JP7043497B2 - Methods and equipment for installing and managing eSIM profiles - Google Patents

Description

The present invention relates to a method and an apparatus for downloading and installing a communication service on a terminal in a communication system to make a communication connection. More specifically, the present invention relates to a method and an apparatus for downloading, installing and managing a profile online in a communication system.

Efforts are being made to develop improved 5G or pre-5G communication systems to meet the increasing needs for wireless data traffic since the commercialization of 4G communication systems. For this reason, 5G or pre-5G communication systems are referred to as Beyond 4G Network communication systems or Post LTE systems. In order to achieve high data transmission rates, 5G communication systems are considered for realization in the ultra-high frequency (mmWave) band (eg, such as the 60 giga (60 GHz) band). In order to mitigate the path loss of radio waves and increase the transmission distance of radio waves in the ultra-high frequency band, beamforming, massive MIMO, and full-dimensional multiple input / output (Full Digital) are used in 5G communication systems. MIMO: FD-MIMO), array antenna (array antenna), analog beamforming (analog beam-forming), and large-scale antenna (large scale antenna) technology are being discussed. In addition, in order to improve the network of the system, in the 5G communication system, the advanced small cell, the improved small cell (advanced small cell), the cloud radio access network (cloud radio access network: cloud RAN), and the ultra-high density network (ultra) are used. -Dense network), communication between devices (Device to Device communication: D2D), wireless backhaul (wireless backhaul), mobile network (moving network), cooperative communication (cooperative communication), Co-operative communication, Technological developments such as interference communication are being developed. In addition to this, in 5G systems, FQAM (HybridFSKandQAMModulation), which is an advanced coding modulation (ACM) method, and SWSC (Sliding Window Superposition Coding), which is an advanced connection technology, and FLB, which is an advanced connection technology, are used. ), NOMA (non orthogonal multiple access), SCMA (sparse code multiple access) and the like have been developed.

On the other hand, the Internet is evolving from a human-centered connection network in which humans generate and consume information to an IoT (Internet of Things) network that exchanges and processes information between distributed components such as things. .. IoT (Internet of Everything) technology, in which big data (Big data) processing technology through connection with cloud servers and the like is combined with IoT technology, is also emerging. In order to realize IoT, technical elements such as sensing technology, wireless communication and network infrastructure, service interface technology, and security technology are required, and recently, sensor networks (sensor network) and machines for connecting things. Technologies such as two-machine (Machine Machine, M2M) and MTC (Machine Type Communication) are being studied. In the IoT environment, intelligent IT (Internet Technology) services that collect and analyze data generated by connected objects and create new value in human life can be provided. IoT is a smart home, smart building, smart city, smart car or connected car, smart grid, healthcare, smart home appliances, advanced medical services, etc. through the fusion and combination of existing IT (information technology) technology and various industries. It can be applied to the field of.

Various attempts have been made to apply the 5G communication system to the IoT network. For example, technologies such as sensor networks, M2M, and MTC are embodied in 5G communication technologies by techniques such as beamforming, MIMO, and array antennas. The application of the cloud radio access network (cloud RAN) as the above-mentioned big data processing technology can be said to be an example of the fusion of 5G technology and IoT technology.

The UICC (Universal Integrated Circuit Card) is a smart card used by inserting it into a mobile communication terminal or the like, and is also called a UICC card. The UICC may include a connection control module for connecting to the network of a mobile communication operator. Examples of such a connection control module include USIM (Universal Subscriber Identity Module), SIM (Subscriber Identity Module), ISIM (IP Multimedia Service Identity Module), and the like. A UICC containing USIM is usually called a USIM card. Similarly, a UICC containing a SIM module is usually called a SIM card. In the following description of the present invention, the SIM card is used as a normal meaning including a UICC card, a USIM card, a UICC including an ISIM, and the like. That is, even if it is called a SIM card, its technical application can be similarly applied to a USIM card, an ISIM card, or a general UICC card.

The SIM card stores personal information of mobile communication subscribers, and enables secure mobile communication by performing subscriber authentication and traffic security key (key) generation when connecting to a mobile communication network. do.

At the time of proposing the present invention, the SIM card is generally manufactured as a dedicated card for the carrier at the request of the specific mobile communication carrier at the time of card manufacturing, and is certified for the network connection of the carrier. Information such as USIM application, IMSI (International Mobile Subscriber Identity), K value, OPc value, etc. are loaded on the card in advance and shipped. Therefore, the manufactured SIM card is delivered by the mobile communication operator and provided to the subscriber, and when necessary thereafter, the application in the UICC is installed and modified by utilizing technology such as OTA (Over The Air). , Deletion, etc. can also be managed. The subscriber can insert the UICC card into the mobile communication terminal owned by the subscriber to use the network and applied services of the mobile communication operator, and when the terminal is replaced, the UICC card is replaced with a new terminal from the existing terminal. By moving and inserting it into the machine, the authentication information, mobile communication phone number, personal phone book, etc. stored in the UICC card can be used as they are in the new terminal.

However, the SIM card has an inconvenience because the user of the mobile communication terminal is provided with the service of another mobile communication company. There is an inconvenience that the user of the mobile communication terminal must physically acquire the SIM card in order to receive the service from the mobile communication operator. For example, when traveling to another country, there is the inconvenience of having to ask for a local SIM card in order to receive local mobile communication services. In the case of roaming service, the above-mentioned inconvenience is solved to some extent, but there is also a problem that the service cannot be received unless a high charge and a contract between communication companies are made.

On the other hand, when the SIM module is remotely downloaded and installed on the UICC card, such inconvenience can be partially solved. That is, the SIM module of the mobile communication service to be used at the time desired by the user can be downloaded to the UICC card. For such a UICC card, a plurality of SIM modules can be downloaded and installed, and only one SIM module among them can be selected and used. Such UICC cards may or may not be fixed to the terminal. In particular, a UICC fixed to a terminal and used is called an eUICC (embedded UICC). Normally, an eUICC is fixed to a terminal and used, and means a UICC card that can be remotely downloaded and selected from a SIM module. In the present invention, a UICC card that can remotely download and select a SIM module is commonly referred to as an eUICC. That is, among the UICC cards that can be remotely downloaded and selected, the UICC card that is fixed or not fixed to the terminal is commonly used in eUICC. Furthermore, the SIM module information to be downloaded is commonly used in the term eUICC profile.

The information is provided only as background information to aid in understanding the invention. No decision is made or asserted as to whether any of the matters described above can be applied as prior art according to the present disclosure.

One aspect of the present disclosure is to at least eliminate the problems and / or disadvantages described above to provide at least the advantages described below. Thereby, the technical problem to be achieved by the present invention is to provide a method and an apparatus for a terminal to select a communication service and make a communication connection in a communication system.

Yet another aspect of the present disclosure is to provide a method and device for online downloading, installing and managing a profile for a terminal to make a communication connection in a communication system.

Yet another aspect of the present disclosure is to provide a device and a method for safely providing a profile to a terminal in a communication system.

In particular, the present invention proposes a solution for the following parts for the above purpose.

-A method in which a terminal transmits a message requesting profile download or profile remote management on a profile management server (SM-DP +, subscription manager data preparation plus).

-Used when the profile management server (SM-DP +) selectively replies profile download or profile remote management on the terminal and generates a profile download or profile remote management request message that the terminal must convey to the next stage. How to reply reference information

-Message exchange procedure between the terminal and profile management server (SM-DP +)

According to an embodiment of the present invention, a terminal of a wireless communication system is provided. The terminal includes a profile management server (SM-) including an input unit (User Interface) that displays (displays) the type of event (profile download or profile remote management) that the terminal intends to execute from the user. DP +) indicates the identifier (EID) of the eUICC (embedded user integrated input card) in the terminal, the identifier (EID) indicating the type of event that the terminal is trying to execute, and the identifier indicating whether the terminal allows remote profile management. (RPMConfig), one of the profile identifier (ICCID, integrated cycle card ID) for which the terminal remotely manages the profile, and the identifier (Operator ID) of the operator that currently provides the communication service to the terminal. One or more events that the terminal must execute from the profile management server (SM-DP +) and one that the terminal must execute next, including a transmitter that can send more than one. The user consents to the execution of the event by displaying the information for one or more events performed by the terminal to the user, including the receiver capable of receiving one or more of the above event types and numbers. Includes an input unit (User Interface unit) into which is input, includes a control unit that determines whether to proceed or stop the execution of one or more previously received events based on the input consent, and to execute the event. A control unit and a transmission unit that include a control unit that performs an event when it is decided to proceed (that is, with the user's consent) and can transmit the execution result of the event to the profile management server (SM-DP +). A control unit and a transmission unit that can send a message requesting the next event to the profile management server (SM-DP +) depending on the type and number of one or more events that the terminal must execute next. It is characterized by including.

According to an embodiment of the present invention, a profile management server (SM-DP +) for a wireless communication system is provided. The profile management server includes an event storage device (Event Store) that stores events (profile download or profile remote management) that the terminal eUICC must execute, and controls the priority of the events stored in the event storage device. The eUICC identifier (EID) in the terminal from the terminal, the identifier indicating the type of the event to be executed by the terminal (EvenRequestType), and the terminal remotely manage the profile, including the control unit and the judgment unit that can be determined. Of the identifier (RPMConfig) indicating whether to allow, the identifier (ICCID) of the profile for which the terminal performs profile remote management, and the identifier (Operator ID) of the business operator that currently provides the communication service to the terminal. Including a receiver capable of receiving one or more, including a receiver capable of receiving eUICC authentication information including signatures, in the message of the received terminal and the event storage device of the profile management server (SM-DP +). It contains a decision unit that compares the priority of stored events and selects one or more events that the terminal must execute, and among the events stored in the event storage device, the terminal must execute next. Among one or more events that the terminal must execute on the terminal and one or more types and number that the terminal must execute next, including a judgment unit that grasps the type and number of one or more events. A receiver that can send one or more of, includes a receiver that can receive the execution result of an event from a terminal, and a receiver that can receive a message requesting the next event from a terminal. It is characterized by including.

According to yet another embodiment of the present disclosure, a terminal method is provided in a wireless communication system. The method is to request a terminal event and send a UICC (universal integrated circuit card) related message containing information for the event's operation type to the server, and receive a response message from the server containing data corresponding to the operation type. Includes stages and stages of performing actions based on received data.

According to yet another embodiment of the present disclosure, a terminal for a wireless communication system is provided. The terminal is combined with the transmission / reception unit and requests the event of the terminal to send a UICC (universal integrated circuit card) related message containing information for the event operation type to the server, and the server responds to the operation type. It includes a control unit that receives a response message containing data and is set to perform an operation based on the received data.

According to yet another embodiment of the present disclosure, a method of a server for a wireless communication system is provided. The method includes a step of requesting an event from a terminal and receiving a UICC-related message containing information on the operation type of the event, and a step of transmitting a response message including data corresponding to the operation type on the terminal.

According to yet another embodiment of the present disclosure, a server for a wireless communication system is provided. The server is combined with the transmitter / receiver and the transmitter / receiver to request an event from the terminal, receive a UICC-related message containing information for the operation type of the event, and send a response message containing data corresponding to the operation type at the terminal. Includes a control unit configured to.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems not mentioned are described below to those who have ordinary knowledge in the technical field to which the present invention belongs. It can be clearly understood.

According to the embodiment of the present invention, in the communication system, the terminal notifies the profile management server (SM-DP +) of the input of the current user, and the terminal downloads the profile or remotely manages the profile from the profile management server (SM-DP +). It is possible to selectively receive the event that must be executed now and to be guided to the event that must be executed next. Through this, if one or more events (profile download or profile remote management) are waiting on the profile management server (SM-DP +), the terminal can automatically request and receive the next event. can.

Other aspects, advantages, and salient features of the present disclosure will be apparent to those of skill in the art from the detailed description below. A more detailed description discloses various embodiments of the present disclosure, along with the accompanying drawings.

The above-mentioned and other aspects, features and advantages of the particular embodiments of the present disclosure will become more apparent from the later description taken in connection with the accompanying drawings.

It is a figure which shows the method of connecting to the mobile communication network by using the UICC which carried out the profile which fixed the terminal by one Embodiment of this disclosure. It is a drawing which shows the message exchange procedure of a terminal and a profile server when one or more profiles are installed through the profile server by one Embodiment of this disclosure. It is a figure which shows the message exchange procedure of a terminal and a profile server when one or more profiles are installed through the profile server by one Embodiment of this disclosure, and one or more profile remote management is performed. It is a figure which shows the method of specifying the event type corresponding to the command input by the user when a terminal requests an event to a profile server by one Embodiment of this invention. It is a figure which shows the method which the profile server manages an event storage device by one Embodiment of this invention. It is a drawing which shows the method of setting whether the profile server can send one or more events in a bundle by one Embodiment of this invention. It is a drawing which shows the method of setting whether the profile server can send one or more events in a bundle by one Embodiment of this invention. It is a drawing which shows the method of setting whether the profile server can send one or more events in a bundle by one Embodiment of this invention. It is a drawing which shows the method of setting whether the profile server can send one or more events in a bundle by one Embodiment of this invention. It is a drawing which shows the method which conveys the event which is currently executed when the profile server constructs an event response message by one embodiment of the present invention. It is a drawing which shows the method which conveys the event which is currently executed when the profile server constructs an event response message by one embodiment of the present invention. It is a drawing which shows the method which conveys the event which is currently executed when the profile server constructs an event response message by one embodiment of the present invention. It is a drawing which shows the method which conveys the event to execute next when the profile server configures an event response message by one Embodiment of this invention. It is a drawing which shows the procedure which the profile server constructs an event response message by one Embodiment of this invention. It is a figure which shows the message procedure which a terminal and a profile server sequentially receive one or more events by one Embodiment of this invention. It is a figure which shows the message procedure which a terminal and a profile server sequentially receive one or more events by one Embodiment of this invention. It is a figure which shows the message procedure which a terminal and a profile server sequentially receive one or more events by one Embodiment of this invention. It is a drawing which shows the procedure which a terminal requests a server for'profile download', and receives a response to it by one Embodiment of this invention. It is a drawing which shows the procedure which a terminal requests a server for'profile remote management', and receives a response to it by one Embodiment of this invention. It is a drawing which shows the procedure which a terminal requests a server for all kinds of events and receives the response to the event by one Embodiment of this invention. It is a figure which shows the method of processing the event sequentially after the terminal preferentially secured the data for all the events by one Embodiment of this invention. It is a figure which shows the method which the terminal secures and processes the data for each event by the event reception procedure by one Embodiment of this invention. It is a drawing which shows the method in which the profile server generates and attaches a separate signature to each profile remote management and profile summary information data by one embodiment of the present invention. It is a figure which shows the method of specifying the processing procedure of each data while the profile server generates and attaches a separate signature to each profile remote management and profile summary information data by one Embodiment of this invention. It is a drawing which shows the method in which the profile server generates and attaches a common signature to a part in each profile remote management and profile summary information data by one embodiment of the present invention. It is a figure which shows the method which shows the process process of each data while the profile server generates and attaches a common signature to a part in each profile remote management and profile summary information data by one Embodiment of this invention. It is a drawing which shows the signature generation and the data arrangement method by one Embodiment of this invention. It is a drawing which shows the signature generation and the data arrangement method by one Embodiment of this invention. It is a drawing which shows the method of constructing the user interface (User Interface, UI) in the terminal by one Embodiment of this invention. It is a drawing which shows the method of constructing the user interface (User Interface, UI) in the terminal by one Embodiment of this invention. It is a drawing which shows the method of constructing the user interface (User Interface, UI) in the terminal by one Embodiment of this invention. It is a drawing which shows the method of constructing the user interface (User Interface, UI) in the terminal by one Embodiment of this invention. It is a figure which shows the operation of the terminal by one Embodiment of this disclosure by the time-series flow. It is a block diagram which shows the component of the terminal by one Embodiment of this invention. It is a block diagram which shows the component of the server by one Embodiment of this invention. It should be noted that, through the drawings, the same reference numbers are used to indicate the same or similar elements, features and structures.

It should be noted that, through the drawings, the same reference numbers are used to indicate the same or similar elements, features and structures.

The following description with reference to the accompanying drawings is provided to aid in a comprehensive understanding of the various embodiments of the present disclosure as defined by the claims and their equivalents. It contains a variety of details to aid in its understanding, but these should only be viewed as exemplary. Accordingly, one of ordinary skill in the art will recognize that various modifications and modifications of the various embodiments described herein can be made without departing from the scope and ideas of the present disclosure. Also, descriptions of known functions and configurations may be omitted for clarity and brevity.

The terms and words used in the following detailed description and claims are not limited to bibliographical meanings, but are used solely to allow the inventor a clear and consistent understanding of the present disclosure. Accordingly, it will be apparent to those skilled in the art that the following description of the various embodiments of the present disclosure is provided for purposes of illustration only and is not intended to limit the present disclosure as defined by the appended claims and their equivalents. Will.

It should be understood that the singular forms "a", "an" and "the" include multiple objects unless instructed to be explicitly different in context. Thus, for example, a reference to a "component surface" includes a reference to one or more such surfaces.

In explaining various embodiments, technical contents to which the present invention belongs are well known and are not directly related to the present invention will be omitted. This is to clarify the gist of the present invention and convey it more clearly by omitting unnecessary explanations.

For the same reason, some components have been outlined in the accompanying drawings, exaggerated or omitted. Also, the size of each component does not fully reflect the actual size. The same or corresponding components in each drawing are given the same reference number.

The advantages and features of the invention, and how to achieve them, will be clarified with reference to the embodiments described in detail below with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but can be embodied in various forms different from each other. It is provided to fully inform a person having ordinary knowledge in the technical field to which the invention belongs, and the present invention is only defined by the scope of the claims. The same reference numeral refers to the same component throughout the specification.

At this time, it can be understood that the union of each block of the processing flowchart and the drawing of the flowchart can be performed by computer program instructions. These computer program instructions can be mounted on a general purpose computer, a specialty computer or other processor equipped with programmable data processing, and thus are performed via a computer or other processor equipped with programmable data processing. Instructions will generate means to perform the functions described in the flowchart block. Since these computer program instructions can be computer-enabled or stored in computer-readable memory, which can be oriented towards a computer or other programmable data processing equipment to embody functionality in a particular manner. The instructions stored in the computer-enabled or computer-readable memory can also produce manufactured items that include instructional means that perform the functions described in the flowchart block. Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operational steps are performed on the computer or other programmable data processing equipment and performed on the computer. Instructions that generate the process to be performed and equipped with a computer or other programmable data processing equipment can also provide steps for performing the functions described in the flowchart block.

Also, each block can represent a portion of a module, segment or code that contains one or more executable instructions to perform the specified logical function. It should also be noted that in some alternative executions it is possible for the features mentioned in the block to occur off-stage. For example, the two blocks shown in contact can actually be done at substantially the same time, or the blocks can sometimes be done in reverse order by the function in question.

At this time, the term "-part" used in the present embodiment means software or FPGA, and hardware components such as ASIC, and "-part" plays any role. However,'~ part'is not limited to software or hardware. The'~ part'can be configured to be on a storage medium that can be addressed, or can be configured to regenerate one or more processors. Therefore, as an example,'-part' is a component such as a software component, an object-oriented software component, a class component, and a task component, and a process, a function, an attribute, a procedure, a routine, a segment of program code, a driver. Includes firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables. The components and the functions provided within the'~ part'can be combined into a smaller number of components and the'~ part' or further separated by the'~ part' with additional components. Not only that, the components and'-parts' can also be embodied to regenerate one or more CPUs in the device or security multimedia card.

The specific terms used in the following description are provided to aid the understanding of the present invention, and the use of such specific terms may be modified in other ways without departing from the technical ideas of the present invention. be able to.

First, the terms used herein are defined.

In the present specification, the UICC (universal integrated circuit card) is a smart card used by inserting it into a mobile communication terminal, and includes personal information such as network connection authentication information of a mobile communication subscriber, a telephone book, and SMS (short message service). Subscriber authentication and traffic when connected to mobile communication networks such as GSM (registered trademark) (global satellite movement), WCDMA (registered trademark) (wideband code division multiple access), LTE (long-term evolution), etc. It means a chip that generates a security key and enables secure mobile communication. The UICC is equipped with communication applications such as SIM (Subscriber Identity Module), USIM (Universal SIM), and ISIM (IP (Internet Protocol) Multimedia SIM) depending on the type of mobile communication network to which the subscriber connects. It can provide high-level security functions for mounting various application applications such as ticketing and electronic passports.

As used herein, the eUICC (embedded UICC) is a chip-type security module built into a non-detachable terminal that can be inserted into and removed from the terminal. eUICC can be installed with the profile down using OTA (Over The Air) technology. eUICC can be named by UICC that can download and install profiles.

In the present specification, the method of installing the profile down on the eUICC by using the OTA technique can also be applied to a removable UICC that can be inserted into and removed from the terminal. That is, the embodiment of the present invention can be applied to a UICC that can be installed with the profile down by using OTA technology.

In the present specification, the term UICC can be mixed with SIM, and the term eUICC can be mixed with eSIM.

In the present specification, a profile can mean that an application, a file system, an authentication key value, etc. stored in the UICC are packaged in a software form.

As used herein, the USIM Profile can mean the same as a profile or mean that the information contained in the USIM application in the profile is packaged in a software form.

In the present specification, the profile providing server includes a function of generating a profile, encrypting the generated profile, generating a profile remote management command, and encrypting the generated profile remote management command, and includes SM-. DP (Subscript Manager Data Preparation), SM-DP + (Subscript Manager Data Preparation plus), off-card entity of Profile Delivery, Profile provider (Professor Profile) It can be expressed by (Profile Provider) and PPC holder (Profile Provisioning Credentials holder).

In the present specification, the profile management server is SM-SR (Subscription Manager Entity Routing), SM-SR + (Subscription Manager Entity Routing Plus), off-card entity of eUICCProfiement It can be expressed by Manager).

When referring to the profile providing server in the present specification, it may be referred to as a combination of the functions of the profile management server. Therefore, in various embodiments of the present invention, that is, in subsequent techniques, it is of course possible for the operation to consist of a profile management server with respect to the operation of the profile providing server. Similarly, it goes without saying that the operations described for the profile management server or SM-SR can also be performed on the profile providing server.

As used herein, the term'terminal' refers to a mobile station (MS), user equipment (UE; User Equipment), user terminal (UT; User Thermal), wireless terminal, access terminal (AT), terminal, subscriber unit ( Referred to as a Subscriber Unit, a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmission / reception unit (WTRU), a mobile node, a mobile or other term. be able to. Various embodiments of the terminal include a cellular telephone, a smartphone having a wireless communication function, a personal portable terminal (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, and a digital having a wireless communication function. Integrating not only photography devices such as cameras, gaming devices with wireless communication functions, music storage and playback home appliances with wireless communication functions, Internet home appliances capable of wireless Internet connection and browsing, but also combinations of these functions. Can include portable units or terminals that are available. Further, the terminal can include, but is not limited to, an M2M (Machine to Machine) terminal, an MTC (Machine Type Communication) terminal / device. In the present specification, the terminal may also be referred to as an electronic device.

In the present specification, the electronic device may be equipped with a UICC in which a profile can be downloaded and installed. If the UICC is not built into the electronic device, the UICC physically separated from the electronic device can be inserted into the electronic device and connected to the electronic device. For example, in the form of a card, the UICC can be inserted into an electronic device. The electronic device may include the terminal, at which time the terminal may be any terminal that includes a UICC that can download and install a profile. Not only is the UICC built into the terminal, but when the terminal and the UICC are separated, the UICC can be inserted into the terminal and can be inserted into the terminal and connected to the terminal. A UICC that can be downloaded and installed with a profile can be referred to as, for example, an eUICC.

As used herein, the terminal or electronic device may include software or applications installed within the terminal or electronic device to control the UICC or eUICC. The software or application can be referred to, for example, as a Local Profile Assistant (LPA).

In the present specification, the profile discriminator is a profile identifier (Profile ID), an ICCID (Integrated Circuit Card ID), a Matching ID, an event identifier (Event ID), an activation code (Activation Code), and an activation code token (Activation Code). It can be named by a factor that matches a Token), ISD-P or profile domain (Profile Domain, PD). The Profile ID can indicate a unique identifier for each profile. The profile discriminator can include the address of a profile providing server (SM-DP +) from which the profile can be indexed.

In the present specification, the eUICC identifier (eUICC ID) may be a unique identifier of the eUICC built in the terminal, and may be designated by an EID (eUICC extension). When the provisioning profile is pre-installed in the eUICC, the identifier of the provisioning profile (Profile ID of the provisioning profile) may be used. Further, when the terminal and the eUICC chip are not separated as in the embodiment of the present invention, the terminal ID may be used. It is also possible to refer to a specific security domain (Secure Domain) of the eUICC chip.

As used herein, a profile container can be named by a profile domain. The profile container may be any security domain (Security Domain).

In the present specification, the PDU (application protocol data unit) may be any message as long as it is a message for the terminal to cooperate with eUICC. Further, the APDU may be a message for PP or PM to cooperate with eUICC.

As used herein, PPC may be any means used for mutual authentication, profile encryption, and signature between the profile providing server and eUICC. PPC is a symmetric key, RSA (Rivest Shamir Cryptography) certificate and personal key, ECC (elliptic curved cryptography) certificate and personal key, top certificate authority (Root certificate authority (CA) and certificate chain). Can include one or more of. Further, when there are a plurality of profile providing servers, other PPCs can be stored or used in eUICC for each of the plurality of profile providing servers.

As used herein, PMC may be any means used for mutual authentication, transmission data encryption, and signature between the profile management server and eUICC. The PMC can include one or more of a symmetric key, an RSA certificate and a personal key, an ECC certificate and a personal key, a Root CA and a certificate chain. Further, when there are a plurality of profile management servers, other PMCs can be stored or used in the eUICC for each of the plurality of profile management servers.

In the present specification, the AID may be an application identifier (Application Identifier). This value may be a discriminator that separates applications different from each other in eUICC.

As used herein, event may be a term commonly used for profile download, remote profile management, or other profile or eUICC management / processing commands. Profile Download can be mixed with Profile Installation. In addition, the event type can be used as a term to indicate whether a particular event is a profile download, remote profile management, or any other profile or eUICC management / processing command. (Operation Type or Operation Type), operation classification (Operation Class or Operation Class), event request type (Event Request Type), event classification (Even Class), event request classification (Event Request Class), and the like.

In the present specification, the profile package can be mixed with a profile or used in a term indicating a data object of a specific profile, and is named by Profile TLV or profile package TLV (Profile Package TLV). Can be. If the profile package is encrypted with encryption parameters, it can be named with a protected profile package (PPP) or a protected profile package TLV (PPP TLV). If the profile package is encrypted with encryption parameters that can only be decrypted by a particular eUICC, it can be named with the bound profile package (Bound Profile Package (BPP)) or bound profile package TLV (BPP TLV). .. The profile package TLV may be a data set (set) representing information constituting the profile in the TLV (Tag, Length, Value) format.

In the present specification, the remote profile management (Remote Profile Management, RPM) is a profile remote management (Profile Remote Management), a remote management (Remote Management), a remote management command (Remote Management), a remote management command (Remote Management), and a remote command (Remote Command). Management Package (RPM Package), Profile Remote Management Package (Profile Remote Management Package), Remote Management Package (Remote Management Package), Remote Management Command Package (Remote Management Command Package) Remote Management Command Package (Remote Management Command) be able to. RPM is used to change the state of a specific profile (Enable, Distributed, Deleted), or to change the contents of a specific profile (for example, a profile nickname (Profile Nickname) or profile summary information (Profile Metadata)). Can be used in. The RPM can also include one or more remote management commands, in which case the profiles targeted by each remote management command may be the same or different for each remote management command.

As used herein, AKA can indicate authentication and key agreement, and can indicate authentication algorithms for connecting to 3GPP (3rd generation partnership project) and 3GPP2 networks.

In the present specification, K is an encryption key value stored in eUICC used in the AKA authentication algorithm.

In the present specification, OPc is a parameter value that can be stored in eUICC used in the AKA authentication algorithm.

In the present specification, NAA is a network connection application (Network Access Application) application program, and may be any application program such as USIM or ISIM stored in the UICC to connect to the network. The NAA may be a network connection module.

In the description of the present invention, if it is determined that a specific description of the related known function or configuration can obscure the gist of the present invention, the detailed description thereof will be omitted.

FIG. 1 is a drawing showing a mobile communication network connection method of a terminal using a UICC equipped with a profile fixed to the terminal according to the embodiment of the present disclosure.

With reference to FIG. 1, the UICC 120 can be inserted into the terminal 110. At this time, the UICC may be removable or may be preliminarily installed in the terminal. The fixed profile of the UICC equipped with the fixed profile means that the'connection information'that can be connected to a specific news agency is fixed. The connection information may be, for example, a K or Ki value used for authenticating to the network together with the IMSI (international mobile subscriber identity) and the subscriber discriminator.

Then, the terminal can authenticate with the authentication processing system of the mobile communication company (for example, HLR (home location register) or AuC) using the UICC. The authentication process may be an AKA (Authentication and Key Agreement) process. If the authentication is successful, the terminal can use the mobile communication service such as telephone or mobile data use by using the mobile communication service provider network 130 of the mobile communication system.

Hereinafter, the terminal 230 and the profile server 250 will be referred to. The terminal 230 may be the terminal 110. The terminal 230 can include at least one of LPA or eUICC. The profile server 250 can include SM-DP +.

FIG. 2 is a drawing showing a message exchange procedure between the terminal 230 and the profile server 250 when one or more profiles are installed via the profile server according to the embodiment of the present disclosure.

Referring to FIG. 2, the terminal 230 can receive the “Add Profile” command from the user in the 201 step, and can perform the TLS connection and mutual authentication procedure (Mutual Authentication) with the profile server 250 in the 203 step. .. At step 205, the terminal can transmit the terminal's eUICC identifier (EID) to the profile server 250 in the final procedure of the mutual authentication procedure. At step 207, the profile server can see the list of events that must be installed at the terminal via EID. At the 209th stage, the profile server can select the event having the highest priority in the list of events (profile 1 is installed in this embodiment). At step 211, the profile server can return the summary information of the selected profile to the terminal. At step 213, the terminal can illustrate the profile summary information to the user and obtain user consent for profile installation. At the 215th stage, the terminal can transmit the user consent to the profile server and receive the profile package. At the 217th stage, the terminal can successfully install the profile package and transmit the result to the profile server at the 219th stage.

According to the profile package installation procedure, when one or more events are waiting on the profile server, the terminal is notified that there are more waiting events remaining on the profile server after the execution and processing of the specific event. Can't. Not only that, the user has the disadvantage of having to enter the "Add Profile" command several times on the terminal to install one or more profiles.

FIG. 3 is a drawing showing a message exchange procedure between the terminal 230 and the profile server 250 when one or more profiles are installed via the profile server according to the embodiment of the present disclosure and one or more remote management is performed. ..

Referring to FIG. 3, the terminal 230 can receive the “Add Profile” command from the user in the 301 step, and can perform the TLS connection and mutual authentication procedure (Mutual Authentication) with the profile server 250 in the 303 step. .. At step 305, the terminal can transmit the terminal's eUICC identifier (EID) to the profile server 250 in the final procedure of the mutual authentication procedure. At step 307, the profile server can confirm the list of events (profile or remote management) that must be installed in the terminal via EID. At 309 steps, the profile server can select the event with the highest priority in the event list (remote management 1 in this embodiment). At the 311 stage, the profile server can return the selected remote management command to the terminal. At 313 steps, the terminal can execute the received remote management command. At the 315th stage, the terminal can transmit the execution result of the remote management command to the profile server.

According to the profile installation and remote management execution procedure, when one or more events are waiting on the profile server, the terminal is notified that there are more waiting events remaining on the profile server after the execution and processing of the specific event. It cannot be known. Not only that, according to the present embodiment, the terminal issues the remote management command, which is the highest priority event, from the profile server even though the user commands the terminal to "Add Profile" in step 301. There is room for confusion for the user because the priority reception is performed and the operation is different from the user's intention.

FIG. 4 is a drawing showing a method of clearly indicating an event type corresponding to a command input by a user when the terminal 230 requests an event from the profile server 250 according to the embodiment of the present invention. Although case1, case2, and case3 in FIG. 4 show independent embodiments, two or more cases can be continuously performed.

Referring to FIG. 4, the terminal can receive the “Add Profile” command from the user in step 401. In response to the user input, the terminal completes the TLS security connection and mutual authentication procedure with the profile server at 403 steps, and can request the profile server 250 for an event by clearly indicating the event type corresponding to the profile download. At this time, the event type can be expressed by a text (in the case of the present embodiment, "ProfileDownload") or by one value in the corresponding numerical string (enumerate). For example, when the number strings "0, 1" correspond to "profile download" and "profile remote management", respectively, the number "0" can be used instead of the text "ProfileDownload". Further, at the 403 stage, the terminal informs the profile server whether the user has activated (on) the profile remote management function of the terminal, or the identifier (Operator ID) of the operator currently providing the communication service to the terminal. Can be known. At 405 steps, the profile server can select a profile installation event with a high priority according to the request of the terminal. The event type, whether or not the profile management function can be activated, the method in which the profile server utilizes the operator identifier information, and the event priority management method will be described in detail in the embodiments described later.

Further, referring to FIG. 4, the terminal can receive the “Refresh Profile” command from the user at the 407 step. In response to the user input, the terminal completes the TLS security connection and mutual authentication procedure with the profile server, and can request the profile server 250 for an event by clearly indicating the event type corresponding to the profile remote management. At this time, the event type can be expressed by a text (“RPM” in the case of the present embodiment) or by one value in the corresponding numerical string (enumerate). For example, if the number strings "0, 1" correspond to "profile download" and "profile remote management", respectively, the number "1" can be used instead of the text "RPM". Further, at the 409th stage, the terminal informs the profile server whether the user has activated (on) the profile remote management function of the terminal, or the identifier (Operator ID) of the business operator currently providing the communication service to the terminal. Can be known. At stage 411, the profile server can select a profile remote management event with a high priority at the request of the terminal. The event type, whether or not the profile management function can be activated, the method in which the profile server utilizes the operator identifier information, and the event priority management method will be described in detail in the embodiments described later.

Also, referring to FIG. 4, the terminal can receive the "Update All" command from the user in 413 steps. In response to the user input, the terminal completes the TLS security connection and mutual authentication procedure with the profile server, clearly indicates the event type corresponding to profile download and profile remote management, and requests the profile server 250 for the event. can. At this time, the event type may be represented by a single text (“ANY” in the case of this embodiment), represented by one or more values in the corresponding number string, or the profile download or profile remote management. The method used in the embodiment of the above can be applied in a complex manner and described. For example, use the text "ProfileDownload, RPM" instead of the text "ANY", or the numbers "0, 1, 2" correspond to'profile download',' profile remote management', and'all events', respectively. In that case, the number '2' or the number string "0, 1" can be used. Further, at the 415th stage, the terminal informs the profile server whether the user has activated (on) the profile remote management function of the terminal, or the identifier (Operator ID) of the business operator currently providing the communication service to the terminal. Can be known. At 417 steps, the profile server can select a high priority event (profile download or profile remote management) at the request of the terminal. The event type, whether or not the profile management function can be activated, the method in which the profile server utilizes the business identification information, and the event priority management method will be described in detail in the embodiments described later.
FIG. 5 is a drawing showing a method in which a profile server manages an event storage device according to an embodiment of the present invention.

Referring to FIG. 5, the profile server can manage an event storage device (Even Store) classified by an eUICC identifier (EID). Each event storage device can store one or more events ('profile download' or'profile remote management') that the eUICC (or terminal) must execute. Further, the events stored in each event storage device have their own priorities, and the method of calculating the priorities can be one or more of the combined methods in the following examples. Not limited to the list.

-Procedure for registering an event in the event storage device

-Priority value assigned when a business operator registers an event

-Event type (for example, profile download may have a higher priority than profile remote management)

-Priority value that the profile server arbitrarily determines and assigns

Further, if one or more events have the same priority, the profile server can arrange the events in any procedure. In the embodiment of the present invention, an example in which the priority of an event is managed in a first-in first-out (First-In First-Out, FIFO) form by a procedure in which the event is registered in the event storage device has been described, but as described above. It should be noted that the priority of each event can be calculated in various ways.

6A, 6B, 6C, 6D can be bundled with a plurality of events in one message when the profile server sends one or more events to the terminal according to the embodiment of the present invention. It is a drawing which shows the method of setting.

With reference to FIGS. 6A, 6B, 6C and 6D, the profile server manages a table that sets whether a particular event type can be bundled with other event types by event type. be able to.

With reference to FIG. 6A, the profile server can be configured to bundle all events regardless of event type.

Referring to FIG. 6B, the profile server is configured to only allow bundled profile remote management events and not bundled profile download events or bundled profile download events and profile remote management events. can do.

Referring to FIG. 6C, the profile server is configured to only allow bundled profile remote management events and profile download events, not bundled profile download events or bundled profile remote management events. can do.

With reference to FIG. 6D, the profile server may not allow any event to be bundled.

In the present embodiment, an example for two events is described, but as described above, when the number of event types increases to three or more, it is needless to say that the size of the chart can be increased to correspond to the event types. Further, the setting of whether or not the bundle transmission by event type is possible is not limited to the example of the bundle transmission setting by event type shown in FIGS. 6A, 6B, 6C and 6D, and is set to be different depending on the combination of the events to be bundled. It must be noted that it can be done.

7A, 7B and 7C, according to one embodiment of the present disclosure, are waiting for a'current event'and event storage that the terminal must currently process in response to the event request message of the terminal. It is a drawing which shows how to configure the information of'current event'when the profile server configures the response message to reply to the terminal including'Next Events' in.

With reference to FIGS. 7A, 7B and 7C, the terminal 230 can send an event request message to the profile server 250 at stages 701a, 701b, and 701c. For the structure and detailed description of the event request message, refer to the embodiment of FIG. In response to the event request message of the terminal, the profile server stores one or more'current events' selected by priority in the event storage device in the 703a, 703b, and 703c stages, and event storage excluding the event. The event response message can be configured using the event information remaining in the device. At this time, the current event can be selected as follows depending on the event type specified in the event request message of the terminal, the event storage device status of the profile server, and the priority transmission allowance setting.

The profile server can manage a priority setting chart that allows a lower priority event to be sent to the terminal first than a higher priority event depending on each event type.

Referring to FIG. 7B, the profile download event can be prioritized to the terminal if requested by the terminal even if the profile download event has a lower priority than the profile remote management event, but the profile remote management event has a lower priority than the profile download event. It can be set so that priority transmission is not given to the terminal even if the terminal requests it. At this time, if the event priorities of the event storage devices are aligned according to the procedure as in the embodiment of the profile server 250, if the terminal explicitly requests the profile download event, the profile download corresponding to the third priority is performed. The event (Profile1) can be preferentially selected from the profile remote management events (RPM1 and RPM2) corresponding to the first and second priorities and transmitted to the terminal via the'Current Event'field. .. In this case, the residual events (RPM1, RPM2, RPM3, Profile2) can be included in the'next events' and transmitted by the terminal 230 according to the embodiment of FIG. 8 described later.

With reference to FIG. 7C, any event can be set so that it cannot be transmitted in preference to other events, except for the priority of the event. At this time, if the event priorities of the event storage devices are aligned according to the procedure as in the embodiment of the profile server 250, the profile remote management which is the highest priority event even if the terminal explicitly requests the profile download event. Since the event (RPM1) must be executed preferentially, the'Current Event'field will be a vacant field and no event may be sent to the terminal. In the case of, the residual event (RPM1, RPM2, Profile1, RPM3, Profile2) can be included in the'next event'and transmitted according to the embodiment of FIG. 8 described later.

In the various embodiments of FIGS. 7A, 7B and 7C, the case where only one event is selected depending on whether the priority transmission setting is possible or not has been described, but this is the embodiment of FIGS. 6A, 6B, 6C and 6D. It should be noted that more than one event can be selected as described above. For example, if the embodiment of FIG. 7B is additionally set to enable bundle transmission of profile download events as in the embodiment of FIG. 6A, the'Current Events' field at stage 703b of FIG. 7B. Can also be transmitted on the terminal 230 while simultaneously including two profile download events (Profile 1 and Profile 2).

FIG. 8 shows the'current events' and the'waiting for event storage'that the terminal must currently process in response to the terminal's event request message according to one embodiment of the present disclosure. It is a drawing which shows how to configure the information of'Next Events' when the profile server configures the response message to reply to the terminal including the event (Next Events).

Referring to FIG. 8, the terminal 230 can send an event request message to the profile server 250 at the 801 step. For the structure and detailed description of the event request message, refer to the embodiment of FIG. In response to the event request message of the terminal, at the 803 stage, the profile server remains in the event storage device except for one or more'Current Events' selected by priority in the event storage device. Event response messages can be constructed using information about existing events. At this time, the case where one remote management event (RPM1) is selected so as to correspond to the request of the terminal with respect to the selection of the current event is shown in the present embodiment, but the implementation of FIGS. 6A, 6B, 6C and 6D is shown. One or more events can be selected by setting whether the profile server can send bundles as in the form, and the event type specified in the event request message of the terminal as in the embodiment of FIGS. 7A, 7B and 7C. It should be noted that can also be searched for in event storage and sent in preference to the highest priority event. Further, the information of the next event can be composed in a complex manner by using one or more information elements (information elements) of the following, and the information elements that can be used are not limited thereto.

-Event type of the event with the highest priority among the residual events

-Event type of one or more residual events

-Existence of one or more residual events

-Number of each event type when classifying residual events by event type

For example, when replying only to the event type of the event having the highest priority in the embodiment of FIG. 8, the event response message can be configured as follows.

-Churent Events = RPM1, Next Events = "RPM"

As another example, in the embodiment of FIG. 8, when returning the event types of all the remaining events, the event response message can be configured as follows.

-Churent Events = RPM1, Next Events = "RPM, ProfileDownload, RPM, ProfileDownload"

In another example, in the embodiment of FIG. 8, when the residual events are classified by event type and the number of each event type is returned, the event response message can be configured as follows.

-Churent Events = RPM1, Next Events = "RPM (2), ProfileDownload (2)"

As another example, in the embodiment of FIG. 8, when returning that one or more residual events remain regardless of the event type, the event response message can be configured as follows.

-Churent Events = RPM1, Next Events = TRUE

In the above-described embodiment, the text (“RPM” or “ProfileDownload”) is used for the notation of the event type, but it is needless to say that not only the text but also the number string can be used as described above in the embodiment of FIG. Also, when trying to inform the terminal that one or more events exist regardless of the event type, a binary cognitive person (Boolean) having positive / false (TRUE / FALSE) is used instead of text or a string of numbers. You can also do it.

FIG. 9 refers to the possibility of setting the event bundle transmission and the event priority transmission described in the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C and 8 according to the embodiment of the present disclosure. , Is a drawing showing a procedure for a profile server to configure an event response message to a terminal event request message.

Referring to FIG. 9, the profile server can receive the event request message from the terminal at the stage of 901. The event request message clearly indicates the type of event requested by the terminal according to the embodiment of FIG. 4 described above, and whether or not the profile remote management function is currently activated / deactivated (On / Off) in the terminal. be able to.

After the execution of the 901 step or when the confirmation of the 913 step fails, the profile server at the 903 step sets the event in the event storage device corresponding to the eUICC of the terminal that sent the event request message according to the embodiment of FIG. 5 described above. It can be aligned by the priority procedure.

At stage 905, the profile server checks to see if the type of highest priority event in the event storage matches the event type requested by the terminal at stage 901.

If the 905-step confirmation procedure fails or the 909-step confirmation procedure succeeds, at the 907th step, the profile server 905 the event corresponding to the event type requested by the terminal according to the embodiment of FIGS. 7A, 7B and 7C described above. Check if priority transmission can be performed over the highest priority event in the event storage device confirmed at the stage.

If the confirmation procedure in step 907 is successful, in step 915, the profile server searches the event storage device for the event having the highest priority among the events corresponding to the event type requested by the terminal.

After the confirmation procedure of the 905 stage is successful or the execution of the 915 stage, the profile server is the profile remote management event of the relevant event at the 909 stage, and at the same time, the profile remote of the current terminal is sent to the event request message of the terminal received at the 901 stage. Check if the management function is turned off.

If the 909-step verification procedure fails, the profile server extracts the event in the event storage according to the embodiment of FIGS. 7A, 7B and 7C described above and adds the event to the'Current Events' field. ..

After the execution of the 911 stage, at the 913 stage, the profile server confirms whether other events can be bundled with the event according to the embodiment of FIGS. 6A, 6B, 6C and 6D described above.

If the 913-step confirmation procedure fails or the 907-step confirmation procedure fails, at 917-step the profile server configures the'Next Events' field according to the embodiment of FIG. 8 described above.

After the execution of the 917 stage, at the 919 stage, the profile server can send an event response message composed of'Current Events'and'Next Events' to the terminal. If the transmission of the event response message fails or the reply to the processing failure of the event response message is received from the follow-up terminal, the profile server performs the event extraction operation in the event storage device of the 911 stage performed at least once. It can be restored.

FIG. 10 is a drawing showing an example of a procedure in which the terminal 230 sequentially receives one or more events from the profile server 250 according to the embodiment of the present invention.

In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated (On), and the event storage device of the profile server is arranged by the event registration time procedure. Profile remote management events cannot be bundled, profile download events can be bundled, any event cannot be out-of-priority priority transmission, and the'next event'configuration Suppose that only the event type of the highest priority event in the event storage is described.

Referring to FIG. 10, at step 1001, the terminal can receive a command for "Add Profile" from the user.

At the 1003 stage, the terminal performs a TLS security connection and a mutual authentication procedure with the profile server, and can request the profile server for a profile download event so as to meet the user's request according to the embodiment of FIG. 4 described above.

At stage 1005, the profile server is combined with the profile download event (ICCID2), which is the highest priority event of the event storage device, according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. It is possible to inform the terminal that one or more profile remote management events are waiting.

At the 1007 stage, the terminal can install the profile (ICCID2) by the received profile download event.

At step 1009, the terminal can send the execution result (that is, the profile installation result (ICCID2 Installation Reset)) to the profile server in response to the profile download event that has been completed.

At the 1011 stage, the profile server can notify the terminal that the event execution result has been successfully received. Further, the profile server can notify the terminal of the'next events' remaining in the event storage device not only in the 1005 stage but also in the 1011 stage. The two types of messages that publicize the'Next Events' are complementary to each other, and both of the two messages publicize the'next event'or only one of the two messages'. The next event'can also be announced. If both of the two messages publicize the'next event', the'next event'lists contained in the two messages can be different from each other. For example, if the priority of events in the event storage of the profile server during the execution of 1007 to 1009 stages after sending the 1005 stage message is changed, the'next event'list contained in the 1011 stage message will be displayed. Can be changed.

At step 1013, the terminal can again request the profile server for events to be performed in the next order according to the'next event'list known by the profile server in steps 1005 to 1011. When the re-request message is transmitted, if the TLS secure connection and mutual authentication procedure between the terminal and the profile server in the 1003 stage are still valid, the terminal can omit the TLS secure connection and mutual authentication procedure between the profile server and the profile server. In addition, the terminal can notify the user that the event is to be requested from the profile server, if necessary, and send an event request message to the profile server after requesting the user's consent. If the user disagrees, the terminal can complete the procedure without requesting an additional event. In addition, if the event to be performed in the next order according to the'next event'list is a profile remote management event, the identifier of the profile that is the target of the event is not clear, so the event request type (EventReqType) is profile remote management. It may be set in and the profile identifier is not specified. The method of not specifying the profile identifier may send a NULL string or may not send the profile identifier field.

At the 1015 stage, the profile server is waiting for one or more profile remote management events together with the profile remote management event (Update ICCID1), which is the highest priority event of the event storage device according to the embodiment of FIGS. 6 to 9 described above. Can be known to the terminal.

At the 1017 stage, the terminal can manage the profile (change the content of the profile corresponding to ICCID1) by the received profile remote management event.

At the 1019 stage, the terminal can send the execution result (that is, the profile change result (ICCID1 Update Resist)) to the profile server in response to the profile remote management event that has been executed.

At step 1021, the profile server can notify the terminal that the event execution result has been successfully received. Further, the profile server can inform the terminal of the'next event'remaining in the event storage device not only in the 1015 step but also in the 1021 step as in the above-mentioned 1011 step procedure. For a detailed description of the construction of the'next event'list, see the 1011 step description.

At step 1023, the terminal may re-request the profile server for the next event in the order of the'next event'list known by the profile server at steps 1015 to 1021, similar to the procedure at step 1013 described above. can. For a detailed description of TLS and secure connections and user consent, see Step 1013. In addition, if the event to be performed in the next order by the terminal in the'next event'list is a profile remote management event, the identifier of the profile that is the target of the event is not clear, so the event request type (EventReqType) is set to all events. It may be set in (“ANY”) and the profile identifier (ProfileID) may not be specified. For the method of specifying'all events', refer to the embodiment of FIG. 4 described above. Further, it can be easily understood that the subsequent procedure can be performed through the repetition of the above-mentioned steps 1001 to 1023.

FIG. 11 is a drawing showing an embodiment of a procedure in which the terminal 230 sequentially receives one or more events from the profile server 250 according to the embodiment of the present invention.

In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated (On), and the event storage device of the profile server is arranged by the event registration time procedure. Profile remote management events can be bundled, profile download events cannot be bundled, any event cannot be prioritized out of priority, and the'next event'configuration is event It is assumed that the types and numbers of all events in the storage device are described.

Referring to FIG. 11, at the 1101 step, the terminal can select a specific profile (ICCID1 in this embodiment) from the user and receive a command for "refresh profile".

At the 1103 stage, the terminal performs a TLS security connection and a mutual authentication procedure with the profile server, and can request the profile remote management event to the profile server so as to meet the user's request according to the embodiment of FIG. 4 described above.

At stage 1105, the profile server searches for the profile download event, which is the highest priority event of the event storage device, according to the embodiment of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above, and the event is determined. Since priority transmission outside the priority is not possible because it does not match the event type (profile remote management) requested by the terminal, no event is transmitted, and one profile download event is used using the'next event'list. It is possible to inform the terminal that three profile remote management events are waiting.

At stage 1107, the terminal informs the user who issued the profile update command by the received'next event'list that'profile update is currently impossible and profile installation (Add Profile) must be executed preferentially'. You can notify and ask for your consent. If the user disagrees, the terminal can terminate the procedure without any additional action.

At step 1109, the terminal can again request the profile server for events to be performed in the next order by the'next event list'known by the profile server at step 1105 and the user consent received at step 1107. At the time of sending this re-request message, one or more of the TLS security connection or mutual authentication procedure between the terminal of the 1103 stage and the profile server is terminated in advance, or a new event request message in the profile server policy is a new transaction identifier. If it must be classified by (Transaction ID), the terminal can perform a new TLS security connection and mutual authentication procedure with the profile server.

At 1111 steps, the profile server is the profile download event (ICCID2), which is the highest priority event of the event storage device, according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. At the same time, the'next event'list can be used to inform the terminal that three profile remote management events are waiting. In the present embodiment, the case where the profile package is transmitted in an immediate response to the 1109 step is illustrated, but as in the example of FIG. 2 described above, the profile summary information (Profile Metadata) is preferentially transmitted (211 steps). After requesting the user consent for profile installation again (213 steps), the terminal can request the profile package from the profile server (215 steps) and send the profile package on the terminal. In this case, the additional user consent can be integrated with the 1107 steps of user consent.

At the 1113 stage, the terminal can install the profile (ICCID2) by the received profile download event (more specifically, the profile package).

At the 1115 step, the terminal can transmit the execution result (that is, the profile installation result (ICCID2 Installation Reset)) to the profile server in response to the profile download event that has been completed.

At the 1119 stage, the profile server can notify the terminal that the event execution result has been successfully received. Further, although not shown in this drawing, the profile server can repeat the'next event'list of 1111 steps in 1119 steps, as in the embodiment of FIG. 10 described above.

At stage 1119, the terminal may again request the profile server for events to be performed in the next order according to the'next event'list known by the profile server in stages 1111 to 1117, similar to the procedure in step 1109 described above. can. For a detailed description of TLS and secure connections and user consent, refer to the 1109 step description. Furthermore, if the event that the terminal performs in the next order according to the'next event'list is a profile remote management event, the identifier of the profile that is the target of the event is not clear, so the event request type (EventReqType) is set to all events. It can be set with (“ANY”).

At stage 1121, the profile server is the profile remote management event (Update ICCID1), which is the highest priority event of the event storage device by the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. Together with, other profile remote management events (Enable ICCID2, Diskle ICCID1) can be bundled and transmitted. Further, since there is no event waiting in the event storage device after the bundle transmission of the profile remote management event, it is possible to notify that there is nothing in the'next event'list (“Nothing More”). As a method of notifying that the'next event' list is empty, text is used, NULL data is used, the'next event' list itself is omitted, and all the methods are used. A method such as notifying the event type that the residual event is 0 can be used.

At the 1123 stage, the terminal can sequentially process the received profile remote management event. Furthermore, it can be easily understood that subsequent procedures can be performed via the repetition of steps 1101 to 1123 described above.

FIG. 12 is a drawing showing an example of a procedure in which the terminal 230 sequentially receives one or more events from the profile server 250 according to the embodiment of the present invention.

In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated (On), and the event storage device of the profile server is arranged by the event registration time procedure. If any event cannot be bundled and the terminal requests it, only the profile remote management event can be sent with priority over the profile download event, and the'next event'configuration is the highest priority in the event storage. Suppose that only the event type of the event is described.

Referring to FIG. 12, at the 1201 stage, the terminal can select a specific profile (ICCID1 in this embodiment) from the user and receive a command for “Refresh Profile”.

At the 1203 stage, the terminal performs a TLS security connection and a mutual authentication procedure with the profile server, and can request the profile remote management event to the profile server so as to meet the user's request according to the embodiment of FIG. 4 described above.

At stage 1205, the profile server searches for the profile download event, which is the highest priority event of the event storage device, according to the embodiment of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. The event does not match the event type requested by the terminal (profile remote management), but the profile remote management event can be sent with priority outside the priority, so the event type requested by the terminal in the event storage device (profile remote management) ), The event with the highest priority (Update ICCID1 in this embodiment) can be preferentially transmitted. Further, the profile server can inform the terminal that the profile download event, which is the highest priority event, is waiting in the event storage device except for the event by using the'next event'list.

At the 1207 stage, the terminal can perform the received profile remote management event. If necessary, the report on the execution result of the profile remote management event can be omitted thereafter.

At the 1209 stage, the terminal notifies the user who has commanded the profile update that "the profile must be installed (Add Profile) after the profile update" by the received "next event" list, and asks for the user's consent. be able to. If the user disagrees, the terminal can terminate the procedure without any additional action.

At the 1211 stage, the terminal can request the profile server for the next event in the next order by the'next event'list known by the profile server at the 1205 stage. At the time of sending this re-request message, one or more of the TLS security connection or mutual authentication procedure between the terminal and the profile server in the 1203 stage is terminated in advance, or a new event request message in the profile server policy is a new transaction identifier. If it must be classified by (Transaction ID), the terminal can perform a new TLS security connection and mutual authentication procedure with the profile server.

At stage 1213, the profile server is the profile download event (ICCID2), which is the highest priority event of the event storage device, according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. At the same time, the'next event'list can be used to inform the terminal that two profile remote management events are waiting. In the present embodiment, the case where the profile package is transmitted in an immediate response to the 1211 step is illustrated, but as in the example of FIG. 2 described above, the profile summary information (Profile Metadata) is preferentially transmitted (211 steps). After requesting the user consent for profile installation again (213 steps), the terminal can request the profile package from the profile server (215 steps) and send the profile package on the terminal. In this case, the additional user consent can be integrated with the 1209 step of user consent.

At the 1215 stage, the terminal can install the profile (ICCID2) by the received profile download event (more specifically, the profile package).

At the 1217 stage, the terminal can transmit the execution result (that is, the profile installation result (ICCID2 Installation Reset)) to the profile server in response to the profile download event that has been executed.

At the 1219 stage, the profile server can notify the terminal that the event execution result has been successfully received. Further, although not shown in this drawing, the profile server can repeat the'next event'list of 1113 steps in 1219 steps, as in the embodiment of FIG. 10 described above.

At step 1221, the terminal may again request the profile server for events to be performed in the next order according to the'next event'list known by the profile server at steps 1213 to 1219, similar to the procedure at step 1211 described above. can. For a detailed description of TLS and secure connections and user consent, see Step 1211. In addition, if the event to be performed in the next order by the terminal in the'next event'list is a profile remote management event, the identifier of the profile that is the target of the event is not clear, so the event request type (EventReqType) is set to all events. It can be set with (“ANY”).

At stage 1223, the profile server is the profile remote management event (Enable ICCID2), which is the highest priority event of the event storage device according to the various embodiments of FIGS. 6A, 6B, 6C, 6D, 7A, 7B, 7C, 8 and 9 described above. At the same time, the'next event'list can be used to inform the terminal that a profile remote management event is waiting.

At the 1225 stage, the terminal can manage the profile (activate ICCID2) by the received profile remote management event. Further, the subsequent procedure could be performed through the repetition of the above-mentioned steps 1201 to 1225.

FIG. 13 is a drawing showing a procedure in which the terminal 230 requests the profile server 250 to'profile download'and receives a response to the profile when the profile is installed via the profile server according to the embodiment of the present invention. ..

Referring to FIG. 13, at the 1301 stage, the terminal 230 can transmit an'arbitrary character string'to the profile server 250. The 1301 step communication can be protected via the HTTPS to TLS secure connection. At the 1303 stage, the profile server 250 can transmit an'arbitrary character string'to the terminal 230, such as the signature of the server. At the 1305 stage, the terminal 230 can send a terminal authentication request message on the profile server 250. Specifically, the terminal 230 can use the terminal authentication request message to the profile server 250 to transmit information for the specific event type (Operation Type) requested together with the signature (Signature) of the terminal 230. In the present embodiment, the case where the profile is waiting in the event storage device 270 of the profile server and the terminal requests'profile download (Profile DL)'will be described. The message exchange procedure between the terminal 230 and the profile server 250 in the steps 1303 to 1305 can be named by the mutual authentication procedure. At the 1307 stage, the profile server 250 can send a terminal authentication response message at the terminal 230. Specifically, the profile server 250 is a terminal that includes profile summary information (Profile Metadata) and a disposable public key (One-time Public Key) as part of the preparation for profile download, as requested by terminal 230 in step 1305. The authentication response message can be sent to the terminal 230. The profile summary information may include the name of the service provider, a logo set by the service provider, information on the fee system, and the like. At the 1309 step, the terminal 230 can input a user consent (End User Consent) for profile installation based on the profile summary information received at the 1307 step. If the user agrees to set up the profile, the terminal 230 can send a disposable public key (One-time Public Key) to the profile server 250 at the 1311 stage. At the 1313 stage, the terminal 230 and the profile server 250 may generate a session key by combining the disposable public key exchanged between the 1307 to 1311 stages and the corresponding disposable personal key (One-time Private Key). can. At the 1315 step, the profile server 250 can return the encrypted profile package to the terminal 230 using the session key generated at the 1313 step. After that, at the 1317 stage, the terminal 230 can decode and install the encrypted profile package.

The profile download procedure is one between the terminal 230 and the profile server 250 in order to receive the profile package actually required for profile installation, as described later in the steps 1311 to 1315, as compared with the profile remote management procedure described later. Use additional message exchange.

FIG. 14 shows a procedure in which the terminal 230 requests the profile server 250 for'profile remote management'and receives a response to the request when remote management is performed via another profile server according to the embodiment of the present disclosure. It is a drawing.

Referring to FIG. 14, at the 1401 step, the terminal 230 can transmit an'arbitrary character string'to the profile server 250. The 1401 step communication can be protected via the HTTPS to TLS secure connection. At the 1403 stage, the profile server 250 can transmit an'arbitrary character string'to the terminal 230 together with the signature of the server (Signature). At the 1405 stage, the terminal 230 can request the profile server 250 for a specific event type (Operation Type) together with the signature of the terminal (Signature). In the present embodiment, a remote management command is waiting in the event storage device 270 of the profile server, and the terminal 230 requests'profile remote management (RPM)'. The message exchange procedure between the terminal 230 and the profile server 250 in the steps 1403 to 1405 can be named by the mutual authentication procedure. At the 1407 step, the profile server 250 can send a package (RPM Command Package) containing a profile remote management command to the terminal 230 as requested by the terminal 230 at the 1405 step. At the 1409 step, the terminal 230 can input the user consent (End User Consent) for the profile management based on the profile remote management received at the 1407 step. If the user agrees to the profile remote management, the terminal 230 can execute the profile remote management command at the stage 1411.

Since the terminal 230 can receive all the profile remote management commands in the 1407 step in the profile remote management procedure, the terminal corresponding to the 1311 to 1315 steps in FIG. 13 is compared with the profile download procedure described in FIG. No additional one-time message exchange between 230 and profile server 250 is required.

FIG. 15 shows, according to an embodiment of the present disclosure, when two profiles are installed via a profile server and remote management is performed twice, the terminal 230 requests the profile server 250 for all kinds of events. It is a drawing which shows the procedure which receives the response to a request.

Referring to FIG. 15, at the 1501 step, the terminal 230 can transmit an'arbitrary character string'to the profile server 250. The 1501 step communication can be protected via the HTTPS to TLS secure connection. At the 1503 stage, the profile server 250 can transmit an'arbitrary character string'to the terminal 230 together with the signature of the server (Signature). At the 1505 stage, the terminal 230 can request the profile server 250 for a specific event type (Operation Type) together with the signature of the terminal (Signature). In this embodiment, a case where two remote management commands and two profiles are waiting in the event storage device 270 of the profile server and the terminal requests'all types (ALL)'will be described. The message exchange procedure between the terminal 230 and the profile server 250 in the steps 1503 to 1505 can be named by the mutual authentication procedure. At the 1507 step, the profile server 250 can simultaneously transmit the profile remote management 1, the profile summary information 1, the profile remote management 2, and the profile summary information 2 as requested by the terminal 230 at the 1505 step. At the 1509 step, the terminal 230 can input a user consent (End User Consent) for profile management and installation based on the profile remote management or profile summary information received at the 1507 step.

After the 1509 step, the terminal 230 must execute each profile remote management and profile installation procedure if the user agrees. At this time, the profile remote management (profile remote management 1 and profile remote management 2) can be executed immediately after the 1509 step, while the profile installation (profile summary information 1 and profile summary information 2) can be performed for each profile installation. As described above in steps 1311 to 1315 of 13, one additional message exchange between the terminal 230 and the profile server 250 must be performed to secure the profile package. Specific measures for the terminal 230 to sequentially process profile remote management and profile installation will be described in detail with reference to FIGS. 16 to 17.

Not only that, each profile summary information and profile remote management data of each 1507 step is accompanied by a signature of the profile server 250 for the terminal 230 to verify data integrity. At this time, if the signature for the profile summary information data and the signature generation method for the profile remote management data (for example, a digital signature algorithm or a type of digital certificate for signature) are different, the profile server 250 generates the signature. And the arrangement of the data can be appropriately tuned to support the terminal 230 to easily verify the signature and process each data. The method by which the profile server 250 generates a digital signature and arranges the data will be described in detail with reference to FIGS. 18 to 21.

FIG. 16 is a drawing showing a method in which the terminal 230 first secures data for all events and then sequentially processes the events according to the embodiment of the present invention.

Referring to FIG. 16, the terminal 230 and the profile server 250 can perform a mutual authentication procedure at the stage of 1601. For a detailed explanation of the mutual authentication procedure and the operation request message of the terminal 230, refer to the description of steps 1503 to 1505 in FIG. At the 1603 stage, the profile server 250 can simultaneously transmit profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2. At the 1605 step, the terminal 230 can input the user consent (End User Consent) for the profile remote management and the installation based on the profile remote management or the profile summary information received at the 1603 step. If the user agrees, the terminal 230 can request and receive the profile package 1 and the profile package 2 corresponding to the profile summary information 1 and the profile summary information 2 from the profile server 250 in the 1607 to 1609 steps, respectively. After that, the terminal 230 performs the profile remote management 1 at the 1611 stage, installs the profile package 1 at the 1613 stage, and performs the profile remote management 2 at the 1615 stage according to the data processing procedure specified by the profile server 250 at the 1603 stage. The profile package 2 can be installed in 1617 steps.

In the procedure, the terminal 230 collectively collects data (that is, a profile package for profile installation) used for processing each event for all types of events received in the 1603 stages in the 1607 to 1609 stages. It can be secured and profile remote management and profile installation can be processed by the data processing procedure specified by the profile server 250 in the 1603 step.

FIG. 17 is a drawing showing a method in which the terminal 230 secures and processes data for each event according to the event receiving procedure according to the embodiment of the present invention.

Referring to FIG. 17, the terminal 230 and the profile server 250 can perform a mutual authentication procedure at the 1701 stage. For a detailed explanation of the mutual authentication procedure and the operation request message of the terminal 230, refer to the description of steps 1503 to 1505 in FIG. At stage 1703, the profile server 250 can simultaneously transmit profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2. At the 1705 step, the terminal 230 can input the user consent (End User Consent) for the profile remote management and the installation based on the profile remote management or the profile summary information received at the 1703 step. If the user agrees, the terminal 230 performs the profile remote management 1 at the 1707 stage and receives the profile package 1 corresponding to the profile summary information 1 at the 1709 stage according to the data processing procedure specified by the profile server 250 at the 1703 stage. The profile package 1 can be installed at the 1711 stage, the profile remote management 2 can be performed at the 1713 stage, the profile package 2 corresponding to the profile summary information 2 can be received at the 1715 stage, and the profile package 2 can be installed at the 1717 stage. ..

In the above procedure, the terminal 230 preferentially executes the profile remote management without securing additional data by the data processing procedure specified by the profile server 250 in the 1703 stage for all kinds of events received in the 1703 stage, and is necessary. In this case, the profile installation can be processed by additionally securing the profile package from the profile server 250 as in the 1709 or 1715 step.

FIG. 18 shows each profile when the profile server 250 conveys profile remote management or profile summary information to the profile server 250 message of the 1603 stage of FIG. 16 to the 1703 stage of FIG. 17 according to the embodiment of the present invention. It is a drawing which shows the method of generating and attaching a separate signature to remote management and profile summary information data.

Referring to FIG. 18, the profile server 250 can generate 1803 and 1811 digital signatures for 1801 profile remote management 1 data and 1809 profile remote management 2 data, respectively. Further, the profile server 250 can generate digital signatures of 1807 and 1815 for 1805 profile summary information 1 data and 1813 profile summary information 2 data, respectively. At this time, the terminal 230 can process the data in the order of receiving the data from the profile server 250 without the profile server 250 specifying the processing procedure of each data. In the present embodiment, the terminal 230 can process data by the procedure of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2.

Since the profile server 250 has a signature in which each data is separately divided in the above configuration, there is an advantage that the algorithm and the type of digital certificate used for generating the signature of each data can be utilized in various ways.

FIG. 19 shows each profile when the profile server 250 transmits profile remote management or profile summary information in response to the profile server 250 messages in steps 1603 to 1703 of FIG. 16 according to an embodiment of the present invention. It is a drawing which shows the method of generating and attaching a separate signature to remote management and profile summary information data, and clarifying the processing procedure of each data.

Referring to FIG. 19, the profile server 250 can generate digital signatures of 1903 and 1911 for 1901 profile remote management 1 data and 1909 profile remote management 2 data, respectively. Further, the profile server 250 can generate digital signatures of 1907 and 1915 for 1905 profile summary information 1 data and 1913 profile summary information 2 data, respectively. In addition, the profile server 250 can record the processing procedure of each data. For example, in the present embodiment in which four data are transmitted, the profile server 250 has a 1901 profile remote management 1 data of the first (1/4) of the four and a 1905 profile summary information 1 data of the second (4). 2/4), 1909 profile remote management 2 data is the 3rd (3/4) out of 4 and 1913 profile summary information 2 data is the 4th (4/4) out of 4 can do.

In the above configuration, the profile server 250 has an advantage that since each data is accompanied by a signature separately divided, the algorithm and the type of digital certificate used for generating the signature of each data can be utilized in various ways. Further, since the profile server 250 specifies the processing procedure separately for each data, there is an advantage that the data transmission procedure can be freely adjusted. At this time, the present embodiment in which the profile server 250 specifies the data processing procedure is not limited to FIG. 19, and the data processing procedure can also be specified in the embodiment of FIG. 18 in which the data is processed in the order of reception. ..

FIG. 20 shows each profile when the profile server 250 conveys profile remote management or profile summary information to the profile server 250 message of the 1603 stage of FIG. 16 to the 1703 stage of FIG. 17 according to the embodiment of the present invention. It is a drawing which shows the method of generating and attaching a common signature to a part of remote management and profile summary information data.

Referring to FIG. 20, the profile server 250 can generate a 2011 digital signature (ie, a common signature) for the entire 2001 profile remote management 1 data and the 2009 profile remote management 2 data. In addition, the profile server 250 can generate a 2015 digital signature (ie, a common signature) for the 2005 profile summary information 1 data and the 2013 profile summary information 2 data as a whole. At this time, the terminal 230 can process the data in the order of receiving the data from the profile server 250 without the profile server 250 specifying the processing procedure of each data. In the present embodiment, the terminal 230 can process data by the procedure of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2.

It should be noted that the data for which the profile server 250 generates a common signature in the above configuration is not necessarily limited to the same type of data. For example, FIG. 20 illustrates the case where profile remote management and profile summary information are separated to generate a common signature, whereas the profile server 250 is for data with the same signature generation method (ie, signature generation algorithm and digital certificate). Can generate a common signature. In the above configuration, the profile server 250 can omit the signature for the data sharing the signature, so that the sheep of the data transmitted from the profile server 250 to the terminal 230 can be reduced. In the configuration of FIG. 20, after the terminal 230 receives the entire data of the profile server 250, it is necessary to separately collect the data to be the signature in order to verify the signature. In the present embodiment, the terminal 230 must select and collect the 2001 profile remote management 1 data received in the first and the 2009 profile remote management 2 data received in the third in order to verify the signature of 2011. In order to verify the 2015 signature, the 2005 profile summary information 1 data received in the second and the 2013 profile summary information 2 data received in the fourth must be sorted and collected.

FIG. 21 shows each profile when the profile server 250 transmits profile remote management or profile summary information to the profile server 250 messages of the 1603 stage of FIG. 16 to the 1703 stage of FIG. 17 according to the embodiment of the present invention. It is a drawing which shows the method of generating and attaching a common signature to a part of remote management and profile summary information data, and clarifying the processing procedure of each data.

Referring to FIG. 21, the profile server 250 can generate 2111 digital signatures (ie, common signatures) for the entire 2101 profile remote management 1 data and 2109 profile remote management 2 data. Further, the profile server 250 can generate 2115 digital signatures (that is, common signatures) for the entire 2105 profile summary information 1 data and 2113 profile summary information 2 data. In addition, the profile server 250 can record the processing procedure of each data. For example, in the present embodiment in which four data are transmitted, the profile server 250 is the first (1/4) of the four 2101 profile remote management 1 data, and the second of the four 2105 profile summary information 1 data. 2/4), 2109 profile remote management 2 data is the 3rd (3/4) of the 4 data, and 2113 profile summary information 2 data is the 4th (4/4) of the 4 data. can do.

It should be noted that, as in the case of FIG. 20, the data for which the profile server 250 generates a common signature in the configuration of FIG. 21 is not necessarily limited to the same type of data. In the above configuration, the profile server 250 can omit the signature for the data sharing the signature, so that the amount of data transmitted from the profile server 250 to the terminal 230 can be reduced. Further, since the profile server 250 specifies the processing procedure separately for each data, there is an advantage that the data transmission procedure can be freely adjusted. For example, the profile server 250 may have 2101 profile remote management 1 data and 2109 profile remote sharing a 2111 signature in order to eliminate the procedure in which the terminal 230 sorts and collects data for signature verification in the embodiment of FIG. Management 2 data can be placed immediately before the 2111 signature, and 2105 profile summary information 1 data and 2113 profile summary information 2 data sharing the 2115 signature can be placed immediately before the 2115 signature. At this time, after the signature verification of 2111 and 2115, the terminal 230 processes the data in the procedure of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2 in the order of data processing specified by the profile server 250. Can be done.

It should be noted that the various embodiments of signature generation and data placement of FIGS. 18-21 can be used in conjunction with the procedures of FIGS. 16-17. In such a case, the procedure for verifying each signature of FIGS. 18 to 21 can be selectively performed at a time point within the procedure of FIGS. 16 to 17. A part of the specific embodiment is as follows, but it is not limited to the following embodiment, and can be performed at a time when signature verification is required by embodying the terminal 230.

FIG. 22 shows an embodiment in which the signature generation and data arrangement method of FIG. 18 is used in the procedure of FIG. 17 according to the embodiment of the present disclosure.

At this time, the description and the reference number for the procedure described above in FIGS. 17 and 18 are omitted, and it is assumed that the terminal 230 receives a message in the form of 2290 from the profile server 250 in the 2201 step. The terminal 230 receives the user consent (End User Consent) at the 2203 stage, verifies the signature of 2205, performs profile remote management 1 at the 2207 stage, verifies the signature of 2209, and corresponds to the profile summary information 1 at the 2211 stage. The profile package 1 is received, the profile package 1 is installed at the 2213 stage, the signature of 2215 is verified, the profile remote management 2 is performed at the 2217 stage, the signature of 2219 is verified, and the profile summary information 2 is displayed at the 2221 stage. The corresponding profile package 2 can be received and the profile package 2 can be installed at the 2223 stage.

FIG. 23 shows another embodiment when the signature generation and data arrangement method of FIG. 18 is used in the procedure of FIG. 16 according to the embodiment of the present disclosure.

At this time, the explanation and the reference number for the above-mentioned procedure in FIGS. 16 and 18 are omitted, and it is assumed that the terminal 230 receives a message in the form of 2390 from the profile server 250 in the 2301 step. The terminal 230 receives the user consent (End User Consent) at the 2303 step, verifies the signature of the 2305, receives the profile package 1 corresponding to the profile summary information 1 at the 2307 step, verifies the signature of the 2309, and has the 2311 step. Receives the profile package 2 corresponding to the profile summary information 2, verifies the signature of 2313, performs profile remote management 1 at the 2315 stage, installs the profile package 1 at the 2317 stage, verifies the signature of 2319, and 2321. Profile remote management 2 can be performed at the stage, and profile package 2 can be installed at the 2323 stage.

As described above, the signature verification of the data received by the terminal 230 can be performed at a time when the terminal 230 needs after receiving the data, so that the procedure before the procedure for inputting the user consent (End User Consent) is performed. It can also be done. For example, although a separate drawing is not shown, when the signature generation and data arrangement method of FIG. 21 is used in the procedure of FIG. 16, the terminal 230 displays the 2111 signature and the 2115 signature of FIG. 21 after the 1603 step of FIG. It can be verified and the 1605 step of FIG. 16 and subsequent steps can be performed.

As another example, although a separate drawing is not shown, when the signature generation and data arrangement method of FIG. 19 is used in the procedure of FIG. 17, the terminal 230 has the 1903 signature of FIG. 19 after the 1705 step of FIG. The 1707 step of FIG. 17 is performed, the 1907 signature of FIG. 19 is verified, the 1709 to 1711 steps of FIG. 17 are performed, the 1911 signature of FIG. 19 is verified, and the 1713 step of FIG. 17 is performed. And the 815 signature of FIG. 19 can be verified and the steps 1715 to 1717 of FIG. 17 can be performed.

24A, 24B, 25 and 26 show the user interface (End User Consent) for the terminal 230 to input the user consent (End User Consent) at the stage of 1605 or 1705 in the procedure of FIGS. 16 to 17 according to the embodiment of the present disclosure. Various examples of methods for configuring User Interface (UI) are shown.

FIG. 27 is a drawing showing the operation of the terminal according to the embodiment of the present disclosure in chronological order.

With reference to FIGS. 24A, 24B, 25 and 26, profile remote management 1 (2710), profile summary information 1 (2730), profile remote management 2 (2750), profile summary information 2 (as shown in FIG. 27). Assuming that the data of 2770) is received, profile 0 is installed and activated in the terminal 230, and profile remote management 1 (2710) is'profile 0 update 2711'and'profile 0 deactivation (2713). 'Remote commands are included, profile summary information 1 (2730) contains data for'profile 1 installation (2731)', profile remote management 2 (2750) is'profile 1 update (2751)',' profile. It is assumed that 1 activation (2753)'' profile 0 deletion (2755)'contains a remote command and profile summary information 2 (2770) contains data for'profile 2 installation (2771)'.

With reference to FIGS. 24A and 24B, when the terminal 230 receives data as shown in FIG. 27, the terminal 230 provides the user with a user interface in the form of drawing reference numeral 2401 of FIG. 24A or drawing reference numeral 2403 of FIG. 24B. Can be output. With the 2401 or 2403 message, the terminal 230 can sequentially output all the procedures included in the data of FIG. 27 and request the user's consent. The order in which each procedure is output may depend on the procedure in which the terminal 230 receives each procedure or the procedure in which the terminal 230 processes each procedure. Consent to each procedure can require individual user checks, such as 2401, or user consent to integrate the whole, such as 2403. Further, although not shown separately in FIGS. 24A and 24B, the terminal 230 may additionally indicate the name and logo of the service provider, the service charge, etc. for the profile subject to each procedure, or provide the user or the service. It is possible to additionally output a user interface in which a separate password or personal identification number (Personal Identification Number, PIN) set by the person is input.

Referring to FIG. 25, when the terminal 230 receives the data as shown in FIG. 27, the terminal 230 can output a user interface in the form of 2501 to the user. In the 2501 message, the terminal 230 can classify the procedures included in the data of FIG. 27 according to the profile to be the target of each procedure and output them to request the consent of the user. Further, although not shown separately in FIG. 25, the terminal 230 may also request the consent of an individual user for a set of procedures classified by each profile, similar to the 2401 message of FIGS. 24A and 24B. .. Further, although not shown separately in FIG. 25, the terminal 230 additionally indicates the name and logo of the service provider, the service charge, etc. for the profile subject to each procedure, or is set by the user or the service provider. It is possible to additionally output a user interface in which a separate password or personal identification number (PIN) is input.

Referring to FIG. 26, terminal 230 When receiving data as shown in FIG. 27, terminal 230 can output a user interface in the form of 2601 to the user. In the 2601 message, the terminal 230 can classify the procedures included in the data of FIG. 27 according to the type of each procedure and output them to request the consent of the user. Further, although not shown separately in FIG. 26, the terminal 230 may also request individual user consent for a set of procedures classified by type, similar to the 2401 message in FIGS. 24A and 24B. Further, although not shown separately in FIG. 26, the terminal 230 additionally displays the service provider's name, logo, service fee, etc. for the profile subject to each procedure, or is set by the user or the service provider. It is possible to additionally output a user interface in which a separate password or personal identification number (PIN) is input.

It should be noted that the user interface corresponding to FIGS. 24A, 24B, 25 and 26 can be applied to all embodiments to which FIGS. 16-17 described above apply. Therefore, the user interface corresponding to FIGS. 24A, 24B, 25 and 26 can be similarly applied to the procedure for obtaining user consent at the stage 2203 or 2303 among the various embodiments of FIGS. 22 to 23. Of course.

On the other hand, FIG. 28 is a drawing showing a terminal 2800 according to an embodiment of the present invention.

With reference to FIG. 28, the terminal 2800 can include a transmit / receive unit 2810 and a processor 2820. Further, the terminal 2800 can include a UICC 2830. The UICC 2830 can be inserted into the terminal 2800, and any eUICC built in the terminal 2800 may be used.

The transmission / reception unit 2810 can transmit and receive signals, information, data, and the like.

On the other hand, the processor 2820 can control the general operation of the terminal 2800. The processor 2820 can control the overall operation of the terminal 2800 according to the embodiment of the present invention as described above.

In addition, UICC2830 can download the profile and install the profile. Not only that, UICC2830 can manage profiles. The UICC 2830 can also be operated under the control of the processor 2820. Alternatively, the UICC2830 may include a processor or controller for installing the profile, or an application may be installed.

FIG. 29 is a drawing showing the components of the server 2900 according to an embodiment of the present invention. For example, the server 2900 may be a profile server.

The server 2900 can include a transmitter / receiver 2910 and a processor 2920.

The transmission / reception unit 2910 can transmit and receive signals, information, data, and the like. For example, the transmission / reception unit 2910 can transmit a profile at a terminal.

On the other hand, the processor 2920 is a component for controlling the server 2900 in general. The processor 2920 can control the overall operation of the server 2900 according to the embodiment of the present invention as described above.

In the specific embodiments of the invention described above, the components included in the invention are represented in singular or plural by the specific embodiments presented. However, the singular or plural representations have been chosen to suit the circumstances presented for convenience of explanation, and the invention is not limited to the singular or plural components, but the components represented by the plural. However, it can be composed of a singular, or it can be composed of a plurality of components expressed in the singular.

Although the present disclosure has been illustrated and described with reference to its various embodiments, those skilled in the art are defined by the appended claims and their equivalents without departing from the ideas and scope of the invention. It will be appreciated that various variations of the forms and details of this disclosure can be made.

110 terminal 120 UICC
130 Mobile Communication Service Provider Network

Claims (15)

It is a method performed by the terminal of the wireless communication system.
A step of transmitting to the server a first message related to the operation type requested by the terminal and including a first information instructing profile download and a signature of the UICC (universal integrated circuit card) of the terminal. ,
A step of receiving a second message from the server, including the first data for downloading the profile and the signature of the server for the first data, based on the first information. The first data further comprises information indicating that the RPM (remote profile management) package for the terminal is being downloaded.
A step of transmitting a third message to the server, which is related to the operation type requested by the terminal and includes a second information indicating RPM and a UICC signature of the terminal.
A step of receiving a fourth message from the server, including the second data for the RPM and the signature of the server for the second data, based on the second information.
Including
The method, wherein the second data comprises the RPM package, the RPM package comprising an RPM command . The method of claim 1 , wherein the second data further comprises information indicating that another RPM package for the terminal is pending . The RPM package contains a plurality of RPM commands including the RPM command based on the priority of the plurality of RPM commands.
The method is
A step of receiving user input for executing the plurality of RPM commands included in the RPM package, wherein the user input is an integrated input for the RPM package.
The stage of performing the operation based on the user input and
The method according to claim 1, further comprising . When one or more RPM commands are being pending on the server, the priority of the one or more RPM commands is determined at the request of the operator.
The method according to claim 1 , wherein when one or more profile downloads are being pending on the server, the priority of the one or more profile downloads is determined at the request of the business operator . In the terminal of the wireless communication system
Transmitter / receiver and
Control unit and
Including
The control unit
In connection with the operation type requested by the terminal, a first message including the first information instructing the profile download and the signature of the UICC (universal integrated circuit card) of the terminal is sent to the server.
A second message including the first data for the profile download and the signature of the server for the first data is received from the server based on the first information and the first. The data further includes information indicating that the RPM (remote server management) package for the terminal is being downloaded.
In connection with the operation type requested by the terminal, a third message including the second information indicating RPM and the UICC signature of the terminal is transmitted to the server.
A fourth message containing the second data for the RPM and the signature of the server for the second data is set to be received from the server based on the second information.
The second data includes the RPM package, and the RPM package contains an RPM command . The terminal of claim 5, wherein the second data further comprises information indicating that another RPM package for the terminal is being pending . The RPM package contains a plurality of RPM commands including the RPM command based on the priority of the plurality of RPM commands.
The control unit
The user input for executing the plurality of RPM commands included in the RPM package is received, and the user input is an integrated input for the RPM package.
The terminal according to claim 5, which performs an operation based on the user input . When one or more RPM commands are being pending on the server, the priority of the one or more RPM commands is determined at the request of the operator.
The terminal according to claim 5 , wherein when one or more profile downloads are being pending on the server, the priority of the one or more profile downloads is determined at the request of the business operator . It is a method performed by the server of the wireless communication system.
A stage of receiving a first message from a terminal, which is related to the operation type requested by the terminal and includes a first information instructing profile download and a signature of the UICC (universal integrated circuit card) of the terminal. ,
A step of transmitting a second message including the first data for downloading the profile and the signature of the server for the first data to the terminal based on the first information. The first data further comprises information indicating that the RPM (remote profile management) package for the terminal is being downloaded.
A stage of receiving a third message from the terminal, which is related to the operation type requested by the terminal and includes a second information indicating RPM and a UICC signature of the terminal.
A step of transmitting a fourth message including the second data for the RPM and the signature of the server for the second data to the terminal based on the second information.
Including
The method, wherein the second data comprises the RPM package, the RPM package comprising an RPM command . The method of claim 9, wherein the second data further comprises information indicating that another RPM package for the terminal is being welded. The RPM package contains a plurality of RPM commands including the RPM command based on the priority of the plurality of RPM commands.
Based on the user input for executing the plurality of RPM commands, the operation corresponding to the plurality of RPM commands included in the RPM package is executed, and the user input is an integrated input for the RPM package. can be,
When one or more RPM commands are being pending on the server, the priority of the one or more RPM commands is determined at the request of the operator.
The method of claim 9 , wherein when one or more profile downloads are being pending on the server, the priority of the one or more profile downloads is determined at the request of the business operator . In the server of the wireless communication system
Transmitter / receiver and
Control unit and
Including
The control unit
A first message including the first information instructing profile download and the signature of the UICC (universal integrated circuit card) of the terminal in relation to the operation type requested by the terminal is received from the terminal.
A second message including the first data for the profile download and the signature of the server for the first data is transmitted to the terminal based on the first information, and the first. The data further includes information indicating that the RPM (remote profile management) package for the terminal is being downloaded.
Upon receiving a third message from the terminal, which is related to the operation type requested by the terminal and includes a second information instructing RPM and a UICC signature of the terminal, the terminal receives a third message.
A fourth message containing the second data for the RPM and the signature of the server for the second data is set to be transmitted to the terminal based on the second information.
The second data includes the RPM package, the RPM package contains an RPM command, a server. 12. The server of claim 12, wherein the second data further comprises information indicating that another RPM package for the terminal is pending . The RPM package contains a plurality of RPM commands including the RPM command based on the priority of the plurality of RPM commands.
Based on the user input for executing the plurality of RPM commands, the operation corresponding to the plurality of RPM commands included in the RPM package is executed, and the user input is an integrated input for the RPM package. The server according to claim 12. When one or more RPM commands are being pending on the server, the priority of the one or more RPM commands is determined at the request of the operator.
The server according to claim 12 , wherein when one or more profile downloads are being pending on the server, the priority of the one or more profile downloads is determined at the request of the business operator .

Images