CN117280722A - Method and apparatus for identifying profile deletion when EUICC terminal is changed - Google Patents

Abstract

The present disclosure relates to a method and apparatus for reinstalling a profile when an eUICC terminal is changed. A terminal for managing profiles for network connection by using an eUICC in a wireless communication system, comprising a transceiver and at least one processor configured to control the terminal to receive a profile transfer request from a user, identify profile transfer information, send a message requesting an activation code to a profile server, receive the activation code and information indicating whether profile deletion is required from the profile server, delete the profile, send a deletion result of the profile to the profile server, send the activation code to another terminal, receive the activation code from another terminal, send a message requesting the profile to the profile server by using the activation code, receive a profile package from the profile server, and install the profile package.

Description

Method and apparatus for identifying profile deletion when EUICC terminal is changed

Technical Field

The present disclosure relates to methods and apparatus for installing and managing eUICC profiles (profiles).

Background

In order to meet the increasing demand for wireless data traffic since the deployment of 4G communication systems, efforts have been made to develop improved 5G or front 5G communication systems. Thus, a 5G or pre-5G communication system is also referred to as a "super 4G network" communication system or a "LTE-after-a-service" system. A 5G communication system is considered to be implemented in an ultra-high frequency (millimeter wave) band (e.g., 60GHz band) in order to achieve a higher data rate. In order to reduce propagation loss of radio waves and increase transmission distance in ultra-high frequency bands, beamforming, massive multiple input multiple output (massive MIMO), full-dimensional MIMO (FD-MIMO), array antennas, analog beamforming, and massive antenna techniques are discussed in 5G communication systems. Further, in the 5G communication system, development of system network improvement is underway based on advanced small cells, cloud radio access networks (closed RANs), ultra dense networks, device-to-device (D2D) communication, wireless backhaul, mobile networks, cooperative communication, cooperative multipoint (CoMP), reception-side interference cancellation, and the like. Hybrid FSK and QAM modulation (FQAM) and Sliding Window Superposition Coding (SWSC) as Advanced Code Modulation (ACM) and Filter Bank Multicarrier (FBMC), non-orthogonal multiple access (NOMA) and Sparse Code Multiple Access (SCMA) as advanced access technologies have also been developed in 5G systems.

The internet is an artificially-centric connected network in which humans generate and consume information, and is now evolving towards the internet of things (IoT) in which distributed entities (e.g., things) exchange and process information without human intervention. Through connection with cloud servers, internet of everything (IoE) has emerged that combines IoT technology with big data processing technology. As technical elements required to implement IoT, such as "sensing technology", "wired/wireless communication and network infrastructure", "service interface technology" and "security technology", sensor networks, machine-to-machine (M2M) communication, machine Type Communication (MTC), etc., have recently been studied. Such IoT environments may provide intelligent Internet Technology (IT) services that create new value for human life by collecting and analyzing data generated between the interconnects. With the convergence and integration between existing Information Technology (IT) and various industrial applications, ioT may be applied in a variety of fields including smart homes, smart buildings, smart cities, smart cars or networked cars, smart grids, healthcare, smart appliances, and advanced medical services.

In response to this, various attempts have been made to apply the 5G communication system to the internet of things network. For example, techniques such as sensor networks, machine Type Communications (MTC), and machine-to-machine (M2M) communications may be implemented by beamforming, MIMO, and array antennas. The application of cloud radio access networks (closed RANs) as the big data processing technology described above may also be considered as an example of a fusion of 5G technology with IoT technology.

A "Universal Integrated Circuit Card (UICC)" is a smart card used after being inserted into a mobile communication terminal or the like, also referred to as a UICC card. The UICC may include an access control module used by the terminal to access the network of the mobile communications carrier. Examples of the access control module include a Universal Subscriber Identity Module (USIM), a Subscriber Identity Module (SIM), an Internet Protocol (IP) multimedia Service Identity Module (SIM), and the like. UICCs including USIMs are commonly referred to as USIM cards. Similarly, a UICC comprising a SIM module is often referred to as a SIM card.

Among UICC cards, UICC used after being fixed to a terminal is called eUICC (embedded UICC). eUICC generally refers to a UICC card that is used after it is fixed to a terminal so that the SIM module can be downloaded and selected remotely. In addition, the downloaded SIM module information is also referred to as eUICC profile as a whole, or further simply as a profile

The above information is presented merely as background information to aid in the understanding of the present disclosure. No determination is made, nor is an assertion made, as to whether any of the above may be applied to the present disclosure as prior art.

Disclosure of Invention

Technical problem

With the development of the wireless communication system as described above, various services can be provided, and thus a scheme for efficiently providing these services is required.

Technical proposal

One aspect of the present disclosure is to efficiently provide a service in a mobile communication system.

Embodiments disclosed herein may provide a method and apparatus for enabling a terminal to select a communication service in a communication system to connect to a network.

Embodiments disclosed herein may provide a method and apparatus for enabling a terminal to download a profile for connecting to a network online and install and manage the profile in a communication system.

Embodiments disclosed herein may provide a method and apparatus in which a profile installed by a terminal to connect to a network in a communication system may be effectively downloaded again to another terminal.

To address the above, a method performed by a first device in a communication system may include identifying a selection of a profile to operate a device change; transmitting a first message to the server for requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) of the profile; and receiving a response message to the first message from the server, the response message including an activation code for the profile, information indicating deletion of the profile, information informing that the deletion notification is supported, and information on an address of a receiver that processes the deletion notification.

A method performed by a server in a communication system may include: receiving a first message from a first device requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) of a profile; and transmitting a response message to the first message based on the ICCID to the first device, wherein the response message includes an activation code for the profile, information indicating a deletion profile, information informing that deletion notification is supported, and information regarding an address of a receiver that processes the deletion notification.

A method of a second device in a communication system may include: receiving an activation code from a first device, the activation code including information about a matching Identifier (ID) of a profile and a portion of a deletion notification of the profile; transmitting information about the matching ID to the server; and receiving a profile from the server based on the information about the matching ID, wherein the activation code is included in a message for a device change sent from the server to the first device, and wherein the message further includes information indicating the deletion profile, information notifying that the deletion notification is supported, and information about an address of a receiver that processes the deletion notification.

The first device in the communication system may include a transceiver; and a controller configured to: identifying a selection of a profile to operate the device change; the control transceiver transmits a first message for requesting a device change to the server, the first message including an Integrated Circuit Card Identifier (ICCID) of the profile, and receives a response message to the first message from the server, the response message including an activation code for the profile, information indicating deletion of the profile, information informing that deletion notification is supported, and information regarding an address of a receiver that processes the deletion notification.

A server in a communication system may include a transceiver; and a controller configured to: the control transceiver receives a first message from a first device requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) including a profile, and the control transceiver transmits a response message to the first message based on the ICCID to the first device, wherein the response message includes an activation code for the profile, information indicating to delete the profile, information informing that deletion notification is supported, and information regarding an address of a receiver that handles the deletion notification.

A second device in a communication system may include a transceiver; and a controller configured to: the control transceiver receives an activation code including information on a matching Identifier (ID) of a profile and a part of a deletion notification of the profile from the first device, the control transceiver transmits the information on the matching ID to the server, and the control transceiver receives the profile based on the information on the matching ID from the server, wherein the activation code is included in a message for device change transmitted from the server to the first device, and wherein the message further includes information indicating the deletion profile, information notifying that the deletion notification is supported, and information regarding an address of a receiver that processes the deletion notification.

Further, a terminal for managing a profile of a network connection by using an eUICC (embedded universal integrated circuit card) in a wireless communication system according to an embodiment may include: a transceiver; and at least one processor configured to control the terminal to receive a request to transmit a profile from a user, identify profile transmission information, send a message requesting an activation code to the profile server, receive the activation code from the profile server, information indicating whether profile deletion is required and whether the profile deletion result can be selectively delivered by another terminal, and a profile deletion result processing address, delete the profile, send the profile deletion result to the profile server, combine the activation code selectively transmitted from the server with all or part of the profile deletion result to couple the activation code, deliver the activation code to another terminal, receive the activation code delivered from another terminal, send the profile request message to the profile server by using the activation code, optionally further include the profile deletion result in the profile request message, receive a profile package from the profile server, and install the profile package.

A profile server for providing a profile of a network connection to a terminal in a wireless communication system according to an embodiment may include: a transceiver; and at least one processor configured to control the profile server to receive a message requesting transmission of the profile from the terminal, determine whether the profile can be transmitted, generate an activation code such that the profile or a new profile can be downloaded, configure a status of the profile to a status of not being able to download the profile when the profile can be transmitted, configure a status of the new profile to a status of being able to download the profile when the profile cannot be transmitted, send the activation code and the message to the terminal, the message including information indicating whether the profile needs to be deleted and whether a profile deletion result selectively delivered by another terminal can be processed and a profile deletion result processing address, receive the profile deletion result from the terminal, change the profile to a downloadable status, receive the profile download request message from the terminal, determine whether the profile is in the downloadable status, send a profile package to the terminal when the profile is in the downloadable status, send an error code or verify that the profile deletion included in the profile download request is not available, and send the error code or fail verification result when the profile deletion result is not available.

Before proceeding with the following detailed description, it may be advantageous to set forth definitions of certain words and phrases used throughout this patent document: the terms "include" and "comprise," along with derivatives thereof, mean inclusion without limitation; the term "or" is inclusive, meaning and/or; the phrases "associated with" and "associated therewith," and derivatives thereof, may mean inclusion, interconnection, inclusion, connection to or with … …, coupling to or with … …, communication with … …, cooperation with … …, interleaving, juxtaposition, proximity, incorporation or association with … …, having a property, or the like; the term "controller" refers to any device, system, or portion thereof that controls at least one operation, such device may be implemented in hardware, firmware, or software, or some combination of at least two. It should be noted that the functionality associated with any particular controller may be centralized or distributed, whether locally or remotely.

Furthermore, the various functions described below may be implemented or supported by one or more computer programs, each of which is formed from computer readable program code and embodied in a computer readable medium. The terms "application" and "program" refer to one or more computer programs, software components, sets of instructions, procedures, functions, objects, classes, instances, related data, or a portion thereof adapted for implementation in a suitable computer readable program code. The phrase "computer readable program code" includes any type of computer code, including source code, object code, and executable code. The phrase "computer readable medium" includes any type of medium capable of being accessed by a computer, such as Read Only Memory (ROM), random Access Memory (RAM), a hard disk drive, a Compact Disc (CD), a Digital Video Disc (DVD), or any other type of memory. "non-transitory" computer-readable media do not include wired, wireless, optical, or other communication links that carry transitory electrical or other signals. Non-transitory computer readable media include media that can permanently store data and media that can store data and be later rewritten, such as rewritable optical disks or erasable storage devices.

Definitions for certain words and phrases are provided throughout this patent document, those of ordinary skill in the art should understand that in many, if not most instances, such definitions apply to prior, as well as future uses of such defined words and phrases.

Advantageous effects

According to the embodiments of the present disclosure, services can be efficiently provided in a mobile communication system.

According to an embodiment of the present disclosure, when a terminal in a communication system needs to reinstall a profile installed in the terminal to another terminal, an activation code required for reinstalling the profile may be reissued by a profile server or the activation code required for reinstalling the profile may be extracted from information stored in the terminal or the profile. If desired, the terminal may first delete the profile to be transmitted and may deliver a profile deletion proof to the server so that deletion of the profile may be proven. If desired, the terminal may include a profile deletion proof in the activation code and may deliver the activation code to another terminal so that the other terminal may effectively download and install the profile from the profile server.

According to an embodiment of the present disclosure, when a profile server in a communication system receives a request from a terminal to reinstall a profile installed in the terminal to another terminal, the profile server configures the profile into an undelayable state when the profile can be reused, thereby requesting the terminal to delete the profile. The server requests delivery of the profile delete proof if necessary. When a profile cannot be reused, the server configures another profile to be in a downloadable state so as to prepare the same profile. The server generates an activation code by which the prepared profile can be downloaded. When the terminal deletes the profile, the server changes the profile to a downloadable state, so that profile download can be safely handled while preventing the profile from being copied.

Drawings

The foregoing and other aspects, features, and advantages of certain embodiments of the present disclosure will become more apparent from the following description, taken in conjunction with the accompanying drawings, in which:

fig. 1 illustrates a method of a terminal connecting to a mobile communication network by using a Universal Integrated Circuit Card (UICC) having a fixed profile installed according to an embodiment of the present disclosure;

fig. 2 shows a configuration of a system in which a terminal manages a profile installed in a first terminal and installs the profile in a second terminal based on user input, according to an embodiment of the present disclosure;

fig. 3 illustrates a process in which a first terminal receives an activation code through a profile server and transmits the activation code to a second terminal to download a profile according to an embodiment of the present disclosure;

fig. 4 illustrates a process in which a first terminal transmits an activation code stored in the first terminal to a second terminal to download a profile according to an embodiment of the present disclosure;

fig. 5 is a block diagram illustrating elements of a terminal according to an embodiment of the present disclosure; and

fig. 6 is a block diagram illustrating elements of a profile server according to an embodiment of the present disclosure.

Detailed Description

Figures 1 through 6, discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way to limit the scope of the disclosure. Those skilled in the art will appreciate that the principles of the present disclosure may be implemented in any suitably arranged system or device.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

In describing embodiments of the present disclosure, descriptions related to technical contents well known in the art and not directly related to the present disclosure will be omitted. Unnecessary descriptions are omitted so as to prevent obscuring the main idea of the present disclosure and to more clearly convey the main idea.

For the same reason, in the drawings, some elements may be exaggerated, omitted, or schematically shown. Furthermore, the size of each element does not fully reflect the actual size. In the drawings, identical or corresponding elements have identical reference numerals.

Advantages and features of the present disclosure and the manner in which they are achieved will become apparent by reference to the embodiments described in detail below in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments set forth below, but may be implemented in various forms. The following examples are provided solely for the purpose of fully disclosing the present disclosure and informing those skilled in the art the scope of the present disclosure and are limited only by the scope of the appended claims. Throughout the specification, the same or similar reference numerals denote the same or similar elements.

Herein, it will be understood that each block of the flowchart illustrations, and combinations of blocks in the flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart block or blocks. These computer program instructions may also be stored in a computer-usable or computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.

Furthermore, each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

As used herein, a "unit" refers to a software element or a hardware element, such as a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC), that performs a predetermined function. However, the "unit" does not always have a meaning limited to software or hardware. The "unit" may be configured to be stored in an addressable storage medium or to execute one or more processors. Thus, a "unit" includes, for example, software elements, object-oriented software elements, class elements or task elements, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and parameters. The elements and functions provided by a "unit" may be combined into a smaller number of elements or "units" or divided into a larger number of elements or "units". Furthermore, the elements and "units" may alternatively be implemented to replicate one or more CPUs within a device or secure multimedia card.

Specific terms used in the following description are provided to aid in understanding the present disclosure, and may be changed to other forms without departing from the spirit and scope of the present disclosure.

In the present disclosure, a "Universal Integrated Circuit Card (UICC)" is a smart card inserted and used in a mobile communication terminal, also referred to as a UICC card.

UICC refers to a chip in which personal information of a mobile communication user, such as network access authentication information, a telephone number list, and a Short Message Service (SMS), is stored, and which performs user authentication and traffic security key generation when accessing a mobile communication network, such as global system for mobile communication/standard (GSM), wideband Code Division Multiple Access (WCDMA), long Term Evolution (LTE), etc., thereby making it possible to stably use mobile communication.

The UICC may include a communication application or access control module that allows the terminal to access the mobile communications carrier's network. The communication application or access control module includes, for example, a Universal Subscriber Identity Module (USIM), a Subscriber Identity Module (SIM), an IP multimedia service identity module (ISIM), etc. In addition, the UICC may provide a higher level of security functionality for loading various applications, such as electronic wallets, ticketing, electronic passports, and the like.

UICCs including USIMs are also commonly referred to as USIM cards. Similarly, a UICC comprising a SIM module is also called a SIM card.

The terms "SIM card", "UICC card", "USIM card" and "UICC including ISIM" in this disclosure may be used herein as the same meaning. That is, the present disclosure may be equally applied to a SIM card, a USIM card, an ISIM card, or a general UICC card.

The SIM card stores personal information of a mobile communication subscriber and performs subscriber authentication and traffic security key generation during access to the mobile communication network, thereby realizing stable use of mobile communication.

In general, a SIM card is manufactured as a dedicated card for a specific mobile communication carrier by a request of the specific mobile communication carrier, and is released in a state in which authentication information (e.g., universal Subscriber Identity Module (USIM) application and International Mobile Subscriber Identity (IMSI), K value, OPc value, etc.) for accessing a network of the corresponding carrier is previously installed in the card. Accordingly, the SIM card is transmitted to the corresponding mobile communication carrier, which then provides it to the user. Thereafter, the corresponding mobile communication carrier can perform management of applications in the UICC, including installation, modification and deletion of applications, if necessary, by using an Over The Air (OTA) technique. The user can use the network and application services of the corresponding mobile communication carrier by inserting the UICC card into his/her own mobile communication terminal, and can use authentication information, mobile communication phone numbers, personal phone books, etc. stored in the UICC card by taking out the UICC card from the old terminal and inserting it into the new terminal when the terminal is replaced with the new terminal.

However, the SIM card brings inconvenience to the mobile communication terminal user when providing services from other mobile communication carriers to the mobile communication terminal user. It is inconvenient for a mobile communication terminal user to physically obtain a SIM card to receive services from a mobile communication carrier. For example, when a user travels abroad, the user must purchase a local SIM card in order to receive a local mobile communication service, which causes inconvenience to the user. Roaming services can reduce inconvenience to some extent, but there is a problem in that a user needs to pay a high fee for the roaming service and cannot receive the service without establishing a contract between mobile carriers.

This inconvenience can be solved by remotely downloading and installing the SIM module in the UICC card. That is, the SIM module of the mobile communication service to be used may be downloaded to the UICC card at a point of time desired by the user. The UICC card may download and install multiple SIM card modules and only one of the SIM card modules may be selected and used. The UICC card may or may not be fixed in the terminal. In particular, the UICC fixed in the terminal is called an embedded UICC (eUICC). In general, an eUICC may refer to a UICC card that is fixed in a terminal and that is capable of remotely downloading and selecting a SIM module. In the present disclosure, a UICC card capable of remotely downloading and selecting a SIM module may be referred to as an eUICC. That is, among UICC cards capable of remotely downloading and selecting a SIM module, UICC cards fixed or not fixed in a terminal are collectively referred to as eUICC. Further, the downloaded SIM module information may be collectively referred to as an eUICC profile, or more simply a profile.

In the present disclosure, an "embedded UICC (eUICC)" may be a security module in the form of a chip embedded in a terminal, not a detachable security module that can be inserted into and detached from the terminal. The eUICC can download and install profiles using over-the-air (OTA) techniques. The eUICC can be referred to as a UICC capable of downloading and installing profiles.

In the present disclosure, the method of downloading and installing a profile to an eUICC by using OTA technology can also be applied to a detachable UICC that can be inserted into and detached from a terminal. That is, embodiments of the present disclosure may be applied to UICCs capable of downloading and installing profiles using OTA technology.

In this disclosure, the term "UICC" may be used interchangeably with the term "SIM" and the term "eUICC" may be used interchangeably with the term "eSIM

In this disclosure, a "profile" may refer to such things: wherein applications, file systems, authentication keys, etc. stored in the UICC are packaged in a software format.

In the present disclosure, a "USIM profile" may have the same meaning as a "profile" or may refer to such things: wherein the information included in the USIM application in the profile is packaged into a software format.

In the present disclosure, the operation of enabling a profile by a terminal may refer to an operation in which the terminal is configured to receive a communication service through a communication provider, which may represent a profile of a corresponding profile-enabled state as an "enabled profile" by changing the state of the profile as "enabled"

In the present disclosure, the operation of disabling the profile by the terminal may refer to a profile in which the terminal is configured to disable the state of the operation of not receiving the communication service through the communication provider provided by the corresponding profile by changing the state of the corresponding profile to "disabled" may be represented as "disabled profile"

In the present disclosure, the operation of the terminal deleting the profile may refer to an operation of: the terminal is configured to disable or disable operation of the respective profile by changing the state of the respective profile to "delete". The deleted profile may be denoted as "deleted profile".

In the present disclosure, the operation of enabling, disabling or deleting a profile by a terminal may refer to such an operation as: wherein instead of immediately changing the state of each profile to "enable", "disable", or "delete", the terminal may simply first make a "to enable", "to disable", or "to delete" flag for each profile, the terminal or UICC of the terminal performs a specific operation (e.g., performs a "refresh" or "reset" command), and then changes each profile to "enable", "disable", or "delete". The operation of marking the schedule status (i.e., "to enable", "to disable", or "to delete") with respect to a particular profile is not limited to marking one schedule status for one profile, one or more profiles may be marked with the same or different schedule status, one profile may be marked with one or more schedule status, or one or more profiles may be marked with the same or different schedule status.

When the terminal uses one or more predetermined status markers to mark the random profile, the two predetermined status markers may also be combined into one. For example, when a random profile is marked as "to disable" and "to delete", the corresponding profile may be marked as "to disable and delete" overall "

Furthermore, the operation of the terminal to tag one or more profiles with a scheduling state may be performed consecutively or simultaneously. Further, the terminal marks one or more profiles with a predetermined state, and then the operation of changing the actual state of the profiles may be performed continuously or simultaneously.

In this disclosure, a "profile provisioning server" may include functionality to generate a profile, encrypt the generated profile, generate a profile remote management command, or encrypt the generated profile remote management command. The profile provisioning server may be represented as subscription manager data preparation (SM-DP), subscription manager data specification plus (SM-dp+), off-card entity of profile domain, profile encryption server, profile generation server, profile Provider (PP), profile provider, and profile provisioning credential holder (PPC holder).

In this disclosure, a "profile management server" may include functionality to manage profiles. The profile management server may be represented as a subscription manager secure route (SM-SR), a subscription manager secure route plus (SM-sr+), an off-card entity of the eUICC profile manager or profile management credential holder (PMC holder), EUICC Manager (EM), profile manager (PP), etc.

In this disclosure, a profile provisioning server may refer to a combination of the functionality of a profile management server. Thus, in various embodiments of the present disclosure, the operations of the profile provisioning server may be performed in the profile management server. Similarly, the operations of the profile management server or SM-SR may be performed in the profile providing server.

In this disclosure, an "open)/intermediary (media) server" may be represented as a subscription manager discovery service (SM-DS), discovery Service (DS), root SM-DS, or alternate SM-DS. The open/mediation server may receive the registration event request or event registration request from one or more profile provisioning servers or open/mediation servers. Further, one or more open/intermediation servers may be used in combination, and in this case, the first open/intermediation server may receive not only the event registration request from the profile providing server but also the event registration request from the second open/intermediation server.

In this disclosure, the profile provisioning server and the open/mediation server may be generally referred to as "Remote SIM Provisioning (RSP) servers". The RSP server may be denoted subscription manager XX (SM-XX).

In this disclosure, the term "terminal" may refer to a Mobile Station (MS), user Equipment (UE), user Terminal (UT), wireless terminal, access Terminal (AT), terminal, subscriber unit, subscriber Station (SS), wireless device, wireless communication device, wireless transmit/receive unit (WTRU), mobile node, mobile device, or other terminology. In an embodiment, the terminal may include a cellular phone, a smart phone having a wireless communication function, a Personal Digital Assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a photographing device such as a digital camera having a wireless communication function, a game device having a wireless communication function, a home appliance having a wireless communication function for storing and reproducing music, an internet home appliance capable of performing wireless internet access and browsing, and a portable unit or terminal having an integrated combination of functions thereof. Further, terminals may include, but are not limited to, machine-to-machine (M2M) terminals and Machine Type Communication (MTC) terminals/devices. In this disclosure, a terminal may also be referred to as an electronic device.

In this disclosure, an "electronic device" may have a UICC embedded therein so that a profile may be downloaded and installed therein. When the electronic device does not have an embedded UICC, a UICC physically separate from the electronic device may be inserted into and connected to the electronic device. For example, the UICC may be inserted into the electronic device in the form of a card. The electronic device may include a terminal, and the terminal may include a UICC configured such that a profile may be downloaded and installed therein. Not only the UICC may be embedded in the terminal, but also when separated from the terminal, the UICC may be inserted therein and may be inserted and connected to the terminal. For example, a UICC configured to have a profile downloaded and installed therein may be referred to as an eUICC.

In the present disclosure, a terminal or electronic device may include software or an application installed in the terminal or electronic device in order to control the UICC or eUICC. For example, software or applications installed in a terminal or electronic device to control a UICC or eUICC may be referred to as a Local Profile Assistant (LPA).

In this disclosure, a "profile delimiter" may be referred to as a profile ID, integrated Circuit Card ID (ICCID), match ID, event ID, activation code token, command code token, signed command code, unsigned command code, or factor matching ISD-P or profile field (PD). The profile ID may indicate a unique ID for each profile. The profile delimiter may include an address of a profile provisioning server (SM-dp+) capable of indexing the profile. In addition, the profile delimiter may also include a signature of the profile provisioning server (SM-dp+).

In the present disclosure, the eUICC ID may be a unique ID embedded in the terminal, and may be referred to as an EID. Further, when the eUICC has a provisioning profile preloaded therein, the eUICC ID can be a profile ID of the provisioning profile. Further, in one embodiment of the present disclosure, the eUICC ID can be a terminal ID when the terminal and the eUICC chip are not separated. Further, the eUICC ID can refer to a particular security domain of the eUICC chip.

In this disclosure, a "profile container" may be referred to as a profile field. The profile container may be a security domain.

In this disclosure, an "Application Protocol Data Unit (APDU)" may be a message used by a terminal to interwork with an eUICC. Further, the APDU may be a message used by a Profile Provider (PP) or Profile Manager (PM) to interwork with the eUICC.

In this disclosure, "Profile Provisioning Credentials (PPC)" may be a means for mutual authentication, profile encryption, and signing between the profile provisioning server and the eUICC. The PPC may include at least one of a symmetric key, a Rivest-Shamir-Adleman (RSA) certificate and a personal key, an Elliptic Curve Cryptography (ECC) certificate and a personal key, a root certificate authority (root CA), and a certificate chain. Further, when there are multiple profile provisioning servers, different PPCs may be stored or used in the eUICC with respect to the multiple profile provisioning servers.

In this disclosure, a "Profile Management Credential (PMC)" may be a means for mutual authentication, transmission data encryption, and signing between a profile management server and an eUICC. The PMC may include at least one of a symmetric key, an RSA certificate and a personal key, an ECC certificate and a personal key, a root CA, and a certificate chain. Further, when there are multiple profile management servers, different PMCs may be stored or used in the eUICC for the multiple profile management servers.

In this disclosure, "ADI" may be an application identifier. The value may be a delimiter that distinguishes between different applications within the eUICC.

In this disclosure, the term "event" may be collectively referred to as a profile download, remote profile management, or other instructions for managing/handling a profile or eUICC. The event may be referred to as a remote SIM provisioning operation (or RSP operation) or event logging. Each event may be referred to as data including at least one of an event identifier (event ID or eventID) corresponding thereto, a match identifier (match ID or matchingID), an address (frequently defined domain name (FQDN), IP address or Uniform Resource Locator (URL)) of a profile provisioning server (SM-dp+) or an open/intermediary server (SM-DS) storing the event, a signature of the profile provisioning server (SM-dp+) or the open/intermediary server (SM-DS), and a digital certificate of the profile provisioning server (SM-dp+) or the open/intermediary server (SM-DS)

The data corresponding to the event may be referred to as a "command code". Some or all of the processes that use command codes may be referred to as "command code processing processes", "command code processes", or "Local Profile Assistant Application Programming Interfaces (LPAAPI)". Profile downloads may be used interchangeably with profile installation.

Furthermore, the term "event type" may be used to indicate whether a particular event is a profile download, remote profile management (e.g., delete, enable, disable, replace, or update), or another command for managing/processing a profile or eUICC. The event type may be referred to as an operation type (or operationtype), an operation class (or operationclass), an event request type, an event class, or an event request class. The event identifier (EventID or MatchingID) may specify a path or a usage destination (EventID source or MatchingID source) from which a terminal that obtains the corresponding event identifier (EventID or MatchingID) may be specified.

In this disclosure, the term "profile package" may be used interchangeably with profile, or data objects used to represent a particular profile, and may be referred to as a profile TLV or profile package TLV. If the profile packet is encrypted using encryption parameters, the profile packet may be referred to as a Protected Profile Packet (PPP) or a protected profile packet TLV (PPP TLV). When a profile package is encrypted using encryption parameters that can only be decrypted by a particular eUICC, the profile package may be referred to as a binding profile package (BPP, bound profile package) or binding profile package TLV (BPP TLV). The profile package TLV may be a data set expressing information constituting a profile in a tag/length/value (TLV) format.

In this disclosure, "Local Profile Management (LPM)" may be referred to as a profile local management, local management command, local profile management package (LPM package), profile local management package, local management command package, or local command package. The LPM may be used to change the state (enable, disable, or delete) of a specific profile, or update the content of a specific profile (e.g., profile nickname or profile metadata) through software or the like installed in the terminal. The LPM may include one or more local management commands, and in this case the profile targeted by each local management command may be the same or different for each local management command.

In this disclosure, "Remote Profile Management (RPM)" may be referred to as profile remote management, remote management command, remote command, RPM package, profile remote management package, remote management command package, or remote command package. RPM may be used to change the state of a particular profile (enable, disable, or delete) or update the content of a particular profile (e.g., profile nickname or profile metadata). The RPM may include one or more remote management commands, and in this case, a profile targeted for each remote management command may be the same or different for each remote management command.

In this disclosure, a "certificate" or "digital certificate" may represent a digital certificate used for mutual authentication based on an asymmetric key that includes a pair of Public Key (PK) and private key (SK). Each certificate may include one Public Key (PK) or one or more PKs, a Public Key Identifier (PKID) corresponding to each public key, an ID of a certificate issuer (certificate issuer ID) issuing the corresponding certificate, and a digital signature.

Further, a "certificate issuer" may also be referred to as a certification issuer, certification Authority (CA), or certification authority.

In this disclosure, "Public Key (PK)" and "Public Key Identifier (PKID)" may be used interchangeably with: the specific public key or the certificate including the public key, a part of the specific public key or a part of the certificate including the public key, an operation result (e.g., a hash value) of the specific public key or an operation result (e.g., a hash value) of the certificate including the public key or an operation result (e.g., a hash value) of a part of the certificate including the public key, or a memory storing data.

In the present disclosure, when a certificate (primary certificate) issued by a certificate issuer is used to issue another certificate (secondary certificate), or if secondary certificates are used to issue a third-level or higher-level certificate in an interconnected manner, the correlation between the certificates may be referred to as a certificate chain or a certificate hierarchy. The CI certificate used to issue the initial certificate may be referred to as a root certificate, a topmost certificate, a root CI certificate, a root CA certificate, and the like.

In this disclosure, a "mobile operator" may refer to a business company that provides communication services for terminals, and may be used in a broad manner to represent a mobile operator's Business Support System (BSS), operation Support System (OSS), point of sale (POS) terminals, and other IT systems. Further, in the present disclosure, a mobile operator is not limited to a specific business company for providing a communication service, but may be used to represent a group or association (or financial group) of one or more business companies, or a representative of the group or association. Further, mobile operators may also be referred to as operators (OP or Op.), mobile Network Operators (MNOs), mobile Virtual Network Operators (MVNOs), service Providers (SPs) or Profile Owners (POs), and each mobile operator may have at least one name and/or Object Identifier (OI) configured or assigned to it. If a mobile operator refers to a representative of a group, association or one or more business companies, the name or OID of the predetermined group, association or representative may be a name or OID shared by all business companies belonging to the group or association or a name shared by all enterprises cooperating with the corresponding representative.

In this disclosure, "AKA" may refer to authentication and key agreement, and may indicate authentication algorithms for accessing 3GPP and 3GPP2 networks.

In this disclosure, "K" (K value) may refer to an encryption key stored in the eUICC for the AKA authentication algorithm.

In this disclosure, "OPc" may be a parameter value that may be stored in the eUICC for the AKA authentication algorithm.

In this disclosure, "NAA" may refer to a network access application, such as USIM or ISIM, stored in the UICC for accessing the network. The NAA may be a network access module.

In this disclosure, an "indicator" may be used to indicate whether any function, configuration, operation is necessary or unnecessary, or may be utilized as a corresponding function, configuration, or operation itself. Further, in the present disclosure, the indicator may be represented in various forms, such as a character string, an alphanumeric string, an operator representing TRUE/FALSE (boolean TRUE or FALSE), a bitmap, an array, a flag, and the like.

Hereinafter, the method and apparatus for installing and managing the eUICC profile of the present disclosure will be described with reference to fig. 1 to 6.

Fig. 1 illustrates a method for a terminal to connect to a mobile communication network by using a UICC installed with a fixed profile according to an embodiment of the present disclosure.

As shown in fig. 1, the UICC 120 may be inserted into the terminal 110. For example, the UICC 120 may be of a detachable type or may be pre-embedded in the terminal.

A fixed profile of a UICC with a fixed profile means that the "access information" available for accessing a particular mobile operator is fixed. For example, the access information may be a K or Ki value required to authenticate the network, and an International Mobile Subscriber Identifier (IMSI) and a user delimiter as user delimiters.

The terminal 110 according to various embodiments may use the UICC 120 to perform authentication using an authentication processing system (e.g., home Location Register (HLR) or AuC) of the mobile operator. For example, the authentication procedure may be an Authentication and Key Agreement (AKA) procedure. After authentication is successful, the terminal can use a mobile communication service, such as a telephone call or the use of mobile data, through the mobile communication carrier network 130 using the mobile communication system.

Fig. 2 shows a configuration of a system in which a terminal manages a profile installed in a first terminal and installs the profile in a second terminal based on user input, according to an embodiment of the present disclosure.

As shown in fig. 2, terminals 210 and 220 are installed with esims 211 and 221, and a profile (not shown) may be installed in the esims 211 and 221. In addition, terminals 210 and 220 may be installed with LPA modules 212 and 222. The esims 211, 221 can be controlled by LPA modules 212, 222. The subscriber 200 can control profiles installed in esims 211 and 221 of each terminal through LPA modules 212 and 222.

The user 200 may receive communication services from a service provider (hereinafter referred to as a "mobile operator" or "commercial operator") 250. To this end, a profile (not shown) of the service provider 250 may be installed in the first terminal 210. For example, when newly purchasing the second terminal 220, the user 200 may attempt to reinstall the profile already installed in the first terminal 210 in the second terminal 220.

The service provider 250 may be connected to the first profile server 230 and the second profile server 240, the LPA 212 of the first terminal 210 may be connected to the first profile server 230, and the LPA 222 of the second terminal 220 may be connected to the second profile server 240. Here, the first profile server 230 and the second profile server 240 may be the same or different. Further, when one or more service operator servers are included in the configuration, each service operator server may be connected to a separate profile server, and at least one service operator server may be connected to the same profile server. Although fig. 2 illustrates a case where each of the profile servers 230 and 240 is configured as a single server, one or more profile servers (sm_dp+) may be included in the server configuration and one or more open/broker servers (SM-DS) for assisting connection generation of a specific profile server and terminal may be included in the server configuration according to implementations and embodiments. It should be noted that the configuration of the various servers may be referred to simply as a single profile server.

The detailed operation and message exchange procedure of the subscriber 200, the service provider 250, the terminals 210 and 220, the esims 211 and 221, the LPAs 212 and 222, and the profile servers 230 and 240 will be described in detail with reference to the accompanying drawings.

Fig. 3 illustrates a process in which a first terminal receives an activation code through a profile server and transmits the activation code to a second terminal to download a profile according to an embodiment of the present disclosure.

In fig. 3, a configuration and explanation of the user 200, the first terminal 210, the second terminal 220, the profile server 230, and the service provider 250 will be described with reference to fig. 2. For example, the user 200, the first terminal 210, the second terminal 220, the profile server 230, and the service provider 250 may correspond to the user 200, the first terminal 210, the second terminal 220, the first profile server 230, and the service provider 250 of fig. 2, respectively. In addition, the notification reception server (notification receiver) 300 is a server to which the profile deletion result of the first terminal 210 can be transmitted, and can verify the profile deletion result and transmit the verification result to the service provider 250 and the profile server 230. Further, although one notification receiver 300 is shown in fig. 3 for ease of illustration, there may be one or more notification receivers 300, such as profile server 230 and other profile servers (e.g., the second profile server of fig. 2 or a third profile server not shown in the figures).

Referring to fig. 3, in operation 301, the user 200 may request transmission of a first profile from the first terminal 210. For this, the user 200 can recognize information (profile metadata) about the first profile and information to be noted by the user who wants to transmit the first profile through the first terminal 210. Information about the first profile and information to be noted by the user who is to transmit the first profile may be stored in the first terminal 210 to the first profile.

The information about the first profile may include, for example, the name, logo, profile policy, etc. of the service provider 250. The information to be noted by the user who is to transmit the first profile may include, for example, the remaining number of profile transmissions allowed by the service provider 250 or the fee paid by the user for profile transmission.

Further, the first terminal 210 or the first profile may store at least one address of a profile server that the terminal may access for profile transfer. The profile server that the terminal may access for profile transfer may be, for example, profile server 230.

In operation 303, the first terminal 210 may request transmission of the first profile from the profile server 230. For example, operation 303 may be performed by using at least one of an authentication initiation message, a terminal authentication request (authentication client) message, and a transfer request message, and/or further transmitting an operation type configured as a device change or a profile transfer. In operation 303, the process of requesting transmission of the first profile may include transmitting at least a profile identifier (ICCID) of the first profile.

Further, in operation 303, the first terminal 210 can transmit certificates that are available for mutual authentication between the profile server 230 installed on the first terminal 210 and the eSIM 211, and can selectively transmit at least one certificate in a certificate hierarchy of the corresponding certificate. The certificate may be a certificate of the eSIM 211 shown in fig. 2 installed on the first terminal 210. Further, in operation 303, the first terminal 210 can transmit part or all of the data transmitted when requesting transmission of the first profile by including a digital signature generated using a private key paired with a public key included in the certificate of the eSIM 211.

In operation 305, the profile server 230 and the service provider 250 may identify a likelihood of transmitting the first profile. When the first profile can be transmitted to another terminal, the profile server 230 and the service provider 250 can prepare reuse of the first profile. Here, the prepared first profile may be configured to a state where download is impossible to prevent the profile from being copied. For example, operation 305 may be performed using at least one of a download order message, an order confirmation message, a remote management order (rpm order) message, an order release message, or a process notification.

In operation 305, the profile server 230 and the service provider 250 may further generate or modify some or all of the information about the first profile (profile metadata), and/or some or all of the information to be noted by the user desiring to transmit the first profile, if desired. The information about the first profile may include, for example, a name or logo of the service provider 250, a profile policy, etc. The information to be noted by the user who is to transmit the first profile may include, for example, the remaining number of profile transmissions allowed by the service provider 250 or the fee paid by the user for profile transmission.

In addition, the profile server 230 and the service provider 250 may also generate an activation code that enables the first profile to be downloaded again. The activation code may include an address of the profile server 230 storing at least the first profile and an event identifier (MatchingID) connected to the first profile. Although the figure shows the first profile stored in the profile server 230 for convenience, the first profile may be stored in a profile server different from the profile server 230. For example, the second profile server 240 of FIG. 2 may be used to store the first profile.

In operation 305, when the first profile cannot be transferred to another terminal, the profile server 230 and the operator 250 (e.g., service provider) may prepare a new second profile. For example, operation 305 may be performed using at least one of a download order message, an order confirmation message, a remote management order (rpm order) message, an order release message, or a process notification.

In operation 305, the profile server 230 and the service provider 250 may further generate or modify part or all of the information about the first profile (profile metadata), the information about the second profile (profile metadata), and/or the information to be noted by the user desiring to transmit the first profile, if desired. The information about the first profile or the information about the second profile may include, for example, a name or logo of the service provider 250 that has provided each profile, a profile policy, etc. The information to be noted by the user who is to transmit the first profile may include, for example, the remaining number of profile transmissions allowed by the service provider 250 or the fee paid by the user for profile transmission.

In addition, the first profile server 230 and the service provider 250 may also generate an activation code that enables downloading of the prepared second profile. The activation code may include an address of the profile server 230 storing at least the second profile and an event identifier (MatchingID) connected to the second profile. Although the figure shows the second profile being stored in a profile server 230 for convenience, the second profile may be stored in a profile server different from the profile server 230, for example, the second profile server 240 of fig. 2.

Further, in operation 305, the profile server 230 can optionally store the certificate of the eSIM 211 installed on the first terminal 210 and the certificate in the certificate hierarchy of the corresponding certificate transmitted in operation 303. Further, the profile server 230 can optionally store the public key of the certificate of the eSIM 211 installed on the first terminal 210 transmitted in operation 303.

In operation 307, the profile server 230 may transmit an activation code capable of downloading the profile prepared in operation 305 to the first terminal 210, and may further inform that the first profile needs to be deleted. The method for notifying that the first profile needs to be deleted may use, for example, a method such as transmitting a first profile deletion request flag (delete profile), transmitting a first profile reuse flag (reuse profile), not transmitting a first profile no deletion flag (no delete profile), or not transmitting a new profile use flag (new profile).

Further, in operation 307, when further providing a notification that the first profile needs to be deleted, the profile server may selectively notify the first terminal 210 that the first profile deletion result (the result transmitted through the second terminal 220) may be processed. The method for notifying that the first profile deletion result of the first terminal 210 transmitted through the second terminal 220 can be processed may use, for example, a method such as transmitting a profile deletion notification support flag or not transmitting a profile deletion notification non-support flag.

Further, in operation 307, when a notification that the first profile deletion result of the first terminal 210 transmitted through the second terminal 220 can be processed is provided, the profile server may optionally include at least one address of the notification receiver 300 in which the first profile deletion result of the first terminal 210 transmitted through the second terminal 220 is to be processed. The method for notifying the address of the notification receiver 300 may use, for example, a method such as a frequently defined domain name (FQDN), an Internet Protocol (IP) address, and a Uniform Resource Locator (URL) that transmits the address of the notification receiver 300. When the notification receiver 300 is the same as the profile server 230 or 240 storing the first profile or the second profile in operation 305, the profile server may not notify the address of the notification receiver 300 in a selective manner.

Furthermore, in operation 307, the profile server 230 may further notify the first terminal 210 of information about the second profile (profile metadata) and/or some or all of the information to be noted by the user who downloaded the profile metadata, if necessary. When the first terminal 210 further receives information about the second profile and/or information to be noted by the user who downloads the second profile, the first terminal 210 may output some or all of the information to the user 200 and receive the consent of the user 200.

In operation 309, the first terminal 210 may delete the first profile according to the request of the profile server 230, and may generate a deletion result to be notified to at least one notification receiver (deletion notification) configured in the first profile. When the first profile needs to be disabled before deleting the first profile, the first terminal 210 may disable the profile, and here, the first terminal 210 may generate a disable result to be notified to at least one notification receiver configured in the first profile. The disabling result and the deleting result of the first profile may include at least a profile identifier (ICCID) of the first profile. The disabling result and the deleting result of the first profile may include the certificate of the eSIM 211 installed in the first terminal 210 and the certificate in the certificate hierarchy of the corresponding certificate. Further, the first profile disable and delete result can include a digital signature generated using a private key paired with the public key included in the certificate of eSIM 211.

For example, operation 309 may be performed using at least one of a profile disable message (disable profile), a profile delete message (delete profile), and a notification list retrieval message (retrieve notification list).

In operation 311, the first terminal 210 may provide a notification of the disable and delete result of the first profile to the server having the recipient address included in the disable and delete result generated in operation 309. Although fig. 3 illustrates that the first terminal 210 notifies the profile server 230 and the notification receiver 300 of the disable result and the delete result for convenience of the drawing, the disable result and the delete result may be transmitted to another profile server (e.g., the second profile server 240 illustrated in fig. 2 or a third profile server not illustrated in the drawing), and the disable result and the delete result may be separately transmitted.

Operation 311 may be performed using, for example, a notification handle message. Further, when the first profile is already in the disabled state, the first terminal 210 may omit the operation of disabling the first profile and the operation of notifying the profile server 230 of the result of the disabling in operation 309. Each server notified of the result in operation 311 may verify the result and may transmit the verification result to the first terminal 210, the service provider 250, the profile server 230, and another profile server not shown in fig. 3.

In operation 311, the profile server 230 may recognize that the first terminal 210 has deleted the first profile, and may configure the first profile or the second profile prepared in operation 305 to be in a downloadable state. Further, the profile server 230 may selectively inform the first terminal 210 that the first or second profile is in a downloadable state.

In operation 313, the first terminal 210 may generate an activation code capable of downloading the profile (the profile prepared in operation 305) notified in operation 307 and a new activation code including the deletion result of the first profile generated in operation 309 in a selective manner.

In operation 313, when the profile server 230 has notified that the deletion result of the first profile of the first terminal 210 transmitted through the second terminal 220 can be processed in operation 307, the first terminal 210 can generate a new activation code. Although the profile server 230 has notified that the deletion result of the first profile of the first terminal 210 transmitted through the second terminal 220 can be processed in operation 307, the first terminal 210 may selectively perform operation 313 when the notification of the deletion result of the first profile is successfully performed in operation 311. The first terminal 210 may perform operation 313 regardless of the process of the notification of the profile server 230 or the notification of the deletion result of the first profile.

Further, when the address of the notification receiver that can process the first profile deletion result of the first terminal 210 transmitted through the second terminal 220 is notified in operation 307, the first terminal 210 may include the first profile deletion result, which is included in the same recipient address as the notification address of the notification receiver, among the first profile deletion results generated in operation 309 in the new activation code.

Further, although the address of the notification receiver, which can process the first profile deletion result of the first terminal 210 transmitted through the second terminal 220, is notified in operation 307, the first terminal 210 may not generate a new activation code when there is no first profile deletion result including the same recipient address in operation 313.

Further, in operation 307, when the address of the notification receiver that can process the first profile deletion result of the first terminal 210 transmitted through the second terminal 220 is not notified, or when the first profile deletion result including the same recipient address is not included in spite of the notification of the address of the notification receiver, the first terminal 210 may include the first profile deletion result satisfying the following condition among the first profile deletion results generated in operation 309 in a new activation code in operation 313:

-a first profile deletion result having a small sequence number among the first profile deletion results;

-a first profile deletion result having the same recipient address as the address of the profile server 230 among the first profile deletion results;

-a first profile deletion result, among the first profile deletion results, having the same recipient address as the address of the profile server included in the activation code from which the profile prepared in operation 305 can be downloaded; and/or

-randomly selected ones of the first profile deletion results.

Further, in operation 313, the first terminal 210 may include all or part of the selected first profile deletion result in the new activation code. In this case, the first terminal 210 can include only the portion of the new activation code other than the certificate in the certificate hierarchy of the eSIM 211 and the corresponding certificate from the transmitted first profile deletion result. Further, the first terminal 210 can generate a deletion notification for the device change that includes the first profile deletion result, does not include the certificate of the eSIM 211 and the certificate in the certificate hierarchy of the corresponding certificate, and can include the deletion notification for the device change in the new activation code.

In operations 315 and 317, the first terminal 210 may transmit the activation code transmitted in operation 307 or the activation code generated in operation 313 to the second terminal 220.

As an example, the first terminal 210 transmits the activation code to the second terminal 220 in operation 315, the first terminal 210 may convert the activation code into an image form (e.g., a Quick Response (QR) code) or a character string form, and output it onto a screen, and may inform a user that the activation code is ready.

In operation 317, the user 200 may input the activation code output on the screen of the first terminal 210 to the second terminal 220. As a method of inputting the activation code, various methods such as capturing an image (e.g., QR code) with a camera or inputting a character string with a keyboard may be used. Further, when the first terminal 210 and the second terminal 220 are connected to each other through short-range communication (e.g., bluetooth, NFC, wi-Fi Direct, etc.), the first terminal 210 may directly transmit the activation code to the second terminal 220 without outputting the activation code to the screen in operation 315.

In operation 319, the second terminal 220 may transmit a profile download request to the profile server 230. Operation 319 may be performed using, for example, at least one of an authentication initiation message, a device authentication request (authentication client) message, and a transfer request message. Operation 319 may include a procedure in which the second terminal 220 transmits an event identifier (MatchingID) included in the activation code to the profile server 230. In operation 319, the second terminal 220 may make an internet connection using Wi-Fi or internet sharing function provided by the first terminal 210. In operation 319, when the activation code transmitted from the first terminal 210 includes the first profile deletion result, the second terminal 220 may include a process of transmitting the corresponding first profile deletion result to the profile server 230 in a selective manner. In operation 319, although the second terminal 220 includes a process of transmitting the first profile deletion result, when the profile server 230 does not support the processing of the first profile deletion result, the profile server 230 may return an error code and terminate the operation, or continue the next operation without returning an error code.

In operation 321, the profile server 230 may first identify whether the profile is in a downloadable state. When it is not recognized through operations 309 to 311 that the first profile has been deleted from the first terminal and thus the profile download is impossible, the profile server 230 returns an error code and terminates the operation. When profile download is possible, the profile server 230 may transmit information about the profile and information to be noted by the user who downloaded the first profile to the second terminal 220. The information about the profile may include, for example, the name of the service provider 250, a logo, a profile policy, etc. The information to be noted by the user downloading the profile may include, for example, the remaining number of profile transfers allowed by the service provider 250 or the user paying for the profile transfer.

In operation 321, when it is not recognized that the first profile has been deleted from the first terminal and the profile download is impossible through operations 309 to 311, the profile server 230 may recognize the first profile deletion result transmitted by the second terminal 220 in operation 319. In operation 313, when the first terminal 210 includes a portion of the first profile deletion result in the activation code, i.e., only includes a portion other than the certificate of the eSIM 211 and the certificate in the certificate hierarchy of the corresponding certificate, the profile server 230 can recover the first profile deletion result by combining the certificate in the certificate hierarchy of the eSIM 211 and the certificate of the corresponding certificate stored in operation 305 and the transmitted first profile deletion result in order to enable verification of the signature of the eSIM 211.

Further, the profile server 230 may verify the transmitted first profile deletion result or the restored first profile deletion result in operation 321. In addition, when the first terminal 210 includes the deletion notification for the device change in the activation code in operation 313, the profile server 230 can verify the deletion notification for the device change by using the certificate public key of the eSIM 211 stored in operation 305. If the recipient address of the first profile deletion result is not the address of the profile server 230, the profile server may transmit the first profile deletion result to the notification receiver 300 of the corresponding recipient address, and the notification receiver 300 may verify the first profile deletion result and return the verification result to the profile server 230.

In operation 321, when the profile server 230 fails to verify the first profile deletion result, or receives a verification error result, or fails to receive a verification result from another notification receiver 300, or when the profile server 230 does not transmit the first profile deletion result to the notification receiver 300, the profile server 230 may return an error code and terminate the operation. If the verification of the first profile deletion result is successfully performed, the profile server 230 may transmit information about the profile (profile metadata) and information to be noted by the user who downloaded the first profile to the second terminal 220. The information about the profile may include, for example, the name of the service provider 250, a logo, a profile policy, etc. The information to be noted by the user downloading the profile may include, for example, the remaining number of profile transfers allowed by the service provider 250 or the user paying for the profile transfer.

In operation 323, the user 200 may recognize information about the profile and information to be noted by the user who downloaded the profile, and may agree to install the profile. The operation of agreeing to install the profile may include an operation of selecting yes/no, inputting a password configured by the user 200, or inputting biometric information such as a fingerprint or iris of the user 200.

In operation 325, the second terminal 220 may inform the profile server 230 that the user 200 has agreed to download the profile, and may request a profile package from the profile server 230.

In operation 327, the profile server 230 may transmit a profile package of the profile to the second terminal 220.

In operation 329, the second terminal 220 may install the profile by using a profile package of the profile.

Fig. 4 illustrates a process in which a first terminal transmits an activation code stored in the first terminal to a second terminal to download a profile according to an embodiment of the present disclosure.

In fig. 4, a configuration and explanation of the user 200, the first terminal 210, the second terminal 220, the profile server 230, and the service provider 250 will be described with reference to fig. 2. For example, the user 200, the first terminal 210, the second terminal 220, the profile server 230, and the service provider 250 may correspond to the user 200, the first terminal 210, the second terminal 220, the first profile server 230, and the service provider 250 of fig. 2, respectively. In addition, the configuration and explanation of the notification receiver 300 will be described with reference to fig. 3.

Referring to fig. 4, in operation 401, the user 200 may request transmission of a first profile from the first terminal 210. For this, the user 200 can recognize information (profile metadata) about the first profile and information to be noted by the user who wants to transmit the first profile through the first terminal 210. Information about the first profile or information to be noted by the user who is to transmit the first profile may be stored in the first terminal 210 or the first profile. The information about the first profile may include, for example, the name, logo, profile policy, etc. of the service provider 250. The information to be noted by the user who is to transmit the first profile may include, for example, the remaining number of profile transmissions allowed by the service provider 250 or the fee paid by the user for profile transmission.

In addition, the first terminal 210 or the first profile may have stored an activation code that the terminal needs to use to perform profile transmission and information indicating that the first profile needs to be deleted for profile transmission. The activation code that the terminal needs to use to perform the profile transmission may be, for example, an activation code that is used when the first profile has been installed in the first terminal in the past. For example, information indicating that the first profile needs to be deleted for profile transfer may be expressed using a method such as configuring a first profile deletion request flag (delete profile), configuring a first profile reuse flag (reuse profile), not configuring a first profile not delete flag (not delete profile), or not configuring a new profile use flag (new profile).

Further, when the first terminal 210 or the first profile may have stored information indicating that the first profile needs to be deleted, information indicating that a deletion result of the first profile of the first terminal 210 may be transmitted and processed through the second terminal 220 may be stored therein. The information indicating that the deletion result of the first profile of the first terminal 210 transmitted through the second terminal 220 may be transmitted and processed through the second terminal 220 may use, for example, a method of configuring a profile deletion notification support flag or not configuring a profile deletion notification non-support flag.

In addition, when information indicating that the deletion result of the first profile of the first terminal 210 can be transmitted and processed through the second terminal 220 is configured, the first terminal 210 or the first profile may include at least one address of the notification receiver 300, and the notification receiver 300 may process the deletion result of the first profile transmitted through the second terminal 220 in a selective manner. As a method for notifying the address of the notification receiver 300, a method of transmitting the FQDN, the IP address, and the URL of the address of the notification receiver 300, for example, may be used.

In operation 403, the first terminal 210 may read an activation code, which the terminal may use to transmit a profile or first profile stored in the first terminal 210. The activation code may include at least an address of the profile server 230 storing the first to second profiles, and an event identifier (MatchingID) connected to the first and second profiles. In this case, the first and second profiles stored in the profile server 230 may be configured in a state in which the download is not yet possible. Further, the first terminal 210 may read information indicating that the first profile needs to be deleted, information indicating that the deletion result of the first profile of the first terminal 210 may be transmitted and processed through the second terminal 220, and an address of the notification receiver 300 that the deletion result of the first profile may be processed.

In operation 405, the first terminal 210 may delete the first profile and may generate a deletion result to be notified to at least one notification receiver configured in the first profile. When the first profile needs to be disabled before deleting the first profile, the first terminal 210 may disable the profile, and herein, the first terminal 210 may generate a disable result to be notified to at least one notification receiver configured in the first profile. The disabling and deleting result of the first profile may include at least a profile identifier (ICCID) of the first profile. The disabling and deleting result of the first profile can include the certificate of the eSIM 211 installed in the first terminal 210 and the certificate in the certificate hierarchy of the corresponding certificate. Further, the first profile disable and delete result can include a digital signature generated using a private key paired with the public key included in the certificate of eSIM 211. For example, operation 405 may be performed using at least one of a profile disable message (disable profile), a profile delete message (delete profile), and a notification list retrieval message (retrieve notification list). Operation 405 may be performed when information indicating that the first profile needs to be deleted is stored or is not taken into account.

In operation 407, the first terminal 210 may provide a notification of the disable and delete result of the first profile to the server having the recipient address included in the disable and delete result generated in operation 309. Although fig. 4 shows that the first terminal 210 notifies the profile server 230 and the notification receiver 300 of the disabling result and the deleting result for convenience of drawing, the disabling result and the deleting result may be transmitted to another profile server (e.g., the second profile server 240 shown in fig. 2 or a third profile server not shown in the drawing), and the disabling result and the deleting result may be separately transmitted. Operation 407 may be performed using, for example, a notification handle message. Further, when the first profile is already in the disabled state, the first terminal 210 may omit the operation of disabling the first profile and the operation of notifying the profile server 230 of the result of the disabling in operation 407.

In operation 407, the profile server 230 and the operator 250 may identify a possibility of transmitting the first profile. The profile server 230 and the operator 250 may prepare to reuse the first profile if the first profile may be transferred to another terminal. Operation 407 may be performed using at least one of a download order message, an order confirmation message, a remote management order (rpm order) message, an order release message, or a notification process.

In operation 407, the profile server 230 may identify that the first terminal 210 has deleted the first profile, and may configure the first to second profiles in a downloadable state. In addition, the profile server 230 may inform the first terminal 210 that the first to second profiles are in a downloadable state. If it is not confirmed to delete the first profile in operation 407, the profile server 230 may configure the first to second profiles as not downloadable or may maintain an existing configuration.

In operation 409, when information indicating that the deletion result of the first profile can be transmitted and processed through the second terminal 220 is configured, the first terminal 210 may selectively generate a new activation code including the deletion result of the first profile generated in operation 405. The first terminal 210 may selectively generate a new activation code including the deletion result of the first profile generated in operation 405 regardless of the configuration.

In operation 409, when the address of the notification receiver 300, which can process the first profile deletion result transmitted through the second terminal 220, is configured, the first terminal 210 may include the first profile deletion result among the first profile deletion results generated in operation 405 in the new activation code, including the same receiver address as the configuration address of the notification receiver.

Further, in operation 409, although an address of the notification receiver 300 that can process the first profile deletion result transmitted through the second terminal 220 is configured, the first terminal 210 may not generate a new activation code when there is no first profile deletion result including the same receiver address.

Further, in operation 409, when the address of the notification receiver 300, which can process the first profile deletion result transmitted through the second terminal 220, is not configured, or when there is no first profile deletion result including the same receiver address although the address of the notification receiver has been configured, the first terminal 210 may include the first profile deletion result satisfying the following condition among the first profile deletion results generated in operation 309 in a new activation code:

-a first profile deletion result having a small sequence number among the first profile deletion results;

-a first profile deletion result having the same recipient address as the address of the profile server 230 among the first profile deletion results;

-among the first profile deletion results, the first profile deletion result has the same recipient address as the address of the profile server comprised in the activation code, which the terminal can use to perform the transmission of the profile stored in the first profile; and/or

-randomly selected ones of the first profile deletion results.

Further, in operation 409, the first terminal 210 may include all or part of the selected first profile deletion result in the new activation code. In this case, the first terminal 210 can include only the portion of the new activation code other than the eSIM 211 certificate and the certificate in the certificate hierarchy from the corresponding certificate of the transmitted first profile deletion result. Further, the first terminal 210 can generate a deletion notification for the device change that includes the first profile deletion result in addition to the eSIM 211 certificate and the certificate in the certificate hierarchy of the corresponding certificate, and can include the deletion notification for the device change in the new activation code.

In operation 411, the first terminal 210 may convert the activation code into an image form (e.g., a Quick Response (QR) code) or a character string form, and output it onto a screen, and may inform the user that the activation code is ready.

In operation 413, the user 200 may input the activation code output on the screen of the first terminal 210 to the second terminal 220. As a method of inputting the activation code, various methods such as capturing an image (e.g., QR code) with a camera or inputting a character string with a keyboard may be used. Further, when the first terminal 210 and the second terminal 220 are connected to each other through short-range communication (e.g., bluetooth, NFC, wi-Fi Direct, etc.), the first terminal 210 may directly transmit the activation code to the second terminal 220 without outputting the activation code to the screen.

In operation 415, the second terminal 220 may request the downloading of the first to second profiles from the profile server 230. Operation 415 may be performed using, for example, at least one of an authentication initiation message, a device authentication request (authentication client) message, and a transfer request message. Operation 415 may include a process in which the second terminal 220 transmits an event identifier (MatchingID) included in the activation code to the profile server 230.

In operation 415, the second terminal 220 may make an internet connection using Wi-Fi or internet sharing functions provided by the first terminal 210. In operation 415, when the activation code transmitted from the first terminal 210 includes the first profile deletion result, the second terminal 220 may include a process of transmitting the corresponding first profile deletion result to the profile server 230 in a selective manner. In operation 415, although the second terminal 220 includes a process of transmitting the first profile deletion result, when the profile server 230 does not support the processing of the first profile deletion result, the profile server 230 may return an error code and terminate the operation, or continue the next operation without returning an error code.

In operation 417, the profile server 230 may first identify whether the first profile is in a downloadable state. When the first to second profiles, which have been deleted from the first terminal and thus it is impossible to download the prepared first to second profiles, are not recognized through operations 405 to 407, the profile server 230 may return an error code and terminate the operation. When profile download is possible, the profile server 230 may transmit information about the profile (profile metadata) and information to be noted by the user who downloaded the profile to the second terminal 220. The information about the profile may include, for example, the name of the service provider 250, a logo, a profile policy, etc. The information to be noted by the user downloading the profile may include, for example, the remaining number of profile transfers allowed by the service provider 250 or the user paying for the profile transfer.

In operation 417, when it is not recognized that the first profile has been deleted from the first terminal and the profile download is impossible through operations 405 to 407, the profile server 230 may recognize the first profile deletion result transmitted by the second terminal 220 in operation 417. In operation 417, when the first terminal 210 includes a portion of the first profile deletion result in the activation code, i.e., only a portion other than the eSIM 211 certificate and the certificate in the certificate hierarchy of the corresponding certificate, the profile server 230 can recover the first profile deletion result by combining the certificate in the certificate hierarchy of the eSIM 211 and the corresponding certificate, which is stored in the operation of providing the first profile to the first terminal 210 (not shown, prior to operation 401), and the transmitted first profile deletion result, in order to enable verification of the signature of the eSIM 211.

Further, in operation 417, the profile server 230 may verify the transmitted first profile deletion result or the restored first profile deletion result. Further, in operation 409, when the first terminal 210 includes the deletion notification for the device change in the activation code, the profile server 230 can verify the deletion notification for the device change by using the certificate public key of the eSIM 211 stored in the operation of providing the first profile to the first terminal 210 (not shown before operation 401). If the recipient address of the first profile deletion result is not the address of the profile server 230, the profile server may transmit the first profile deletion result to the notification receiver 300 of the corresponding recipient address, and the notification receiver 300 may verify the first profile deletion result and return the verification result to the profile server 230.

When the profile server 230 fails to verify the first profile deletion result in operation 417, or has received a verification error result, or fails to receive a verification result from another notification receiver 300, or when the profile server 230 fails to send the first profile deletion result to the notification receiver 300, the profile server 230 may return an error code and terminate the operation. If the verification of the first profile deletion result is successfully performed, the profile server 230 may transmit information about the profile (profile metadata) and information to be noted by the user who downloaded the profile to the second terminal 220. The information about the profile may include, for example, the name of the service provider 250, a logo, a profile policy, etc. The information to be noted by the user downloading the profile may include, for example, the remaining number of profile transfers allowed by the service provider 250 or the user paying for the profile transfer.

In operation 419, the user 200 may identify information about the profile and information to be noted by the user who downloaded the profile, and may agree to install the profile. The operation of agreeing to install the profile may include an operation of selecting yes/no, inputting a password configured by the user 200, or inputting biometric information such as a fingerprint or iris of the user 200.

In operation 421, the second terminal 220 may inform the profile server 230 that the user 200 has agreed to download the profile, and may request a profile package from the profile server 230.

In operation 423, the profile server 230 may transmit a profile package of the profile to the second terminal 220.

In operation 425, the second terminal 220 may install the profile by using the profile package of the profile.

Fig. 5 is a block diagram illustrating elements of a terminal according to an embodiment of the present disclosure.

Each of the terminals (the first terminal 210, the second terminal 220, and the terminals that have been described without reference numerals) described in the present disclosure may correspond to the first terminal or the second terminal described in fig. 2. The first terminal 210 and the second terminal 220 may be one embodiment of the terminal of fig. 2, and the expressions "first" and "second" are only used to indicate that the respective terminals are physically different from each other.

As shown in fig. 5, a terminal may include a transceiver 510 and a processor 520. Further, the terminal may include a UICC 530. For example, the UICC 530 may be inserted into a terminal, and may be an eUICC embedded in the terminal.

The transceiver 510 may send or receive signals, information, data, etc. to or from a profile server.

The transceiver 510 according to an embodiment of the present disclosure may transmit a message requesting an activation code to a profile server, receive the activation code and information indicating whether profile deletion is required from the profile server, and transmit a profile deletion result to the profile server.

The transceiver 510 according to an embodiment of the present disclosure may send a message requesting a profile to a profile server by using an activation code and may receive a profile package.

Processor 520, on the other hand, is an element for overall control of the terminal. According to various embodiments of the present disclosure, the processor 520 may control the overall operation of the terminal. Processor 520 may be referred to as a controller. According to an embodiment of the present disclosure, the processor 520 may include at least one processor.

The processor 520 according to the embodiment of the present disclosure may be configured to control a terminal to receive a profile transmission request from a user, identify profile transmission information, send a message requesting an activation code to a profile server, receive the activation code and information indicating whether profile deletion is required from the profile server, delete a profile, send a profile deletion result to the profile server, and send the activation code to another terminal.

The processor 520 according to the embodiment of the present disclosure may be configured to control the terminal to receive an activation code from another terminal, receive a profile package from a profile server by transmitting a message requesting the profile to the profile server using the activation code, and install the profile package.

UICC530 according to embodiments of the present disclosure may download the profile and install the profile. In addition, the UICC530 may manage the profile.

UICC530 may run under control of processor 520. UICC530 may include a processor or controller for installing a profile, or may install an application therein. A portion of the application may be installed in the processor 520.

The terminal may further include a memory (not shown), and may store data such as basic programs, application programs, and configuration information for operation of the terminal. Further, the memory may include at least one storage medium among a flash memory type memory, a hard disk type memory, a multimedia card micro memory, a card type memory (e.g., SD or XD memory, etc.), a magnetic memory, a magnetic disk, an optical disk, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), and an Electrically Erasable Programmable Read Only Memory (EEPROM). In addition, the processor 520 may perform various operations using various programs, content, data, and the like. Stored in a memory.

Fig. 6 is a block diagram illustrating elements of a profile server according to an embodiment of the present disclosure.

Each of the profile servers described in the present disclosure (the first profile server 230, the second profile server 240, and the servers that have been described without reference numerals) may correspond to the profile server described in fig. 2. The first profile server 230 and the second profile server 240 may be embodiments of the servers of fig. 2, and the expressions "first" and "second" are used only to indicate that the respective profile servers are physically distinct profile servers from each other.

Referring to fig. 6, the profile server may include a transceiver 610 and a processor 620.

The transceiver 610 may transmit or receive signals, information, data, etc. to or from a terminal or service provider.

The transceiver 610 according to an embodiment of the present disclosure may be configured to receive a profile transfer request message from a terminal, transmit a message including an activation code and information indicating whether profile deletion is required to the terminal, receive a profile delete message from the terminal, receive a profile download request message from the terminal, transmit a profile package to the terminal when the profile is in a downloadable state, and transmit an error code when the profile is not in a downloadable state.

Processor 620, on the other hand, is an element for an overall control profile server. According to various embodiments of the present disclosure, the processor 620 may control the overall operation of the profile server. The processor 620 may be referred to as a controller. According to an embodiment of the present disclosure, the processor 620 may include at least one processor.

The processor 620 according to an embodiment of the present disclosure may be configured to control a profile server to receive a profile transmission request message from a terminal, determine whether profile transmission is possible, generate an activation code capable of downloading a profile, configure the profile into an un-downloadable state when profile transmission is possible, configure the profile into a downloadable state when profile transmission is not possible, transmit a message including the activation code and information indicating whether profile deletion is required to the terminal, receive a profile deletion result from the terminal, change the profile into a downloadable state, receive a profile download request message from the terminal, determine whether the profile is in the downloadable state, transmit a profile package to the terminal when the profile is in the downloadable state, and transmit an error code when the profile is not in the downloadable state.

The profile server may also include a memory (not shown) and may store data such as basic programs, application programs, and configuration information for the operation of the profile server. Further, the memory may include at least one storage medium among a flash memory type memory, a hard disk type memory, a multimedia card micro memory, a card type memory (e.g., SD or XD memory, etc.), a magnetic memory, a magnetic disk, an optical disk, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), and an Electrically Erasable Programmable Read Only Memory (EEPROM). Further, the processor 620 may perform various operations using various programs, contents, data, etc., stored in the memory.

According to an embodiment of the present disclosure, a terminal in a wireless communication system may be configured to receive a request of a user to reinstall a profile that has been installed in a terminal for network connection in another terminal. Further, the terminal may request an activation code for profile download from the profile server or read the activation code stored in the terminal by referring to profile transmission information stored in the terminal. Further, the terminal may delete the profile to be transmitted according to the request of the profile server or by referring to profile transmission information stored in the terminal. Furthermore, the terminal may transmit an activation code, which has been received from the profile server or stored in the terminal, to another terminal through user input, if necessary. In addition, the terminal may download the profile from the profile server by using the activation code.

According to embodiments of the present disclosure, a profile server in a wireless communication system may be configured to generate a profile for a terminal to connect to a network and an activation code required for profile download. Further, the profile server may be configured to determine whether profile transmission is possible in response to a profile transmission request received from the terminal, transmit a profile deletion request and an activation code capable of downloading a profile to be transmitted to the terminal when profile transmission is possible, transmit an activation code capable of downloading a new profile to the terminal when profile transmission is not possible, receive a deletion result of the profile to be transmitted from the terminal, change the profile to a downloadable state, receive a profile download request from the terminal, determine whether the profile is downloadable, and transmit the profile to the terminal when the profile is downloadable.

In the above detailed embodiments of the present disclosure, elements included in the present disclosure are expressed in singular or plural according to the presented detailed embodiments. However, for convenience of description, the singular or plural forms are appropriately selected as the presented case, and the present disclosure is not limited to the elements expressed in the singular or plural. Thus, an element expressed in a plurality of numbers can also include a single element, or an element expressed in the singular can also include a plurality of elements.

Although specific embodiments have been described in the detailed description of the present disclosure, various modifications and changes can be made thereto without departing from the scope of the disclosure. Accordingly, the scope of the present disclosure should not be defined as limited to the embodiments, but should be defined by the appended claims and equivalents thereof.

It should be understood that the various embodiments of the disclosure and the terminology used therein are not intended to limit the technical features set forth herein to the particular embodiments, but rather include various changes, equivalents, or alternatives to the corresponding embodiments. With respect to the description of the drawings, like reference numerals may be used to identify like or related elements. The singular form of a noun corresponding to an item may include one or more items unless the context clearly dictates otherwise. As used herein, each of such phrases as "a or B", "at least one of a and/or B", "at least one of A, B or C", and "at least one of A, B and/or C" may include all possible combinations of items listed together in a respective one of the phrases. As used herein, terms such as "first," "second," "first," and "second" may be used to simply distinguish one element from another element and do not limit the elements. When an element (e.g., a first element) is referred to as being "coupled/connected" or "coupled/connected" to another element (e.g., a second element), it can be directly coupled/connected or coupled/connected to the other element or the other element (e.g., a third element) with or without the use of the terms "operatively" or "communicatively".

As used herein, the term "module" may include a unit implemented in hardware, software, or firmware, and may be used interchangeably with other terms, e.g., "logic," "logic block," "component," or "circuit," "module" may be the smallest unit of a single integrated component adapted to perform one or more functions, or be part thereof. For example, according to an embodiment, a "module" may be implemented in the form of an Application Specific Integrated Circuit (ASIC).

The various embodiments set forth herein may be implemented as software (e.g., a program) comprising instructions stored on a storage medium (e.g., internal memory or external memory) readable by a machine (e.g., a computer). The machine is a device that may invoke stored instructions from a storage medium and operate according to the invoked instructions, and may include terminals (e.g., the first terminal 210 and the second terminal 220) according to various embodiments of the present disclosure. When the instructions are executed by a processor (e.g., processor 520 in fig. 9 or processor 620 in fig. 10), the processor may perform functions corresponding to the instructions with or without other components under the control of the processor. The instructions may include code that is generated or executed by a compiler or an interpreter.

The machine-readable storage medium may be provided in the form of a non-transitory storage medium. Wherein the term "non-transitory" merely means that the storage medium is a tangible device and does not include signals (e.g., electromagnetic waves), but the term does not distinguish between locations where data is semi-permanently stored in the storage medium and locations where data is temporarily stored in the storage medium.

Methods according to various embodiments of the present disclosure may be included in a computer program product and provided therein. The computer program product may be traded as a product between a seller and a buyer. The computer program product may be distributed in the form of a machine-readable storage medium, e.g. a compact disc read only memory (CD-ROM), or distributed online (e.g. downloaded or uploaded) via an application store, or distributed directly between two user devices, e.g. smart phones. If distributed online, at least a portion of the computer program product may be temporarily generated or at least temporarily stored in a machine readable storage medium, such as a memory of a manufacturer's server, a server of an application store, or a relay server.

Each element (e.g., module or program) according to various embodiments may include a single entity or multiple entities, some of the above-described sub-elements may be omitted, or other sub-elements may be additionally included in various embodiments. Alternatively or additionally, some elements (e.g., modules or programs) may be integrated into a single entity. In this case, the integrated entity may still perform the functions already performed by each respective element before the integration in the same or similar way. According to various embodiments, operations performed by modules, programs, or other elements may be performed sequentially, in parallel, repeatedly, or heuristically, or one or more operations may be performed in a different order or omitted, or one or more other operations may be added.

While the present disclosure has been described with various embodiments, various changes and modifications may be suggested to one skilled in the art. The present disclosure is intended to embrace such alterations and modifications that fall within the scope of the appended claims.

Claims (15)

1. A method performed by a first device in a communication system, the method comprising:

identifying a selection of a profile to operate the device change;

transmitting a first message to a server for requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) of the profile; and

a response message to the first message is received from the server, the response message including an activation code for the profile, information indicating deletion of the profile, information informing that a deletion notification is supported, and information on an address of a receiver that processes the deletion notification.

2. The method of claim 1, further comprising:

deleting the profile from an embedded universal integrated circuit card (eUICC) based on a response message; and

a deletion notification of the deleted profile is obtained from the eUICC.

3. The method of claim 2, further comprising:

based on the information about the address of the receiver that handled the deletion notification, a second message including the deletion notification is sent to the receiver.

4. The method of claim 2, further comprising:

transmitting an activation code comprising information about a matching Identifier (ID) of the profile to a second device,

wherein the profile is downloaded from the server to the second device based on the information about the matching ID, and

wherein the activation code further comprises a portion of the deletion notification.

5. A method performed by a server in a communication system, the method comprising:

receiving a first message from a first device requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) of a profile; and

transmitting a response message to the first device based on the ICCID,

wherein the response message comprises an activation code for the profile, information indicating deletion of the profile, information informing that a deletion notification is supported, and information on an address of a receiver processing the deletion notification.

6. The method of claim 5, further comprising:

a deletion notification of the deleted profile is received from the first device.

7. The method of claim 6, further comprising:

receiving an activation code comprising information about a matching Identifier (ID) of the profile from a second device; and

The profile is provided to the second device based on the information about the matching ID.

8. A method of a second device in a communication system, the method comprising:

receiving an activation code from a first device, the activation code comprising information about a matching Identifier (ID) of a profile and a portion of a deletion notification of the profile;

transmitting information about the matching ID to the server; and

receiving from the server said profile based on information about the matching ID,

wherein the activation code is included in a message for a device change sent from the server to the first device, an

Wherein the message further includes information indicating deletion of the profile, information notifying support of deletion notification, and information about an address of a receiver processing deletion notification.

9. A first device in a communication system, the first device comprising:

a transceiver; and

a controller configured to:

identifying a selection of a profile to operate the device change;

controlling the transceiver to send a first message to the server requesting a device change, the first message comprising an Integrated Circuit Card Identifier (ICCID) of the profile, and

the control transceiver receives a response message to the first message from the server, the response message including an activation code for the profile, information indicating deletion of the profile, information informing that deletion notification is supported, and information on an address of a receiver that processes the deletion notification.

10. The first device of claim 9,

wherein the controller is further configured to delete the profile from an embedded universal integrated circuit card (eUICC) based on the response message and obtain a delete notification of the deleted profile from the eUICC.

11. The first device of claim 10, wherein the controller is further configured to control the transceiver to send a second message including the deletion notification to the receiver based on information about an address of the receiver that handled the deletion notification.

12. The first device of claim 10,

wherein the controller is further configured to control the transceiver to transmit an activation code comprising information about a matching Identifier (ID) of the profile to the second device,

wherein the profile is downloaded from the server to the second device based on the information about the matching ID, and

wherein the activation code further comprises a portion of the deletion notification.

13. A server in a communication system, the server comprising:

a transceiver; and

a controller configured to:

the control transceiver receives a first message from a first device requesting a device change, the first message including an Integrated Circuit Card Identifier (ICCID) of a profile, and

The control transceiver transmits a response message to the first device based on the ICCID,

wherein the response message comprises an activation code for the profile, information indicating deletion of the profile, information informing that a deletion notification is supported, and information on an address of a receiver processing the deletion notification.

14. The server according to claim 13,

wherein the controller is further configured to control the transceiver to receive a deletion notification of the deleted profile from the first device, to receive an activation code comprising information about a matching Identifier (ID) of the profile from the second device, and to provide the profile to the second device based on the information about the matching ID.

15. A second device in a communication system, the second device comprising:

a transceiver; and

a controller configured to:

the control transceiver receives an activation code from the first device, the activation code comprising information about a matching Identifier (ID) of a profile and a portion of a deletion notification of said profile,

controlling the transceiver to transmit information about the matching ID to the server, and

the control transceiver receives the profile based on the information about the matching ID from the server,

Wherein the activation code is included in a message for a device change sent from the server to the first device, an

Wherein the message further includes information indicating deletion of the profile, information notifying support of deletion notification, and information about an address of a receiver processing deletion notification.