KR20140051018A - Method and apparatus for managing an embedded subscriber identity module in a communication system - Google Patents
Method and apparatus for managing an embedded subscriber identity module in a communication system Download PDFInfo
- Publication number
- KR20140051018A KR20140051018A KR1020120117565A KR20120117565A KR20140051018A KR 20140051018 A KR20140051018 A KR 20140051018A KR 1020120117565 A KR1020120117565 A KR 1020120117565A KR 20120117565 A KR20120117565 A KR 20120117565A KR 20140051018 A KR20140051018 A KR 20140051018A
- Authority
- KR
- South Korea
- Prior art keywords
- profile
- sim
- mno
- built
- communication
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
A method of managing an embedded SIM in a communication system in accordance with an embodiment of the present invention includes the steps of a device including a built-in SIM using a first profile of a first MNO requesting a profile change to a second profile of a second MNO To the communication system, and receives the second profile of the second MNO verified by the communication system. Also, according to another embodiment of the present invention, a method for managing a built-in SIM in a communication system includes the steps of: allocating a built-in SIM identifier from a built-in SIM provider; performing a join request for communication with the MNO using the allocated built- Receive a profile for the MNO from the SM system, and communicate with the MNO via such a profile.
Description
The present invention relates to a method and apparatus for managing a subscriber identity module (SIM) in a communication system, and more particularly, to a method and apparatus for managing a built-in subscriber identity module (SIM).
In general, a SIM is used for user identification in a device capable of communicating. The device may be a variety of devices such as a mobile communication terminal, a terminal for performing machine type communication, various Consumer Devices having a communication function, and a vending machine.
On the other hand, there is a debate about embedded SIM (eSIM), which is capable of setting initial information of a SIM or changing a provider so that it is different from a general SIM. However, due to weakness due to security exposure of information related to the service provider, information related to the service provider, and other difficulties in operating under the existing communication system structure focused on the operator, security is difficult to use when using the built-in SIM, .
The present invention provides a method and apparatus for efficiently managing a built-in SIM in a communication system.
The present invention also provides a method and apparatus for facilitating carrier change of a device in a communication system using a built-in SIM.
The present invention also provides a method and apparatus for easily setting initial information of a built-in SIM in a communication system using a built-in SIM.
The present invention also provides an efficient security management method and apparatus in a communication system using a built-in SIM.
A method of managing an embedded SIM in a communication system in accordance with an embodiment of the present invention includes the steps of a device including a built-in SIM using a first profile of a first MNO requesting a profile change to a second profile of a second MNO To the communication system, and receiving a second profile of the second MNO that is verified by the communication system.
A method of managing a built-in SIM in a communication system according to another embodiment of the present invention includes the steps of: receiving a built-in SIM identifier from a built-in SIM provider; receiving a subscription request for communication with the MNO using the allocated built- And receiving a profile for the MNO from the SM system, and communicating with the MNO in effect via the received profile.
1 is a diagram illustrating an example of a communication system using a built-in SIM according to an embodiment of the present invention;
FIG. 2A and FIG. 2B are flowcharts showing specific procedures of a method of managing a built-in SIM in a communication system according to an embodiment of the present invention;
3 is a diagram illustrating an example of a communication system using a built-in SIM according to another embodiment of the present invention;
4A and 4B are flowcharts illustrating specific procedures of a method for managing a built-in SIM in a communication system according to another embodiment of the present invention.
The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.
The present invention proposes an effective built-in SIM management method for changing a communication service provider, changing related information according to the communication carrier, or security information to a device using the built-in SIM.
Embodiments of the present invention can be applied to an EUTRAN (Universal Terrestrial Radio Access Network) or a Universal Terrestrial Radio Access Network (UTRAN) / GERAN (GSM / EDGE Radio) scheme proposed by the 3rd Generation Partnership Project (3GPP) Access Network (GERAN) system, and 3GPP Evolved Packet System (EPS) system called Long Term Evolution (LTE) system, as well as various wired and wireless communication systems using built-in SIM. The present invention can be applied to embodiments of the present invention to be described later in the communication of information related to a service provider and / or security related information including a change of a service provider in communication between a device using a built-in SIM and a service provider have.
1 is a diagram illustrating an example of a communication system using a built-in SIM according to an embodiment of the present invention. The system of FIG. 1 describes, for example, an EUTRAN based on a 3GPP EPS system as an example, and this method can be used in other similar communication systems.
Referring to FIG. 1, the
In FIG. 1, the embedded
The
In order to set the
1, a subscription manager (SM) 200 provides data to the embedded
On the other hand, according to another embodiment, the data base stored by the SM-DP 230 can be stored and managed for each communication service provider, so that the SM-DP 230 can have the same effect as that of the communication service provider. In addition, when the SM-DP 230 and the SM-SR 210 are configured as separate entities, the SM-SR 210 transmits a DP-access-credential to communicate with the SM- and a secure channel is set between the SM-SR 210 and the SM-DP 230 to enable secure communication.
In yet another embodiment, the SM-DP 230 may be implemented to be separate from the SM-SR 210 and included in the MNO.
The
In the system of FIG. 1, network entities such as the
2A and 2B are flowcharts illustrating a method of managing a built-in SIM in a communication system according to an embodiment of the present invention. In the embodiment of FIG. 2, it is assumed that there are two communication carriers (MNO A and MNO B) as in the example of FIG.
Referring to FIG. 2A, it is assumed that the
The profile includes an operator profile and a provisioning profile. The provider profile includes a remote file or performs an application management process. In addition, the
The provisioning profile includes a network access application associated with a network access credential, such as, for example, at least one IMSI, K security key, And provides the transport capability for profile management between the SM-
Although not shown in FIG. 2A, MNO A 300a and
In the case where the
In step 205, the
In
After performing the mutual authentication in
In another embodiment, the
The SM-
Whether to transmit the information necessary for the verification in the profile verification process in the SM-
In
Referring to FIG. 2B, in
In the above, the profile installer credential is assigned to the profile installer by the provider of the built-in SIM. The profile installer credential may include information such as a private key of the built-in SIM, and enables the encryption / decryption of the profile information. Also, this secret key is used for decrypting the profile information. In this case, the SM can encrypt and decrypt the profile information with the public key, and can decrypt the encrypted profile information by using the built-in SIM. As another embodiment, the profile installer credential may be configured such that the embedded SIM has a public key of the CA, and from the implicit certificate sent by the profile sender, SM-DP, with this CA public key, The public key of the sender, that is, SM-DP, can be derived to verify that the built-in SIM has come to the legitimate sender when it receives the digital signature and digital signature related algorithm information. Another embodiment is that the profile installer credential is a secret credential that is shared between the embedded SIM and the SM-DP, authenticates the SM-DP as a legitimate sender in the embedded SIM through an implicit certificate or the like as in the above embodiment, It is possible to generate the credentials necessary for the SM-DP and the built-in SIM to transmit to the SM-DP, to share the secret information, and then to send the encrypted profile information to the SM-DP.
In the case where the profile installer is implemented differently according to profiles or groups of profiles corresponding to MNOs, the
Or the profile installer credential pre-configured from the beginning when the profile installer corresponding to each MNO is discriminated, the profile installer credential is connected to the SM-
In
In
Then, in
The
Such a profile deactivation cause value can be set for reasons such as change of a communication carrier. If the unregistration procedure is successfully performed, the
According to the embodiment of the present invention, when communication with a communication provider is performed, the device performing communication may be provided with a built-in SIM An identifier, security information, and the like for performing communication in the communication service provider network. Also, the communication service provider can change the communication service provider to the built-in SIM by changing and setting the corresponding information from each related network entity or the like. Therefore, it is possible to securely perform the communication, and it is possible to solve the related security problem in changing the information of the communication carrier.
In addition, according to the embodiment of the present invention described above, it is possible to identify a user like a conventional SIM in a built-in SIM and to change a communication carrier during a product life cycle without being restricted to one communication carrier, SIM reuse is possible.
Further, according to the embodiment of the present invention, information and security information related to communication are securely changed and set in the built-in SIM in various communication systems that can use the built-in SIM, thereby enhancing the efficiency and security of communication.
Hereinafter, another embodiment of the present invention will be described in which a procedure and management method related to initial information setting and information setting of the built-in SIM in a device using the built-in SIM, and a security method are provided. Other embodiments of the present invention can also be applied to various wired / wireless communication systems that can use the built-in SIM as well as the EPS system, UTRAN, GERAN based on 3GPP.
3 is a diagram illustrating an example of a communication system using a built-in SIM according to another embodiment of the present invention. The embodiment of FIG. 3 illustrates a communication environment for initialization related to communication and / or security of an embedded SIM (eSIM), for example, in a 3GPP-based EPS system.
The present embodiment may also be a
The
In the embodiment of FIG. 3, only one profile installer and the number of profiles are shown, but a profile installer and a profile may be provided corresponding to the number of available carriers as in the embodiment of FIG. And the subscription request information (or customer information) for setting the
3, the embedded
In FIG. 3, the
The
The
4A and 4B are flowcharts illustrating a specific procedure of a method of managing a built-in SIM in a communication system according to another embodiment of the present invention, which illustrates communication and security procedures for initial information setting of the embedded
Referring to FIG. 4A, in step 401, the embedded
In
In
4,
In
For example, the SM (600) suggests the following two methods for managing profiles. The first method is to provide
In the second method of managing the profile in the
Meanwhile, the subscription request and response for communication with the MNO in steps 415-1 through 419 of FIG. 4A and the mutual authentication operation are the same as those in steps 203-1 and 203-2 through 207 in FIG. 2A, .
Such a subscription request may be triggered by the M2M service provider as a device to initiate the process of provisioning the device to the embedded SIM. In this case, the built-in SIM has a provisioning profile and the like, and it is possible to perform a process of receiving a profile by connecting to a specific SM through a network of a specific carrier.
In step 417-1 and step 417-2, which are responses to the subscription request, the
In the present embodiment, the configuration of the profile identifier is, for example, as follows. The profile identifier includes a telecom identifier, a country code, a network code, a production date and month, a switch configuration code, a SIM number, and a check digit 19 digit, and the profile identifier operates like a new SIM, so that the virtual built-in SIM category information is added to distinguish the built-in SIM information from the built-in SIM, do. In other words, in the built-in SIM information, information such as a communication company, a country code, a network code, and the like is used to identify the built-in SIM, for example, ICCID. Information such as a communication company, a country code, There may be a way to configure the carrier, country code, and network code information actually assigned to the information (field). That is, there may be a method of combining the built-in SIM information (for example, ICCID) and the built-in SIM category information (for example, a carrier, a country code, a network code information, etc.) . As another example, in addition to the built-in SIM information, category information, that is, a category field or a category indicator indicating that the SIM is a built-in SIM, is concatenated with a carrier, country code, network code information, It can be generated so as to know that the SIM is a profile type rather than a built-in SIM.
In another embodiment, instead of leaving the communication company, the country code, and the network code empty at the time of the internal SIM assignment, a unique identifier such as a built-in SIM is assigned to the built-in SIM category information so as to uniquely distinguish the built- Country, network information, etc., after profile allocation, profile, carrier, country, network information, etc., so that the built-in SIM identifier is merely a built-in SIM and the profile identifier is the actual communication carrier, country, network code There may be a way to provide information.
In another embodiment, the profile identifier in the built-in SIM identifier can be configured by concatenating identifiers uniquely assigned to each communication provider. In another embodiment, when the profile is managed by utilizing the MSISDN, the MSISDN can be used as the profile identifier. As in the above embodiments, the profile identifier or the built-in SIM identifier in the present invention may be configured in various forms.
After the mutual authentication operation is performed in
In
Referring to FIG. 4B, in step 427-1 or 427-2, it is verified whether the profile ID belongs to the corresponding MNO. The verification operation is the same as the description of steps 215-1 and 215-2 in the embodiment of FIG. 2B, and a detailed description thereof will be omitted.
Thereafter, in the embodiment of FIG. 4B, the SM-DP performs encryption on the profile, transmits the encrypted profile to the
Therefore, according to another embodiment of the present invention, in initial setting of an identifier, security information, and the like for performing communication with a built-in SIM, the device performing communication performs a communication Information can be set up and provided, and related security problems can be solved by setting the initial information of the built-in SIM.
According to another embodiment of the present invention, since the initial information of the built-in SIM can be easily set, it is not limited to a single communication service provider, and it is possible to change the service provider during the lifecycle of the device, Can be reused.
While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments, but is capable of various modifications within the scope of the invention. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by the scope of the appended claims, and equivalents thereof.
Claims (4)
Sending a request to a communication system for a device including a built-in SIM using a first profile of a first MNO to change a profile to a second profile of a second MNO; And
And receiving a second profile of the second MNO that is verified from the communication system.
And wherein the second profile of the second MNO is encrypted and transmitted in the communication system.
Receiving a built-in SIM identifier from an embedded SIM provider; And
And performing a subscription request for communication with the MNO using the assigned internal SIM identifier and receiving a verified profile for the MNO from the communication system.
Receiving a profile installer credential including a secret key from the built-in SIM provider; And
And decrypting the received profile using the assigned profile installer credential.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120117565A KR20140051018A (en) | 2012-10-22 | 2012-10-22 | Method and apparatus for managing an embedded subscriber identity module in a communication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120117565A KR20140051018A (en) | 2012-10-22 | 2012-10-22 | Method and apparatus for managing an embedded subscriber identity module in a communication system |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140051018A true KR20140051018A (en) | 2014-04-30 |
Family
ID=50655917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120117565A KR20140051018A (en) | 2012-10-22 | 2012-10-22 | Method and apparatus for managing an embedded subscriber identity module in a communication system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140051018A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160010237A (en) * | 2014-07-19 | 2016-01-27 | 삼성전자주식회사 | apparatus and method for operating of subscriber identification module |
KR20180115242A (en) * | 2016-02-18 | 2018-10-22 | 주식회사 프리피아 | system and method of joining mobile communication, system of authenticating user |
US10939279B2 (en) | 2015-03-25 | 2021-03-02 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading profile in wireless communication system |
CN114978698A (en) * | 2022-05-24 | 2022-08-30 | 中国联合网络通信集团有限公司 | Network access method, target terminal, certificate management network element and verification network element |
-
2012
- 2012-10-22 KR KR1020120117565A patent/KR20140051018A/en not_active Application Discontinuation
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20160010237A (en) * | 2014-07-19 | 2016-01-27 | 삼성전자주식회사 | apparatus and method for operating of subscriber identification module |
WO2016013811A1 (en) * | 2014-07-19 | 2016-01-28 | Samsung Electronics Co., Ltd. | Subscriber identification module management method and electronic device supporting the same |
US9577692B2 (en) | 2014-07-19 | 2017-02-21 | Samsung Electronics Co., Ltd | Subscriber identification module management method and electronic device supporting the same |
US10939279B2 (en) | 2015-03-25 | 2021-03-02 | Samsung Electronics Co., Ltd. | Method and apparatus for downloading profile in wireless communication system |
KR20180115242A (en) * | 2016-02-18 | 2018-10-22 | 주식회사 프리피아 | system and method of joining mobile communication, system of authenticating user |
CN114978698A (en) * | 2022-05-24 | 2022-08-30 | 中国联合网络通信集团有限公司 | Network access method, target terminal, certificate management network element and verification network element |
CN114978698B (en) * | 2022-05-24 | 2023-07-28 | 中国联合网络通信集团有限公司 | Network access method, target terminal, credential management network element and verification network element |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111052777B (en) | Method and apparatus for supporting inter-device profile transfer in a wireless communication system | |
US10623944B2 (en) | Method and apparatus for profile download of group devices | |
US9807605B2 (en) | Method and device for switching subscription manager-secure routing device | |
JP6641029B2 (en) | Key distribution and authentication method and system, and device | |
KR102502503B1 (en) | Profile providing method and device | |
KR102046159B1 (en) | Security and information supporting method and system for using policy control in re-subscription or adding subscription to mobile network operator in mobile telecommunication system environment | |
EP2676398B1 (en) | Wireless device, registration server and method for provisioning of wireless devices | |
CN105706390B (en) | Method and apparatus for performing device-to-device communication in a wireless communication network | |
US10003965B2 (en) | Subscriber profile transfer method, subscriber profile transfer system, and user equipment | |
EP2731382B1 (en) | Method for setting terminal in mobile communication system | |
US8578153B2 (en) | Method and arrangement for provisioning and managing a device | |
JP6033291B2 (en) | Service access authentication method and system | |
US20200367049A1 (en) | APPARATUS AND METHOD FOR ACCESS CONTROL ON eSIM | |
US8001379B2 (en) | Credential generation system and method for communications devices and device management servers | |
WO2020035150A1 (en) | Handling of subscription profiles for a set of wireless devices | |
KR20150051568A (en) | Security supporting method and system for proximity based service device to device discovery and communication in mobile telecommunication system environment | |
KR102546972B1 (en) | Apparatus, method for handling execptions in remote profile management | |
KR20140051018A (en) | Method and apparatus for managing an embedded subscriber identity module in a communication system | |
KR20090121520A (en) | A method for transmitting provisioning data between provisioning server and mobile terminal, and a mobile terminal and a provisioning server for the same method | |
CN113286290B (en) | Method and device for downloading configuration files of group equipment | |
WO2023134844A1 (en) | Establishment of network connection for a communication device | |
KR20210147822A (en) | Method and apparatus to transfer network access information between devices in mobile communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |