DE202015102198U1 - Device for a profile download of group devices - Google Patents

Abstract

A terminal comprising: an electronic card, a transceiver configured to transmit and receive a signal, and a controller electrically coupled respectively to the transceiver and the electronic card and configured to: receive at least one profile from a profile management server, wherein each of the received at least one profile is to be installed in each electronic card of the at least one device, receiving at least one electronic card identifier of the at least one device, and transmitting to the at least one device corresponding to the at least one profile to the obtained at least one electronic card tag.

Description

Technical area

The present invention relates generally to a device for providing profiles in a mobile communication device around a Universal Integrated Circuit Card (UICC), which is an intelligent card security module plugged into the device. More particularly, the present invention relates to a technique for managing, such as remotely installing or deleting, mobile subscriber information in or from an embedded UICC (eICC) that replaces the UICC and in a non-removable form in the device is embedded.

background

The UICC is plugged into a mobile communication device and is used as a smart card storing personal information about a mobile communication subscriber such as network access certification information, a telephone book, and SMS messages. When incorporated into a mobile communication network such as GSM, WCDMA or LTE, the UICC performs subscriber identification and traffic security key generation and thus allows secure use of the mobile communication. The UICC has a communication application mounted therein, such as SIM (Subscriber Identification Module), USIM (Universal SIM) or ISIM (IP Multimedia SIM) depending on the type of mobile communication network, and provides a higher-level security function for mounting various applications such as an electronic wallet, tickets and electronic IDs.

1 2 shows in simplified form two modes for connection to a mobile network via a removable UICC that can be plugged in or removed from a typical device and via an eUICC embedded in the device.

In 1 The left part shows a typical mode for connection to the mobile network performed by the removable UICC. In particular, the UICC (or USIM) is plugged into the device ( 101 ), the device then connects to a Mobile Network Operator (MNO) using various communication applications such as SIM, USIM, ISIM or the like depending on the types of the mobile network to use a mobile communication service ( 102 ).

In contrast, the right part shows a mode for connecting to the mobile network using an eUICC (or eSIM). First, a profile is remotely installed using OTA (Over The Air) technology based on SMS (Short Message Service). To do this, the device can connect to the MNO2 using a provisioning profile previously stored in the eUICC. Then, when an operating profile of the MNO selected by the user is downloaded and installed ( 104 ), the device can be connected to the mobile network ( 105 ) get connected.

2 Fig. 10 is a schematic view showing a method of downloading a profile to an eUICC in each portable device when there are many portable devices each having an eUICC.

If the user has a MNO 100 For the use of the mobile network dials, the MNO 100 a profile for the user via an SM-DP 110 and a SM-SR 120 provide. Especially in response to a request from the MNO 100 The SM-OP generates and encrypts 110 A profile for a participant wishing to join the MNO and transmits the encrypted profile to the SM-SR 120 , Then the SM-SR sends 120 , which is a server for performing profile management for an eUICC, from the SM-OP 110 Received encrypted profile securely to an embedded in a corresponding device security module. After the profile has been decrypted and installed in the eUICC, the SM-SR 120 perform a profile management such as activating, deactivating or deleting the profile.

As in 2 shown, some devices used by the user, such as B. a smartphone 101 an integration into the mobile network to perform its inherent functions. Furthermore, some devices, such as a clock 102 , a bracelet accessory 103 or a pair of glasses 104 for the convenience of the user to use a particular service from the mobile network, although integration into the mobile network is not required for their inherent functions. These devices 102 . 103 and 104 are often referred to as portable devices. To download a profile for inclusion in the mobile network, the eUICC of each portable device should participate in the mobile network to the MNO 100 send and then the profile of the SM-SR 120 Download. By the way, if there are many portable devices, there may be an excessive load in the MNO 100 arise because of the SM-DP 110 and the SM-SR 120 must individually download profiles of corresponding eUICCs from such devices.

Summary

The present invention aims to provide a safe technique for the remote Install UICC information about various MNOs in the eUICC over the network.

In particular, the invention provides a device for remotely downloading a profile from a network server to eUICC of two or more devices. The invention provides a device for effectively installing profiles in a variety of devices, without requiring that each device directly perform a profile download via a network server (eg, SM-DP or SM-SR).

Brief description of the drawings

1 Figure 4 is a schematic view showing two modes for connecting to a mobile network via a removable UICC that can be plugged in and removed from a typical device and via an eUICC embedded in the device.

2 Fig. 10 is a schematic view showing a technique for downloading a profile to an eUICC in each portable device when there are many portable devices with an eUICC.

3 Fig. 10 is a schematic view showing a technique for installing eSIM profiles in many portable devices according to an embodiment of the present invention.

4 Fig. 10 is a schematic view showing a group download profile downloading technique according to the first embodiment of the present invention.

5 Fig. 10 is a schematic view showing a group download profile downloading technique for downloading a plurality of profiles according to an embodiment of the present invention.

6 Fig. 10 is a schematic view showing a group download profile downloading technique for downloading a single common profile and a personal parameter according to an embodiment of the present invention.

7 Fig. 10 is a schematic view showing a group download profile downloading technique according to a second embodiment of the present invention.

8th Fig. 12 is a schematic view showing a group download profile downloading technique for downloading a plurality of profiles in a pairing state according to an embodiment of the present invention.

9 Fig. 12 is a schematic view showing a group download profile downloading technique for downloading a single common profile and a personal parameter in a pairing state according to an embodiment of the present invention.

10 Fig. 10 is a schematic view showing a group download profile downloading technique according to a third embodiment of the present invention.

11A and 11B 10 are schematic views showing a group download profile downloading technique according to the third embodiment of the present invention.

12 Fig. 10 is a schematic view showing a procedure for performing a collision resolution function of a primary device in a group device profile downloading technique according to an embodiment of the present invention.

13 FIG. 12 is a schematic view showing a procedure for performing a collision resolution function when group devices are paired with a primary device via WiFi according to an embodiment of the present invention.

14 FIG. 12 is a schematic view showing a group download profile downloading technique according to a fourth embodiment of the present invention. FIG.

15 FIG. 12 is a schematic view showing a technique for uploading profile information stored in group devices to an MNO according to the fourth embodiment of the present invention. FIG.

16 Fig. 10 is a schematic view showing a group download profile downloading technique according to a fifth embodiment of the present invention.

17 Fig. 10 is a schematic view showing a group download profile downloading technique according to the sixth embodiment of the present invention.

18A and 18B 10 are schematic views showing a group download profile downloading technique according to a seventh embodiment of the present invention.

19A and 19B 13 are schematic views showing a group download profile downloading technique according to an eighth embodiment of the present invention.

20 Fig. 10 is a schematic view showing a group download profile downloading technique according to a ninth embodiment of the present invention.

21 Fig. 10 is a block diagram showing a device according to an embodiment of the present invention.

22 Fig. 10 is a block diagram showing a server according to an embodiment of the present invention.

23 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the first embodiment of the present invention. FIG.

24 FIG. 10 is a flowchart showing operations of a secondary apparatus in a group device profile downloading technique according to the first embodiment of the present invention. FIG.

25 Fig. 10 is a flowchart showing operations of an SM-DP in a group device profile downloading technique according to the first embodiment of the present invention.

26 Fig. 10 is a flowchart showing operations of an SM-SR in a group device profile downloading technique according to the first embodiment of the present invention.

27 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the second embodiment of the present invention. FIG.

28 FIG. 10 is a flowchart showing operations of a secondary device in a group device profile downloading technique according to the second embodiment of the present invention. FIG.

29 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

30 FIG. 10 is a flowchart showing operations of a secondary device in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

31 Fig. 10 is a flowchart showing operations of an SM-DP in a group device profile downloading technique according to the third embodiment of the present invention.

32 FIG. 10 is a flowchart showing operations of an SM-SR in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

33 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the fourth embodiment of the present invention. FIG.

34 FIG. 10 is a flowchart showing operations of a secondary apparatus in a group device profile downloading technique according to the fourth embodiment of the present invention. FIG.

Detailed description

Hereinafter, various embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the invention can be practiced in many other ways and is not limited to the embodiments described herein. The embodiments described herein are intended to illustrate and to complete the disclosure in order to convey the full scope of the invention to those skilled in the art. The principles and features of the invention may be utilized by numerous other embodiments without departing from the scope of the invention.

Well-known or widely used techniques, elements, structures, and processes may not be described or shown in detail herein, but rather the key aspects of the present invention will be clarified. The drawings illustrate exemplary embodiments of the invention, wherein the drawings are not necessarily to scale, and certain features may be exaggerated or even omitted to better illustrate the present invention.

First, the terminology used will be defined below.

In this disclosure, an electronic card is a card that is inserted and used in a mobile communication device. The electronic card may be embedded in the mobile communication device. The electronic card may include a UICC and / or an eUICC, wherein the eUICC may be embedded in the device. The electronic card provides functions for downloading (or receiving) information for network access, installing the received information, and accessing the network based on the information installed. The information for the network access can be found in a profile for the mobile communication device (or device) and / or in a profile for the electronic card.

In this disclosure, a Universal Integrated Circuit Card (UICC) is a smart card that is plugged into and used in a mobile communication device. The UICC stores personal information about a mobile subscriber, such as network access certification information, a phone book and SMS messages. When incorporated into a mobile communication network such as GSM, WCDMA or LTE, the UICC performs subscriber identification and traffic security key generation and thus allows secure use of the mobile communication. The UICC has a communication application mounted therein, such as SIM (Subscriber Identification Module), USIM (Universal SIM) or ISIM (IP Multimedia SIM) depending on the type of mobile communication network, and provides a higher-level security function for mounting various applications such as an electronic wallet, tickets and electronic IDs.

In this disclosure, an embedded UICC (eUICC) is a non-removable, chip-type security module embedded in the device, as opposed to a removable type that can be plugged into and removed from the device. Using the OTA (Over The Air) technique, the eUICC can download and install a profile.

In this disclosure, the UICC may be used in conjunction with SIM, and the eUICC may be used in conjunction with eSIM.

In this disclosure, profile may refer to a software package stored in the UICC with applications, a file system, an authentication key value, network access certification information, etc. The network access certification information may be used when a terminal (or device) attempts to access the network.

In this disclosure, a USIM profile may have the same meaning as a profile and may designate a software package with information contained in a profile in a USIM application.

In this disclosure, operator profile may be a software package having subscriber information of a mobile operator selected by a user of a device.

In this disclosure, provisioning profile may refer to a profile previously mounted in the eUICC that is required to be integrated into a national mobile communications network before a user joins a specific mobile network operator.

In this disclosure, Subscription Manager Data Preparation (SM-OP) may refer to a server for providing a profile, a profile domain off-card unit, a profile encryption server, a profiling server, a profile provider, or a profile provider.

In this disclosure, Subscriber Manager Secure Routing (SM-SR) may refer to a profile management server, an eUICC profile manager off-board unit, or a profile manager.

In this disclosure, the SM-OP and the SM-SR can be physically realized in a single server or in different servers.

In this disclosure, under a 'device' is a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber unit, a Subscriber Station (SS), a wireless device, a wireless communication device, a Wireless Transmit / Receive Unit (WTRU), a mobile node, a mobile device, etc. to understand. In various embodiments, the device may include a mobile phone, a smartphone, a PDA, a wireless modem, a portable computer having a wireless communication function, a digital camera or other similar device having a wireless communication function, a gaming device having a wireless communication function, a music player, or other similar device a wireless communication function, a home appliance with a wireless Internet access and browsing functions, or another portable integrated unit or device with combinations of the above-mentioned devices.

In addition, the device may be a machine-to-machine (M2M) device or a machine-type communication device (MTC).

In particular, in this disclosure, the device with the eUICC for a profile download may be an Internet of Thing (IoT) device. It is well known that IoT is an intelligent infra- and service technology based on Information Communication Technology (ICT) to connect many surrounding things over a wired / wireless network and also man-to-machine interactions and machine-to-machine To enable interactions, the IoT device can be replaced by at least Serving an IoT Operator with a Unique Identification Key for a Managed IoT Device. Furthermore, in this disclosure, the device with the eUICC contained therein for a profile download may be a portable device. The portable device may include the eUICC or be connected (ie, paired) to a primary device using Bluetooth or WiFI communication.

In this disclosure, the term "primary device" may be used in connection with a representative device.

In this disclosure, the term 'group device' may refer to a pairing device that is connected to a primary device or a secondary device that is different from the primary device that may be used in conjunction with a portable device or an IoT device.

In this disclosure, the profile ID may be referred to as an Integrated Circuit Card ID (ICCID) or as a factor tuned to ICCID and ISD-P. The profile ID can specify a unique identifier for each profile.

In this disclosure, the eUICC ID may be a unique identifier of the eUICC embedded in the device and may be referred to as an EID. If the eUICC has been previously provisioned with the provisioning profile, the eUICC ID can be the profile ID of the provisioning profile. And, if an eUICC (or eSIM) chip is not disconnected from the device as in the embodiments of this invention, the eUICC ID may be a device ID. And besides, the eUICC ID can specify a specific security domain.

In addition, it should be clear to the person skilled in the art that the terms control unit and control device used here can have the same meaning.

In the following, the operation of the present invention will be described by way of an example of an eUICC, but this is merely exemplary and the invention is not limited to an eUICC. It should be noted that embodiments of the present invention may be applied to an eUICC that supports downloading, installing, sending, receiving, and sharing a profile downloaded from a network.

3 Fig. 10 is a schematic view showing a technique for installing eSIM profiles in many portable devices according to an embodiment of the present invention.

If like in 3 shown to a MNO 100 the user can join an OPMD (One Person Multiple Device) service. For smart devices (eg, a smart phone, smartpad, etc.), the OPMD service may provide an integrated service that allows a user to manage account information or the like of many of the user's devices. In this case, a representative device of a user can perform eUICC participation without requiring all devices to be individually connected to a mobile network as in 2 have to join.

When the user participates in the OPMD service, the MNO generates 100 on the SM-DP 110 Profiles for a variety of devices for use by the user and then transmits these profiles to the SM-SR 120 , The user can have such profiles from the SM-SR 120 to the eUICC of a primary device 101 Download from the variety of devices.

When pairing between the primary device 100 and portable devices 102 . 103 and 104 via Bluetooth or similar can any of the portable devices 102 . 103 and 104 each from the eUICC of the primary device 101 Install the received eSIM profile without additional participation.

The present invention proposes a profile download technique for a single primary device 101 and a variety of portable devices 102 . 103 and 104 as in 3 shown before. With respect to a profile installation of group devices in this invention, the first embodiment will be described in FIG 3 to 5 and is the second embodiment in 6 to 8th shown. In addition, the third embodiment is shown in FIG 9 to 13 and is the fourth embodiment in 14 and 15 shown. The following is a technique for a profile installation of group devices in detail with reference to 3 to 15 described.

4 Fig. 10 is a schematic view showing a group download profile downloading technique according to the first embodiment of the present invention.

An MNO / server 400 may include an MNO, SM-DP and SM-SR. Downloading N profiles from the MNO / server 400 to a primary device 401 can include the following steps. First, the MNO transmits the EID of a user device to the SM-DP. Then, the SM-DP creates and encrypts a profile corresponding to the received EID, and then transmits the profile to the SM-SR, which manages the EID and eUICC. Afterwards the device can perform a profile download via an authentication with the SM-SR.

Regarding 4 may be the primary device 401 a device that has the eUICC for downloading a variety of profiles. In some cases, two or more primary devices can be used, each with a variety of portable devices 402 are connected. There is no limitation on the qualification for the primary device 401 specified. Any device may be the primary device 401 if the user so desires.

After N profiles to the primary device 401 can be downloaded with the primary device 401 Paired eUICC of each portable device 402 a profile from the primary device 401 Download. This process will be discussed in detail with reference to 5 and 6 described.

5 Fig. 10 is a schematic view showing a profile downloading technique for cluster devices downloading a plurality of profiles according to an embodiment of the present invention.

If related to 5 a user joins a mobile communication network, the MNO may receive the number of user's devices to use. Alternatively, the MNO may determine the number of devices to be used by the user depending on a rate system used.

The MNO can send a request for a group profile download to the SM-DP. In particular, the MNO in step 501 request profiling while sending an EID (ie the primary EID) of the eUICC embedded in a primary device. The MNO can also send the number of requested profiles, ie the number of UIDCCs that are embedded in devices to be used by the user.

In step 502 SM-DP performs a key setup with the primary device. The SM-DP generates N profiles requested by the MNO in step 503 , encrypts these in step 504 and transfers the generated N profiles and the EID of the eUICC in the primary device to the SM-SR in step 505 , After that puts the primary device in step 506 create a secure channel with the SM-SR and then download such profiles over the channel. A secure SCP80 or SCP81 channel protocol defined in the OTA standards may be used for authentication and encryption between the SM-SR and the eUICC of the primary device.

The primary device can store the received N profiles. When pairing with a portable device in step 507 This pairing can be approved through the UI of the primary device, and then a step can be taken between the primary device and the portable device 508 be performed. The primary device decrypts the received profile in step 509 and performs re-encryption for transmission to the portable device in step 510 by. After that, the portable device in step 511 Download the profile from the primary device.

6 FIG. 12 is a schematic view showing a group download profile downloading technique downloading a single common profile and a personal parameter according to an embodiment of the present invention. FIG.

As in 6 shown, the MNO can send a request for a group profile download to the SM-DP. In particular, the MNO in step 601 request the generation of profiles during the sending of the EID (ie the primary EID) of the eUICC embedded in a user's primary device. The MNO can also send the number of required profiles, ie the number of eUICCs embedded in the devices to be used by the user.

In step 602 SM-DP performs a key setup with the primary device. In an in 6 In the embodiment shown, the SM-DP may create a common profile and transmit N personal parameters to the primary device instead of creating N separate profiles.

The SM-DP can use the common profile in step 603 encrypt and personal parameters in step 604 encrypt. In these steps 603 and 604 For example, the SM-OP can encrypt using an SCP03 key.

In step 605 The SM-DP transmits the created common profile and the N personal parameters together with the EID of the eUICC in the primary device to the SM-SR. After that puts the primary device in step 606 create a secure channel with the SM-SR and then download such profiles over the channel. In doing so, a secure channel protocol such as SCP80 or SCP81 defined in the OTA standards can be used for authentication and encryption between the SM-SR and the eUICC of the primary device.

When pairing with a portable device in step 607 After the primary device has received the common profile and personal parameters, this pairing can be approved through the UI of the primary device. Then the primary device in step 608 Mapping data between a MAC address of the paired portable device and the EID information of the eUICC in the portable device. Herein, the mapping data may be a MAC address and EID information or, alternatively, other values for specifying the pairing of the portable device with the eUICC. After that, in step 609 a security device between the primary device and the portable device are performed. The primary device can step in the common profile 610 decrypt and can personal parameters in step 611 decrypt. Then the primary device in step 612 send a single profile from the decrypted N personal parameters using the decrypted common profile and a personal parameter to be sent to the eUICC of the portable device. This encryption can use an SCP03 key. After that, the eUICC of the portable device in step 613 Download the profile from the primary device. Furthermore, the primary device in step 614 Store and manage mapping data between the profile sent to each portable device and the eUICC EID in each portable device.

Hereinafter, a technique for managing such portable devices on the primary device will be described in detail.

The primary device can store an encryption key used when installing profiles in the portable devices. In addition, after installing profiles, the primary device can manage the profiles installed in the portable devices using the encryption key.

In various embodiments, the primary device may erase profiles installed in the portable devices. Additionally, the primary device may disable or enable such profiles installed in the portable devices. In addition, the primary device can install the same profile with the same phone number and IMSI value in the primary device and the portable device, and control activation of only one profile at a time. Thus, only the primary device or only the portable device in which the same profiles are installed is activated at a particular time so that the user can select a device to be used.

According to various embodiments, the primary device for selectively activating only one of the two devices may transmit an activation or deactivation control command to the portable device, or planning information may be previously exchanged. Alternatively, priorities can be defined to enable a specific device with the highest priority.

7 Fig. 10 is a schematic view showing a group download profile downloading technique according to a second embodiment of the present invention.

As in 7 shown, unlike the case of 4 the pairing between the primary device 701 and the portable device 702 be completed before the primary device 701 a profile from the MNO / server 700 downloads. In this case, the primary device must be 701 Do not wait for a pairing to profile the portable device 702 transferred to. Because a profile download is done after pairing, the primary device may be 701 Decrypt, re-encrypt and install a profile once the profile has been downloaded. A profile download technique for group devices in the case of a pairing between the primary device 701 and a variety of portable devices 702 will be referred to below with reference to 8th and 9 described.

8th FIG. 12 is a schematic view showing a group download profile downloading technique downloading a plurality of profiles in a pairing state according to an embodiment of the present invention. FIG.

When pairing with a portable device in step 801 This pairing can be approved through the UI of the primary device. Then in step 802 a security device between the primary device and the portable device are performed.

8th differs from 5 in that the portable devices have already been paired before the primary device performs a profile download. The other steps, namely the steps 803 to 808 , are the same steps 501 to 506 from 5 , so that a description thereof is omitted.

When in step 809 If a device paired with the primary device exists, the primary device may decrypt the received profile. Then, the primary device may be re-encrypted for transmission to the portable device in step 810 carry out. After that, the portable device in step 811 Download the profile from the primary device.

9 FIG. 12 is a schematic view showing a group download profile downloading technique downloading a single common profile and personal parameters in a paired state according to an embodiment of the present invention. FIG.

If like in 9 shown a pairing with a portable device in step 901 This pairing can be approved through the UI of the primary device. Then the primary device in step 903 Store mapping data of a MAC address of the paired portable device and EID information of the eUICC in the portable device. Herein, the mapping data may be such MAC address and EID information, or alternatively other values for specifying the pairing between the portable device and the eUICC. After that, in step 902 a security device between the primary device and the portable device are performed.

9 differs from 6 in that the portable devices have already been paired before the primary device performs a profile download. The other steps, namely the steps 904 to 909 , are the same steps 601 to 606 from 6 , so that a description thereof is omitted.

10 Fig. 10 is a schematic view showing a group download profile downloading technique according to a third embodiment of the present invention.

As in 10 shown, may be the primary device 1001 after pairing between the primary device 1001 and the portable devices 1002 a grouping of paired portable devices 1002 and then do a profile download request for the eUICCs of the portable devices 1002 to the MNO / server 1000 send.

A technique for requesting a profile download to the primary device 1001 will be discussed in detail below with reference to 11A . 11B . 12 and 13 described.

11A and 11B 10 are schematic views showing a group download profile downloading technique according to the third embodiment of the present invention.

In 11A and 11B For example, the portable device is reproduced as a secondary UE / eUICC, and the primary device is played back as a primary UE / eUICC.

In the steps 1101 and 1102 For example, the secondary devices can send a BLE advertisement for a Bluetooth connection to the primary device. In this case, the UUID (Universally Unique Identifier) contained in the advertisement can be eSIM and the PDU (Protocol Data Unit) can be the EID of each eUICC. Using these, the primary device may obtain the EID of the eUICC embedded in each portable device requesting a pairing with the primary device. In the step 1103 For example, the primary device may perform a collision resolution function. This feature can be performed by the user at the UI of the primary device. Namely, the user can see a list of portable devices for pairing with the primary device on the UI of the primary device and delete a duplicate element from the list. The user may be named as a group owner for the primary device and for pairing portable devices. When the collision resolution feature is performed, the primary device can retrieve required data from an additional server to manage multiple devices or a family relationship.

The following is a technique for performing the collision resolution function in connection with the step 1103 in more detail with reference to 12 described.

After that, the primary device in step 1104 View a list of EIDs from paired devices. In step 1105 For example, the user (ie, the group owner) may enter participation information and an open request at the UI of the primary device. In this case, subscription information may be entered to a group device including the primary device or, alternatively, if a group device participation is previously requested at the MNO, only subscription information to the primary device may be entered. In step 1106 For example, the primary device may send a group-opening request to the SM-SR in response to a user's request for group opening. The group-opening request can be sent along with the EID list of eUICCs embedded in the portable devices paired with the primary device.

The SM-SR is a server that manages profiles of the primary device and the cluster devices. In step 1107 The SM-SR can generate a group ID for managing corresponding groups. In conjunction with the generated group ID, the EID list of requested eUICCs can be stored.

The SM-SR can step in 1108 the group opening request including the EID list is transmitted to the MNO, and the MNO can in step 1109 request the SM-OP to generate profiles for the group ID and the EIDs in the group ID. In the steps 1110 and 1111 The profiles can be sent from the SM-OP via the SM-SR to the primary device. As explained above, N profiles may be sent in correspondence with the number of EIDs in the group ID or, alternatively, a common profile and N personal parameters may be sent.

In addition, according to the technique discussed above, provision of the primary device and provision of the portable devices in step 1114 be performed. After that, in the steps 1115 and 1116 the corresponding portable devices send a message to report the completion of the opening to the primary device. This message can contain the EID and metadata of the profile.

In step 1117 For example, the primary device may provide the user with a UI that displays update information about the portable devices paired with the primary device. This UI may contain Bluetooth information, EIDs, MNO profile metadata, and the like. Such metadata may include an MNO name, the amount of data used, a rate system, or the like.

12 Fig. 10 is a schematic view showing a procedure for performing a collision resolution function of a primary device in a group device profile downloading technique according to an embodiment of the present invention.

As in 12 As shown, a plurality of devices 1 through N may issue a BLE advertisement for a Bluetooth connection to the primary device in steps 1201 and 1202 send. The UUID (Universally Unique Identifier) of BLE advertising may be eSIM and the PDU (Protocol Data Unit) may be the EID of each eUICC.

The primary device may be pairing information in step 1203 and a grouping request to a collision resolution function in step 1204 send. This request may contain a list of EIDs stored in the primary device. The collision resolution function may be included in the primary device or may be formed by a separate operating device or a server. 12 shows a single primary device, but this is merely exemplary and not restrictive. Alternatively, a grouping request from a plurality of primary devices may be processed to one or more collision resolution functions.

In step 1205 For example, the collision resolution feature can delete duplicate EIDs and control each EID for pairing with only one primary device. Alternatively, if there are two or more primary devices, the collision resolution function can only delete duplicate EIDs and provide the user with a particular UI requesting which primary device will make a provisioning request for which EID. The collision resolution request can remove duplicate and conflicting EIDs and assign a master, ie the primary device, for each device.

In step 1206 For example, the collision resolution function may send a response to the grouping request to the primary device. The answer may contain a grouped EID list.

In step 1207 For example, the primary device may update pairing information based on the received group information. The primary device may provide the user with a profile deployment UI for group opening, and may perform profile provisioning with respect to each device 1 through N in response to user selection of a group opening.

13 FIG. 12 is a schematic view showing a procedure for performing a collision resolution function when group devices are paired with a primary device via WiFi according to an embodiment of the present invention.

Although not shown, the primary device, e.g. For example, an access point (AP) may send a beacon packet in a broadcast fashion to introduce itself. It may include the SSID of the primary device, a channel, encryption, transmission rate, and so on. In the steps 1301 and 1302 For example, a plurality of devices 1 through N may send a sample request for a WiFi connection to the primary device. In this case, the primary device can be operated as an AP In the steps 1303 and 1304 The primary device can send a sample response to each device. Thereafter, the plurality of devices 1 to N perform authentication for access to the AP. This authentication process includes an open authentication and a shared key authentication. For this, the devices 1 to N send an authentication request and the AP sends a response message (not shown). After the authentication is completed, the devices 1 to N send an association request message to obtain an access authority for the AP, and receive a corresponding answer in the steps 1305 and 1306 , whereby they are associated with the AP.

In step 1307 For example, device N may send a discovery request with the EID of the embedded eUICC to the primary device. Then, the primary device sends a discovery response to the device N in step 1308 , In the steps 1309 and 1310 Similar processes are performed between the device 1 and the primary device.

In step 1311 The primary device can store pairing information and perform profile deployment. In step 1312 can the primary device sending group information to the collision resolution feature. This information may include the EID list. In step 131 The collision resolution function can send a group trigger to the primary device.

14 FIG. 12 is a schematic view showing a group download profile downloading technique according to a fourth embodiment of the present invention. FIG.

As in 14 shown, the portable devices 1402 pre-installed or predefined profile information to the MNO / server 1400 over the primary device 1401 send. In the 14 Profile installation technique shown will be described in more detail below with reference to 15 described.

15 FIG. 12 is a schematic view showing a technique for uploading profile information stored in group devices to an MNO according to the fourth embodiment of the present invention. FIG.

In step 1501 the MNO may provide a participation mark for the primary device. In this case, the portable device may share the subscriber identification assigned to the primary device. The subscriber ID can be the IMSI.

For example, the subscriber identification provided by the MNO for the primary device may have the following format: Subscriber Identification (450081234567XXX) = Subscriber Part (450081234567) + Device Part (XXX)

If the subscriber part of the subscriber identification received from the eUICC of a particular device is the same as that provided by the MNO for the primary device, the MNO may consider and authenticate the device as one of the group devices.

In step 1502 For example, the portable device may have a Network Access Application (NAA) and an encryption key that are previously mounted. When the portable device and the primary device are paired afterwards, this pairing can be done through the UI of the primary device in step 1503 be approved. Then, the primary device and the portable device may have a safety device in step 1504 You can perform the portable device's NAA information to the primary device in step 1505 Upload. Such NAA information may include an algorithm and an encryption key. In step 1506 The primary device may assign the subscriber identifier to the NAA information.

In step 1507 The primary device can send the NAA information with the assigned user ID to the SM-SR. Furthermore, this information can be transmitted to the SM-DP and the MNO. In step 1508 the MNO can update the subscriber identification for the HLR (Home Location Register).

As discussed earlier, a group device profile installation can be applied to multiple eUICCs. In some cases, a large number of eUICCs can be managed by an IoT service provider. Namely, according to an embodiment of this invention, group management can be performed on the MNO / IoT / server.

The following is a technique for managing a plurality of eUICCs at the MNO or the IoT service provider with reference to FIG 16 to 20 described.

16 Fig. 10 is a schematic view showing a group download profile downloading technique according to a fifth embodiment of the present invention.

As in 16 shown in step 1601 A SIM manufacturer or device manufacturer should provide EIDs, ISD-R keys, MSISDNs (Rep.), IoT owner keys, etc. for the SM-SR to allow group management. In particular, for group management, the SIM vendor may provide the EIDs, ISD-R keys, and / or MSISDNs for the SM-SR, and the IoT service provider may provide a unique key that is a user of the IoT service for the SM-SR indicates. In step 1602 For example, the SM-SR may generate an eUICC information set (EIS) based on the received information. The EIS may specify various types of eUICC related information (EID, ICCID, etc.) stored in the SM-SR.

In step 1603 For example, the SIM or device manufacturer can create a group from a specific range of EIDs, define a group ID, and provide such information to the IoT service provider / MNO. Therefore, the IoT service provider / MNO can know the EID list contained in each group ID.

The IoT service provider / MNO can retrieve the received group ID, EID list, and the IoT owner key for the SM-SR in step 1604 send, and the SM-SR can send the EIS based on the information received in step 1605 To update.

In step 1606 For example, the SM-DP may receive a group device provisioning request from the MNO. This request can contain the EID list and the ICCID list and request a profile installation as well as a group ID. The SM-DP can read the received information in step 1607 transferred to the SM-SR, and the SM-SR can trigger a group device deployment in step 1608 send to the device. In this case, a provisioning trigger is performed using the MSISDN of the eUICC in a representative device (eg, the primary device).

In step 1609 For example, the representative device may perform the above-described operations of the primary device and, using WiFi or Bluetooth, send the provisioning trigger for installing profiles in the eUICCs embedded in the cluster devices.

In the steps 1610 and 1611 For example, the group devices that receive the profile install trigger can download profiles from the SM-SR and the SM-DP. If a profile download is successful, the representative device may succeed in a profile download for the eUICCs of the group devices to the SM-SR in steps 1612 and 1613 to report.

The operation in step 1608 may be modified in a process of sending the cluster device provisioning trigger from the SM-SR to the representative device (EID1).

In particular, when the group deployment trigger is sent to the representative device, the SM-SR may insert scheduling information for a profile installation. Namely, the group mount trigger sent to the representative device may include scheduling information for starting a profile download of the EID2 device at the end of a profile download of the EID1 device.

Alternatively, such scheduling information may be generated by defining a time difference instead of creating a provisioning trigger for another profile download following a profile download. For example, after the expiration of a given period of time from the sending of the EID1 device deployment trigger, the deployment trigger of the EID2 device may be automatically sent.

Planning information inserted by the SM-SR during the sending of the group provisioning trigger may be limited to the above examples and varied in other forms.

17 Fig. 10 is a schematic view showing a group download profile downloading technique according to a sixth embodiment of the present invention. In 16 The representative device triggers a group device profile download according to the group provisioning trigger with the SM-SR scheduling information contained therein. 17 shows that the SM-SR initially performs group scheduling and the representative device merely performs a trigger for the cluster devices in accordance with a trigger of the SM-SR.

In 17 are the steps 1701 to 1707 equal to the corresponding steps in 16 , so that a description thereof is omitted.

In step 1708 The SM-SR can carry out group planning. As in 16 For example, this scheduling may be defined to perform a sequential deployment or to automatically trigger a single deployment with a time difference (eg, at regular intervals).

17 FIG. 12 shows a technique for performing provisioning for the eUICCs of cluster devices at a time difference. In step 1709 For example, to provide the device with the EID1 eUICC, the SM-SR may send a group deployment trigger to the MSISDN of the representative device. Then, the representative device sends a provisioning trigger to the EID1 device in step 1710 ,

After a profile download of the EID1 device in step 1711 has been performed, the representative device may send an OK message indicating a successful profile download to the SM-SR in step 1712 send.

In step 1713 In order to provide the device with the eUICC of the EID2, the SM-SR may send a trigger to the representative device as scheduled. Then the representative device in step 1714 transfer the trigger to the EID2 device and if a profile download in step 1715 is successful, there may be an OK message to indicate a successful profile download to the SM-SR in step 1716 send. When the provisioning has been completed for all cluster devices in this manner, the SM-SR can send a message to step in a successful profile download of the cluster devices for the IoT service provider / MON 1717 specify.

18A and 18B 10 are schematic views showing a group download profile downloading technique according to a seventh embodiment of the present invention. 18A and 18B Figure 4 shows a technique for performing provision on the second representative device (Rep.2) when an error occurs in sending a provisioning trigger on the representative device (Rep.). In this way, a profile installation for the other devices can be performed even if the representative device experiences a communication error or other problems.

In 18A are the steps 1801 to 1809 equal to the steps in 16 , so that a description thereof is omitted. In the cases of 18A and 18B SM-SR schedules for deployment in the order of EID1, 2, and 3, and sends a group deployment trigger with this schedule to the representative device.

In this case, if a profile download for the EID1 device in step 1810 should a deployment be made for the EID2 device as scheduled, and then an OK message indicating the completion of all profile downloads should be received. However, a deployment trigger for the EID2 device may be in step 1811 may not connect ( 1813 ). If then an OK message in step 1812 is received, the SM-SR in step 1814 determine that a profile download for the EID2 is not complete.

Because the representative device can not connect, the SM-SR sends the group provisioning trigger to the eUICC of the second representative device in step 1815 , In this case, the second representative device may be a device in the vicinity of the representative device. Alternatively, the second representative device may be a device previously selected by the user, the IoT service provider, or the MNO. In the steps 1816 and 1817 For example, the second representative device may receive the group provisioning trigger from the SM-SR and then send the provisioning trigger to the EID2 device. And if the profile download for the EID2 device in step 1818 is completed, the second representative device may send an OK message to the SM-SR in step 1819 send. After all profile downloads have been completed, the SM-SR can send an OK message to the IoT service provider / MNO in step 1820 send.

19A and 19B 13 are schematic views showing a group download profile downloading technique according to an eighth embodiment of the present invention. In 19A are the steps 1901 to 1909 equal to the corresponding steps in 18A , so that a description thereof is omitted.

After a profile download for the EID1 device in step 1910 has finished, the representative device in step 1911 send an OK message indicating the end of the profile download for the EID1 to the SM-SR. Further, the representative device may, in accordance with the scheduling information, provide a provisioning trigger for the EID2 device in step 1912 send. However, if the provisioning trigger for the EID2 device can not connect ( 1913 ), the representative device may error in a trigger for the EID2 to the SM-SR in step 1914 to report.

In step 1915 For example, the SM-SR may send a group mount trigger to direct a provision for the EID2 device to the second representative device. Then, the second representative device sends a provisioning trigger for the EID2 device in step 1917 and the EID2 device loads a profile in step 1918 down. When this profile download completes, the representative device may issue an OK message indicating the end of the profile installation for the EID2 device to the SM-SR in step 1919 send. After all profile downloads have been completed, the SM-SR can send an OK message to the IoT service provider / MNO in step 1920 send.

By comparing 18 and 19 SM-SR will detect a connection error if the OK message in the case of 19 is received or if an error occurs in the case of 19 is reported directly.

20 Fig. 10 is a schematic view showing a group download profile downloading technique according to a ninth embodiment of the present invention.

In 20 are the steps 2001 to 2007 equal to the corresponding steps in 17 , so that a description thereof is omitted. In step 2008 The SM-SR sends a group deployment trigger with a scheduling of sequential provision of EID1, EID2, and EID3 to the representative device. Incidentally, the connection of the group mount trigger may fail ( 2009 ). In this case, a new representative device must be selected and a particular device may have a seed for the representative device.

In step 2010 For example, the SM-SR may send a trigger for downloading a provisioning profile to the new representative device with its seed. In this case, the EID for as new representative device and a provisioning profile indicator can be included. In step 2011 For example, the new representative device can download a deployment profile and a profile download trigger for the EID1 to the EID1 device. In step 2012 The EID1 device can download a profile and set up a deployment profile. After that, the SM-SR can update the EIS.

21 Fig. 10 is a block diagram showing a device according to an embodiment of the present invention.

The device according to an embodiment of this invention may be a communication unit 2101 , a control unit 2102 and an eUICC 2103 contain. The device may be a primary device or a group device (or a device paired with the primary device, IoT device, or portable device).

The control unit 2102 For example, information associated with profiles to be installed in the eUICC of two or more second devices may be provided by the profile management server via the communication unit 2101 receive. Furthermore, the control unit 2102 identify (receive or determine) an eUICC tag of at least one of the second devices and then send one of the profiles to the device's eUICC in accordance with the received eUICC tag. The control unit 2102 can be electrically connected to the communication unit 2102 be connected. The control unit 2102 can be electric with the eUICC 2103 be connected. The eUICC 2103 can be an electronic card.

If the device is a primary device, the device is configured as described below.

The control unit 2102 A primary device is configured to receive at least one profile from a profile management server, wherein each of the received at least one profile is to be installed in each electronic card of the at least one device (cluster device) to include at least one electronic card identifier of the at least one device and to send to the at least one device the at least one profile corresponding to the obtained at least one electronic card tag. Furthermore, the electronic card of the device may be physically embedded in the device, and the electronic card of the primary device (a terminal) may be physically embedded in the primary device. Furthermore, the electronic card contains a UICC (Universal Integrated Circuit Card).

The profile also contains network access certification information. Each of the at least one profile corresponds to each of the at least one device. The at least one profile includes a common profile for the at least one device and at least one personal parameter corresponding to each of the at least one device.

The control unit 2102 A primary device is configured to decrypt the received profile to encrypt the decrypted profile for the at least one device and to send the encrypted profile to the at least one device in correspondence with the obtained electronic card tag.

The device's electronic card receives the profile and installs the received profile, the electronic card identifier being obtained based on a connection between the terminal and the at least one device using Bluetooth or Wi-Fi. Each of the received at least one profile is sent to each of the at least one device paired with the terminal.

The control unit 2102 a primary device is configured to be paired with the at least one device and to send to the profile management server a profile request for the at least one device paired with the device.

The control unit 2102 A primary device is configured to group the at least one device paired with the terminal and to send profile requests to the profile management server for the clustered devices based on subscription information of the terminal and the clustered devices.

If the device is a group device, the device is configured as described below.

The control unit 2102 is electrically connected to an electronic card.

The control unit 2102 the group device is configured to send an identification of the electronic card to a terminal and receive a profile corresponding to the identification of the electronic card from the terminal and to control the electronic card of the group device for installing the received profile.

Furthermore, the profile is downloaded from a profile management server to the terminal, wherein the electronic card is physically embedded in the cluster device and the electronic card contains a UICC (Universal Integrated Circuit Card).

The profile contains network access certification information. The profile includes a common profile for a plurality of group devices including the group device and personal parameters corresponding to the group device. The identification of the electronic card will based on a connection between the terminal and the group device using Bluetooth or Wi-Fi. The profile is received when the group device is paired with the terminal.

The group device includes a portable device and / or an IoT (Internet of Thing) device.

22 Fig. 10 is a block diagram showing a server according to an embodiment of the present invention.

The server can be a communication unit 2201 and a control unit 2202 contain. The control unit 2202 can receive a request for a profile installation from one of a variety of devices. This request may include an identification list of the eUICCs embedded in the plurality of devices. In addition, the control unit 2202 receive encrypted information associated with profiles corresponding to the installation request from the profiling server, and then send to the device the received profile information and schedule information for sending profiles to the eUICCs embedded in the plurality of devices. The control unit 2202 can be electrically connected to the communication unit 2201 be connected.

The control unit 2202 is configured to receive from a terminal (a primary device) information for requesting at least one profile, each of the requested at least one profile to be installed in each electronic card of at least one device (at least one cluster device), and to the terminal to send the at least one profile based on the information.

Furthermore, the electronic card is physically embedded in the device and the electronic card contains a UICC (Universal Integrated Circuit Card). The electronic card receives the profile and installs the received profile.

The profile contains network access certification information. Each of the at least one profile corresponds to each of the at least one device. The at least one profile includes a common profile for the at least one device and at least one personal parameter corresponding to each of the at least one device.

The device contains a portable device and / or an IoT (Internet of Thing) device.

The following are for a previously in 4 to 15 Profile Download for Group Devices explained the operations performed by each device (ie, the primary device, the secondary device, the SM-DP, and the SM-SR) with respect to 23 to 34 described.

23 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the first embodiment of the present invention. FIG.

As in 23 shown, the primary device performs in step 2300 a key device with the SM-DP through. Then the SM-DP can generate N profiles requested by the MNO, and the primary device can generate the generated N profiles in step 2301 Download. In particular, this process of downloading a plurality of profiles on the primary device may be varied for different embodiments. In step 2302 The primary device can determine if it will pair with the secondary device. In this case, a safety device between the primary device and the secondary device can be performed. When pairing with the secondary device, the primary device can encrypt a profile to be sent, and then encrypt the encrypted profile to the secondary device in step 2303 send.

24 FIG. 10 is a flowchart showing operations of a secondary apparatus in a group device profile downloading technique according to the first embodiment of the present invention. FIG.

As in 24 shown, the secondary device performs in step 2400 Pairing with the primary device. Such pairing may be performed using, for example, Bluetooth or WiFi, but is not limited thereto.

When pairing with the primary device, the secondary device may provide an EID of the embedded eUICC for the primary device along with unique MAC information therefor.

After that, when the primary device downloads a variety of profiles, the secondary device can download a specific profile that has been assigned with its own EID from the primary device.

25 Fig. 10 is a flowchart showing operations of an SM-DP in a group device profile downloading technique according to the first embodiment of the present invention.

As in 25 shown, the SM-DP performs in step 2500 a key device with the primary device through. The SM-DP can receive a request to create a group profile from the MNO. The MNO sees the SM OP is the number of required profiles and the primary device EID. The SM-OP generates N profiles in step 2501 and performs encryption of the generated profiles in step 2502 by.

In step 2503 The SM-OP can send the generated N profiles to the SM-SR. Instead of having individual profiles in 25 SM-OP can create a common profile and N personal parameters.

26 Fig. 10 is a flowchart showing operations of an SM-SR in a group device profile downloading technique according to the first embodiment of the present invention.

As in 26 shown, the SM-SR in step 2600 Receive N profiles generated at the SM-OP. In this case, the SM-SR N can receive individual profiles or alternatively receive a common profile and N personal parameters.

Optionally, the SM-SR can create an EIS based on the received group information. After that, the SM-SR in step 2601 send the received N profiles to the primary device through a device verification process.

27 and 28 show a profile downloading technique for group devices according to the second embodiment of the present invention. In this technique according to the second embodiment, the SM-OP and the SM-SR perform the same operations as in the first embodiment of FIG 25 and 26 by. Therefore, a description of these operations is omitted here.

The second embodiment differs from the first embodiment in that the pairing has already been performed between the primary device and the secondary device before the primary device downloads a profile from the SM-DP. In this case, the primary device does not have to wait for pairing to transfer a profile to the secondary device. A profile download is performed after pairing, and the primary device can decrypt, re-encrypt, and install a profile once the profile has been downloaded.

27 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the second embodiment of the present invention. FIG.

As in 27 shown, the primary device in step 2700 determine if pairing with the secondary device occurs.

Such pairing may be performed using, for example, Bluetooth or WiFi, but is not limited thereto. When paired with the secondary device, the primary device may receive from the secondary device pairing information with an EID of the eUICC and MAC information of the secondary device embedded in the secondary device, and then the received information in step 2701 to save.

In step 2702 The primary device performs a key setup with the SM-DP. Thereafter, the SM-DP can generate N profiles as requested by the MNO and the primary device can generate the generated N profiles in step 2703 Download. In particular, this process of downloading a plurality of profiles on the primary device may be varied for different embodiments. In step 2704 The primary device may encrypt a profile to be sent and then send the encrypted profile to the secondary device.

28 FIG. 10 is a flowchart showing operations of a secondary device in a group device profile downloading technique according to the second embodiment of the present invention. FIG.

As in 28 shown, the secondary device in step 2800 Pair with the primary device. Such pairing may be performed using, for example, Bluetooth or WiFi, but is not limited thereto. When paired with the primary device, the secondary device may provide the EID of the embedded eUICC for the primary device along with unique MAC information.

In step 2801 The secondary device performs a profile download from the primary device.

Thereafter, although not shown, such a profile installed in the secondary device may be managed by the primary device. In various embodiments, the primary device may store an encryption key used when installing profiles in the secondary devices. And after installing profiles, the primary device can manage the profiles installed in the secondary devices using the encryption key. In particular, the primary device may delete profiles installed in the secondary devices. Furthermore, the primary device may disable or enable such profiles installed in the secondary devices. Furthermore, the primary device can install the same profile with the same phone number and IMSI value in the primary device and the secondary device, with only one profile enabled at a time can be. So only the primary device or the secondary device with the same profiles installed in it is activated so that the user can select a device to use. For selectively activating only one of the two devices, the primary device may transmit an activation or deactivation command to the secondary device, or planning information may be previously exchanged. Alternatively, priorities can be defined to enable a specific device with the highest priority.

29 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

As in 29 shown, the primary device in step 2900 determine if pairing with the secondary device occurs. Such pairing may be, for example, but not limited to using Bluetooth or WiFi. When paired with the secondary device, the primary device may receive from the secondary device the EID of the secondary device eUICC and MAC information embedded in the secondary device and then store the received information. The primary device may have a collision resolution function in step 2901 carry out. This feature can be selected by the user at the UI of the primary device. Namely, the user can see a list of secondary devices for pairing with the primary device at the UI of the primary device and delete duplicate elements from the list. The user may be named as a group owner for the primary device and the pairing of secondary devices. When the collision resolution feature is performed, the primary device can retrieve or store required data from an additional server for managing multiple devices or a family relationship.

In step 2902 For example, the primary device may send a request for group opening to the SM-SR. An EID list of eUICCs embedded in the secondary device may also be provided.

If the SM-SR in step 2903 generates a group ID and sends a group-open request to the MNO using this group ID, the primary device can receive the group ID from the SM-SR.

After that, the primary device can step into group profiles from the SM-DP 2904 receive. Then, the primary device can step in the received group profiles to corresponding secondary device EIDs 2905 send.

30 FIG. 10 is a flowchart showing operations of a secondary device in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

As in 30 As shown, the secondary device may provide an EID of the eUICC embedded in the primary device by pairing with the primary device. After that, the primary device provides the secondary device EID L list for the SM-SR, and sends the SM-SR a group open request with a generated group ID to the MNO and the primary device. Then, the secondary device may request the group opening request from the primary device in step 3001 receive. In step 3002 The secondary device may perform a profile deployment using a profile received by the primary device.

31 Fig. 10 is a flowchart showing operations of an SM-DP in a group device profile downloading technique according to the third embodiment of the present invention.

As in 31 shown, the SM-DP receives in step 3100 from the MNO a group opening request containing a group ID and an EID list. In addition, the SM-DP generates in step 3101 a variety of profiles corresponding to the number of EIDs. Then the SM-DP can make a group-opening request to the SM-SR in step 3102 send. The SM-SR can transmit this request to the primary device and also authenticate with the primary device. Different types of authentication can be used. If an EID verification succeeds, the SM-DP can make a profile to the primary device in step 3103 send.

32 FIG. 10 is a flowchart showing operations of an SM-SR in a group device profile downloading technique according to the third embodiment of the present invention. FIG.

As in 32 shown, the SM-SR in step 3200 receive an EID list from the primary device. This list may be provided after a duplicate item has been removed by a collision resolution function. In step 3201 The SM-SR can generate a group ID for the EID list and create an EIS by storing it.

To then profile the device, the SM-SR may send a group-open request to the MNO by specifying the generated group ID and EID list in step 3202 provides. Then, the SM-DP may generate a profile in response to a request from the MNO, and the SM-SR may request a group-open request for providing the profile for the device from the SM-DP in step 3203 receive. In step 3204 For example, the SM-SR can perform a profile download verification between the primary device and the SM-DP.

In the fourth embodiment of this invention, the secondary device sends pre-installed or predefined profile information to the MNO or the SM server via the primary device. In this case, the SM-DP or the SM-SR merely performs an operation to receive such profile information preinstalled or predefined in the secondary device verified in connection with the MNO, and no special deployment-associated operation. Therefore, the operations of the SM-DP and the SM-SR are not shown, and operations of the primary device and the secondary device will be described below with reference to FIG 33 and 34 described.

33 FIG. 10 is a flowchart showing operations of a primary device in a group device profile downloading technique according to the fourth embodiment of the present invention. FIG.

As in 33 shown, the primary device in step 3300 receive a subscriber identification from the MNO. In this case, the primary device may share the received subscriber identifier with the secondary device, where the subscriber identifier may be the IMSI. For example, the subscriber identification provided for the primary device by the MNO may have the following format: Subscriber Identification (450081234567XXX) = Subscriber Part (450081234567) + Device Part (XXX)

In step 3301 The primary device can determine if it will pair with the secondary device. Such pairing may, for example, be done using, but not limited to, Bluetooth or WiFi. When paired with the secondary device, the primary device may receive from the secondary device the EID of the secondary device eUICC and MAC information embedded in the secondary device, and then store the received information.

The secondary device may have a Network Access Application (NAA) and an encryption key that have been previously mounted. In step 3302 For example, the primary device may receive NAA information from the secondary device. This NAA information may include an algorithm and an encryption key, with the primary device providing the subscriber identification to the NAA information in step 3303 can assign. In this case, if the subscriber part of the subscriber identification received from the eUICC of a particular device is the same as that provided by the MNO for the primary device, the MNO may consider and authenticate the device as one of the group devices.

In step 3304 The primary device can send the NAA information with the assigned user ID to the SM-SR. Furthermore, this information can be transmitted to the SM-OP and the MNO. In step 3305 The primary device may also provide subscriber identification for the secondary device.

34 FIG. 10 is a flowchart showing operations of a secondary apparatus in a group device profile downloading technique according to the fourth embodiment of the present invention. FIG.

As in 34 shown, the secondary device in step 3400 Pair with the primary device. Such pairing may be, for example, but not limited to using Bluetooth or WiFi. When paired with the primary device, the secondary device can send to the primary device the EID of the embedded eUICC and MAC information.

The secondary device may have a Network Access Application (NAA) and an encryption key that have been previously mounted. In step 3401 The secondary device can send NAA information to the primary device. After that, as in above 33 provided that the NAA information for the MNO is provided and the primary device for the secondary device can provide the subscriber identification assigned to the secondary device. Then the secondary device in step 3402 receive the subscriber identification from the primary device.

As described in detail above, various embodiments of the invention can easily install profiles in the eUICCs embedded in a variety of devices.

Furthermore, according to this invention, smart devices can be managed easily using a group ID.

While the present disclosure has been shown and described in terms of an exemplary embodiment, it should be apparent to those skilled in the art that various changes in form and details may be made without departing from the scope of the invention as defined by the appended claims.

Claims (31)

Terminal, comprising: an electronic card, a transceiver configured to send and receive a signal, and a controller electrically connected to each of the transceiver and the electronic card and configured to: Receiving at least one profile from a profile management server, each of the received at least one profile to be installed in each electronic card of the at least one device, Obtain at least one electronic card identification of the at least one device, and Transmitting, to the at least one device, the at least one profile corresponding to the obtained at least one electronic card identifier. The terminal of claim 1, wherein the electronic card of the at least one device is physically embedded in the at least one device. The terminal of claim 1, wherein the electronic card of the terminal is physically embedded in the terminal. The terminal of claim 1, wherein the electronic card of the at least one device includes a UICC (Universal Integrated Circuit Card). The terminal of claim 1, wherein the at least one profile includes network access certification information. The terminal of claim 1, wherein each of the at least one profile corresponds to each of the at least one device. The terminal of claim 1, wherein the at least one profile includes a common profile for the at least one device and at least one personal parameter corresponding to the at least one device. The terminal of claim 1, wherein the controller is further configured to decrypt the received at least one profile and encrypt the decrypted at least one profile for the at least one device and at least one profile to the at least one device corresponding to the obtained at least one to send an electronic card identification. The terminal of claim 1, wherein the electronic card of the at least one device receives the at least one profile and installs the received profile. The terminal of claim 1, wherein the at least one electronic card tag is obtained based on a connection between the terminal and the at least one device using Bluetooth or Wi-Fi. The terminal of claim 1, wherein each of the received at least one profile is sent to each of the at least one device paired with the terminal. The terminal of claim 1, wherein the controller is further configured to: Mating with the at least one device, and Sending, to the profile management server, a profile request for the at least one device paired with the terminal. The terminal of claim 12, wherein the controller is further configured to: Grouping the at least one device paired with the terminal, and Send, to the Profile Management Server, a profile request for the grouped devices based on the end device's participation information and the grouped devices. The terminal of claim 1, wherein the at least one device includes a portable device and / or an IoT (Internet of Thing) device. Profile management server, comprising: a transceiver configured to send and receive a signal, and a controller electrically connected to the transceiver and configured to: Receiving, from a terminal, information for requesting at least one profile, each of the requested at least one profile to be installed in each electronic card of at least one device, and Transmitting, to the terminal, the at least one profile based on the received information. The profile management server of claim 15, wherein the electronic card is physically embedded in the device. The profile management server of claim 15, wherein the electronic card includes a Universal Integrated Circuit Card (UICC). The profile management server of claim 15, wherein the at least one profile includes network access certification information. The profile management server of claim 15, wherein each of the at least one profile corresponds to each of the at least one device. The profile management server of claim 15, wherein the at least one profile includes a common profile for the at least one device and at least one personal parameter corresponding to each of the at least one device. The profile management server of claim 15, wherein the electronic card receives the at least one profile and installs the received at least one profile. The profile management server of claim 15, wherein the at least one device includes a portable device and / or an Internet of Thing (IoT) device. Apparatus comprising: a transceiver configured to send and receive a signal, a controller electrically connected to the transceiver, and an electronic card electrically connected to the controller, wherein the control means is configured to send an identification of the electronic card to a terminal and to receive a profile corresponding to the identification of the electronic card from the terminal, and wherein the electronic card is configured to install the received profile. The device of claim 23, wherein the profile is downloaded to the terminal from a profile management server. The device of claim 23, wherein the electronic card is physically embedded in the device. The device of claim 23, wherein the electronic card includes a Universal Integrated Circuit Card (UICC). The device of claim 23, wherein the profile includes network access certification information. The device of claim 23, wherein the profile includes a common profile for a plurality of devices including the device and a personal parameter corresponding to the device. The device of claim 23, wherein the electronic card tag is sent based on a connection between the terminal and the device using Bluetooth or Wi-Fi. The device of claim 23, wherein the profile is received when the device is paired with the terminal. The device of claim 23, wherein the device includes a portable device and / or an IoT (Internet of Thing) device.

Images