EP3530016A1 - Appareil et procédé d'installation et de gestion de profils esim - Google Patents

Appareil et procédé d'installation et de gestion de profils esim

Info

Publication number
EP3530016A1
EP3530016A1 EP17875610.2A EP17875610A EP3530016A1 EP 3530016 A1 EP3530016 A1 EP 3530016A1 EP 17875610 A EP17875610 A EP 17875610A EP 3530016 A1 EP3530016 A1 EP 3530016A1
Authority
EP
European Patent Office
Prior art keywords
profile
terminal
event
server
remote
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP17875610.2A
Other languages
German (de)
English (en)
Other versions
EP3530016A4 (fr
Inventor
Hyewon Lee
Sujung KANG
Jonghan Park
Kangjin YOON
Duckey Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority claimed from PCT/KR2017/013953 external-priority patent/WO2018101775A1/fr
Publication of EP3530016A1 publication Critical patent/EP3530016A1/fr
Publication of EP3530016A4 publication Critical patent/EP3530016A4/fr
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier

Definitions

  • the present disclosure relates to an apparatus and a method for communication connection through downloading and installing a communication service from a communication system to a terminal. More particularly, the present disclosure relates to an apparatus and a method for downloading, installing, and managing a profile online in a communication system.
  • the 5G or pre-5G communication system is also called a 'Beyond 4G Network' or a 'Post long-term evolution (LTE) System'.
  • the 5G communication system is considered to be implemented in higher frequency (mmWave) bands, e.g., 60GHz bands, so as to accomplish higher data rates.
  • mmWave e.g., 60GHz bands
  • MIMO massive multiple-input multiple-output
  • FD-MIMO full dimensional MIMO
  • array antenna an analog beam forming, large scale antenna techniques are discussed in 5G communication systems.
  • RANs cloud radio access networks
  • D2D device-to-device
  • SWSC sliding window superposition coding
  • ACM advanced coding modulation
  • FBMC filter bank multi carrier
  • NOMA non-orthogonal multiple access
  • SCMA sparse code multiple access
  • the Internet which is a human centered connectivity network where humans generate and consume information
  • IoT Internet of things
  • IoE Internet of everything
  • sensing technology “wired/wireless communication and network infrastructure”, “service interface technology”, and “Security technology”
  • M2M machine-to-machine
  • MTC machine type communication
  • IoT Internet technology services
  • IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected cars, smart grid, health care, smart appliances and advanced medical services through convergence and combination between existing information technology (IT) and various industrial applications.
  • IT information technology
  • 5G communication systems to IoT networks.
  • technologies such as a sensor network, MTC, and M2M communication may be implemented by beamforming, MIMO, and array antennas.
  • Application of a cloud RAN as the above-described Big Data processing technology may also be considered to be as an example of convergence between the 5G technology and the IoT technology.
  • a universal integrated circuit card is a smart card used to be inserted into a mobile communication terminal or the like, and is called a UICC card.
  • the UICC may include an access control module for accessing a network of a mobile communication service provider. Examples of such an access control module may be a universal subscriber identity module (USIM), a subscriber identity module (SIM), and an Internet protocol (IP) multimedia service identity module (ISIM).
  • USIM universal subscriber identity module
  • SIM subscriber identity module
  • IP Internet protocol multimedia service identity module
  • the UICC including the USIM may be normally called the USIM card.
  • the UICC including the SIM module may be normally called the SIM card.
  • the SIM card will be normally used to include the UICC card, the USIM card, and the UICC including the ISIM. That is, although the SIM card is mentioned, the technical characteristic thereof may also be applied to the USIM card, the ISIM card, or the general UICC card in the same manner.
  • the SIM card stores personal information of a mobile communication subscriber, and enables the subscriber to use safe mobile communications through performing subscriber authentication and traffic security key generation during accessing to a mobile communication network.
  • the SIM card is manufactured as a dedicated card for a specific mobile communication service provider by the request of the corresponding service provider during manufacturing of the card, and authentication information for accessing to the network of the corresponding service provider, for example, a USIM application and international mobile subscriber identity (IMSI), K value, and OPc value, is embedded in advance in the card before shipping.
  • IMSI international mobile subscriber identity
  • K value K value
  • OPc value OPc value
  • the subscriber can use the network and application services of the corresponding mobile communication service provider through insertion of the UICC card into a subscriber's mobile communication terminal.
  • the UICC card may be removed from the existing terminal and then may be inserted into a new terminal, and thus it is possible to use the authentication information, mobile communication phone number, personal phonebook, and the like stored in the UICC card as they are in the new terminal.
  • the SIM card is inconvenient in use in the case where a mobile communication terminal user intends to receive a service provided from another mobile communication service provider because the user should physically acquire a SIM card for the service.
  • the terminal user should purchase a local SIM card in order to receive the local mobile communication service.
  • a roaming service may somewhat address the problem of inconvenience, the user may be unable to receive the service due to expensive fees or nonexistent agreement between communication service providers.
  • the SIM module is remotely downloaded and installed in the UICC card
  • a plurality of SIM modules may be downloaded and installed in the UICC card, and one of the downloaded SIM modules may be selected to be used.
  • the UICC card may be or may not be fixed to the terminal.
  • the UICC fixed to the terminal is called an embedded UICC (eUICC)
  • the eUICC means a UICC card which is normally fixed to the terminal and can remotely download and select the SIM module.
  • the UICC card capable of remotely downloading and selecting the SIM module is commonly called the eUICC. That is, the UICC card that is fixed to or is not fixed to the terminal among the UICC cards capable of remotely downloading and selecting the SIM module is commonly called the eUICC.
  • downloaded SIM module information is commonly called an eUICC profile.
  • an aspect of the present disclosure is to provide an apparatus and a method for a terminal to perform communication connection through selection of a communication service in a communication system.
  • Another aspect of the present disclosure is to provide an apparatus and a method for a terminal to download online, install, and manage a profile for communication connection in a communication system.
  • Another aspect of the present disclosure is to provide an apparatus and a method for safely providing a profile to a terminal in a communication system.
  • the present disclosure proposes a method for addressing the followings for the above-described aspect.
  • a terminal in a wireless communication system includes an input unit (user interface) configured to display and receive an input of a type of an event (profile download or remote profile management) to be performed by the terminal from a user, a transmission unit capable of transmitting to a profile management server SM-DP+ one or more of embedded universal integrated circuit card (eUICC) identifier (EID) in the terminal, EventRequestType indicating the type of an event to be performed by the terminal, RPMConfig indicating whether the terminal permits the remote profile management, integrated circuit card ID (ICCID) of a profile that is a subject for which the terminal is to perform the remote profile management, and OperatorID of a service provider currently providing a communication service to the terminal, a reception unit capable of receiving, in response to this, from the profile management server SM-DP+ one or more events to be performed by the terminal and one or more of the type and the number of one or more events to be performed by the terminal next time, an input unit (user interface) configured
  • a profile management server SM-DP+ in a wireless communication system includes an event storage configured to store events (profile download or remote profile management) to be performed by an eUICC of a terminal, a processor and a determination unit configured to control and determine priorities of the events stored in the event storage, a reception unit configured to receive from the terminal one or more of EID in the terminal, EventRequestType indicating the type of the event to be performed by the terminal, RPMConfig indicating whether the terminal permits the remote profile management, ICCID of a profile that is a subject for which the terminal is to perform the remote profile management, and OperatorID of a service provider currently providing a communication service to the terminal, a reception unit capable of receiving eUICC authentication information including signature, a determination unit configured to select one or more event to be performed by the terminal through comparison of the received message of the terminal with the priorities of the events stored in the event storage of the profile management server SM-DP+, a determination unit
  • a method by a terminal in a wireless communication system includes transmitting, to a server, a universal integrated circuit card (UICC) related message to request an event for the terminal, wherein the UICC related message includes information on an operation type of the event, receiving, from the server, a response message including data corresponding to the operation type, and performing an operation based on the data.
  • UICC universal integrated circuit card
  • a terminal in a wireless communication system includes a transceiver and a processor coupled with the transceiver and configured to control to transmit, to a server, a UICC related message to request an event for the terminal, wherein the UICC related message includes information on an operation type of the event, receive, from the server, a response message including data corresponding to the operation type, and perform an operation based on the data.
  • a method by a server in a wireless communication system includes receiving, from a terminal, a UICC related message to request an event for the terminal, wherein the UICC related message includes information on an operation type of the event, and transmitting, to the terminal, a response message including data corresponding to the operation type.
  • a server in a wireless communication system includes a transceiver and a processor coupled with the transceiver and configured to control to receive, from a terminal, a UICC related message to request an event for the terminal, wherein the UICC related message includes information on an operation type of the event, and transmit, to the terminal, a response message including data corresponding to the operation type.
  • the terminal may notify the profile management server SM-DP+ of the current user's input, and selectively receive the event to be currently performed among the profile download or the remote profile management from the profile management server SM-DP+, and the event to be performed next time may be guided to the terminal.
  • the terminal can automatically request, receive, and then perform the next event.
  • FIG. 1 is a diagram illustrating a method for a terminal to connect to a mobile communication network using universal integrated circuit card (UICC) embedded with a fixed profile according to an embodiment of the present disclosure
  • UICC universal integrated circuit card
  • FIG. 2 is a diagram illustrating a message exchange procedure between a terminal and a profile server in the case of installing one or more profiles through a profile server according to an embodiment of the present disclosure
  • FIG. 3 is a diagram illustrating a message exchange procedure between a terminal and a profile server in the case where one or more profiles are installed through a profile server and one or more remote profile managements are performed according to an embodiment of the present disclosure
  • FIG. 4 is a diagram illustrating a method for specifying the type of an event corresponding to a command input by a user when a terminal requests the event from a profile server according to an embodiment of the present disclosure
  • FIG. 5 is a diagram illustrating a method for a profile server to manage an event storage according to an embodiment of the present disclosure
  • FIGS. 6A, 6B, 6C, and 6D are diagrams illustrating a method for determining whether a profile server can bind one or more events in a bundle to perform bundle transmission according to an embodiment of the present disclosure
  • FIGS. 7A, 7B, and 7C are diagrams illustrating a method for a profile server to transfer an event to be currently performed when configuring an event response message according to an embodiment of the present disclosure
  • FIG. 8 is a diagram illustrating a method for a profile server to transfer an event to be performed next time when configuring an event response message according to an embodiment of the present disclosure
  • FIG. 9 is a diagram illustrating a procedure for a profile server to configure an event response message according to an embodiment of the present disclosure
  • FIGS. 10, 11, and 12 are diagrams illustrating a message procedure for a terminal and a profile server to successively receive and perform one or more events according to an embodiment of the present disclosure
  • FIG. 13 is a diagram illustrating a procedure in which a terminal requests a "profile download" from a server and receives a response to the request according to an embodiment of the present disclosure
  • FIG. 14 is a diagram illustrating a procedure in which a terminal requests a "remote profile management" from a server and receives a response to the request according to an embodiment of the present disclosure
  • FIG. 15 is a diagram illustrating a procedure in which a terminal requests all types of events from a server and receives a response to the request according to an embodiment of the present disclosure
  • FIG. 16 is a diagram illustrating a method for a terminal to successively process events after preferentially securing data of all the events according to an embodiment of the present disclosure
  • FIG. 17 is a diagram illustrating a method for a terminal to secure and process data of respective events in the order of event reception according to an embodiment of the present disclosure
  • FIG. 18 is a diagram illustrating a method for a profile server to generate and attach a separate signature to respective remote profile management and profile metadata according to an embodiment of the present disclosure
  • FIG. 19 is a diagram illustrating a method for a profile server to specify the order of data processing while generating and attaching a separate signature to respective remote profile management and profile metadata according to an embodiment of the present disclosure
  • FIG. 20 is a diagram illustrating a method for a profile server to generate and attach a common signature to a part of respective remote profile management and profile metadata according to an embodiment of the present disclosure
  • FIG. 21 is a diagram illustrating a method for a profile server to specify the order of data processing while generating and attaching a common signature to a part of respective remote profile management and profile metadata according to an embodiment of the present disclosure
  • FIGS. 22 and 23 are diagrams illustrating a signature generation and data deployment method according to an embodiment of the present disclosure
  • FIGS. 24A, 24B, 25, and 26 are diagrams illustrating a method for configuring a user interface (UI) in a terminal according to an embodiment of the present disclosure
  • FIG. 27 is a diagram illustrating the operation of a terminal in accordance with a time series flow according to an embodiment of the present disclosure
  • FIG. 28 is a block diagram illustrating constituent elements of a terminal according to an embodiment of the present disclosure.
  • FIG. 29 is a block diagram illustrating constituent elements of a server according to an embodiment of the present disclosure.
  • These computer program instructions may also be stored in a non-transitory computer-usable or computer-readable memory that can direct a computer or another programmable data processing apparatus to function in a particular manner, such that the instructions stored in the non-transitory computer-usable or computer-readable memory produce an article of manufacture including instruction means that implement the function specified in the flowchart block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions that execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
  • each block of the flowchart illustrations may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the blocks may occur out of the order. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
  • ⁇ unit means, but is not limited to, a software or hardware component, such as FPGA or ASIC, which performs certain tasks. However, “ ⁇ unit” does not mean to be limited to software or hardware.
  • the term “ ⁇ unit” may advantageously be configured to reside on the addressable storage medium and configured to execute on one or more processors.
  • ⁇ unit may include, by way of example, components, such as software components, object-oriented software components, class components and task components, processes, functions, attributes, procedures, subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.
  • components and " ⁇ units” may be combined into fewer components and “ ⁇ units” or further separated into additional components and “ ⁇ units”. Further, the components and “ ⁇ units” may be implemented to operate one or more CPUs in a device or a security multimedia card.
  • a universal integrated circuit card is a smart card used to be inserted into a mobile communication terminal, and means a chip which stores therein personal information, such as network access authentication information of a mobile communication subscriber, phonebook, and short message service (SMS), and can safely use the mobile communication by performing subscriber authentication and traffic security key generation when accessing a mobile communication network, such as global satellite movement (GSM), wideband code division multiple access (WCDMA), and long-term evolution (LTE).
  • GSM global satellite movement
  • WCDMA wideband code division multiple access
  • LTE long-term evolution
  • communication applications such as subscriber identification module (SIM), universal SIM (USIM), and Internet protocol (IP) multimedia SIM (ISIM), are embedded in accordance with the type of the mobile communication network accessed by the subscriber, and the UICC may provide an upper-level security function for embedding of various application programs, such as e-wallet, ticketing, and e-passport.
  • SIM subscriber identification module
  • USIM universal SIM
  • IP Internet protocol multimedia SIM
  • an embedded UICC is a chip type security module embedded in the terminal other than a detachable type that can be inserted into or detached from the terminal.
  • the eUICC may download and install a profile using over-the-air (OTA) technique.
  • OTA over-the-air
  • the eUICC may be called a UICC in which profile download and installation can be performed.
  • a method for downloading and installing a profile in the eUICC using the OTA technique may be applied to a detachable type UICC that can be inserted into or detached from the terminal. That is, an embodiment of the present disclosure may be applied to the UICC capable of downloading and installing a profile using the OTA technique.
  • UICC may be mixedly used with SIM
  • eUICC may be mixedly used with eSIM
  • the profile may mean packaging of an application, a file system, and an authentication key value stored in the UICC in the form of software.
  • the USIM profile may have the same meaning as the profile, or may mean packaging of information included in the USIM application in the profile in the form of software.
  • a profile providing server may include a function of generating a profile, encrypting the generated profile, generating a remote profile management command, or encrypting the generated remote profile management command, and may be expressed as a subscription manager data preparation (SM-DP), a subscription manger data preparation plus (SM-DP+), an off-card entity of profile domain, a profile encryption server, a profile generation server, a profile provisioner (PP), a profile provider, or a profile provisioning credentials holder (PPC holder).
  • SM-DP subscription manager data preparation
  • SM-DP+ subscription manger data preparation plus
  • PPC holder profile provisioning credentials holder
  • the profile management server may be expressed as a subscription manager secure routing (SM-SR), a subscription manger secure routing plus (SM-SR+), an off-card entity of eUICC profile manager, a profile management credentials holder (PMC holder), or an eUICC manager (EM).
  • SM-SR subscription manager secure routing
  • SM-SR+ subscription manger secure routing plus
  • PMC holder profile management credentials holder
  • EM eUICC manager
  • the profile providing server may be commonly called as the profile providing server to which a function of the profile management server is added. Accordingly, in various embodiments of the present disclosure, that is, in beyond technology, it is also possible that the operation of the profile providing server is performed by the profile management server. In the same manner, it is also possible the operation described with respect to the profile management server or SM-SR may be performed by the profile providing server.
  • terminal used in the description may be called a mobile station (MS), user equipment (UE), user terminal (UT), wireless terminal, access terminal (AT), terminal, subscriber unit, subscriber station (SS), wireless device, wireless communication device, wireless transmit/receive unit (WTRU), moving node, mobile, or other terms.
  • MS mobile station
  • UE user equipment
  • UT user terminal
  • AT access terminal
  • AT terminal
  • subscriber unit subscriber station
  • WTRU wireless transmit/receive unit
  • moving node mobile, or other terms.
  • the terminal may include a cellular phone, a smart phone having a wireless communication function, a personal digital assistant (PDA), wireless modem, a portable computer having a wireless communication function, an imaging device, such as a digital camera having a wireless communication function, a gaming device having a wireless communication function, a music storage and reproduction home appliance having a wireless communication function, an Internet home appliance capable of wireless Internet connection and browsing, a portable unit or terminal integrating combinations of such functions.
  • the terminal may include a machine to machine (M2M) terminal, or machine type communication (MTC) terminal/device, but is not limited thereto. In the description, the terminal may be called an electronic device.
  • M2M machine to machine
  • MTC machine type communication
  • a UICC capable of downloading and installing a profile may be embedded in the electronic device. If the UICC is not embedded in the electronic device, the UICC that is physically separated from the electronic device may be inserted into the electronic device to be connected to the electronic device.
  • the card type UICC may be inserted into the electronic device.
  • the electronic device may include the terminal, and in this case, the terminal may be a terminal including the UICC capable of downloading and installing a profile.
  • the UICC may be embedded in the terminal, and if the terminal and the UICC are separated from each other, the UICC may be inserted into the terminal to be connected to the terminal.
  • the UICC capable of downloading and installing a profile may be called, for example, an eUICC.
  • the terminal or the electronic device may include software or an application installed in the terminal or the electronic device to control the UICC or eUICC.
  • the software or the application may be called, for example, a local profile assistant (LPA).
  • LPA local profile assistant
  • a profile discriminator may be called a profile ID, an integrated circuit card ID (ICCID), a machine ID, an event ID, an activation code, an activation code token, ISD-P or a factor matching a profile domain (PD).
  • the profile ID may indicate an inherent identifier of each profile.
  • the profile discriminator may include an address of a profile providing server (SM-DP+) capable of indexing the profile.
  • the eUICC ID may be an inherent identifier of the eUICC embedded in the terminal, and may be called an eUICC identifier (EID).
  • EID eUICC identifier
  • a provisioning profile has already been embedded in the eUICC, it may be a profile ID of the corresponding provisioning profile.
  • the terminal and the eUICC chip are not separated from each other, it may be a terminal ID. Further, it may be called a specific secure domain of the eUICC chip.
  • a profile container may be called a profile domain.
  • the profile container may be a security domain.
  • an application protocol data unit may be a message for the terminal to interlock with the eUICC. Further, the APDU may be a message for a PP or PM to interlock with the eUICC.
  • PPC may be a mean used to perform mutual authentication between the profile providing server and the eUICC, profile encryption, and signature.
  • the PPC may include one or more of a symmetric key, a Rivest Shamir Adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a root certification authority (CA), and a certificate chain.
  • RSA Rivest Shamir Adleman
  • ECC elliptic curved cryptography
  • CA root certification authority
  • certificate chain a certificate chain.
  • PMC may be a mean used to perform mutual authentication between the profile management server and the eUICC, transmitted data encryption, and signature.
  • the PMC may include one or more of a symmetric key, an RSA certificate and a private key, an ECC certificate and a private key, a root CA, and a certificate chain. Further, if a plurality of profile management servers are provided, different PMCs for the plurality of profile management servers may be stored in the eUICC or may be used.
  • an application identifier (AID) may be referred to. This value may be a discriminator for discriminating between different applications in the eUICC.
  • an event may be a term commonly calling profile download, remote profile management, or other profile or eUICC management/processing command.
  • the profile download may be mixedly used with profile installation.
  • the event type may be used as a term indicating whether a specific event is profile download or remote profile management or whether it is other profile or eUICC management/processing command, and the event type may be called an operation type (or OperationType), an operation class (or OperationClass), an event request type, an event class, or an event request class.
  • a profile package may be mixedly used with a profile, or may be used as a term indicating a data object of a specific profile, and the profile package may be called a profile TLV or profile package TLV.
  • the profile package is encrypted using an encryption parameter, it may be called a protected profile package (PPP) or a protected profile package TLV (PPP TLV).
  • PPP protected profile package
  • PPP TLV protected profile package
  • BPP bound profile package
  • BPP TLV bound profile package TLV
  • the profile package TLV may be a data set expressing information that constitutes a profile in a tag, length, and value (TLV) type.
  • the remote profile management may be called a profile remote management, remote management, remote management command, remote command, RPM package, profile remote management package, remote management package, remote management command package, or remote command package.
  • the RPM may be used to change the state (enabled, disabled, or deleted) of a specific profile or to update the contents of a specific profile (e.g., profile nickname or profile metadata).
  • the RPM may include one or more remote management commands, and in this case, the profiles that are the subjects of the respective remote management commands may be equal to or may be different from each other.
  • AKA may indicate authentication and key agreement, and may indicate an authentication algorithm for accessing to 3rd generation partnership project (3GPP) and 3GPP2 networks.
  • 3GPP 3rd generation partnership project
  • K is an encryption key value stored in the eUICC used for an AKA authentication algorithm.
  • OPc is a parameter value that can be stored in the eUICC used for the AKA authentication algorithm.
  • NAA is a network access application program, and may be an application program, such as USIM or ISIM, stored in the UICC to access the network.
  • the NAA may be a network access module.
  • FIG. 1 is a diagram illustrating a method for a terminal to connect to a mobile communication network using UICC embedded with a profile fixed to the terminal according to an embodiment of the present disclosure.
  • a UICC 120 may be inserted into a terminal 110.
  • the UICC may be of a detachable type, or may be pre-embedded in the terminal.
  • the fixed profile of the UICC embedded with the fixed profile means that "access information" capable of accessing to a specific communication service provider is fixed.
  • the access information may be, for example, the international mobile subscriber identity (IMSI) that is the subscriber discriminator and a K or Ki value that is used for authentication in the network together with the subscriber discriminator.
  • IMSI international mobile subscriber identity
  • the terminal may perform authentication with an authentication processing system (e.g., home location register (HLR) or AuC) of a mobile communication service provider using the UICC.
  • the authentication process may be an authentication and key agreement (AKA) process. If the authentication has succeeded, the terminal may then use a mobile communication service, such as phone call or use of mobile data, using a mobile communication service provider network 130 of the mobile communication system.
  • HLR home location register
  • AuC AuC
  • AKA authentication and key agreement
  • the terminal 230 may be the terminal 110.
  • the terminal 230 may include at least one of an LPA or an eUICC.
  • the profile server 250 may include an SM-DP+.
  • FIG. 2 is a diagram illustrating a message exchange procedure between a terminal 230 and a profile server 250 in the case of installing one or more profiles through the profile server according to an embodiment of the present disclosure.
  • the terminal 230 may receive an "add profile" command from a user, and at operation 203, it may perform TLS connection and mutual authentication with the profile server 250.
  • the terminal may transfer to the profile server 250 an EID of the terminal as the final procedure of the mutual authentication procedure.
  • the profile server may confirm a list of events to be installed in the corresponding terminal through the EID.
  • the profile server may select an event having the highest priority (in this embodiment, profile 1 installation) among the events in the list.
  • the profile server may send metadata of the selected profile to the terminal in replay.
  • the terminal may obtain user consent to the profile installation through illustration of the metadata of the profile to the user.
  • the terminal may transfer the user consent to the profile server and may receive a profile package.
  • the terminal may successfully install the profile package, and at operation 219, it may transfer the result to the profile server.
  • the profile package installation procedure if one or more events are in a standby state in the profile server, it is not possible to notify the terminal that further events in the standby state remain in the profile server after performing and processing a specific event.
  • the user in order to install one or more profiles, the user should input an "add profile" command to the terminal to cause inconvenience.
  • FIG. 3 is a diagram illustrating a message exchange procedure between a terminal 230 and a profile server 250 in the case where one or more profiles are installed through the profile server and one or more remote profile managements are performed according to an embodiment of the present disclosure.
  • the terminal 230 may receive an "add profile" command from a user, and at operation 303, it may perform TLS connection and mutual authentication with the profile server 250.
  • the terminal may transfer to the profile server 250 an EID of the terminal as the final procedure of the mutual authentication procedure.
  • the profile server may confirm a list of events (profile or remote management) to be installed in the corresponding terminal through the EID.
  • the profile server may select an event having the highest priority (in this embodiment, remote management 1) among the events in the list.
  • the profile server may send the selected remote management command to the terminal in replay.
  • the terminal may perform the received remote management command.
  • the terminal may transfer the result of performing the remote management command to the profile server.
  • the terminal preferentially receives the remote management command that is the event having the highest priority from the profile server, and performs an operation that is against the user's intention to cause confusion to the user.
  • FIG. 4 is a diagram illustrating a method for specifying the type of an event corresponding to a command input by a user when a terminal 230 requests the event from a profile server 250 according to an embodiment of the present disclosure.
  • case 1, case 2, and case 3 of FIG. 4 illustrate respective independent embodiments, two or more cases may be successively performed.
  • the terminal may receive an "add profile” command from a user.
  • the terminal may complete TLS secure connection and mutual authentication with the profile server with respect to the user input, and may request an event from the profile server 250 by specifying the event type corresponding to the profile download.
  • the event type may be displayed as a text (in this embodiment, "ProfileDownload") or as one value of the corresponding enumerate. For example, if the enumerate values "0, 1" correspond to the "profile download” and "remote profile management", the numeral "0" may be used instead of the text "ProfileDownload".
  • the terminal may notify the profile server whether the user currently activates (on) the remote profile management function of the terminal, or may notify of the service provider's identifier (OperatorID) that is currently providing the communication service to the corresponding terminal.
  • the profile server may select a profile installation event having high priority in accordance with the terminal's request. A method for the profile server to use the event type, profile management function activation/inactivation, and service provider identifier information and a method for managing the priority of an event will be described in detail according to an embodiment to be described later.
  • the terminal may receive a "refresh profile” command from a user.
  • the terminal may complete TLS secure connection and mutual authentication with the profile server with respect to the user input, and may request an event from the profile server 250 by specifying the event type corresponding to the remote profile management.
  • the event type may be displayed as a text (in this embodiment, "RPM") or as one value of the corresponding enumerate. For example, if the enumerate values "0, 1" correspond to the "profile download" and "remote profile management", the numeral "1" may be used instead of the text "RPM".
  • the terminal may notify the profile server whether the user currently activates (on) the remote profile management function of the terminal, or may notify of the service provider's identifier (OperatorID) that is currently providing the communication service to the corresponding terminal.
  • the profile server may select a remote profile management event having high priority in accordance with the terminal's request. A method for the profile server to use the event type, profile management function activation/inactivation, and service provider identifier information and a method for managing the priority of an event will be described in detail according to an embodiment to be described later.
  • the terminal may receive an "update all" command from a user.
  • the terminal may complete TLS secure connection and mutual authentication with the profile server with respect to the user input, and may request an event from the profile server 250 by specifying the event type corresponding to the profile download and the remote profile management.
  • the event type may be displayed as a text (in this embodiment, "ANY") or as one or more values of the corresponding enumerate, or through composite application of the method used in the embodiment of the profile download or the remote profile management.
  • the terminal may notify the profile server whether the user currently activates (on) the remote profile management function of the terminal, or may notify of the service provider's identifier (OperatorID) that is currently providing the communication service to the corresponding terminal.
  • the profile server may select an event (profile download or remote profile management) having high priority in accordance with the terminal's request. A method for the profile server to use the event type, profile management function activation/inactivation, and service provider identifier information and a method for managing the priority of an event will be described in detail according to an embodiment to be described later.
  • FIG. 5 is a diagram illustrating a method for a profile server to manage an event storage according to an embodiment of the present disclosure.
  • a profile server may manage an event storage that is discriminated as an EID.
  • each event storage one or more events (profile download or remote profile management) to be performed by the corresponding eUICC (or terminal) may be stored. Further, the events stored in the respective event storages may have their priorities, and a method for calculating the priority may follow one or more composite methods as follows, but the events are not limited to the list below.
  • Event type e.g., profile download may have a priority that is higher than the priority of remote profile management.
  • the profile server may align the corresponding events in a certain order.
  • the priority of the event is managed in first-in first-out (FIFO) type in accordance with the order of event registration in the event storage.
  • FIFO first-in first-out
  • the priority of the event may be calculated in various methods as described above.
  • FIGS. 6A, 6B, 6C, and 6D are diagrams illustrating a method for determining whether a profile server can bind a plurality of events in one message to perform bundle transmission in the case where a profile server transmits one or more events to the terminal according to an embodiment of the present disclosure.
  • the profile server may manage a table for determining whether it is possible to bind a specific event type with another event type for each event type to perform bundle transmission.
  • the profile server may determine to bind all events to perform bundle transmission regardless of the event type.
  • the profile server may be set to permit only binding of remote profile management events to perform bundle transmission, but may be set not to permit binding of profile download events or binding of a profile download event and a remote profile management event to perform bundle transmission.
  • the profile server may be set to permit only binding of the remote profile management event and the profile download event to perform bundle transmission, but may be set not to permit binding of profile download events or not to permit binding of remote profile management events to perform bundle transmission.
  • the profile server may not permit binding of any events to perform bundle transmission.
  • FIGS. 7A, 7B, and 7C are diagrams illustrating a method for a profile server to configure information of "current events” when the profile server configures a response message to an event request message of a terminal including the "current events” to be currently processed by the terminal and "next events” in a standby state in an event storage according to an embodiment of the present disclosure.
  • the terminal 230 may transmit an event request message to the profile server 250.
  • the profile server at operations 703A, 703B, and 703C, may configure an event response message using information on one or more "current events" selected from the event storage in accordance with the priority and events remaining in the event storage excluding the current events.
  • selection of the current events may be performed as follows in accordance with the event type specified in the event request message of the terminal, event storage state of the profile server, and whether to permit preferential transmission.
  • the profile server may manage a priority setup table for permitting whether an event of a low priority can be transmitted to the terminal prior to an event of a high priority in accordance with the respective event types.
  • the profile download event may be set to be preferentially transmitted to the terminal even if the profile download event has a priority that is lower than the priority of the remote profile management event, whereas the remote profile management event may be set not to be preferentially transmitted to the terminal in response to the terminal's request if the remote profile management event has a priority that is lower than the priority of the profile download event.
  • a profile download event Profile1 corresponding to the third priority may be selected more preferentially than remote profile management events RPM1 and RPM2 corresponding to the first and second priorities, and may be transmitted to the terminal through a "current event” field.
  • the residual events RPM1, RPM2, RPM3, and Profile2 may be included in the "next events" to be transmitted to the terminal 230 according to an embodiment of FIG. 8 to be described later.
  • any event is unable to be transmitted more preferentially than other events.
  • the terminal specifically requests the profile download event in a state where the event priorities in the event storage are aligned in the order as in the embodiment of the profile server 250, the remote profile management event RPM1 that has the highest priority should be preferentially performed, and the "current event" field becomes empty, and thus no event may be transmitted to the terminal.
  • the residual events RPM1, RPM2, Profile1, RPM3, and Profile2 may be included in the "next events" to be transmitted according to an embodiment of FIG. 8 to be described later.
  • FIG. 8 is a diagram illustrating a diagram illustrating a method for a profile server to configure information of "next events" when the profile server configures a response message to an event request message of a terminal including the "current events” to be currently processed by the terminal and "next events” in a standby state in an event storage according to an embodiment of the present disclosure.
  • the terminal 230 may transmit an event request message to the profile server 250.
  • the profile server may configure an event response message using information on one or more "current events" selected from the event storage in accordance with the priority and events remaining in the event storage excluding the current events.
  • selection of the current events a case where one remote management event RPM1 is selected to suit the request of the terminal is illustrated.
  • one or more events may be selected in accordance with whether the profile server can perform bundle transmission, and as in the embodiment of FIGS. 7A, 7B, and 7C, it is to be noted that the event type specified in the event request message of the terminal may be searched for from the event storage, and the corresponding event may be transmitted more preferentially than the event having the highest priority.
  • next event information may be compositely configured using one or more information elements as follows, but the usable information elements are not limited thereto.
  • an event response message may be configured as follows.
  • an event response message may be configured as follows.
  • an event response message may be configured as follows.
  • an event response message may be configured as follows.
  • the event type is displayed using a text ("RPM” or "ProfileDownload”).
  • RPM text
  • ProfileDownload a text
  • enumeration may also be used in addition to the text.
  • a binary recognizer Boolean having true/false instead of the text or enumerate may be used.
  • FIG. 9 is a diagram illustrating a procedure for a profile server to configure an event response message to an event request message of a terminal with reference to the event bundle transmission and the event preferential transmission setup as described in the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, and 8 according to an embodiment of the present disclosure.
  • the profile server may receive an event request message from the terminal.
  • the event request message may specify the type of an event requested by the terminal according to the above-described embodiment of FIG. 4 and whether a remote profile management function is currently activated/inactivated (on/off) in the terminal.
  • the profile server may align events in the event storage corresponding to the eUICC of the terminal that has transmitted the event request message in the order of priorities according to the embodiment of FIG. 5 as described above.
  • the profile server confirms whether the type of the event having the highest priority in the event storage coincides with the type of the event requested by the terminal at operation 901.
  • the profile server at operation 907, confirms whether it is possible to transmit the event corresponding to the event type requested by the terminal according to the embodiment of FIGS. 7A, 7B, and 7C as described above more preferentially than the event having the highest priority in the event storage confirmed at operation 905.
  • the profile server searches for the event having the highest priority among the events that coincide with the event type requested by the terminal in the event storage.
  • the profile server confirms whether the corresponding event is a remote profile management event and whether the remote profile management function of the terminal is currently inactivated (off) in the event request message of the terminal received at operation 901.
  • the profile server extracts the corresponding event from the event storage according to the embodiment of FIGS. 7A, 7B, and 7C as described above, and adds the corresponding event to the "current events" field.
  • the profile server After performing operation 911, the profile server, at operation 913, confirms whether bundle transmission of the corresponding event and other events is possible according to the embodiment of FIGS. 6A, 6B, 6C, and 6D as described above.
  • the profile server configures a "next events" field according to the embodiment of FIG. 8 as described above.
  • the profile server may transmit to the terminal an event response message composed of "current events” and "next events". If transmission of the event response message has failed, or if a reply to the processing failure of the event response message is received from the terminal hereafter, the profile server may restore the event extraction operation in the event storage at operation 911 performed once or more.
  • FIG. 10 is a diagram illustrating an example of a procedure in which the terminal 230 successively receives one or more events from the profile server 250 to perform the received events according to an embodiment of the present disclosure.
  • a profile corresponding to an ICCID1 is installed/activated in the terminal, a remote profile management function of the terminal is activated (on), the event storage of the profile server is aligned in accordance with the order of event registration time, bundle transmission of the remote profile management event is impossible, but bundle transmission of the profile download event is possible, preferential transmission of any event that deviates from the priority is impossible, and the "next events" are configured to describe only the event type of the event having the highest priority is described in the event storage.
  • the terminal may receive a command for "add profile" from a user.
  • the terminal may perform TLS secure connection and mutual authentication procedure with the profile server, and may request a profile download event from the profile server to suit the user's request according to the embodiment of FIG. 4 as described above.
  • the profile server may notify the terminal that one or more remote profile management events are in a standby state together with the profile download event ICCID2 that is the event having the highest priority in the event storage according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above.
  • the terminal may install the profile ICCID2 in accordance with the received profile download event.
  • the terminal may transmit the performance result of the profile download event that has been completed (i.e., profile installation result (ICCID2 installation result)) to the profile server.
  • profile installation result ICCID2 installation result
  • the profile server may notify the terminal that the event performance result has been successfully received. Further, at not only operation 1005 but also operation 1011, the profile server may notify the terminal of "next events" remaining in the event storage. Two types of messages to notify the "next events” are mutually complementary, and the "next events" may be notified in both two messages or in one of the two messages. If the "next events" are notified in both the two messages, the "next events” lists included in the two messages may differ from each other. As an example, if the priorities of the events in the event storage of the profile server are changed during performing of the operations 1007 to 1009 after the message transmission at operation 1005, the "next events" list included in the message at operation 1011 may be changed.
  • the terminal may request again the profile server to transmit the event to be performed next time according to the "next events" list notified by the profile server at operations 1005 to 1011. If the TLS secure connection and mutual authentication procedure between the terminal and the profile server at operation 1003 are still effective during transmission of the re-request message, the terminal may omit the TLS secure connection and mutual authentication procedure with the profile server. Further, if needed, the terminal may notify the user that the event is to be requested from the profile server, and may transmit an event request message to the profile server after obtaining a user consent. If the user does not consent, the terminal may end the procedure without requesting an additional event.
  • an identifier of the profile to be the subject of the corresponding event is not clear, and thus the event request type EventReqType may be set as the remote profile management, but the profile identifier may not be specified.
  • a method not to specify the profile identifier may transmit NULL character string, or may not transmit the profile identifier field.
  • the profile server may notify the terminal that one or more remote profile management events are in a standby state together with the remote profile management event (update ICCID1) that is the event having the highest priority in the event storage.
  • the terminal may manage the profile (change the contents of the profile corresponding to the ICCID1) in accordance with the received remote profile management event.
  • the terminal may transmit to the profile server the performance result of the remote profile management event that has been completed (i.e., profile change result (ICCID1 update result)).
  • profile change result ICCID1 update result
  • the profile server may notify the terminal that the event performance result has been successfully received. Further, in the same manner as in the procedure at operation 1011 as described above, the profile server may notify the terminal of the "next events" remaining in the event storage at not only operation 1015 but also operation 1021. For detailed explanation of the configuration of the "next events" list, explanation of the operation 1011 may be referred to.
  • the terminal may re-request the event to be performed next time from the profile server in accordance with the "next events" list notified by the profile server at operations 1015 to 1021.
  • explanation of the operation 1013 may be referred to.
  • the event to be performed next time is the remote profile management event in accordance with the "next events” list
  • an identifier of the profile to be the subject of the corresponding event is not clear, and thus the terminal may set the event request type EventReqType to all events "ANY", but may not specify the profile identifier ProfileID.
  • the embodiment of FIG. 4 as described above may be referred to. Further, it could be easily understood that the subsequent procedure may be performed through repetition of the operations 1001 to 1023 as described above.
  • FIG. 11 is a diagram illustrating an example of a procedure in which the terminal 230 successively receives one or more events from the profile server 250 to perform the received events according to an embodiment of the present disclosure.
  • a profile corresponding to an ICCID1 is installed/activated in the terminal, a remote profile management function of the terminal is activated (on), the event storage of the profile server is aligned in accordance with the order of event registration time, bundle transmission of the remote profile management event is possible, but bundle transmission of the profile download event is impossible, preferential transmission of any event that deviates from the priority is impossible, and the "next events" are configured to describe the type and the number of all events in the event storage.
  • the terminal may receive a specific profile (in this embodiment, ICCID1) selected by the user, and may receive a command for "refresh profile”.
  • ICCID1 specific profile
  • the terminal may receive a command for "refresh profile”.
  • the terminal may perform TLS secure connection and mutual authentication procedure with the profile server, and may request a remote profile management event from the profile server to suit the user's request according to the embodiment of FIG. 4 as described above.
  • the profile server may search for a profile download event that is an event having the highest priority in the event storage according to the embodiment of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above, and since the corresponding event does not coincide with the event type (remote profile management) requested by the terminal and preferential transmission that deviates from the priority is impossible, the profile server does not transfer any event, and the profile server may notify the terminal that one profile download event and three remote profile management events are in a standby state using the "next events" list.
  • the terminal may notify the user who has commanded the refresh profile that the refresh profile is currently impossible and add profile should be preferentially performed, and may obtain a user consent in accordance with the received "next events" list. If the user does not consent, the terminal may end the procedure without additional operation.
  • the terminal may re-request the profile server to send "next events" list notified by the profile server at operation 1105 and an event to be performed next time in accordance with the user consent received at operation 1107. If one or more of the TLS secure connection and the mutual authentication procedure between the terminal and the profile server at operation 1103 during transmission of the re-request message have already been ended or a new event request message should be discriminated by a new transaction ID on the policy of the profile server, the terminal may perform new TLS secure connection and mutual authentication procedure with the profile server.
  • the profile server may notify the terminal that three remote profile management events are in a standby state using the "next events" list together with the profile download event ICCID2 that is the event having the highest priority in the event storage according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above.
  • the profile package is instantly transmitted in response to operation 1109.
  • profile metadata is preferentially transmitted at operation 211
  • user consent to the profile installation is obtained again at operation 213, and a profile package is transmitted to the terminal in the case where the terminal requests the profile package from the profile server at operation 215.
  • an additional user consent may be integrated with the user consent at operation 1107.
  • the terminal may install a profile ICCID2 in accordance with the received profile download event (more specifically, profile package).
  • the terminal may transmit the performance result of the profile download event that has been completed (i.e., profile installation result (ICCID2 installation result)) to the profile server.
  • profile installation result ICCID2 installation result
  • the profile server may notify the terminal that the event performance result has been successfully received. Further, although not illustrated in the drawing, at operation 1119, the profile server may repeat the "next events" list at operation 1111 in the same manner as in the embodiment of FIG. 10 as described above.
  • the terminal may re-request the profile server to send an event to be performed next time in accordance with the "next events" list notified by the profile server at operation 1117.
  • explanation of the operation 1109 may be referred to.
  • the event to be performed next time is the remote profile management event in accordance with the "next events” list, an identifier of the profile to be the subject of the corresponding event is not clear, and thus the terminal may set the event request type EventReqType to all events "ANY".
  • the profile server may perform bundle transmission of other remote profile management events Enable ICCID2 and Disable ICCID1 together with the remote profile management event Update ICCID1 that is the event having the highest priority in the event storage according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above. Further, since there is no event in a standby state in the event storage after the bundle transmission of the corresponding remote profile management events, the profile server may notify of "Nothing More" in the "next events" list.
  • Notification of "Nothing More” in the "next events” list may be performed using a text as in this embodiment, using NULL data, using omission of the "next events” list itself, or using notification of the residual event "0" with respect to all event types.
  • the terminal may successively process the received remote profile management events. Further, it could be easily understood that the subsequent procedure may be performed through repetition of the operations 1101 to 1123 as described above.
  • FIG. 12 is a diagram illustrating an example of a procedure in which the terminal 230 successively receives one or more events from the profile server 250 to perform the received events according to an embodiment of the present disclosure.
  • a profile corresponding to an ICCID1 is installed/activated in the terminal, a remote profile management function of the terminal is activated (on), the event storage of the profile server is aligned in accordance with the order of event registration time, bundle transmission of any event is impossible, but if the terminal requests, only the remote profile management event can be transmitted more preferentially than the profile download event, and the "next events" are configured to describe only the event type of the event having the highest priority in the event storage.
  • the terminal may select a specific profile (in this embodiment, ICCID1) from the user, and may receive a command for "refresh profile”.
  • ICCID1 a specific profile
  • the terminal may receive a command for "refresh profile”.
  • the terminal may perform TLS secure connection and mutual authentication procedure with the profile server, and may request a remote profile management event from the profile server to suit the user's request according to the embodiment of FIG. 4 as described above.
  • the profile server may search for a profile download event that is an event having the highest priority in the event storage according to the embodiment of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above, and since the corresponding event does not coincide with the event type (remote profile management) requested by the terminal, but the preferential transmission thereof, which deviates from the priority, is possible, the event having the highest priority (in this embodiment, update ICCID1) among the events that suit the event type (remote profile management) requested by the terminal in the event storage can be preferentially transmitted. Further, the profile server may notify the terminal that the profile download event that is the event having the highest priority in the event storage is in a standby state except for the corresponding event.
  • the terminal may perform the received remote profile management event. Thereafter, if needed, report of the performance result of the remote profile management event may be omitted.
  • the terminal may notify the user who has commanded the profile update that it is used to perform "add profile” after the profile update according to the received "next events" list, and may obtain the user's consent. If the user does not consent, the terminal may end the procedure without any additional operation.
  • the terminal may re-request the profile server to send an event to be performed next time according to the "next events" list notified by the profile server at operation 1205. If one or more of the TLS secure connection and the mutual authentication procedure between the terminal and the profile server at operation 1203 during transmission of the re-request message have already been ended or a new event request message should be discriminated by a new transaction ID on the policy of the profile server, the terminal may perform new TLS secure connection and mutual authentication procedure with the profile server.
  • the profile server may notify the terminal that two remote profile management events are in a standby state using the "next events" list together with the profile download event ICCID2 that is the event having the highest priority in the event storage according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above.
  • a profile package is instantly transmitted in response to the operation 1211.
  • profile metadata is preferentially transmitted at operation 211
  • a user consent to the profile installation is obtained again at operation 213, and a profile package is transmitted to the terminal in the case where the terminal requests the profile package from the profile server at operation 215.
  • an additional user consent may be integrated with the user consent at operation 1209.
  • the terminal may install a profile ICCID2 in accordance with the received profile download event (more specifically, profile package).
  • the terminal may transmit the performance result of the profile download event that has been completed (i.e., profile installation result (ICCID2 installation result)) to the profile server.
  • profile installation result ICCID2 installation result
  • the profile server may notify the terminal that the event performance result has been successfully received. Further, although not illustrated in the drawing, at operation 1219, the profile server may repeat the "next events" list at operation 1113 in the same manner as in the embodiment of FIG. 10 as described above.
  • the terminal may re-request the profile server to send an event to be performed next time in accordance with the "next events" list notified by the profile server at operations 1213 to 1219.
  • explanation of the operation 11211 may be referred to.
  • the event to be performed next time is the remote profile management event in accordance with the "next events" list, an identifier of the profile to be the subject of the corresponding event is not clear, and thus the terminal may set the event request type EventReqType to all events "ANY".
  • the profile server may notify the terminal that the remote profile management event is in a standby state suing the "next events" list together with the remote profile management event (enable ICCID2) that is the event having the highest priority in the event storage according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8, and 9 as described above.
  • the terminal may manage the profile (activate ICCID2) in accordance with the received remote profile management event. Further, the subsequent procedure may be performed through repetition of the operations 1201 to 1225 as described above.
  • FIG. 13 is a diagram illustrating a procedure in which a terminal 230 requests a "profile download" from a profile server 250 and receives a response to the request in the case of installing a profile through the profile server according to an embodiment of the present disclosure.
  • the terminal 230 may transmit a certain character string "Challenge" to the profile server 250. Communication at operation 1301 may be protected through HTTPS to TLS secure connections.
  • the profile server 250 may transmit to the terminal 230 a certain character string "Challenge” together with a signature of a server.
  • the terminal 230 may transmit a terminal authentication request message to the profile server 250. Specifically, the terminal 230 may transmit to the profile server 250 information on the type (OperationType) of a specific event requested together with the signature of the terminal 230 using the terminal authentication request message.
  • the message exchange procedure between the terminal 230 and the profile server 250 may be called a mutual authentication procedure.
  • the profile server 250 may transmit a terminal authentication response message to the terminal 230. Specifically, as requested by the terminal 230 at operation 1305, the profile server 250 may send to the terminal 230 the terminal authentication response message including profile metadata and a one-time public key as preparation for the profile download.
  • the profile metadata may include information on the name of a service provider, a logo set by the service provider, and a charging system.
  • the terminal 230 may receive an input of an end user consent to the profile installation based on the profile metadata received at operation 1307. If the user consents to this, the terminal, at operation 1311, may send the one-time public key to the profile server 250.
  • the terminal 230 and the profile server 250 may generate a session key through combination of a one-time public key mutually exchanged at operations 1307 to 1311 with a one-time private key corresponding to the public key.
  • the profile server 250 may send a profile package encrypted using the session key generated at operation 1313 to the terminal 230 in reply. Thereafter, at operation 1317, the terminal 230 may decrypt and install the encrypted profile package.
  • the profile download procedure as described above at operations 1311 to 1315, additionally utilizes one message exchange between the terminal 230 and the profile server 250 in order to receive the profile package used for actual profile installation.
  • FIG. 14 is a diagram illustrating a procedure in which a terminal 230 requests a "remote profile management" from a profile server 250 and receives a response to the request in the case of performing the remote management through the profile server according to an embodiment of the present disclosure.
  • the terminal 230 may transmit a certain character string "Challenge" to the profile server 250. Communication at operation 1401 may be protected through HTTPS to TLS secure connections.
  • the profile server 250 may transmit to the terminal 230 a certain character string "Challenge” together with the signature of the server.
  • the terminal 230 may request from the profile server 250 the type (OperationType) of a specific event together with the signature of the terminal.
  • a remote management command is in a standby state in the event storage 270 of the profile server and the terminal 230 requests RPM.
  • the message exchange procedure between the terminal 230 and the profile server 250 may be called a mutual authentication procedure.
  • the profile server 250 may transmit to the terminal 230 a package (RPM command package) including a remote profile management command as requested at operation 1405.
  • the terminal 230 may receive an input of an end user consent to the profile management based on the remote profile management received at operation 1407. If the user consents to this, the terminal 230, at operation 1411, may perform a remote profile management command.
  • the terminal 230 can receive all remote profile management commands at operation 1407, and as compared with the profile download procedure as described above with reference to FIG. 13, one message exchange between the terminal 230 and the profile server 250 corresponding to operations 1311 to 1315 of FIG. 13 is not additionally required.
  • FIG. 15 is a diagram illustrating a procedure in which a terminal 230 requests all types of events from a profile server 250 and receives a response to the request in the case of installing two profiles through the profile server and performing twice remote management according to an embodiment of the present disclosure.
  • the terminal 230 may transmit a certain character string "Challenge” to the profile server 250. Communication at operation 1501 may be protected through HTTPS to TLS secure connections.
  • the profile server 250 may transmit to the terminal 230 a certain character string "Challenge” together with the signature of the server.
  • the terminal 230 may request from the profile server 250 the type (OperationType) of a specific event together with the signature of the terminal.
  • ALL all types
  • the message exchange procedure between the terminal 230 and the profile server 250 may be called a mutual authentication procedure.
  • the profile server 250 may simultaneously transmit remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2 as requested by the terminal 230 at operation 1505.
  • the terminal 230 may receive an input of an end user consent to the profile management and installation based on the remote profile management through the profile metadata received at operation 1507.
  • the terminal 230 may perform remote profile management and profile installation procedure.
  • the remote profile management (remote profile management 1 and remote profile management 2) can be performed just after operation 1509
  • the profile installation (profile metadata 1 and profile metadata 2) can be performed to secure a profile package by additionally performing one message exchange between the terminal 230 and the profile server 250 as described above at operations 1311 to 1355 of FIG. 13 for each profile installation.
  • a detailed scheme for the terminal 230 to successively perform the remote profile management and the profile installation will be described in detail with reference to FIGS. 16 and 17.
  • respective profile metadata and remote profile management data at operation 1507 accompany the signature of the profile server 250 for the terminal 230 to verify data integrity.
  • the profile server 250 may support the terminal 230 to easily verify the signature and process the respective data through proper adjustment of signature generation and data deployment.
  • a method for the profile server 250 to generate a digital signature and deploy data will be described in detail with reference to FIGS. 18 to 21.
  • FIG. 16 is a diagram illustrating a method for a terminal 230 to successively process events after preferentially securing data for all events according to an embodiment of the present disclosure.
  • the terminal 230 and the profile server 250 may perform mutual authentication. Regarding the mutual authentication and an operation request message of the terminal 230, explanations at operations 1503 to 1506 of FIG. 15 may be referred to.
  • the profile server 250 may simultaneously transmit remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2.
  • the terminal 230 may receive an input of an end user consent to the remote profile management and installation based on the remote profile management and the profile metadata received at operation 1603. If the user consents to this, the terminal 230, at operations 1607 to 1609, may request profile package 1 and profile package 2 corresponding to the profile metadata 1 and profile metadata 2, and may receive them from the profile server 250.
  • the terminal 230 may perform the remote profile management 1 at operation 1611, install the profile package 1 at operation 1613, perform the remote profile management 2 at operation 1615, and install the profile package 2 at operation 1617.
  • the terminal 230 at operation 1607 to 1609, may collectively secure data (i.e., profile package for the profile installation) used to process all the types of events received at operation 1603, and may perform the remote profile management and profile installation in accordance with the data processing order specified by the profile server 250 at operation 1603.
  • data i.e., profile package for the profile installation
  • FIG. 17 is a diagram illustrating a method for a terminal 230 to secure and process data of respective events in the order of event reception according to an embodiment of the present disclosure.
  • the terminal 230 and the profile server 250 may perform mutual authentication. Regarding the mutual authentication and an operation request message of the terminal 230, explanations at operations 1503 to 1506 of FIG. 15 may be referred to.
  • the profile server 250 may simultaneously transmit remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2.
  • the terminal 230 may receive an input of an end user consent to the remote profile management and installation based on the remote profile management and the profile metadata received at operation 1703.
  • the terminal 230 may perform the remote profile management 1 in accordance with the data processing order specified by the profile server 250 at operation 1703, receive profile package 1 corresponding to the profile metadata 1 at operation 1709, install the profile package 1 at operation 1711, perform the remote profile management 2 at operation 1713, receive profile package 2 corresponding to the profile metadata 2 at operation 1715, and install the profile package 2 at operation 1717.
  • the terminal 230 may preferentially perform the remote profile management without securing additional data, and if needed, it may perform the profile installation through additional securing of the profile package from the profile server 250 as at operation 1709 or 1715 in accordance with the data processing order specified by the profile server 250 at operation 1703.
  • FIG. 18 is a diagram illustrating a method for a profile server 250 to generate and attach a separate signature to respective remote profile management and profile metadata when the profile server 250 transfers the remote profile management and profile metadata with respect to a message of the profile server 250 at operation 1603 of FIG. 16 to operation 1703 of FIG. 17 according to an embodiment of the present disclosure.
  • the profile server 250 may generate digital signatures 1803 and 1811 with respect to remote profile management 1 data 1801 and remote profile management 2 data 1809. Further, the profile server 250 may generate digital signatures 1807 and 1815 with respect to profile metadata 1 data 1805 and profile metadata 2 data 1813. In this case, even if the profile server 250 does not specify the data processing order, the terminal 230 may process the data in the order of reception of the data from the profile server 250. In this embodiment, the terminal 230 may process the data in the order of the remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2.
  • each data is accompanied with a separately discriminated signature, and thus it is advantageous that the profile server 250 variously use algorithms and digital certificate types used to generate signatures for the respective data.
  • FIG. 19 is a diagram illustrating a method for a profile server 250 to generate and attach a separate signature to respective remote profile management and profile metadata and to specify the data processing order when the profile server 250 transfers the remote profile management and profile metadata with respect to a message of the profile server 250 at operation 1603 of FIG. 16 to operation 1703 of FIG. 17 according to an embodiment of the present disclosure.
  • the profile server 250 may generate digital signatures 1903 and 1911 with respect to remote profile management 1 data 1901 and remote profile management 2 data 1909. Further, the profile server 250 may generate digital signatures 1907 and 1915 with respect to profile metadata 1 data 1905 and profile metadata 2 data 1913.
  • the profile server 250 may specify the data processing order. As an example, in this embodiment for transmitting four pieces of data, the profile server 250 may specify the processing order of the data in a manner that among the four pieces of data, remote profile management 1 data 1901 is specified as the first one (1/4), profile metadata 1 data 1905 is the second one (2/4), remote profile management 2 data 1909 is the third (3/4), and profile metadata 2 data 1913 is the fourth (4/4).
  • each data is accompanied with a separately discriminated signature, and thus it is advantageous that the profile server 250 variously use algorithms and digital certificate types used to generate signatures for the respective data. Further, since each data separately specifies the processing order, it is advantageous that the profile server 250 can freely adjust the data transmission order. In this case, this embodiment in which the profile server 250 specifies the data processing order is not limited to FIG. 19, and the data processing order may be specified even in the embodiment of FIG. 18 in which data is processed in the order of their reception.
  • FIG. 20 is a diagram illustrating a method for a profile server 250 to generate and attach a common signature to a part of each remote profile management and profile metadata when the profile server 250 transfers the remote profile management and profile metadata with respect to a message of the profile server 250 at operation 1603 of FIG. 16 to operation 1703 of FIG. 17 according to an embodiment of the present disclosure.
  • the profile server 250 may generate a digital signature (i.e., common signature) 2011 with respect to the whole of remote profile management 1 data 2001 and remote profile management 2 data 2009. Further, the profile server 250 may generate a digital signature (i.e., common signature) 2015 with respect to the whole of profile metadata 1 data 2005 and profile metadata 2 data 2013. In this case, even if the profile server 250 does not specify the data processing order, the terminal 230 may process the data in the order of reception of the data from the profile server 250. In this embodiment, the terminal 230 may process the data in the order of the remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2.
  • data for which the profile server 250 generates the common signature is not limited to the same types of data.
  • FIG. 20 illustrates a case where the common signatures are generated through separation of the remote profile management and profile metadata
  • the profile server 250 may generate the common signature with respect to the data for which the same signature generation method (i.e., signature generation algorithm and digital certificate) is used.
  • the signature since the signature can be omitted with respect to the data sharing the signature, the amount of data transmitted from the profile server 250 to the terminal 230 can be reduced.
  • the terminal 230 separately gathers data becoming the subject of signature in order to verify the signature after receiving the whole data of the profile server 250.
  • the terminal 230 in order to verify the signature 2011, the terminal 230 should selectively gather remote profile management 1 data 2001 firstly received and remote profile management 2 data 2009 thirdly received, and in order to verify the signature 2015, the terminal 230 should selectively gather profile metadata 1 data 2005 secondarily received and profile metadata 2 data 2013 fourthly received.
  • FIG. 21 is a diagram illustrating a method for a profile server 250 to generate and attach a common signature to a part of each remote profile management and profile metadata and to specify the data processing order when the profile server 250 transfers the remote profile management and profile metadata with respect to a message of the profile server 250 at operation 1603 of FIG. 16 to operation 1703 of FIG. 17 according to an embodiment of the present disclosure.
  • the profile server 250 may generate a digital signature (i.e., common signature) 2111 with respect to the whole of remote profile management 1 data 2101 and remote profile management 2 data 2109. Further, the profile server 250 may generate a digital signature (i.e., common signature) 2115 with respect to the whole of profile metadata 1 data 2105 and profile metadata 2 data 2113. In addition, the profile server 250 may specify the data processing order.
  • a digital signature i.e., common signature
  • the profile server 250 may specify the data processing order.
  • the profile server 250 may specify the processing order of the data in a manner that among the four pieces of data, remote profile management 1 data 2101 is specified as the first one (1/4), profile metadata 1 data 2105 is the second one (2/4), remote profile management 2 data 2109 is the third (3/4), and profile metadata 2 data 2113 is the fourth (4/4).
  • data for which the profile server 250 generates the common signature is not limited to the same types of data.
  • the signature can be omitted with respect to the data sharing the signature, the amount of data transmitted from the profile server 250 to the terminal 230 can be reduced.
  • the profile server 250 since the data separately specify the processing order, the profile server 250 has the advantage that it can freely adjust the data transmission order. For example, in order to remove a procedure in which the terminal 230 selectively gather data for signature verification in the embodiment of FIG.
  • the profile server 250 may deploy the remote profile management 1 data 2101 and the remote profile management 2 data 2109 that share the signature 2111 just before the signature 2111, and may deploy the profile metadata 1 data 2105 and the profile metadata 2 data 2113 that share the signature2115 just before the signature 2115.
  • the terminal 230 may process the data in the order of the remote profile management 1, profile metadata 1, remote profile management 2, and profile metadata 2, which is the data processing order specified by the profile server 250 after the authentication of the signatures 2111 and 2115.
  • FIGS. 18 to 21 may be used in parallel to the procedures of FIGS. 16 and 17.
  • the procedure of verifying the respective signatures of FIGS. 18 to 21 may be selectively performed at a time in the procedures of FIGS. 16 and 17.
  • Parts of the detailed embodiments are as follows, but are not limited to the following embodiments.
  • the verification procedure may be performed at a time when the signature verification is necessary.
  • FIG. 22 is a diagram illustrating an embodiment in which the signature generation and data deployment method of FIG. 18 is used in the procedure of FIG. 17 according to an embodiment of the present disclosure.
  • the terminal 230 receives a message of the type, such as 2290, from the profile server 250 at operation 2201.
  • the terminal 230 may receive an end user consent at operation 2203, verify a signature at operation 2205, perform remote profile management 1 at operation 2207, verify a signature at operation 2209, receive profile package 1 corresponding to profile metadata 1 at operation 2211, install the profile package 1 at operation 2213, verify a signature at operation 2215, perform remote profile management 2 at operation 2217, verify a signature at operation 2219, receive profile package 2 corresponding to profile metadata 2 at operation 2221, and install the profile package 2 at operation 2223.
  • FIG. 23 is a diagram illustrating another embodiment in which the signature generation and data deployment method of FIG. 18 is used in the procedure of FIG. 16 according to an embodiment of the present disclosure.
  • the terminal 230 may receive an end user consent at operation 2303, verify a signature at operation 2305, receive profile package 1 corresponding to profile metadata 1 at operation 2307, verify a signature at operation 2309, receive profile package 2 corresponding to profile metadata 2 at operation 2311, verify a signature at operation 2313, perform remote profile management 1 at operation 2315, verify a signature at operation 2313, perform remote profile management 1 at operation 2315, install profile package 1 at operation 2317, verify a signature at operation 2319, perform remote profile management 2 at operation 2321, and install profile package 2 at operation 2323.
  • verification of the signature for the data received by the terminal 230 may be performed by the terminal 230 at a time after the data is received, it may be performed before the procedure of receiving an input of the end user consent.
  • the terminal 230 may verify signatures 2111 and 2115 of FIG. 21 after operation 1603 of FIG. 16, and may perform operation 1605 of FIG. 16 and the subsequent operations.
  • the terminal 230 may verify a signature 1903 of FIG. 19, perform operation 1707 of FIG. 17, verify a signature 1907 of FIG. 19, perform operations 1709 to 1711 of FIG. 17, verify a signature 1911 of FIG. 19, perform operation of 1713 of FIG. 17, verify a signature 815 of FIG. 19, and perform operations 1715 to 1717 of FIG. 17.
  • FIGS. 24A, 24B, 25, and 26 illustrate various embodiments of a method for a terminal 230 to configure a user interface (UI) to receive an input of an end user consent at operation 1605 or 1705 in the procedure of FIGS. 16 and 17 according to an embodiment of the present disclosure.
  • UI user interface
  • FIG. 27 is a diagram illustrating the operation of a terminal in accordance with a time series flow according to an embodiment of the present disclosure.
  • remote profile management1 2710 data of remote profile management1 2710, profile metadata1 2730, remote profile management2 2750, and profile metadata2 2770 as illustrated in FIG. 27 is received.
  • profile0 is installed and activated in the terminal 230
  • the remote profile management1 2710 includes remote commands of profile0 update 2711 and profile0 inactivation 2713
  • the profile metadata1 2730 includes data for profile1 installation 2731
  • the remote profile management2 2750 includes remote commands of profile1 update 2751, profile1 activation 2753, and profile0 deletion 2755
  • the profile metadata2 2770 includes data for profile2 installation 2771.
  • the terminal 230 may output a user interface in the form as indicated by 2401 of FIG. 24A or 2403 of FIG. 24B to the user.
  • the terminal 230 may obtain a user consent by successively outputting all procedures included in the data of FIG. 27.
  • the order of outputting the respective procedures may follow the order in which the terminal receives the respective procedures or the order in which the terminal 230 will process the respective procedures.
  • the consent to the respective procedures may employ individual user's checking as indicated by 2401, or user's consent for integrating the whole as indicated by 2403. Further, although not separately illustrated in FIGS.
  • the terminal 230 may additionally display a service provider's name, logo, and service fees with respect to the profile that is the subject of the respective procedures, or may additionally output a user interface for receiving an input of a separate password or personal identification number (PIN) set by the user or the service provider.
  • PIN personal identification number
  • the terminal 230 may output a user interface in the form as indicated by 2501 to the user.
  • the terminal 230 may obtain a user consent by classifying the procedures included in the data of FIG. 27 by profiles that are the subject of the respective procedures to obtain a user consent.
  • the terminal 230 may request individual user consent to sets of procedures classified by profiles.
  • the terminal may additionally display a service provider's name, logo, and service fees with respect to the profile that is the subject of the respective procedures, or may additionally output a user interface for receiving an input of a separate password or PIN set by the user or the service provider.
  • the terminal 230 may output a user interface in the form as indicated by 2601 to the user.
  • the terminal 230 may obtain a user consent by classifying and outputting the procedures included in the data of FIG. 27 by types of the respective procedures to obtain a user consent.
  • the terminal 230 may request individual user consent to sets of procedures classified by types.
  • the terminal may additionally display a service provider's name, logo, and service fees with respect to the profile that is the subject of the respective procedures, or may additionally output a user interface for receiving an input of a separate password or PIN set by the user or the service provider.
  • FIGS. 24A, 24B, 25, and 26 may be applied to all embodiments to which FIGS. 16 and 17 are applied as described above. Accordingly, the user interfaces corresponding to FIGS. 24A, 24B, 25, and 26 can be applied even to the procedures of receiving the user consent at operations 2203 or 2303 in the various embodiments of FIGS. 22 and 23.
  • FIG. 28 is a diagram illustrating the configuration of a terminal according to an embodiment of the present disclosure.
  • a terminal 2800 may include a transceiver 2810 and a processor 2820. Further, the terminal 2800 may include a UICC 2830. The UICC 2830 may be inserted into the terminal 2800, or may be embedded in the terminal 2800.
  • the transceiver 2810 may transmit and receive signals, information, and data.
  • the processor 2820 may control the overall operation of the terminal 2800. According to an embodiment of the present disclosure as described above, the processor 2820 may control the overall operation of the terminal 2800.
  • the UICC 2830 may download a profile and install the downloaded profile.
  • the UICC 2830 may manage the profile.
  • the UICC 2830 may operate under the control of the processor 2820.
  • the UICC 2830 may include a processor or a processor for installing the profile, or an application may be installed therein.
  • FIG. 29 is a diagram illustrating constituent elements of a server 2900 according to an embodiment of the present disclosure.
  • the server 2900 may be a profile server.
  • the server 2900 may include a transceiver 2910 and a processor 2920.
  • the transceiver 2910 may transmit and receive signals, information, and data. For example, the transceiver 2910 may transmit a profile to the terminal.
  • the processor 2920 is a constituent element for controlling the overall operation of the server 2900. According to an embodiment of the present disclosure as described above, the processor 2920 may control the overall operation of the server 2900.
  • constituent elements included in the present disclosure are expressed in a singular form or in a plural form in accordance with the proposed detailed embodiments.
  • the singular or plural expression is selected to suit the proposed situation for convenience in explanation, and the present disclosure is not limited to singular or plural constituent elements. Even the constituent elements in a plural expression may be expressed in a singular form, and even the constituent elements in a singular expression may be expressed in a plural form.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un appareil et un procédé permettant de fournir en toute sécurité un profil à un terminal dans un système de communication. L'appareil et le procédé comprennent une technique de communication qui combine un système de communication de cinquième génération (5G) permettant de prendre en charge un débit de transfert de données supérieur à celui d'un système de quatrième génération (4G) avec une technologie IoT, ainsi qu'un système associé. La présente invention peut s'appliquer à des services intelligents basés sur la technologie de communication 5G et sur la technologie liée à l'IoT, tels qu'une maison intelligente, un bâtiment intelligent, une ville intelligente, une voiture intelligente ou une voiture connectée, des soins de santé, l'enseignement numérique, le commerce de détail, ainsi que les services de sécurité et de sûreté.
EP17875610.2A 2016-12-01 2017-11-30 Appareil et procédé d'installation et de gestion de profils esim Pending EP3530016A4 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
KR20160162635 2016-12-01
KR1020170053945A KR102237840B1 (ko) 2016-12-01 2017-04-26 eSIM 프로파일을 설치, 관리하는 방법 및 장치
PCT/KR2017/013953 WO2018101775A1 (fr) 2016-12-01 2017-11-30 Appareil et procédé d'installation et de gestion de profils esim

Publications (2)

Publication Number Publication Date
EP3530016A1 true EP3530016A1 (fr) 2019-08-28
EP3530016A4 EP3530016A4 (fr) 2020-04-01

Family

ID=62601184

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17875610.2A Pending EP3530016A4 (fr) 2016-12-01 2017-11-30 Appareil et procédé d'installation et de gestion de profils esim

Country Status (4)

Country Link
EP (1) EP3530016A4 (fr)
JP (1) JP7043497B2 (fr)
KR (1) KR102237840B1 (fr)
CN (1) CN110024425B (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110446201B (zh) * 2019-09-20 2022-03-18 恒宝股份有限公司 一种实现eSIM远程配置的通信模组、通信方法及系统
KR102651703B1 (ko) * 2019-10-02 2024-03-28 삼성전자 주식회사 무선 통신 시스템의 SIM Profile을 재설치 하는 방법 및 장치
CN110784538B (zh) * 2019-10-30 2022-02-25 广东美的制冷设备有限公司 家电设备配置文件生成方法、装置、家电设备和存储介质
WO2022031148A1 (fr) 2020-08-07 2022-02-10 Samsung Electronics Co., Ltd. Procédé et appareil pour installer et gérer de multiples profils esim
CN116326195A (zh) * 2020-10-16 2023-06-23 三星电子株式会社 无线通信系统中用户设备和通用集成电路卡之间初始化的方法和设备

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106851628B (zh) * 2013-12-05 2020-08-07 华为终端有限公司 下载运营商的文件的方法及设备
CN104703199B (zh) * 2013-12-05 2018-05-11 华为终端(东莞)有限公司 嵌入式通用集成电路卡的管理方法、相关设备及系统
KR102250685B1 (ko) * 2014-07-01 2021-05-12 삼성전자 주식회사 eUICC(embedded Universal Integrated Circuit Card)를 위한 프로파일 설치 방법 및 장치
CN113207118B (zh) * 2015-03-25 2024-03-12 三星电子株式会社 用于通信系统中传送简档的方法和设备
WO2016167536A1 (fr) * 2015-04-13 2016-10-20 Samsung Electronics Co., Ltd. Procédé et appareil de gestion d'un profil d'un terminal dans un système de communication sans fil
CN107580790B (zh) * 2015-05-07 2021-04-23 三星电子株式会社 用于提供简档的方法和装置
KR102382851B1 (ko) * 2017-07-04 2022-04-05 삼성전자 주식회사 eSIM 단말과 서버가 디지털 인증서를 협의하는 방법 및 장치

Also Published As

Publication number Publication date
CN110024425B (zh) 2022-12-06
JP7043497B2 (ja) 2022-03-29
KR102237840B1 (ko) 2021-04-08
JP2020501437A (ja) 2020-01-16
KR20180062923A (ko) 2018-06-11
CN110024425A (zh) 2019-07-16
EP3530016A4 (fr) 2020-04-01

Similar Documents

Publication Publication Date Title
WO2018101775A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2018008972A1 (fr) Procédé et appareil d'accès à un réseau cellulaire pour obtenir un profil de carte sim
WO2018147711A1 (fr) Appareil et procédé de contrôle d'accès de esim
WO2020226466A1 (fr) Procédé et appareil pour gérer et vérifier un certificat
WO2016080726A1 (fr) Appareil et procédé d'installation de profil dans un système de communication
WO2016024695A1 (fr) Procédé et appareil de téléchargement de profil de dispositifs de groupe
WO2016153281A1 (fr) Procédé et appareil de téléchargement de profil dans un système de communication sans fil
WO2016163796A1 (fr) Procédé et appareil de téléchargement d'un profil dans un système de communication sans fil
EP3530016A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2019050325A1 (fr) Procédé et appareil de prise en charge d'un transfert de profil entre des dispositifs dans un système de communication sans fil
WO2016167551A1 (fr) Technique permettant de gérer un profil dans un système de communication
WO2017052136A1 (fr) Procédé et dispositif de téléchargement de profil dans un système de communications mobiles
WO2020091310A1 (fr) Procédé et appareil de gestion de faisceaux de plateforme sécurisée intelligente
WO2021066569A1 (fr) Procédé et appareil permettant la réinstallation d'un profil de sim dans un système de communication sans fil
WO2020050701A1 (fr) Appareil et procédé au moyen desquels un dispositif ssp et un serveur négocient des certificats numériques
WO2022031148A1 (fr) Procédé et appareil pour installer et gérer de multiples profils esim
WO2020080909A1 (fr) Procédé et appareil de traitement d'exception de gestion de profils à distance
WO2020171475A1 (fr) Procédé de changement de dispositif et appareil de système de communication sans fil
WO2022108357A1 (fr) Procédé et appareil de gestion de profils par prise en compte d'une euicc amovible prenant en charge de multiples profils activés
EP3769551A1 (fr) Procédé et appareil pour négocier une version d'euicc
EP3854115A1 (fr) Procédé et appareil de traitement d'exception de gestion de profils à distance
WO2020032589A1 (fr) Procédé, appareil et système pour autoriser une gestion de profil à distance
WO2022045869A1 (fr) Appareil et procédé de gestion d'événements dans un système de communication
WO2022092976A1 (fr) Procédé et dispositif de gestion de faisceau de communication de plateforme sécurisée intelligente
WO2021172873A1 (fr) Procédé et dispositif de gestion et de vérification à distance d'une autorité de gestion à distance

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190520

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20200304

RIC1 Information provided on ipc code assigned before grant

Ipc: H04W 8/18 20090101ALI20200227BHEP

Ipc: H04W 8/20 20090101AFI20200227BHEP

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20210609

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS