METHOD OF RESTORING A SECURE ELEMENT TO A FACTORY STATE

Abstract

The invention is a method for restoring to a factory state a secure element which is embedded in a first device and which comprises a set of data. The method comprises the steps of: classifying data of the set in three independent categories, retrieving from a second device a first entity configured to provide factory value of data of the first category, restoring all current data of the first category (C1) by factory value, retrieving from a third device a second entity configured to provide factory value of data of the second category, restoring factory value of data of the second category.

Claims

1. A method for restoring to a factory state a secure element embedded in a first device, said secure element comprising a set of data, wherein said method comprises the steps: classifying data of the set in three categories independent from each other, retrieving from a second device a first entity which is either a group of factory values of data of the first category or a software application configured to generate factory values of data of the first category, removing all current data of the first category from the secure element and restoring factory value of data of the first category, retrieving from a third device a second entity which is either a group of factory values of data of the second category or a software application configured to generate factory values of data of the second category, removing all current data of the second category from the secure element and restoring factory value of data of the second category using factory values which are diversified values specific to the secure element, the data of the third category being kept unchanged in the secure element.

2. A method according to claim 1, wherein the data of the first category is variable and unique to a set of secure elements including said secure element and wherein the data of the second category is variable and unique to said secure element.

3. A method according to claim 1, wherein the first category contains applicative data and parameters, wherein the second category contains secret data, wherein the secure element comprises an operating system and wherein the third category contains the executable code of said operating system.

4. A method according to claim 1, wherein said first device and third device are merged.

5. A secure element embedded in a first device and comprising a set of data, wherein said secure element comprises a restoring agent configured to retrieve from a second device a first entity which is either a group of factory values of data of a first category of said set or a software application configured to generate factory values of data of the first category of data of the, to remove all current data of the first category and to restore factory value of data of the first category in the secure element and in that said restoring agent is configured to retrieve from a third device a second entity which is either a group of factory values of data of a second category or a software application configured to generate factory values of data of the second category of data of the set, to remove all current data of the second category and to restore factory value of data of the second category using factory values which are diversified values specific to the secure element.

6. A secure element according to claim 5, wherein the data of the first category is variable and unique to a set of secure elements including said secure element and wherein the data of the second category is variable and unique to said secure element.

7. A secure element according to claim 5, wherein the first category contains applicative data and parameters, wherein the second category contains secret data, wherein the secure element comprises an operating system and wherein the third category contains the executable code of said operating system.

8. A system comprising a batch of secure elements according to claim 5 and the second device, wherein the second device stores a series of indicators uniquely associated with each secure element of said batch, said indicators reflecting the number of times the associated secure element has been restored in factory state.

9. A system according to claim 8, wherein the second device is adapted to deny the restoration to factory state for the secure element if preset conditions are met.

10. A system according to claim 9, wherein the preset conditions are based either on a maximum threshold for the number of restorations or on receipt of an agreement for restoration coming from a user registered for the secure element.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0020] Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:

[0021] FIG. 1 is an example of a set of data classified in three categories according to the invention, and

[0022] FIG. 2 is an example of a sytem comprising a device hosting a secure element and two other devices according to the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0023] The invention may apply to any types of secure element intended to record sensitive data after its issuance step. The secure element may be coupled to any type of host machine able to establish a communication session with the secure element. For example the host machine may be a mobile phone, a tablet PC, an electronic pair of glasses, an electronic watch, an electronic bracelet, a vehicle, a meter, a slot machine, a TV or a computer.

[0024] FIG. 1 shows a set ST of data stored in a secure element SE according to the invention.

[0025] The set ST of data is divided in three parts also named categories: C1, C2 and C3.

[0026] A data cannot belong to several categories. In other words, the three categories are independent from each other.

[0027] The category C1 corresponds to a so-called static image which encompasses data common to a batch of secure elements. For instance, data of the category C1 may be a group of files containing applicative data shared by all secure elements belonging to the batch.

[0028] The value of data of the category C1 may be variable from a batch to another one. The value of data of the category C1 apply to all secure elements belonging to a batch.

[0029] The data of the category C1 may be applicative data (i.e. files, counters or registers managed by application), application identifier or parameters for example.

[0030] The category C2 corresponds to a so-called diversified data which encompasses data specific to the secure element SE. For instance, data of the category C2 may be a key set and a serial number uniquely allocated to the secure element SE.

[0031] The value of data of the category C2 are almost always variable from a secure element to another one.

[0032] The data of the category C2 may be secret keys, private keys, specific identifier, subscription, access rights, service credentials, sensitive applications, user account number or passwords for example.

[0033] The category C2 may also contain random values, seeds or any data used as input parameters for generating the correct value of ether element of the category C2.

[0034] Data of the categories C1 and C2 may be stored in any combination of any hind of containers. For instance, the data may be stored in file trees, in registers, in secure domains or in a database.

[0035] The category C3 may correspond to an executable code which is run by the secure element SE. For instance, data of the category C3 may contain the operating system of the secure element SE. In another example, the data of the category C3 can contain the type, the identifier or the manufacturer reference of the associated host device HO. In another example, they can contain parameters reflecting capabilities of the associated host device HO. Generally, data of the category C3 remain unchanged over the life cycle of the secure element SE.

[0036] FIG. 2 shows a system SY comprising the devices D2 and D3 and a host device HO embedding a secure element to according to the invention.

[0037] In this example, the host device HO is a customary mobile phone having a hardware communication interfaces for communicating with the secure element SE.

[0038] The secure element SE is an embedded UICC which comprises a working memory of RAM type, a processing means and a non volatile memory. The secure element SE comprises (not drawn) the set ST of data of the FIG. 1. The secure element SE also comprises a restoring agent RT which is configured to retrieve from the device D2 an entity GC1 which is configured to provide factory value of data of the category C1. The restoring agent RT is also configured to retrieve from the device D3 an entity GC2 which is configured to provide factory value of data of the category C2.

[0039] The restoring agent RT is configured to remove all current data of the categories C1 and C2 from the secure element SE and to restore factory value of data of the categories C1 and C2 in the secure element SE.

[0040] Advantageously, the restoring agent RT may manage the removal of the current data and the restoration of the new value in an atomic way so that either the whole secure element is restored to its factory state or remains unchanged. Such an embodiment is well adapted when the size of data to restore is low compared to the memory size of the secure element.

[0041] In another embodiment, in case of error during the process of restoration, the restoring agent RT may be configured to restart the restoration from the beginning or to resume the restoration from an intermediate restoration point. In this case, the restoring agent RT stores data reflecting intermediate milestones of the restoration process.

[0042] The entity GC1 may be a set of the factory values or a software application able to generate the relevant values.

[0043] The entity GC2 may be a set of the factory values or a software application able to generate the relevant values. Advantageously, the entity GC2 may be a script configured to generate the relevant values diversified for the targeted secure element SE. The script is run in the secure element so that the confidentiality of the generated diversified values is kept.

[0044] In one embodiment, the device D3 is a remote server adapted to communicate with the secure element SE through the host device HO. For instance, the device D3 may reach the secure element SE via an OTA (Over-The-Air) channel.

[0045] In another embodiment, the device D3 and the host device HO may be merged in a single device. This can be implemented when the size of the entity GC2 is compliant with the size of the available non volatile memory of the device HO.

[0046] The device D2 may be a distant server able to communicate with the secure element SE through the host device HO. Advantageously, the device D2 may manage and store a series of indicators which are uniquely associated with each secure element of a batch of secure elements. The device D2 may be configured to update these indicators so that to reflect the number of times the associated secure element has been restored to its factory state. In this case, the restoring agent RT is configured to send a message to the device D2 so as to indicate the full achievement of the restoration for the secure element SE.

[0047] Advantageously, the device D2 may refuse the restoration to factory state for the secure element SE if preset conditions are met. In such a case, the device D2 does not provide the restoring agent RT with the entity GC1. The preset conditions may be based on a maximum threshold for the number of restorations or the receipt of an agreement for restoration coming by another channel from the registered user.

[0048] Advantageously, the restoring agent RT may be automatically triggered as soon as the host devise GO is restored in factory state or as soon as the value of a specific field is changed in the host device HO.

[0049] Advantageously, the secure element SE may be configured to authenticate the devices D2 and D3. Conversely, the devices D2 and D3 may be configured to authenticate the secure element SE so that the entities GC1 and GC2 are sent to a genuine secure element.

[0050] Thanks to the invention the secure element may be restored to its factory state when needed. In particular, the invention may be used when a secure element is given to a new owner or when the ownership of the device hosting the secure element changes. The invention may also be used when the hosting device is sent to after-sales service if it needs repair or maintenance.

[0051] It must be understood, within the scope of the invention that the above-described embodiments are provided as non-limitative examples. In particular, the secure element may comprise any number of sensitive data.

[0052] The architecture of the system shown at FIG. 2 is provided as example only.