WO2016015949A1 - Method for managing application packages in an electronic device - Google Patents

Method for managing application packages in an electronic device Download PDF

Info

Publication number
WO2016015949A1
WO2016015949A1 PCT/EP2015/065212 EP2015065212W WO2016015949A1 WO 2016015949 A1 WO2016015949 A1 WO 2016015949A1 EP 2015065212 W EP2015065212 W EP 2015065212W WO 2016015949 A1 WO2016015949 A1 WO 2016015949A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic device
utility room
application
tur
application package
Prior art date
Application number
PCT/EP2015/065212
Other languages
French (fr)
Inventor
Etienne Catte
François Millet
Original Assignee
Gemalto Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto Sa filed Critical Gemalto Sa
Publication of WO2016015949A1 publication Critical patent/WO2016015949A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/086Access security using security domains

Definitions

  • the present invention relates to methods of managing application packages in an electronic device. It relates particularly to methods of managing application packages in an electronic device comprising a plurality of logical domains indented to include instances created from application packages.
  • Electronic devices are devices comprising a memory, a processor and an operating system for computing treatments.
  • Secure elements are small electronic devices. Secure elements are called “secure” because they are able to control the access to the data they contain and to authorize or not the use of data by other machines.
  • the secure elements may also provide computation services based on cryptographic components.
  • secure elements have limited computing resources and limited memory resources and they are intended to be connected to a host machine which provides them with electric power. Secure elements may be removable or fixed to a host machine. For example, smart cards are a kind of secure elements.
  • An electronic device may contain applications and their associated applicative data which encompass user data, file systems and secret keys.
  • Such an application may be developed and issued as a package which is stored into the electronic device. One or several instances of the package application are then created as needed.
  • An electronic device can receive a new version or an upgrade of a package application. If the electronic device includes a plurality of logical domains and several instances have been created from the previous package application in these logical domains, then an updating process of the deployed instances is going to be performed. This updating process may depend on a variety of updating rules defined by each entity which controls a logical domain. In other word, the replacement of the previous instances by new instances generated from the new package can be performed in an uncoordinated way. As at least one old instance exists, the original application package must be kept in the electronic device. As the old application package exists, new instances of the original application package can be created. Such creation of instance from the old application package is not desirable.
  • An object of the invention is to solve the above mentioned technical problem.
  • the object of the present invention is an electronic device including a plurality of logical domains and a utility room able to store application packages.
  • the electronic device is configured to authorized creation of a new instance from any application packages stored in the utility room.
  • a second application package corresponds to an upgraded version of a first application package.
  • the electronic device includes a temporary utility room able to store application packages.
  • the electronic device is configured to deny creation of a new instance from any application packages stored in the temporary utility room.
  • the electronic device includes a transferring module configured to extradite the first application package from the utility room to the temporary utility room.
  • the electronic device includes a deleting module configured to delete the temporary utility room when an instance has been created from the second application package in every logical domain containing an instance created from the first application package.
  • the electronic device may be configured to automatically delete all instances created from the first application package when deletion of the temporary utility room occurs.
  • the electronic device may be a secure element, a phone or a computer machine.
  • the electronic device may be configured to deny extradition of any application packages stored in the temporary utility room.
  • the electronic device may be configured to create the temporary utility room when the transferring module is about to extradite the first application package and the electronic device may be configured to delete the temporary utility room when the temporary utility room becomes empty.
  • Another object of the invention a method for managing application packages in an electronic device including a plurality of logical domains and a utility room able to store application packages.
  • the electronic device is configured to authorized creation of a new instance from any application packages stored in the utility room.
  • a second application package corresponds to an upgraded version of a first application package. The method comprises the following steps:
  • the method may comprise the further steps:
  • all instances created from said first application package may be automatically deleted when deletion of the temporary utility room occurs.
  • FIG. 1 depicts an example of an electronic device comprising several instances of an original package
  • FIG. 2 depicts an example of an electronic device comprising a package transferred into a temporary utility room according to the invention
  • FIG. 3 depicts an example of an electronic device comprising two packages of a software application according to the invention
  • FIG. 4 depicts an example of an electronic device comprising several instances of an updated application package
  • FIG. 5 shows a flow diagram of a method of managing application packages according to an example of the invention.
  • the invention may apply to any type of electronic device intended to embed applications which may be upgraded when deployed on the field.
  • Such electronic device may be any kind of computer, telephone, or any kind of secure element that run independently or are coupled to a host machine like a telephone, a vehicle, a meter, a slot machine, a TV or a computer.
  • the word instance means an instance of a software application.
  • the invention applies not only to instances as defined in Java domain but also to separate software (written in non object- oriented programming language) which can run independently .
  • a logical domain (also called secure logical domain) is a set of data (e.g. files, applicative data, secret, instances) governed by a common set of security rules associated with the owner of the set of data.
  • a security domain in the sense of GlobalPlatform Card Specification V2.2 is a logical domain.
  • a container implemented as a restricted memory area managed with specific security access rules is a logical domain.
  • Figure 1 shows an example of an electronic device SC comprising several instances of an original package PI .
  • the electronic device SC is a secure element of smart card type.
  • it may be a Universal Integrated Circuit Card (UICC) or a software-emulated UICC.
  • UICC Universal Integrated Circuit Card
  • the electronic device SC comprises two logical domains implemented as two security domains SD1 and SD2. These two security domains are allocated to two different Service Providers. For instance, the security domain SD1 may be associated to a bank and the second security domain SD2 is associated to another bank.
  • the electronic device SC comprises a utility room UR which comprises an application package PI containing the version "N" of an application.
  • the utility room UR may be implemented as an independent logical domain.
  • the application package PI may be an Elementary
  • the logical domain SD1 comprises an instance Nl created from the application package PI and the logical domain SD2 comprises an instance N2 created from the application package PI.
  • Each of the instances Nl and N2 may be used independently of one another.
  • the electronic device SC also includes a transferring module Ml which is configured to extradite any application package from the utility room UR to a temporary utility room TUR.
  • the transferring module Ml may be able to create the temporary utility room TUR.
  • the electronic device SC includes a deleting module M2 which is configured to delete the temporary utility room TUR when an instance has been created from an updated application package in every logical domain containing an instance created from an original application package.
  • Figure 2 shows an example of an electronic device
  • SC comprising the original application package PI transferred into a temporary utility room TUR according to the invention.
  • the transferring module Ml has created the temporary utility room TUR and extradited the application package PI from the utility room UR to a temporary utility room TUR. This extradition has been carried out by transferring the application package PI from the utility room UR to a temporary utility room TUR.
  • the electronic device SC denies any attempt to create a new instance from the application package PI located in the temporary utility room TUR.
  • the electronic device SC is ready for receiving a new application package P2 which contains a version N+l of the application.
  • Figure 3 shows an example of an electronic device SC comprising the original application package PI and the upgraded application package P2 according to the invention .
  • the upgraded application package P2 has been loaded into the utility room UR.
  • a new instance N3 has been created in the logical domain SD1 from the upgraded application package P2.
  • logical domain SD1 comprises two instances coming from the versions N and N+l of the same application.
  • the application package PI is still present in the electronic device SC and cannot be used for creating a new instance.
  • the electronic device SC may be configured to deny extradition of the application package stored in the temporary utility room TUR.
  • FIG 4 shows an example of an electronic device SC comprising several instances created from the upgraded application package P2 according to the invention.
  • a new instance N4 has been created in the logical domain SD2 from the upgraded application package P2. Since, all instances of version N have been replaced by new instances of version N+l in the electronic device SC, the deleting module M2 has deleted the temporary utility room TUR and the old instances Nl and N2 which were created from an original application package PI.
  • the deletion of the old instances Nl and N2 may be performed in response to the receipt of a request coming from outside. Such a deleting request may be sent by another device connected to the electronic device or by a user through an input interface. In other word, the deletion of the old instances Nl and N2 may be performed independently of the deletion of the temporary utility room TUR.
  • Figure 5 shows a flow diagram of a method for managing application packages in accordance with one aspect of the invention.
  • an application package PI is installed into the utility room UR into the secure element SC (ex: using the "Install for Load" command of defined by GlobalPlatform ® Card Specifications version 2.2 standard) and the instance Nl has been created from the package PI into the electronic device SC.
  • the instance Nl may be a payment applet.
  • a second package P2 is developed as an upgrade of the package PI .
  • the package P2 provides some additional features compared to the first package PI. (Or some bug fixing)
  • a temporary utility room TUR is created in the electronic device SC.
  • the temporary utility room TUR is configured to accept "extradition to” and to forbid “extraction from”. Note that the temporary utility room TUR may already exist. It can be the case if the temporary utility room TUR already stores a package of another application. In such a case, the pre-existing temporary utility room is reused .
  • the application package PI is transferred from the utility room UR to the temporary utility room TUR.
  • the application package PI can be extradited so that any attempt to re-use the package PI or re-recreate an instance will be denied.
  • the old instances e.g. instances created from the old application package
  • no new instance can be created from the old application package.
  • the extradition of a deprecated application package can be performed in a temporary isolated logical domain considered as being the temporary utility room TUR.
  • This temporary isolated domain is configured to reject any extradition of application package that is in its logical domain.
  • This temporary isolated domain is also configured to accept extradition of application package located in (i.e. coming from) any other logical domains .
  • the application package P2 is loaded into the utility room UR of the secure element SC. This loading may be performed through OTA mechanisms or via HTTP.
  • a new instance is created from the application package P2 in all logical domains containing an instance generated from the application package PI . These creations may be requested by a remote server via a dedicated command or launched by any specific event internal to the electronic device. These creations can be performed in an uncoordinated manner, depending on each logical domain lifecycle. The newly generated instances are intended to replace the previous instances.
  • step S4 the instance coming from the application package PI are deleted. Triggering the instance deletion is done either in response to an explicit request for deletion or automatically.
  • the electronic device may be configured to detect that all logical domains which contain an old instance have now a new instance of the same application. In this case, the electronic device can automatically remove the old instances.
  • the old application package can be deleted by using the cumulative delete mechanism (as defined by GP Amendment C 1.0 or upper) and so all instances instantiated from the old package are automatically deleted even if located in a plurality of logical domains.
  • the cumulative delete mechanism as defined by GP Amendment C 1.0 or upper
  • the temporary utility room TUR is deleted.
  • the temporary utility room TUR may comprise several old application packages awaiting final deletion.
  • the temporary utility room TUR comprises only application packages for which there is no longer any existing instance, the temporary utility room TUR is automatically deleted by the electronic device.
  • the application package provider may be a multinational financial services corporation (like VISA ⁇ ) and the logical domains may be allocated to as many service providers (like Banks) that get a license from the package provider for creating an instance of the application.
  • VISA ⁇ multinational financial services corporation
  • the logical domains may be allocated to as many service providers (like Banks) that get a license from the package provider for creating an instance of the application.
  • the invention is not limited to the management of packages of banking applications and applies to any kind of domains like telecom, transport access, Identity, metering, video access, loyalty or cloud services access for instance.
  • An advantage of the invention is to avoid the creation of an instance from an obsolete application package. It guarantees that a deprecated version of a package cannot be used for new instance creation and allows a smooth migration of all actors to the new version .
  • the invention is not limited to electronic devices of JavaCard type and may apply to any kind of electronic devices able to manage application through a package and an instance.
  • the invention is not limited to the management of two logical domains and may apply to any number of logical domains.
  • the electronic device may comprise a framework different from GlobalPlatform, like Multos ⁇ .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

The invention is a method for managing application packages in a device including several logical domains and a utility room for storing application packages. The device can authorize creation of a new instance from any application packages stored in the utility room. A new application package corresponds to an upgraded version of an old application package. The method comprises a step of creating in the device a temporary utility room able to store application packages, the device being configured to deny creation of a new instance from any application packages stored in this temporary utility room, and a step of extraditing the old application package from the utility room to the temporary utility room.

Description

METHOD FOR MANAGING APPLICATION PACKAGES IN AN
ELECTRONIC DEVICE
(Field of the invention)
The present invention relates to methods of managing application packages in an electronic device. It relates particularly to methods of managing application packages in an electronic device comprising a plurality of logical domains indented to include instances created from application packages.
(Background of the invention)
Electronic devices are devices comprising a memory, a processor and an operating system for computing treatments. Secure elements are small electronic devices. Secure elements are called "secure" because they are able to control the access to the data they contain and to authorize or not the use of data by other machines. The secure elements may also provide computation services based on cryptographic components. In general, secure elements have limited computing resources and limited memory resources and they are intended to be connected to a host machine which provides them with electric power. Secure elements may be removable or fixed to a host machine. For example, smart cards are a kind of secure elements.
An electronic device may contain applications and their associated applicative data which encompass user data, file systems and secret keys. Such an application may be developed and issued as a package which is stored into the electronic device. One or several instances of the package application are then created as needed.
An electronic device can receive a new version or an upgrade of a package application. If the electronic device includes a plurality of logical domains and several instances have been created from the previous package application in these logical domains, then an updating process of the deployed instances is going to be performed. This updating process may depend on a variety of updating rules defined by each entity which controls a logical domain. In other word, the replacement of the previous instances by new instances generated from the new package can be performed in an uncoordinated way. As at least one old instance exists, the original application package must be kept in the electronic device. As the old application package exists, new instances of the original application package can be created. Such creation of instance from the old application package is not desirable.
There is a need for controlling the creation of instance when an old package is going to be replaced with a new package of an application embedded in an electronic device. (Summary of the Invention)
An object of the invention is to solve the above mentioned technical problem.
The object of the present invention is an electronic device including a plurality of logical domains and a utility room able to store application packages. The electronic device is configured to authorized creation of a new instance from any application packages stored in the utility room. A second application package corresponds to an upgraded version of a first application package. The electronic device includes a temporary utility room able to store application packages. The electronic device is configured to deny creation of a new instance from any application packages stored in the temporary utility room. The electronic device includes a transferring module configured to extradite the first application package from the utility room to the temporary utility room. The electronic device includes a deleting module configured to delete the temporary utility room when an instance has been created from the second application package in every logical domain containing an instance created from the first application package.
Advantageously, the electronic device may be configured to automatically delete all instances created from the first application package when deletion of the temporary utility room occurs.
Advantageously, the electronic device may be a secure element, a phone or a computer machine.
Advantageously, the electronic device may be configured to deny extradition of any application packages stored in the temporary utility room.
Advantageously, the electronic device may be configured to create the temporary utility room when the transferring module is about to extradite the first application package and the electronic device may be configured to delete the temporary utility room when the temporary utility room becomes empty.
Another object of the invention a method for managing application packages in an electronic device including a plurality of logical domains and a utility room able to store application packages. The electronic device is configured to authorized creation of a new instance from any application packages stored in the utility room. A second application package corresponds to an upgraded version of a first application package. The method comprises the following steps:
creating in the electronic device a temporary utility room able to store application packages, the electronic device being configured to deny creation of a new instance from any application packages stored in said temporary utility room, and
- extraditing said first application package from the utility room to the temporary utility room.
Advantageously, the method may comprise the further steps:
- storing the second application package into the utility room,
deleting the temporary utility room when an instance has been created from the second application package in every logical domain containing an instance created from the first application package.
Advantageously, all instances created from said first application package may be automatically deleted when deletion of the temporary utility room occurs. (Brief description of the drawings)
Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:
- Figure 1 depicts an example of an electronic device comprising several instances of an original package,
- Figure 2 depicts an example of an electronic device comprising a package transferred into a temporary utility room according to the invention,
- Figure 3 depicts an example of an electronic device comprising two packages of a software application according to the invention,
- Figure 4 depicts an example of an electronic device comprising several instances of an updated application package, and
- Figure 5 shows a flow diagram of a method of managing application packages according to an example of the invention.
(Detailed description of the preferred embodiments)
The invention may apply to any type of electronic device intended to embed applications which may be upgraded when deployed on the field. Such electronic device may be any kind of computer, telephone, or any kind of secure element that run independently or are coupled to a host machine like a telephone, a vehicle, a meter, a slot machine, a TV or a computer. In the present description, the word instance means an instance of a software application. The invention applies not only to instances as defined in Java domain but also to separate software (written in non object- oriented programming language) which can run independently .
In the present description, a logical domain (also called secure logical domain) is a set of data (e.g. files, applicative data, secret, instances) governed by a common set of security rules associated with the owner of the set of data. For instance, a security domain in the sense of GlobalPlatform Card Specification V2.2 is a logical domain. For instance, a container implemented as a restricted memory area managed with specific security access rules is a logical domain.
Figure 1 shows an example of an electronic device SC comprising several instances of an original package PI .
In this example, the electronic device SC is a secure element of smart card type. For instance, it may be a Universal Integrated Circuit Card (UICC) or a software-emulated UICC.
The electronic device SC comprises two logical domains implemented as two security domains SD1 and SD2. These two security domains are allocated to two different Service Providers. For instance, the security domain SD1 may be associated to a bank and the second security domain SD2 is associated to another bank. The electronic device SC comprises a utility room UR which comprises an application package PI containing the version "N" of an application. The utility room UR may be implemented as an independent logical domain.
The application package PI may be an Elementary
Load File (ELF) as defined by GlobalPlatform.
The logical domain SD1 comprises an instance Nl created from the application package PI and the logical domain SD2 comprises an instance N2 created from the application package PI.
Each of the instances Nl and N2 may be used independently of one another.
The electronic device SC also includes a transferring module Ml which is configured to extradite any application package from the utility room UR to a temporary utility room TUR. Advantageously, the transferring module Ml may be able to create the temporary utility room TUR.
The electronic device SC includes a deleting module M2 which is configured to delete the temporary utility room TUR when an instance has been created from an updated application package in every logical domain containing an instance created from an original application package.
Figure 2 shows an example of an electronic device
SC comprising the original application package PI transferred into a temporary utility room TUR according to the invention.
Starting from the state shown at Figure 1, the transferring module Ml has created the temporary utility room TUR and extradited the application package PI from the utility room UR to a temporary utility room TUR. This extradition has been carried out by transferring the application package PI from the utility room UR to a temporary utility room TUR. At this stage, the electronic device SC denies any attempt to create a new instance from the application package PI located in the temporary utility room TUR.
The electronic device SC is ready for receiving a new application package P2 which contains a version N+l of the application.
Figure 3 shows an example of an electronic device SC comprising the original application package PI and the upgraded application package P2 according to the invention .
Starting from the state shown at Figure 2, the upgraded application package P2 has been loaded into the utility room UR. A new instance N3 has been created in the logical domain SD1 from the upgraded application package P2. At this time, logical domain SD1 comprises two instances coming from the versions N and N+l of the same application. At this stage, the application package PI is still present in the electronic device SC and cannot be used for creating a new instance.
Advantageously, the electronic device SC may be configured to deny extradition of the application package stored in the temporary utility room TUR.
Figure 4 shows an example of an electronic device SC comprising several instances created from the upgraded application package P2 according to the invention. Starting from the state shown at Figure 3, a new instance N4 has been created in the logical domain SD2 from the upgraded application package P2. Since, all instances of version N have been replaced by new instances of version N+l in the electronic device SC, the deleting module M2 has deleted the temporary utility room TUR and the old instances Nl and N2 which were created from an original application package PI.
Alternatively, the deletion of the old instances Nl and N2 may be performed in response to the receipt of a request coming from outside. Such a deleting request may be sent by another device connected to the electronic device or by a user through an input interface. In other word, the deletion of the old instances Nl and N2 may be performed independently of the deletion of the temporary utility room TUR.
Figure 5 shows a flow diagram of a method for managing application packages in accordance with one aspect of the invention.
The following example is described based on the assumptions that the electronic device SC is a secure element comprising a JavaCard virtual machine and that the application packages PI and P2 and the associated instances comply with JavaCard requirements. Although the example is provided with JavaCard technology, the invention also applies to packages and instances developed in other object-oriented languages (like C++ language) and non object-oriented languages (like C language) .
Prior to the step SI of Figure 5, several steps are assumed to have been performed. First an application package PI is installed into the utility room UR into the secure element SC (ex: using the "Install for Load" command of defined by GlobalPlatform ® Card Specifications version 2.2 standard) and the instance Nl has been created from the package PI into the electronic device SC. For example, the instance Nl may be a payment applet. Then a second package P2 is developed as an upgrade of the package PI . The package P2 provides some additional features compared to the first package PI. (Or some bug fixing)
At step SI of Figure 5, a temporary utility room TUR is created in the electronic device SC. The temporary utility room TUR is configured to accept "extradition to" and to forbid "extraction from". Note that the temporary utility room TUR may already exist. It can be the case if the temporary utility room TUR already stores a package of another application. In such a case, the pre-existing temporary utility room is reused .
At step S2, the application package PI is transferred from the utility room UR to the temporary utility room TUR. For instance, the application package PI can be extradited so that any attempt to re-use the package PI or re-recreate an instance will be denied.
At this stage, the old instances (e.g. instances created from the old application package) are still fully functional and no new instance can be created from the old application package.
The extradition of a deprecated application package can be performed in a temporary isolated logical domain considered as being the temporary utility room TUR. This temporary isolated domain is configured to reject any extradition of application package that is in its logical domain. This temporary isolated domain is also configured to accept extradition of application package located in (i.e. coming from) any other logical domains .
At step S3, the application package P2 is loaded into the utility room UR of the secure element SC. This loading may be performed through OTA mechanisms or via HTTP. At step S4, a new instance is created from the application package P2 in all logical domains containing an instance generated from the application package PI . These creations may be requested by a remote server via a dedicated command or launched by any specific event internal to the electronic device. These creations can be performed in an uncoordinated manner, depending on each logical domain lifecycle. The newly generated instances are intended to replace the previous instances.
At step S4, the instance coming from the application package PI are deleted. Triggering the instance deletion is done either in response to an explicit request for deletion or automatically.
In particular, the electronic device may be configured to detect that all logical domains which contain an old instance have now a new instance of the same application. In this case, the electronic device can automatically remove the old instances.
Advantageously, the once all instances have been updated with the new version, the old application package can be deleted by using the cumulative delete mechanism (as defined by GP Amendment C 1.0 or upper) and so all instances instantiated from the old package are automatically deleted even if located in a plurality of logical domains.
At step S5, the temporary utility room TUR is deleted. The temporary utility room TUR may comprise several old application packages awaiting final deletion. When the temporary utility room TUR comprises only application packages for which there is no longer any existing instance, the temporary utility room TUR is automatically deleted by the electronic device.
For example, the application package provider may be a multinational financial services corporation (like VISA ©) and the logical domains may be allocated to as many service providers (like Banks) that get a license from the package provider for creating an instance of the application.
The invention is not limited to the management of packages of banking applications and applies to any kind of domains like telecom, transport access, Identity, metering, video access, loyalty or cloud services access for instance.
An advantage of the invention is to avoid the creation of an instance from an obsolete application package. It guarantees that a deprecated version of a package cannot be used for new instance creation and allows a smooth migration of all actors to the new version .
The invention is not limited to electronic devices of JavaCard type and may apply to any kind of electronic devices able to manage application through a package and an instance.
The invention is not limited to the management of two logical domains and may apply to any number of logical domains.
It must be understood, within the scope of the invention, that the above-described embodiments are provided as non-limitative examples. In particular, the electronic device may comprise a framework different from GlobalPlatform, like Multos ©.

Claims

1. An electronic device (SC) including a plurality of logical domains (SD1, SD2) and a utility room (UR) able to store application packages, said electronic device (SC) being configured to authorized creation of a new instance from any application packages stored in the utility room (UR) , a second application package (P2) corresponding to an upgraded version of a first application package (PI),
characterized in that the electronic device (SC) includes a temporary utility room (TUR) able to store application packages, said electronic device (SC) being configured to deny creation of a new instance from any application packages stored in said temporary utility room (TUR) , in that the electronic device (SC) includes a transferring module (Ml) configured to extradite said first application package (PI) from the utility room (UR) to the temporary utility room (TUR) and in that the electronic device (SC) includes a deleting module (M2) configured to delete the temporary utility room (TUR) when an instance has been created from said second application package (P2) in every logical domains (SD1, SD2) containing an instance created from said first application package (PI) .
2. An electronic device (SC) according to claim 1, wherein said electronic device (SC) is configured to automatically delete all instances created from said first application package ( P I ) when deletion of the temporary utility room (TUR) occurs.
3. An electronic device (SC) according to claim 1, wherein said electronic device (SC) is a secure element, a phone or a computer machine.
4. An electronic device (SC) according to claim 1, wherein said electronic device (SC) is configured to deny extradition of any application packages stored in the temporary utility room (TUR) .
5. An electronic device (SC) according to claim 1, wherein said electronic device (SC) is configured to create the temporary utility room (TUR) when the transferring module (Ml) is about to extradite said first application package ( P I ) and wherein said electronic device (SC) is configured to delete the temporary utility room (TUR) when the temporary utility room (TUR) becomes empty.
6. A method for managing application packages in an electronic device (SC) including a plurality of logical domains (SD1, SD2) and a utility room (UR) able to store application packages, said electronic device (SC) being configured to authorized creation of a new instance from any application packages stored in the utility room (UR) , a second application package ( P2 ) corresponding to an upgraded version of a first application package ( P I ) , characterized in that the method comprises the following steps:
creating in the electronic device (SC) a temporary utility room (TUR) able to store application packages, the electronic device (SC) being configured to deny creation of a new instance from any application packages stored in said temporary utility room (TUR) ,
- extraditing said first application package (PI) from the utility room (UR) to the temporary utility room (TUR) .
7. A method according to claim 6, wherein the method comprises the further steps:
storing said second application package (P2) into the utility room (UR) ,
- deleting the temporary utility room (TUR) when an instance has been created from said second application package (P2) in every logical domains (SD1, SD2) containing an instance created from said first application package (PI) .
8. A method according to claim 6, wherein all instances created from said first application package (PI) are automatically deleted when deletion of the temporary utility room (TUR) occurs.
9. A method according to claim 6, wherein the electronic device (SC) is a secure element, a phone or a computer machine.
PCT/EP2015/065212 2014-07-31 2015-07-03 Method for managing application packages in an electronic device WO2016015949A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410447573.9A CN105718246A (en) 2014-07-31 2014-07-31 Method for managing application package in electronic device
CN201410447573.9 2014-07-31

Publications (1)

Publication Number Publication Date
WO2016015949A1 true WO2016015949A1 (en) 2016-02-04

Family

ID=53673914

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/065212 WO2016015949A1 (en) 2014-07-31 2015-07-03 Method for managing application packages in an electronic device

Country Status (2)

Country Link
CN (1) CN105718246A (en)
WO (1) WO2016015949A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108604188B (en) * 2016-02-04 2022-03-04 瑞典爱立信有限公司 Operator migration

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025278A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
US7502813B2 (en) * 2004-03-10 2009-03-10 Sony Ericsson Mobile Communications Ab Software update process using an extra memory block
US20120159105A1 (en) * 2010-12-17 2012-06-21 Google Inc. Partitioning the namespace of a contactless smart card
US20130212407A1 (en) * 2012-02-09 2013-08-15 Inside Secure Method for managing memory space in a secure non-volatile memory of a secure element

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000025278A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
US7502813B2 (en) * 2004-03-10 2009-03-10 Sony Ericsson Mobile Communications Ab Software update process using an extra memory block
US20120159105A1 (en) * 2010-12-17 2012-06-21 Google Inc. Partitioning the namespace of a contactless smart card
US20130212407A1 (en) * 2012-02-09 2013-08-15 Inside Secure Method for managing memory space in a secure non-volatile memory of a secure element

Also Published As

Publication number Publication date
CN105718246A (en) 2016-06-29

Similar Documents

Publication Publication Date Title
JP6419767B2 (en) Systems, methods, and computer program products for interfacing trusted service managers and secure elements of multiple service providers
CN103415874B (en) Writing application data to secure element
CN103430222B (en) Local trusted services manager for contactless smart card
US20200174801A1 (en) Information processing apparatus, ic chip, information processing method, program, and information processing system
EP3022678B1 (en) Method for transferring user data between two instances of an application
US9910610B2 (en) Protected mode for global platform complaint smart cards
US7357313B2 (en) Information processor-based service providing system and method
US9286049B2 (en) Systems, methods, and computer program products for managing service installation
US9767287B2 (en) Systems, methods, and computer program products for managing data re-installation
KR101769973B1 (en) Systems, methods, and non-transitory computer-readable medium for securely managing data on a secure element
CN101895883A (en) Smart card supporting authentication arithmetic update and method for updating authentication arithmetic
EP3286682B1 (en) Method of managing applications in a secure element when updating the operating system
EP2887213A1 (en) Method for transferring applicative data between two instances of an application
WO2016015949A1 (en) Method for managing application packages in an electronic device
EP2827274A1 (en) Method of enforcing control of access by a device to a secure element, and corresponding secure element
EP2898413B1 (en) A security module and a method for optimum memory utilization
CN107679858B (en) Mobile terminal and mobile payment method
EP4390735A1 (en) Update agent with linear memory
EP4307142A1 (en) Update agent for multiple operating systems in a secure element
AU2015234304B2 (en) Systems, methods, and computer program products for managing secure elements
EP3683708A1 (en) Method for managing a package of an application

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15738869

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15738869

Country of ref document: EP

Kind code of ref document: A1