Content providing to integrated secure element

EP4758605A1Pending Publication Date: 2026-06-17GIESECKE DEVRIENT MOBILE SECURITY GERMANY GMBH

Patent Information

Authority / Receiving Office
EP · EP
Patent Type
Applications
Current Assignee / Owner
GIESECKE DEVRIENT MOBILE SECURITY GERMANY GMBH
Filing Date
2024-08-07
Publication Date
2026-06-17

AI Technical Summary

Technical Problem

Existing solutions for providing content to integrated Secure Elements (iSEs) in mobile devices are complex and inefficient, particularly when updating operating systems for multiple iSEs, as they require cumbersome key management and risk unauthorized cloning of code.

Method used

A method that uses a hardware security module (HSM) to prepare and securely transfer content to iSEs by deriving a pre-shared key (PSK) from a universal key-derivation constant and seeds specific to the contents provider and iSE, ensuring secure encryption and prevention of unauthorized cloning.

Benefits of technology

This solution enables efficient and secure provision of identical content, such as operating systems or updates, to multiple iSEs, while preventing unauthorized access or cloning, thereby simplifying the content delivery process and enhancing security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure EP2024072387_20022025_PF_FP_ABST
    Figure EP2024072387_20022025_PF_FP_ABST
Patent Text Reader

Abstract

A method for preparing contents to be provided from a hardware security module, HSM, to an integrated Secure Element, iSE, comprising: • a) provide in the HSM a pre-shared key, PSK, which is derived from a universal key-derivation constant, KDC, permanently stored in the iSE, and a first seed (SI), wherein the KDC is identical for a multitude of multiple iSEs, and the first seed (51) is specific or unique for a specific contents provider (CP) of said contents; • b) in the HSM, provide a second seed (S2) which is specific or unique for the iSE, and from the PSK and the second seed, apply a CEK-key-derivation scheme so as to derive a code encryption key, CEK; • c) in the HSM, encrypt the code package with the code encryption key, CEK, and by applying a code encryption scheme, so as to generate an encrypted code package (OS packet); • d) in the HSM, generate a header including the second seed (S2) and, if required: information on the code encryption scheme of step c) or / and information on the CEK-key-derivation scheme of step b); • e) in the HMS, encrypt the header with the PSK, or with a header encryption key derived from the PSK, and by applying a header encryption scheme, so as to generate an encrypted header (Header); • f) in the HSM, merge the encrypted code package (OS packet) and the encrypted header (Header) so as to create a binary large object, BLOB, to be transferred to the iSE.
Need to check novelty before this filing date? Find Prior Art