DE102016012340A1 - Profile counter in a security element - Google Patents

Abstract

The present invention is directed to a method for counting profiles in a security element. This allows a user to obtain information regarding the wear or possible inspection intervals of a device. The present invention is further directed to a security element and a mobile terminal configured to count stored profiles. The invention is further directed to a communication protocol and to a mobile radio system, which is operated for example by means of the proposed communication protocol. Furthermore, a computer program product is proposed with control commands which implement the method or save the communication protocol.

Description

The present invention is directed to a method for counting profiles in a security element. This allows a user to obtain information regarding the wear or possible inspection intervals of a device. The present invention is further directed to a security element and a mobile terminal configured to count stored profiles. The invention is further directed to a communication protocol and to a mobile radio system, which is operated for example by means of the proposed communication protocol. Furthermore, a computer program product is proposed with control commands which implement the method or save the communication protocol.

DE 10 2014 008 267 A1 shows a method for managing a plurality of subscription profiles on a security element of a terminal, wherein the subscription profiles comprise at least a standard subscription profile for posting the security element in a mobile network and for the benefit of services of this mobile network.

DE 20 2015 101 972 U1 shows a terminal comprising a communication unit configured to send and receive a signal, a control unit electrically connected to the communication unit and configured to generate information for initiating reception of a profile, and accessing a profile management server and receiving the Profiles based on information using the communication unit and setting up the received profile.

EP 3 011714 A1 shows a method for operating a security element which is part of a mobile terminal, wherein the functionality of the security element depends on a set of operating parameters stored on the security element, the method comprising the following steps, namely the operation of the security element with the security element deposited on the security element A set of operational parameters, collecting data about the use of the security element and / or the mobile terminal, executing a usage profile based on the collected data, wherein the usage profile is associated with a set of operational parameters, and operating the security element with the set of operating parameters matched to the selected usage profile.

For example, so-called SIM cards are known from the prior art, store the profiles, which it u. a. allow a mobile subscriber to log on to a mobile network and use it for telecommunications. For this purpose, a user profile is stored on the SIM card, which provides technical information that allow the mobile device to establish specific connections with a telecommunications provider and, if necessary, negotiate parameters. However, such profiles may also include other data and programs to be executed, such as user-specific data comprising a telephone book.

In this case, it is possible that the mobile terminal receives a profile or a subscription profile from the network provider and stores it in a memory. As is known, different functions are offered which operate on such profiles. So new profiles can be downloaded, saved, adapted and deleted again. However, this has the disadvantage in the prior art that no indication is stored as to how many of the profiles have been stored. This is disadvantageous because the number of profiles could potentially give an indication of how high the degree of wear of a mobile terminal is or in which maintenance intervals either a security element or the mobile terminal has to be maintained as such.

Thus, it is particularly disadvantageous in the prior art that the corresponding memory of the security element can only be read in such a way that the existing profiles can be read out. Typically, no information is stored on how many profiles have been deleted, but rather all information of old profiles is overwritten.

It is therefore an object of the present invention to provide a method which allows a user to draw conclusions about the wear of a mobile terminal or a maintenance interval of the mobile terminal. Furthermore, it is an object of the present invention to provide a security element or a mobile terminal comprising this security element, which makes it possible to count the presence of profiles. Furthermore, it is an object of the present invention to provide a communication protocol which also allows to count the number of profiles as well as to provide a mobile communication system which can be operated by means of the proposed communication protocol. Furthermore, it is an object of the present invention to provide a computer program product with control commands which implement the method or save the communication protocol.

The object is solved with the features of claim 1. Advantageous embodiments are specified in the dependent claims.

Accordingly, a method for counting profiles in a security element which provide data in a mobile radio network to a service provider for providing a network service is proposed with the steps of iteratively storing profiles in a memory of a security element, wherein an incrementing of a profile counter takes place in each iteration.

According to the invention, a profile is not a conventional user profile, as already provided by the prior art, but a special profile, as it finds application in the mobile communications sector and is also referred to, for example, as a subscription profile. Such a profile includes technical data that enables a mobile operator to provide a special service to a mobile device. This can be the establishment of a voice connection or even a data connection. Furthermore, further data and control commands can be stored in the profiles, which enable the mobile service provider to offer a user additional additional services. However, these data and control commands can also be locally stored data that allow an additional service without the intervention of the service provider.

In one aspect of the present invention, a profile is a profile as described in the RSP architecture, version 1.0 of the GSMA. This is a standard that is freely available. Thus, in particular, an inventive step is provided in that the profile management as described, for example, in the document GSM Association, Official Document SGP .21-RSP Architecture, Version 1.0, 23 December 2015. Such a profile management can be performed for example by means of a so-called Local Profile Assistant, LPA. Thus, according to the invention, corresponding subscription profiles are managed and also counted.

The security element may typically be an eUICC. This is the abbreviation for a type of SIM card that is embedded against a conventional UICC. A typical UICC is manufactured and issued as a dedicated card for a particular mobile operator at the request of the operator and contains authentication information for accessing the operator's network in the form of a profile. Therefore, the particular mobile network operator offers subscribers such UICCs, and then, if necessary, performs management such as setting up, modifying and deleting applications within the UICC by using OTA technology. OTA stands for an over-the-air technology.

Subscribers can leverage the operator's network and application services by deploying the UICC in their own mobile devices. Further, by changing the UICC from an old terminal to a new terminal when exchanging terminals, it is possible to continue to use in the new terminal authentication information, mobile phone numbers, personal telephone numbers and the like stored in the UICC. Since an eUICC is typically not interchangeable integrated in a terminal, here the profile management gets a particularly great importance.

Typically, when a user subscribes to a mobile communication service, the usage profile made by the mobile network operator is downloaded and set up in the eUICC by over-the-air. Furthermore, such OTA download of the usage profile requires triggering by SMS sent from the network to the terminal. That is, to download the usage profile to the eUICC with OTA, the terminal should be connected to the mobile network and thereby be in a state that allows to receive an SMS and download the usage profiles through the mobile network. However, the person skilled in the art also knows further possibilities as to how the end user or the terminal receives a profile in the sense of the present invention.

Surprisingly, it has been found according to the invention that such profiles allow a conclusion on the wear and / or maintenance intervals of the mobile device. So it is possible that, for example, a security element is installed in an automobile and this takes over the communication with the network operator. If a particularly large number of profiles are stored in the security element, then it is possible that especially many previous users have already used this automobile together with the security element. Furthermore, a frequent change of owner can lead to increased wear, so maintenance operations are necessary. Furthermore, it is possible according to the invention to permanently install a security element in a mobile terminal, for example in the form of an eUICC, which stores a corresponding profile for a plurality of users. If, for example, a mobile terminal is supposedly newly acquired and certain profiles are located on the embedded security element, then a new owner can determine that other users have already used this device.

According to the invention, it is particularly advantageous that the number of profiles is counted, it being ensured that this counter is not manipulatable. In this case, the person skilled in the art knows hardware-technical or software-technical possibilities of protecting such a counter. For example, this counter can be stored in a secure area, preferably the security element. In terms of hardware, the counter can be protected in such a way that it is stored in a separate memory to which no further component has access. Thus, there is no sharing of memory so that further applications could gain unauthorized access to the meter. In terms of software, it is also possible to provide corresponding authentication options or authentication options which protect the counter against unauthorized access. Alternatively or additively, cryptographic methods can also be used which protect the counter accordingly.

Thus, the technical effect is that a tamper-resistant profile counter is provided, which makes it possible to specify the actual number of each stored profiles on a security element. This is particularly advantageous because according to the prior art when creating new profiles old profiles can be overwritten or old profiles can be easily deleted even without overwriting. If a user now wants to determine how many profiles were present on the security element, he has according to the prior art no possibilities to determine this, but always receives only the current status of the security element.

According to the invention, this is overcome by determining that a certain process is required for creating the profile, which also allows the individual iterations of the storage of user profiles to be identifiable and therefore countable. There are several ways to determine when a profile is saved. Since such a profile is typically provided by a network provider, it is possible to determine that a profile has been downloaded and then to increment the counter. Furthermore, it is possible to increment the counter if and only if an installation of the respective profile has taken place successfully. The person skilled in the art is aware of further possibilities for determining when exactly a profile was stored, it being merely necessary to point out that the incrementing of the counter is executed in a tamper-proof manner. Thus, it must be ensured that the counter is actually incremented even when a profile is stored and, for example, that the power supply is not previously interrupted. Thus, it is advantageous to save the profile, including incrementing the counter, as an atomic operation, i. H. so as a single technical unit to design.

The iteratively stored profiles are typically always different profiles, which are created for different service providers, network operators, terminals or connections. However, it is not excluded that two profiles are the same, ie have the same data. Increasing the profile counter in each iteration ensures that a completely stored profile is actually detected by the profile counter. Thus, the profile counter is always increased if a new profile is recorded, and does not merely indicate the number corresponding to the currently stored profiles.

In general, although it is known to provide a list of installed profiles, which can then be evaluated accordingly in terms of their number. However, the skilled person has no reason to count any profiles, as proposed by the invention. Thus, according to one aspect of the present invention, the profile counter is not counted down if a profile is deleted. Thus, it is particularly advantageous to implement only write operations on the profile counter in such a way that they can only increase the counter, but can not be downsized in order to avoid manipulation. In addition to such customized write operations, read operations can be defined. The person skilled in the art recognizes here how to initialize the profile counter. Preferably, the profile counter is simply initialized to zero so that the current value of the profile counter always also describes the number of total installed profiles.

According to one aspect of the present invention, the security element is present as a smart card, a chip card, a SIM card, a UICC or an eUICC. This has the advantage that the proposed method can already be used in existing hardware environments and only the security element or the mobile terminal has to be adapted such that the counter is incremented tamper-proof. Thus, for example, it is also possible that the recognition when a profile is downloaded does not take place on the side of the terminal or the security element, but that the service provider already provides a server which recognizes that a profile is downloaded and thus an indication an increment of the counter gives.

According to another aspect of the present invention, each profile provides both static data and executable control commands ready. This has the advantage that not only data in terms of technical specifications can be stored in the profile, but also, for example, control commands which are set up to control the profile counter and provide control commands that take over the management of the profile counter. Thus, it is possible to deliver together with the delivered security element or the delivered mobile terminal equal control commands, which implement the inventive method. According to a further aspect of the present invention, the profile counter can be protected in such a way that it can only be read out and / or increased. This has the advantage that hardware technology or software technology ensures that manipulation by an unauthorized third party of the profile counter is not possible. Thus, the profile counter always provides a reliable value that indicates how high a wear of the security element or of the mobile terminal is and can also provide an indication of a maintenance interval. Thus, it is particularly avoided that the profile counter is reduced.

According to a further aspect of the present invention, the profile counter is stored in such a way that when the settings of the security element are reset, the profile counter remains unchanged. This has the advantage that both the security element and the mobile terminal in which the security element is installed can be reset without the profile counter also being reset or manipulated. If, for example, a mobile terminal is sold by a previous owner, then it is typically the case that the previous owner for data protection reasons deletes all memory and resets the mobile terminal to factory settings. This would represent a manipulation of the profile counter according to the prior art, which does not allow reliable inference to a number of previous owners. This is inventively avoided, so that although generally the security element and the mobile terminal can be reset to factory settings, but here the value of the profile counter is excluded. Thus, there is no harm to the user, as this typically has no interest in the value of the profile counter, but a buyer can reliably detect how many profiles have already been deposited.

According to another aspect of the present invention, when installing and / or downloading a profile, the profile counter is increased.

This has the advantage that the process of storing profiles can be broken down into individual partial steps and it can be specified here at which point exactly the profile counter is incremented. This is particularly advantageous because the method is not only executable by a security element or by a mobile terminal, but can be executed, for example, in a distributed environment and thus can judge different instances when a profile has been stored. Thus, it is particularly advantageous that the storage of the profile can be detected both on the transmitter side and on the receiver side.

According to another aspect of the present invention, the profile counter has a numerical value which is incremented by one per iteration. This has the advantage that a user always recognizes the semantics of the profile counter and that not only machine-generated strings are strung together, which should give a conclusion to the profiles. If, for example, the profile counter is initialized with 0 and incremented with 1, the value of the profile counter always results in the number of previously installed or stored profiles. In particular, this is advantageous because a human-readable information is stored. Thus, it is possible in a simple manner to recognize the status of a security element or a mobile terminal.

According to another aspect of the present invention, a maintenance operation is performed in response to reaching a predetermined threshold value of the profile counter. This has the advantage that a message can be given to a user if a certain value of the profile counter is reached. The threshold value can also be relative and, for example, specify that a maintenance message is output after five newly installed profiles. A maintenance operation may in this case provide for an active execution of control commands, but may also simply comprise a passive output of a corresponding information. An example of such a maintenance operation is to perform garbage collection or verify data integrity such that memory management errors or even memory overflows are prevented.

According to another aspect of the present invention, when an error occurs with respect to a profile, its profile count is output. This has the advantage that, if a manipulation takes place in the profile or an unexpected value occurs, the profile counter can be taken into account in an error analysis. For example, certain errors occur if and only if a large number of profiles were written, or errors occur if and only if a profile is written for the first time. The profile counter gives an indication of this information and can thus be taken into account in the error analysis. An error is commonly referred to as an occurrence of an unexpected condition. This can be a violation of data integrity or an undefined system state, which leads to a termination of the procedure to be executed.

According to another aspect of the present invention, a profile delete counter stores the number of deletions of profiles. This has the advantage that two separate counters are implemented, namely a first counter which gives an indication of how many profiles have been installed in total, and a second counter, ie a deletion counter, which indicates how many profiles have been uninstalled or deleted , Thus, the user always receives information about how many profiles have been stored and deleted without loss of information. From the two provided counter values, he can thus calculate the number of profiles currently stored and always receives information about how many profiles were stored in total. In this case, it is possible to implement both profile counters differently or store them separately from one another in terms of software and hardware. So it is also possible that both counters are addressed with separate addresses, to prevent that a manipulation of one of the counters takes place.

The object is also achieved by a security element for counting profiles which provide in a mobile radio network to a service provider for providing a network service, having a memory unit for iteratively storing profiles, wherein a counter unit is provided which performs an incrementing of a profile counter in each iteration ,

The object is also achieved by a mobile terminal, which is set up analogously to the proposed security element. In this case, it is also possible that the mobile terminal comprises the security element.

The object is also achieved by a mobile radio system for counting profiles which provide data in a mobile radio network to a service provider for providing a network service, having a memory unit for iteratively storing profiles, wherein a counter unit is provided, which in each iteration increases a profile counter performs.

The object is also achieved by a communication protocol which implements the proposed method or operates the proposed mobile radio system. Furthermore, the communication protocol at least partially operates the proposed mobile terminal or security element.

The object is also achieved by a computer program product with control commands which implement the proposed method or save the communication log.

In this case, it is particularly advantageous for the method to provide method steps which are partly reflected as structural features in the proposed devices. Furthermore, it is possible that the structural features of the proposed devices can also be functionally modeled as process steps. Thus, the person skilled in the art recognizes that features of the proposed method or the communication protocol can be combined with the features of the security element, the mobile terminal and the communication system. For example, the mobile terminal can be used in the proposed mobile radio system.

• 1: ein Mobilfunksystem zum Zählen von Profilen gemäß einem Aspekt der vorliegenden Erfindung; und
• 2: ein schematisches Ablaufdiagramm eines Verfahrens zum Zählen von Profilen gemäß einem weiteren Aspekt der vorliegenden Erfindung.

Further advantageous embodiments will be explained in more detail with reference to the accompanying figures. Show it:

• 1 a mobile radio system for counting profiles according to an aspect of the present invention; and
• 2 FIG. 3 is a schematic flow diagram of a method for counting profiles according to another aspect of the present invention.

1 shows by way of example a security element, for example an eUICC, which communicates with a profile provisioning server via a network. The profile provisioning server is typically provided by a service provider, ie, a communications network operator. As shown in the security element below, the security element includes a memory that can store any number of profiles. Furthermore, the security element comprises a profile management unit, which can be referred to as LPA, ie Local Profile Assistant. This unit handles the management of each profile on the security element. If now a new profile is downloaded and stored, it is provided graphically on the right side of the security element that a counter unit then increments a corresponding profile counter.

As in the present 1 is shown, it is particularly advantageous if the counter unit is designed as a separate unit. Although this generally communicates with other components, it is protected in terms of hardware technology or software so that manipulation is impossible. In the present case, therefore, the administrative unit LPA successively or iteratively download several profiles, which on the security element be stored. This always increases the counter. Should the mobile terminal or the security element be reset, this leaves the corresponding profile counter spared.

This in 1 As shown below, the mobile radio system shown comprises a security element, a network and a profile provider, which is in the form of a database at the top in FIG 1 is drawn. In this case, it is possible that further network-typical components are provided which provide a corresponding communication protocol and take over the data communication.

2 FIG. 12 shows a schematic flow diagram of a method for counting profiles in a security element, which provide data in a mobile radio network to a service provider for providing a network service, with the steps of iterative storage 100 of profiles in a memory of a security element, with an increment in each iteration 101 a profile counter takes place. The proposed method can be stored as a computer program product with control commands implementing the method. Furthermore, it is possible by means of the method steps shown to implement a communication protocol which instructs the mobile radio system to send corresponding messages over a network.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited patent literature

• DE 102014008267 A1 [0002]
• DE 202015101972 U1 [0003]
• EP 3011714 A1 [0004]

Claims (15)

A method for counting profiles in a security element which provide data in a mobile radio network to a service provider for providing a network service, comprising the steps of: - iteratively storing (100) profiles in a memory of a security element, characterized in that - in each iteration Increase (101) a profile counter takes place. Method according to Claim 1 , characterized in that the security element is present as a smart card, a chip card, a SIM card, a UICC or an eUICC. Method according to Claim 1 or 2 , characterized in that each profile provides both static data and executable control commands. Method according to one of the preceding claims, characterized in that the profile counter is protected in such a way that it can only be read out and / or increased. Method according to one of the preceding claims, characterized in that the profile counter is stored such that when resetting settings of the security element of the profile counter remains unchanged. Method according to one of the preceding claims, characterized in that when installing and / or downloading a profile of the profile counter is increased. Method according to one of the preceding claims, characterized in that the profile counter has a numerical value which is increased by one per iteration. Method according to one of the preceding claims, characterized in that a maintenance operation is performed in response to reaching a predetermined threshold value of the profile counter. Method according to one of the preceding claims, characterized in that when an error occurs with respect to a profile whose profile counter reading is output. Method according to one of the preceding claims, characterized in that a profile cancel counter is provided which stores the number of deletions of profiles. Security element for counting profiles which provide data in a mobile radio network to a service provider for providing a network service, comprising: - a memory unit for iteratively storing (100) profiles, characterized in that - a counter unit is provided which increments in each iteration (101) performs a profile counter. Mobile terminal for counting profiles which provide data in a mobile radio network to a service provider for providing a network service, comprising: - a memory unit for iteratively storing (100) profiles, characterized in that - a counter unit is provided which enters in each iteration Increase (101) a profile counter. A communication protocol for counting profiles in a security element that provide data in a mobile network to a service provider for providing a network service, comprising the steps of: - iteratively storing (100) profiles in a memory of a security element, characterized in that - in each iteration Increase (101) a profile counter takes place. Mobile radio system for counting profiles which provide data in a mobile radio network to a service provider for providing a network service, comprising: - a memory unit for iteratively storing (100) profiles, characterized in that - a counter unit is provided which increments in each iteration (101) performs a profile counter. Computer program product with control instructions, which method according to one of Claims 1 to 10 to implement.

Images