Computer-implemented method for updating data stored in data objects on a microcontroller chip or an embedded secure element (ESE) and a respective system

The method of assigning security levels to data objects on microcontroller chips and eSEs for authorized backup addresses storage challenges, optimizing space usage and security by selectively backing up sensitive data.

WO2026119402A1PCT designated stage Publication Date: 2026-06-11ASSA ABLOY AB

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
ASSA ABLOY AB
Filing Date
2024-12-05
Publication Date
2026-06-11

AI Technical Summary

Technical Problem

Existing microcontroller chips and embedded secure elements (eSEs) face challenges in managing limited storage space while securely backing up sensitive data, which can pose security risks when moved outside the chip.

Method used

A computer-implemented method assigns data objects or pieces to specific security levels and allows backup only for authorized requests, enabling selective backup based on sensitivity, thereby optimizing storage and security.

Benefits of technology

This approach efficiently manages storage by prioritizing backup of sensitive data, ensuring security and convenience by freeing up space on the chip for frequently used data while maintaining high security standards.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure EP2024084958_11062026_PF_FP_ABST
    Figure EP2024084958_11062026_PF_FP_ABST
Patent Text Reader

Abstract

The present application is related to the field of microchips, for example, microchips on a card, or embedded secure elements called eSE. It is provided a computer- implemented method for updating data stored in data objects on a microcontroller chip (2) or an embedded secure element (eSE) comprising the steps of assigning data objects or pieces of data in a respective data object to a specified security level, and backing up only the data objects or respectively pieces of data in a respective data object which are assigned to a specific security level and optionally the data objects or respectively pieces of data in the lower security levels lower than the specific security level, wherein the backing-up is only allowed if the back-up request is an authorized request, which is specified as being authorized to have access to the respective security level. It is further provided a respective system for executing a backing-up data stored in data objects on a microcontroller chip (2) or an embedded secure element (eSE).
Need to check novelty before this filing date? Find Prior Art

Description

[0001] 40181.AAB.P100PC S / JE / kt

[0002] Computer-implemented method for updating data stored in data objects on a microcontroller chip or an embedded Secure Element (eSE) and a respective system

[0003] The present application is related to the field of microchips, for example, microchips on a card, or embedded secure elements called eSE. Such an eSE is a dedicated hardware component within a device, like a smartphone or loT device, used to securely store sensitive data and perform secure operations. eSEs are widely used for applications that require high security, such as mobile payments, identification, and cryptographic functions.

[0004] The present invention is in particular about securely backing up sensitive data stored on microchips or eSEs found in plastic cards or embedded in mobile phones, while considering the limited space of these chips or eSEs, respectively. In particular, the present invention provides a computer-implemented method of updating data stored in data objects on a microcontroller chip or an eSE.

[0005] According to a further aspect, the present invention provides a system for executing a backing up of data stored in data objects in the microcontroller chip or eSE. In particular, microcontroller chips or eSEs like those in credit cards or mobile phones have limited storage space.

[0006] Thus, when more applications or data are added, space becomes a problem.

[0007] To manage space better, some data that is not used frequently could be backed up elsewhere, freeing up space on the chip. However, since the data can be sensitive, such as payment information, moving the data outside can pose security risks.

[0008] Figures 1 and 2 show a general prior art configuration of a microchip on a plastic card.

[0009] Figure 1 shows an example of such a plastic card 1 from its front side and its back side. On the front side of the card 1 (and as shown in Figure 2 partially embedded in the card), there is provided a chip 2. How such a generic known chip may be set up is shown in Figure 2. 40181.AAB.P100PC S / JE / kt

[0010] Via the patches 4, which are visible on the front side of the card, the communication between the chip and the respective card reader or payment terminal is executed. These patches 4 serve as contact points for data transfer. When the chip 2 is inserted in a respective reader or terminal, it is allowed that the chip receives power and the data transmission between the chip and the reader or the terminal is executed. Such a chip, as shown in Figure 2, may comprise a microcontroller 5, a memory 6, a ROM 7 which stores the chip's operating system, which is preloaded during manufacturing, an EEPROM, in which, for example, user-specific data, like encryption keys, account information, and transaction history may be stored, a RAM, which temporarily stores data for active processing and calculations, a cryptographic processor 8, which performs complex encryption and decryption operations to secure data and authenticate transactions, and an I.O. controller, which manages communication between the chip's external devices.

[0011] These parts of the chip are usually embedded in the plastic card substrate in the areas shown in Figure 2.

[0012] However, the present invention is not limited to such chips (in particular microchips with security features) on cards, however, covers any chip which has a quite low size, which is specifically designed for storing sensitive data while considering the limited space on these chips. One example is an EMV chip. An EMV chip refers to a microchip embedded in credit and debit cards that supports the EMV standard (Europay, Mastercard, and Visa). EMV technology is designed to enhance the security of card transactions, particularly for in-person payments, by reducing fraud associated with counterfeit and stolen cards. Such a chip has a distinct purpose and design compared to larger, complex, multi-component chips found in computers, such as CPUs or GPUs, such that the present chip is not such a CPU or GPU chip.

[0013] As an alternative to such a chip, the embedded secure elements called eSE may be used for data storage.

[0014] An embedded Secure Element (eSE) and the chip found on credit, debit, and ID cards share several key characteristics, as both are designed to securely store and process sensitive information. Both rely on hardware-based security, which provides a robust safeguard against tampering, malware, and unauthorized access. This reliance on hardware makes them inherently more secure than software-only solutions. 40181.AAB.P100PC S / JE / kt

[0015] Both eSEs and card chips are designed to be tamper-resistant. They incorporate advanced physical and software-based security measures to deter unauthorized access and make it extremely difficult for anyone to extract data, even in the event of physical interference. Additionally, these systems are equipped with built-in cryptographic capabilities. They can perform secure operations, such as encryption, decryption, and digital signing, which are critical for secure transactions and identity verification.

[0016] Another shared feature is their ability to securely store sensitive data, such as cryptographic keys, personal information, and payment credentials. This capability makes them ideal for applications like mobile payments and ID verification, where secure storage of sensitive information is paramount. Furthermore, both technologies often comply with strict security standards and certifications, such as EMVCo for payment transactions, Common Criteria, or FIPS. Adherence to these standards ensures they meet rigorous security requirements.

[0017] The applications of eSEs and card chips also overlap significantly, as both are commonly used in systems requiring secure authentication. For instance, they play a central role in payment systems - both contactless and chip-based - and are also widely used for identity verification.

[0018] The key difference between the two lies in their form factor and integration. While a chip on a card is an external component embedded into physical cards, an eSE is integrated directly into devices such as smartphones or loT systems. This difference allows eSEs to support mobile and connected applications, such as mobile wallets, which would be impractical to implement with a traditional chip card.

[0019] However, the present invention covers both alternatives.

[0020] According to the present prior art, there are known some techniques in relation to backup. In particular, there may be encrypted the sensitive parts of the data before it leaves the chip, which ensures that even if someone assesses the backups, they cannot read the sensitive information without the description key.

[0021] Another approach is replacing sensitive data with a randomly generated token (tokenization). The actual data stays on the chip while only the token is backed up. When 40181.AAB.P100PC S / JE / kt needed, the token is used to retrieve the original data from the secure chip. Such a measure is, for example, described in US 8,458,487 B1.

[0022] In this context, the token is a placeholder reference that represents sensitive data but does not reveal the actual data itself. Tokenization is thus a technique used to protect sensitive information by substituting it with non-sensitive equivalents, known as tokens, which can be later de-tokenized to retrieve the original data when needed.

[0023] However, the goal of the present invention is to find a way to backup data while protecting its sensitive parts.

[0024] In order to do so, there is provided a computer-implemented method as defined in claim 1.

[0025] In particular, on such a chip or an eSE, there are stored data objects. Such data objects may contain one or more pieces of data, which data may be about the account number of the account linked to such a card cryptogram generated by the card to identify the transactions.

[0026] Generally, a data object refers to a structured entity designed to encapsulate related pieces of data, making it easier to manage, access, and manipulate. A data object typically combines multiple pieces of related information (pieces of data) into a single unit, with each piece of data stored in fields or properties that define its attributes. These objects often have a unique identifier or name to distinguish them from others, ensuring clarity and organization in complex systems. While some data objects simply hold information, others, particularly in object-oriented programming, can include methods or functions that define their behavior or the actions they can perform.

[0027] However, in a so-called EMV chip as explained above, the data is structured in a standardized way and encapsulated with an application protocol data unit as tag length value data.

[0028] However, according to the present invention, each object, or on the lower level, also each piece of data in a respective object is assigned to a specific security level and a backing up of the data or data piece is only allowed if the backup request is an authorized request, which is specified as being authorized to have access to a respective security level. 40181.AAB.P100PC S / JE / kt

[0029] In this sense, an authorized request for backing up data refers to a formal and verified request made by a user or system (or application) with the appropriate permissions to initiate or approve backup operations. Such requests are validated through a process that ensures the requester is properly authenticated, confirming their identity, and authorized, verifying they have the necessary permissions or roles to perform the backup task. This often includes additional measures like logging and auditing to document the request for compliance and tracking purposes. In some cases, organizations may also require an approval workflow, where certain backup operations need managerial or higher-level validation before proceeding. This process ensures data security and integrity while preventing unauthorized access or accidental overwrites.

[0030] If this request is an authorized request, any of the data objects or pieces of data objects are backed up, e.g. in a backup server, that at least match the predetermined security level of the data, however it is beneficial if any data from the lowest security level up to the security level, which is specified by the authorized request, are allowed to be updated.

[0031] The security level may belong to a group comprising one of the following, however any other definition of security levels can be used or some of the below security levels can be combined as one common specified level.

[0032] A first security level, which is assigned to public accessible data that can be stored in unencrypted form (also referred to as unencrypted public data).

[0033] A second security level is assigned to public accessible data that is protected with integrity validation (also referred to as unencrypted public data with integrity).

[0034] A third security level is assigned to protected data that requires both confidentiality and integrity, which is protected with encryption and integrity (also referred to as encrypted data with integrity).

[0035] A fourth security level is assigned to unspecified or unclassified data that requires confidentiality and integrity, protected by encryption and integrity validation (also referred to as unclassified encrypted data with integrity). This data may be data which cannot be assigned by a structured process to any other security level, therefore, it is given a quite high security level in order to prevent the misuse of this data, because this data may contain confidential information. 40181.AAB.P100PC S / JE / kt

[0036] And a fifth security level is assigned to cryptographic material data protected by double encryption and integrity validation (also referred to as double encrypted data with integrity).

[0037] From these security levels, the first security level has the lowest security and the fifth security level has the highest security and increase of the security is from first, second, third, fourth to fifth.

[0038] However, the different security levels can also be grouped in a group comprising less or more security levels or any of the aforementioned security levels may be left out. At least, there should be two or three different security levels. In the simplest form, thus, there is a first security level for data in unencrypted form and a second security level, in which the data is protected in a certain way, either with integrity validation or with encryption, or both.

[0039] However, the respective data objects or pieces of data are assigned to a specific security level and only an authorized request is allowed to retrieve this data for backup.

[0040] This provides higher security including place optimizations on the chip.

[0041] According to one approach, each entire data object is backed up with the same level of security done based on the highest security requirement of the data object of any part (piece of data) within the object. Essentially, the whole object is then treated as though it has the same security level as its most sensitive parts. This provides a simpler backup process consistent with the security. However, backing up all parts of the object at the highest security level may require extra encryption and space, limiting the amount of data that can be backed up. This is because encryption and integrity checks can take up more storage (for example, a document with a public summary and a private section containing personal data). In this approach, the entire document is backed up with encryption, even though only the personal section needs to be backed up.

[0042] A second approach is only certain pieces of the data objects are backed up, depending on the individual security requirements. This approach allows a cherry-picking or select parts of the object based on sensitivity of each component, rather than backing up the entire object at a high security level. Since only parts (pieces of data) of the objects are backed up, this can save storage space and potentially allow for more data to be backed up overall. Each part of the data object gets the level of protection it needs, rather than 40181.AAB.P100PC S / JE / kt treating all data the same. It is ideal when different components have different security requirements.

[0043] However, according to the further preferred development, according to claim 2, each piece of data in a respective data object is assigned to a respective security level, and all objects of the card or eSE are allowed to be backed up on a request. However, then only the part of the object which matches the authorized request is then actually backed up.

[0044] According to a further development, the invention is related to the microchip. The chip may be a SIM chip, payment card chip, ID card chip, healthcare card chip, transit card chip, e-passport chip, loyalty card chip, access control card chip, driver's license chip, bank key fob chip, mobile payment variable chip, or may also be an e-SIM.

[0045] Nevertheless, it is beneficial that the chip has a size below 100 mm2.

[0046] In particular, examples for further dimensions are about 6 x 6 mm or smaller, 5 x 5 mm or smaller, 8 x 8 mm or smaller, or even 2 x 2 mm or smaller, as e.g. an RFID chip is used.

[0047] Conversely thereto, CPU chips usually have a size about 37.5 x 37.5 mm, and thus are much bigger. GPU sizes lie around 800 mm2, so the present chips have a limited size and are chips with a distinct function.

[0048] However, instead of such a chip, e.g. a chip including security features or an eSE can be used.

[0049] A chip with security features in the aforementioned context is a specialized microchip designed to ensure the secure storage, processing, and transmission of sensitive data. Their purpose is to protect information like personal data, cryptographic keys, and payment credentials from unauthorized access, duplication, or tampering. To achieve this, security chips incorporate advanced cryptographic capabilities, enabling them to encrypt and decrypt data to maintain confidentiality and ensure its integrity. They also facilitate authentication processes, allowing the chip and external systems, such as payment terminals or access control devices, to verify each other's identities. This ensures that only authorized interactions take place. Moreover, these chips are usually built to resist physical and digital tampering. They employ secure memory areas to store 40181.AAB.P100PC S / JE / kt sensitive information and integrate measures to detect and counteract hacking attempts, such as voltage manipulation or side-channel attacks. In many cases, they include hardware security modules or trusted execution environments, which isolate secure operations from other processes on the chip. This adds an extra layer of protection, ensuring that sensitive tasks like key management and secure boot processes are performed in a trusted, controlled environment.

[0050] To guarantee a high level of security, these chips adhere to international standards, such as Common Criteria for evaluating IT security, FIPS standards for cryptographic modules, and ISO standards for smart card communication. Their implementation helps protect against fraud, such as card cloning or data interception, while ensuring global interoperability.

[0051] The assignment of data objects or pieces of data is done by an application which may be provided, or may be run by the provider of the item on which the chip, or in which the eSE is placed, or which may be done by a provider providing a service with the item.

[0052] The item may be a card, phone or any other wearable or transportable item in which such a chip functionality or eSE functionality is integrated.

[0053] However, the backing up may be done at this point by a respective provider providing a respective service.

[0054] According to a further coordinated aspect of the invention, there is also provided a system for executing a backing up data stored in data objects on a microcontroller chip or an eSE. This system has a communication interface with which data between the microcontroller chip or eSE and the backup server may be transferred. This communication interface may be provided via a physical contact between patches provided on the card and a respective remote terminal system. Also a contactless transfer configuration is possible.

[0055] Further, the system has an application which is adapted to assign data objects or pieces of data in a respective data object to a specified security level. This application may also be provided on the terminal or a cloud system provided from the provider.

[0056] Generally, the system is configured to back up only the data objects or respectively pieces of data which are assigned to a specific security level and optionally data or 40181.AAB.P100PC S / JE / kt respective pieces of data in the lower security levels lower than the specific security layer.

[0057] The backing up is also only allowed if the backup request is an authorized request which is specified as being authorized to have access to a respective security level.

[0058] Further preferred embodiments shall be explained with respect to the following Figures in which

[0059] Figure 1 shows a prior art card on which a chip is provided,

[0060] Figure 2 shows a prior art general configuration of the chip,

[0061] Figure 3a shows a sketch of the inventive method,

[0062] Figure 3b shows a sketch of the inventive system.

[0063] The content of Figures 1 and 2 has been described in the introduction section with respect to the prior art.

[0064] Figure 3b shows an example of an inventive system.

[0065] From the provider side, there may be provided a backup server 12 and an application 9 which may communicate with the chip 2 on the card 1 via a communication interface 11 .

[0066] The application 9 may have a portion adapted to assign data to specific security levels and the application 9 may have a further portion adapted to execute the actual backup. However, both portions can be separated also in different applications.

[0067] Nevertheless, there is generally assigned the data on the chip or an eSE to a security level and then it is only allowed a backup if the request is an authorized request.

[0068] As shown in Figure 3a as an example, the security levels are assigned to security levels 1 to 5, wherein the lowest security level is level 1 and the highest security level is level 5.

[0069] For example, level 1 handles data meant for public viewing with no need for extra protection. Level 2 ensures that public data cannot be altered by implementing integrity validation. Level 3 introduces encryption and integrity checks to safeguard sensitive internal data. Level 4 enhances protection for internal data of high sensitivity by 40181.AAB.P100PC S / JE / kt enforcing both confidentiality and integrity. Finally, Level 5 provides the highest level of security, employing double encryption and integrity validation to protect cryptographic materials.

[0070] Level 1 in this example is the most basic level to which e.g. public data which is nonsensitive and which does not require integrity is assigned. For this data, no encryption and integrity checks are applied, since this data is not sensitive. Backing up general product information or publicly available user profiles is not confidential and it can be stored safely as it is.

[0071] Level 2 data may have in integrity feature. If there is public data, for which it needs to be ensured that the data has not been altered or tampered, integrity checks like checksums or digital signatures help verify that the data remains intact during storing or transfer. Public financial reports and annual reports shared with stakeholders, such as a PDF document containing a quarterly financial report, are assigned to Level 2 security. Although this data is public, it is crucial to ensure its accuracy. Integrity validation methods, such as checksums or digital signatures, are used to confirm that the document has not been tampered with. However, encryption is not required at this level.

[0072] Level 3 may protect the data with encryption and integrity.

[0073] This level is for sensitive or semi-sensitive data that requires both encryption to protect confidentially and integrity checks. Encryption prevents unauthorized access to data and integrity checks ensure that it has not been altered. This level is suitable for data that should remain private and intact. This may be internal business records or personal customer data where unauthorized access or tampering could cause an issue.

[0074] Further examples are internal financial statements, transaction logs, and customer service records, such as those stored in an internal database containing transaction records, are accessible only to authorized employees. These data objects are assigned to Level 3 security because they contain sensitive information that must remain confidential. To protect against unauthorized access and tampering, both encryption and integrity validation are implemented, ensuring that only authorized users can view or modify the data.

[0075] Level 4 provides encryption and integrity for unspecified or non-categorized data. 40181.AAB.P100PC S / JE / kt

[0076] This level is an extra caution level securing data, if its sensitivity level is not certain. Also for this level there, there may be provided encryption and integrity checks.

[0077] Level 5 is a backup of crypto material keys. This is the higher level of security. This is especially for cryptographic material like encryption keys which are highly sensitive and need maximum protection. This data may be double-encrypted with two layers of encryption and includes integrity checks.

[0078] Cryptographic material, such as cryptographic keys used for encrypting financial transactions, system authentication keys, and secure API keys, is e.g. assigned to the security Level 5. An example includes a root key for the company’s encryption system, which enables secure encrypted communication for online banking. This data is classified as highly sensitive and requires the utmost protection. To safeguard it, double encryption and rigorous integrity validation are applied, ensuring it is immune to unauthorized access, tampering, or misuse. The use of double encryption provides an additional layer of security, essential for preventing any unauthorized use of the company’s cryptographic systems.

[0079] Namely, security levels may belong to a group comprising one of the following, however any other definition of security levels can be used or some of the below security levels can be combined as one common specified level.

[0080] A first security level, which is assigned to public accessible data that can be stored in unencrypted form (also referred to as unencrypted public data).

[0081] A second security level is assigned to public accessible data that is protected with integrity validation (also referred to as unencrypted public data with integrity).

[0082] A third security level is assigned to protected data that requires both confidentiality and integrity, which is protected with encryption and integrity (also referred to as encrypted data with integrity).

[0083] A fourth security level is assigned to unspecified or unclassified data that requires confidentiality and integrity, protected by encryption and integrity validation (also referred to as unclassified encrypted data with integrity). This data may be data which cannot be assigned by a structured process to any other security level, therefore, it is 40181.AAB.P100PC S / JE / kt given a quite high security level in order to prevent the misuse of this data, because this data my contain confidential information.

[0084] And a fifth security level is assigned to cryptographic material data protected by double encryption and integrity validation (also referred to as double encrypted data with integrity).

[0085] From these security levels, the first security level has the lowest security and the fifth security level has the highest security and increase of the security is from first, second, third, fourth to fifth.

[0086] However, the different security levels can also be grouped in a group comprising less or more security levels or any of the aforementioned security levels may be left out. At least, there should be two or three different security levels. In the simplest form, thus, there is a first security level for data in unencrypted form and a second security level, in which the data is protected in a certain way, either with integrity validation or with encryption, or both.

[0087] These examples are only examples for different security levels.

[0088] There may be provided more of those layers with a higher granularity or less of those layers with lower granularity. At least, different security levels should be assigned to the data.

[0089] Better is to assign at least three different security levels to the data and take into account whether the request for update is an authorized request.

[0090] In the following, there is given one specific example which is covered by the present invention, wherein a seller works as a car dealership and has digital keys for all the dealership's cars stored in their phone (e.g. on the eSE of the phone). Each digital key allows them to unlock and start specific cars similar to how a traditional car key works but digitally. The phone eSE is a secure chip with limited space. It can store only a certain number of digital keys, thus managing to store efficiently is crucial. Some cars are less desirable and not frequently requested by clients so that the digital keys for these cars are not used often. New cars have arrived and the seller needs to install digital keys for these cars on the phone. The digital keys for the less popular cars are taking up valuable space on the phone eSE leaving no room for keys of new cars. To 40181.AAB.P100PC S / JE / kt free up space, seller decides to back up the digital keys for less desirable cars. This process works as follows.

[0091] The digital keys for less used cars are moved off the eSE and stored in a backup location, possibly in a securely encrypted file on a server or cloud storage. This frees up space on the eSE without permanently deleting the keys so that the seller can restore them if needed. With the less used keys removed, the seller now has extra space on the eSE. This space is used to install the new car keys.

[0092] If a client wants to see one of the less popular cars, the seller can retrieve the backup and load the specific digital key back onto the eSE temporarily using the space freed up by backing up other keys or removing keys from the less used car. Thus, the seller can effectively manage the limited storage by the eSE by prioritizing and frequently used keys.

[0093] Backing up digital keys rather than simply deleting them, allows the seller to maintain access when needed. The eSE space is reserved for the most important or frequently used keys helping the seller respond to the client’s request promptly.

[0094] In essence, this approach is a digital technique that allows the seller to handle storage limitation without losing access to important data maintaining both security and convenience.

[0095] However, this backing up can be applied to any further situation where such a backup is needed and where multiple information and objects are saved, e.g. on a chip or an eSE.

[0096] The specific method described can also be implemented in the system so that any of the respective method features may also be provided in a respective system configuration. 40181.AAB.P100PC S / JE / kt

[0097] Reference sign list

[0098] 1 plastic card

[0099] 2 chip

[0100] 4 patch

[0101] 5 microcontroller

[0102] 6 memory

[0103] 7 ROM

[0104] 8 cryptographic processor

[0105] 9 Application

[0106] 10 Server

[0107] 11 Communication Interface

[0108] 12 Backup Server

Claims

40181.AAB.P100PC S / JE / ktClaims1 . A computer-implemented method for updating data stored in data objects on a microcontroller chip (2) or an embedded secure element (eSE) comprising the steps of assigning data objects or pieces of data in a respective data object to a specified security level, wherein a subsequent security level is more secure than a previous lower security level, and backing up only the data objects or respectively pieces of data in a respective data object which are assigned to a specific security level and optionally the data objects or respectively pieces of data in the lower security levels lower than the specific security level, wherein the backing-up is only allowed if the back-up request is an authorized request, which is specified as being authorized to have access to the respective security level, wherein the security level belongs to a group comprising one or more of the following: a first security level assigned to public accessible data that can be stored in unencrypted form, a second security level assigned to public accessible data that is protected with integrity validation, a third security level assigned to protected data that requires both confidentiality and integrity, protected with encryption and integrity validation, a fourth security level assigned to unspecified or unclassified data that requires confidentiality and integrity, protected by encryption and integrity validation, and a fifth security level assigned to cryptographic material data, protected by double encryption and integrity validation, wherein the first security level has the lowest security and the fifth security level has the highest security.40181.AAB.P100PC S / JE / kt2. The method of claim 1 , characterized in that each piece of data in a respective data object is assigned to a respective security level and the backing up is executed for all objects stored on the chip (2) or eSE and for any piece of data in a respective object which is assigned to a respective security level which is allowed to be backed up by the request.

3. The method of claim 1 or 2, characterized in that the chip is a chip (2) of the following: SIM chip, E-SIM chip, payment card chip, ID card chip, Healthcare Card Chip, Transit Card Chip, ePassport Chip, Loyalty Card Chip, Access Control Card Chip, Driver's License Chip, Bank Key Fob Chip, Mobile Payment Wearable Chip.

4. The method of claim 3, characterized in that the chip (2) has a size below 100 mm2.

5. The method of any of the foregoing claims, characterized in that the assigning of data objects or pieces of data in a respective data object to a specified security level is done by an application (9) run be the provider of the item on which the chip (2) or eSE is placed and / or is done be a provider providing a service in relation to the item.

6. A system for executing a backing-up of data stored in data objects on a microcontroller chip (2) or an embedded secure element (eSE), comprising a backup server (10) on which back-up data is stored, a communication interface (11 ) which is adapted to transfer data between the microcontroller chip (2) or eSE and the backup server (10), and an application (9) which is adapted to assign data objects or pieces of data in a respective data object to a specified security level, wherein a subsequent security level is more secure than a previous lower security level, wherein the system is configured to backing up only the data objects or respectively pieces of data in a respective data object which are assigned to a specific security level and optionally the data objects or respectively pieces of data in the lower security levels lower than the specific security level,40181.AAB.P100PC S / JE / kt wherein the backing-up is only allowed if the back-up request is an authorized request, which is specified as being authorized to have access to the respective security level.