(Field of the invention)

The present invention relates to methods of managing several profiles in a secure element. It relates particularly to methods of managing several profiles in a secure element wherein at least one profile is active.

(Background of the invention)

A secure element is either a tamper-resistant physical component able to store data and to provide services in a secure manner or a software component providing a trusted storage area and trusted services. In general, a secure element has a limited amount of memory, a processor with limited capabilities and is devoid of battery. For instance a UICC (Universal Integrated Circuit Card) is a secure element which embeds SIM applications for telecommunication purposes. A secure element can be installed, fixedly or not, in a terminal, like a mobile phone for example. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

A secure element can be in the format of a smart card, or may be in any other format such as for example but not limited to a packaged chip as described in PCT/SE2008/050380, or any other format. A UICC can be used in mobile terminals in GSM, CDMA or UMTS networks for instance. The UICC ensures network authentication, integrity and security of all kinds of personal data.

It is known to solder or weld the secure element in a host device, in order to get it dependent of this host device. This is done in M2M (Machine to Machine) applications. The same objective is reached when a chip

(a secure element) containing a Payment application,

SIM or USIM applications and files is contained in the host device. The chip is for example soldered to the mother-board of the host device or machine and constitutes an embedded-secure element (eSE) .

A secure element may contain a profile which can include a set of applications, a set of personal data and a set of secret data. Data related to a profile are stored via a logical tree structure. Such a logical tree structure comprises a root file and one or several directories and files.

The profile could be linked to a subscription. It may contain network access applications (NAA) , payment applications or third party applications providing security for a specific service (e.g. NFC applications) .

A physical secure element can emulate several virtual secure elements, each one represented as one profile. In such a case, these profiles are called logical profiles or virtual profiles. An emulated profile is hereinafter called profile. Usually each profile is a software based profile.

The invention concerns a way to manage several profiles which are run in a single secure element. In the state of the art, only the logical tree structure of the active profile can be browsed at a given time.

There is a need to allow access to the logical tree structure of a profile different from the active profile .

(Summary of the Invention)

An object of the invention is to solve the above mentioned technical problem.

The object of the present invention is a secure element including first and second profiles comprising files organized in respective logical tree structures comprising respective root files. These root files have identifiers whose values are different from 0x3F00. The secure element is configured to enable browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting the targeted root file.

Advantageously, the secure element may be configured to select the root file of the profile currently activated in response to the receipt of a Select file command aiming at selecting a file having an identifier whose value is equal to 0x3F00.

Advantageously, the secure element may include a non volatile memory which contains a flag containing the identifier of the root file of the profile currently activated and the secure element may include a selecting module adapted to select the root file of the profile currently activated by using the flag when receiving a Select file command aiming at selecting a file having an identifier whose value is equal to 0x3F00.

Another object of the invention is a method for managing profiles in a secure element including first and second profiles that comprise files organized in respective logical tree structures comprising respective root files. The root files have identifiers whose values are different from 0x3F00 and the method comprises the step of enabling browsing of the logical tree structure comprising a targeted root file in response to the receipt of a Select file command aiming at selecting said targeted root file.

Advantageously, the method may comprise the step of selecting the root file of the profile currently activated in response to the receipt of a Select file command aiming at selecting a file having an identifier whose value is equal to 0x3F00.

Another object of the invention is a host device comprising a secure element according to the invention wherein the secure element is a UICC or an embedded- UICC (eUICC) .

(Brief description of the drawings)

Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which: Figure 1 is an example of a host device including a secure element according to the invention,

Figure 2 shows an example of file type for logical tree structures in a secure element according to the invention, and

- Figure 3 shows an example of file identifier for logical tree structures embedded in a secure element according to the invention.

(Detailed description of the preferred embodiments) The invention may apply to any types of secure element intended to contain several profiles. The secure element may be coupled to any type of host device able to establish a communication session with the secure element. For example the host device may be a mobile phone, tablet PC, a vehicle, a meter, a slot machine, a TV or a computer.

In this specification, the notation "Ox" refers to a number expressed in hexadecimal. For instance, 0x1234 is equal to 4660 in decimal.

In this specification, the select file command refers to the SELECT FILE command allowing selecting a file as defined in the ISO/IEC 7816-4 standard, the GSM 11.11 v8.3.0 or ETSI TS 102221 vll.0.0. This command allows selecting either a root file or a directory or a file. As defined by the ISO/IEC 7816-4 standard, the value 0x3F00 is reserved for the root file (also called master file) .

A logical tree structure is a set of directories and files which are structured as a tree. In this specification, a logical tree structure is a hierarchical tree structure which can be considered as an autonomous file system.

According to the invention, a root file having an identifier value different from 0x3F00 is allocated to each profile embedded in the secure element.

The identifiers of the root files are unique for each profile. These root files can have an identifier equal to any value different from 0x3F00. Each root file has its own identifier value which can be unambiguously determined. Preferably, identifier values of the root files are set so that there is no collision even if the Short File Identifier (SFI) mechanism is used .

Figure 1 shows a host device HO comprising a secure element SC according to the invention.

In this example, the host device HO is a mobile phone having a hardware communication interface for communicating with the secure element.

The secure element SC is an UICC which comprises a communication interface IN, a processing module MP, a volatile memory ME2 and a non-volatile memory ME1. The non-volatile memory ME1 comprises an operating system OS and the profiles PRl and PR2.

The non-volatile memory ME1 comprises a guiding module M2 configured to enable browsing of the logical tree structure which comprises the root file explicitly targeted by a received Select file command. More precisely, in response to the receipt of a Select file command aiming at selecting a specific root file, the guiding module M2 is configured to select the specific root file.

The non-volatile memory ME1 comprises flag FL storing a value reflecting the currently active profile. The non-volatile memory ME1 comprises a selecting module Ml configured to select the root file of the currently active profile in response to the receipt of a Select file command aiming at selecting a file having an identifier equal to 0x3F00. It should be noted that the secure element SC does not comprise any root file with the identifier value 0x3F00.

In another embodiment, the operating system OS may be configured to manage an indicator pointing on the root file of the currently active profile and may be designed to select this root file in response to the receipt of a Select file command aiming at selecting a file having an identifier equal to 0x3F00. In such a case, the flag FL and selecting module Ml are no longer needed .

Figure 2 shows an example of two logical tree structures correspondent to two profiles PR1 and PR2 in a secure element SC according to the invention.

The first profile PR1 comprises a logical tree structure including a root file RF1 which comprises two directories Dl and D2. The directory Dl comprises a file Fl and the directory D2 comprises two files F2 ad F3.

The second profile PR2 comprises a logical tree structure including a root file RF2 which comprises two directories D3 and D4. The directory D3 comprises a file F4 and the directory D4 comprises a file F6. The root file RF2 is considered as a directory and comprises a file F5.

Figure 3 shows an example of identifiers used for the two logical tree structures of Figure 2.

The root file RF1 has an identifier equal to

0x3F01. The directory Dl has an identifier equal to OxDFOl. The directory D2 has an identifier equal to 0xDF02. The file Fl has an identifier equal to OxEFOl. The file F2 has an identifier equal to 0xEF02. The file F3 has an identifier equal to 0xEF03.

The root file RF2 has an identifier equal to 0x3F02. The directory D3 has an identifier equal to 0xDF03. The directory D4 has an identifier equal to 0xDF04. The file F4 has an identifier equal to 0xEF04. The file F5 has an identifier equal to 0xEF05. The file F6 has an identifier equal to 0xEF06.

An example of a method according to the invention is now described starting from the profiles described at Figure 3. The profile PR1 is assumed to have been previously activated. By default, the logical tree structure of the profile PR1 is the current one.

When the host device needs to access the logical tree structure of the profile PR2, it can send a select file command targeting the identifier 0x3F02.

Upon receipt of this select file command, the secure element enables the browsing of the tree structure of the profile PR2 and selects the root file RF2. Thus the root file RF2 is now the current file into the secure element while the profile PR1 remains the currently activated profile. At a further step, when the host device needs to access the logical tree structure of the profile PR1, it can send a select file command targeting the identifier 0x3F00 or 0x3F01.

According to the invention, the identifier with the value 0x3F01 is interpreted by the secure element as a select of the root file of the profile PR1. Upon receipt of the select file command, the secure element enables the browsing of the tree structure of the profile PR1 and selects the root file RF1. Thus the root file RF1 is now the current file into the secure element .

According to an embodiment of the invention, the identifier with the value 0x3F00 is interpreted by the secure element as the root file belonging to the logical tree structure of the currently active profile. Since the active profile is still the profile PR1, the root file 0x3F01 is selected and its logical tree structure becomes reachable through the usual browsing mechanism. Thus the root file RF1 is now the current file into the secure element.

Advantageously, when the response message corresponding to the select file command is intended to send back the identifier of the selected file, the secure element sends a response message comprising the identifier value 0x3F00 even if the actually selected file has the identifier value 0x3F01.

Thanks to the invention the device which sends the select file command can easily access files of any targeted profiles. Thanks to the invention, the secure element is compliant with host devices which select the root file of the current profile in a customary way. (i.e. "select 0x3F00")

An advantage of the invention is to allow access to the logical tree structure of a profile different from the active profile without changing the currently active profile.

It must be understood, within the scope of the invention, that the above-described embodiments are provided as non-limitative examples. In particular, the secure element may comprise any number of profiles and these profiles may be related to different kind of subscription and different domains, like payment, telecom, transport access, Identity, metering, video access or cloud services access for instance.

It should be noted that select file commands may be sent by a remote machine distinct from the host device hosting the secure element.

The architecture of the host device and the architecture of the secure element shown at Figure 1 are provided as examples only. These architectures may be different. For example, the selecting module Ml and the guiding module M2 may be merged as a unique module.

The invention applies to any kind of secure element able to receive a select file command. In particular, the invention applies to secure elements of UICC type and embedded-UICC type.