Method of managing privileges in a tamper-proof device comprising several software containers

1 . A method for managing a secure element comprising a processor and an operating system configured to handle a set of communication protocols with external entities, wherein the operating system accesses a ruling data specifying for each communication protocol of said set whether Card Lock, Card Terminate and Final Application privileges as defined by GlobalPlatform Card Specification are authorized or forbidden and wherein, upon receipt of a command from one of said external entities, the operating system identifies the communication protocol used to convey the command then uses the identified communication protocol as a discriminator to deny or to authorize execution of said command based on the ruling data. 2 . The method according to claim 1 , wherein the operating system uses the transport layer of the identified communication protocol as a discriminator to deny or to authorize execution of said command based on the ruling data. 3 . The method according to claim 1 , wherein the secure element comprises both a first software container including a security domain compliant with GlobalPlatform Card Specification and a second software container including a Telecom profile compliant with GSMA Remote Provisioning Architecture for embedded UICC Technical Specification (SGP.02). 4 . The method according to claim 1 , wherein the secure element comprises a registry storing a state set to SECURED, wherein the command is a SET STATUS requesting a change toward CARD_LOCKED state, said SECURED and CARD_LOCKED states and SET STATUS being compliant with GlobalPlatform Card Specification, and wherein the operating system denies execution of the command if the communication protocol used to convey the command is compliant with the transport layer protocol as defined by ETSI ISO7816-3, and wherein the operating system authorizes execution of the command if the communication protocol used to convey the command is compliant with SPI or SWP. 5 . The method according to claim 4 , wherein the operating system receives, from a source internal to the secure element, a request to change toward CARD_LOCKED state and wherein the operating system denies execution of the request if the source belongs to a software container including a Telecom profile compliant with GSMA Remote Provisioning Architecture for embedded UICC Technical Specification. 6 . The method according to claim 1 , wherein the set of communication protocols comprises T=0 or T=1 as defined by ETSI ISO7816-3 and at least one of the following group: SWP contactless type A, SWP contactless type B, SWP contactless type F, APDU Gate or SPI. 7 . The method according to claim 1 , wherein the secure element is an embedded secure element, an integrated secure element, a secure enclave, a smart card or a Machine-To-Machine device. 8 . A secure element comprising a processor and an operating system configured to handle a set of communication protocols with external entities, wherein the operating system comprises a ruling data specifying for each communication protocol of said set whether Card Lock, Card Terminate and Final Application privileges as defined by GlobalPlatform Card Specification are authorized or forbidden, and wherein the operating system comprises a supervisor agent configured to, upon receipt of a command from one of said external entities, identify the communication protocol used to convey the command then to use the identified communication protocol as a discriminator to deny or authorize execution of the command based on the ruling data. 9 . The secure element according to claim 8 , wherein the supervisor agent is configured to use the transport layer of the identified communication protocol as a discriminator to deny or to authorize execution of said command based on the ruling data 10 . The secure element according to claim 8 , wherein the secure element comprises both a first software container including a security domain compliant with GlobalPlatform Card Specification and a second software container including a Telecom profile compliant with GSMA Remote Provisioning Architecture for embedded UICC Technical Specification. 11 . The secure element according to claim 8 , wherein the secure element comprises a registry storing a state set to SECURED, wherein the command is a SET STATUS requesting a change toward CARD_LOCKED state, said SECURED and CARD_LOCKED states and SET STATUS being compliant with GlobalPlatform Card Specification, and wherein the operating system is configured to deny execution of the command if the communication protocol used to convey the command is compliant with the transport layer protocol as defined by ETSI ISO7816-3 and wherein the operating system is configured to authorize execution of the command if the communication protocol used to convey the command is compliant with SPI or SWP. 12 . The secure element according to claim 9 , wherein the set of communication protocols comprises T=0 or T=1 as defined by ETSI ISO7816-3 and at least one of the following group: SWP contactless type A, SWP contactless type B, SWP contactless type F, APDU Gate or SPI. 13 . The secure element according to claim 9 , wherein the secure element is an embedded secure element, an integrated secure element, a secure enclave, a smart card or a Machine-To-Machine device. 14 . A host device embedding a secure element according to claim 9 . 15 . The host device according to claim 14 , wherein the host device is a phone, a watch, a pair of glasses, a car, a meter, a drone or a robot.