KR101879457B1 - Method for Managing Key of Embedded SIM, Embedded SIM and recording medium for the same - Google Patents

Abstract

In an embedded SIM (eSIM) environment in which a global platform is applied, the present invention provides an issuer security domain (ISD) key as a pre-ISK key (PreISDKey for MNOi) for a specific MNO and a default ISD key ), A new ISD key for a specific MNO (NewISDKey for MNOi), etc., and can securely transmit a profile for an additional service or communication under the MNO-initiated process in the process of initial issuance and MNO change.

Description

[0001] The present invention relates to a key management method in a built-in SIM, and a built-in SIM and a recording medium therefor.

The present invention relates to a key management method of a built-in SIM (Embedded Subscriber Identity Module; hereinafter referred to as 'eSIM' or 'eUICC'), and an eSIM for the same.

A UICC (Universal Integrated Circuit Card) is a smart card inserted in a terminal and can be used as a module for user authentication. The UICC can store the user's personal information and the carrier information of the mobile communication carrier to which the user subscribes. For example, the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user. The UICC is also called a Subscriber Identity Module (SIM) card for Global System for Mobile communications (GSM) and a Universal Subscriber Identity Module (USIM) card for a Wideband Code Division Multiple Access (WCDMA) scheme.

When the user attaches the UICC to the user terminal, the user is automatically authenticated using the information stored in the UICC, so that the user can conveniently use the terminal. In addition, when the user changes the terminal, the user can easily replace the terminal by attaching the UICC removed from the existing terminal to the new terminal.

When a terminal requiring miniaturization, for example, a machine to machine (Machine to Machine, M2M) communication, is manufactured with a structure capable of detaching and removing the UICC, miniaturization of the terminal becomes difficult. Thus, an eUICC structure, a UICC that can not be detached, has been proposed. The eUICC shall record the user information using the UICC in the form of IMSI.

The existing UICC can be attached to / detached from the terminal, and the user can open the terminal without being concerned with the type of terminal or the mobile communication provider. However, the IMSI in the eUICC can be allocated only when the terminal manufactured from the time of manufacturing the terminal is established to be used only for the specific mobile communication provider. Both the mobile communication service provider and the terminal manufacturer ordering the terminal are forced to pay attention to the product inventory and the product price is raised. The user is inconvenient that the mobile communication company can not be changed with respect to the terminal. Therefore, even in the case of the eUICC, there is a need for a method by which a user can open the terminal regardless of the mobile communication service provider.

Meanwhile, due to the recent introduction of eUICC, it has become necessary to update subscriber information of a plurality of telecommunication carriers from a remote UICC, and accordingly, a Subscription Manager (hereinafter referred to as 'SM') or a profile A Profile Manager (PM) is being discussed.

However, in this eSIM environment, software type SIM data must be managed due to a physical form different from the existing removable SIM, and methods based on the global platform technology are currently being discussed. However, according to the discussion of the global platform, it is necessary to provide eSIM-based services led by the MNO rather than a separate third entity due to the key ownership and the eSIM-based business initiative (communication and supplementary service) There is no concrete plan for this.

It is an object of the present invention to provide a method and apparatus for managing an eSIM and performing an MNO change based on a global platform in a communication environment including an eSIM.

It is an object of the present invention to provide a method and apparatus for creating and managing a management key capable of managing a communication or an additional service in a communication environment including an eSIM and performing an MNO change.

An object of the present invention is to provide an Issuer Security Domain (ISD) which is authorized to create a supplementary security domain (SSD) for an additional service in a communication environment including an eSIM ) Under the authority of each communication carrier (MNO).

It is another object of the present invention to provide a method for effectively managing an ISD key corresponding to an additional service management key in an MNO moving in a communication environment including an eSIM.

It is another object of the present invention to provide a method for performing communication or supplementary service management using a pre-ISD key of a specific MNO or an MNO independent default ISD key in a communication environment including an eSIM.

One embodiment of the present invention is a key management method using a built-in SIM (eSIM) interworking with at least one MNO system, wherein the eSIM includes a pre-issuer security domain for an initial opening MNO from an initial- The method comprising: performing authentication via an Issuer Security Domain (ISD) key; receiving a new ISD key from the initial opening MNO system; authenticating the initial opening MNO system using the new ISD key; And receiving a profile (MNO1 Profile) for communication with the initial-opening MNO or an additional service.

Another embodiment of the present invention is a key management method using a built-in SIM (eSIM) interworking with one or more MNO systems, wherein the eSIM includes a predefined default pre-issuer security domain (Issuer The method comprising the steps of: performing authentication through a Security Domain (ISD) key; receiving a new ISD key from the initial opening MNO system; authenticating the initial opening MNO system using the new ISD key; And receiving a profile (MNO1 Profile) for communication with the MNO or an additional service.

Another embodiment of the present invention is a key management method using a built-in SIM (eSIM) interworking with a donor MNO system and a receiving MNO system, wherein the donor MNO receiving the MNO change request from the receiving MNO system Injecting a pre-ISD key of the receiving MNO into the eSIM after the system performs authentication via the Issuer Security Domain (ISD) key of the new (New) issuer MNO system; Injecting a new ISD key (NewISDKey) of the receiving MNO into the eSIM after the MNO system performs authentication with the eSIM using the pre-ISD key (PreISDkey), and sending a new ISD key of the receiving MNO And receiving a profile (MNO2 Profile) for communication with the receiving MNO or an additional service after authentication with the receiving MNO system.

Another embodiment of the present invention is a key management method using a built-in SIM (eSIM) interworking with at least one communication provider (MNO) system and a subscription manager (SM) Receiving and storing an Issuer Security Domain (ISD) key (PreISDKey for MNOi) for each MNO from an MN; receiving, by the SM, the pre-ISD key of the requesting MNO from the eSIM , Injecting its new ISD key (NewISDKey) into the eSIM after the requesting MNO system performs authentication with the eSIM using its pre-ISD key (PreISDkey) And sending a profile (MNOi Profile) for communication or supplementary services to the eSIM after the MNO system authenticates the eSIM using the new ISD key.

Another embodiment of the present invention is a built-in SIM (eSIM) interworking with one or more MNOs, wherein the eSIM includes an Issuer Security Domain (ISD) key for an initial initiating MNO from an initial- Or authenticate with the pre-defined default ISD key, receive a new ISD key from the initial-opening MNO system, authenticate with the initial-opening MNO system using the new ISD key, ESIM having a configuration for receiving a profile (MNO1 Profile) for communication or supplementary services, and a recording medium on which a program implementing such a function is recorded.

Another embodiment of the present invention is a built-in SIM (eSIM) interworking with a Donor MNO system, a receiving MNO system, wherein the eSIM is a new (New) issuer security domain of the donor MNO system and donor MNO (ISD) key from the donor MNO system after performing authentication via an Issuer Security Domain (ISD) key, and using the pre-ISD key (PreISDkey) to authenticate the recipient MNO system After receiving a new ISD key (NewISDKey) of the receiving MNO from the receiving MNO system and authenticating the receiving MNO system using the new ISD key of the receiving MNO, the receiving MNO And an eSIM having a configuration for receiving a profile (MNO2 Profile) for communication or an additional service, and a recording medium on which a program implementing such a function is recorded.

Another embodiment of the present invention is a built-in SIM (eSIM) interworking with one or more MNO systems, a Subscription Manager (SM), and the eSIM receives a request from one of the MNOs SM receives and stores a pre-ISD key of a requesting MNO, performs authentication with the request MNO system using a pre-ISD key of the requesting MNO, and then transmits a new ISD key (NewISDKey) ESIM of a configuration for receiving a profile (MNOi Profile) of a requesting MNO from the requesting MNO system after performing authentication with the requesting MNO system using the new ISD key, and a program implementing the function And provides a recorded recording medium.

1 illustrates an overall service architecture including an eSIM or an eUICC to which the present invention is applied.
Figure 2 shows a card architecture based on a global platform according to the present invention.
3 illustrates the internal structure of an eSIM and its relationship to an external MNO according to an embodiment of the present invention.
4 and 5 are flowcharts showing a first ISD key issue process according to an embodiment of the present invention. FIG. 4 shows a case where a pre-ISK key (PreISDKey for MNOi) for a specific MNO is used, This is the case using an independent default ISD key (DefaultISDKey).
FIG. 6 illustrates a MNO change process according to an embodiment of the present invention.
FIG. 7 shows a case where a subscription management apparatus (SM) performs various ISD key management according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference symbols as possible even if they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

Since the M2M (Machine-to-Machine) terminal actively discussed in GSMA should be small in size, if a UICC is used, a module for mounting a UICC must be separately inserted in the M2M terminal. Therefore, The miniaturization of the M2M terminal becomes difficult.

Therefore, an embedded UICC structure that can not be detached from the UICC is being discussed. In this case, a mobile network operator (MNO) information using the corresponding UICC is transmitted to an euICC installed in the M2M terminal, And must be stored in the UICC in the form of an International Mobile Subscriber Identity (IMSI).

However, since the IMSI in the eUICC can be allocated only when the terminal manufactured from the manufacturing of the M2M terminal is used only in the specific MNO, the MNO or the M2M manufacturer that orders the M2M terminal or the UICC, And the price of the product increases, which is a big obstacle to the expansion of the M2M terminal.

Unlike the conventional removable SIM, the eUICC or the eSIM, which is integrally mounted in the terminal, has many issues regarding the opening authority, the initiative of the supplementary service business, and the subscriber information security due to the difference in the physical structure. To this end, the GSMA and ETSI international standardization organizations are carrying out standardization activities for related companies such as operators, manufacturers, SIM makers, and other necessary elements including top-level structure. As eSIM is discussed through standardization bodies, eSIM issues eSIM with eSIM, which is called Subscription Manager, which issues e-business information (Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package etc.) Or function / role that performs the overall management role for the eSIM, such as handling the process of subscribing or MNO change.

In recent GSMA, the role of SM is divided into SM-DP (Data Preparation) which plays a role of generating provider information and SM-SR (Secure Routing) which carries direct carrier of provider information to eSIM, However, the details are lacking.

In this specification, eSIM and eUICC are used as an equivalent concept.

The eSIM attaches the IC chip to the terminal circuit board in the terminal manufacturing stage and then inserts the SIM type data (activation information, supplementary service information, etc.) in the form of software into OTA (Over the Air) or offline (technology based connection such as USB to PC) Is a new concept of SIM technology. IC chips used in eSIM generally support hardware based CCP (Crypto Co-Processor) to provide hardware-based public key generation, and APIs that can be utilized based on applications (eg applets) , Java Card Platform, etc.). The Java Card Platform (Java Card Platform) is one of the platforms that can provide multi-applications and services on smart cards and so on.

Because SIM has limited memory space and security reasons, it should not be possible for anyone to mount an application in SIM. Therefore, besides the platform for mounting an application, a SIM service management platform is required for loading and managing the SIM application. The SIM service management platform issues data to the SIM memory area through authentication and security through the management key. The global platform (GlobalPlatform) and Remote File Management (RFM) and Remote Application Management (EASI TS 102.226) Service management platform.

SM, which is one of the important elements in eSIM environment, eSIM remotely issues communication and supplementary service data through management keys (UICC OTA Key, GP ISD Key, etc.).

In GSMA, the role of SM can be classified as SM-DP and SM-SR. SM-DP builds securely IMSI, K, OPc, supplementary service application and supplementary service data in the form of Credential Package in addition to operation profile (or provider information) SR is responsible for securely downloading the SM-DP-generated credential package to eSIM via SIM remote management technology such as Over-The-Air (OTA) or GP SCP (Secure Communication Protocol).

1 shows an example of an eSIM communication system including an SM.

The eSIM communication system architecture using the SM may include a plurality of MNO systems, one or more SM systems, an eUICC maker system, a device maker system including an eUICC, and an eUICC, and the dotted line in Fig. Circle of Trust), and the two solid lines represent a secure link.

We propose a structure called "Circle of Trust" in Fig. 1 to establish an end-to-end trust relationship between MNO and eSIM through overlapping of trust relationships between each similar entity or entities. . In other words, MNO1 defines SM1, SM1 SM4 and SM4 form a trust relationship with eSIM, thereby forming a trust relationship between MNO and eSIM.

In the eSIM communication system using the SM, a function defined as SM is introduced. The main role of the SM is to prepare a package or profile including the MNO credential and transmit it to the eUICC. The SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service. This SM function should be provided by the MNO or a third party, and if provided by a third party, there is a commercial relationship between the SM and the MNO.

SM is divided into SM-DP, which securely prepares various profiles related to eUICC (MNO's operation profile, provisioning profile, etc.), and SM-SR to route it. SM-SR has a trust relationship with other SM- And the SM-DP is linked to the MNO system.

However, in the system using the SM as shown in FIG. 1, the SM performs overall management such as the subscription management, the supplementary service management, and the MNO change management, which is different from the MNO- There may be a problem.

Meanwhile, a global platform is being used as one of the standards of the SIM service management platform.

This global platform is a secure and dynamic card and application management specification that provides card components, instruction sets, transaction sequences and hardware, system and OS-neutral and application-independent interfaces.

The present invention can provide an MNO profile to a terminal without changing the existing SIM related technology in an environment having an issuer security domain (hereinafter referred to as ISD) It is possible to provide a structure for moving to a communication company.

For that purpose, in one embodiment of the present invention, the ISD and SD defined in the global platform are used to manage the profile of the initial opening MNO (MNO1) within the eSIM and to control the SD creation of the additional MNO and the installation of the security applet ISD, and generate and manage SD for one or more MNOs. The structure of the present invention will be described below with reference to FIG. 3 and the following figures.

Figure 2 shows a card architecture based on a global platform according to the present invention.

The global platform-based card architecture consists of a number of components to ensure hardware and vendor-neutral interfaces to application and off-card management systems.

These components include one or more card issuer applications 210 for a card issuer, one or more application provider applications 220 for a card issuer's business partner, i.e., an application provider, a global service (e.g., One or more global service applications 230 for providing CSM services).

Each application is associated with a corresponding security domain (SD), i.e., an issuer SD (ISD) 211, a service provider SD 221, a Controlling Authority SD 231, and the like.

All applications are implemented within a secure runtime environment 250 that includes a hardware-neutral Application Programming Interface (API) to support application mobility. The global platform is not limited to any particular runtime environment technology, but is a major card component that acts as a central manager of the card manager. A security management application called a specific key and security domain is created to ensure that the keys are completely separated between the card issuer and a number of other SD providers.

This application and the SD sub-section include a global platform environment (OPEN) and a GP trust framework 240, and a runtime environment 250 is formed under the application.

A GP API 241 is provided between the application / SD and the global platform environment (OPEN) and the GP trust framework 240 and a runtime API (RTE API) 251 is provided between the application / SD and the runtime environment 250. [ / RTI >

SD, such as Issuer SD (ISD) 211, Service Provider SD 221, Controlling Authority SD 232, SD serves as an on-card agent for an off-card authority. SD can be roughly classified into three types, reflecting three types of off-card institutions recognized by the card.

First, ISD 211 is the primary but essential on-card delegate for the Card Administrator, which is usually the card issuer.

Second, Supplementary SD (SD) serves as an optional and optional on-card agent for card issuers or application providers or their agents. The service provider SD (221) corresponds to this auxiliary SD (SSD).

As a third type, the Controlling Authority Security Domains (SD) is a special form of secondary SD, which forces the control authority to enforce security policies that are applied on all application code loaded into the card. The control authority may also use this form of SD as its on-card agent to provide this functionality. There may be more than one such control organ SD.

In general, all three types are simply referred to as SD, and SD is a security service such as key handling, encryption, decryption, digital signature generation and verification for its provider (card issuer, application provider, or control authority) . Each SD is established on behalf of the card issuer, application provider, or control authority when the off-card entity requests to use a key that is completely isolated from each other.

On the other hand, there may be one or more global service applications 230 within the card to provide services such as a Cardholder Verification Method (CVM) to other applications on the card.

The global platform is intended to operate on a secure multi-application card runtime environment, which provides secure storage and execution space for the application as well as a hardware-neutral API for the application, Ensure that it remains stable in isolation from the application. The runtime environment of the card also provides communication services between the card and off-card entities.

The global platform card may also include one or more trusted frameworks (240), which provide inter-application communication between applications. The trust framework is not an application or SD, and may exist as an extension or a part of a card runtime environment.

Thus, the GlobalPlatform is a standard technology for managing applications (applets, etc.) of smart cards such as SIM. The global platform consists of software that represents the Issuer Security Domain (ISD) (Issuer Security Domain) (eg MNO) and performs the necessary overall management functions, as well as the business partner of the card issuer (eg application providers such as banks and credit card companies) (SSD) for the service software and information (e.g., banking applet, account information, etc.) of the service.

According to this global platform technology, an SSD can be generated only by the ISD, in which the ISD key is utilized, and the PUT key is used to pre-share the SSD key with the business partner requesting the SSD at the time of generating the SSD. do.

However, in this eSIM environment, software type SIM data must be managed due to a different physical form from the existing removable SIM, and various methods are currently being discussed based on the global platform technology. However, owing to the possession of the ISD key on the global platform, Due to the issue of the subject of the initiative (communication and supplementary service) of the base business, it is necessary to construct a structure in which the MNO, which is not a separate third party, owns the ISD key and provides the eSIM service based on the key.

Accordingly, the present invention proposes a method for effectively managing the ISD key corresponding to the supplementary service management key according to the movement of the MNO in the eSIM environment, which is a standard technology which is an existing standard technology. In the present invention, the ISD key may manage only supplementary services installed in the eSIM, and manage communication related items (USIM / SIM applets and various files) according to the internal structure of the eSIM.

In embodiments of the present invention, in an eSIM environment in which such a global platform is applied, the issuer security domain (ISD) key is used as a pre-ISK key for a specific MNO (PreISDKey for MNOi) and MNO independent default ISD key (DefaultISDKey) A new ISD key for a specific MNO (NewISDKey for MNOi), and then provides a method for securely delivering a profile for an additional service or communication under MNO's initiative in the process of initial issuance and MNO change.

3 illustrates the internal structure of an eSIM and its relationship to an external MNO according to an embodiment of the present invention.

A system according to an embodiment of the present invention includes a terminal 300 including an eSIM 310 and one or more MNO systems 360 and 370.

In the following description, it is assumed that MNO1 is an initial opening MNO, and MNO2, MNO3 and the like are additional MNOs.

The key management module 350 is installed in the terminal. As described below, the key management module is a module that performs all the functions of issuing or receiving the required ISD key in cooperation with the MNO system or the SM. The key management module 350 performs the MNO changing process as shown in FIG. 6 and the MNO changing process for the specific MNO defined in the present invention in the communication environment including the SM as shown in FIG. 7, as well as the initial key issuing process according to FIG. Issues a pre-ISK key (PreISDKey for MNOi) and an MNO-independent default ISD key (DefaultISDKey), performs all functions related to issuance, reception, and confirmation of a new ISD key (NewISDKey for MNOi) for a specific MNO . In this process, the " key management module " must perform secure and secure communication with the MNO and the SM, and must be protected from external hacking by operating in a secure space in the device or terminal.

The key management module 350 performs the key management functions described below with reference to FIG. 4, and is not limited to the above-described terminology, but may be expressed by other terms such as a communication module, a provisioning module, an issuing module, and an opening module.

Also, the eSIM 310 includes a communication module or a provisioning profile 312 therein. In the case of an " integrated structure " in which a communication module is included and a communication module is designed to integrate communication and an additional service without a communication module, a provisioning profile exists instead of a communication module.

That is, in the case of the eSIM structure (i.e., the case where the communication module is mounted, that is, the " separate structure ") in which the communication and the additional service are separated from each other in relation to the eSIM, the present invention is utilized for managing the additional service through the ISD key of the global platform (I.e., " integrated structure "), a provisioning profile exists and each MNO issues a profile for communication and supplementary services in the eSIM through the provisioning profile through the ISD key will be.

Also included in the eSIM are a chip OS 314, a Java card platform 316 disposed above the chip OS 314, and a global platform 318 and an ISD 320 that are higher than the chip OS 314. The ISD key is included in the ISD, and these ISD and ISD keys are described in more detail below.

The chip OS 314 is a layer of a COS (Chip OS) level in which the eSIM hardware and the Java card platform 316 are interlocked and functions are implemented.

In addition, the Java card platform 316 is a platform for providing an API, an interface for allowing an eSIM application (an applet) to utilize eSIM resources, a runtime, and a virtual machine (VM).

On the global platform 318, there is an ISD 320 that represents the card issuer and manages the entire eSIM.

The eSIM 310 or the key management module 350 according to an embodiment of the present invention can implement the following functions.

Accordingly, the eSIM according to an embodiment of the present invention can prevent the issuer security domain (ISD) key or the predefined default ISD key for the initial opening MNO from the initial opening MNO (MNO1) After receiving the new ISD key from the initial opening MNO system and authenticating with the initial opening MNO system using the received new ISD key, the profile for the communication with the initial opening MNO or the additional service MNO1 Profile ) To the mobile station.

In addition, the eSIM according to an embodiment of the present invention performs authentication through the donor MNO (MNO1) system and the new Issuer Security Domain (ISD) key of the MNO1 in the MNO change process, (NewISDKey) of the MNO2 from the MNO2 system after performing the authentication with the MNO2 system by using the pre-ISD key (PreISDkey) and then receiving the new ISD key of the MNO2 from the MNO2 system, And a function of receiving a profile (MNO2 Profile) for communication or supplementary service with the MNO2 after authentication with the MNO2 system using the new ISD key of the MNO2.

In another embodiment of the present invention, in a communication environment having a subscription manager (SM) separate from the MNO, the eSIM sends a request for the MNO, which the SM receives from the MNO, Receives and stores the pre-ISD key, performs authentication with the requesting MNO system using the pre-ISD key of the requesting MNO (PreISDkey), receives the new ISD key (NewISDKey) of the requesting MNO, and uses the new ISD key After performing authentication with the requesting MNO system, it may have the capability of receiving a profile (MNOi Profile) of the requesting MNO from the requesting MNO system.

Hereinafter, each of the embodiments of the present invention will be described in more detail.

The Issuer Security Domain (ISD) is the primary but essential card-on-card agent for the card issuer who is typically the card issuer. It is the primary on-card that provides support for the card's Administration's communication requirements, (On-card) entity.

Hereinafter, terms used in this specification will be summarized.

MNO (Mobile Network Operator) means a mobile communication service provider and means an entity that provides a communication service to a customer through a mobile network.

Provisioning refers to the process of loading a profile into an eUICC, and a provisioning profile refers to a profile used by a device to connect to a communications network for the purpose of provisioning different provisioning profiles and operation profiles.

Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.

A Profile is a combination of file structures, data, and applications that can be provisioned into an eUICC or managed within an eUICC, including an Operational Profile, a Provisioning Profile for provisioning, and other Policy Control Functions (PCFs) And all the information that may exist in the eUICC.

The Operation Profile or the Operator Information means all kinds of profiles related to the Operational Subscription.

Card content is code and application information (not application data) contained within a card under the responsibility of OPEN, such as executable load files, application instances, and the like.

A card issuer is an entity that owns a card, and is an entity that takes full responsibility for the aspect of the card.

ISD is the primary on-card entity that provides support for the card's Administration's communication requirements, control and security.

SD is an on-card entity that supports control, security, and communication conditions of off-card entities (e.g., card issuers, application providers, or controllerships).

Delegated Management (hereinafter also referred to as "DM") refers to a pre-authorized card content change performed by an authorized application provider, and a Token is a " Means a cryptographic value provided by the issuer.

The Controlling Authority means having a privilege that maintains control of the card content through DAP (Data Authentication Pattern) validation authority.

The MNO1 system 360 and the MNO2 system 370 can perform a global platform-based card management function and role (mutual authentication with a SIM, forming a secure communication channel, application and data issuance, etc.). MNO1 and MNO2 may have entered into a preliminary agreement for the movement of third parties.

3, the MNO systems must perform communication with the eSIM-equipped device for updating the ISD key in the eSIM. For this purpose, a "key management module 350" existing in the terminal and a TCP / (Eg, IP (TLS / SSL), HTTP (S), etc.) can be communicated through the OTA RAM (Remote Application Management) , PUT KEY, etc.) to communicate.

Hereinafter, the technology related to the present invention among the details of the global platform technology according to an embodiment of the present invention will be described in detail.

SD is a privileged application, which holds cryptographic keys used to support secure channel protocol operations or to authenticate card content management functions.

Each application and each executable load file is associated with a security domain, and the application can use the associated SD's encryption services.

Every card has one essential SD and is called an ISD. Cards with multiple SDs allow application providers to manage their applications through their SD and provide encrypted services using keys that are completely separate from the card issuer.

The SD is responsible for managing its own key so that applications and data from different application providers can coexist in the same card without violating the privacy and integrity of each application provider.

Keys and associated cryptographic operations for all SDs can provide secure communications support while personalizing the application provider's application and enable secure communications during runtime of applications that do not include their secure messaging keys.

The ISD mainly operates as one specific SD, but has several characteristics that distinguish it from the other SDs.

That is, the ISD is the first application installed in the card, but the ISD does not need to be loaded or installed in the same manner for each application. In addition, ISD does not need to have an SD lifecycle state because it has a card lifecycle state, and if an application with a privilege is removed, it has card reset rights.

Also, if an application that can be implicitly selected on the same logical channel of the same card I / O interface is removed, then the ISD becomes an implicitly selected application and can be selected by a SELECT command without a command data field.

Applications that include SD can use their associated SD services to provide secure channel sessions and other cryptographic services. The application does not need to know the SD AID (Application Identifier) in advance, the global platform registry provides this information, and provides the application's SD criteria to the OPEN. Since the associated SD can be changed by Extradition, the application does not need to store these criteria.

Extradition is a means by which an application is associated with another SD, where an executable load file is initially associated with the SD that loads it, but is immediately transferred to another SD by an implicit handover procedure during the loading process, It can be transferred to other SDs sequentially through the transfer process.

ISD is not a transfer target, and SD can be associated with itself through transfer. The SD may be further isolated from other SDs using special privileges assigned to the other SDs, so that one or more association layers may be formed on the card. The root of each layer is the SD associated with it.

The application can access the services of the associated SD. With these services, applications can rely on encryption support from SD while ensuring confidentiality and integrity during personalization and runtime. The SD service can have the following characteristics.

Initiates a secure channel session if there is a successful verification of the off-card entity, unwraps the instruction received in the secure channel session by integrity verification, or decrypts the original data if confidentiality is corrected.

It also controls the sequence of APDU instructions, decrypts the confidential data block, and sets the security level of confidentiality or integrity that can be applied to the next inflow command or next outflow response. It also closes the secure channel session if requested and removes confidential data associated with the secure channel session.

Depending on whether or not a specific secure channel protocol is supported, the SD may have a function of wrapping a response transmitted in a secure channel session by adding confidentiality or encrypting original data when the confidentiality is secured, And a sequence of APDU responses.

The SD can simultaneously manage multiple secure channel sessions (i. E., Multiple applications selected on multiple logical channels each initiating a secure channel), and one of the simultaneously selected multiple applications attempted to use the service It is also possible to restrict the management of only the session. If the SD is supported to manage multiple secure channel sessions simultaneously, then it must be able to distinguish between multiple secure channel sessions and each logical channel. If the SD is not supported to manage multiple secure channel sessions at the same time, the SD may reject such a request to initiate a new secure channel session when requesting the opening of a secure channel session to the current secure channel session and other logical channels .

In addition, the SD may receive a STORE DATA command directed to one of the associated applications. The SD unwraps this command according to the security level of the current secure channel session before the command is forwarded to the application.

The ISD must be able to process Issuer Identification Number (IIN), Card Image Number (CIN), card identification data, and other card issuer specific data. Such data may be obtained from the card via a GET DATA command.

The issuer identification number (IIN) is used by the off-card entity and is used to associate the card with a specific card management system. The IIN generally contains the issuer's ISO 7812 definition of identity and is transmitted by the tag '42' in ISO / IEC 7816-6. The IIN data element has a variable length.

The card image number (CIN) is used by the card management system to uniquely identify the card within the card base. CIN is a unique value that is transmitted by the tag '45' (data of the card issuer) defined in ISO / IEC 7816 and is assigned by the card issuer (defined by IIN). The CIN data element also has a variable length.

The card management system needs to know information about the card before it interacts with the card, which includes information about the type of card and information about the supported secure channel protocol. Card recognition data is a mechanism for providing information about these cards, and prevents fluctuations in trial and error.

SDs other than ISDs may be represented as supplementary security domains (SSDs), and these SSDs handle their own identification data. The identification data of the SSD may include an SD provider identification number (SIN), an SD image number, SD management data, and other application provider specific data. Such data may be obtained from the card via a GET DATA command.

The SD provider identification number (SIN) is used by the off-card entity and is used to associate the SD with a particular card management system. The SIN typically contains the ISO 7812 definition of the SD provider and is transmitted by tag '42' in ISO / IEC 7816-6. The SIN data element has a variable length.

The SD image number is used by the card management system to uniquely identify the SD instance within the card, and a unique value can be used and transmitted by the tag '45' defined in ISO / IEC 7816.

The card management system needs to know information about the card before it interacts with the card, and it has information about the kind of SD and information about the supported secure channel protocol.

SD management data is a mechanism for providing information about SD, and prevents variations in trial and error. The SD management data should be included in the response to the SELECT command and returned, including in the response to the GET DATA command with the tag '66'.

The information provided to the SD manager should be sufficient to enable initial communication with the card, but is not limited to any particular requirement. SD management data must be updated dynamically by the card.

Hereinafter, an ISD key and an SD key used in an embodiment of the present invention will be described.

The ISD key or the SD key according to an embodiment of the present invention has the following attributes.

On-card entity. ≪ / RTI > A key consists of one or more key components. For example, a symmetric key has one key component, and an asymmetric key has a number of components. All key components SHOULD share the same key identifier, and other key identifiers should be used to distinguish the key, its purpose and function within an on-card entity. There is no restriction or predetermined order to assign a key identifier to a key, and a discontinuous key identifier may be used in the same entity.

As an attribute of the SD key, there is an Associated Key Version Number. Different key versions may be used to distinguish one instance or version of the same key within an on-card entity. There are no special restrictions or predefined sequences for assigning key version numbers to keys.

In addition, there may be an encryption algorithm as an attribute of the SD key, and a particular key may be associated with only one encryption algorithm. The length of the encryption algorithm that supports some key lengths and the access conditions for accessing or controlling the keys may also be attributes of the SD key.

Due to these key attributes, the identity, the intended use, the function of the cryptographic key, etc., can be clearly indicated to the card entity that came.

The combination of the key identifier and the key version number can clearly identify a particular key in the on-card entity, and the Key Type identifies the encryption algorithm and the key component. By clearly identifying the key and algorithm within the entity, misuse of the encryption function can be prevented. The off-card entity may obtain information about the SD key using the GET DATA command of the key information template (tag 'E0').

Meanwhile, according to an embodiment of the present invention, a method by which SD manages keys is as follows.

The key identifier and key version number uniquely refer to each key in the on-card entity, and each key identifier / key version number combination represents a key slot that is unique within the entity.

Adding a key is like assigning a new key slot with a new key value, a new key identifier, or a new key version number. Replacing the key involves updating the key slot with the key version number associated with the new key value. The key identifier remains the same, and the previous key can no longer be used.

The off-card key management system should be aware of the key identification scheme performed by the on-card entity, and the key identifier and key version number may have any value for a particular card, Can be changed.

SD must store all key information provided by the PUT KEY command associated with each key.

There are three access conditions that can be assigned to the SD key: all access by the SD itself and all authenticated users, including the owner and the owner of authenticated users other than the owner (e.g., associated applications of the SD) Is the approach of.

The access condition for the SD key can be represented by one byte, for example, '00' represents any authenticated user, including the owner (which, if not explicitly provided by the PUT KEY command, '01' represents the owner (SD) itself (this is the default access condition for the token and DAP key if not explicitly provided by the PUT KEY command), '02' And may indicate an authenticated user, but the present invention is not limited thereto. The access control rules that can be applied to specific SD keys can be enforced as follows.

To use a particular SD encryption service, an application may request a reference to the secure channel interface to OPEN, and OPEN may identify the SD associated with the application and provide a corresponding secure channel interface reference to the application.

In addition, an application may request a cryptographic service from SD via a secure channel interface, and OPEN may allow access only to the associated application.

Data and key management methods are as follows. When a data / key management request is received, the corresponding SD shall manage the corresponding key / data in accordance with its access control regulations, and the card life cycle status shall not be CARD_LOCKED or TERMINATED.

When a DELETE [key], PUT KEY, or STORE DATA command is received, the SD performing the data or key management must apply its own secure communication policy, and the SD provider can apply the key management policy related to the deletion of the key .

4 and 5 are flowcharts illustrating a first ISD key issue process according to an embodiment of the present invention.

FIG. 4 shows a case in which a pre-ISK key for a specific MNO (PreISDKey for MNOi) is used, and FIG. 5 shows a case in which an MNO-independent default ISD key (DefaultISDKey) is used.

The former (embodiment of FIG. 4) is a case in which the eSIM-equipped device is distributed through the MNO1 and the pre-ISD key of the MNO1 (hereinafter, preISKey for MNO1) And the default ISD Key (hereinafter referred to as defaultISDKey), which is known to all MNOs, is loaded.

First, the first ISD issuance process using a pre-ISK key (PreISDKey for MNOi) for a specific MNO will be described as follows.

As shown in FIG. 4, the eSIM-equipped device accesses the MNO1 network, which is the first opening MNO, through the built-in communication module (for MNO1) or the provisioning profile (S410).

Then, the MNO1 system performs authentication with the ISD in the eSIM using the pre-ISK key (PreISDKey for MNO1) with the " key management module 350 "

After performing the ISD authentication, the MNO1 system generates a new ISD Key (newISDKey) (S430) in accordance with its ISD key management policy, and then interworks with the " key management module 350 " (PUT KEY) to the ISD of the eSIM (S440).

At this time, in the case of the "separated structure", the MNO1 system selectively inquires the communication opening information of the device on which the eSIM is mounted, and can inject a new ISD key (MNIS1 for MNO1) of the MNO1 in the case of normal opening.

After the MNO1 system performs authentication with the eSIM using the new ISD key (NewISDKey for MNO1), the MNO1 system issues its own profile for providing communication or supplementary services, i.e., the MNO1 profile to the eSIM (S450).

Thereafter, the eSIM receiving the MNO1 profile can receive communications or additional services from the MNO1 system using the eSIM.

Next, referring to FIG. 5, an initial ISD issuance process using an MNO-independent default ISD key (Default ISDKey) will be described as follows.

As shown in FIG. 5, the eSIM-equipped device connects to the MNO1 network, which is the first-opened MNO, through the built-in communication module (for MNO1) or the provisioning profile (S510).

Then, the MNO1 system performs authentication with the ISD in the eSIM through the OTA RAM method in cooperation with the " key management module 350 " utilizing the MNO independent default ISD key (DefaultISDKey) that is known in advance (S520).

After performing the ISD authentication, the MNO1 system generates a new ISD Key (newISDKey) according to its ISD key management policy (S530), and then interworks with the " key management module 350 " (PUT KEY) to the ISD of the eSIM (S540).

At this time, in the case of the "separated structure", the MNO1 system selectively inquires the communication opening information of the device on which the eSIM is mounted, and can inject a new ISD key (MNIS1 for MNO1) of the MNO1 in the case of normal opening.

After the MNO1 system performs authentication with the eSIM using the new ISD key (NewISDKey for MNO1), the MNO1 system issues its own profile for providing communication or supplementary services, i.e., the MNO1 profile to the eSIM (S550).

Thereafter, the eSIM receiving the MNO1 profile can receive communications or additional services from the MNO1 system using the eSIM.

FIG. 6 illustrates a MNO change process according to an embodiment of the present invention.

In the embodiment of FIG. 6, it is assumed that MNO1 is a donor MNO and MNO2 is a receiving MNO. The donor MNO, MNO1, may be an initial open MNO, but is not limited thereto.

The MNO changing process according to FIG. 6 will be described below.

As a precondition, the receiving MNO MNO2 can agree with the donor MNO MNO1 on the execution of the eSIM-based communication company changing procedure through a preliminary negotiation, and the pre-ISD key of the MNO2 (preISDKey for MNO2) has been previously injected into the MNO1 system through a secure method such as HSM (Hardware Security Management).

HSM (Hardware Security Module) is a kind of security calculator that generates and stores a public key / private key pair required for digital signatures, performs the operation of the asymmetric cryptosystem, and manages the important security key of the server It is used as a urethra. HSM is a physical device that can be in the form of a plug-in card or a security device that can be connected to a server or PC based on TCP / IP. In the SIM supplementary service environment, the HSM is used to securely transmit keys among several business partners. When a business partner visits a business partner offline and inputs key component values to the HSM, the HSM generates a security key according to the internal security logic and applies it to the system. At this time, since the actual generated security key value can not be known by internal or external natural persons, its safety is guaranteed.

Under these pre-conditions, the MNO2 system sends a MN change request or MNO change request signal to the MNO1 system (S610).

Since the MNO1 system is already in service with the eSIM, after performing authentication with eSIM through its new ISD key (already known eSIM), i.e., newISDKey for MNO1, the pre-ISD of the receiving MNO2 Key (PreISDKey for MNO2) is interlocked with the key management module 350 of the eSIM or injected into the ISD of the eSIM through the OTA RAM method (S620). At this time, in the case of the separated structure, the MNO1 system selectively inquires communication related communication company change information of the device on which the eSIM is mounted, and can inject the pre-ISK key (PreISDKey for MNO2) of the MNO2 when the MNO2 is changed to the MNO2 normally.

Next, after the eSIM-equipped device reboots, it connects to the MNO2 network through the communication module (for MNO2, communication related company change completion) or the provisioning profile (S630).

The MNO2 system, which is the receiving MNO, performs authentication with the ISD in the eSIM using the pre-ISK key (PreISDKey for MNO2) or interworking with the key management module of the eSIM or the OTA RAM method (S640).

After performing the ISD authentication, the MNO2 system generates a new ISD key (NewISDKey for MNO2) according to its own ISD key management policy (S650), and then, in cooperation with the key management module of the eSIM or the new ISD key NewISDKey for MNO3) is injected into the ISD of the eSIM (PUT KEY) (S660).

At this time, in the case of the "separated structure", the MNO2 system selectively inquires the communication opening information of the device on which the eSIM is mounted, and can inject a new ISD key (NewISDKey for MNO2) in the case of normal opening.

Next, the MNO2 system issues a profile of the MNO2 to the eSIM for communication or additional services of the MNO2 after performing authentication with the eSIM using the new ISD key (NewISDKey for MNO2) (S670).

FIG. 7 shows a case where a subscription management apparatus (SM) performs various ISD key management according to an embodiment of the present invention.

That is, FIG. 7 shows an embodiment in which a third entity, such as a Subscription Manager (SM), performs an ISD key related to a communication activation and supplementary service in an eSIM environment, rather than an MNO.

7, each MNO generates its own pre-ISD key (PreISDKey for MNOi, i = 1, 2, 3, ...) in accordance with the ISD key management policy of the MNO itself as a precondition, And has been delivered in advance through a secure method such as HSM (S710).

Also, the eSIM is a state in which the pre-ISD key (PreISDKey for SM) of the SM is injected at the initial distribution, and when there is a request such as opening / issuing / moving from a specific MNO (hereinafter referred to as a request MNO) (PreISDKey for SM) of the SM, and then injects the pre-ISK key (PreISDKey for MNOn) of the corresponding request MNO into the eSIM (S720).

Next, the MNO1 system, which is the request MNO system, generates its own new ISD key (NewISDKey for MNO1) according to its ISD key management policy (S730).

The MNO1 system performs authentication with the eSIM using the pre-ISD key (PreISDKey for MNO1) on the eSIM-equipped device connected to its network according to the eSIM structure, and sends the generated new ISD key (NewISDKey for MNO1) (S740)

Next, the MNO1 system issues a profile of the MNO1 to the eSIM for communication or additional service of the MNO1 after performing the authentication with the eSIM by utilizing the new ISD key (MNIS1 for MNO1) (S750)

According to the embodiments of the present invention as described above, the MNO can secure the business initiative for the additional service (or communication initiation) of the eSIM without changing the standard technology in the eSIM environment.

Also, it is possible to make the final ownership of the ISD key to be the MNO in the MNO-led or third-entity-driven issuance structure environment, and to secure the key injection and issuance procedure by utilizing the security functions provided by the global platform It is effective.

In the eSIM environment in which the global platform is applied as described above, the issuer security domain (ISD) key is used as a pre-ISD key for a specific MNO (PreISDKey for MNOi) and an MNO independent default ISD key (DefaultISDKey), a new ISD key for a specific MNO (NewISDKey for MNOi), and a function to securely transmit a profile for an additional service or communication under MNO's initiative in the process of initial issuance and MNO change ESIM, MNO system, etc., may be implemented in a form that includes computer readable programs.

Also, a recording medium on which a program of such a function is recorded will also be included in the scope of the present invention.

As described above, in order for a computer to read a program recorded on a recording medium and to execute various functions as described above, the program may be coded in a computer language such as C, C ++, JAVA, And may include a code.

The code may include a function code related to a function or the like that defines the functions described above, and may include an execution procedure related control code necessary for the processor of the computer to execute the functions described above according to a predetermined procedure.

In addition, such code may further include memory reference related code as to what additional information or media needed to cause the processor of the computer to execute the aforementioned functions should be referenced at any location (address) of the internal or external memory of the computer .

In addition, when a processor of a computer needs to communicate with any other computer or server, etc., to perform the above-described functions, the code may be stored in a computer's communication module (e.g., a wired and / ) May be used to further include communication related codes such as how to communicate with any other computer or server in the remote, and what information or media should be transmitted or received during communication.

The functional program for implementing the present invention and the related code and code segment may be implemented by programmers in the technical field of the present invention in consideration of the system environment of the computer that reads the recording medium and executes the program, Or may be easily modified or modified by the user.

Examples of the computer-readable recording medium on which the above-described program is recorded include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical media storage, and the like.

Also, the computer-readable recording medium on which the above-described program is recorded may be distributed to a computer system connected via a network so that computer-readable codes can be stored and executed in a distributed manner. In this case, one or more of the plurality of distributed computers may execute some of the functions presented above and send the results of the execution to one or more of the other distributed computers, The computer may also perform some of the functions described above and provide the results to other distributed computers as well.

In particular, a computer-readable recording medium storing an application, which is a program for executing various functions or methods related to the eUICC authentication information according to an embodiment of the present invention, includes an application store server, (E.g., a hard disk) included in an application provider server such as a related web server, or an application providing server itself.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiments, it is to be understood that the invention is not limited to the disclosed embodiments. That is, within the scope of the present invention, all of the components may be selectively coupled to one or more of them. In addition, although all of the components may be implemented as one independent hardware, some or all of the components may be selectively combined to perform a part or all of the functions in one or a plurality of hardware. As shown in FIG. The codes and code segments constituting the computer program may be easily deduced by those skilled in the art. Such a computer program can be stored in a computer-readable storage medium, readable and executed by a computer, thereby realizing an embodiment of the present invention. As the storage medium of the computer program, a magnetic recording medium, an optical recording medium, a carrier wave medium, or the like may be included.

It is also to be understood that the terms such as " comprises, "" comprising," or "having ", as used herein, mean that a component can be implanted unless specifically stated to the contrary. But should be construed as including other elements. All terms, including technical and scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. Commonly used terms, such as predefined terms, should be interpreted to be consistent with the contextual meanings of the related art, and are not to be construed as ideal or overly formal, unless expressly defined to the contrary.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

Claims (21)

A key management method using an embedded SIM (eSIM) interworking with at least one communication carrier (MNO) system,
Accessing an initial-opening MNO system using a communication module for an initially-opened initial-opening MNO;
Performing authentication via an Issuer Security Domain (ISD) key for an initial-opening MNO from an initial-opening MNO system;
Receiving a new ISD key from the initial opening MNO system; And
And authenticating the initial opening MNO system using the new ISD key, and receiving a profile (MNO1 Profile) for communication with the initial opening MNO or an additional service. delete A key management method using an embedded SIM (eSIM) interworking with at least one communication carrier (MNO) system,
Accessing an initial-opening MNO system using an initially-installed provisioning profile;
Performing authentication via a predefined default Issuer Security Domain (ISD) key from the initial opening MNO system;
Receiving a new ISD key from the initial opening MNO system;
And authenticating the initial opening MNO system using the new ISD key, and receiving a profile (MNO1 Profile) for communication with the initial opening MNO or an additional service. delete The method of claim 3,
Wherein the default ISD key is defined independently of a specific MNO. The method of claim 3,
Wherein the authentication through the ISD key is performed in conjunction with the key management module in the terminal. The method of claim 3,
Wherein the authentication using the ISD key is performed through OTA RAM (Over-The-Air Remote Application Management). A donor MNO system, and a key management method using an embedded SIM (eSIM) interworking with a receiving MNO system,
After receiving the MNO change request from the receiving MNO system, the donor MNO system performs authentication via a new (New) Issuer Security Domain (ISD) key of the donor MNO system, Injecting an ISD key into the eSIM;
Injecting a new ISD key (NewISDKey) of the receiving MNO into the eSIM after the receiving MNO system performs authentication with the eSIM using the pre-ISD key (PreISDkey);
Receiving a profile (MNO2 Profile) for communication with the receiving MNO or an additional service after authenticating with the receiving MNO system using the new ISD key of the receiving MNO;
And a key management method using the embedded SIM. 9. The method of claim 8,
Wherein the donor MNO system inquires the communication company change information of the terminal equipped with the eSIM and injects the pre-ISD key of the receiving MNO only when the MNO change is normally performed. 9. The method of claim 8,
Wherein the receiving MNO system injects a new ISD key of the receiving MNO only when it is normally opened by inquiring the terminal activation information of the terminal equipped with the eSIM. 9. The method of claim 8,
Wherein the donor MNO system receives and stores the pre-ISD key of the receiving MNO in advance. 12. The method of claim 11,
Wherein the donor MNO system receives a pre-ISD key of the receiving MNO from the receiving MNO system via a hardware security module (HSM). 1. A key management method using a built-in SIM (eSIM) interworking with at least one communication carrier (MNO) system and a subscription manager (SM)
The SM receives and stores an Issuer Security Domain (ISD) key (PreISDKey for MNOi) for each MNO from the MNO system;
Injecting, within the eSIM, the pre-ISD key of the requesting MNO that received the request from one of the MNOs;
The requesting MNO system performing authentication with the eSIM using its pre-ISD key (PreISDkey), and injecting its own new ISD key (New ISDKey) into the eSIM;
After the requesting MNO system authenticates the eSIM using the new ISD key, sending a profile (MNOi Profile) for communication or supplementary service to the eSIM;
And a key management method using the embedded SIM. 14. The method of claim 13,
Wherein the SM performs authentication with the eSIM using a predefined SM ISD key before injecting the pre-ISD of the requesting MNO into the eSIM. 14. The method of claim 13,
Wherein the SM receives a pre-ISD key of the MNO from the MNO system through a hardware security module (HSM). An embedded SIM (eSIM) interworking with one or more communication carriers (MNOs)
Accessing an initial-opening MNO system using a communication module or a provisioning profile for an initially-opened initial-opening MNO, accessing an Issuer Security Domain (ISD) key for the initial-opening MNO from the initial- Performing authentication via a predefined default ISD key, receiving a new ISD key from the initial-opening MNO system, authenticating with the initial-opening MNO system using the new ISD key, And receives a profile (MNO1 Profile) for additional services. A donor MNO system, a built-in SIM (eSIM) interworking with a receiving MNO system,
Receiving from the donor MNO system a pre-ISD key of the receiving MNO after performing authentication via a new (New) issuer security domain (ISD) key of the donor MNO system and the donor MNO,
Receiving a new ISD key (NewISDKey) of the receiving MNO from the receiving MNO system after performing authentication with the receiving MNO system using the pre-ISD key (PreISDkey)
(MNO2 Profile) for communication with the receiving MNO or an additional service after authenticating with the receiving MNO system using the new ISD key of the receiving MNO. An embedded SIM (eSIM) interworking with at least one communication carrier (MNO) system and a subscription manager ('SM'),
Receiving and storing a pre-ISD key of the requesting MNO transmitted by the SM that received the request from one of the MNOs,
Performs authentication with the request MNO system using a pre-ISD key (PreISDkey) of the requesting MNO, and receives a new ISD key (NewISDKey) of the requesting MNO,
(MNOi Profile) of the requested MNO from the requesting MNO system after performing authentication with the requesting MNO system using the new ISD key. 1. A program installed in a built-in SIM (eSIM) interworking with at least one communication carrier (MNO)
A function of accessing an initial-opening MNO system using a communication module or a provisioning profile for an initially-opened initial-opening MNO,
Performing authentication via an Issuer Security Domain (ISD) key or a predefined default ISD key for the initial opening MNO from the initial opening MNO system;
Receiving a new ISD key from the initial opening MNO system;
(MNO1 Profile) for communication or an additional service with the initial opening MNO after authentication with the initial opening MNO system using the new ISD key. A program installed in a donor MNO system, an embedded SIM (eSIM) interlocked with a receiving MNO system,
Receiving from the donor MNO system a pre-ISD key of the receiving MNO after performing authentication via a new (New) issuer security domain (ISD) key of the donor MNO system and the donor MNO;
Receiving a new ISD key (NewISDKey) of the receiving MNO from the receiving MNO system after performing authentication with the receiving MNO system using the pre-ISD key (PreISDkey)
Recording the program that performs a function of receiving a profile (MNO2 Profile) for communication with the receiving MNO or an additional service after authenticating the receiving MNO system using the new ISD key of the receiving MNO media. A program installed in a built-in SIM (eSIM) interworking with at least one service provider (MNO) system and a subscription manager ('SM'),
A function of receiving and storing a pre-ISD key of a requesting MNO transmitted by an SM receiving a request from one of the MNOs;
Receiving a new ISD key (NewISDKey) of the request MNO after performing authentication with the request MNO system using a pre-ISD key (PreISDkey) of the requesting MNO;
Performing a function of authenticating the request MNO system using the new ISD key, and then receiving a profile (MNOi Profile) of a request MNO from the request MNO system.

Images