A method is for a first-time startup of a not fully personalized secure element, which serves for the use of services of a mobile communication network, in a mobile terminal. In the method, the secure element is started and requested to transmit a status message. The secure element transmits a status message in which it is stated whether the secure element: S1) contains only a bootloader but as yet no firmware image for the secure element; S2) contains a firmware image for the secure element but is not yet fully personalized; or S3) is fully personalized. The secure element is accepted in the cases S1), S2) and S3) and rejected in other cases. In the case S1), a download for a firmware image of the secure element is initiated for a first-time startup.

Countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks are provided. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.

Countermeasures against fault injection attacks of a cryptographic integrated circuit, and more specifically laser fault injection attacks are provided. The invention consists in generating sequences of bits belonging to a set of allowed sequences, and storing these sequences on a set of Flip-Flops. Then the sequences stored on the Flip-Flops are checked and, if they do not belong to the allowed sequence, this is the sign that a fault injection attack occurred and caused a bit flip in one of the flip-flops. An alarm signal is then generated.

This disclosure describes techniques for updating firmware of a secure element. The techniques include operations comprising: receiving, by a gateway device, from a remote source, a firmware file; receiving, by a processing element implemented on the gateway device, ephemeral session specific key material for a first secure element implemented on the gateway device; dividing the firmware file into a plurality of data chunks; applying, by the processing element, the ephemeral session specific key material to a first data chunk of the plurality of data chunks to generate a first data packet; and sending, by the processing element, the first data packet to the first secure element.

A process for placing a circuit array on a sheet having adhesive during a pick and place operation in which a vacuum is used during its placement to minimize air bubbles between the adhesive layer and the circuit array.

A process for placing a circuit array on a sheet having adhesive during a pick and place operation in which a vacuum is used during its placement to minimize air bubbles between the adhesive layer and the circuit array.

A virtual private network connection method and a memory card device using the virtual private network connection method are provided. Firstly, a virtual private network connection application program is provided. Then, the virtual private network connection application program is loaded in a memory card device. Then, the memory card device is installed in a medical device. After the virtual private network connection application program is executed and the memory card device is connected to a virtual private network server according to a connection request, the data from the medical device is transmitted to the virtual private network server through the memory card device. In such way, the data will not be attacked by malware and stolen by a third-party manufacturer during the transmission process.

Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example system includes a PQC smartcard. The smartcard may include a PQC cryptographic algorithm selection circuitry configured to select a PQC cryptographic technique from a set of PQC cryptographic techniques for encrypting the data. The smartcard may further include a PQC cryptographic circuitry configured to encrypt data based on a generated set of PQC encryption attributes and the PQC cryptographic technique.

Embodiments of the present subject matter provide a local profile management method, an embedded universal integrated circuit card, and a terminal. The embedded universal integrated circuit card (eUICC) includes a primary platform and at least one installed bundle. The primary platform is a hardware platform. Each bundle includes at least one profile and an operating system (OS). The primary platform includes a processing module, which is configured to: receive a first message sent by a local profile assistant (LPA), where the first message is an operation instruction entered by a user; and separately send a second message to at least one OS corresponding to the at least one bundle, where the second message is used by the at least one OS to perform a corresponding operation. Local management of profiles of different OSs is implemented by using the processing module disposed on the primary platform of the eUICC.

A secure device operating with a secure tamper-resistant platform including a tamper-resistant hardware platform and a virtual primary platform operating with a low level operating system performing an abstraction of resources of the hardware platform, and a secondary platform with a high level operating system providing a further abstraction of resources to applications in which respective internal hosts are embedded, the secure device including an internal host domain including the internal hosts, the secure device including a plurality of physical and/or logical input/output interfaces through which external hosts can access the internal hosts, the virtual primary platform being configured to set interactions between the external hosts and the internal hosts, wherein the internal host domain includes a further set of virtual hosts each configured to operate as a proxy between an input/output interface and an application, each input/output interface being configured to address only one among the virtual hosts.