Computer-implemented method of deciding whether an item from a plurality of items stored on a microcontroller chip or an ese (embedded secure element) is available to be offloaded and a respective system

Abstract

The present application is related to the field of microchips, for example, microchips on a card, or embedded secure elements called eSE. It is provided a computer- implemented method of deciding whether an item from a plurality of items stored on a microcontroller chip (2) or an eSE (embedded Secure Element) is available to be offloaded form the storage location to an external location (103) externally form the microcontroller chip (2) or respectively eSE. It is further provided a system (104) comprising a device including a microcontroller chip (2) or an eSE (embedded Secure Element) and an offload availability determination application.

Description

[0001] 40182.AAB.P100PC S / JE / kt

[0002] Computer-implemented method of deciding whether an item from a plurality of items stored on a microcontroller chip or an eSE (embedded Secure Element) is available to be offloaded and a respective system

[0003] The present application is related to the field of microchips, for example, microchips on a card, or embedded secure elements called eSE. Such an eSE is a dedicated hardware component within a device, like a smartphone or loT device, used to securely store sensitive data and perform secure operations. eSEs are widely used for applications that require high security, such as mobile payments, identification, and cryptographic functions.

[0004] Those devices, such as chips and eSE, have a constrained physical space, and therefore, the system may require data backups. When such a device reaches its storage capacity, it can automatically decide which data to offload (move elsewhere temporarily to free up the space). In high-end devices, there is usually a built-in scheduler, which is a system that manages the task, and potentially a connection to a cloud storage. This allows the device to automatically move data that is not immediately needed to the cloud or another storage area. When the data is needed later, the device can retrieve it. Then there might be more free space available or the user can choose to delete unnecessary data on the device.

[0005] Usually, this offloading is initiated by a clock signal for coordination.

[0006] However, the present invention provides a technique which facilitates the decision to offload data on a device having constrained physical space, such as a microcontroller chip or an eSE in a so-called non-clocked environment. Thus, preferably, the system or process does not rely on a synchronized clock signal for coordination.

[0007] However, the present invention is not limited to such chips (in particular microchips with security features) on cards but is also provided for the above described eSEs.

[0008] A chip can cover any chip which has a quite low size, which is specifically designed for storing sensitive data while considering the limited space on these chips. One example is an EMV chip. An EMV chip refers to a microchip embedded in credit and debit cards 40182.AAB.P100PC S / JE / kt that supports the EMV standard (Europay, Mastercard, and Visa). EMV technology is designed to enhance the security of card transactions, particularly for in-person payments, by reducing fraud associated with counterfeit and stolen cards. Such a chip has a distinct purpose and design compared to larger, complex, multi-component chips found in computers, such as CPUs or GPUs, such that the present chip is not such a CPU or GPU chip.

[0009] As an alternative to such a chip, the embedded secure elements called eSE may be used for data storage.

[0010] An embedded Secure Element (eSE) and the chip found on credit, debit, and ID cards share several key characteristics, as both are designed to securely store and process sensitive information. Both rely on hardware-based security, which provides a robust safeguard against tampering, malware, and unauthorized access. This reliance on hardware makes them inherently more secure than software-only solutions.

[0011] Both eSEs and card chips are designed to be tamper-resistant. They incorporate advanced physical and software-based security measures to deter unauthorized access and make it extremely difficult for anyone to extract data, even in the event of physical interference. Additionally, these systems are equipped with built-in cryptographic capabilities. They can perform secure operations, such as encryption, decryption, and digital signing, which are critical for secure transactions and identity verification.

[0012] Another shared feature is their ability to securely store sensitive data, such as cryptographic keys, personal information, and payment credentials. This capability makes them ideal for applications like mobile payments and ID verification, where secure storage of sensitive information is paramount. Furthermore, both technologies often comply with strict security standards and certifications, such as EMVCo for payment transactions, Common Criteria, or FIPS. Adherence to these standards ensures they meet rigorous security requirements.

[0013] The applications of eSEs and card chips also overlap significantly, as both are commonly used in systems requiring secure authentication. For instance, they play a central role in payment systems - both contactless and chip-based - and are also widely used for identity verification. 40182.AAB.P100PC S / JE / kt

[0014] The key difference between the two lies in their form factor and integration. While a chip on a card is an external component embedded into physical cards, an eSE is integrated directly into devices such as smartphones or loT systems. This difference allows eSEs to support mobile and connected applications, such as mobile wallets, which would be impractical to implement with a traditional chip card.

[0015] However the present invention covers both alternatives.

[0016] In order to solve the aforementioned problem, there is provided a computer-implemented method defined in claim 1 .

[0017] This method is a computerized approach to determine if an item from a group of items stored on a secure microcontroller chip or embedded secure element eSE can be transferred from its storage location on the chip or eSE to an external storage location outside the secure environment.

[0018] There may be a set of items which are already stored on a microcontroller chip or eSE. This item might be sensitive or critical, such as data keys, credentials, or other secure elements. However, it is not necessary to have sensitive or critical data.

[0019] The method purpose is to decide if an item on this secure storage location can be transferred or offloaded to an external location.

[0020] Such an external location is something outside the microcontroller chip or eSE. This could be a server, a cloud, or another device with or without further security measures.

[0021] The process is e.g. handled by a software or algorithm (application) on the device itself.

[0022] In particular, it is detected the usage frequency of the item and generated information that the item is available to be offloaded, in this case that the detected usage frequency is below a predetermined usage frequency. That means that items which are not often used have a lower usage frequency than items which are used frequently. There is a predetermined usage frequency and below this usage frequency, when the items are not so often used, it is not necessary to have this item directly saved on the device and therefore, it is then assigned to this item that it is available to be offloaded. 40182.AAB.P100PC S / JE / kt

[0023] Thus, this concept revolves around optimizing the storage and accessibility of items based on their usage frequency. Specifically, the system monitors how often an item is used and determines whether its usage frequency falls below a predefined threshold. If an item's usage frequency is below this predetermined level, it is identified as being infrequently used.

[0024] In such cases, it becomes unnecessary to keep the item stored directly on the device. Instead, the system marks the item as suitable for offloading, meaning it can be transferred to alternative storage, such as cloud storage or less frequently accessed memory. This approach enhances storage efficiency by prioritizing readily accessible space for frequently used items while securely managing infrequently used ones elsewhere.

[0025] The availability may be assigned to the item by providing for the item a respective identifier that later, when for example a further software application executes or decides the actual offloading, it knows which items should stay on the device and which items can be offloaded.

[0026] In this approach, the availability for offloading is assigned to an item by associating it with a specific identifier. This identifier serves as a marker that informs other systems or software applications about the item's status. When a software application later executes an offloading process or makes decisions about storage management, it can use this identifier to distinguish between items that need to remain on the device and those that can be safely offloaded.

[0027] This method ensures that offloading decisions are made efficiently and accurately, leveraging the identifier as a reference point to streamline the process of managing device storage while maintaining the accessibility and security of critical items.

[0028] According to a further preferred embodiment, the method comprises the steps of taking a weight value, defining the importance for each item into account, in the case the weight value is above a predetermined value, blocking the item from being offloaded. Thus, each item stored on the device is assigned a weight value. This weight value represents how important and / or sensitive that item is. For example, an item with a high weight 40182.AAB.P100PC S / JE / kt value may contain sensitive information, like a password or encryption key, while an item with lower weight value may be less critical data.

[0029] This set limit or a predetermined weight value may be used as threshold. This threshold acts as cutoff point to help to decide if an item is too important to be moved. Then the system checks if it is okay to offload an item and it looks at this weight value. If the item weight value is above a predetermined threshold, it means the item is too important or sensitive to be moved, the method will block the item to be offloaded.

[0030] If the weight value is below the threshold, the item is considered less critical, and the system might allow it to be offloaded, if other conditions are also met.

[0031] In this enhanced approach, the method incorporates an additional layer of decisionmaking by assigning a weight value to each item stored on the device. This weight value reflects the importance or sensitivity of the item. For instance, a high weight value might indicate critical or sensitive data, such as passwords or encryption keys, while a lower weight value could correspond to less critical information, like temporary files. A predetermined threshold, referred to as the weight limit, serves as a cutoff point to decide whether an item is too important to be offloaded. The system evaluates each item's weight value during the offloading process. If an item's weight value exceeds the threshold, it is deemed too critical or sensitive to be moved, and the method blocks the item to be offloaded or may prevent any indication that the item is available for offloading. This ensures that essential or sensitive data remains securely stored on the device.

[0032] Conversely, if the item's weight value is below the threshold, it is considered less critical. In such cases, the system may allow the item to be offloaded, provided other conditions are also satisfied. This method helps balance efficient storage management with the need to protect important or sensitive data.

[0033] This weight value may be an identifier which is contained in the respective item, or anyway assigned to the item. In this context, an identifier is a specific piece of information used to uniquely recognize or classify an item within a system.

[0034] According to a further development, the method may further comprise the step of taking the storage or creation date of the item on the device into account, and in the case, the period from the storage date until the checking date, in which the step is executed, does 40182.AAB.P100PC S / JE / kt not exceed a predetermined period, the method blocks the item to be offloaded or prevents to generate the information that an item is available.

[0035] Such a step prevents that the stored item on the device is offloaded due to the low notified usage frequency.

[0036] Namely, the storage or creation date of an item is also considered when deciding its offloading eligibility. Specifically, the method notes the time elapsed from the item's storage or creation date to the date when the offloading check is performed. If this period does not exceed a predetermined threshold, the system blocks the item to be offloaded.

[0037] This safeguard ensures that recently stored items are not offloaded prematurely, even if their usage frequency is initially low. Such a mechanism recognizes that newly created or added items may not yet have established a clear usage pattern, and their immediate offloading could disrupt user expectations or system functionality. By incorporating this temporal condition, the method adds an extra layer of protection, preventing the offloading of items that may still be in active or potential use shortly after their creation.

[0038] According to a further embodiment, the aforementioned items may be an application and / or a data object comprising pieces of data.

[0039] In this sense an "application" refers to a software program that is saved on a physical or virtual storage medium, ready to be installed or executed on a computing system. This stored application includes all the necessary components, such as executable files, libraries, configuration settings, assets like images or fonts, and sometimes associated data files. Together, these components enable the application to perform its intended functions when launched.

[0040] Generally, a data object refers to a structured entity designed to encapsulate related pieces of data, making it easier to manage, access, and manipulate. A data object typically combines multiple pieces of related information (pieces of data) into a single unit, with each piece of data stored in fields or properties that define its attributes. These objects often have a unique identifier or name to distinguish them from others, ensuring clarity and organization in complex systems. While some data objects simply hold information, others, particularly in object-oriented programming, can include methods or functions that define their behavior or the actions they can perform. 40182.AAB.P100PC S / JE / kt

[0041] “Pieces of stored data" refer to individual units of information saved within a computing system or storage medium. These units can vary in size, type, and structure, encompassing a wide range of data formats such as text, binary, numeric, and logical values. Depending on their organization, data may be categorized as structured, semistructured, or unstructured. Structured data is neatly organized in predefined schemas, such as in databases or spreadsheets, while unstructured data includes formats like images, videos, or documents that lack a fixed schema. Semi-structured data, such as JSON or XML files, blends elements of both.

[0042] According to a further coordinated aspect, there is also provided a computer- implemented method of offloading an item from a plurality of items stored on a microcontroller chip or an eSE. This method comprises the aforementioned method and further a step of offloading the item or items which are assigned as available to be offloaded.

[0043] According to a further aspect of the invention, there is also provided a system comprising a device, including a microcontroller chip or an eSE, and at least an application, which is an offload availability determination application. This offload availability determination application is configured to detect the usage frequency of the item and generates an identifier or information that the item is available to be offloaded in the case the detected usage frequency is below a predetermined usage frequency. Thus, the system has a configuration to execute any of the aforementioned method steps. Thus, these steps may also be present in the system configuration.

[0044] The aforementioned offload availability determination application of the system is different from an application which is named as item stored on the device. The offload availability determination application may be stored on the microcontroller chip or eSE, or alternatively, on an external terminal adapted to be connected, in particular physically connected, to the microcontroller chip or eSE.

[0045] Further preferred embodiments are described in the following with respect to the figure in which there is shown in

[0046] Figure 1 an overview of the inventive method and system,

[0047] Figures 2 and 3 a general prior art configuration of a microchip on a plastic card. 40182.AAB.P100PC S / JE / kt

[0048] Figure 2 shows an example of such a generic known prior art plastic card 1 from its front side and its back side. On the front side of the card 1 (and as shown in Figure 2 partially embedded in the card), there is provided a chip 2. How such a generic known chip may be set up is shown in Figure 3.

[0049] Via the patches 4, which are visible on the front side of the card, the communication between the chip and the respective card reader or payment terminal is executed. These patches 4 serve as contact points for data transfer. When the chip 2 is inserted in a respective reader or terminal, it is allowed that the chip receives power and the data transmission between the chip and the reader or the terminal is executed. Such a chip, as shown in Figure 3, may comprise a microcontroller 5, a memory 6, a ROM 7 which stores the chip's operating system, which is preloaded during manufacturing, an EEPROM, in which, for example, user-specific data, like encryption key, account information, and transaction history may be stored, a RAM, which temporarily stores data for active processing and calculations, a cryptographic processor 8, which performs complex encryption and decryption operations to secure data and authenticate transactions, and an I.O. controller, which manages communication between the chip's external devices.

[0050] These parts of the chip are usually embedded in the plastic card substrate in the areas shown in Figure 3.

[0051] Figure 1 shows an example of the inventive system 104. In particular, reference sign 105 in Figure 1 shows an example of such a device having constraint physical space. This may be an embedded secure element eSE, or a chip 2, for example, a chip on a card.

[0052] A chip can cover any chip which has a quite low size, which is specifically designed for storing sensitive data while considering the limited space on these chips. One example is an EMV chip. An EMV chip refers to a microchip embedded in credit and debit cards that supports the EMV standard (Europay, Mastercard, and Visa). EMV technology is designed to enhance the security of card transactions, particularly for in-person payments, by reducing fraud associated with counterfeit and stolen cards. Such a chip has a distinct purpose and design compared to larger, complex, multi-component chips 40182.AAB.P100PC S / JE / kt found in computers, such as CPUs or GPUs, such that the present chip is not such a CPU or GPU chip.

[0053] As an alternative to such a chip, the embedded secure elements called eSE may be used for data storage.

[0054] An embedded Secure Element (eSE) and the chip found on credit, debit, and ID cards share several key characteristics, as both are designed to securely store and process sensitive information. Both rely on hardware-based security, which provides a robust safeguard against tampering, malware, and unauthorized access. This reliance on hardware makes them inherently more secure than software-only solutions.

[0055] Both eSEs and card chips are designed to be tamper-resistant. They incorporate advanced physical and software-based security measures to deter unauthorized access and make it extremely difficult for anyone to extract data, even in the event of physical interference. Additionally, these systems are equipped with built-in cryptographic capabilities. They can perform secure operations, such as encryption, decryption, and digital signing, which are critical for secure transactions and identity verification.

[0056] Another shared feature is their ability to securely store sensitive data, such as cryptographic keys, personal information, and payment credentials. This capability makes them ideal for applications like mobile payments and ID verification, where secure storage of sensitive information is paramount. Furthermore, both technologies often comply with strict security standards and certifications, such as EMVCo for payment transactions, Common Criteria, or FIPS. Adherence to these standards ensures they meet rigorous security requirements.

[0057] The applications of eSEs and card chips also overlap significantly, as both are commonly used in systems requiring secure authentication. For instance, they play a central role in payment systems - both contactless and chip-based - and are also widely used for identity verification.

[0058] The key difference between the two lies in their form factor and integration. While a chip on a card is an external component embedded into physical cards, an eSE is integrated directly into devices such as smartphones or loT systems. This difference allows eSEs 40182.AAB.P100PC S / JE / kt to support mobile and connected applications, such as mobile wallets, which would be impractical to implement with a traditional chip card.

[0059] However the present invention covers both alternatives.

[0060] In order to differentiate a chip, for example, a chip on a card, from processor chips on a computer, the chip may have a size below 100 mm2.

[0061] In particular, examples for further dimensions are about 6 x 6 mm or smaller, 5 x 5 mm or smaller, 8 x 8 mm or smaller, or even 2 x 2 mm or smaller, as e.g. an RFID chip is used.

[0062] Conversely thereto, CPU chips usually have a size about 37.5 x 37.5 mm, and thus are much bigger. GPU sizes lie around 800 mm2, so the present chips have a limited size and are chips with a distinct function.

[0063] On this device 105, there may be a stored a plurality of data objects 102 and / or a plurality of applications 101. To differentiate the respective data objects and applications, it is identified as data object 1 , data object 2, data object 3, respectively application 1 , application 2, and application 3.

[0064] An application is a certain software stored on the device.

[0065] The data object may comprise a plurality of data pieces. Some of those data pieces may have security features. These data pieces, or also the data object, may contain public data, public data with integrity, protected data with encryption and integrity, cryptographic materials, such as cryptographic keys, which may be double encrypted with integrity.

[0066] Nevertheless, it is detected the usage frequency of the items, which are the applications, respectively, data objects, which are collectively referred to as item. If the usage frequency is below a certain limit, that means that the item is not used often and is assigned to be available to be offloaded.

[0067] And then, via a further offloading application this items may be downloaded to an external storage location, which may be a cloud. 40182.AAB.P100PC S / JE / kt

[0068] In the following, there is given one specific example which is covered by the present invention.

[0069] For example, a hotel employee has a specific app on his work phone that let them unlock doors around the hotel. Since the hotel has many different rooms and areas, the employee needs to store a lot of digital keys or credentials on their phone to assess these different locks. The eSE on the phone is where these credentials are stored, because it is very secure. However, there is only limited space in the eSE, and it is also storing information for other important apps. This means that there is not enough space in the eSE to keep all the lock credentials available at the same time. However, the employee does not need all credentials all the time. For instance, they may need access to certain rooms or areas, like the main office, security room or frequently used guest rooms for more often than other rooms. With this present invention, eSE can identify which credentials are used the most frequently and keep these important credentials loaded in the eSE. This ensures the employee has immediate access to the rooms they enter often. For the other less frequently used credentials, the eSE can offload them securely from its limited space to another secure area on the phone or to a remote server. These offloaded credentials may thus be stored on the phone but outside the eSE. If the employer needs one of these less used credentials, the phone can reload it into the eSE when it is required. Thus, there is the possibility to manage the limited space efficiently keeping the most used credentials easily accessible by securely storing others on the phone for later use.

[0070] 40182.AAB.P100PC S / JE / kt

[0071] Reference sign hst

[0072] 1 plastic card

[0073] 2 chip

[0074] 4 patch

[0075] 5 microcontroller

[0076] 6 memory

[0077] 7 ROM

[0078] 8 cryptographic processor

[0079] 101 Application

[0080] 102 Data object

[0081] 103 external storage location

[0082] 104 System

[0083] 105 device (chip, eSE)

Claims

40182.AAB.P100PC S / JE / ktClaims1 . Computer-implemented method of deciding whether an item from a plurality of items stored on a microcontroller chip (2) or an eSE (embedded Secure Element) is available to be offloaded from the storage location to an external location (103) externally form the microcontroller chip (2) or respectively eSE, the method comprising the steps of detecting the usage frequency of the item and generating an information that the item is available to be offloaded in the case the detected usage frequency is below a predetermined usage frequency.

2. The method of claim 1 , characterized in that the method further comprises the step of taking a weight value defining the importance for each item into account and, in the case the weight value is above a predetermined value, blocking the item from being offloaded.

3. The method of claim 2, characterized in that the weight value is an identifier contained in the respective item.

4. The method of any of the foregoing claims, characterized in that the method further comprises the step of taking the storage or creation date of the item on the microcontroller chip (2) or respectively eSE into account and blocking the item from being offloaded in the case that the period from the storage date until the checking date in which this step is executed does not exceed a predetermined period.

5. The method of claim 4, characterized in that the storage or creation date is an identifier contained in the respective item.

6. The method of any of the foregoing claims, characterized in that the item is an application (101 ) and / or a data object (102) comprising pieces of data.

7. Computer-implemented method of offloading an item from a plurality of items stored on a microcontroller chip (2) or an eSE (embedded Secure Element), comprising the steps of the method of any of the foregoing claims and a further40182.AAB.P100PC S / JE / kt step of offloading the item or items which are assigned as available to be offloaded.

8. A system (104) comprising a device including a microcontroller chip (2) or an eSE (embedded Secure Element) and an offload availability determination application which is configured to detect the usage frequency of the item and generate an identifier that the item is available to be offloaded in the case the detected usage frequency is below a predetermined usage frequency.

9. The system of claim 8, characterized in that the application is stored on the microcontroller chip or ESE or on an external terminal adapted to be connected, in particular physically connected, to the microcontroller chip or ESE.

Images