EP3918822A1 - Method and devices for managing subscription profiles on a security element - Google Patents
Method and devices for managing subscription profiles on a security elementInfo
- Publication number
- EP3918822A1 EP3918822A1 EP20703683.1A EP20703683A EP3918822A1 EP 3918822 A1 EP3918822 A1 EP 3918822A1 EP 20703683 A EP20703683 A EP 20703683A EP 3918822 A1 EP3918822 A1 EP 3918822A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- subscription profile
- profile
- subscription
- security element
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000004913 activation Effects 0.000 claims description 7
- 230000009849 deactivation Effects 0.000 claims description 5
- 238000004590 computer program Methods 0.000 claims description 4
- 230000003993 interaction Effects 0.000 claims description 4
- 238000012423 maintenance Methods 0.000 description 6
- 230000001419 dependent effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/183—Processing at user equipment or user record carrier
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/04—Registration at HLR or HSS [Home Subscriber Server]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/02—Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]; Transfer of mobility data, e.g. between HLR, VLR or external networks
- H04W8/08—Mobility data transfer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
- H04W8/20—Transfer of user or subscriber data
- H04W8/205—Transfer to or from user equipment or user record carrier
Definitions
- the invention relates to a method and apparatus for managing subscription profiles of a security element, which is provided for use in a mobile terminal.
- PLMN Public Land Mobile Network
- MNO mobile network operator
- the security element is a subscriber identity module (so-called subscriber identity module, SIM), which is usually in the form of a chip card is provided.
- SIM subscriber identity module
- the SIM contains credentials for authenticating and identifying the user of the mobile terminal, including in particular an International Mobile Subscriber Identity (IMSI) and an authentication key Ki.
- IMSI International Mobile Subscriber Identity
- Ki authentication key Ki
- the user of the mobile terminal device When using the services provided by an MNO, in particular communication via the PLMN provided by the MNO, the user of the mobile terminal device is generally billed by the MNO for a certain monthly fee. If the mobile user wants to switch to another MNO, for example because he is in another country, he generally has to manually replace the SIM provided by the current MNO with another SIM. With the other SIM, which is provided by the new MNO and contains the new subscription profile, the mobile terminal can connect to the PLMN of the new MNO.
- WO 2015/018533 A1 discloses a method in which a new subscription profile can be loaded from a subscription management server in a simple and secure manner onto the security element of a mobile end device.
- a command script is used which defines a sequence of commands from the subscription management server.
- a connection to the new mobile radio network is made using a reloaded subscription profile, executing the command sequence defined by the command script.
- the user of the mobile terminal is provided with a choice of which subscription profile he would like to use if a plurality of subscription profiles are loaded on the security element. This can make the handling of a large number of subscription profiles loaded on the security element unwieldy under certain circumstances. It is an object of the present invention to provide a method and a device for managing subscription profiles of a security element, which enable easier use.
- a method for managing subscription profiles of a security element is proposed, the security element being provided for use in a mobile terminal.
- a profile manager and at least a first subscription profile are loaded on the security element.
- the method includes the step of loading a second subscription profile from a subscription management server.
- the method comprises the further step of checking whether the at least one first loaded subscription profile fulfills a predetermined condition.
- the method comprises the step of decommissioning the at least one first subscription profile if the at least one first subscription profile fulfills the predetermined condition.
- the proposed method has the advantage that no active profile maintenance has to be carried out by the user of the mobile terminal.
- a profile maintenance may be useful because a subscription profile downloaded to the security element remains on the security element, even if other subscription profiles are loaded onto the security element and the original subscription profile is no longer required. This simplifies profile maintenance for the user of a mobile device with a security element onto which subscription profiles can be subsequently loaded.
- SIM Subscriber Identity Module
- UICC Universal Integrated Circuit Card
- the step of checking whether the at least one first loaded subscription profile fulfills a predetermined condition and the step of decommissioning are carried out by the profile manager.
- the profile manager can, for example, be the Issuer Security Domain Root ISD-R defined in the GMSA SGP.22 specification. In principle, other profile managers can also be used to carry out the method according to the invention.
- the step of decommissioning comprises deleting the at least one first subscription profile.
- the step of decommissioning can include deactivating the at least one first subscription profile.
- the profile manager can trigger execution using an APDU command, such as a DELETE or DISABLE command.
- Another expedient embodiment provides that user information is generated and output on a user interface of the mobile terminal, which signals to a user of the mobile terminal that the at least one first subscription profile has been deactivated.
- the user information includes interaction information, the activation of which is monitored by the user, the activation of the at least one first subscription profile being prevented or carried out when the activation is established. In this way, the user of the mobile terminal is granted a “veto right” with regard to the deactivation of the at least one first subscription profile.
- LPA Local Profile Assistant
- Another expedient embodiment includes one or more of the following criteria as the specified condition:
- HLR Home Location Register
- the at least one first subscription profile is deleted or deactivated automatically or after confirmation by a user, as a result of which it is not necessary for a user himself to initiate profile maintenance on the security element.
- a computer program product which can be loaded directly into the internal memory of a digital computer and comprises software code sections with which the steps of the method described here are carried out when the product is running on a computer.
- the computer can be a computing unit of a mobile terminal as described herein.
- the computer program product can be in the form of a data carrier, e.g. one
- a security element which is intended for use in a mobile terminal, a profile manager and at least a first subscription profile being loaded on the security element.
- the security element is designed to load a second subscription profile from a subscription management server.
- the security element is designed to check whether the at least one first loaded subscription profile fulfills a predetermined condition.
- the security element is designed to put the at least one first subscription profile out of operation if the at least one first subscription profile fulfills the specified condition.
- the proposed security element has the same advantages as those described above in connection with the inventive method. Furthermore, the security element is designed to carry out the preferred configurations specified in the dependent claims.
- a mobile terminal which comprises a security element of the type designed according to this description.
- FIG. 1 shows a schematic illustration of a mobile device according to the invention
- Fig. 2 is a schematic flow chart that illus trates the flow of the inventive method for managing subscription profiles.
- 1 shows a schematic representation of a mobile terminal 10 according to the invention.
- the mobile terminal comprises 10 a security element 11.
- the security element 11 (also sometimes referred to as an identification module) can be in the form of a SIM card or a UICC.
- the security element can also be an embedded security element in the form of an eSIM or an eUICC, which are an integral part of the mobile terminal 10.
- the security element 11 comprises a memory on which a profile manager 12 and a first subscription profile 13 (or a plurality of first sub-subscription profiles) are loaded.
- the data stored on the security element 11 are securely stored and make it possible to uniquely identify the user of the mobile terminal 10 (the so-called subscriber).
- the first subscription profile 13 is used to ensure that the MNO (mobile radio network operator) provided services can be used by the user by means of the mobile terminal 10.
- the profile manager 12 is set up to load a second subscription profile 14 into the security element 11 so that the user of the mobile terminal 10 can use services provided by another MNO, for example.
- the first subscription profile 13 remains in the security element 11. This is also the case when the original, first subscription profile 13 is no longer required by the user.
- the procedure described below enables profile maintenance to be carried out automatically, which does not have to be actively initiated by the user.
- step S2 After loading a second subscription profile onto the security element 11, on which one or more first subscription profiles have already been loaded, according to step S1, a check is carried out according to step S2 as to whether the first subscription profile 13 fulfills a predetermined condition.
- the profile manager 12 checks whether the first subscription profile 13 fulfills the specified condition.
- step S3 according to which the first subscription profile is deactivated, if the first subscription profile fulfills the specified condition, is carried out by the profile manager 12.
- the Issuer Security Domain Root, ISD-R defined in the GSMA SGP.22 specification can be used as the profile manager.
- Decommissioning the first subscription profile 13 may include deleting or deactivating the first subscription profile. This can be done by triggering the execution of an APDU command on the first subscription profile, for example using the known DELETE or DISABLE command.
- the profile manager 12 can optionally generate user information and output it on the user interface 16 of the mobile terminal.
- the user information thus signals to the user of the mobile terminal 10 that the first subscription profile 13 is to be taken out of service.
- the output of the user information by the profile manager 12 can be brought about by an LPA (Local Profile Assistant), which enables a selection mask which can be displayed on the user interface 16 to manage the subscription profiles.
- LPA Local Profile Assistant
- the user information includes interaction information, the activation of which is monitored by the user, and when the activation is established, the decommissioning (deletion or deactivation) of the first subscription profile is prevented or carried out.
- the interaction information the user can thus be offered the choice of canceling the decommissioning process or deleting the first subscription profile or merely deactivating it.
- Possible conditions for decommissioning the first subscription profile 13 can be one or more of the following criteria: Leaving a restricted area, especially when crossing a national border. Deleting the first subscription profile 13 can be useful, for example, when the user of the mobile terminal 10 leaves a vacation country so that he can use the first subscription profile used during his stay in the
- an identification code e.g. a PIN, Personal Identification Number
- the number of attempts that are available to a user can be specified by the security element.
- the determination that a call to a predetermined number was initiated or made by the mobile terminal can take place after a so-called one-time call has been carried out, for example for emergency calls to a specified one
- HLR Home Location Register
- a rejection information reject
- the first subscription profile 13 on the security element 11 can be automatically deleted or deactivated. Any boundary conditions can be defined before the decommissioning is carried out becomes. For example, a certain number of rejections can be seen, the deactivation only taking place when the predetermined number is exceeded. Decommissioning can also be made dependent on the fact that the rejection contains information indicating the reason.
- the proposed procedure enables (partially) automatic deletion or deactivation of subscription profiles that are no longer used or required.
- the decommissioning can optionally be authorized by the user.
- profile maintenance by the user of the mobile device is not required.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102019000743.3A DE102019000743A1 (en) | 2019-02-01 | 2019-02-01 | Methods and devices for managing subscription profiles of a security element |
PCT/EP2020/000029 WO2020156752A1 (en) | 2019-02-01 | 2020-01-29 | Method and devices for managing subscription profiles on a security element |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3918822A1 true EP3918822A1 (en) | 2021-12-08 |
Family
ID=69468524
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP20703683.1A Pending EP3918822A1 (en) | 2019-02-01 | 2020-01-29 | Method and devices for managing subscription profiles on a security element |
Country Status (4)
Country | Link |
---|---|
US (1) | US11943837B2 (en) |
EP (1) | EP3918822A1 (en) |
DE (1) | DE102019000743A1 (en) |
WO (1) | WO2020156752A1 (en) |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9131530B2 (en) | 2012-05-08 | 2015-09-08 | Lantronix, Inc. | Traversal of wireless profiles |
EP2835995A1 (en) | 2013-08-09 | 2015-02-11 | Giesecke & Devrient GmbH | Methods and devices for performing a mobile network switch |
FR3018654B1 (en) | 2014-03-14 | 2017-07-07 | Oberthur Technologies | ON-SUB SUBSCRIBER IDENTITY MODULE SUITABLE FOR MANAGING COMMUNICATION PROFILES |
KR102331692B1 (en) | 2014-06-30 | 2021-11-30 | 삼성전자 주식회사 | Method and apparatus for selecting profile of terminal in a mobile network |
EP3293993B1 (en) * | 2015-05-07 | 2021-06-30 | Samsung Electronics Co., Ltd. | Method and apparatus for providing profile |
DE102015012943A1 (en) | 2015-10-07 | 2017-04-13 | Giesecke & Devrient Gmbh | Manage a subscription profile |
KR102545897B1 (en) * | 2015-12-22 | 2023-06-22 | 삼성전자 주식회사 | Method and apparatus for providing a profile |
US10178242B2 (en) * | 2017-03-17 | 2019-01-08 | Microsoft Technology Licensing, Llc | Enterprise gateway to mobile operator |
KR102600813B1 (en) * | 2018-06-07 | 2023-11-10 | 삼성전자 주식회사 | Apparatus and method for installing and managing a profile by using messaging service |
-
2019
- 2019-02-01 DE DE102019000743.3A patent/DE102019000743A1/en not_active Withdrawn
-
2020
- 2020-01-29 EP EP20703683.1A patent/EP3918822A1/en active Pending
- 2020-01-29 US US17/427,260 patent/US11943837B2/en active Active
- 2020-01-29 WO PCT/EP2020/000029 patent/WO2020156752A1/en unknown
Also Published As
Publication number | Publication date |
---|---|
WO2020156752A1 (en) | 2020-08-06 |
US20220132297A1 (en) | 2022-04-28 |
US11943837B2 (en) | 2024-03-26 |
DE102019000743A1 (en) | 2020-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69830175T2 (en) | METHOD FOR CONTROLLING APPLICATIONS STORED IN A SUBSCRIBER MODULE | |
WO2003001769A2 (en) | Method for transmitting data | |
EP0700628A1 (en) | Process for operating a mobile radiotelephone system | |
WO2004030405A2 (en) | Method for providing paying services, user identification device, and device for providing said services | |
EP1723815B1 (en) | Synchronization of data in two or more user cards used for operating a mobile terminal | |
DE112018000928T5 (en) | RADIO COMMUNICATION DEVICE AND CONTROL METHOD THEREOF | |
EP2895985B1 (en) | Content administration for a mobile station with trusted execution environment | |
EP3918822A1 (en) | Method and devices for managing subscription profiles on a security element | |
EP1421742A2 (en) | Method for sending access data to a subscriber station located, in particular, inside a motor vehicle for a special access mode to a service provider station | |
WO2015018510A2 (en) | Method and devices for changing a mobile radio network | |
DE102021005920A1 (en) | Method for resetting at least one SIM card of a mobile device | |
EP1271881A1 (en) | Method for Transfering Data | |
WO2015185212A1 (en) | Method and devices for managing subscriptions on a security element | |
DE102017002795A1 (en) | Method for multi-APN communication | |
DE102015011748A1 (en) | Method and apparatus for managing subscriptions on a security element | |
WO2004064363A1 (en) | Method for refusing incoming calls according to a call number control carried out on the sim card | |
EP3085134B1 (en) | Method and apparatuses for managing subscriptions on a security element | |
DE102022001848B3 (en) | Method for user-related setup of a terminal device | |
DE112019005926B4 (en) | COMMUNICATION DEVICE, VEHICLE AND METHOD | |
DE102020130180B3 (en) | SMART WEARABLE DEVICE, MOBILE COMMUNICATIONS TERMINAL, MOBILE COMMUNICATIONS SYSTEM AND METHOD OF OPERATING A MOBILE COMMUNICATIONS SYSTEM | |
DE102021200810B3 (en) | Method for operating a communication arrangement in a vehicle and communication arrangement for a vehicle | |
DE102018006378A1 (en) | Provisioning and operation of a subscriber identity module | |
DE102018007576A1 (en) | Subscriber identity module with profile or set up for profile | |
DE60106473T2 (en) | METHOD AND SYSTEM FOR INFORMATION TRANSMISSION | |
WO2016116270A1 (en) | Method and devices for managing subscription profiles on a mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210901 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GMBH |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230519 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GIESECKE+DEVRIENT EPAYMENTS GMBH |
|
17Q | First examination report despatched |
Effective date: 20230920 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: GIESECKE+DEVRIENT MOBILE SECURITY GERMANY GMBH |