The present invention concerns a method for switching between a first and a second logical UICCs comprised in a same physical UICC. A UICC (Universal Integrated Circuit Card) is a secure element embedding Sim applications for telecommunication purposes. A secure element can be installed, fixedly or not, in a terminal, like for example a mobile phones. In some cases, the terminals are constituted by machines that communicate with other machines for M2M (Machine to Machine) applications.

A UICC can be in the format of a smart card, or may be in any other format such as for example but not limited to a packaged chip as described in PCT/SE2008/050380, or any other format. It can be used in mobile terminals in GSM and UMTS networks for instance. The UICC ensures network authentication, integrity and security of all kinds of personal data.

In a GSM network, the UICC contains mainly a SIM application and in a UMTS network it is the USIM application. A UICC may contain several other applications, making it possible for the same smart card to give access to both GSM and UMTS networks, and also provide storage of a phone book and other applications. It is also possible to access a GSM network using an USIM application and it is possible to access UMTS networks using a SIM application with mobile terminals prepared for this. With the UMTS release 5 and later stage network like LTE, a new application, the IP multimedia Services Identity Module (ISIM) is required for services in the IMS (IP Multimedia Subsystem). The telephone book is a separate application and not part of either subscription information module.

In a CDMA network, the UICC contains a CSIM application, in addition to 3GPP USIM and SIM applications. A card with all three features is called a removable user identity card, or R-UIM. Thus, the R-UIM card can be inserted into CDMA, GSM, or UMTS handsets, and will work in all three cases.

In 2G networks, the SIM card and SIM application were bound together, so that "SIM card" could mean the physical card, or any physical card with the SIM application.

The UICC smart card consists of a CPU, ROM, RAM, EEPROM and I/O circuits. Early versions consisted of the whole full-size (85 * 54 mm, ISO/IEC 7810 ID-1) smart card. Soon the race for smaller telephones called for a smaller version of the card.

Since the card slot is standardized, a subscriber can easily move their wireless account and phone number from one handset to another. This will also transfer their phone book and text messages. Similarly, usually a subscriber can change carriers by inserting a new carrier's UlCC card into their existing handset. However, it is not always possible because some carriers (e.g. in U.S.) SIM-LOCK the phones that they sell, thus preventing competitor carriers' cards being used.

The integration of the ETSI framework and the Application management framework of Global Platform is standardized in the UlCC configuration.

UlCCs are standardized by 3GPP and ETSI.

A UlCC can normally be removed from a mobile terminal, for example when the user wants to change his mobile terminal. After having inserted his UlCC in his new terminal, the user will still have access to his applications, contacts and credentials (network operator).

It is also known to solder or weld the UlCC in a terminal, in order to get it dependent of this terminal. This is done in M2M (Machine to Machine) applications. The same objective is reached when a chip (a secure element) containing the SIM or USIM applications and files is contained in the terminal. The chip is for example soldered to the mother-board of the terminal or machine and constitutes an e-UICC.

The present invention applies also to such soldered UlCCs or to such chips containing the same applications than the chips comprised in UlCCs. A parallel can be done for UlCCs that are not totally linked to devices but that are removable with difficulty because they are not intended to be removed, located in terminals that are distant or deeply integrated in machines. A special form factor of the UlCC (very small for example and therefore not easy to handle) can also be a reason to consider it as in fact integrated in a terminal. The same applies when a UlCC is integrated in a machine that is not intended to be opened.

In the next description, welded UlCCs or chips containing or designed to contain the same applications than UlCCs will generally be called embedded UlCCs or embedded secure elements (in contrast to removable UlCCs or removable secure elements). This will also apply to UlCCs or secure elements that are removable with difficulty.

The invention concerns a warm switch between logical UlCCs.

An UlCC is:

1) a physical component compliant to a standardized form factor (e.g. 3FF) embedding a chip

2) A smartcard Operating System executed on the chip providing standard services: answer to IS07816-3 reset, answers to standardized APDUs sent by a reader, ...

3) A set of applications executed on the chip providing answers to APDU defined by application provider 4) A set of personal data (e.g. phonebook, UICCID, IMSI) stored in the physical memory of the chip used by the smartcard OS

5) A set of secret data (keys and PINs) stored securely in a physical memory of the chip and used by the smartcard OS to provide secure services.

In this invention, the physical component is the Physical UICC.

This Physical UICC can emulate several UICCs, each one having the behaviour described in 2) and 3), storing sets described in 4) and 5). This service is provided by embedding in the chip the 2), 3), 4) and 5) of each UICC emulated. An emulated UICC is hereinafter called 'Logical' UICC. Because of physical memory constraints (technology of the memory, limited amount of volatile and persistent memory) and Operating System constraints, part of the volatile and persistent data of different 'Logical' UICC are stored in the same location when they are executed. These parts of data are called overlapped volatile data and overlapped persistent data. This is the case, for example, for the volatile data of the 'Logical' UICC: they are stored in the limited amount of volatile memory of the physical UICC during the 'Logical ' UICC execution time.

The UICC card can be considered from the external world (e.g. reader) as anyone of the 'logical' UICC that it emulates.

The invention proposes a mechanism that allows fast and smart switching between logical UICCs.

In the state of the art, the basic behaviour to switch from a first 'logical' UICC to another one is to reset the (physical) UICC, and after the IS07816-3 reset, execute the Operating System of the newly selected 'logical' UICC. During the reset, the volatile memory of the physical UICC is cleared and all volatile data of the first 'logical' UICC is lost. After this reset, the software of the 'logical' UICC is executed (as today in a usual UICC) from scratch: a complete activation sequence shall be performed by the reader. It is requested by 2) and 3) to initialize its volatile data in order to set up the applicative and system contexts. The volatile data of the newly selected 'logical' UICC are stored in the volatile memory of the physical UICC, at the same location used by the previously selected 'logical' UICC.

The volatile context of the 'logical UICC previously selected is however lost. If a service from this 'logical' UICC is requested again, the 'logical' UICC shall be selected again, and the complete activation sequence shall be performed again. This may take a while and limit the use cases to switch between two logical UICCs.

From the reader (terminal, for example mobile phone, PDA or tablet) point of view, this solution is 'natural': as the UICC is a removable device, the UICC could have been removed and a new one could have been inserted. Modification of the UlCC behaviour after the reset is normal. From the 'logical UlCC point of the view, the Operating System is executed (started) from a Reset and this is the normal behaviour.

The present invention is a way to modify dynamically the contexts of 2) and 3) but avoid the initialization of volatile contexts.

The invention proposes a method for switching between a first and a second logical UICCs comprised in a same physical UlCC. In order to perform the switch, specific areas are defined to manage the overlapped volatile data and overlapped persistent data, each logical UlCC comprising an area for storing overlapped volatile data and an area for storing overlapped persistent data. The physical UlCC comprises also an OS area comprising in operation, during the 'logical' UlCC execution time, the overlapped volatile data and overlapped persistent data.

According to this invention, the method consists in, when a switch order is received to switch from the first logical UlCC to the second logical UlCC:

i- backup overlapped volatile data from OS area of the physical UlCC to the area for storing overlapped volatile data of the first logical UlCC

ii- backup overlapped persistent data from OS area of the physical UlCC to the area for storing overlapped persistent data of the first logical UlCC

iii- restore volatile data from the area for storing overlapped volatile data from the second logical UlCC to the OS area for storing overlapped volatile data of the physical UlCC iv- restore persistent data from the area for storing overlapped persistent data from the second logical UlCC to the OS area for storing overlapped persistent data of the physical UlCC.

Thanks to this invention, from the reader (terminal) point of view, there is no change of UlCC card. There is also no need to perform the activation sequence after the switch between the logical UICCs.

The invention will be better understood by reading the following description of the figure 1 which represents a physical UlCC comprising two logical UICCs between which a switch is performed.

The switch is performed thanks to a new design of 2) where the volatile contexts are backed-up and restored from/to persistent smartcard storage each time a warm switch is requested. Those persistent data are nevertheless cleared upon physical reset.

This creates a 3 ^rd kind of data in 2): volatile data persistent between logical UlCC switches. This switch operation can be performed each time an APDU is received. This APDU consists in a switch order to switch from the first logical UlCC (UICC#1) to the second logical U|CC (UICC#2). The UlCC can be asked to switch from one logical UlCC to another by several mechanisms. It may be a specific APDU command, an information set through the logical channel byte or any electric signal on the terminal/UICC interface (usage of a specific connector). The switch can also be automatic.

This mechanism can be entirely hidden from the reader (reader has no knowledge of 'logical' UlCC switch).

Thanks to this invention, it is easy (fast and transparent for end user and terminal) to switch from one logical UlCC providing some services to another one providing other services.

In the telecom market, for example, a physical UlCC contains:

- a first 'logical' UlCC for a MNO 1 subscription

- a second 'logical' UlCC for a MNO 2 subscription

- a third 'logical' UlCC for banking services.

The physical UlCC allows the end user to connect to two different radio networks (e.g.

UMTS or CDMA networks), for example one network in France and the other one in USA.

Usage of the invention allows benefiting from the banking services whatever MNO is selected.

Figure 1 represents an UlCC comprising two logical UICCs, a first logical UlCC referenced UICC#1 and a second logical UlCC referenced UICC#2. Each logical UlCC comprises software (CODE), an area storing volatile data and an area storing persistent data.

The UlCC also comprises an area for storing volatile data (e.g. RAM) and an area for storing persistent data (e.g. NVM).

The method according to the present invention proposes to switch between logical

UICC#1 and logical UICC#2. This switch can be automatically done, for example in view of the MNO used by a calling party. If the logical UlCC currently used is UICC#1 and the calling party's

MNO is the second operator, it is advantageous, for avoiding roaming costs, to switch to

UICC#2. For that, an APDU is sent from the terminal enclosing the physical UlCC (removable or not) to this physical UlCC.

Four steps are represented in figure 1.

In this figure, logical UICC#1 and logical UICC#2 are comprised on a physical UlCC.

Each logical UlCC comprises an area for storing volatile data and an area for storing persistent data. The physical UlCC comprises also an OS area comprising in operation volatile and persistent data. When a switch order is received to switch from the first logical UlCC (UICC#1) to the second logical UlCC (UICC#2), following steps are performed: 1. the volatile data from OS area of the physical UlCC are backup to the area for storing volatile data of the first logical UlCC

2. the persistent data from OS area of the physical UlCC are backup to the area for storing persistent data of the first logical UlCC

3. the volatile data from the area for storing volatile data from the second logical

UlCC are restored to the OS area for storing volatile data of the physical UlCC 4. the persistent data from the area for storing persistent data from the second logical UlCC are restored to the OS area for storing persistent data of the physical UlCC.

The result of these operations is that logical UICC#2 is immediately ready to be used without terminal boot.