KR101891330B1 - Subscription Method for Embedded UICC using Trusted Subscription Manager and Embedded UICC Architecture therefor - Google Patents

Abstract

In the environment where the SM is separated into SM-SR (Secure Routing) and SM-DP (Data Preparation), decryption of the MNO profile for at least one MNO in the eUICC and decryption of the SM-SR key and MNO key And a method of using the protection profile.

Description

Technical Field [0001] The present invention relates to a subscription method and an embedded UICC device using a trusted SM in a built-in UICC environment,

To a subscription method and an embedded UICC device or architecture using a reliable SM in an embedded UICC environment.

A UICC (Universal Integrated Circuit Card) is a smart card inserted in a terminal and can be used as a module for user authentication. The UICC may store the user's personal information and the carrier information of the mobile communication carrier to which the user subscribes. For example, the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user. The UICC is also called a Subscriber Identity Module (SIM) card for Global System for Mobile communications (GSM) and a Universal Subscriber Identity Module (USIM) card for a Wideband Code Division Multiple Access (WCDMA) scheme.

When the user attaches the UICC to the user terminal, the user is automatically authenticated using the information stored in the UICC, so that the user can conveniently use the terminal. In addition, when the user changes the terminal, the user can easily replace the terminal by attaching the UICC removed from the existing terminal to the new terminal.

When a terminal requiring miniaturization, for example, a machine to machine (Machine to Machine, M2M) communication, is manufactured with a structure capable of detaching and removing the UICC, miniaturization of the terminal becomes difficult. Thus, a built-in UICC (Embedded UICC) structure, which is a non-removable UICC, has been proposed. The embedded UICC shall record the user information using the corresponding UICC in the form of IMSI.

The existing UICC can be attached to / detached from the terminal, and the user can open the terminal without being concerned with the type of terminal or the mobile communication provider. However, the IMSI in the built-in UICC can be allocated only when a terminal manufactured from the manufacturing of the terminal is used only for a specific mobile communication provider. Both the mobile communication service provider and the terminal manufacturer ordering the terminal are forced to pay attention to the product inventory and the product price is raised. The user is inconvenient that the mobile communication company can not be changed with respect to the terminal. Therefore, even in the case of the built-in UICC, a method by which the user can open the terminal without being bound to the mobile communication service provider is required.

Meanwhile, due to the introduction of the built-in UICC, it has become necessary to update the subscriber information of a plurality of telecommunication carriers from a remote UICC, and accordingly, a Subscription Manager (hereinafter referred to as 'SM' A profile manager (PM) is being discussed.

These SMs are mainly discussed in terms of information management for embedded UICC, information management for various telecommunication carriers, authentication and remote information change for mobile communication carrier change, etc. However, There has been no decision yet.

The present invention provides a subscription method and a built-in UICC device using a reliable SM in a built-in UICC environment.

It is another object of the present invention to provide a method of managing a built-in UICC in an environment in which the SM is separated into SM-SR (Secure Routing) and SM-DP (Data Preparation).

It is another object of the present invention to provide a method and system for decrypting an MNO profile for at least one MNO in an eUICC in an environment in which an SM is separated into SM-SR (Secure Routing) and SM-DP (Data Preparation) A method of using a protection profile capable of decrypting a key is provided.

It is a further object of the present invention to provide an SM-SR access information and an SM-SR access information for requesting an actual opening of an eUICC in an environment in which the SM is separated into SM-SR (Secure Routing) and SM- And a method of storing / managing MNO identification information (MNO identification key) having a relationship as a first subscription profile.

Another object of the present invention is to provide an architecture of an eUICC, which includes SM-SR authentication information (SM-SR key) for authenticating a change of an MNO profile and the like, MNO authentication information (MNO key) of the mobile node.

In one embodiment of the present invention, in an environment in which the SM is separated into SM-SR (Secure Routing) and SM-DP (Data Preparation), decryption of the MNO profile for at least one MNO in the eUICC, A method of using a protection profile capable of decrypting an MNO key is provided.

In another embodiment of the present invention, the eUICC may store the SM-SR access information for requesting the actual activation and the MNO identification information (MNO identification key) having a relationship with the SM-SR in the first subscription profile, It is a way to manage.

Another embodiment of the present invention is an architecture inside the eUICC, which includes SM-SR authentication information (SM-SR key) for authenticating a change of the MNO profile, MNO authentication for authenticating additional service management of a specific MNO after opening And provides a method of storing / managing information (MNO key).

1 illustrates an overall service architecture including an eSIM (eUICC) to which the present invention is applied.
Figure 2 illustrates one embodiment of the provisioning process of the first order subscription in the overall system to which the present invention is applied.
Figure 3 illustrates one embodiment of a subscription change or MNO change process in the overall system to which the present invention is applied.
FIG. 4 illustrates an eUICCC internal structure and a signal flow in a pre-activation request process according to an embodiment of the present invention.
FIG. 5 illustrates an eUICCC internal structure and a signal flow in the pre-opening access information injection process according to an embodiment of the present invention.
FIG. 6 illustrates an eUICCC internal structure and a signal flow in a process of receiving key information after an actual opening request according to an embodiment of the present invention.
7 illustrates an eUICCC internal structure and signal flow in a provisioning process according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference symbols as possible even if they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

Since the M2M (Machine-to-Machine) terminal actively discussed in GSMA should be small in size, if a UICC is used, a module for mounting a UICC must be separately inserted in the M2M terminal. Therefore, The miniaturization of the M2M terminal becomes difficult.

Accordingly, a built-in UICC structure in which a UICC can not be detached is being discussed. In this case, a built-in UICC installed in the M2M terminal is provided with a mobile network operator (MNO) And must be stored in the UICC in the form of an International Mobile Subscriber Identity (IMSI).

However, since the IMSI in the built-in UICC can be allocated only when the terminal manufactured from the manufacturing of the M2M terminal is used only in the specific MNO, the MNO or the M2M manufacturer that orders the M2M terminal or the UICC, There is a problem that the price of the product can not be increased due to the inevitable assignment of the nerve, which is a big obstacle to the expansion of the M2M terminal.

Unlike the existing detachable SIM, eSIM or eUICC, which is an integrated SIM (Embedded SIM) integrated in a terminal, has many issues such as opening authority, initiative of supplementary service business, subscriber information security, etc. due to its physical structure difference . In particular, since UICC is soldered to the board, Remote Provisioning Management in software is required to handle existing subscription opening and authorization subscription change. It is expected that the role of SM (Subscription Manager) will be needed for this, and this SM is expected to maintain the trust relationship with existing MNOs or operate MNOs themselves. Accordingly, the subscription procedure according to the role of the SM and the eUICC structure therefor are presented in the present invention.

The process of opening the existing USIM is generally an exchange of input / output file such as IMSI, authentication key, and subscriber change for provisioning by agreement or trust between USIM vendor and MNO. This was possible because the SIM card could be attached and detached and the subscription manager (TSM) for remote management was not needed like the eUICC environment. However, it is expected that eUICC environment will be released with UISM card embedded in the board, and information for provisioning will be updated from the remote, or a new entity such as SM (Subscription Manager) will be added. In addition, roles can vary according to the degree of trust of the SM, and the eUICC architecture can be diversified accordingly.

The process of eUICC activation and subscription change is diversified not only by SM, but also by MNOs and MNOs. MNOs and eUICC architectures can also change a lot.

First, when the SM Trust is designed to be low, the structure of the MNO credentials is managed by the MNO operation server, which can change the existing USIM structure.

Second, it can affect the USIM opening structure of existing MNOs. (MNOs need to change their legacy servers.)

Third, the eUICC environment should have a structure that does not affect the added service area of existing MNOs.

Fourth, the use of USIM memory should be minimized if the subscription MNO is changed several times.

In order to solve the issues and problems of the conventional technologies, the euICC architecture and functions are proposed by minimizing the change of the existing eUICC architecture by using the structure of the SM which is strongly trusted by MNOs.

1 to 3, an overall system structure to which the present invention can be applied, and an example of a subscription and MNO change process using the system structure will be described below.

As described above, unlike the existing detachable SIM, the built-in SIM (hereinafter referred to as eSIM or eUICC), which is integrally mounted on the terminal, has many issues regarding the opening authority, the initiative of the supplementary service business, Lt; / RTI > To this end, the GSMA and ETSI international standardization organizations have been carrying out standardization activities on relevant elements such as operators, manufacturers, SIM vendors and other necessary elements including the top-level structure. As eSIM is discussed through the standardization bodies, it is at the center of the issue that the SM is called Subscription Manager and it issues the operator information (Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package etc.) to eSIM and processes the process of subscription change Or function / role that performs the overall management role for the eSIM. In recent GSMA, the role of SM has been proposed as SM-DP (Data Preparation), which plays a role of generating provider information, and SM-SR (Secure Routing), which carries direct carrier information to eSIM. And does not mention the technical method of actual issuance. Accordingly, the present invention proposes a method of managing eSIM by utilizing a dynamic cryptographic key (public key, etc.) generation in the SM role separation environment of the GSMA.

In this specification, eSIM and eUICC are used as an equivalent concept.

The eSIM attaches the IC chip to the terminal circuit board in the terminal manufacturing stage and then inserts the SIM type data (activation information, supplementary service information, etc.) in the form of software into OTA (Over the Air) or offline (technology based connection such as USB to PC) Is a new concept of SIM technology. IC chips used in eSIM generally support hardware based CCP (Crypto Co-Processor) to provide hardware-based public key generation, and APIs that can be utilized based on applications (eg applets) , Java Card Platform, etc.). The Java Card Platform (Java Card Platform) is one of the platforms that can provide multi-applications and services on smart cards and so on.

Because SIM has limited memory space and security reasons, it should not be possible for anyone to mount an application in SIM. Therefore, besides the platform for mounting an application, a SIM service management platform is required for loading and managing the SIM application. The SIM service management platform issues data to the SIM memory area through authentication and security through the management key. The global platform (GlobalPlatform) and Remote File Management (RFM) and Remote Application Management (EASI TS 102.226) Service management platform.

SM, which is one of the important elements in eSIM environment, eSIM remotely issues communication and supplementary service data through management keys (UICC OTA Key, GP ISD Key, etc.).

In GSMA, the roles of SM are classified as SM-DP and SM-SR. SM-DP performs the role of building provider information (IMSI, K, OPc, supplementary service application, supplementary service data, etc.) securely in the form of a Credential Package, Securely downloads a credit package to eSIM via SIM remote management technology such as OTA (over-the-air) or GP SCP (Secure Communication Protocol). The GSMA proposed a structure called "Circle of Trust" in the figure below, establishing an end-to-end trust relationship between the MNO and eSIM through overlapping trust relationships between each similar entity. . In other words, MNO establishes a trust relationship with SM1, SM1 with SM4, and SM4 with eSIM, thereby forming a trust relationship between MNO and eSIM.

Before describing the present invention, the terms used in this specification will be described first.

MNO (Mobile Network Operator) means a mobile communication service provider and means an entity that provides a communication service to a customer through a mobile network.

The subscription manager (SM) is a subscription management device and performs the management function of the built-in UICC.

The eUICC Supplier (eUICC Supplier) is the person who supplies the embedded UICC module and embedded software (such as firmware and operating system).

Device Vendor means the supplier of the device, in particular the supplier of the device, which includes the wireless modem function via the mobile network driven by the MNO and, consequently, in the form of a UICC (or eUICC).

Provisioning refers to the process of loading a profile into an embedded UICC, and a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning different provisioning profiles and operation profiles.

Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.

1 illustrates an overall service architecture including an eSIM (eUICC) to which the present invention is applied.

The whole system will be described as follows.

If a scenario where subscription information is stored and delivered is needed, it should be done under the approval of the MNO and under the control of the MNO. There must be only one active profile on a single eUICC at a given time, which means that the active profile is added to a single HLR at a specific time.

MNO and eUICC should be able to decode MNO Credentials. The only exception to this could be a third party, such as a SIM vendor, commissioned from a particular MNO. However, this is not a general function of a third party to do so.

The subscription can not be switched within the eUICC outside the operator policy control. The user must be aware of any changes in the MNO content and its activation subscription, be able to avoid security risks, and have a level of security sufficient to counter the current UICC model.

The MNO Credential may refer to an affiliation credential including K, an algorithm, an algorithm parameter, a supplementary service application, supplementary service data, and the like.

The transfer of the MNO Credentials must be done in a secure manner from end to end. Transmissions can be made in successive stages without breaking the security chain, and all steps in the transport chain must be done with the recognition and approval of the MNO. No entity in the transport chain should be able to clearly see the MNO credential, but the only exception could be a third entity, such as a SIM vendor, delegated from a particular MNO. However, this is not a general function of a third party to do so.

Operators must have full control over their credentials, and the operator must have strong supervisory and control over SM operations.

The SM function must be provided by the MNO or a third party, if provided by a third party, and if there is a commercial relationship between the SM and the MNO.

SM does not have any direct relationship with MNO subscribers for subscription management. The MNO has to have a relationship with the subscriber and should be an entry point for joining the customer, but this is not intended to be a match for the contractual relationship that the M2M service provider (the M2M service provider is the MNO subscriber) can have with his or her customer.

While the MNO is being swapped, the donor and receiver operators may or may not have pre-agreement with each other. There must be a mechanism to approve the pre-contract. The policy control function of the donor operator can define the removal condition of its own credential, and the policy control function (PCF) can implement this function.

The architecture introduces the function defined as SM, and the main role of the SM is to prepare a package containing the MNO credential and forward it to the eUICC. The SM function may be provided directly by the MNO, or the MNO may contract with the third entity to obtain the SM service.

The role of the SM can be divided into two sub functions such as SM-SR and SM-DP.

In practice, these SM-SR, SM-DP functions may be provided by other entities or by the same entity. Therefore, the functions of SM-DP and SM-SR need to be clearly bounded, and the interface between these entities needs to be defined.

The SM-DP is responsible for the secure preparation of the package to be delivered to the eUICC and works with the SM-SR for actual transmission. The core functions of SM-DP are: 1) to manage the functional characteristics and certification level of the eUICC, and 2) to manage MNO credentials (eg IMSI, K, supplementary service application, , Some of which may potentially be encrypted (enciphered) by the MNO), and 3) the ability to compute OTA packages for downloading by SM-SR. Additional features may be added in the future It will be possible.

If the SM-DP function is provided by a third party, the security and trust relationship becomes very important. In addition to real-time provisioning, SM-DP can have a significant amount of background processing capability, and performance, scalability and reliability requirements are expected to be important.

SM-SR is responsible for securely routing and delivering the credit package to the corresponding eUICC. The core functions of SM-SR are: 1) to manage OTA communication with eUICC over ciphered VPN; and 2) to manage end-to-end up to eUICC with other SM-SR 3) the function of managing the eUICC data used for the SM-SR OTA communication provided by the eUICC supplier, and 4) the function of protecting the communication with the eUICC by filtering only the allowed entities (Firewall function).

The SM-SR database is provided by eUICC vendors and vendors (such as M2M endpoints) and potentially MNOs, and can be used by the MNO through the SM-SR mesh network.

Circle of trust enables an end-to-end security link during provisioning profile delivery, and SM-SR shares trust circles for secure dks routing of provisioning profiles and eUICC discovery. The MNO may be linked with the SM-SR and SM-DP entities in the trust circle and may provide this functionality on its own. In order to avoid illegal use of eUICC (illegal use of cloning, criminal use, denial of service, illegal MNO context change, etc.) without compromising the contractual and legal obligations of the MNO in connection with the customer, eUICC and MNO Credential A secure end-to-end link between the two is required.

2 is an overall flowchart of the provisioning process of the first subscription to which the present invention is applied.

In the provisioning process, the eUICC sends an activation request to the MNO that includes the device identification information (IMEI, etc.) and the eUICC identification information (eICCid, etc.) (step 1). Then, between the MNO and the eUICC, And performs the request (step 2).

In step 3, the MNO collects information about the eUICC identity verification and the device (eUICC) between the SM-SR.

In step 4, the MNO generates a new eUICC profile for the MNO through SM-DP, encrypts the profile with a specific encryption key, and forwards it to the MNO (primary encryption, step 4).

Next, when the MNO transmits the primary encrypted eUICC profile to the SM-SR and requests the secondary encryption, the SM-SR encrypts the eUICC profile using the already stored eUICC management key and delivers the encrypted eUICC profile to the MNO . (Step 5)

The MNO then sends a Double Ciphered eUICC profile to the corresponding eUICC (step 6).

In step 7, the SM-SR database is updated between the eUICC and the SM-SR that terminated the provisioning by a status request and a response thereto.

Each of these steps will be described again.

In step 1, the eUICC identification information (eg eICCid) is public data and must be integrated within the eUICC.

In step 2, the state request and technical possibility control provide proof of the eUICC identity (trusted eUICC) and verify the eligibility of the eUICC feature for the MNO service.

In steps 4-6, a dual encryption mechanism is used for eUICC profile creation and transmission. That is, the creation profile linked to the eUICC by the SM-DP is encrypted by a cryptographic mechanism that can only be read by the target eUICC, and the SM-SR encrypts the generation profile with the eUICC management key to authenticate and protect the eUICC during delivery.

In step 7, the SM-SR database may be updated at the end of the subscription installation.

3 is an overall flowchart of a subscription change or MNO change process to which the present invention is applied.

2 is similar to the provisioning process of FIG. 2 (i.e., a new MNO after the change corresponds to the MNO of FIG. 2), but a new MNO performs a negotiation and right transfer process to the donor MNO before and after the profile creation of a new MNO (Step 4-1)

The difference between the MNO change process of FIG. 3 and the provisioning process of FIG. 2 is that the activation request is transmitted to the donor MNO OTA bearer using the provisioning or operation active profile, and the new MNO is changed to one of OTA or OTI To request a route from the SM-SR to download the profile.

The negotiation and rights transfer step (step 4-1) is a process such that the new MNO requests the former MNO (donor MNO) whether the corresponding eUICC is legitimate and relocates the right (information) according to the MNO change.

That is, in step 4-1, a new MNO (Receiving MNO) requests authentication of the donor MNO for subscription switching, and such authentication can be provided by a policy control function.

The proposed SM role separation environment can be applied to the SM in the eSIM environment where all business initiatives can be taken away (SM-SR solves all MNO's need to interact with each MNO) The DP role is generally expected to be performed by the MNO, and there is an advantage that it can be accompanied by communication and supplementary service provider information built through the SM-DP). However, since there is no detailed eSIM management method based on this structure, there are difficulties such as ensuring the security of each provider information and defining the issuance flow when introducing the eSIM system.

In this paper, we propose a secure management method of eSIM by using dynamic public key generation in SM role separation environment proposed by GSMA. In detail, the basic opening structure, the third party moving structure and the process are suggested.

The basic upper structure of the present invention is based on the eSIM structure of Fig. In the present specification, the SM specified in the figure may be a single SM entity or an SM entity of the " Circle of Trust ".

FIG. 4 illustrates an eUICCC internal structure and a signal flow in a pre-activation request process according to an embodiment of the present invention.

The entire system to which the present invention is applied is shown on the right side of FIG.

That is, 1. each sector is formed by a strong trust relationship by the MNO (s), and the dashed line in FIG. 4 represents a strong trust relationship.

SM-SR (Subscription Manager - Secure Routing) operates in the MNOs network in the form of MNOs and TSMs with MNOs operating directly or in a strong trust relationship. There is also a trust relationship between SM-SRs, and SM-SRs may have multiple MNOs and relationships. The SM-SR processes the actual join request and loads the MNO profile into the eUICC with OTA.

SM-DP (Subscription Manager - Data Preparation) is operated by MNOs in MNOs network with MNOs and TSM type in direct or strong trust relationship. (However, it is recommended that MNOs operate directly.) SM-DP Creates, stores and manages MNO profiles.

The MNO only needs to add the additional interface part to the existing MNO server to work with SM-SR and SM-DP.

In the embodiment of the present invention, a Protection Profile is newly defined, and the present invention is not limited to such a term, and may be expressed in other terms as long as the following functions are performed.

The protection profile is a profile implemented in the eUICC and defines the Protection Profile used by the MNOs to perform the functions of the SM. These protection files can be agreed and used by MNOs in common (MNO-specific function is prevented from fragmentation, so it is recommended to use the same for common certification function) .

The protection profile of the present invention should be applied to Integrity, Confidentiality, and Authenticity, and plays a role of decrypting and authenticating the encrypted MNO profile. Also, in order to guarantee Integrity & Authentication, it decrypts and authenticates the encrypted key value (SM-SR key, MNO key), and public key / secret key / password method etc. can be used , Message Authentication Code (MAC), and Manipulation Detection Code (MDC).

As data defined in an embodiment of the present invention, there is an SM-SR key. The SM-SR key is a key for authenticating the profile load, change, and delete through the actual OTA. It is not necessarily limited to these terms, and it is also possible to use an administration function such as loading or initializing the initial MNO profile, If the key is authentication information that can be used, it may be expressed in other terms.

Also, there is an MNO Key as data defined in an embodiment of the present invention. The MNO key is an authentication key for each MNO to use for the MNO service. The MNO key is not necessarily limited to these terms and may be expressed in other terms if it is a key as authentication information when the MNO uses an existing service such as an MNO supplementary service.

The MNO identification key refers to the key as the MNO identification information managed by the SM-SR through the MNO relationship (identification role for an MNO).

In addition, the First Subscription Profile manages the SM-SR access information for requesting the actual opening and the identification key of the MNO having the relationship with the SM-SR.

Referring to FIGS. 4 to 7, the present invention describes an initial opening procedure and thus an eUICC architecture in a SM environment having a strong trusted relationship with MNOs.

As shown in step 1 of FIG. 4, the terminal sends a "pre-opening request" to the MNO1 together with the eUICC basic information via the network / offline / online (exclusive line).

In step 2 of Fig. 5, the MNO1 processes the following information through the network / offline / online (exclusive line) to the eUICC.

In step 2 of FIG. 5, the access information of the trusted SM-SR1 (or the SM-SR1 directly or cooperatively operated) is provided to the First Subscription Profile, the identification key of the MNO1 is provided to the First Subscription Profile, .

1) Generate a key for decrypting the encrypted MNO1 Profile to be provided as OTA at the time of "actual subscription request" and transmit the encryption key to MNO1

2) Creates a key for decrypting the SM-SR1 key, and transmits the corresponding encryption key to the SM-SR1

3) Generate a key for decrypting the key of MNO1 and transmit the corresponding encryption key to MNO1

In step 3 of Fig. 5, the MNO1 notifies the SM-SR1 of the eUICC basic information and the identification key of the MNO1 received at the "pre-registration request", and the SM-SR1 maps the information.

In step 3 of FIG. 5, the MNO1 further stores an encryption key to be used in creating the MNO1 profile in the SM-DP1.

In the fourth step of Fig. 6, the " actual opening request " is tried to the SM-SR1 using the following information.

1) Basic information at the time of pre-registration request, 2) Identification key of MNO1, 3) Connection information of SM-SR1

Then, in step 5 of Fig. 6, the SM-SR1 confirms the correspondence of the mapping (basic information at the time of pre-registration request, the identification key of the MNO1) and transmits the "encrypted key of MNO1" distributed from the MNO1 and "SM- Encrypted key "to the eUICC. At this time, the Protection Profile decodes "Encrypted key of MNO1" and "Encrypted key of SM-SR1". (In the second step of FIG. 5, the protection profile of the eUICC generates and manages a decryption key for decrypting the SM-SR key and the MNO key)

Next, in step 6 of Fig. 6, the SM-SR1 informs MNO1 of the fact that "the encrypted key of MNO1" is provided.

7, when the MNO1 requests the SM-DP1 to generate the MNO1 profile in step 7 of FIG. 7, the SM-DP1 encrypts the MNO1 profile with the security key received in the " pre-activation procedure "

In step 8 of FIG. 7, -SR1 receives an " encrypted MNO1 profile " from the MNO1. In step 9, the SM-SR1 delivers it to the eUICC via the OTA, and the Protection Profile decrypts the "encrypted MNO1 profile" and the decrypted eUICC loads and installs the MNO1 Profile using the SM-SR1 key.

According to the present invention, in the SM role separation environment proposed by the GSMA, it is possible to securely provide the eSIM with information on the carrier for communication and additional services.

The foregoing description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas within the scope of equivalents should be construed as falling within the scope of the present invention.

Claims (11)

1. An opening method performed in a terminal including an embedded universal integrated circuit card (eUICC)
Transmitting a pre-activation request message including basic information of the eUICC to a mobile network operator (MNO);
Receiving connection information of a subscription manager-secure routing (SM-SR) interworking with the MNO and an identification key of the MNO from the MNO;
Accessing the SM-SR by using the access information of the SM-SR, transmitting an actual access request message including the basic information of the eUICC and the identification key of the MNO to the SM-SR;
Receiving, in response to the actual activation request message, an encryption key of the MNO and an encryption key of the SM-SR from the SM-SR;
Receiving an encrypted MNO profile from the SM-SR;
Decrypting the encrypted MNO profile based on the encryption key of the MNO and the encryption key of the SM-SR; And
And establishing a decrypted MNO profile. The method according to claim 1,
Wherein the access information of the SM-SR and the identification key of the MNO are stored in a first subscription profile of the eUICC. The method according to claim 1,
Wherein the encryption key of the MNO and the encryption key of the SM-SR are stored in a protection profile of the eUICC. The method according to claim 1,
If it is determined in the SM-SR that the basic information of the eUICC is mapped to the identification key of the MNO, the encryption key of the MNO and the encryption key of the SM-SR are received from the SM- . The method according to claim 1,
Wherein the MNO profile is double-encrypted based on an encryption key of the MNO and an encryption key of the SM-SR. The method according to claim 1,
Wherein the MNO is interworked with the SM, and the SM includes the SM-SR and the SM-DP (data preparation). A method for supporting the opening of a terminal including an embedded universal integrated circuit card (eUICC), which is performed in a mobile network operator (MNO)
Receiving, from the terminal, a dictionary opening request message including basic information of the eUICC;
Transmitting connection information of a subscription manager-secure routing (SM-SR) interworking with the MNO and an identification key of the MNO to the terminal in response to the pre-activation request message; And
And transmitting to the SM-SR a MNO profile that is double-encrypted based on the encryption key of the MNO and the encryption key of the SM-SR when an actual activation request message is received from the terminal. How to support opening. The method of claim 7,
Wherein the encryption key of the MNO and the encryption key of the SM-SR are transmitted to the terminal via the SM-SR. The method of claim 7,
And the encrypted MNO profile is transmitted to the terminal via the SM-SR. The method of claim 7,
Wherein the MNO is interlocked with the SM, and the SM includes the SM-SR and the SM-DP (data preparation). The method of claim 10,
Wherein the MNO profile is first encrypted in the SM-DP based on the encryption key of the MNO, and the MNO profile is first encrypted in the SM-SR based on the encryption key of the SM- How to Apply.

Images