Secure Element access control, as defined in this specification, is used in addition to existing protection mechanisms (such as permissions or security OS policy limiting access to sensitive APIs). The access control is designed to prevent unauthorized access to resources in the Secure Elements and typically to prevent denial of services attacks (PIN blocking, selection of non multi-selectable applets, etc.).

This version includes corrections and clarifications, adds support for SHA‑256 to derive DeviceAppIDs from the certificate of the device Application Provider (deprecated SHA‑1), and adds support for SHA‑256 in Access Rule Files.

This document is a proposed SESIP Profile for the Code Update Mechanism.

This document defines Claims and how to assemble, encrypt, and sign them for use in Attestation.