KR20140024796A - Method for managing profiles in subscriber identidy module embedded in user terminal and apparatus using the method - Google Patents

Abstract

Disclosed are a managing method for profiles in a subscriber authentication module embedded in a terminal and a subscriber authentication device using the same. The managing method for profiles in a subscriber authentication module embedded in a terminal includes a step of installing one or more profiles; and a step of managing the installed profiles. According to the present invention, the development and commercialization of an embedded universal integrated circuit card (eUICC) for an eUICC card manufacturer, a terminal manufacturer, and an eco-system business operator are possible as the design and development of a profile managing module is possible without changing an existing UICC platform. [Reference numerals] (110) First agent; (120) Copy-target disk; (130) Profile managing unit; (131) Profile block managing module; (132) Profile information storage module; (133) Policy performing module; (140) Profile installing unit; (AA) Activated profile A; (BB) Deactivated profiles; (CC) Loaded profiles

Description

A profile management method of a subscriber authentication module installed in a terminal device and a subscriber authentication device using the same

The present invention relates to profile management in a subscriber authentication module, and more particularly, to a profile management method of a subscriber authentication module installed in a terminal device and a subscriber authentication device using the same.

A UICC (Universal Integrated Circuit Card) is a smart card inserted in a terminal and can be used as a module for network connection authentication. The UICC may include NAA (Network Access Applications), which is an application for accessing various networks of operators such as a universal subscriber identity module (USIM) for WCDMA / LTE network access and a subscriber identity module (SIM) for GSM network access. .

Embedded SIM (eSIM or eUICC), which is integrated in the manufacturing of terminals instead of conventional detachable UICC, has been proposed for terminals requiring miniaturization and durability such as M2M (Machine to Machine) terminals.

eUICC provides network access authentication function like existing detachable UICC, but due to its physical structure, it should be possible to handle network access of several operators with one UICC, and there are many issues such as eUICC opening / distribution / subscriber information security There is a need to prepare measures for this. To solve this problem, international standardization organizations such as GSMA and ETSI have been carrying out standardization activities for related companies such as operators, manufacturers, SIM vendors, and other necessary elements including top-level structure.

In ETSI, a Working Group (WG) for establishing eUICC standards is currently active. Currently, a module called Profile is defined for post personalization of applications for network access authentication functions of euICC, And has established requirements for installation and management. We are also discussing the management policy and application of the profile, but yet concrete measures have not been defined yet.

If the subject of such profile management and policy control is an eUICC external object such as a terminal or a subscriber manager (SM), the external object must manage profile information and policy rules for all eUICCs and perform policy rules. In order to execute the rules, we need to define the interworking interface between eUICC and external objects. In addition, if there is no on-card object to manage the profile itself, it is difficult to know the list and status of profiles on the current card inside or outside the card, and if the information is managed by an external object such as a server, the actual eUICC The service may not be performed because synchronization with the state of the network is not performed.

Meanwhile, the profile management and policy execution function may be provided by using the existing UICC platform. In this case, modification of the platform specification is required to add the corresponding function to the platform. In other words, in order to add the corresponding function to the existing UICC platform in order to satisfy the above requirements, it is necessary to modify all platform-related specifications such as Global Platform (GP), ETSI, 3GPP, etc. This is a task that consumes more time and resources than specifying the function of eUICC.

Due to the lack of specific details regarding eUICC's profile management, it is difficult for eUICC card manufacturers, terminal manufacturers, and eco-system providers to develop and commercialize eUICC.

An object of the present invention for overcoming the above-mentioned problems is to provide a profile management method of a subscriber authentication module that is installed in a terminal device.

Another object of the present invention to provide a subscriber authentication device using the profile management method.

According to an aspect of the present invention, there is provided a method for managing a profile in a subscriber authentication module installed in a terminal device. The method includes installing one or more profiles and managing one or more installed profiles.

Here, the one or more profiles are distinguished by unique identifiers.

Managing the installed one or more profiles may include registering the installed profile.

Managing the installed one or more profiles may include changing the state of the requested profile to an active or disabled state.

Managing the installed one or more profiles may include deleting the profile requested to be deleted.

In this case, one or more active profile of the one or more profiles may be present at any time.

The managing of the one or more installed profiles may include changing a policy rule according to whether a profile policy change request conforms to an existing rule.

Managing the one or more installed profiles may include providing information about profile related data requested for inquiry.

Managing the installed one or more profiles may also include changing the profile manager key requested to change.

Managing the installed one or more profiles may also include changing the profile to an initialized state.

According to another aspect of the present invention, a subscriber authentication device embedded in a terminal device includes a profile manager that manages one or more profiles and information on one or more profiles.

Subscriber authentication device according to an embodiment of the present invention is an eUICC.

The profile manager includes a profile information storage unit for storing one or more profile related information and a policy enforcement function unit for applying and managing the profile related policy.

The subscriber authentication device may further include an interface unit for communicating with an external object.

The external object may be a subscriber manager module or a terminal device.

The interface unit receives one or more profile related requests from the external object and returns a success or error message for the request to the external object.

The profile manager may change and manage one or more states of a corresponding profile and corresponding profile related information changed according to the profile related request.

The profile related request may include at least one of a profile registration request, a profile state change request, a profile deletion request, a profile policy change request, a profile related data inquiry request, and a profile manager key change request, and a profile one initialization request.

The one or more profile related information may include one or more of a profile list, a profile related network access application list, a profile state, and a profile type.

The one or more profiles are distinguished by a unique identifier, and the unique identifier of the profile may be set based on one or more information of a mobile country code and a mobile network code.

The present invention provides a secure profile management method that allows the external interworking device and the internal module to query profile information on the eUICC and the profile related policy of the eUICC and change the policy rule.

Through this, it is possible to synchronize the eUICC profile information managed by the external companion device with the profile information on the actual eUICC.

In addition, the present invention can clearly define the implementation on the eUICC of the PEF (Policy Enforcement Functions) defined in the existing ETSI requirements standard, through which the design and development of eUICC itself and external interworking devices can be standardized.

In addition, it is possible to design and develop a profile management module without changing the existing UICC platform, so that eUICC card manufacturers and terminal manufacturers' eco-system operators can develop and commercialize eUICC.

1 is a diagram illustrating a connection relationship between an eUICC and peripheral external devices according to an embodiment of the present invention.
2 is a block diagram of an eUICC module according to an embodiment of the present invention.
3 is a flowchart illustrating an operation of a profile management method for installing and registering a profile according to the present invention.
4 is an operation flowchart according to an embodiment of a profile management method for changing a profile state to active according to the present invention.
5 is a flowchart illustrating an operation of a profile management method for changing a profile state to disabled according to the present invention.
6 is a flowchart illustrating an operation of deleting and managing a profile according to an embodiment of the present invention.
7 is a flowchart illustrating a method of deleting and managing a profile according to an exemplary embodiment of the present invention.
8 is a flowchart illustrating an operation of a profile management method for changing a profile policy according to the present invention.
9 is an operation flowchart according to an embodiment of a method for querying profile related information according to the present invention.
10 is an operation flowchart according to another embodiment of a method for querying profile related information according to the present invention.
11 is a flowchart illustrating an operation of changing a key of a profile manager according to an exemplary embodiment of the present invention.
12 is a flowchart illustrating a profile management method according to an embodiment of the present invention.
13 illustrates an embodiment of a DELETE command configuration and related parameters.
14 illustrates one embodiment of a GET STATUS command and associated parameter configuration.
15 illustrates an embodiment of a SET STATUS command and associated parameter configuration.

While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail.

It should be understood, however, that the invention is not intended to be limited to the particular embodiments, but includes all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "comprise" or "having" are intended to indicate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, and one or more other features. It is to be understood that the present invention does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the relevant art and are to be interpreted in an ideal or overly formal sense unless explicitly defined in the present application Do not.

The following terms are defined in consideration of the functions of the present invention and can be called differently depending on the client or operator, intention or precedent of the user, and the like. Therefore, the definition of a term should be based on the contents throughout this specification.

The term eUICC (embedded UICC) or eSIM (embedded SIM) used in the present application is used to mean an embedded SIM (Subscriber Identity Module) which is integrated in the manufacture of a terminal in a sense different from a conventional detachable UICC.

As used herein, the term 'terminal' refers to a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber unit (Subscriber Unit). May be referred to as a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit / receive unit (WTRU), a mobile node, mobile or other terms. Various embodiments of the terminal may be used in various applications such as cellular telephones, smart phones with wireless communication capabilities, personal digital assistants (PDAs) with wireless communication capabilities, wireless modems, portable computers with wireless communication capabilities, Devices, gaming devices with wireless communication capabilities, music storage and playback appliances with wireless communication capabilities, Internet appliances capable of wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions have.

The terminal may include an M2M (Machine to Machine) terminal, an MTC (Machine Type Communication) terminal / device, but is not limited thereto.

In addition, each block or step described herein may represent a module, segment, or portion of code that includes one or more executable instructions for executing a particular logical function (s). It should also be appreciated that in some embodiments, the functions referred to in blocks or steps may occur out of order. For example, it is also possible that two blocks or steps shown in succession are performed at the same time, or that the blocks or steps are sometimes performed in reverse order according to the corresponding function.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. In order to facilitate the understanding of the present invention, the same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

According to the present invention, the profile management and profile related policy execution are performed by the eUICC itself, not an external object. To this end, the present invention provides a block / module called a profile manager that manages profile information and profile related policy execution on the eUICC. Define.

The present invention also defines the functions and roles of the profile manager, and defines and applies specific data managed by the profile manager, an interworking interface with external modules, commands provided by the profile manager, and security matters of the profile manager. Through this, we propose embodiments for changing and applying the policy on the actual eUICC.

A profile according to the present invention is a module that includes one or more network connection applications (including parameter data for network connection, file structure, etc.) and network connection authentication credentials. The profile can be accessed with a unique value (ID) on the eUICC, and the types of profile include a provisioning profile and an operator profile.

Provisioning profile, when installed on an eUICC to provide transport capability for eUICC and profile management between the eUICC and Subscription Manager-Secure Routing (SM-SR), establishes a connection to the network. A profile that contains one or more network connection applications and associated network connection credentials that enable it.

An operator profile is a profile that includes one or more network connection applications and associated connection credentials.

As such, unlike the conventional removable USIM, there may be several profiles on the eUICC.

Therefore, in the eUICC environment, unlike the conventional removable USIM, there is a need to manage and control several profiles. In the present invention, the following functions are defined for management and control of various profiles.

According to a first embodiment of a profile management and control method according to the present invention, basic information about a profile, such as a profile list installed on an eUICC, a network access application (NAA) list matching a profile, a profile state, and a profile type, is managed. . In addition, there is a need for a function for informing the corresponding information when requested from an internal or external object (Subscriber Manager (SM), terminal, etc.).

According to the second embodiment of the profile management and control method according to the present invention, even if several mobile network operator (MNO) profiles exist on the eUICC, only one profile is enabled at any given time (the corresponding profile is Control to be selectable).

In this regard, the control of activation, deactivation, loading, deletion, etc. of multiple profiles on the eUICC is controlled for various reasons defined below.

The first reason is that eUICC can inherently load and install several profiles at the same time, but at any moment, the serving network operator's profile must be activated so that the network service of the provider operates normally. This is because performance and security issues should not occur.

The second reason is that when several carrier profiles are loaded in the eUICC, the device may want to provide one or several activated profiles according to the characteristics of the terminal and the requirements of the carrier / service provider. Because you have to be in control.

According to the third embodiment of the profile management and control method according to the present invention, when attempting to load, install, activate, deactivate, or delete a profile on the eUICC, the capability of the eUICC and the corresponding profile or profile owner (MNO) Control this according to whether or not.

As described above, the present invention manages the information of the profiles installed to provide the same network access function as the existing removable USIM on the eUICC, an object (for example, to apply and control the profile-related policy (policy rules)) It defines the definition, function, related data, security matters, and interworking interface of the profile manager that provides an interface for interworking with the Subscribe Manager, and proposes how to change and apply the policy of the eUICC.

Profile manager according to the present invention, the profile list installed in the eUICC and the NAA list of the profile, the profile status, policy policy management and execution (policy enforcement), providing an external interface for profile management, security protocol support Module on eUICC.

The profile manager also includes a data object for managing all profiles installed on the eUICC in the profile information storage module, and manages various kinds of data defined below.

-Installed profile IDs, list of Network Access Applications (NAA) included in each profile, status of each profile, type of each profile (eg operational profile, provisioning profile, etc.)

-Number of profiles currently active

-allowable memory size for all profiles on eUICC

-Profile-related policy data can have the following detailed data

Maximum number of active profiles

List of Public Land Mobile Networks (PLMNs) or profile IDs for profiles that can be activated

Can include detailed data such as whether profile deletion is allowed and profile status change notification tags

According to the present invention, the profile information of the profile manager may be managed in the form of a data object, and an embodiment of the data object definition may be confirmed through Table 1 below.

Table 1 shows an embodiment of profile information and policy data according to the present invention.

 Among the data shown in Table 1, data and policy rules related to each profile, that is, profile ID, profile status, profile type, profile deletion permission, profile status change notification tag, etc. can be managed in the profile itself. For example, it may be managed by a subscription manager (SM), a mobile network operator (MNO) system, etc.).

Therefore, the method of obtaining / modifying data and policy rules related to each profile in the profile manager is a method of obtaining profile management data and information through the eUICC internal interworking interface between the profile manager and the profile and the external interlocked object through the external interface of the profile manager. Importing from can be used.

The method of obtaining / modifying data and policy rules related to the entire profile is obtained from the external interlocking object through the external interface of the profile manager according to the type of data and policy (maximum number of profiles that can be activated and public land mobile of the profiles that can be activated). Network) or a list of profile IDs), or a method obtained by the profile management unit itself at the time of profile installation / deletion / status change (number of currently active profiles, number of installed profiles, allowable memory size for all profiles on eUICC, etc.) This can be.

1 is a diagram illustrating a connection relationship between an eUICC and peripheral external devices according to an embodiment of the present invention.

The eUICC 100 according to the present invention includes a mobile network operator-over the air (MNO-OTA) 200, an MNO core network 300, one or more subscription manger-secure routing (SM-SR) 410, one or more. It is connected with a subscription manger-data preparation (SM-DP) 420.

The MNO-OTA 200 and the MNO core network 300 are operated by an entity, i.e., a mobile network operator, that provides communication services to customers over the mobile network, and communicates with the terminals. As shown in FIG. 1, the MNO-OTA 200 provides profile content access credentials to the eUICC 100.

The SM-SR 410 plays a role of safely performing a function of directly managing a provider profile and a provisioning profile on the eUICC. According to an embodiment of the present invention, the SM-SR 410 is connected to the profile manager 130 in the eUICC for this purpose. The profile manager 130 will be described in detail with reference to FIG. 2 below.

The SM-DP 420 also prepares the operator profile and the provisioning profiles to be securely provisioned on the eUICC, for example, encrypts the profile. According to an embodiment of the present invention, the SM-DP 420 is connected to the profile installation unit 140 in the eUICC for this purpose. The profile installation unit 140 will be described in detail with reference to FIG. 2 below.

2 is a block diagram of an eUICC module according to an embodiment of the present invention.

The components to be described below with reference to FIG. 2 are components defined by functional divisions, not physical divisions, and may be defined by the functions each performs. Each component may be implemented as hardware and / or program code and a processing unit performing the respective functions, and functions of two or more components may be embodied in one component.

Therefore, the names assigned to the constituent elements in the present embodiment are not intended to physically distinguish the respective constituent elements but are given to imply typical functions performed by the respective constituent elements. The technical idea of the present invention is not limited.

As shown in FIG. 2, the eUICC 100 according to an embodiment of the present invention basically includes a card operating system 110 and a standard platform such as Java Cards and an API 120.

The eUICC 100 may include a profile manager 130 and a profile installer 140 for profile installation and management.

The profile installation unit 140 has a key for installing a profile instance as a module for verifying, decrypting, and installing profile data. In addition, as shown in Figure 2, there are a number of profiles in the eUICC and if only the profile block is loaded is a loaded profile (Loaded profile), the installed profile of the (active) / disabled (disabled) profile depending on the state Exists in form.

In detail, the profile manager 130 may include a profile block management module 131, a profile information registry 132, and a profile related policy enforcement function 133. Can be.

 The profile block management module 131 manages an encrypted data block when installing a profile, and has a key for performing profile installation, profile deletion, profile activation, profile deactivation, and the like.

The profile information storage module 132 manages the profile list installed in association with the profile installation unit 140, the NAA list of the corresponding profile, the profile state, the profile type information, and the like.

The policy execution module 133 manages profile related policies and applies them.

In relation to the security characteristics of the profile manager 130, the profile manager 130 confidentiality of the Application Protocol Data Unit (APDU) exchanged between the eUICC 100 and the external companion device through a secure channel. And integrity.

The profile manager 130 also ensures the confidentiality and integrity of the command after generating a session key through external authentication before processing a command requiring security such as updating profile management data, changing a profile state, and deleting a profile.

The profile manager 130 supports remote management of profile management data change, profile state change, profile deletion, and the like through over-the-air (OTA). The key for the secure channel and the OTA function of the profile manager 130 is safely managed separately, and this key can be changed to a new key by the owner of the corresponding key, for example, through a PUT KEY command.

A feature of the present invention is the role of the profile information storage module 132 and the profile related policy execution module 133 among the detailed modules of the profile manager 130 in the eUICC structure, and the profile information storage module 132 and the profile related policy. It is deeply related to the security characteristics of the data managed by the execution module 133, an interworking interface with an external device, the profile information storage module 132, and the profile related policy execution module 133.

Specific operations for managing profile information and applying policies according to the present invention include operations such as profile installation and registration of profile information installed, profile state change, profile deletion, profile policy rule change, and profile related data inquiry.

In this case, each profile may be identified by a unique ID, and the profile ID may be regarded as including a Mobile Country Codes (MCC), a Mobile Network Codes (MCC) code, or a value that can be mapped to an MCC or an MNC. .

The operation for managing such profile information and applying a policy according to the present invention may be performed through an interworking interface between a terminal, a profile manager on an eUICC, and a profile on an eUICC.

Hereinafter, embodiments of a calculation operation for managing profile information and applying a policy according to the present invention will be described in detail.

Install profile and register installed profile information

3 is a flowchart illustrating an operation of a profile management method for installing and registering a profile according to the present invention.

According to an embodiment of the present invention shown in FIG. 3, the profile installation is initiated by an INSTALL command input from the external companion device 500, and at the end of the installation, the profile 150 displays itself as a profile manager. 130) to register (REGISTER).

Here, the registration message that the profile 150 transmits to the profile manager 130 to register the profile itself to the profile manager 130 after the installation is completed, includes a profile ID, a profile type, and a NAA list. (NAAs list), profile initial status may be included as its parameters.

Detailed blocks such as the profile block management module 131 and the profile installation unit 140 of the profile manager 130 may be related to profile installation.

If profile registration is successful, the profile manager 130 returns the success result to the profile. If registration fails, that is, if an error occurs, profile the corresponding result according to the reason for failure (for example, registration success but status setting error or registration failure). (150).

The profile 150 receiving the registration result value returns a failure message (Success) indicating a successful installation and registration or a failure message (status word) including a failure result code (status word) to the external companion device 400. . In this case, the external companion device 500 may be a terminal or a subscriber manager (SM) which is a subscription module.

If the initial profile state is the active state, the profile manager 130 performs the profile state change procedure described below. On the other hand, when the initial profile state is inactive, the profile manager 130 registers only the installed profile information and does not perform a profile state change procedure separately.

Change profile status

4 is an operation flowchart according to an embodiment of a profile management method for changing a profile state to active according to the present invention.

In other words, FIG. 4 illustrates an interworking protocol between an external companion device (eg, a terminal) 500, a profile manager 130 on the eUICC 100, and a profile 150 on the eUICC, in order to change the profile state to active. One embodiment of the diagram is illustrated.

According to the exemplary embodiment of the present invention illustrated in FIG. 4, when the state of the profile 150 changes from inactive to active, the external companion device 500 supports a SET STATUS command supported by the profile manager 130 to change the state. Can be used. The profile manager 130 may include a profile ID included in the SET STATUS command received from the external companion device 500 and state to be changed (for example, “enable” in the embodiment illustrated in FIG. 4). Acquire it.

When the profile manager 130 receives the SET STATUS command, the PLMN (or profile ID) of the profile owner is “PLMN (or profile ID) list of the profiles that can be enabled from the data managed by the profile manager 130. Check whether it is included in the ”, or return an error if not included.

The profile manager 130 also checks the "maximum number of profiles that can be activated" among the managed data objects, and when the number of profiles currently active is smaller than the maximum number of profiles that can be activated, the SET STATUS internal interworking API (Application Programming Interface) Through change the state of the profile 150 to the active.

The profile 150 receiving the SET STATUS command from the profile manager 130 through the internal interworking API is activated through the ACTIVATE ADF (DF) which is one of the USIM file management commands. Change to the state.

In the embodiment of FIG. 4, the NAA state change is performed in the profile, but the embodiment in which the NAA state change is performed by the profile manager according to the shape of the profile is also possible.

On the other hand, if an error is returned from the profile 150 itself or if an error occurs in the internal execution of the profile manager 130, the error is returned to the external companion device 500. When the NAA state change is successfully made, a success result code is returned to the external companion device 500.

When the profile state is successfully changed, the profile manager 130 increases the number of profiles of the currently active state among the managed data objects by one.

5 is a flowchart illustrating an operation of a profile management method for changing a profile state to disabled according to the present invention.

When the state of the profile 150 changes from active to inactive, the external companion device 500 may use the SET STATUS command supported by the profile manager 130 to change the state. At this time, the SET STATUS command includes a profile ID and status information to be changed as parameters.

The profile manager 130 receiving the SET STATUS command changes the state of the profile 150 to inactive through the SET STATUS internal interworking API. Profile 150 changes the NAA state it manages to inactive, for example using DEACTIVATE ADF (DF), one of the USIM file management commands. However, the NAA state change may be performed by the profile manager 130 according to the shape of the profile.

Here, when an error is returned from the profile 150 itself or an error occurs when the profile manager 130 performs the internal operation, a result code (for example, “already disabled” or “general failure”) is sent to the external companion device 500. Returns an error containing).

When the state change of the profile 150 is normally processed, the profile manager 130 checks the “profile state change notification tag” of the corresponding profile among the managed data objects to perform a method such as OTA (Over The Air) when notification is required. The status change can be transmitted to the mobile communication network operator (MNO) of the profile.

Here, when using the OTA method for the notification notification, for example, the "SEND SHORT MESSAGE" proactive command defined in ETSI TS 102 223 may be used, in which case the profile manager 130 may output a result code. By returning SW = '91XX' to the external companion device 500, the eUICC may inform that there is data to be transmitted. On the other hand, if notification is not required, the profile manager 130 returns a general success result code (status word = '9000') to the external companion device 500.

When the state of the profile 150 is successfully changed, the profile manager 130 decreases the number of profiles of the currently active state among the managed data objects by one.

Delete profile

6 is a flowchart illustrating an operation of deleting and managing a profile according to an embodiment of the present invention.

As a method of deleting a profile by receiving a profile deletion request from the external companion device 150, two cases of deregistration by the profile manager after the profile itself is deleted and deletion by the profile manager may be considered.

6 illustrates a case where the registration of the profile manager 130 is canceled after the profile 150 itself is deleted.

The external companion device 500 may use the DELETE command to delete the profile itself. When a specific profile is deleted by the request of the external companion device 500, the profile 150 requests the profile manager 130 to deregister the profile using the DEREGISTER API. The profile manager 130 deletes the profile deregistration requested profile and the NAA from the management profile list. The profile manager 130 returns a success result after correcting the relevant data and normal processing, and returns an error including a result code when an error occurs while deleting the profile information.

7 is a flowchart illustrating a method of deleting and managing a profile according to an exemplary embodiment of the present invention.

As mentioned above, when the external companion device 500 requests the profile deletion, it may be considered that there are two cases in which the profile itself is deleted after the profile itself is deleted and the case where the profile is deleted through the profile manager.

If the embodiment shown in FIG. 6 illustrates the case where the profile manager 130 performs the deregistration after deleting the requested profile from the profile itself, FIG. 7 illustrates the process of deleting the profile through the profile manager 130. An embodiment of the interworking protocol is shown.

In this embodiment of deleting the profile through the profile manager 130, the DELETE command may be used among the interworking interfaces of the profile manager 130. In this case, the external companion device 500 may transmit the profile ID to be deleted when the DELETE command is called to the profile manager 130 as a parameter. The DELETE command should be possible only through authorized objects, and therefore requires mutual authentication between the eUICC 100 and the external interworking device 500 and, for example, secure messaging with encryption or signature attached to the session key. ) Can be executed by the DELETE command.

When the deletion of the profile information is normally processed, the profile manager 130 returns a success result to the external companion device 500. For example, if the profile has already been deleted (for example, profile not found), If an error occurs, return an error with the result code.

Change profile policy rules

8 is a flowchart illustrating an operation of a profile management method for changing a profile policy according to the present invention.

When changing the profile policy rule, the external companion device 500 may use the STORE DATA command supported by the profile manager 130. At this time, the external companion device 500 includes a data object (DO) of the policy rule to be changed as a parameter in the STORE DATA command and transmits it to the profile manager 130.

The profile manager 130 checks whether the change policy rule does not violate the existing rule (for example, if the maximum number of active profiles is smaller than the number of currently active profiles, the profile manager 130 is currently active to prevent violation of the change policy rules). Checks whether one or more of the profiles in the state need to be changed, etc.) and returns an error result if it is violated, and returns a success result if it is changed normally.

Query profile-related data

Profile-related data can be thought of as divided into data and policy rules managed by the profile information storage module 132 of the profile manager 130 and data and policy rules managed by the profile itself 150.

9 is an operation flowchart according to an embodiment of a method for querying profile related information according to the present invention.

Specifically, FIG. 9 illustrates an embodiment of an interworking protocol when the profile manager 130 inquires about profile and policy information managed by the profile manager 130.

When inquiring profile information and policy information managed by the profile manager 130, the external companion device 500 may use a GET DATA command supported by the profile manager 130. In this case, the GET DATA input to the profile manager 130 may include a tag of data to be queried by the external companion device 500. On the other hand, the GET DATA command may not include additional parameters in the entire data search.

The profile manager 130 receiving the GET DATA command checks the validity of the parameter and returns the corresponding data information or the entire data object to the external companion device 500.

10 is a flowchart illustrating a method of inquiring profile related information in accordance with another embodiment of the present invention.

Specifically, FIG. 10 illustrates an embodiment of an interworking protocol when inquiring profile management data and policy information (eg, meta information such as profile type and state change policy) managed by the profile itself 150.

When the profile management data and policy information managed by the profile itself 150 are to be inquired, the external companion device 500 may use a GET DATA command supported by the profile manager 130. In this case, the GET DATA command may include a tag and a profile ID of data to be queried by the external companion device 500 as its parameters.

The profile manager 130 obtains current management data or policy information of the profile 150 using the GET DATA internal interworking API using the identifier of the corresponding data tag as a parameter. The profile manager 130 may store management data or policy information received from the profile 150, if necessary, in the profile information storage module 132 described with reference to FIG. 2. The profile manager 130 returns management data or policy information received from the profile 150 to the external companion device 500.

When the profile manager 130 requires data realization of the profile information storage module 132 of the profile manager 130 in addition to the case where the management data or the policy information of the profile is requested from the external companion device 500, for example, The management data and policy information of the profile can be obtained through the interworking protocol.

Change Profile Manager Key

11 is a flowchart illustrating an operation of changing a key of a profile manager according to an exemplary embodiment of the present invention.

In detail, FIG. 11 illustrates an embodiment of an interworking protocol when a key of the profile manager is changed.

The external companion device 500 may use a PUT KEY command to change a key managed by the profile manager 130. Here, the key managed by the profile manager 130 is a key used for secure messaging. The external companion device 500 transmits new key data to be changed as a parameter of the PUT KEY command.

At this time, the external companion device 500 performs a process of mutual authentication through the key before changing with the profile manager 130 before calling the PUT KEY command for changing the key. If the authentication through the key before the change is normally performed and the parameter is valid, the profile manager 130 changes the key and returns the result to the external companion device 500.

12 is a flowchart illustrating a profile management method according to an embodiment of the present invention.

The profile management method according to the present invention illustrated in FIG. 12 may be mainly performed by a subscriber authentication module installed in a terminal device, for example, an eUICC.

The profile management method according to the present invention may largely include installing one or more profiles (S1200) and managing installed one or more profiles (S1300). Here, one or more profiles can be distinguished by a unique identifier.

Managing the installed one or more profiles (S1300) may include several detailed steps. Specifically, managing the one or more installed profiles includes registering a file to be installed (S1310), changing a profile state to active or inactive (S1321), deleting a requested profile (S1331), Changing the policy of the requested profile (S1341), changing the key of the requested profile manager (S1351), and providing information about the requested data (S1361).

Changing the profile state to active or inactive (S1321) is performed when there is a profile state change request (S1320) previously, and deleting the requested profile (S1331) and previously deleting a profile (S1330) If it is present. In the step S1341 of changing the policy of the profile, only when a policy change of the corresponding profile is requested (S1340), the policy rule is changed according to whether the profile policy change request is in accordance with the existing rule.

The step of changing the key of the profile manager (S1351) is performed only when a key change for the profile manager is requested (S1350). Providing information on the requested data (S1361) is also performed only when there is a data inquiry request (S1360) for the data.

Each detailed step of the profile management step (S1300) listed above is shown only as an example only for convenience, the order may be reversed, and the determining step (S1320, S1330, S1340, S1350, S1360) It can also be integrated into one step.

Hereinafter, the profile management unit 130 according to the present invention looks at the interworking interface, that is, the command provided to exchange with the external companion device 150 for profile management. Commands used for profile management according to the present invention can be summarized as follows.

SELECT

-STORE DATA

-PUT KEY

-GET DATA

DELETE PROFILE

-GET STATUS

SET STATUS

-INITIALIZE UPDATE

EXTERNAL AUTHENTICATE

General coding rules of the profile management command according to the present invention are in accordance with ISO / IEC 7816-4 and ETSI TS 102 221, Global Platform Specification, and in the present invention, the function and request parameters / data and response data of each command. Define for.

The SELECT command, which is the first embodiment of the profile management command according to the present invention, is a command for the external companion device 100 to select the profile manager 130 and the profile 150.

The profile manager 130 and the profile 150 support the command of the SELECT by name (P1 = '04 ') option, and the data field of the command includes the profile manager ID or profile ID to be selected.

File control information may be included as response data of the SELECT command, and the file control information may include an ID of the profile manager (or a profile), life cycle data, and the like.

The configuration of the request command and response command related to the SELECT command conforms to the global platform and the ETSI TS 102 221 standard.

The STORE DATA command, which is a second embodiment of the profile management command according to the present invention, is a command for an external type device to issue or update management data and policy rules of the profile manager. If the length of data to be transmitted is large, it can be used by dividing into several STORE DATA commands.

As a data field of request command, it supports Tag Length Value (TLV) data object of profile management data and policy data described in Table 1 above.

The configuration of the request and response commands related to the STORE DATA command follows the configuration of the STORE DATA command of the global platform.

The PUT KEY, which is a third embodiment of the profile management command according to the present invention, is a command for issuing / adding / updating a key managed by the profile manager. The PUT KEY command provides the ability to update an existing key or keys or add a new key or keys.

The configuration of the PUT KEY-related request command and response command may follow the configuration of the PUT KEY command of the global platform standard.

The GET DATA command, which is a fourth embodiment of the profile management command according to the present invention, is used to import one data object or several data objects.

The GET DATA command supports the import of TLV data objects of the profile management data and policy data specified above.

The configuration of the request and response commands related to the GET DATA command may follow the configuration of the GET DATA command of the global platform.

The DELETE command, which is a fifth embodiment of the profile management command according to the present invention, is used to delete an object such as a profile, a NAA of the profile, and a profile manager key. The delete profile and profile related data (eg NAAs) command supports the TLV data object of the profile ID as the data field of the request command. To delete key data, key-related data (eg key version, key ID, etc.) object is supported as the value of the data field of the request command.

13 illustrates an embodiment of a DELETE command configuration and related parameters.

The parameter configuration, data field, and response command configuration of the request command related to the DELETE command may follow the configuration of the DELETE command of the global platform standard.

The GET STATUS command, which is a sixth embodiment of the profile management command according to the present invention, is used to obtain the life cycle status information of the profile manager and the profiles.

The GET STATUS command may set the type of the object (profile manager / profiles) to obtain status information with a reference control parameter (P1).

14 illustrates one embodiment of a GET STATUS command and associated parameter configuration.

Search criteria can be set in the request command data field related to GET STATUS, and this value can support the application ID (tag '4F').

Command parameters, response data structures, etc. related to the GET STATUS command follow the configuration of the GET STATUS command of the global platform.

The SET STATUS command, which is a seventh embodiment of the profile management command according to the present invention, is used to change the life cycle state of a profile.

The SET STATUS command can set Profile only / Profile and related application options as status type parameter P1, and the life cycle status of the profile, e.g. active, with status control parameter P2. You can set inactivity. You should be able to set the ID of the profile whose status you want to change with the data field of the request command.

15 illustrates an embodiment of a SET STATUS command and associated parameter configuration.

The request command data fields and response data structures related to the SET STATUS command follow the configuration of the SET STATUS command of the global platform standard.

The INITIALIZE UPDATE command, which is an eighth embodiment of the profile management command according to the present invention, is a command for transmitting session data between an eUICC and an external companion device during a secure channel initialization procedure.

INITIALIZE UPDATE Commands The configuration of request and response commands related to the INITIALIZE UPDATE command follows the configuration of the INITIALIZE UPDATE command of the Global Platform Specification.

The EXTERNAL AUTHENTICATE command, which is a ninth embodiment of the profile management command according to the present invention, is a command used to authenticate an external interworking device during a secure channel initialization procedure and to determine a security level required for executing the next command. This command can be executed after the INITIALIZE UPDATE command is executed normally.

EXTERNAL AUTHENTICATE Command The configuration of request and response commands related to the command follows the configuration of the EXTERNAL AUTHENTICATE command of the global platform standard.

According to the above embodiments, the profile management method according to the present invention including the above-described steps, operation sequences, and instructions may be implemented as computer-readable program code on a computer-readable recording medium.

The computer readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. For example, there are ROM, RAM, CD-ROM, DVD-ROM, Blu-ray, magnetic tape, floppy disk, optical data storage, and the like, and also include those implemented in the form of a carrier wave (eg, transmission over the Internet). .

The computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion. The functional program code for carrying out the technical idea of the present invention can be easily deduced by the programmers of the technical field of the present invention.

As described through the above embodiments, the present invention provides a secure profile management method that allows the external interworking device and the internal module to query profile information on the eUICC and the profile related policy of the eUICC and change the policy rule.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the present invention as defined by the following claims You will understand.

Claims (20)

A method of managing a profile in a subscriber authentication module built in a terminal device,
Installing one or more profiles; And
Managing one or more installed profiles. The method according to claim 1,
And the one or more profiles are distinguished by unique identifiers. The method according to claim 1,
Managing the one or more installed profiles,
Subscribing to a profile to be installed. The method according to claim 1,
Managing the one or more installed profiles,
State change A method for managing a profile comprising the step of changing a state of a requested profile to an enabled or disabled state. The method according to claim 1,
Managing the one or more installed profiles,
Deleting the requested profile. The method according to claim 1,
And one active provider profile among the one or more profiles exists at any time. The method according to claim 1,
Managing the one or more installed profiles,
And changing the policy rule in accordance with the existing rule for the profile policy change request. The method according to claim 1,
Managing the one or more installed profiles,
Providing information about the profile-related data requested for a query. The method according to claim 1,
Managing the one or more installed profiles,
Changing the requested profile manager key. The method according to claim 1,
Managing the one or more installed profiles,
Changing the profile to an initialization state. 1. A subscriber identity device built in a terminal device,
One or more profiles; And
Subscriber authentication device including a profile manager for managing information about one or more profiles. The method of claim 11,
The profile manager,
A profile information storage unit for storing one or more profile related information; And
And a Policy Enforcement Function unit for applying and managing the profile related policy. The method of claim 11,
Subscriber authentication device further comprises an interface for communicating with the external companion device. The method according to claim 13,
The external companion device is a subscriber management module (Subscriber Manager) or a terminal device, subscriber authentication device. The method according to claim 13,
The interface unit includes:
And receiving one or more profile related requests from the external companion device and returning a success or error message for the request to the external companion device. The method of claim 11,
The profile manager,
And change management of at least one of a corresponding profile and corresponding profile related information changed according to the profile related request. 16. The method of claim 15,
The profile related request,
And at least one of a profile registration request, a profile status change request, a profile deletion request, a profile policy change request, a profile related data query request, and a profile manager key change request, and a profile initialization request. The method of claim 11,
And the one or more profiles are distinguished by a unique identifier. The method of claim 12,
The one or more profile related information,
And at least one of a profile list, a profile related network access application list, a profile status, and a profile type. 19. The method of claim 18,
The unique identifier of the profile,
And be set based on one or more of a mobile country code and a mobile network code.

Images