As a result of the development of communication devices, and secure elements especially in mobile telephone sets, handheld computers as well as chip-cards, an increasing number and wide range of services have become available for users on the new generation of communication devices. Some of the available services are pre-installed on the communication device or on the secure element in it, but information contents realizing other services also exist which may need to be or are preferably downloaded later on to the user's communication device based on the choice of the user. Frequently due to security considerations, sensitive information content or part of the information content should preferably be downloaded onto the secure element of the communication device, i.e. to a protected storage unit.
However, according to the present state of the art in general, the entire storage area of the secure element suitable for receiving such information content is linked to a single entity, to the secure element issuer (SE issuer) itself, and is essentially exclusively used by this entity. This circumstance is disadvantageous for both the service providers wishing to offer new services via new applications and for the users of the communication devices. The current situation also prevents the SE issuer to economically utilize the available capacity of the secure element. In most cases the capacity and potentials of the secure element are not exploited to their full extent. The secure element placed in the communication device includes, in general, a unified storage area, or even if part areas separated from each other exist, they are not utilized by multiple services, service providers or applications. The secure elements are pre-personalized and personalized quasi during the chip-card manufacturing process, and after this is completed neither the secure element issuer, who in most cases is also the service provider, nor the user is able to reconfigure the content of the secure element. This practice may cause much of the card capacity, and certain storage part areas to be unused, as at the time of production, or before the issuance of the secure element it is not possible to know the real commercial demands relating to the existing and future services. Hence, some unnecessary applications may be pre-loaded and pre-installed on the card, while other services that would actually be required by the users may be left out.
US 2002/053090 discloses a data receiving apparatus having a storage unit wherein an exclusive memory area can be secured for a service provider, such as a broadcasting provider. However, the exclusive memory area is secured (or deleted) by a program operating on the data receiving apparatus. Because the exclusive memory area is managed locally and there is no external controlling/managing party, the exclusive memory area is more prone to tampering, which renders it unsuitable for use in combination with services where high security is required. Also if the storage capacity management is performed off-line without the involvement of the secure element issuer/owner there is no possibility for the commercialization of the available storage space, the financial incentives are missing.