KR20200099457A - Method and apparatus for secondary platform bundle download using activation code - Google Patents

Abstract

According to some embodiments of the present disclosure, a terminal receives data including an activation code from a service provider, detects the activation code, distinguishes each element of the activation code, identifies whether the activation code includes a bundle identifier, distinguishes between smart secure platform (SSP) basic information and family-specific information in the activation code, and may perform bundle download by using the SSP basic information when the activation code contains SSP basic information.

Description

SSP bundle download method and device using activation code {METHOD AND APPARATUS FOR SECONDARY PLATFORM BUNDLE DOWNLOAD USING ACTIVATION CODE}

The present disclosure relates to a method and apparatus for downloading, installing, and storing a bundle in a smart security medium of a terminal.

Efforts are being made to develop an improved 5G communication system or a pre-5G communication system in order to meet the increasing demand for wireless data traffic after the commercialization of 4G communication systems. For this reason, the 5G communication system or the pre-5G communication system is referred to as a communication system after a 4G network (Beyond 4G Network) or a system after an LTE system (Post LTE). In order to achieve a high data rate, the 5G communication system is being considered for implementation in the ultra-high frequency (mmWave) band (for example, the 60 gigabyte (60 GHz) band). In order to mitigate the path loss of radio waves in the ultra-high frequency band and increase the propagation distance of radio waves, in 5G communication systems, beamforming, massive array multiple input/output (MIMO), and full dimensional multiple input/output (FD-MIMO) ), array antenna, analog beam-forming, and large scale antenna technologies are being discussed. In addition, in order to improve the network of the system, in 5G communication system, advanced small cell, advanced small cell, cloud radio access network (cloud RAN), ultra-dense network , Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, CoMP (Coordinated Multi-Points), and interference cancellation And other technologies are being developed. In addition, in the 5G system, advanced coding modulation (ACM) methods such as Hybrid FSK and QAM Modulation (FQAM) and SWSC (Sliding Window Superposition Coding), advanced access technologies such as Filter Bank Multi Carrier (FBMC), NOMA (non-orthogonal multiple access), and sparse code multiple access (SCMA) have been developed.

On the other hand, the Internet is evolving from a human-centered network in which humans generate and consume information, to an Internet of Things (IoT) network that exchanges and processes information between distributed components such as objects. Internet of Everything (IoE) technology, which combines IoT technology with big data processing technology through connection with cloud servers, is also emerging. In order to implement IoT, technology elements such as sensing technology, wired/wireless communication and network infrastructure, service interface technology, and security technology are required, and recently, a sensor network for connection between objects, machine to machine , M2M), and MTC (Machine Type Communication) technologies are being studied. In the IoT environment, intelligent IT (Internet Technology) services that create new value in human life by collecting and analyzing data generated from connected objects can be provided. IoT is the field of smart home, smart building, smart city, smart car or connected car, smart grid, healthcare, smart home appliance, advanced medical service, etc. through the convergence and combination of existing IT (information technology) technology and various industries. Can be applied to.

Accordingly, various attempts have been made to apply a 5G communication system to an IoT network. For example, technologies such as sensor network, machine to machine (M2M), and MTC (Machine Type Communication) are implemented by techniques such as beamforming, MIMO, and array antenna. There is. As the big data processing technology described above, a cloud radio access network (cloud RAN) is applied as an example of the convergence of 5G technology and IoT technology. As described above and with the development of a mobile communication system, various services can be provided, and a method for effectively providing these services is required.

The disclosed embodiment is a method for installing the bundle on a smart security medium of an electronic device after a user pays for a service to be received using a bundle to be installed on an electronic device and obtains permission, and configures an activation code that can be recognized by the terminal software. Offer a way to do it.

According to some embodiments of the present disclosure, there is provided a method of operating a service provider, comprising: defining an activation code to be input by a terminal in order to perform a download operation of a Secondary Platform Bundle to a smart secure platform; Adding family-specific information including a bundle identifier to the activation code; And it can provide a method comprising the step of providing an activation code to the terminal.

In addition, according to some embodiments of the present disclosure, a method of operating a terminal may include: receiving data including an activation code from a service provider; Detecting the activation code; Discriminating each element (element, field value) of the activation code; Identifying whether the activation code includes a bundle identifier; Detecting a family value of a bundle from the activation code; Classifying SSP basic information and family-specific information in the activation code; Analyzing family-specific information by using the family value of the bundle; When the activation code does not have the SSP basic information, or when the activation code contains only information on an activation code of a specific service that already exists (e.g., an activation code of eSIM), activate the family bundle or bundle the family Selecting one of and downloading an applet (eg, eSIM profile) in the activated bundle or the selected bundle; When receiving the activation code, confirming a terminal setting for setting whether to download a bundle of a smart security medium or download an applet in an existing bundle; And when SSP basic information is included in the activation code, performing bundle download using the SSP basic information.

The technical problems to be achieved in the present disclosure are not limited to the technical problems mentioned above, and other technical problems that are not mentioned will be clearly understood by those of ordinary skill in the technical field to which the present disclosure belongs from the following description. I will be able to.

1 is a diagram illustrating a terminal in which an SSP is embedded and an LBA application is installed according to some embodiments of the present disclosure.
2 is a diagram illustrating a procedure of downloading a bundle using an SSP activation code in an SSP terminal according to some embodiments of the present disclosure.
3 is a diagram illustrating a procedure for downloading a bundle or an applet using an SSP activation code in an SSP terminal or a terminal equipped with a security medium other than the SSP according to some embodiments of the present disclosure.
4 is a diagram illustrating an example of a method of inputting an SSP activation code to an SSP terminal according to some embodiments of the present disclosure.
5 is a diagram illustrating an example of a configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.
6 is a diagram illustrating another example of a configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.
7A is a diagram illustrating an operation procedure of a terminal when an SSP terminal detects an activation code according to some embodiments of the present disclosure.
7B is another diagram illustrating an operation procedure of a terminal when an SSP terminal detects an activation code according to some embodiments of the present disclosure.
8A is a diagram illustrating a procedure of an operation of detecting and interpreting an activation code by an SSP terminal according to some embodiments of the present disclosure.
8B is another diagram illustrating a procedure of an operation of detecting and interpreting an activation code by an SSP terminal according to some embodiments of the present disclosure.
9A is a diagram illustrating a procedure of an operation of detecting and interpreting an SSP activation code by a terminal equipped with a security medium other than SSP (eg, eUICC) according to some embodiments of the present disclosure.
9B is a diagram illustrating a procedure of an operation of detecting and interpreting an SSP activation code by a terminal equipped with a security medium other than SSP (eg, eUICC) according to some embodiments of the present disclosure.
10 is a diagram illustrating a structure of a terminal according to some embodiments of the present disclosure.
11 is a diagram illustrating a structure of a service provider according to some embodiments of the present disclosure.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

In describing embodiments of the present disclosure, descriptions of technical contents that are well known in the technical field to which the present disclosure belongs and are not directly related to the present disclosure will be omitted. This is to more clearly convey the gist of the present disclosure by omitting unnecessary description.

For the same reason, some components in the accompanying drawings are exaggerated, omitted, or schematically illustrated. In addition, the size of each component does not fully reflect the actual size. The same reference numerals are assigned to the same or corresponding components in each drawing.

Advantages and features of the present disclosure, and a method of achieving them will be apparent with reference to embodiments described later in detail together with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, only the present embodiments are intended to complete the present disclosure, and those of ordinary skill in the art to which the present disclosure pertains. It is provided to fully inform the scope of the disclosure, and the present disclosure is only defined by the scope of the claims. The same reference numerals refer to the same components throughout the specification.

At this time, it will be appreciated that each block of the flowchart diagrams and combinations of the flowchart diagrams may be executed by computer program instructions. Since these computer program instructions can be mounted on the processor of a general purpose computer, special purpose computer or other programmable data processing equipment, the instructions executed by the processor of the computer or other programmable data processing equipment are described in the flowchart block(s). Create a means to perform functions. These computer program instructions can also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular way, so that the computer-usable or computer-readable memory It is also possible to produce an article of manufacture containing instruction means for performing the functions described in the flowchart block(s). Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operating steps are performed on a computer or other programmable data processing equipment to create a computer-executable process to create a computer or other programmable data processing equipment. It is also possible for instructions to perform processing equipment to provide steps for executing the functions described in the flowchart block(s).

In addition, each block may represent a module, segment, or part of code that contains one or more executable instructions for executing the specified logical function(s). In addition, it should be noted that in some alternative execution examples, functions mentioned in blocks may occur out of order. For example, two blocks shown in succession may in fact be executed substantially simultaneously, or the blocks may sometimes be executed in reverse order depending on the corresponding function.

In this case, the term'~ unit' used in the present embodiment means software or hardware components such as FPGA or ASIC, and'~ unit' performs certain roles. However,'~ part' is not limited to software or hardware. The'~ unit' may be configured to be in an addressable storage medium, or may be configured to reproduce one or more processors. Thus, as an example,'~ unit' refers to components such as software components, object-oriented software components, class components and task components, processes, functions, properties, and procedures. , Subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, database, data structures, tables, arrays, and variables. The components and functions provided in the'~ units' may be combined into a smaller number of elements and'~ units', or may be further divided into additional elements and'~ units'. In addition, components and'~ units' may be implemented to play one or more CPUs in a device or a security multimedia card.

Specific terms used in the following description are provided to aid understanding of the present disclosure, and the use of these specific terms may be changed in other forms without departing from the technical spirit of the present disclosure.

SE (Secure Element) stores security information (e.g., mobile communication network access key, user identification information such as ID card/passport, credit card information, encryption key, etc.), and a control module (e.g., USIM, etc.) that uses the stored security information. Network access control module, encryption module, key generation module, etc.) are mounted and operated with a single chip. SE can be used in various electronic devices (e.g., smartphones, tablets, wearable devices, automobiles, IoT devices, etc.), and security services (e.g., mobile communication network access, payment, user authentication, etc.) through security information and control modules. Can provide.

SE can be divided into UICC (Universal Integrated Circuit Card), eSE (Embedded Secure Element), and SSP (Smart Secure Platform), which is an integrated form of UICC and eSE, and is removable depending on the type of connection or installation to an electronic device. ), fixed type (Embedded), and can be subdivided into integrated type (Integrated) that is integrated into a specific device or SoC (system on chip).

UICC (Universal Integrated Circuit Card) is a smart card inserted into a mobile communication terminal and used, and is also called a UICC card. The UICC may include an access control module for accessing the mobile communication service provider's network. Examples of access control modules include Universal Subscriber Identity Module (USIM), Subscriber Identity Module (SIM), and IP Multimedia Service Identity Module (ISIM). UICC with USIM is also commonly referred to as a USIM card. Similarly, a UICC including a SIM module is commonly referred to as a SIM card. On the other hand, the SIM module may be mounted when manufacturing the UICC or download the SIM module of the mobile communication service to be used at a time desired by the user to the UICC card. The UICC card can also download and install a plurality of SIM modules, and select and use at least one SIM module among them. Such a UICC card may or may not be fixed to the terminal. The UICC fixed to the terminal is called eUICC (embedded UICC), and in particular, a system-on-chip including a communication processor of the terminal, an application processor, or a single processor structure in which the two processors are integrated. The UICC built in (SoC) is sometimes referred to as iUICC (Integrated UICC). Typically, eUICC and iUICC may refer to a UICC card that is fixed to a terminal and used, and which can remotely download and select a SIM module. In the present disclosure, a UICC card capable of remotely downloading and selecting a SIM module is collectively referred to as eUICC or iUICC. That is, among UICC cards that can be selected by downloading a SIM module remotely, a UICC card that is fixed or not fixed to the terminal is collectively used as eUICC or iUICC. In addition, the SIM module information to be downloaded is collectively referred to as eUICC profile or iUICC profile, or more simply as a term of a profile.

eSE (Embedded Secure Element) refers to a fixed type SE that is fixed to an electronic device and used. eSE is usually manufactured exclusively for manufacturers at the request of the terminal manufacturer, and can be manufactured including an operating system and a framework. eSE remotely downloads and installs an applet-type service control module and can be used for various security services such as electronic wallets, ticketing, e-passports, and digital keys. In the present disclosure, the SE in the form of a single chip attached to an electronic device that can remotely download and install a service control module is collectively referred to as eSE.

A smart security device (SSP, Smart Secure Platform) can be simply referred to as an SSP as it can support the functions of UICC and eSE in a single chip. SSP can be divided into removable (rSSP, Removable SSP), fixed (eSSP, Embedded SSP) and integrated (iSSP, Integrated SSP) built-in SoC. The SSP can be composed of one primary platform (PP) and at least one secondary platform bundle (SPB) operating on the PP, and the primary platform is a hardware platform and a low level operating system (LLOS). ), and the secondary platform bundle may include at least one of a High-level Operating System (HLOS) and an application running on the HLOS. Applications running on top of the HLOS of the Secondary Platform Bundle can be called applets. Secondary platform bundles are also referred to as SPBs or bundles. The bundle accesses resources such as the central processing unit and memory of the PP through the Primary Platform Interface (PPI) provided by the PP, and can be run on the PP through this. The bundle can be equipped with communication applications such as SIM (Subscriber Identification Module), USIM (Universal SIM), ISIM (IP Multimedia SIM), and various application applications such as electronic wallet, ticketing, e-passport, digital key, etc. I can.

The SSP can be used for the above-described UICC or eSE depending on the bundles downloaded and installed remotely, and a plurality of bundles can be installed in a single SSP and operated at the same time to mix the uses of UICC and eSE. That is, when a bundle including a profile is operated, the SSP can be used for UICC to access the network of a mobile communication service provider. The corresponding UICC bundle may operate by downloading at least one profile from a remote location, such as the eUICC or iUICC, and selecting it. In addition, when a bundle including a service control module equipped with an application application capable of providing services such as an electronic wallet, ticketing, e-passport, or digital key is operated on the SSP, the SSP can be used for the eSE. A plurality of service control modules may be installed and operated by being integrated into one bundle, or may be installed and operated as independent bundles.

Hereinafter, terms used in the present disclosure will be described in more detail.

In this disclosure, the SSP is a removable (rSSP, Removable SSP), a fixed type (eSSP, Embedded SSP), and an integrated type built into the SoC (iSSP, Integrated SSP) that can support integrated UICC and eSE functions on a single chip. It is a security module in the form of a chip that can be classified. The SSP can download and install a bundle from an external bundle management server (Secondary Platform Bundle Manager, SPB Manager) using OTA (Over The Air) technology.

In the present disclosure, the method of downloading and installing the bundle using OTA technology in the SSP includes a removable SSP (rSSP) that can be inserted and removed in a terminal, a fixed SSP (eSSP) installed in the terminal, and the SoC installed in the terminal. The same can be applied to the integrated SSP (iSSP).

In the present disclosure, the term UICC may be used interchangeably with SIM, and the term eUICC may be mixed with eSIM.

In this disclosure, the Secondary Platform Bundle (SPB) is driven by using the resources of PP on the Primary Platform (PP) of SSP. For example, the UICC bundle is an application or file system stored in the existing UICC. , Authentication key value, etc. It may mean packaging the operating system (HLOS) in which they operate in software form. In the present disclosure, the secondary platform bundle may be referred to as a bundle.

In the present disclosure, the USIM Profile may mean the same as a profile or may mean packaging information included in a USIM application in a profile in a software form.

In the present disclosure, the operation of enabling the bundle by the terminal or the external server is to change the status of the corresponding profile to the enabled state so that the terminal provides services provided by the bundle (e.g., communication service, credit service through a communication service provider). It may mean an operation of setting to receive a card payment service, a user authentication service, etc.). Bundles in the active state may be expressed as "enabled bundles". The bundle in the activated state may be stored in an encrypted state in a storage space inside or outside the SSP.

The bundle activated in the present disclosure is driven by external input (eg, user input, push, request of an application in the terminal, authentication request from a carrier, PP management message, etc.) or an operation inside the bundle (eg, timer, polling). It can be changed to the state (Active). The running bundle is loaded into the driving memory inside the SSP from the storage space inside or outside the SSP, and it can mean processing security information and providing security services to the terminal using the security control unit (Secure CPU) inside the SSP. have.

In the present disclosure, the operation of disabling a bundle by a terminal or an external server may mean an operation of changing the state of the bundle to a disabled state so that the terminal cannot receive the services provided by the bundle. have. The profile in the inactive state may be expressed as "disabled bundle". The bundle in the activated state may be stored in an encrypted state in a storage space inside or outside the SSP.

In the present disclosure, the bundle management server generates a bundle at the request of a service provider or another bundle management server, encrypts the generated bundle, generates a bundle remote management command, or encrypts the generated bundle remote management command. It may include a function to do. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-DP (Subscription Manager Data Preparation), SM-DP+ (Subscription Manager Data Preparation). plus), Admin Bundle Server, Managing SM-DP+ (Managing Subscription Manager Data Preparation plus), Bundle Encryption Server, Bundle Generation Server, Bundle Provisioner (BP), Bundle Provider, BPC holder (Bundle Provisioning Credentials) holder).

In the present disclosure, the bundle management server may download, install, or update a bundle from the SSP and manage the setting of keys and certificates for remote management of the bundle status. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-SR (Subscription Manager Secure Routing), SM-SR+ (Subscription Manager Secure Routing). Plus), an off-card entity of eUICC Profile Manager, PMC holder (Profile Management Credentials holder), and EM (eUICC Manager).

In the present disclosure, the opening intermediary server is SPBM (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), SPBDS (Secondary Platform Bundle Discovery Sever), BDS (Bundle Discovery Sever), SM-DS (Subscription Manager Discovery Service), DS ( Discovery Service), Root SM-DS, and Alternative SM-DS. The opening brokerage server may receive an event registration request (Register Event Request, Event Register Request) from one or more bundle management servers or opening brokerage servers. In addition, one or more opening brokerage servers may be used in combination, and in this case, the first opening brokerage server may receive an event registration request from not only the bundle management server but also the second opening brokerage server. In the present disclosure, the function of the opening mediation server may be integrated into the bundle management server.

The term'terminal' used in the present disclosure refers to a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, and a subscriber unit. , A subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit/receive unit (WTRU), a mobile node, a mobile or other terms. Various embodiments of the terminal include a cellular phone, a smart phone having a wireless communication function, a personal portable terminal (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, and a digital camera having a wireless communication function. Devices, gaming devices having a wireless communication function, music storage and playback appliances having a wireless communication function, Internet appliances capable of wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions. have. In addition, the terminal may include a machine to machine (M2M) terminal and a machine type communication (MTC) terminal/device, but is not limited thereto. In the present disclosure, the terminal may be referred to as an electronic device. In the present disclosure, the electronic device may include an SSP that can be installed by downloading a bundle. When the SSP is not embedded in the electronic device, the SSP physically separated from the electronic device may be inserted into the electronic device and connected to the electronic device. For example, the SSP may be inserted into an electronic device in the form of a card. The electronic device may include a terminal, and in this case, the terminal may be a terminal including an SSP capable of downloading and installing a bundle. Not only can the SSP be embedded in the terminal, but when the terminal and the SSP are separated, the SSP can be inserted into the terminal, inserted into the terminal, and connected to the terminal.

In the present disclosure, the terminal or electronic device may include a Local Bundle Assistant (LBA) or a Local Bundle Manager (LBM), which is software or applications installed in the terminal or electronic device to control the SSP.

In the present disclosure, the terminal or electronic device may include a Local Profile Assistant (LPA), which is software or application installed in the terminal or electronic device to control the eUICC. The LPA may be included in the Local Bundle Assistant (LBA) and implemented, or may exist in the terminal as an application separate from the LBA. The LPA may be software or an application capable of controlling an eSIM bundle of a terminal incorporating an SSP.

In the present disclosure, the bundle identifier may be referred to as a factor matching a bundle family identifier (SPB Family Identifier), a bundle matching ID, and an event identifier (Event ID). The bundle identifier (SPB ID) may indicate a unique identifier of each bundle. The bundle family identifier (SPB Family Identifier) may indicate an identifier that identifies the type of bundle (eg, a telecom bundle for accessing a mobile communication company network). The bundle identifier can be used as a value that can index bundles in the bundle management server. In the present disclosure, the SSP identifier (SSP ID) may be a unique identifier of the SSP embedded in the terminal, and may be referred to as sspID. In addition, as in the embodiment of the present disclosure, when the terminal and the SSP chip are not separated, it may be a terminal ID. It may also refer to a specific bundle identifier (SPB ID) in the SSP. In more detail, it may refer to the bundle identifier of a management bundle or loader (SPBL, Secondary Platform Bundle Loader) that installs other bundles in the SSP and manages activation, deactivation, and deletion. The SSP may have a plurality of SSP identifiers, and the plurality of SSP identifiers may be values derived from a single unique SSP identifier.

In the present disclosure, a loader (SPBL, Secondary Platform Bundle Loader) may refer to a management bundle that installs another bundle in the SSP and manages activation, deactivation, and deletion. The LBA of the terminal or the remote server can install, activate, deactivate, or delete a specific bundle through the loader. In the present disclosure, the loader may also be referred to as an SSP.

In the present disclosure, an event may be a term collectively referring to a bundle download, a remote bundle management, or a management/processing command of other bundles or SSPs. Event (Event) may be named as a remote bundle provisioning operation (Remote Bundle Provisioning Operation, or RBP operation, or RBP Operation) or event record (Event Record), and each event (Event) corresponding to the event identifier (Event Identifier) , Event ID, EventID) or matching identifier (Matching Identifier, Matching ID, MatchingID), and at least one address (FQDN, IP Address, or URL) or each server identifier of the bundle management server or opening brokerage server where the event is stored It may be referred to as containing data. Bundle Download can be mixed with Bundle Installation. In addition, Event Type can be used as a term indicating whether a specific event is a bundle download, remote bundle management (e.g., delete, activate, deactivate, replace, update, etc.), or other bundle or SSP management/handling command. And, it may be named as an operation type (Operation Type or OperationType), an operation classification (Operation Class or OperationClass), an event request type, an event class, an event request class, etc. .

In the present disclosure, local bundle management (LBM) is a bundle local management, local management, local management command, local command, local bundle management package It may be called (LBM Package), Bundle Local Management Package, Local Management Package, Local Management Command Package, and Local Command Package. LBM changes the status of a specific bundle (Enabled, Disabled, Deleted) through software installed on the terminal, or the contents of a specific bundle (e.g., bundle nickname, bundle metadata, etc.) ) Can be used for updating. The LBM may include more than one local management command, and in this case, the bundles subject to each local management command may be the same or different for each local management command.

In the present disclosure, a target bundle may be used as a term referring to a bundle that is a target of a local management command or a remote management command.

In the present disclosure, a service provider may indicate a business entity that issues a request to a bundle management server to request a bundle generation, and provides a service to a terminal through the bundle. For example, it may represent a mobile operator that provides a communication network access service through a bundle equipped with a communication application, and a business support system (BSS), an operational support system, OSS), Point of Sale Terminal, and other IT systems can all be collectively referred to. In addition, in the present disclosure, the service provider is not limited to expressing only one specific business entity, and may be used as a term referring to a group or association or consortium of one or more businesses or an agency representing the group or association. In addition, in this disclosure, a service provider may be named as an operator (Operator or OP or Op.), a bundle owner (BO), an image owner (Image Owner, IO), etc., and each service provider is a name and/or unique At least one or more identifiers (Object Identifier, OID) may be set or assigned. If the service provider refers to a group or association or agency of one or more businesses, the name or unique identifier of any group or association or agency is shared by all businesses belonging to that group or association, or by all businesses working with the agency. It may be a name or a unique identifier.

In the present disclosure, the NAA is a network access application, and may be an application program such as USIM or ISIM for accessing a network by being stored in the UICC. NAA may be a network access module.

In the present disclosure, the telecom bundle may be a bundle having at least one NAA mounted or a function capable of downloading and installing at least one NAA remotely. In the present disclosure, the telecom bundle may include a telecom bundle identifier indicating this.

In the present disclosure, the eSIM bundle may be a bundle in which an eUICC OS is driven inside to perform the same function as an eUICC to receive a profile from a terminal. In the present disclosure, the eSIM bundle may include a telecom bundle identifier indicating this.

In the present disclosure, the SSP activation code is predetermined information for downloading a bundle to the SSP terminal, and may be referred to as an SSP Activation Code.

In the present disclosure, the eSIM activation code is predetermined information for downloading a profile to an eSIM terminal or an SSP terminal, and may be referred to as an eSIM activation code. The eSIM Activation Code can include the SM-DP+ address to which you need to access to download the profile or the address of the SM-DS server that can inform you of the SM-DP+ address, and can be used as a matching identifier for a specific profile in SM-DP+. Can include the Activation Code Token value. When the eSIM Activation Code is entered in the form of a QR code,'LPA:' may be attached as a prefix of the data contained in the QR code.

In the present disclosure, the activation code may collectively refer to an SSP activation code and an eSIM activation code. In general, in the present disclosure, the activation code may be any activation code before determining that it is an SSP activation code or an eSIM activation code, and when input into the terminal, it may be interpreted as one of an SSP activation code or an eSIM activation code.

In the present disclosure, the SSP activation code identifier may be included as a component of the SSP activation code and may indicate that the terminal can download a bundle (Secondary Platform Bundle) through the activation code. The SSP activation code identifier may also be referred to as a bundle indicator.

Further, in describing the present disclosure, when it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present disclosure, the detailed description thereof will be omitted.

Hereinafter, various embodiments of a method of installing a bundle or applet (eg, a profile) in a terminal equipped with an SSP terminal and other security media using an SSP activation code will be described.

If the compatibility of the activation code is not guaranteed, the user or service provider must provide an appropriate activation code according to the security device of the user's terminal, and there is a need for the user to enter an activation code suitable for the terminal to be used. It can hurt the user experience. In order to solve this problem, the disclosed embodiment is a smart security device compatible with an activation code that can install an applet (eg, eSIM profile) of services inside the bundle (eg, mobile communication network access, payment, user authentication, digital key, etc.). Configure the bundle activation code.

The activation code according to an embodiment of the present disclosure may also be used as a method of downloading, installing, and storing an applet inside a bundle, and downloading, installing and installing an applet on a security medium (e.g., eUICC, eSE) not a smart security medium It can also be used as a storage method.

According to an embodiment of the present disclosure, when a service provider has previously provided a service using an activation code, it may not provide a user with an existing activation code and an activation code for a smart security medium. Further, according to various embodiments of the present disclosure, a user may selectively download a bundle or an applet by inputting an activation code for a smart security medium into a terminal. In addition, according to various embodiments of the present disclosure, the smart security medium terminal may perform bundle download or applet download according to information in the activation code. In addition, according to various embodiments of the present disclosure, even if a terminal other than a smart security medium terminal (eg, a terminal supporting only eSIM) receives a smart security medium bundle activation code, an applet download (eg, profile download) may be performed.

The present disclosure includes the following embodiments of a method of installing a bundle or applet (eg, a profile) in a terminal equipped with an SSP terminal and other security media by using an SSP activation code. However, the embodiments of the present disclosure are not limited to the following embodiments.

-How to define SSP activation code for SSP terminal to download bundle or applet

-How to define an SSP activation code that allows a terminal equipped with an eSIM terminal or other secure medium to download an applet

-How the SSP terminal detects the SSP activation code and interprets the components

-How to download bundle using SSP activation code on SSP terminal

-How to download applet using SSP activation code on SSP terminal

-How to download an applet (e.g., a profile) using an SSP activation code from an eSIM terminal or a terminal equipped with other security media

-A method in which an eSIM terminal or a terminal equipped with other security media detects the SSP activation code and interprets the components

-How to download a bundle using an SSP activation code from an eSIM terminal or other secure medium mounted terminal

Hereinafter, various embodiments of a method and apparatus for downloading a bundle or applet to a terminal by using an SSP activation code in a terminal equipped with an SSP terminal or other security medium will be described in detail with reference to the drawings.

1 is a diagram illustrating a terminal in which an SSP is embedded and an LBA application is installed according to some embodiments of the present disclosure.

Referring to Figure 1, according to some embodiments of the present disclosure, SSP (Smart Secure Platform, Smart Security) consisting of a secondary platform bundle loader 131 and a primary platform 132 The terminal 110 is shown in which the medium) 130 is mounted and the LBA (Local Bundle Assistant) 120, which is an application in the terminal capable of controlling the SSP 130, is implemented. The SSP 130 may include at least one primary platform 132 and at least one secondary platform bundle loader 131. In addition, the SSP 130 may include a secondary platform bundle (bundle) 140, and the bundle 140 includes an application 141 and at least one high-level operating system. (142) may be included. The bundle 140 may be driven within the SSP 130 by accessing resources such as a central processing unit or memory in the primary platform 132 or the SSP 130 using a primary platform interface (not disclosed).

Referring to FIG. 1, the LBA 120 includes an activation code start detection unit 121 capable of detecting the start of an activation code, an activation code analysis unit 122 capable of analyzing each element of the activation code, and A bundle and applet download trigger 123 for starting an operation for downloading a bundle or an applet by using the information may be included. In addition to the activation code start detection unit 121, the activation code analysis unit 122, and the bundle and applet download trigger 123, the LBA 120 includes a component that performs various operations related to the operation of installing a bundle inside the SSP. It may include a server for controlling a bundle installed inside the SSP or a component that performs an operation capable of transmitting a command to the SSP by processing user input. In this case, the command transmitted by the LBA 120 may be executed by the primary platform 132 through the secondary platform bundle loader 131.

The SSP activation code or other activation code (e.g., eSIM activation code) is detected by the activation code start detection unit 121 of the LBA 120 in the terminal 110, and internal information is analyzed by the activation code analysis unit 122 The bundle and applet download trigger 123 may start a bundle or applet download operation based on the analyzed information. In order to perform a bundle or applet download operation, the LBA 120 may transmit a command to the secondary platform bundle loader 131 of the SSP 130.

FIG. 2 is a diagram illustrating a procedure for downloading a bundle using an SSP activation code in the SSP terminal 230 according to some embodiments of the present disclosure. According to some embodiments, the SSP terminal 230 may be a terminal in which the SSP 232 is embedded and the LBA application 231 is installed. Here, the SSP 232 may include an eSIM bundle 233 and a telecom bundle 234, but is not limited thereto.

In step 201, the user 221 may subscribe to a service to be received through the bundle through the agency 211 and pay for the service. In step 202, the agency 211 may transmit the SSP activation code including information for downloading the bundle to the user 221. In step 203, the user 221 may input the SSP activation code to the SSP terminal 230 to cause the SSP terminal 230 to perform a bundle download operation. In step 203, the user 221 inputs the SSP activation code to the terminal. After receiving the SSP activation code in the form of a QR code, the terminal scans the QR code 204 or the SSP activation code string is sent to the terminal. It may be one of the direct input method 205. The method for the user 221 of step 203 to input the SSP activation code to the terminal may include another method of inputting the contents of the activation code to the terminal in addition to the QR code scan 204 and direct input 205.

In step 206, the LBA 231 may perform a bundle download operation with the SPB Manager server 242 or the SPB Manager server 243 including the SM-DP+ function using information of the SSP activation code.

3 is a procedure for downloading a bundle or an applet using an SSP activation code from an SSP terminal 330 or a terminal (eg, eSIM terminal) 350 equipped with a security medium other than SSP according to some embodiments of the present disclosure It is a figure showing. According to some embodiments, the SSP terminal 330 may be a terminal in which an SSP is embedded and an LBA application is installed. In addition, the terminal 350 equipped with a security medium other than the SSP may be a terminal equipped with an eUICC and an LPA application.

In step 301, the user 321 may subscribe to a service to be received through a bundle or an applet through the agency 311 and pay for the service. In step 302, the agency 311 may deliver the SSP activation code including information for downloading the bundle or applet to the user 321. It should be noted that the order of steps 301 and 302 can be reversed. In step 303, the user 321 may input the SSP activation code to the terminals 330 and 350. In step 303, the method for the user 321 to input the SSP activation code to the terminals 330 and 350 is to scan the QR code at the terminals 330 and 350 after receiving the SSP activation code in the form of a QR code. It may be one of a method or a method of directly inputting 305 a character string of the SSP activation code to the terminals 330 and 350. The method for the user 321 of step 303 to input the SSP activation code to the terminals 330 and 350 is to input the contents of the activation code to the terminals 330 and 350 in addition to the QR code scan 304 and direct input 305. Another method may be included.

Terminals (330, 350) receiving the activation code in step 306, through the LPA (351) or the LBA (331) LPA function is implemented, the SM-DP+ server 341 or the SPB Manager 343 having the SM-DP+ function You can request to download the profile at. In step 306, the profile can be any applet. In step 306, the activation code may include one of minimum information for receiving the applet (eg, address of SM-DP+, applet matching ID, eUICC identifier).

The SSP terminal 330 receiving the activation code in step 307 may request a bundle download from the SPB managers 342 and 343 through the LBA 331. In step 307, the LBA 331 may trigger the bundle download procedure to the SPB managers 342 and 343 by using information in the activation code. The information that can be utilized by the LBA 331 in step 307 may include at least one of a domain address or an IP address of the SPB manager 342, 343, a bundle identifier, a bundle matching identifier CODE_M in a server, or a bundle family identifier. have.

4 is a diagram illustrating an example of a method of inputting an SSP activation code into the SSP terminal 410 according to some embodiments of the present disclosure.

The SSP activation code may be input to the SSP terminal 410 in the form of direct input 421, QR code scanning 422, and link click 423.

When providing the SSP activation code to the user, the service provider may provide a first character string 431 that the user can directly input 421 to the SSP terminal 410. In addition, the service provider may provide the SSP activation code to the user in the form of a QR code, and the QR code may be generated by encoding a character string generated based on the first character string 431. The user may directly input 421 the first character string 431 received from the service provider into the LBA application of the SSP terminal 410 to input the SSP activation code. The first string 431 may be input to the LBA through a third party application or a manufacturer application in the terminal.

The character string for generating the QR code can be generated by encoding the first character string 431 as it is, or by adding the “LBA:” character string in front of the first character string 431 like the second character string 432 and encoding it. have. The character string for generating the QR code may be generated by adding the “LPA:” character string in front of the first character string 431 like the third character string 433. The third string 433 may be used when generating an SSP activation code including an eSIM activation code as a QR code. In particular, the third character string 433 may be used for compatibility with an eSIM terminal based on GSMA SGP.22 v2. The QR code generated based on the third string 433 can be used for the purpose of generating an SSP activation code that can also be used for v2 eSIM terminals conforming to the GSMA SGP.22 standard.

The SSP activation code in the form of a QR code may be detected by a camera in the terminal 410, a QR code scanning application, or an LBA application and input to the terminal 410.

When a SSP activation code in the form of a QR code is detected by a camera in the terminal 410, a third party application, or a manufacturer application in the QR code scanning 422 method, when a specific character string is present in the detected code, the terminal 410 Can perform the bundle download procedure by directly transmitting the information of the SSP activation code to the LBA through an internal application interlocking operation. In this case, the specific character string present in the detected code may be a character string that serves as a scheme of the Uniform Resource Identifier (URI) [RFC3986], and may be a character string such as "lba:".

The service provider may provide a string in a link clickable form to the user to input the SSP activation code in a link click 423 method. In order for the user to input the SSP activation code in the link click 423 method, the service provider may provide the user with a string with “lba:” appended to the front of the string, as in the fourth string 434. In order for the user to input the SSP activation code in the link click 423 method, the service provider may provide the user with a string with “lpa:” attached to the front of the string, as in the fifth string 435. In addition to the fourth string 434 and the fifth string 435, the service provider may provide a user with a string in a form in which a link click 423 is possible by placing a specific string in front, and the user clicks the link 423 The LBA or LPA in the terminal 410 may receive the SSP activation code. The service provider may deliver a string in a form in which the link click 423 is possible to the user through SMS, e-mail, or other applications so that the user can input the SSP activation code through the link click 423 method.

When the SSP activation code starts with a specific character string, such as the second character string 432, the fourth character string 434, and the fifth character string 435, this specific character string may be used as an SSP activation code separator.

5 is a diagram illustrating an example of a configuration of an SSP activation code including a family-specific field according to some embodiments of the present disclosure.

Referring to FIG. 5, the SSP basic activation code 510 may be expressed as a series of elements called SSP basic information. The SSP basic activation code 510 may include an SSP activation code identifier 511. The location of the SSP activation code identifier 511 may exist at any location in the SSP basic activation code 510. Meanwhile, in order to indicate the start of the SSP basic activation code, the SSP activation code delimiter 511 may be located in the frontmost element of the SSP basic activation code 510. The SSP basic activation code 510 may include a Family Identifier 512 of a bundle to be downloaded by the terminal through the activation code. The SSP basic activation code 510 may include the address 513 of the SPB Manager server to which the terminal should access to download the bundle through the activation code. The SSP basic activation code 510 may include a CODE_M 514 that is a matching ID of a bundle to be downloaded by the terminal through the activation code. The CODE_M 514 may be used as a matching ID for selecting a bundle to be downloaded in the SPB Manager server for downloading the bundle. The SSP basic activation code 510 may include Challenge_S 515, which is an auxiliary matching ID of a bundle to be downloaded by the terminal through the activation code. Challenge_S 515 may be used as an auxiliary matching ID for selecting a bundle to be downloaded from the SPB Manager server for downloading the bundle. It should be noted that the order of the elements 512, 513, 514, and 515 including the SSP activation code delimiter 511 in the SSP basic activation code 510 may be changed. In addition, each of the elements 511, 512, 513, 514, and 515 of the SSP basic activation code may be distinguished by inserting a delimiter such as'$' between adjacent elements. The method of classifying each element of the SSP basic activation code is not limited to the method of inserting the characteristic string. The SSP basic activation code 510 may include other elements in addition to the elements shown in FIG. 5. The SSP activation code separator 511 may be distinguished from other elements by using a string such as'%ETSI-SSP%'. The SSP activation code delimiter 511 may be used as long as it is a unique character string not found in a value of an existing field or a character string predicted to be used in a field that can be added in the future.

Referring to FIG. 5, the SSP activation code 550 may include an SSP basic activation code 510 and a family special field 530. The family special field 530 may include an eSIM activation code including information for downloading a profile to eUICC, or other information for downloading an applet to eSE. The configuration of the SSP activation code 550 in FIG. 5 is a diagram showing some embodiments in which the SSP basic activation code 510 is positioned after all information of the family special field 530. In the configuration of the SSP activation code 550 of FIG. 5, the SSP activation code identifier 511 may be used as a separator to distinguish the family special field 530 from the SSP basic activation code 510. In FIG. 5, the configuration of the family special field 530 in the SSP activation code 550 may be determined by the value of the family identifier 512.

Although not shown in FIG. 5, the order of each component of the SSP basic activation code 510 and each component of the family special field 530 in the SSP activation code 550 may be changed.

6 is a diagram illustrating another example of a configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.

Referring to FIG. 6, the SSP basic activation code 610 may be expressed as a series of elements. In FIG. 6, the SSP activation code identifier 615 may exist at any position within the SSP basic activation code 610. Meanwhile, in order to indicate the end of the SSP activation code, the SSP activation code separator 615 may be located at the last element of the SSP basic activation code 610. Among the components of the SSP basic activation code, descriptions of the family identifier 611, the SPB manager address 612, the CODE_M 613, and the Challenge_S 614 are duplicated with those of FIG. 5, and thus will be omitted. In addition, each of the elements 611, 612, 613, 614, and 615 of the SSP basic activation code may be distinguished by inserting a delimiter such as'$' between adjacent elements. The method of classifying each element of the SSP basic activation code is not limited to the method of inserting the characteristic string. The SSP basic activation code 610 may include other elements other than the elements shown in FIG. 6.

According to FIG. 6, the SSP activation code 650 may include an SSP basic activation code 610 and a family special field 630. Among the descriptions of the family special field 630, descriptions overlapping with those of FIG. 5 will be omitted. In FIG. 6, the configuration of the SSP activation code 650 is an example in which the family special field 630 is located after the SSP basic activation code 610. In the configuration of the SSP activation code 650 of FIG. 6, the SSP activation code separator 615 may be used as a separator to distinguish the SSP basic activation code 610 from the family special field 630. In FIG. 6, the configuration of the family special field 630 in the SSP activation code 650 may be determined by the value of the family identifier 611.

Although not shown in FIG. 6, the order of each component of the SSP basic activation code 610 and each component of the family special field 630 in the SSP activation code 650 may be changed.

7A is a diagram illustrating an operation procedure of a terminal when an SSP terminal detects an activation code according to some embodiments of the present disclosure.

When predetermined information is input to the SSP terminal in step 701, the SSP terminal detects an activation code from the input predetermined information, and when the activation code is detected, the elements inside the activation code can be analyzed. The predetermined information input to the SSP terminal may be input by a manual or automatic input method including a QR code scan, a user's text input, an image input by a camera, a link click, and the like. The predetermined information input to the SSP terminal may be provided in one of the embodiments described in FIG. 4. The terminal may determine that the activation code is included in predetermined information input to the terminal according to a pre-configured setting. The method of receiving a predetermined input by the terminal may include an operation of displaying a screen to input an activation code to the user and receiving the input or scanning a QR code. In step 701, the method of recognizing that the activation code is input by the terminal may include a method in which the data of the QR code starts with'LBA:' or'LPA:' and the terminal recognizes it. In step 701, the method of recognizing that the activation code is input by the terminal may include a method of recognizing the LBA by clicking a specific link by the user.

In step 701, the SSP terminal may receive predetermined information that can be used to receive the SSP activation code. The predetermined information that can be used to receive the SSP activation code may be referred to as SSP activation code acquisition information. SSP activation acquisition information may be provided after a user purchases a bundle or service from a service provider. The SSP activation code acquisition information may be provided to the terminal in the form of a URL (Universal Resource Locator), and the terminal may acquire the SSP activation code through a specific web site through the URL. In step 701, the terminal may analyze elements included in the activation code according to the configuration of the activation code.

In step 702, the terminal may determine whether there is an SSP activation code identifier among the analyzed activation code elements.

If the SSP activation code identifier is present in the activation code in step 702, the terminal may check whether downloading the bundle to the SSP is a default setting in step 703. If there is no related setting, the terminal may set to download the bundle to the SSP as a default setting. The bundle download setting in step 703 may be set according to the family identifier of the bundle, and the determination of the terminal in step 703 may be based on the terminal setting set for the bundle family identifier in the activation code.

If bundle download is set in the SSP, in step 704, the terminal may start the bundle download procedure using information in the activation code. In step 704, the UE may attempt communication with the SPB Manager for bundle download by using at least one of the address of the SPB Manager in the activation code, the family identifier of the bundle, CODE_M, and challenge_S values.

If the SSP activation code identifier is not detected in the activation code in step 702, or the SSP activation code identifier is present in the activation code in step 703, but the bundle download is not set in the terminal for the family identifier of the bundle, the terminal in step 705 You can install the applet in the bundle of the family identifier. In step 705, the terminal may activate a bundle already installed in the SSP corresponding to the family identifier in the activation code or select one of the activated bundles. When there is no family identifier in the activation code, the terminal may activate or select and use a bundle basically set in the terminal.

When a bundle to be used is selected in step 705, in step 706, the terminal may perform an operation of downloading an applet to the bundle. In step 706, if the family identifier of the bundle is a Telecom family identifier], the applet may be a profile.

7B is another diagram illustrating an operation procedure of a terminal when an SSP terminal detects an activation code according to some embodiments of the present disclosure. FIG. 7B may show a case where the family identifier of the bundle is a Telecom family identifier among the embodiments to be disclosed in FIG. 7A. Steps 711 to 714 may correspond to steps 701 to 704 of FIG. 7A described above, and in the description of FIG. 7B, steps corresponding to the steps of FIG. 7A will be briefly described. In step 712 When the family identifier of the bundle is the Telecom family identifier, in step 715, the terminal may activate the eSIM bundle or select one of the activated eSIM bundles.

When the family identifier of the bundle is the Telecom family identifier in step 712, the operation of downloading the applet in step 716 may be a profile download procedure according to the GSMA Remote SIM Provisioning standard.

8A and 8B are diagrams illustrating a procedure of an operation of detecting and interpreting an activation code by an SSP terminal according to some embodiments of the present disclosure. In FIGS. 8A and 8B, the eSIM activation code defined in GSMA SGP.22 is an example of an activation code other than an SSP activation code.

8A is a diagram illustrating a method of an SSP terminal interpreting and operating an activation code when an SSP activation code according to some embodiments of the present disclosure follows the embodiment illustrated in FIG. 5.

In step 801, the terminal may detect an activation code input. The terminal may display a screen for receiving an activation code input to the user for the purpose of downloading a bundle or applet in the terminal LBA application, allow the user to input a QR code, click a specific link, or detect the QR code in the camera application. When the QR code input, link click, or string input is detected in the terminal in step 801, in step 802, the terminal sends the eSIM activation code prefix (e.g.,'LPA:' or') to the input data (that is, the input detected in step 801). lpa:') is present.

In step 802, if it is determined that the data input to the terminal has the prefix of the eSIM activation code, in step 803, the terminal parses the remaining data among the data input to the terminal using a delimiter ($) Value can be decomposed. The method of parsing the element value is not limited to the method of using the $ delimiter, and each element can be decomposed according to the classification method used when constructing the SSP activation code.

In step 804, the terminal may check whether there is an SSP activation code identifier among the decomposed element values. If the SSP activation code identifier (e.g., %ETSI-SSP%) exists among the element values decomposed in step 803, the terminal activates the activation code that the terminal inputs is the SSP activation code and includes information for downloading the bundle. It can be recognized as code.

If there is an SSP activation code identifier among the elements decomposed in step 803, in step 810, the terminal recognizes that the inputted activation code is an SSP activation code that can download a bundle, and selects the elements located based on the SSP activation code identifier. Bundle download can be performed by using information about (eg, SPB Manager address, CODE_M, etc.). The terminal may perform profile download by proceeding to step 811 without performing step 810, even if the SSP activation code identifier exists among the elements decomposed in step 803 according to the user's terminal setting (applet installation takes precedence over bundle installation). have.

If there is no SSP activation code identifier among the elements decomposed in step 803, the terminal may perform step 811 by considering the activation code received by the terminal as an eSIM activation code rather than an SSP activation code. In step 811, the terminal transmits the parsed elements to the LPA, selects an eSIM bundle in the terminal (if there is no activated eSIM bundle, activates one) to perform a GSMA eSIM profile download procedure.

If the eSIM activation code is not detected at the front of the data input to the terminal in step 802, the terminal may check whether there is an SSP activation code prefix (eg,'LBA:' or'lba:') in step 805.

If it is confirmed that the SSP activation code prefix exists in the data input to the terminal in step 805, the terminal may parse the element value based on the delay ($) of the remaining data among the input data in step 806. . The method of parsing the element value is not limited to the method of using the $ delimiter, and each element can be decomposed according to the classification method used when constructing the SSP activation code. In step 810, the terminal may perform a bundle download based on the parsed element value.

If it is determined in step 805 that the data input to the terminal does not have an SSP activation code prefix, in steps 807 and 808, the terminal detects the first element value among the input data, and the first element value among the input data. You can check whether this is the SSP activation code separator. If it is confirmed that there is no eSIM activation code prefix or SSP activation code prefix in the data input to the terminal in steps 802 and 805 (i.e., activation code input), the terminal inputs the activation code in step 801 instead of entering the QR code. In this case, the terminal may receive the SSP activation code according to whether the first data (i.e., the first data) among the data input to the terminal is the SSP activation code separator. You can judge whether or not.

In step 808, if the first element value (ie, the first element value) among the element values inputted by the terminal is the SSP activation code identifier, the terminal may parse the remaining data among the input data in step 809. . In step 810, the terminal may perform bundle download based on the parsed data.

In step 808, if the initial element value among the element values that the terminal inputs is not the SSP activation code identifier, the activation code may not be an SSP activation code capable of downloading a bundle. Accordingly, the terminal may perform profile download according to steps 803, 804, and 811.

8B is a diagram illustrating a method of an SSP terminal interpreting and operating an activation code when an SSP activation code according to some embodiments of the present disclosure follows the embodiment illustrated in FIG. 6.

In step 821, the terminal may detect an activation code input. When the activation code input is detected, in step 822, the terminal may check whether there is an eSIM activation code prefix ('LPA:') in the input data (ie, activation code input).

If it is determined in step 822 that the eSIM activation code prefix exists in the data input to the terminal, in step 823, the terminal may parse the remaining information of the input data to decompose the element values. In step 830, the terminal transmits the parsed element values to the LPA and selects an eSIM bundle to perform a profile download procedure.

If it is confirmed in step 822 that the data input to the terminal does not have an eSIM activation code prefix, in step 824, the terminal may parse the input data using a delimiter to decompose the element value. The method of parsing the element value is not limited to the method of using the $ delimiter, and each element can be decomposed according to the classification method used when constructing the SSP activation code. In step 825, the UE may determine whether the last element value among the decomposed element values is an SSP activation code identifier (eg, %ETSI-SSP%).

If it is determined in step 825 that the value of the last element is the SSP activation code identifier, the terminal considers that the activation code received by the terminal is an SSP activation code including only the SSP basic activation code, which is information for downloading the bundle, and step 829 You can do it. In step 829, the terminal may perform a bundle download using the decomposed element values (family identifier of the bundle, SPB Manager address, CODE_M, etc.).

If it is determined in step 825 that the last element value is not the SSP activation code identifier, in step 826, the terminal finds a location of the SSP activation code identifier among the decomposed element values. If there is an SSP activation code identifier among the decomposed element values, the terminal indicates that the elements preceding the SSP activation code identifier are elements of the SSP basic activation code (the family identifier of the bundle), which is information available for bundle download. SPB Manager address, CODE_M), and the following elements can be regarded as the value of the family special field that can download the applet of the corresponding bundle. In this case, the terminal may analyze each element value of the family special field by using the family identifier in the SSP basic activation code. For example, when the family identifier of the bundle is the Telecom family identifier, the terminal may interpret each element of the family special field by corresponding to the eSIM activation code. If there is no SSP activation code identifier among the element values decomposed in step 826, the terminal may consider it an error and end the procedure.

If the terminal succeeds in classifying the SSP basic activation code and the family special field based on the SSP activation code delimiter in step 826, in step 827, the terminal has priority among downloading the bundle or downloading the applet in the bundle in the SSP setting in the terminal. Check.

If the priority of the bundle download is higher in step 827 or there is no setting for the priority itself, in step 829, the terminal may perform the bundle download by using the element value of the SSP basic activation code.

If the terminal setting in step 827 is to install only the applet in the bundle, or if the applet installation is prioritized, in step 828, the terminal can install the applet by using the element value of the family special field. As a specific example of step 828, when the family identifier of the bundle is the Telecom family identifier, the terminal may interpret each element value in correspondence with the eSIM activation code in the family special field. When the value of the family special field is interpreted in step 828, the terminal may transfer the family special field to the LPA in step 830. In addition, the terminal may select one of the activated eSIM bundles in the terminal and allow the LPA to perform a procedure of installing a profile in the selected eSIM bundle.

9A and 9B are diagrams illustrating a procedure of an operation of detecting and interpreting an SSP activation code by a terminal equipped with a security medium other than the SSP (eg, eUICC).

9A is a diagram illustrating a procedure of an operation of an eSIM terminal detecting and interpreting an SSP activation code according to the embodiment of FIG. 5.

For the detection of the activation code input in step 901, see step 801 in FIG. 8A. In step 902, the LPA of the terminal may parse the activation code. If the elements of the activation code parsed in step 903 follow the format of the eSIM activation code defined in the eSIM standard, the terminal may perform a profile download procedure in step 905. The example that the activation code parsed in step 903 follows the format of the eSIM activation code starts with the value of AC_FORMAT defined in the standard, and the SM-DP+ address, AC_TOKEN and other optional elements are divided into the order and delay defined in the standard. It may include the case of becoming. If the activation code elements parsed in step 903 are not interpreted as the eSIM activation code, in step 904, the terminal may process an error and terminate the procedure.

9B is a diagram illustrating a procedure of an operation of an eSIM terminal detecting and interpreting an SSP activation code according to the embodiment of FIG. 6.

Steps 911, 912, and 913 of FIG. 9B refer to descriptions of steps 901, 902, and 903 of FIG. 9A. When the activation code input to the terminal is parsed in step 916 and it is determined that the format of the eSIM activation code is determined in step 913, the LPA of the terminal may perform profile download using information in the activation code. If it is determined that the element parsed in step 913 does not follow the format of the eSIM activation code, in step 915, the terminal may determine whether an SSP activation code identifier exists among the parsed elements. If there is an SSP activation code identifier in step 915, since the information behind the SSP activation code identifier is information of the family special field, in step 916, the terminal extracts only the information immediately after the SSP activation code identifier and performs step 912 again. . If the family special field present behind the SSP activation code identifier is the eSIM activation code, the terminal may pass the determination in step 913 and perform a profile download procedure according to step 914. If the SSP activation code identifier is not detected in step 915, the terminal may process an error and terminate the procedure in step 917.

10 is a diagram illustrating a structure of a terminal according to some embodiments of the present disclosure.

As shown in FIG. 10, the terminal of the present disclosure may include a processor 1001, a transceiver 1002, and a memory 1003. However, the components of the terminal are not limited to the above-described example. For example, the terminal may include more or fewer components than the above-described components. In addition, the processor 1001, the transceiver 1002, and the memory 1003 may be implemented in the form of a single chip. The structure of the terminal 100 shown in FIG. 1 may correspond to the structure of the terminal 1000 of FIG. 10, but is not limited thereto.

According to some embodiments, the processor 1001 may control a series of processes in which the terminal may operate according to the above-described embodiment of the present disclosure. There may be a plurality of processors 1001, and the processor 1001 may perform the above-described methods according to the exemplary embodiment of the present disclosure by executing a program stored in the memory 1003.

The transceiving unit 1002 may transmit and receive signals with a service provider. Signals transmitted and received with the service provider may include control information and data. The transceiver 1002 may include an RF transmitter that up-converts and amplifies a frequency of a transmitted signal, and an RF receiver that amplifies a received signal with low noise and down-converts a frequency. However, this is only an embodiment of the transmission/reception unit 1002, and components of the transmission/reception unit 1002 are not limited to the RF transmitter and the RF receiver. Also, the transceiver 1002 may receive a signal through a wireless channel and output it to the processor 1001, and transmit a signal output from the processor 1001 through a wireless channel.

According to some embodiments, the memory 1003 may store programs and data necessary for the operation of the terminal. In addition, the memory 1003 may store control information or data included in signals transmitted and received by the terminal. The memory 1003 may be formed of a storage medium such as a ROM, a RAM, a hard disk, a CD-ROM, a DVD, or a combination of storage media. Also, there may be a plurality of memories 1003.

11 is a diagram illustrating a structure of a service provider according to some embodiments of the present disclosure.

As shown in FIG. 11, a service provider of the present disclosure may include a processor 1101, a transmission/reception unit 1102, and a memory 1103. However, the components of the service provider are not limited to the above-described example. For example, a service provider may include more or fewer components than the above-described components. In addition, the processor 1101, the transceiver 1102, and the memory 1103 may be implemented in the form of a single chip. The processor 1101 may control a series of processes so that the service provider can operate according to the above-described embodiment of the present disclosure.

The transceiving unit 1102 may transmit and receive signals to and from the terminal. Signals transmitted and received with the terminal may include control information and data. The transceiver 1102 may include an RF transmitter that up-converts and amplifies a frequency of a transmitted signal, and an RF receiver that amplifies a received signal with low noise and down-converts a frequency. However, this is only an exemplary embodiment of the transmitting and receiving unit 1302, and components of the transmitting and receiving unit 1102 are not limited to the RF transmitter and the RF receiver. In addition, the transmission/reception unit 1102 may receive a signal through a wireless channel, output it to the processor 1101, and transmit a signal output from the processor 1101 through a wireless channel. There may be a plurality of processors 1101, and the processor 1101 may perform the method according to various embodiments of the present disclosure described above by executing a program stored in the memory 1103.

According to some embodiments, the memory 1103 may store programs and data required for operation of a service provider. In addition, the memory 1103 may store control information or data included in signals transmitted and received by a service provider. The memory 1103 may be composed of a storage medium such as a ROM, a RAM, a hard disk, a CD-ROM, a DVD, or a combination of storage media. In addition, the number of memories 1103 may be plural. The methods according to the embodiments described in the claims or specification of the present disclosure may be implemented in the form of hardware, software, or a combination of hardware and software.

When implemented in software, a computer-readable storage medium storing one or more programs (software modules) may be provided. One or more programs stored in a computer-readable storage medium are configured to be executable by one or more processors in an electronic device (device). The one or more programs include instructions that cause the electronic device to execute methods according to embodiments described in the claims or specification of the present disclosure.

These programs (software modules, software) include random access memory, non-volatile memory including flash memory, read only memory (ROM), and electrically erasable programmable ROM. (EEPROM: Electrically Erasable Programmable Read Only Memory), magnetic disc storage device, Compact Disc-ROM (CD-ROM), Digital Versatile Discs (DVDs), or other types of It may be stored in an optical storage device or a magnetic cassette. Alternatively, it may be stored in a memory composed of a combination of some or all of them. In addition, a plurality of configuration memories may be included.

In addition, the program can be accessed through a communication network such as the Internet, Intranet, Local Area Network (LAN), Wide LAN (WLAN), or Storage Area Network (SAN), or a communication network composed of a combination thereof. It may be stored in an (access) attachable storage device. Such a storage device may access a device performing an embodiment of the present disclosure through an external port. In addition, a separate storage device on the communication network may access a device performing an embodiment of the present disclosure.

In the above-described specific embodiments of the present disclosure, components included in the disclosure are expressed in the singular or plural according to the presented specific embodiments. However, the singular or plural expression is selected appropriately for the situation presented for convenience of description, and the present disclosure is not limited to the singular or plural constituent elements, and even constituent elements expressed in plural are composed of the singular or in the singular. Even the expressed constituent elements may be composed of pluralities.

Meanwhile, although specific embodiments have been described in the detailed description of the present disclosure, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure is limited to the described embodiments and should not be determined, and should be determined by the scope of the claims as well as the equivalents of the claims to be described later.

Various embodiments of the present disclosure and terms used therein are not intended to limit the technology described in the present disclosure to a specific embodiment, and should be understood to include various modifications, equivalents, and/or substitutes of the corresponding embodiment. In connection with the description of the drawings, similar reference numerals may be used for similar elements. Singular expressions may include plural expressions unless the context clearly indicates otherwise. In this disclosure, expressions such as "A or B", "at least one of A and/or B", "A, B or C" or "at least one of A, B and/or C" are all of the items listed together It can include possible combinations. Expressions such as "first", "second", "first" or "second" can modify the corresponding elements regardless of their order or importance, and are only used to distinguish one element from other elements. The components are not limited. When it is stated that any (eg, first) component is “(functionally or communicatively) connected” or “connected” to another (eg, second) component, the component is It may be directly connected to the component or may be connected through another component (eg, a third component).

The term "module" used in the present disclosure includes a unit composed of hardware, software, or firmware, and may be used interchangeably with terms such as, for example, logic, logic blocks, parts, or circuits. A module may be an integrally configured component or a minimum unit or a part of one or more functions. For example, the module may be configured as an application-specific integrated circuit (ASIC).

Various embodiments of the present disclosure are software (eg, programs) including instructions stored in a machine-readable storage media (eg, internal memory or external memory) that can be read by a machine (eg, a computer). A device is a device capable of calling a command stored from a storage medium and operating according to the called command, and may include a terminal according to various embodiments of the present disclosure. When the command is executed by a processor, the processor The instruction may perform a function corresponding to the instruction directly or using other components under the control of the processor, and the instruction may include a code generated or executed by a compiler or an interpreter.

A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here,'non-transient' means that the storage medium does not contain a signal and is tangible, but does not distinguish between semi-permanent or temporary storage of data in the storage medium.

A method according to various embodiments disclosed in the present disclosure may be included in a computer program product and provided. Computer program products can be traded between sellers and buyers as commodities. The computer program product may be distributed online in the form of a device-readable storage medium (eg, compact disc read only memory (CD-ROM)) or through an application store (eg, Play StoreTM). In the case of online distribution, at least a portion of the computer program product may be temporarily stored or temporarily generated in a storage medium such as a server of a manufacturer, a server of an application store, or a memory of a relay server. Each of the constituent elements (eg, modules or programs) according to various embodiments may be composed of a singular or a plurality of entities, and some sub-elements of the aforementioned sub-elements are omitted, or other sub-elements are various. It may be further included in the embodiment. Alternatively or additionally, some constituent elements (eg, a module or a program) may be integrated into one entity, and functions performed by each corresponding constituent element prior to the consolidation may be performed identically or similarly. Operations performed by modules, programs, or other components according to various embodiments may be sequentially, parallel, repetitively or heuristically executed, or at least some operations may be executed in a different order, omitted, or other operations may be added. I can.

Claims (2)

In the operating method of the terminal,
Receiving data including an activation code from a service provider;
Detecting the activation code;
Discriminating each element of the activation code;
Identifying whether the activation code includes a bundle identifier;
Detecting a family value of a bundle from the activation code;
Discriminating between SSP basic information and family-specific information in the activation code;
Analyzing the family special information by using the family value of the bundle;
When the activation code does not have the SSP basic information or the activation code includes only information on the activation code of a specific service that already exists, the bundle of the family is activated or one of the bundles of the family is selected, and the Downloading an activated bundle or an applet in the selected bundle;
When receiving the activation code, confirming a terminal setting for setting whether to download a bundle of a smart security medium or download an applet in an existing bundle; And
If the SSP basic information is included in the activation code, the method comprising the step of performing a bundle download using the SSP basic information. In the method of operation of a service provider,
Defining an activation code to be inputted by a terminal in order to perform a download operation of a Secondary Platform Bundle to a smart secure platform;
Adding family-specific information including a bundle identifier to the activation code; And
And providing an activation code to the terminal.

Images