected to it and / or the storage location.
  • the determination of the storage location is the responsibility of the security module
  • Fig. L is a schematic representation of a system for managing data by means of a security module according to the invention.
  • Fig. 2 shows a flow chart according to the invention
  • FIG. 3 is an illustration of a method according to the invention.
  • Fig. 4 shows an embodiment of a file allocation table
  • FIG. 1 shows by way of example a system according to the invention.
  • a terminal 10 may be present as a mobile unit or as a permanently installed device for communicating with a security module 20.
  • the terminal 10 may be, for example, a mobile phone 10, a tablet PC, a notebook, a PDA and / or a mobile card reader.
  • the terminal 10 could be part of a device, for example a cash register system, or as a permanently installed device, for example for access control.
  • the terminal 10 is exemplified as a mobile phone 10.
  • the mobile phone 10 is connected to the security module 20.
  • the security module 20 can be a chip card, a mass storage card or a USB token.
  • the security module 20 can establish a data transmission with the terminal by means of a contact or contactless connection.
  • the security module 20 may be a separate component.
  • the security module 20 is shown by way of example as a SIM card for use with the mobile telephone 10.
  • the mobile telephone 10 is connected via a communication network 40 to a communications provider 50 and / or other subscribers.
  • the communication network 40 may be a wireless network, such as W-LAN (wireless) Network) or a mobile telephone network to be a wired network, for example a telephone network, an Internet network or an intranet network and / or a combination thereof.
  • the mobile telephone 10 comprises a mobile telephone memory 11, a browser 12, a mobile telephone operating system 14 and an interface 15.
  • the mobile telephone memory 11 of the mobile telephone 10 is limited in terms of its storage capacity.
  • the mobile phone 10 In order to expand the mobile phone memory 11, the mobile phone 10 with an external memory, in this case with an external memory card, z. B. an SD card 30 a, are connected. Furthermore, the mobile phone 10 can be connected via the communication network 40 with an Internet storage 30b. The internet memory 30b is also an external memory. In addition, the mobile telephone 10 has a plurality of applications 13, for example a telephone book 13.
  • the SIM card 20 comprises a card operating system 28, access information 22 and an internal memory 21.
  • access information 22 information on the storage location of the date is stored for each data on the SIM card 20.
  • multiple SIM applications 27 are stored on the SIM card 20.
  • the telephone book application 13 opens both a telephone database in the mobile telephone memory 11 and a telephone database on the SIM card 20.
  • the telephone book application 13 sends via the interface 15 a request for a read access to the file " SIM phone book "to the SIM card 20.
  • the card operating system 28 receives the request and opens access information 22 to the" SIM phone book "file.
  • the card operating system 28 checks and analyzes an entry for As a result, the card operating system 28 obtains the result that data elements, for example contact images, are stored on an external memory
  • the card operating system 28 sets the mobile telephone 10 in a "slave mode" and the SIM card "SIM phone".
  • Card 20 is in a "master mode.”
  • the mobile phone 10 is thus in a waiting state and responds in response to the current request to instructions from the SIM card 10.
  • the card operating system 28 determines as storage location for the contact images a file "Bilder.dat” on the SD card 30a.
  • the card operating system 28 causes the mobile phone 10 to load the external file "Images.dat” from the SD card 30a onto the SIM card 10.
  • the file “Images.dat” is loaded on the SIM card 10 in the internal memory 21
  • the file “Images.dat” is unpacked and linked with a table stored in the internal memory 21.
  • the SIM card 20 switches from the master mode to the slave mode and the mobile phone 10 from the slave mode to the master mode. Subsequently, the SIM card 20 sends the table with contact images to the mobile phone 10.
  • the phone book application 13 links the received SIM phone book with the phone database in the mobile phone memory 11, so that an entire phone book is provided to the user.
  • the mobile phone 10 with the SIM card 20 of FIG. 1 is operated by the user in a communication network 40 that is not the home network of the SIM card 20.
  • the cellular phone 10 with the SIM card 20 is used abroad.
  • the mobile telephone 10 informs the SIM card 20 that the home network is not available and a roaming partner must be dialed in.
  • An application 27 of the SIM card 20, namely a STK application 27, is activated
  • the STK application 27 opens a roaming file in the internal memory 21 on the SIM card 20 with possible roaming partners.
  • the STK application 27 selects the reference ID of the roaming file.
  • the card operating system 28 then opens access information 22 to the reference ID.
  • the card operating system 28 From the access information 22, the card operating system 28 recognizes that the roaming file is stored locally on the SIM card 20. The card operating system 28 notifies the STK application 27 of the local storage location. The STK application 27 sends the roaming file with the roaming partners to the mobile telephone 10, so that the mobile telephone 10 with the SIM card 20 can log into a foreign communication network 40.
  • the applications can be offered to the user. So that the applications do not claim the internal memory 21 of the SIM card 20 or the mobile phone memory 11, the applications can be swapped out on an Internet server 30b.
  • a user selects from a list an available service application of a communications provider 50. Usually, such services and applications are stored on the SIM card 20.
  • the mobile telephone 10 sends via the interface 15 a request for access to the service application.
  • the card operating system 28 of the SIM card 20 recognizes from an access information 22 to the service application that it is stored on an external memory 30b. Subsequently, the card operating system 28 determines from the access information 22 storage information in the form of an internet link of the service application.
  • the SIM card 20 causes the mobile phone 10 to load a date from the determined storage location and transmit it to the SIM card 20. Subsequently, the SIM card 20 sends the date to the mobile phone 10 as a service application. The mobile phone finally executes the service application.
  • the Kornmunikations effet 50 can update the service application on the Internet server 30b. Due to the outsourcing of the service application of the SIM card 20, the service application can always be provided up-to-date the mobile phone, while storage space on the mobile phone 10 and the SIM card 20 can be saved.
  • FIG. 2 schematically shows a flowchart according to the invention.
  • the interaction between a security module 20, a terminal 10 and an external memory 30 is shown.
  • the terminal 10 is a mobile telephone 10
  • the security module 20 is a SIM card 20
  • the external memory 30 is an Internet memory 30.
  • the mobile phone 10 wants to access a telephone book 25 which is stored on SIM card 20.
  • the mobile telephone 10 sends a corresponding request to the SIM card 20.
  • the SIM card 20 receives in step Sl a request for a read access to the phone book 25.
  • the SIM Card 20 opens the SIM Card 20 in step S2 access information 22 in the form of a file allocation table 22.
  • the SIM card 20 checks whether the phone book 25 in the file system of the SIM card 20 is present. From the entry in the file allocation table 22 with respect to the telephone book 25, the SIM card 20 receives in step S4 the information that the telephone book 25 is stored on an Internet storage 30.
  • the SIM card 20 can refer to the storage location 222 of the telephone book 25 based on a link address from the entry. Since the phone book 25 is an external storage location 222, in step S5, the SIM card 20 causes the mobile phone 10 to access an external date 35 at the storage location 222 and to download it in step S6.
  • step S7 the external date 35 is transmitted from the mobile phone 10 to the SIM card 20.
  • the SIM card 20 receives the external date 35 and temporarily stores it as a telephone book 25. Subsequently, in step S8, the SIM card 20 sends the telephone book 25 or external date 35 to the mobile telephone 10.
  • a date 25 is virtually stored on the SIM card 10 for the mobile telephone 10 with the aid of the method according to the invention.
  • the date 25 is not contained on the SIM card 10, but in the Internet memory 30.
  • the SIM card 20 is virtually unlimited storage space available.
  • a "master mode” is activated in the SIM card 20 by actively causing the SIM card 20 to communicate.
  • the cellular phone 10 changes to a "slave mode” and processes instructions of the SIM card 20.
  • the SIM Card 20 thus indirectly takes control of the communication to the request in step 1. This causes the SIM card 20 via an instruction to the mobile phone 10 that there is a Browser opens and the link address, ie the location 222, dials. Subsequently, in step S6, the external date 35 obtainable at the link address is temporarily stored on the mobile telephone 10 via the browser and forwarded to the SIM card 20. After the SIM card 20 has sent the external date 35 as phone book 25 to the mobile phone 10, the SIM card 20 changes to the slave mode and the mobile phone 10 in the master mode.
  • Fig. 3 is a further illustration of a method according to the invention in terms of the method steps shown schematically.
  • the communication between a terminal 10, in the present case in the form of a terminal 10 and a security module 20, in the present case in the form of a smart card 20, is shown.
  • a terminal 10 in the present case in the form of a terminal 10
  • a security module 20 in the present case in the form of a smart card 20
  • step Sl the terminal 10 of the smart card 20 indicates that it wants to access a particular file, namely, for example, a voice menu file.
  • the voice file is usually located on the smart card 20 and is accordingly an internal date 25.
  • step S2 the smart card 20 checks in step S2 whether the voice file 25 is stored on the smart card 20.
  • the smart card 20 searches for the language file 25 an access information 22, in the present example in the form of a file header 22.
  • step S3 the file header 22 is analyzed and the information associated with the internal date 25 is determined.
  • the information may include, but is not limited to, a file identification, a type, access rules, a marker, and / or a pointer to a "file body.” it is a compilation and accumulation of user data for date 25.
  • a voice file 25 on an Internet memory 30 to save memory.
  • the smart card 20 determines from the file header 22 the information that the file type is "cloud.” The voice file 25 is therefore not locally available but resides on an external memory 30.
  • the smart card 20 Since the If the voice file 25 is a file on an external memory 30, the smart card 20 changes from a "slave mode" to a "master mode” in step S5, for which purpose the terminal 10 receives an instruction from the smart card 20 and changes from the "master The terminal 10 is placed in a waiting state and acts with respect to the process started with step Sl only according to instructions of the smart card 20. From the file header 22, the smart card 20 receives the pointer information in step S6 the memory location 222 of the voice file 25. The pointer information indicates as memory location 222 the destination address 222 "ftp: // srvl / file / file.txt". The smart card 20 then starts the browser of the terminal 10 to access the storage location 222 "ftp: / / srvl / file / file.txt" of the external memory 30.
  • step S7 the smart card 20 causes the external file 35 "file.txt" to be loaded from the storage location 222 to the smart card 20 via the terminal 10.
  • the external file 35 has been transferred to the smart card 20, it will result in a short Examining the external file 35 and stores it as a voice file 25.
  • the SmartCard 20 carries out further unpacking steps After the voice file 25 is present on the SmartCard 20, the SmartCard 20 returns to the slave mode and the terminal 10 returns to the Master mode SmartCard 20 continues with the steps as if the voice file 25 is already present at step 1 in the internal memory of the smart card 20.
  • step S8 the smart card 20 sends the speech file 25 to the terminal 10.
  • the terminal 10 carries out further processing of the received speech file 25. At this time, the voice file 25 for communication and menu guidance is implemented in the system of the terminal 10.
  • a voice file 25 can also be loaded from an external memory 30.
  • 20 network operator specific data may be pre-stored on the smart card, such as memory location 222.
  • Associated data may also be stored on external memory 30.
  • the external memory 30 is for example an internet server, preferably a server farm. Administration and updating of the data on the external memory 30 is preferably the responsibility of the network operator and / or a service provider.
  • FIG. 4 shows by way of example a file allocation table 22 as access information 22 for use according to the invention.
  • the file allocation table 22 includes a reference ID 221 in which logical addresses are stored for data. In the present case, these logical addresses are identified by MF (Master File), DF (Dedicated File), EF (Elementary File, Date) and a number.
  • MF Master File
  • DF Dedicated File
  • EF Electronic File, Date
  • a type 223 is stored. Type 223 describes the date type, for example, whether the date is stored locally or externally (Cloud).
  • the column Location 222 shows an assignment to a FAT reference or a physical memory. In the Access 224 column, it is determined for each reference ID 221 whether the date is for reading only, is released for writing or for writing and reading. Furthermore, certain personalized access rights could be entered.
  • a security module receives a request for read access to the reference ID EF12 from the terminal using the file allocation table 22, the security module recognizes that EF12 is stored locally on the security module. To obtain the data associated with EF12, reference is made to FAT reference 2060H. From a FAT lookup table, the FAT reference 2060H provides the security module with an accurate mapping of the memory areas relevant to EF12, including the order. The security module learns from the file allocation table 22 that basically only one read access is granted for EF12. If the security module receives a request for read access to the reference ID EF22 from a terminal, the security module determines that the data relating to EF22 has been stored externally (cloud).
  • Storage location is "sdcard / ab.txt" This means that the security module fetches data concerning EF22 via the terminal under the path "sdcard / ab.txt".
  • This is an SD card as a data carrier, which is physically connected to the terminal.
  • the file would be virtually stored vis-à-vis the terminal on the security module.
  • the security module receives a read access to the reference ID EF23, the security module of the Cloud type recognizes that EF23 is external and not internal.
  • the security module prompts the terminal to load an external cd.txt file from the ftp: // serverl / cd.txt location to the security module If cd.txt is stored on the security module, the security module transmits cd.txt as EF23 to the terminal ,

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé, ainsi qu'un module de sécurité et un système pour mettre à disposition des données. Selon ce procédé, le module de sécurité (20) reçoit (S1) une demande d'accès en lecture concernant une donnée interne (25) stockée dans une mémoire du module de sécurité (20). Le module de sécurité (20) ouvre (S2) une information d'accès (22) relative à la donnée interne (25) et contrôle (S3) dans cette information une entrée relative à la donnée interne (25). L'emplacement de stockage (222) de la donnée interne est ensuite déterminé (S4). L'entrée de l'information d'accès (22) renvoie à un emplacement de stockage (222) à l'extérieur du module de sécurité (20). Le module de sécurité (20) autorise (S5) ensuite le terminal (10) à charger (S6) une donnée externe (35) de l'emplacement de stockage (222) déterminé. Le module de sécurité (20) envoie (S8) au terminal (10) la donnée externe (35) comme donnée interne (25).
EP13830035.5A 2012-12-31 2013-12-27 Procédé de gestion de données Withdrawn EP2939457A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN3739MU2012 2012-12-31
PCT/EP2013/003951 WO2014102017A1 (fr) 2012-12-31 2013-12-27 Procédé de gestion de données

Publications (1)

Publication Number Publication Date
EP2939457A1 true EP2939457A1 (fr) 2015-11-04

Family

ID=54198814

Family Applications (1)

Application Number Title Priority Date Filing Date
EP13830035.5A Withdrawn EP2939457A1 (fr) 2012-12-31 2013-12-27 Procédé de gestion de données

Country Status (2)

Country Link
EP (1) EP2939457A1 (fr)
WO (1) WO2014102017A1 (fr)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005122402A (ja) * 2003-10-15 2005-05-12 Systemneeds Inc Icカードシステム
WO2006045344A1 (fr) 2004-10-29 2006-05-04 Telecom Italia S.P.A. Procede permettant d'etablir une connexion logique sure entre une carte a circuit integre et une carte memoire via un equipement terminal
CN100454668C (zh) 2006-07-21 2009-01-21 东莞捷仕美电子有限公司 手机sim卡与记忆卡二合一连接器
DE102008004693A1 (de) * 2008-01-16 2009-08-13 Giesecke & Devrient Gmbh Portabler Datenträger mit CAT-Interpreter
EP2139211A1 (fr) 2008-06-27 2009-12-30 Axalto S.A. Système et procédé d'extension de capacité de carte intelligente via un couplage avec un dispositif électronique portable
US8573493B2 (en) * 2009-06-30 2013-11-05 Avocent Corporation Method and system for smart card virtualization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2014102017A1 *

Also Published As

Publication number Publication date
WO2014102017A1 (fr) 2014-07-03

Similar Documents

Publication Publication Date Title
DE60015748T2 (de) Speichermedien
DE69400549T3 (de) IC-Karten-Übertragungssystem
EP2318921B1 (fr) Chargement et actualisation d une application nécessitant une personnalisation
EP2626824A1 (fr) Gestion de portefeuilles virtuels préparés par un terminal mobile
DE60314748T2 (de) Kommunikationssystem, Mobileinrichtung und Verfahren zur Speicherung von Seiten in einer Mobileinrichtung
EP2393032B1 (fr) Procédé de sortie d'une application à l'aide d'un support de données portatif
DE602005005853T2 (de) Verfahren, system und mikrocontrollerkarte zur kommunikation von anwendungsdiensten von einer mikrocontrollerkarte zu einem endgerät
EP2764479B1 (fr) Systeme de transaction
EP2885907B1 (fr) Procédé d'installation des applications de sécurite dans un élèment de sécurité d'un terminal
DE102011122242A1 (de) Verfahren zur Kommunikation mit einer Applikation auf einem portablen Datenträger sowie ein solcher portabler Datenträger
DE69634550T2 (de) Terminal mit Kartenleser und Verfahren zur Verarbeitung von mehreren Anwendungen mit diesem Terminal
CN101529966A (zh) 服务器与通信对象之间的数据传输
EP2895985B1 (fr) Administration de contenu pour une station mobile observent la technologie d'execution fiabilisee
DE69932840T2 (de) Organisationssystem für eine chipkarte und ihre verwendung als server in eine netzwerk wie das internet
EP2939457A1 (fr) Procédé de gestion de données
EP3452946B1 (fr) Procédé de mise en service initiale d'un élément sécurisé pas entièrement personnalisé
WO2013050153A1 (fr) Système de transaction
WO2009065553A2 (fr) Support de données portable avec serveur web
WO2005112495A1 (fr) Radiotéléphone mobile
DE102022001094A1 (de) Verfahren zur Verwaltung einer Anwendung zur elektronischen Identifizierung eines Nutzers
DE102021004912A1 (de) Universal integrated chip card, uicc, zum verwalten von profilen, sowie verfahren
DE102023110415A1 (de) Ein Verfahren zum Bereitstellen von Daten für ein Abonnementenprofil für ein Secure Element
DE102006041526A1 (de) Portabler Datenträger zur Kommunikation mit einem Telekommunikationsendgerät
DE102007006079B4 (de) System zum Konfigurieren eines Teilnehmeridentifikationsmoduls
WO2020035170A1 (fr) Chargement sélectif de système d'exploitation dans un module d'identité d'abonné

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20150731

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20160707