KR102180481B1 - Methods and apparatus for providingbundle information - Google Patents

Abstract

The present disclosure relates to a method and apparatus for providing bundle information. The SSP terminal according to an embodiment of the present disclosure transmits a request for first bundle information including a bundle identifier and metadata to the SPB server, and verifies the validity of the first bundle information received from the SPB server according to the request. And, as the first bundle information is verified to be valid, a request for second bundle information including encrypted data on the bundle is transmitted to the SPB server, and the SSP terminal sends the first bundle based on the request for the second bundle information. When it is confirmed that the terminal has requested the information, the second bundle information may be received from the SPB server.

Description

Method and apparatus for providing bundle information {METHODS AND APPARATUS FOR PROVIDINGBUNDLE INFORMATION}

The present disclosure relates to a method and apparatus for providing bundle information, and more particularly, to a method and apparatus for requesting bundle information from an SSP terminal in a method of generating bundle information of an SPB server and a procedure for downloading an SSP bundle.

Efforts are being made to develop an improved 5G communication system or a pre-5G communication system in order to meet the increasing demand for wireless data traffic after the commercialization of 4G communication systems. For this reason, the 5G communication system or the pre-5G communication system is referred to as a communication system after a 4G network (Beyond 4G Network) or a system after an LTE system (Post LTE). In order to achieve a high data rate, the 5G communication system is being considered for implementation in the ultra-high frequency (mmWave) band (for example, the 60 gigabyte (60 GHz) band). In order to mitigate the path loss of radio waves in the ultra-high frequency band and increase the propagation distance of radio waves, in 5G communication systems, beamforming, massive array multiple input/output (MIMO), and full dimensional multiple input/output (FD-MIMO) ), array antenna, analog beam-forming, and large scale antenna technologies are being discussed. In addition, in order to improve the network of the system, in 5G communication system, advanced small cell, advanced small cell, cloud radio access network (cloud RAN), ultra-dense network , Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, CoMP (Coordinated Multi-Points), and interference cancellation And other technologies are being developed. In addition, in 5G systems, advanced coding modulation (ACM) schemes such as Hybrid FSK and QAM Modulation (FQAM) and SWSC (Sliding Window Superposition Coding), advanced access technologies such as Filter Bank Multi Carrier (FBMC), NOMA (non-orthogonal multiple access), and sparse code multiple access (SCMA) have been developed.

On the other hand, the Internet is evolving from a human-centered network in which humans generate and consume information, to an Internet of Things (IoT) network that exchanges and processes information between distributed components such as objects. Internet of Everything (IoE) technology, which combines IoT technology with big data processing technology through connection with cloud servers, is also emerging. In order to implement IoT, technology elements such as sensing technology, wired/wireless communication and network infrastructure, service interface technology, and security technology are required, and recently, a sensor network for connection between objects, machine to machine , M2M), and MTC (Machine Type Communication) technologies are being studied. In the IoT environment, intelligent IT (Internet Technology) services that create new value in human life by collecting and analyzing data generated from connected objects can be provided. IoT is the field of smart home, smart building, smart city, smart car or connected car, smart grid, healthcare, smart home appliance, advanced medical service, etc. through the convergence and combination of existing IT (information technology) technology and various industries. Can be applied to.

Accordingly, various attempts have been made to apply a 5G communication system to an IoT network. For example, technologies such as sensor network, machine to machine (M2M), and MTC (Machine Type Communication) are implemented by techniques such as beamforming, MIMO, and array antenna. There is. As the big data processing technology described above, a cloud radio access network (cloud RAN) is applied as an example of the convergence of 5G technology and IoT technology. As described above and with the development of a mobile communication system, various services can be provided, and a method for effectively providing these services is required.

According to an embodiment of the present disclosure, a service provider or a bundle management server (SPB Manager) may provide a method of generating first bundle information and second bundle information of an SSP bundle.

In addition, in the embodiment disclosed in the present disclosure, when the SSP terminal attempts to download a bundle due to the present disclosure, a procedure and method for requesting first bundle information and second bundle information may be provided.

A method of providing bundle information by an SSP terminal according to an embodiment includes: transmitting a request for first bundle information including an identifier and metadata of a bundle to an SPB server; Verifying the validity of the first bundle information received from the SPB server according to the request; Transmitting a request for second bundle information including encrypted data on the bundle to an SPB server as the first bundle information is verified to be valid; And

As it is determined that the SSP terminal is the terminal requesting the first bundle information based on the request for the second bundle information, the step of receiving the second bundle information from the SPB server may be included.

In the method for the SSP terminal to provide bundle information according to an embodiment, the request for the first bundle information and the request for the second bundle information each include an SSP credential, and are included in the request for the second bundle information. Based on whether the generated SSP credential corresponds to the SSP credential included in the request for the first bundle information, it may be confirmed that the SSP terminal is the terminal that requested the first bundle information.

A method of providing bundle information by an SSP terminal according to an embodiment includes the steps of: receiving first bundle information and an identification value from an SPB server; Further comprising the step of transmitting the signature value generated based on the received identification value to the SPB server together with the request for the second bundle information, based on the signature value, it will be confirmed that the SSP terminal is the terminal requesting the first bundle information. I can.

A method of providing bundle information by an SSP terminal according to an embodiment includes: transmitting a received identification value to an SPBL; It may further include the step of receiving a signature value generated based on the identification value from the SPBL.

A method of providing bundle information by an SSP terminal according to an embodiment includes: receiving an identification value from an SPB server; And generating a signature value based on the received identification value, and the request for the first bundle information may be transmitted from the SSP terminal to the SPB server as the signature value is generated.

The method of providing bundle information by the SSP terminal according to an embodiment further comprises obtaining a signed signature value based on the SPBL signing certificate, and the request for the second bundle information transmitted from the SPB server is obtained. The signature value is included, and the second bundle information may be received from the SPB server as the signature value is verified based on the SPBL signature certificate verified in the SPB server.

In a method of providing bundle information by an SSP terminal according to an embodiment, the request for the first bundle information and the request for the second bundle information may each consist of different types of bundle information request function commands. In addition, a command for requesting second bundle information after requesting the first bundle information may be defined separately from a command requesting second bundle information without requesting the first bundle information.

A method of providing bundle information by an SPB server according to an embodiment includes the steps of: receiving a request for first bundle information including a bundle identifier and metadata from an SSP terminal; Transmitting the first bundle information to the SSP terminal according to the request; Receiving a request for second bundle information including encrypted data about the bundle from the SSP terminal; And transmitting the second bundle information to the SSP terminal as it is determined that the SSP terminal is the terminal requesting the first bundle information based on the request for the second bundle information.

In the method of providing bundle information by the SPB server according to an embodiment, it is determined whether the SSP credential included in the request for the second bundle information corresponds to the SSP credential included in the request for the first bundle information. A step of further comprising the step of, based on the determination result, whether the terminal that has transmitted the request for the second bundle information may be determined whether the terminal has transmitted the request for the first bundle information.

A method of providing bundle information by an SPB server according to an embodiment includes: transmitting first bundle information and an identification value to an SSP terminal; Receiving a signature value generated based on the received identification value from the SSP terminal together with a request for second bundle information; And confirming that the SSP terminal is a terminal that has requested the first bundle information, based on the signature value.

A method of providing bundle information by an SPB server according to an embodiment includes: transmitting an identification value to an SSP terminal; And generating first bundle information according to a request for the first bundle information received after transmission of the identification value.

A method of providing bundle information by an SPB server according to an embodiment includes: verifying a signature value included in a request for second bundle information based on an SPBL signature certificate; And generating the second bundle information as the signature value is verified.

An SSP terminal providing bundle information according to an embodiment includes: a memory; A transceiver; And at least one processor, wherein the at least one processor controls the transmission/reception unit to transmit a request for the first bundle information including the identifier and metadata of the bundle to the SPB server, and according to the request, received from the SPB server. The validity of the first bundle information is verified, and as the first bundle information is verified as valid, a request for second bundle information including encrypted data on the bundle is transmitted to the SPB server, and a request for the second bundle information is made. As it is determined that the SSP terminal is the terminal that requested the first bundle information based on the basis, the transmission/reception unit may be controlled to receive the second bundle information from the SPB server.

An SPB server providing bundle information according to an embodiment includes: a memory; A transceiver; And at least one processor, wherein the at least one processor receives a request for first bundle information including a bundle identifier and metadata from the SSP terminal, and transmits the first bundle information to the SSP terminal according to the request. And, as the request for the second bundle information including the encrypted data on the bundle is received from the SSP terminal, and it is confirmed that the SSP terminal is the terminal requesting the first bundle information based on the request for the second bundle information, the second It is possible to control the transceiver to transmit the bundle information to the SSP terminal.

According to the present disclosure, the SSP terminal may first receive unencrypted first bundle information in the SSP bundle download procedure.

According to the SSP first bundle information structure of the present disclosure, the first bundle information may have family-specific metadata that can be commonly used for a bundle having a specific family identifier, and a plurality of management organizations for a specific family identifier When present, each management agency may include and define set values, parameters, and functions to be additionally defined in addition to the family-specific metadata in the management agency-metadata.

According to the SSP first bundle information structure of the present disclosure, the first bundle information of the bundle may be configured by using the management agency-metadata defined by other management organizations managing the same family identifier by a specific management agency.

According to the bundle request procedure of the present disclosure, when the SSP terminal requests the first bundle information and then requests the second bundle information, it is possible to minimize the redundant operation or unnecessary operation performed by the SPB manager.

According to the bundle request procedure of the present disclosure, when the SSP terminal requests the first bundle information and then requests the second bundle information, the SPB Manager can efficiently and securely perform that the SSP terminal has received the first bundle information. have.

1 is a diagram illustrating an internal component of an SSP terminal and an interface between components.
FIG. 2 is a diagram illustrating components inside and outside a terminal for downloading a bundle by an SSP terminal according to an embodiment of the present disclosure.
3 is a diagram showing the structure of first bundle information delivered to an LBA by an SPB manager.
4A is a flowchart illustrating a method of requesting first bundle information and second bundle information from an SPB manager by an SSP terminal according to an embodiment of the present disclosure.
4B is a flowchart illustrating a method for a SSP terminal to request second bundle information without separately requesting first bundle information from an SPB manager, according to some embodiments of the present disclosure.
FIG. 5 is a diagram for describing a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.
FIG. 6 is a diagram for explaining a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.
7 is a diagram illustrating a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.
FIG. 8 is a diagram illustrating a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.
9 is a diagram for explaining a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.
10 is a flowchart illustrating an operation of the SPB Manager when the SPB Manager receives a bundle information request function command during a bundle download procedure.
11 is a flowchart illustrating an operation of an SSP terminal according to an embodiment.
12 is a flowchart illustrating an operation of an SPB server according to an embodiment.
13 is a block diagram of an SSP terminal 1300 according to an embodiment.
14 is a block diagram of an SPB server according to an embodiment.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

In describing the embodiments, descriptions of technical contents that are well known in the technical field to which the present disclosure belongs and are not directly related to the present disclosure will be omitted. This is to more clearly convey the gist of the present disclosure by omitting unnecessary description.

For the same reason, some components in the accompanying drawings are exaggerated, omitted, or schematically illustrated. In addition, the size of each component does not fully reflect the actual size. The same reference numerals are assigned to the same or corresponding components in each drawing.

Advantages and features of the present disclosure, and a method of achieving them will be apparent with reference to embodiments described later in detail together with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, only the present embodiments are intended to complete the present disclosure, and those of ordinary skill in the art to which the present disclosure pertains. It is provided to fully inform the scope of the disclosure, and the present disclosure is only defined by the scope of the claims. The same reference numerals refer to the same components throughout the specification.

At this time, it will be appreciated that each block of the flowchart diagrams and combinations of the flowchart diagrams may be executed by computer program instructions. Since these computer program instructions can be mounted on the processor of a general purpose computer, special purpose computer or other programmable data processing equipment, the instructions executed by the processor of the computer or other programmable data processing equipment are described in the flowchart block(s). Create a means to perform functions. These computer program instructions can also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular way, so that the computer-usable or computer-readable memory It is also possible to produce an article of manufacture containing instruction means for performing the functions described in the flowchart block(s). Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operating steps are performed on a computer or other programmable data processing equipment to create a computer-executable process to create a computer or other programmable data processing equipment. It is also possible for instructions to perform processing equipment to provide steps for executing the functions described in the flowchart block(s).

In addition, each block may represent a module, segment, or part of code that contains one or more executable instructions for executing the specified logical function(s). In addition, it should be noted that in some alternative execution examples, functions mentioned in blocks may occur out of order. For example, two blocks shown in succession may in fact be executed substantially simultaneously, or the blocks may sometimes be executed in reverse order depending on the corresponding function.

In this case, the term'~ unit' used in the present embodiment means software or hardware components such as FPGA or ASIC, and'~ unit' performs certain roles. However,'~ part' is not limited to software or hardware. The'~ unit' may be configured to be in an addressable storage medium, or may be configured to reproduce one or more processors. Thus, as an example,'~ unit' refers to components such as software components, object-oriented software components, class components and task components, processes, functions, properties, and procedures. , Subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, database, data structures, tables, arrays, and variables. The components and functions provided in the'~ units' may be combined into a smaller number of elements and'~ units', or may be further divided into additional elements and'~ units'. In addition, components and'~ units' may be implemented to play one or more CPUs in a device or a security multimedia card.

Specific terms used in the following description are provided to aid understanding of the present disclosure, and the use of these specific terms may be changed in other forms without departing from the technical spirit of the present disclosure.

SE (Secure Element) stores security information (e.g., mobile communication network access key, user identification information such as ID card/passport, credit card information, encryption key, etc.), and a control module (e.g., USIM, etc.) that uses the stored security information. Network access control module, encryption module, key generation module, etc.) are mounted and operated with a single chip. SE can be used in various electronic devices (e.g., smartphones, tablets, wearable devices, automobiles, IoT devices, etc.), and security services (e.g., mobile communication network access, payment, user authentication, etc.) through security information and control modules. Can provide.

SE can be divided into UICC (Universal Integrated Circuit Card), eSE (Embedded Secure Element), and SSP (Smart Secure Platform), which is an integrated form of UICC and eSE, and is removable depending on the type of connection or installation to an electronic device. ), fixed type (Embedded), and can be subdivided into integrated type (Integrated) that is integrated into a specific device or SoC (system on chip).

UICC (Universal Integrated Circuit Card) is a smart card inserted into a mobile communication terminal and used, and is also called a UICC card. The UICC may include an access control module for accessing the mobile communication service provider's network. Examples of access control modules include Universal Subscriber Identity Module (USIM), Subscriber Identity Module (SIM), and IP Multimedia Service Identity Module (ISIM). UICC with USIM is also commonly referred to as a USIM card. Similarly, a UICC including a SIM module is commonly referred to as a SIM card.

On the other hand, the SIM module may be mounted when manufacturing the UICC or download the SIM module of the mobile communication service to be used at a time desired by the user to the UICC card. The UICC card can also download and install a plurality of SIM modules, and select and use at least one SIM module among them. Such a UICC card may or may not be fixed to the terminal. The UICC fixed to the terminal is called eUICC (embedded UICC), and in particular, a system-on-chip including a communication processor of the terminal, an application processor, or a single processor structure in which the two processors are integrated. The UICC built in (SoC) is sometimes referred to as iUICC (Integrated UICC). Typically, eUICC and iUICC may refer to a UICC card that is fixed to a terminal and used, and which can remotely download and select a SIM module.

In the present disclosure, a UICC card capable of remotely downloading and selecting a SIM module is collectively referred to as eUICC or iUICC. That is, among UICC cards that can be selected by downloading a SIM module remotely, a UICC card that is fixed or not fixed to the terminal is collectively used as eUICC or iUICC. In addition, the SIM module information to be downloaded is collectively referred to as eUICC profile or iUICC profile, or more simply as a term of a profile.

eSE (Embedded Secure Element) refers to a fixed type SE that is fixed to an electronic device and used. eSE is typically manufactured exclusively for manufacturers at the request of the terminal manufacturer, and may be manufactured including an operating system and a framework. eSE remotely downloads and installs an applet-type service control module and can be used for various security services such as electronic wallets, ticketing, e-passports, and digital keys. In the present disclosure, the SE in the form of a single chip attached to an electronic device that can remotely download and install a service control module is collectively referred to as eSE.

A smart security device (SSP, Smart Secure Platform) can support the functions of UICC and eSE in a single chip, and can be simply referred to as SSP. SSP can be classified into removable (rSSP, Removable SSP), fixed (eSSP, Embedded SSP) and integrated (iSSP, Integrated SSP) built-in SoC. The SSP may be composed of one primary platform (PP) and at least one secondary platform bundle (SPB) operating on the PP. The primary platform may include at least one of a hardware platform and a low level operating system (LLOS), and the secondary platform bundle may include at least one of a high-level operating system (HLOS) and an application running on the HLOS. Secondary platform bundles are also referred to as SPBs or bundles.

The bundle accesses resources such as the central processing unit and memory of the PP through the Primary Platform Interface (PPI) provided by the PP, and can be run on the PP through this. The bundle can be equipped with communication applications such as SIM (Subscriber Identification Module), USIM (Universal SIM), ISIM (IP Multimedia SIM), and various application applications such as electronic wallets, ticketing, e-passports, and digital keys. have.

The SSP can be used for the above-described UICC or eSE depending on the bundles downloaded and installed remotely, and a plurality of bundles can be installed in a single SSP and operated at the same time to mix the uses of UICC and eSE. That is, when a bundle including a profile is operated, the SSP can be used for UICC to access the network of a mobile communication service provider. The UICC bundle may remotely download at least one profile, such as the eUICC or iUICC, into the bundle, and operate by selecting at least one of them. In addition, when a bundle including a service control module equipped with an application application capable of providing services such as an electronic wallet, ticketing, e-passport, or digital key is operated on the SSP, the SSP can be used for the eSE. A plurality of service control modules may be installed and operated by being integrated into one bundle, or may be installed and operated as independent bundles.

Hereinafter, terms used in the present disclosure will be described in more detail.

In this disclosure, SSP can support UICC and eSE functions in a single chip, and can be divided into removable (rSSP, Removable SSP), fixed (eSSP, Embedded SSP), and integrated type (iSSP, Integrated SSP) embedded in SoC. It is a security module in the form of a chip that can be used. The SSP can download and install a bundle from an external bundle management server (Secondary Platform Bundle Manager, SPB Manager) using OTA (Over The Air) technology.

In the present disclosure, the method of downloading and installing the bundle using OTA technology in the SSP includes a removable SSP (rSSP) that can be inserted and removed in a terminal, a fixed SSP (eSSP) installed in the terminal, and the SoC installed in the terminal. The same can be applied to the integrated SSP (iSSP).

In the present disclosure, the term UICC may be used interchangeably with SIM, and the term eUICC may be mixed with eSIM.

In the present disclosure, the Secondary Platform Bundle (SPB) is driven by using the resources of the PP on the Primary Platform (PP) of the SSP. For example, the UICC bundle is an application or file system stored in the existing UICC. , Authentication key value, etc. It may mean packaging the operating system (HLOS) in which they operate in software form. In the present disclosure, the secondary platform bundle may be referred to as a bundle.

In the present disclosure, the USIM Profile may mean the same as a profile or may mean packaging information included in a USIM application in a profile in a software form.

In the present disclosure, the operation of enabling the bundle by the terminal or the external server is to change the status of the corresponding profile to the enabled state so that the terminal provides services provided by the bundle (e.g., communication service, credit service through a communication service provider). It may mean an operation of setting to receive a card payment service, a user authentication service, etc.). Bundles in the active state may be expressed as "enabled bundles". The bundle in the activated state may be stored in an encrypted state in a storage space inside or outside the SSP.

The bundle activated in the present disclosure is driven by external input (eg, user input, push, request of an application in the terminal, authentication request from a carrier, PP management message, etc.) or an operation inside the bundle (eg, timer, polling). It can be changed to the state (Active). The bundle in the driving state is loaded into the driving memory inside the SSP from the storage space inside or outside the SSP, and can process security information and provide security services to the terminal by using a security control device (Secure CPU) inside the SSP.

In the present disclosure, the operation of disabling a bundle by a terminal or an external server may mean an operation of changing the state of the bundle to a disabled state so that the terminal cannot receive the services provided by the bundle. have. The profile in the inactive state may be expressed as "disabled bundle". The bundle in the activated state may be stored in an encrypted state in a storage space inside or outside the SSP.

In the present disclosure, the bundle management server generates a bundle at the request of a service provider or another bundle management server, encrypts the generated bundle, generates a bundle remote management command, or encrypts the generated bundle remote management command. It can provide a function to do. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-DP (Subscription Manager Data Preparation), SM-DP+ (Subscription Manager Data Preparation). plus), Admin Bundle Server, Managing SM-DP+ (Managing Subscription Manager Data Preparation plus), Bundle Encryption Server, Bundle Generation Server, Bundle Provisioner (BP), Bundle Provider, BPC holder (Bundle Provisioning Credentials) holder).

In the present disclosure, the bundle management server may download, install, or update a bundle from the SSP and manage the setting of keys and certificates for remote management of the bundle status. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-SR (Subscription Manager Secure Routing), SM-SR+ (Subscription Manager Secure Routing). Plus), an off-card entity of eUICC Profile Manager, PMC holder (Profile Management Credentials holder), and EM (eUICC Manager).

In the present disclosure, the opening mediation server is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), SPBDS (Secondary Platform Bundle Discovery Sever), BDS (Bundle Discovery Sever), SM-DS (Subscription Manager Discovery Service), DS It may be expressed as at least one of (Discovery Service), Root SM-DS, and Alternative SM-DS. The opening brokerage server may receive an event registration request (Register Event Request, Event Register Request) from one or more bundle management servers or opening brokerage servers. In addition, one or more opening brokerage servers may be used in combination, and in this case, the first opening brokerage server may receive an event registration request from not only the bundle management server but also the second opening brokerage server. In the present disclosure, the function of the opening mediation server may be integrated into the bundle management server.

The term'terminal' used in the present disclosure refers to a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, and a subscriber unit. , A subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit/receive unit (WTRU), a mobile node, a mobile or other terms. Various embodiments of the terminal include a cellular phone, a smart phone having a wireless communication function, a personal portable terminal (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, and a digital camera having a wireless communication function. Devices, gaming devices having a wireless communication function, music storage and playback appliances having a wireless communication function, Internet appliances capable of wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions. have. In addition, the terminal may include a machine to machine (M2M) terminal and a machine type communication (MTC) terminal/device, but is not limited thereto. In the present disclosure, the terminal may be referred to as an electronic device. In the present disclosure, an SSP capable of downloading and installing a bundle may be embedded in the electronic device. When the SSP is not embedded in the electronic device, the SSP physically separated from the electronic device may be inserted into the electronic device and connected to the electronic device. For example, the SSP may be inserted into an electronic device in the form of a card. The electronic device may include a terminal, and in this case, the terminal may be a terminal including an SSP capable of downloading and installing a bundle. Not only can the SSP be embedded in the terminal, but when the terminal and the SSP are separated, the SSP can be inserted into the terminal, inserted into the terminal, and connected to the terminal.

In the present disclosure, the terminal or electronic device may include a Local Bundle Assistant (LBA) or a Local Bundle Manager (LBM), which is software or applications installed in the terminal or electronic device to control the SSP. The LBA application can download a bundle to the SSP or send a command to activate, deactivate, or delete the installed bundle to the SSP.

In the present disclosure, the terminal or electronic device may include a Local Profile Assistant (LPA), which is software or application installed in the terminal or electronic device to control the eUICC. The LPA may be included in the Local Bundle Assistant (LBA) and implemented, or may exist in the terminal as an application separate from the LBA. The LPA may be software or an application capable of controlling an eSIM bundle of a terminal incorporating an SSP.

In the present disclosure, the bundle identifier may be referred to as a factor matching a bundle family identifier (SPB Family Identifier), a bundle matching ID, and an event identifier (Event ID). The bundle identifier (SPB ID) may indicate a unique identifier of each bundle. The bundle family identifier (SPB Family Identifier) may indicate an identifier that distinguishes the type of a bundle (eg, a telecom bundle for accessing a mobile carrier network). The bundle identifier can be used as a value that can index bundles in the bundle management server. In the present disclosure, the SSP identifier (SSP ID) may be a unique identifier of the SSP embedded in the terminal, and may be referred to as sspID. In addition, as in the embodiment of the present disclosure, when the terminal and the SSP chip are not separated, it may be a terminal ID. It may also refer to a specific bundle identifier (SPB ID) in the SSP. In more detail, it may refer to the bundle identifier of a management bundle or loader (SPBL, Secondary Platform Bundle Loader) that installs other bundles in the SSP and manages activation, deactivation, and deletion. The SSP may have a plurality of SSP identifiers, and the plurality of SSP identifiers may be values derived from a single unique SSP identifier. The Primary Platform inside the SSP can have its own identifier, which can be referred to as the Primary Platform identifier. The SSP identifier may be a primary platform identifier.

In the present disclosure, a loader (SPBL, Secondary Platform Bundle Loader) may refer to a management bundle that installs another bundle in the SSP and manages activation, deactivation, and deletion. The LBA of the terminal or the remote server can install, activate, deactivate, or delete a specific bundle through the loader. In the present disclosure, the loader may also be referred to as an SSP.

In the present disclosure, an event may be a term collectively referring to a bundle download, a remote bundle management, or a management/processing command of other bundles or SSPs. Event (Event) may be named as a remote bundle provisioning operation (Remote Bundle Provisioning Operation, or RBP operation, or RBP Operation) or event record (Event Record), and each event (Event) corresponding to the event identifier (Event Identifier) , Event ID, EventID) or matching identifier (Matching Identifier, Matching ID, MatchingID), and at least one address (FQDN, IP Address, or URL) or each server identifier of the bundle management server or opening brokerage server where the event is stored It may be referred to as containing data. Bundle Download can be mixed with Bundle Installation. In addition, Event Type will be used as a term indicating whether a specific event is a bundle download, remote bundle management (e.g., delete, activate, deactivate, replace, update, etc.) or other bundle or SSP management/processing command. It can be named as operation type (Operation Type or OperationType), operation classification (Operation Class or OperationClass), event request type (Event Request Type), event classification (Event Class), event request classification (Event Request Class), etc. have.

In the present disclosure, local bundle management (LBM) is a bundle local management, local management, local management command, local command, local bundle management package It may be called (LBM Package), Bundle Local Management Package, Local Management Package, Local Management Command Package, and Local Command Package. LBM changes the status of a specific bundle (Enabled, Disabled, Deleted) through software installed on the terminal, or the contents of a specific bundle (e.g., bundle nickname, bundle metadata, etc.) ) Can be used for updating. The LBM may include more than one local management command, and in this case, the bundles subject to each local management command may be the same or different for each local management command.

In the present disclosure, a target bundle may be used as a term referring to a bundle that is a target of a local management command or a remote management command.

In the present disclosure, a service provider may indicate a business entity that issues a request to a bundle management server to request a bundle generation, and provides a service to a terminal through the bundle. For example, it may represent a mobile operator that provides a communication network access service through a bundle equipped with a communication application, and a business support system (BSS), an operational support system, OSS), Point of Sale Terminal, and other IT systems can all be collectively referred to. In addition, in the present disclosure, a service provider is not limited to expressing only one specific business entity, and may be used as a term referring to a group or association or consortium of one or more businesses or an agency representing the group or association .

In addition, in the present disclosure, a service provider may be named as a business operator (Operator or OP or Op.), a bundle owner (BO), an image owner (Image Owner, IO), etc., and each service provider is a name and/or At least one unique identifier (Object Identifier, OID) may be set or assigned. If the service provider refers to a group or association or agency of one or more businesses, the name or unique identifier of any group or association or agency is shared by all businesses belonging to that group or association, or by all businesses working with the agency. It may be a name or a unique identifier.

In the present disclosure, the NAA is a network access application, and may be an application program such as USIM or ISIM for accessing a network by being stored in the UICC. NAA may be a network access module.

In the present disclosure, the telecom bundle may be a bundle having at least one NAA mounted or a function capable of downloading and installing at least one NAA remotely. In the present disclosure, the telecom bundle may include a telecom bundle identifier indicating this.

In the present disclosure, the eSIM bundle may be a bundle in which an eUICC OS is driven and functions like an eUICC to receive a profile from a terminal. In the present disclosure, the eSIM bundle may include a telecom bundle identifier indicating this.

In the present disclosure, the eSIM activation code is predetermined information for downloading a profile to an eSIM terminal or an SSP terminal, and may be referred to as an eSIM activation code. The eSIM Activation Code can include the SM-DP+ address to which you need to access to download the profile or the address of the SM-DS server that can inform you of the SM-DP+ address, and can be used as a matching identifier for a specific profile in SM-DP+. Can include the Activation Code Token value. When the eSIM Activation Code is entered in the form of a QR code,'LPA:' may be attached as a prefix of the data contained in the QR code.

In the present disclosure, the SSP activation code is predetermined information for downloading a bundle to the SSP terminal, and may be referred to as an SSP Activation Code. The terminal user can start the bundle download procedure by entering the SSP activation code into the LBA application of the SSP terminal. The SSP activation code may include an eSIM activation code.

In the present disclosure, the activation code may collectively refer to an SSP activation code and an eSIM activation code. In general, in the present disclosure, the activation code may be any activation code before determining that it is an SSP activation code or an eSIM activation code, and when input into the terminal, it may be interpreted as one of an SSP activation code or an eSIM activation code. When the eSIM activation code is included in the SSP activation code, the terminal may selectively perform bundle download and profile download.

In the present disclosure, a function called by the LBA may be a function performed in a Si2 interface, which is an interface between the LBA and the SPB Manager, and a Si3 interface, which is an interface between the LBA and the Secondary Platform Bundle Loader. . LBA can pass parameters to SPB Manager or Secondary Platform Bundle Loader through specific functions. Parameters transmitted from the LBA through a specific function call may be referred to as a function command, function command, or command of a corresponding function. The SPB Manager or Secondary Platform Bundle Loader that has received a function command can perform a specific operation according to the function command and then respond to the function command. The response may include parameters. The function command transmitted from the Si3 interface, its operation, and the response to the function command can consist of several function commands, their actions, and responses to sub-function commands. have.

Transmitting function commands through the Si2 interface can use HTTP (Hypertext Transfer Protocol). In particular, the function command transmission through the Si2 interface may be performed through an HTTP POST request message of Hypertext Transfer Protocol (HTTP), and may be transmitted by including a command in the body of the HTTP POST request message.

In the present disclosure, an object identifier of a management organization may represent an object identifier of an organization that manages a specific family identifier. There may be multiple management organizations for a specific family identifier, and each organization may have an object identifier. The SSP terminal, the service provider, and the bundle management server can know which organization is the management subject of the bundle to manage the bundle including download through the management organization object identifier. In addition, it is possible to determine which management entity a service to be provided through a corresponding bundle is a service managed by a management organization object identifier.

In the present disclosure, SSP information may collectively refer to first SSP information and second SSP information. The first SSP information is information related to the SSP and may be unencrypted data. The first SSP information can be interpreted by the LBA and SPB manager without a special encryption decryption process. The second SSP information may be data obtained by encrypting information related to the SSP.

In the present disclosure, the first bundle information may be metadata, bundle metadata, and metadata of a secondary platform bundle. The first bundle information may include unencrypted information that the LBA of the SSP terminal can read about a bundle to be downloaded by a service provider or a bundle management server (SPB Manager) to the SSP terminal. Based on the first bundle information, the LBA of the SSP terminal may check whether the user's consent is obtained before receiving the second bundle information of the corresponding bundle, or whether the user's consent or intention is requested for operation/management after the bundle is installed. The first bundle information may be used by the LBA to show basic information of the bundle to the user before installing the bundle. The first bundle information may be managed by a loader (Secondary Platform Bundle Loader, SPBL, Loader) after bundle installation, and may be updated by a service provider or a bundle management server (SPB Manager).

In the present disclosure, the encrypted second bundle information includes a bound Secondary Platform Bundle image, a bound bundle (bounde Secondary Platform Bundle) and an encrypted Secondary Platform Bundle image, It may be an encrypted bundle (encrypted Bundle, encrypted Secondary Platform Bundle). The second bundle information may include first bundle information. The second bundle information contains information necessary for bundle installation, and the SSP can install the bundle to the SSP using data extracted from the second bundle information. Part of the second bundle information is encrypted with the session key generated by the SSP and the SPB Manager. There may be.

In the present disclosure, the bundle information request function may be a function that requests first bundle information and second bundle information of a bundle to be installed by the SSP terminal. The operation of requesting the first bundle information and the second bundle information of the bundle may be performed by transmitting a bundle information request function command to the SPB Manager. The bundle information request function command can be transmitted from the SSP terminal to the SPB Manager through the Si2 interface. The SSP terminal may request the first bundle information or the second bundle information by transmitting the SSP credential including the SSP certificate, SSP information, and SSP capability to the SPB Manager. The bundle information request function may be distinguished by using an identifier or identifier included in the command. In addition, according to another example, it is possible to distinguish this by defining different commands for the bundle information request function.

Further, in describing the present disclosure, when it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present disclosure, the detailed description thereof will be omitted.

In particular, the present disclosure includes the following embodiments.

-How the SPB Manager configures the first bundle information of the SSP bundle

-Method for configuring the first bundle information based on the SSP information and the terminal information delivered by the SSP terminal by the SPB Manager

-A method of configuring SSP information and terminal information for the SSP terminal to be used by the SPB Manager to configure SSP first bundle information

-The SSP terminal configures the SSP information and terminal information that the SPB Manager will use to configure the SSP first bundle information, including the SSP information and terminal information defined by the family identifier and the object identifier of the management agency that manages the family identifier. How to

-Method for SSP terminal to first request first bundle information of bundle to be downloaded from SPB Manager

-Method for SSP terminal to request and receive first bundle information from SPB Manager and then request second bundle information

-When the SSP terminal requests and receives the first bundle information from the SPB Manager and then requests the second bundle information, the method to check whether the SPB Manager is the SSP terminal that previously transmitted the first bundle information

-When the SSP terminal requests and receives the first bundle information from the SPB Manager and then requests the second bundle information, the SSP that the SPB Manager has previously transmitted the first bundle information by verifying the signature for the challenge value delivered by the SPB Manager. How to check if it is a terminal

-When the SSP terminal requests and receives the first bundle information from the SPB Manager, and then requests the second bundle information, the SPB Manager previously verifies the signature for the session identifier (transaction identifier) generated by the SSP terminal. Method to check whether the SSP terminal has transmitted the first bundle information

Hereinafter, various embodiments related to a method of requesting first bundle information during a bundle download procedure of an SSP terminal and requesting a bundle after verifying metadata by the SSP terminal will be described in detail with reference to the drawings.

1 is a diagram illustrating an internal component of an SSP terminal and an interface between components.

According to FIG. 1, the SSP terminal 101 may be largely composed of a local bundle assistant (LBA, 111) and an SSP 131, which are terminal software. In addition, the SSP terminal 101 may include a transceiver for transmitting and receiving signals with other terminals, a base station, a server, and the like, and a control unit for controlling the overall operation of the SSP terminal 101. The controller may control the operation of the SSP terminal according to various embodiments of the present disclosure. The control unit may include at least one processor. The control unit may control the SSP 131 through the LBA 111.

The SSP 131 may include a Secondary Platform Bundle (SPB, bundle), a Primary Platform 135 and a Primary Platform Interface 134. The SPB Loader (loader, 132) and eSIM Bundle (133) are a kind of bundle. The LBA 111 and the loader 132 exchange packets through the first interface 122, and the LBA 111 may perform the following through the first interface. The first interface 122 may be referred to as a Si3 interface.

-Obtaining the first SSP information, obtaining the SSP credential, and transmitting the server credential

-Send bundle data to be installed in SSP to loader

-Management of bundles installed in SSP (activation, deactivation, deletion, etc.)

FIG. 2 is a diagram illustrating components inside and outside a terminal for downloading a bundle by an SSP terminal according to an embodiment of the present disclosure.

The terminal 203 may correspond to the SSP terminal 101 of FIG. 1. The LBA 204 may correspond to the LBA 111 of FIG. 1. The SPB Loader 206 may correspond to the SPB Loader 132 of FIG. 1. The bundle 207 may be a secondary platform bundle (SPB). For a description of the terminal 203, the LBA 204, and the SPB loader 206, refer to the embodiment of FIG. 1.

Referring to FIG. 2, the user 200 may select and subscribe to a service (eg, data service through a mobile communication network) provided by the user 200 in the service subscription process 210. At this time, the user 200 can selectively transmit the identifier (SSP ID) of the SSP 205 installed in the terminal 203 to install the bundle to the service provider 201 for use of the service provided by the service provider 201. have. According to some embodiments, in the service subscription process 210 of FIG. 2, the user 200 receives the SSP activation code from the service provider 201 to install the bundle on the terminal of the user 200 from the service provider 201 in the form of a QR code. Can be provided. According to some embodiments, the SSP Activation Code provided after the user 200 subscribes to the telecom service may include information for downloading a telecom bundle and an eSIM Activation Code for downloading an eSIM profile instead of a telecom bundle. .

In the bundle production requirement delivery process 211, the service provider 201 and the SPB Manager 202 may perform a bundle download preparation procedure. In the bundle production requirement delivery process 211, the service provider 201 can selectively deliver the identifier (SSP ID) of the SSP 205 to which the bundle is to be installed to the SPB Manager 202, and provide the service selected by the subscriber. At least one of a possible specific bundle identifier (SPB ID) and a bundle family identifier (SPB Family ID) may be transmitted to the SPB Manager 202. In the bundle production requirement delivery process 211, the SPB Manager 202 may select one of a bundle having a delivered specific bundle identifier or a bundle having a bundle family identifier, and delivers the selected bundle identifier to the service provider 201 can do. In the bundle production requirement delivery process 211, the service provider 201 or the SPB Manager 202 may newly generate a bundle matching ID capable of distinguishing the selected bundle. The bundle matching ID that can distinguish the bundle may be called CODE_M. In addition, the SPB Manager 202 may connect and manage the transmitted SSP identifier (SSP ID) and the selected bundle. In the bundle production requirement delivery process 211, the SPB Manager 202 may deliver the bundle management server address (SPB Manager Address) for downloading the selected bundle to the service provider 201. In this case, the bundle management server address may be the address of a specific or arbitrary bundle management server in which the prepared bundle is stored, and may be the address of another bundle management server that can store and obtain download information (server address, etc.) of the prepared bundle. have. When the service provider 201 requests the SPB Manager 202 to prepare a telecom bundle in the bundle production requirement delivery process 211, information on an eSIM profile matching the corresponding telecom bundle may be provided together.

When part of the bundle production requirement delivery process 211 precedes the service subscription process 210, the service provider 201 may deliver the prepared bundle download information to the user 200 in the service subscription process 210. As the bundle download information, at least one of a bundle management server address (SPB Manager Address) in which a bundle is prepared, a bundle matching ID of a prepared bundle, and a bundle family identifier of a prepared bundle may be selectively transmitted.

Referring to FIG. 2, bundle download information may be transmitted to the LBA 204 of the terminal 203 in the process of inputting bundle information to be downloaded 231. The bundle download information may include at least one of the address of the bundle management server to which the LBA 204 will access (SPB Manager Address), the bundle identifier of the bundle prepared in the bundle production requirement delivery process 211, and the bundle family identifier of the prepared bundle. I can. The bundle identifier may include at least one of a bundle matching ID or a bundle event ID generated in the bundle production requirement delivery process 211. Also, the bundle identifier may include a bundle family identifier of the prepared bundle. The bundle Event ID may include at least one of a bundle matching ID of a bundle prepared in the bundle production requirement delivery process 211 and an address of a bundle management server. The user 200 may input the bundle download information into the LBA 204 by inputting an SSP activation code (eg, QR code scanning, direct text input, etc.), and input the bundle download information into the LBA 204. In addition, the bundle download information may be input to the LBA 204 using a push input through an information providing server (not shown). In addition, the LBA 204 may access the information providing server (not shown) previously set in the terminal 203 to receive bundle download information.

The bundle download from the SPB Manager 202 to the SSP 205 is a function performed at the interface 221 between the SPB Manager 202 and the LBA 204 and the interface 222 between the LBA 204 and the SPB Loader 206 It can be implemented with and operation. The interface 222 between the LBA 204 and the SPB Loader 206 may correspond to the first interface 122 of FIG. 1. The interface 222 between the LBA 204 and the SPB Loader 206 may be referred to as a Si3 interface.

3 is a diagram showing the structure of first bundle information delivered to an LBA by an SPB manager.

The first bundle information object 301 may include a first bundle information basic field 310, a family-specific metadata 320, and a management organization-specific metadata 331 and 332. The first bundle information object 301 may include a plurality of management agency-specific metadata.

The first bundle information basic field 310 may include a bundle identifier 311, a bundle family identifier 312, and a management organization object identifier 313. The bundle identifier 311 may be an identifier of a secondary platform bundle corresponding to the first bundle information. The bundle family identifier 312 may be a family identifier to which the secondary platform bundle corresponding to the first bundle information belongs. The management organization object identifier 313 may be an object identifier of an organization that manages the family identifier of the secondary platform bundle corresponding to the first bundle information. The first bundle information basic field 310 may include a plurality of management organization object identifiers 313. When the first bundle information basic field 310 includes a plurality of management organization object identifiers 313, a plurality of management organization object identifiers 313 are listed according to preference or the most of the plurality of management organization object identifiers 313 A preferred management authority object identifier can be designated. The first bundle information basic field 310 may be used for verifying whether the certificate of the loader and the certificate of the SPB manager used by the SPB loader 206 of the SSP terminal in the bundle installation procedure are correctly used.

The family-specific metadata 320 of FIG. 3 may include a bundle family identifier 312. The family-specific metadata 320 may include settings, parameters, and functions that can be commonly applied to a bundle having a corresponding family identifier.

The management agency-specific metadata 331 and 332 of FIG. 3 may include a management agency object identifier. The management organization object identifier included in the management organization-special metadata may have a different value from the management organization object identifier 313 included in the first bundle information basic field 310. For example, when the management organization object identifier 313 in the first bundle information 301 is a first management organization, the first bundle information 301 is a second management organization that manages the same family identifier as the first management organization. May contain defined governance-specific metadata. The first bundle information 301 may not include management agency-specific metadata.

The first bundle information example 301a of FIG. 3 is an exemplary embodiment following the structure of the first bundle information object 301. The first bundle information basic field 310a of the first bundle information example 301a is a bundle identifier 311a having a value of '1234-5678-aa' and a bundle family identifier 312a having a family identifier value of a telecom family. , It may include a management organization object identifier (313a) having the object identifier of the organization 1.

The first bundle information example 301a may include the family-specific metadata 320a, and the family-specific metadata 320a may include the same value as the bundle family identifier 312a. The family-specific metadata 320a may include settings, parameters, and functions that can be commonly applied to a bundle having the bundle family identifier 312a. In particular, since the bundle family identifier 312a of the first bundle information example 301a is a family identifier of a telecom family, the family-specific metadata 320a includes the family identifier of the telecom family, and is commonly applied to the telecom family bundle. It can include settings, parameters, and functions that can be done.

The first bundle information example 301a may include a management organization-specific metadata 331a and 332a defined by each of the organization(s) managing the bundle family identifier 310a. The management agency-specific metadata 331a and 332a may include an object identifier of the management agency and settings, parameters, and functions defined by the agency. The family-specific metadata 320a must be defined for the bundle family identifier 312a of the first bundle information basic field 310a. The management-organization special metadata 331a and 332a must be defined for the bundle family identifier 312a, but need not necessarily include the management organization object identifier 313a included in the first bundle information basic field 310a.

According to some embodiments, the first bundle information may include a plurality of family-specific metadata 320 and 321 like the first bundle information object 2 302. The first bundle information object 302 is not shown in the drawing, but may include a plurality of management agency-specific metadata 332. The first bundle information example 2 (302a) is an example of first bundle information including a plurality of family-specific metadata. In the first bundle information example 2 302a, as in the first bundle information example 302, the family identifier 312a is the family identifier of the Telecom family, and the object identifier 313a of the management organization has the object identifier of organization 1. . The first bundle information example 2 (302a) includes two family-specific metadata (320a, 321a), and the family-specific metadata 1 (320a) is the first bundle information of the first bundle information example 2 (302a). The bundle family identifier 312a of the field 310a may be included. Also, the family-specific metadata 1 320a may include data applied to the bundle family identifier 312a. The family-specific metadata 2 321a may include a family identifier different from the bundle family identifier 312a. The family-specific metadata 2 321a may include a value different from the bundle family identifier 312a and may include data for another family identifier. The family-specific metadata 2 321a is not data for the bundle family identifier 312a of the first bundle information example 2 302a, but may be used by the SSP terminal and the SSP as needed.

4A is a flowchart illustrating a method of requesting first bundle information and second bundle information from an SPB manager by an SSP terminal according to an embodiment of the present disclosure.

In step 410, the LBA 402 of the SSP terminal 400 sends a function for requesting SSP information to install the bundle in the SSP to the loader (SPB Loader) 401 in the SSP. The SSP information request function command may include a family identifier of a bundle to be installed. The SSP information request function command may also include an Object Identifier of an organization that manages the family identifier of the bundle to be installed.

In step 411, when receiving the SSP information request function command, the loader 401 may generate and transmit the first SSP information to the LBA 402. The first SSP information includes a list of certificate CI information to be used by the loader 401 and the SPB manager 403, a list of identifiers of encryption algorithms to be used in the bundle download procedure, and a list of identifiers of key exchange algorithms for session key formation. I can. The first SSP information is a list of CI information of a certificate to be used by the loader and the SPB Manager 403 in order to download a bundle having a specific family identifier and a management agency object identifier of a specific management organization that manages the specific family identifier, The identifier list of the encryption algorithm and the identifier list of the key exchange algorithm may be included. The first SSP information may include information on the SSP version.

In addition, between step 410 and step 411 in FIG. 4A, the loader 401 may notify the LBA 402 that step 410 is completed, and the LBA 402 sends a command to the loader 401 to request the execution of step 411. I can deliver.

In step 412, the LBA 402 may form a Transport Layer Security (TLS) session with the SPB Manager 403 to request a bundle download.

In step 413, the LBA 402 calls the SPBM certificate request function to the SPB manager 403. When calling the function, the LBA 402 may include the first SSP information and the first terminal information received from the loader 401 in step 411 in the SPBM certificate request function command and transmit it to the SPB manager 403. The terminal information may be configured to include one including the version of the LBA 402, terminal information defined for each family identifier, and terminal information defined for each organization that manages a specific family identifier.

The SPB Manager 403, which has received the SPBM certificate request function called in step 413, may perform at least one of the following operations.

-Perform Eligibility check: By checking the versions of LBA and SPBL, you can check whether the SPB Manager is a supported SSP terminal.

-You can select the family identifier of the bundle.

-You can select the object identifier of the management organization that manages the family identifier of the bundle.

-You can select the SPBM key generation certificate (CERT.SPBM.KA) and the certificate chain to verify it.

-You can select the CI information of the certificate that the SSP should use.

-You can select the information of the encryption algorithm that the SSP should use for data encryption.

In step 414, the SPB Manager 403 may respond by including at least one of an SPBM key formation certificate and a certificate chain, CI information of a certificate to be used by the SSP, encryption algorithm information to be used by the SSP, and a family identifier of a bundle. The SPB Manager 403 may also respond by including the object identifier of the organization managing the family identifier.

The LBA 402 receiving the response from the SPB manager 403 in step 415 may call the SSP Credential request function to the loader 401. When calling the SSP Credential request function, the LBA 402 may transmit the function command including the server credential. The server credential may include at least one of the following.

-Bundle code matching information (Matching ID, CODE_M)

-Bundle family identifier

-SPBM key generation certificate (CERT.SPBM.KA) and certificate chain to verify it

-CI information of the signing certificate that the SSP should use

-Cryptographic algorithm information that SSP should use

In addition, in addition to the above-described information, the server credential may optionally include bundle code matching auxiliary information (challenge_S).

The loader 401 receiving the SSP Credential request function command may generate the SSP Credential based on the received server Credential. SSP Credential creation operation may include the following.

-Verification of SPBM key generation certificate (CERT.SPBM.KA)

-SPBL signing certificate selection according to the CI information of the certificate to be used by SSP

-SPBL ephemeral key pair creation

-Create ID_TRANSAC that can be used as session ID

-Generate the first session key (session key 1) with the public key included in the SPBM key generation certificate and the secret key (eSK.SPBL.KA) of the SPBL ephemeral key

-Generate sspImageSessionToken including SPBL ephemeral key and sspImageSessionTokenSignature signed with secret key (SK.SPBL.DS) corresponding to SPBL signing certificate (CERT.SPBL.DS)

-Generation of second SSP information. The second SSP information may include a Primary Platform Identifier. The second SSP information may include SSP information defined for a family identifier to be downloaded and SSP information defined for each organization managing the family identifier. The second SSP information is for the family identifier of the bundle to be downloaded, the organization that manages the bundle or service through the corresponding family identifier, or the management organization that manages the family identifier (organization, custodian) defined by each-specific SSP information (Organization). -Specific SSP information) can be included. The second SSP information may include a plurality of management agency-specific SSP information. The second SSP information may include family-specific SSP information that can be commonly used by management organizations for the family identifier of the bundle to be downloaded. Family-specific SSP information may include one family identifier, and may include a list of management organizations supported by the SSP mounted on the terminal for the corresponding family identifier. The list of management agencies supported by the SSP may be a list of object identifiers of management agencies supported by the SSP for the corresponding family ID. The word that the SSP supports a certain management organization may mean that the SSP can interpret the meaning of the SSP setting values, parameters, and bundle operation/management defined by the management organization and determine whether or not support is possible. have.

-Bundle code matching information (Matching ID, CODE_M), bundle code matching auxiliary information (challenge_S), sspToken including the generated second SSP information, and sspToken corresponding to the SPBL signature certificate (CERT.SPBL.DS) Create sspTokenSignature signed with private key

-Generate first encryption information (M-SSP) and first integrity check information (H-SSP) by encrypting SPBL signature certificate (CERT.SPBL.DS), SspToken, and SspTokenSignature with the generated first session key The generated SspToken and SspTokenSignature may be encrypted separately from the SPBL signature certificate to generate second encrypted information (M-SSP2) and second integrity check information (M-SSP2).

-A certificate chain to be used by the SPB Manager to verify the SPBL signing certificate, the generated sspImageSeesionToken, the generated sspImageSessionTokenSignature, the generated sspToken, the generated sspTokenSignature, the generated first encryption information (M-SSP), the generated SSP credential generation including the first integrity verification information (H-SSP). The SSP credential may include the generated second encryption information (M-SSP2) and second integrity verification information (H-SSP2).

In step 416, the loader 401 may transmit the generated SSP Credential to the LBA 402 in response to the SSP Credential request function. If an error occurs in an operation during the SSP Credential creation process, it may respond with an error message and terminate the procedure.

In addition, between step 415 and step 416 in FIG. 4A, the loader 401 may inform the LBA 402 that step 415 is completed, and the LBA 402 sends a command to the loader 401 to request the execution of step 416. I can deliver.

In step 418, as the LBA 402 receives the SSP Credential from the loader 401, it may call the bundle information request function to the SPB Manager 403. When the LBA 402 calls the bundle information request function, a bundle information request function command including the following may be transmitted to the SPB Manager 403.

-SSP Credential received from the loader 401

-Terminal information. The terminal information may include the version of the LBA, family-specific terminal information defined for the family identifier, and the management organization-specific terminal information defined by an organization managing the specific family identifier. The family special-terminal information may include a family identifier, and may indicate that it is terminal information for the included family identifier. The family special-terminal information may include information, parameters, setting values, and functions related to a corresponding family identifier. The family special-terminal information may include a list of management organizations supported by the SSP terminal. The list of management organizations supported by the SSP terminal may be a list of object identifiers of management organizations supported by the SSP terminal for a corresponding family identifier. The word that the SSP terminal supports a certain management organization means that the SSP terminal can interpret the meaning of the terminal information, terminal setting values, parameters, and terminal functions defined by the management organization and determine whether or not support is possible. Can mean

-RequestType indicating information requested by the SSP terminal to the SPB Manager 403.

requestType is expressed as one of several types including Type-A for requesting second bundle information from SSP, Type-B for requesting only first bundle information, and Type-C for requesting second bundle information after first bundle information request Can be. Type-D. By defining other actions other than the above-mentioned actions using requestType, Type-D. You can extend the operation by using Type-E, etc. As a method of classifying the type through requestType, it is possible to not send requestType to mean the type of the most basic operation. For example, if the operation of Type-A is the default operation, the SPB Manager 403 recognizes as Type-A if there is no requestType in the bundle information request function command, and if there is a requestType, it performs a different operation according to the corresponding value. You can also do it. In addition, it is possible to classify the type by defining a special bundle information request function command corresponding to a specific type without including information related to the request type in the bundle information request function command.

When the LBA 402 calls the bundle information request function, the requestType of the bundle information request function command includes Type-A (the type that requests the second bundle information) or Type-B (the type that only requests the first bundle information). If it has one of the following types, it may correspond to step 418. In addition, the case of sending a special bundle information request command corresponding to Type-A and Type-B although it does not include information about the request Type may also correspond to step 418. Step 418 of FIG. 4A illustrates a case in which requestType is Type-B (a type that requests only first bundle information).

In step 419, as the SPB Manager 403 receives the SSP Credential, the terminal information, the requestType having Type-A or Type-B from the LBA 402, the following operation is performed based on the received SSP Credential and the terminal information. At least one of them may be performed. In addition, in step 419, when requestType is not included but a special bundle request function command corresponding to Type-A or Type-B is received, at least one of the following operations may also be performed.

-Check whether requestType is Type-A or Type-B, or check whether bundle request function command corresponds to Type-A or Type-B

-Determine whether the bundle held by the SPB Manager 403 is compatible with the SSP terminal 400 based on the second SSP information

-Use eSK.SPBM.KA, a private key paired with the public key (ePK.SPBL.KA) of the SPBL ephemeral key and ePK.SPBM.KA, the public key of the SPBM key generation certificate. To generate the first session key (session key 1)

-M-SSP decryption using the first session key.

-Verify the SPBL signing certificate obtained by decrypting the M-SSP and the SPBL certificate chain in the SSP credential. Certificate verification can be verified by using the CI information of the certificate to be used by the SSP transmitted in step 413.

-Verification of sspToken obtained by decrypting M-SSP and its signature sspToken with SPBL certificate

-Verification of sspImageSessionToken and its signature sspImageSessionTokenSignature with SPBL certificate

-Store ID_TRANSAC value in sspImageSessionToken

-Determine whether a bundle corresponding to CODE_M existing in the sspToken is possessed

-Determine whether the bundle corresponding to CODE_M existing in the sspToken can be installed in the SSP terminal. The determination may be performed based on the Primary Platform Identifier included in the second SSP information, the family-specific SSP information defined for the family identifier to be downloaded, and the management agency-special SSP information defined for each organization managing the family identifier. .

-The first bundle information of the bundle corresponding to the CODE_M may be generated or the prepared first bundle information may be prepared.

The process of generating the first bundle information of the bundle may include the following process.

-Set the bundle identifier (310 in Fig. 3)

-Set the bundle family identifier (312 in Fig. 3). The set family identifier may be the same as the family identifier included in the response by the SPB Manager 403 in step 414.

-Setting the management agency object identifier 310. The set management agency object identifier may include a management agency object ID selectively included in the response by the SPB Manager 403 in step 414.

-Including family-specific metadata (320 in Fig. 3) in the first bundle information. The family-specific metadata may include the set bundle family identifier. The family-specific metadata may include set values, parameters, and information related to operation/management of the bundle defined for the set bundle family identifier.

-Management agency-including special metadata (331 in Fig. 3) in the first bundle information. The first bundle information may include a plurality of management agency-specific metadata. The SPB Manager 403 may include the management organization-specific metadata in the first bundle information based on the family-specific SSP information and the management organization-specific SSP information included in the second SSP information. For example, the SPB Manager 403 includes, in the first bundle information, the management organization-special metadata defined by the management organization included in the list of management organizations supported by the SSP included in the family-specific SSP information transmitted by the SSP terminal. I can make it. The SPB Manager 403 may include, in the first bundle information, management agency-specific metadata defined by a management agency that is not supported by the SSP terminal.

In step 419, after generating the first bundle information, the SPB Manager 403 may record and manage that the first bundle information has been generated. The SPB Manager 403 may manage the generated first bundle information in association with all or part of the SSP Credential information transmitted by the LBA 402. According to some embodiments, the SPB Manager 403 may manage the entire SSP Credential or some elements of the SSP Credential by linking, for example, Transaction Id and generated first bundle information. The corresponding recording and management performed by the SPB Manager 403 is whether the first bundle information request, which may be part of the operations performed in step 429, when a bundle information request function command for requesting second bundle information from the same terminal is received in the future. It can be used in a method of checking the SSP credential of the bundle information request function command in the check operation as a parameter.

In step 421, the SPB manager 403 may respond with the first bundle information to the bundle information request function in step 418. When a bundle information request function command corresponding to Type-A is received in step 418, step 421 may be omitted.

In step 425, the LBA 402 receiving the first bundle information may perform a first bundle information verification operation. The first bundle information verification operation may include the following process.

The LBA 402 may verify whether the family identifier (311 in FIG. 3) included in the received first bundle information is a valid value. The method of verifying the family identifier is, when the bundle download is performed based on the information received by the LBA in the bundle information input process 231 of FIG. 2, when the bundle family identifier is included in the information received by the LBA, the first bundle A procedure for checking whether the family identifier included in the information and the family identifier included in the input information are the same may be included. In addition, the method of verifying the family identifier may include a procedure of checking whether the family identifier included in the response to the SPBM certificate request function command and the family identifier included in the first bundle information are the same in step 414 described above.

The LBA 402 may verify whether the management organization object identifier (313 in FIG. 3) included in the received first bundle information is a valid value. The method of verifying the validity of the management agency object identifier is when the bundle download is performed based on the information received by the LBA in the bundle information input process 231 of FIG. 2, and the management agency object identifier is in the information received by the LBA. , A procedure of checking whether the value of the received first bundle information has the same value as the management agency object identifier. In addition, the method of verifying the validity of the management authority object identifier is to check whether the management authority object identifier included in the response to the SPBM certificate request function command in step 414 and the management authority object identifier included in the first bundle information are the same. May include procedures to do so.

The LBA 402 may check terminal settings, parameters, and functions included in family-specific metadata included in the received first bundle information.

In step 428, the LBA 402 may transmit a bundle information function command whose requestType of the bundle information request function command is Type-C (a type that requests the second bundle information after requesting the first bundle information) to the SPB Manager 403. have. In addition, in step 428, the LBA 402 does not include the requestType, but may transmit a special bundle request function command corresponding to Type-C to the SPB Manager 403.

The SPB Manager 403 that receives the bundle information request function command whose requestType is Type-C (the type that requests the second bundle information after requesting the first bundle information) or receives a special bundle request function command corresponding to Type-C Step 429 may be performed. In step 429, the SPB manager 403 may perform a process of checking whether the first bundle information is requested and an operation of generating the second bundle information.

According to some embodiments, the process of confirming whether the first bundle information is requested may be performed in steps 529 of FIG. 5, 629 of FIG. 6, step 729 of FIG. 7, step 829 of FIG. 8, and step 929 of FIG. 9 to be described later. 1 This may be a procedure to check whether bundle information is requested.

The second bundle information generation operation may consist of at least one of the following operations.

-Create TIME_STAMP and encrypt it with the first session key

-SPBM ephemeral key pair (ePK.SPBM.KA, eSK.SPBM.KA) creation

-Generate a second session key using the SPBM ephemeral private key (eSK.SPBM.KA) and the ePK.SPBL.KA extracted from the SSP Credential.

-SPBM certificate selection and certificate chain preparation for signing

-Create SPBM token including SPBM ephemeral public key (ePK.SPBM.KA) and ID_TRANSAC value in SSP Credential

-Generate SPBM token signature by signing SPBM token with private key corresponding to SPBM certificate for signing

-Encrypt image descriptor, ARP token, Segment Descriptor Structure, etc. with the second session key

-Generate second bundle information to be delivered to the terminal. The second bundle information may include second bundle information including data encrypted with the second session key, SPBM Token, SPBM Token signature, and bundle segment.

In step 430, the SPB manager 403 is the second bundle information (bound SPB image) in response to the bundle information request function command corresponding to the type-C requestType in step 428 or the special bundle information request function command corresponding to Type-C. Can be passed to the LBA 402.

In step 418 of the above embodiment, the LBA 402 provides a bundle information request function whose requestType of the bundle information request function command is Type-A (a type that requests second bundle information) or a special bundle request function command corresponding to Type-A. Can be called. In step 418, the SPB manager 403 receiving a bundle information request command having a requestType of the bundle information request function command of Type-A or a special bundle request function command corresponding to Type-A may perform the following operation.

-Perform step 419.

-In step 429, the process of checking whether the first bundle information is requested is omitted, and the second bundle information generation operation is performed.

-In accordance with step 430, the SBP Mananger 430 transfers the second bundle information to the LBA 402 to the bundle information request function command or Type-A whose requestType of the bundle information request function command of the LBA 402 is Type-A. It is possible to respond to the corresponding bundle information request function command.

4B is a flowchart illustrating a method for a SSP terminal to request second bundle information without separately requesting first bundle information from an SPB manager, according to some embodiments of the present disclosure.

4B may be an exemplary embodiment of FIG. 4. Specifically, FIG. 4B is a case in which the SPB Mananger 402 receives a bundle information request command corresponding to Type-A (a type that requests second bundle information) or a special bundle information request function command corresponding to Type-A in step 418, It is a flowchart of an embodiment in which the SPB manager responds to the LBA 402 by generating second bundle information.

Steps 410 to 417 in FIG. 4B may correspond to steps 410 to 417 of FIG. 4A. In step 418b in FIG. 4B, when the LBA 402 calls the bundle information request function in step 418 of FIG. 4A, requestType indicating Type-A for requesting the second bundle information is included in the bundle information request function command, or Type In some embodiments, a special function command corresponding to a request for second bundle information including -A is transmitted. Upon receiving the second bundle information request function command corresponding to Type-A in step 418b, the SPB manager 403 may perform step 419. Step 419 may correspond to step 419 of FIG. 4A. After performing step 419, the SPB manager 403 may perform step 429b. Step 429b may be an operation corresponding to the operation of generating the second bundle information of step 429 of FIG. 4A.

FIG. 5 is a diagram illustrating a process of requesting a bundle after an SSP terminal receives first bundle information from an SPB manager according to some embodiments of the present disclosure. FIG. 5 particularly relates to an embodiment of performing a first bundle information request confirmation procedure in step 429 described above with reference to FIG. 4 based on an SSP credential value included in a bundle information request function command.

The previous steps including step 525 in FIG. 5 may be performed in the same manner as the corresponding steps described above in FIG. 4.

In step 528, the LBA 402 may transmit a command for a bundle information request function to the SPB manager 403. In step 528, the LBA 402 may include SSP credential, terminal information, and requestType in the bundle information request function command. In step 528, the value of requestType refers to Type-C, which means requesting the second bundle information after receiving the first bundle information.

After receiving the bundle information request function command in step 528, the SPB manager 403 checks whether the terminal transmitting the command is the same as the terminal sending the bundle information request function command in step 418 (a procedure for checking whether the first bundle information request ) Can be performed. In step 529, the procedure for confirming whether to request the first bundle information is whether the SSP credential included in the command transmitted to request the first bundle information in step 518 and the same SSP credential and terminal information as the terminal information are included in the command of step 528. This can be done by verifying.

The procedure for confirming whether the first bundle information is requested in step 529 may be simplified to a process of checking whether the SSP credential transmitted in step 528 is the same as the SSP credential transmitted in step 518. The procedure for confirming whether the first bundle information is requested in step 529 may be a procedure for performing step 519 with the SSP credential and terminalInfo transmitted in step 518 and confirming whether the first bundle information has been successfully delivered to the terminal in step 521. have.

When it is confirmed that it is the same SSP terminal through the first bundle information request confirmation procedure of step 529. The SPB Manager 403 may perform the above-described second bundle information generation operation with reference to step 429 of FIG. 4. When the second bundle information generation operation is successfully performed, the second bundle information may be included in a response to the bundle information request function command in step 530 and transmitted to the LBA 402.

6 is a diagram for explaining a process of requesting a bundle after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure. FIG. 6 particularly relates to an embodiment in which a procedure for confirming whether a first bundle information is requested in step 429 of FIG. 4 is performed by verifying a signature of a loader for a challenge value transmitted by an SPB manager.

The previous steps including step 619 in FIG. 6 may be performed in the same manner as the corresponding steps described above in FIG. 4.

When the operation of the SPB Manager 403 is normally performed in step 619, the SPB Managner 403 may transmit the first bundle information and the serverChallenge value in a response to the bundle information request function command according to step 621. Upon receiving the response transmitted from the SPB manager 403 in step 621, the LBA 402 may verify the first bundle information in step 625. After performing step 625, the LBA 402 transmits a signature request function command to the loader 401 according to step 626b. The signature request function command may include the serverChallenge received from the SPB Manager 403 in step 621.

Upon receiving the signature request function command, the loader 401 generates a signedChallenge that can be verified with the loader's signature certificate included in the SSP Credential in step 416 based on the serverChallenge value included in the signature request function command according to step 627. ). The loader can create a signedChallenge by signing the serverChallenge with the private key corresponding to the public key of the loader's signing certificate.

In step 627, the loader 401 may transmit the serverChallenge and the signed challenge to the LBA 402 in response to the signature request function command of the LBA 402 together in a response.

Upon receiving the response from the loader 401 in step 627, the LBA 402 may transmit the bundle information request function command to the SPB manager 403 according to step 628 to request second bundle information. In this case, the bundle information request function command in step 627 may include the signedChallenge received from the loader 401 in step 627. As a method including signedChallenge in the bundle information request function command, signedChallenge can be used as the value of requestType. serverChallenge can be delivered by being included in the bundle information request function command along with signedChallenge. The method of using the signedChallenge as a value of requestType may be used as an embodiment of a method of displaying Type-C (a type that requests second bundle information after requesting first bundle information).

In step 627, the LBA 402 may not include SSP credential and terminal information in the bundle information request function command. This is because the SSP terminal capable of generating a signedChallenge that can be verified by the SPB Manager is only an SSP terminal that has received the first bundle information and serverchallenge in response to the bundle information request function command previously sent to request the first bundle information. to be.

In accordance with step 629, the SPB Manager 403 receives the bundle information request function command and checks the requestType value included in the command. When the requestType value is Type-C (a type that requests the second bundle information after requesting the first bundle information), the SPB Manager 403 may perform a procedure for checking whether to request the first bundle information. The first bundle information request confirmation procedure may be a method of verifying the signed challenge included in the command received by the SPB manager 403. signedChallenge may be included in requestType. The SPB Manager 403 may verify the signedChallenge included in the bundle information request function command with the public key included in the SPBL (loader) certificate verified in step 619. The signedChallenge can be verified by verifying that it is the signature of the serverChallenge value delivered by the SPB Manager 403 to the LBA 002 in step 621. The fact that the signedChallenge can be verified with the public key included in the loader's certificate is to prove that the serverChallenge sent by the SPB Manager (403) was signed by the loader (401) that created the SSP credential to create the signedChallenge. The manager 403 may confirm that the terminal that has transmitted the bundle information request function command is the same terminal as the terminal that requested the first bundle information in step 618 (procedure of checking whether to request first bundle information).

When it is confirmed that it is the same SSP terminal through the signedChallenge of step 629. The SPB Manager 403 may perform the above-described second bundle information generation operation with reference to step 629 of FIG. 4. When the second bundle information generation operation is successfully performed, the second bundle information may be included in the response to the bundle information request function command in step 630 and transmitted to the LBA 402.

7 is a diagram illustrating a process of requesting a bundle after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure.

FIG. 7 particularly relates to an embodiment in which a procedure for confirming whether a first bundle information is requested in step 429 of FIG. 4 is performed by verifying a signature of a loader for a challenge value transmitted by an SPB manager.

The previous steps including step 713 in FIG. 7 may be performed in the same manner as the corresponding steps described above in FIG. 4. Upon receiving the SPBM certificate request function command in step 713, the SPB Manager 403 may perform the following.

-Perform Eligibility check: Check the version of LBA and SPBL to check if it is a supported SSP

-Confirmation of bundle's family identifier

-(Optional) Confirmation of the object identifier of the organization that manages the family identifier of the bundle

-Select SPBM key generation certificate (CERT.SPBM.KA) and certificate chain to verify it

-Select CI information of certificate to be used by SSP

-Select information of encryption algorithm that SSP should use for data encryption

In step 713, the SPB manager 403, which has normally completed the above operation, is at least one of the SPBM key formation certificate and certificate chain, CI information of the certificate to be used by the SSP, encryption algorithm information to be used by the SSP, and family identifier of the bundle in step 714 You can respond by including. The SPB Manager 403 may also respond by including the object identifier of the organization managing the family identifier. In addition, in step 714, the SPB Manager 403 may generate a serverChallenge value, include it in the SPBM certificate request function response, and transmit it to the LBA 402. The serverChallenge value is generally an octet string having a length of 16 bytes and can be randomly generated by the SPB Manager 403. Also, serverChallenge can be used with octet strings of different lengths.

The LBA 402 receiving the response from the SPB manager 403 in step 714 may transmit the SSP Credential request function command to the loader 400 by calling the SSP Credential request function in step 715. The SSP Credential request function command may include a server credential. The server credential may be generated in the same manner as step 415 of FIG. 4.

The loader 401 receiving the SSP Credential request function command in step 716 may generate the SSP Credential based on the received server Credential. The SSP Credential generation operation may correspond to the SSP Credential generation operation in step 416 of FIG. 4. In step 716, the loader 401 may create a signedChallenge by signing the serverChallenge included in the SSP Credential request function command. The signedChallenge can be created by signing the serverChallenge using the private key corresponding to the public key of the SPBL signing certificate delivered by including in the SSP Credential. In step 716, the loader 401 may respond to the SSP Credential request function command including the generated SSP Credential and signedChallenge.

In accordance with step 717, the LBA 402 may store the signedChallenge value received from the loader 401 in step 716. The signedChallenge value can be used to prove that the LBA 402 is the same SSP terminal when the LBA 402 first requests and receives the first bundle information and then requests the second bundle information in the currently ongoing bundle download session.

Steps 718, 719, and 721 of FIG. 7 may correspond to steps 418, 419, and 421 of FIG. 4.

In step 721, the LBA 402, which has received the first bundle information from the SPB manager 403, may perform the following operation according to step 725.

-First bundle information verification: The operation may refer to the first bundle information verification operation performed in step 425 of FIG. 4.

-Using the signedChallenge stored in step 717, the bundle information request function command can be generated.

In accordance with step 728, the LBA 402 may transmit a bundle information request function command to the SPB manager 403 to download the second bundle information from the SPB manager 403. In step 728, the requestType of the bundle information request function command may mean Type-C (a type for requesting second bundle information after requesting first bundle information). In step 7287, the LBA 402 may use the signedChallenge stored in step 717 as a value of requestType meaning Type-C. In step 728, signedChallenge and serverChallenge may be included in the bundle information request function commmand. In step 728c, the bundle information request function command may not include SSP credential and terminal information.

In step 7297, the SPB manager 403 may receive the bundle information request function command and check the requestType. When requestType is Type-C, the SPB Manager 403 may perform a procedure to check whether a first bundle is requested. The first bundle request confirmation procedure may be a method of verifying signedChallenge included in the bundle information request function command. signedChallenge is used as a value of requestType and may mean that it is Type-C. The signedChallenge is verified using the SPBL signing certificate verified in step 7719. The verification of signedChallenge may be a process of verifying whether the signature of the SSP for the severChallenge created by the SPB Manager 403 at 714 is the signedChallenge using the SPBL signature certificate. Whether signedChallenge is the signature for the serverChallenge sent in the bb14c step After verification, the SPB Manager 403 generates second bundle information. The second bundle information generation operation may refer to the second bundle information generation operation in step 429 of FIG. 4. The SPB Manager 403 having completed signedChallenge verification and generation of the second bundle information in step 729 may respond to the LBA 402 by including the second bundle information in a response to the bundle information request function command in step 730.

FIG. 8 is a diagram illustrating a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure. FIG. 8 relates to an embodiment in which the first bundle information request confirmation procedure in step 429 of FIG. 4 is performed by verifying a signature for an ID_TRANSAC value that can be used as a session ID included in the SSP Credential.

The previous steps including step 815 in FIG. 8 may be performed in the same manner as the corresponding steps described above in FIG. 4.

In step 816, the loader 401 receiving the SSP Credential request function command from the LBA 402 may generate the SSP Credential based on the received server Credential. In step 816, the loader 401 may generate signedIdTransac by signing the ID_TRANSAC value generated during the SSP Credential generation process. The signedIdTransac value can be generated by signing the ID_TRANSAC value using the private key corresponding to the public key of the SPBL signing certificate included in the SSP Credential. In step 816, the loader 401 may respond to the SSP Credential request function command of the LBA 402 including SSP Credential and signedIdTransac.

In step 817, the LBA 402 may store signedIdTransac included in the response received from the loader 401 in step 816. The signedIdTransac value can be used to prove that the LBA 402 is the same SSP terminal when the LBA 402 first requests and receives the first bundle information and then requests the second bundle information in the currently ongoing bundle download session.

Steps 818, 819, and 821 of FIG. 8 may correspond to steps 418, 419, and 421 of FIG. 4.

In step 821, the LBA 402, which has received the first bundle information from the SPB manager 403, may perform the following operation according to step 825.

-First bundle information verification: The operation may refer to the first bundle information verification operation performed in step 425 of FIG. 4.

-The bundled information request function command can be generated using the signedIdTransac stored in step 817.

In accordance with step 828, the LBA 402 may transmit a bundle information request function command to the SPB manager 403 to download the second bundle information from the SPB manager 403. In step 828, the requestType of the bundle information request function command may mean Type-C (a type that requests second bundle information after requesting first bundle information). In step 828, the LBA 402 may use the signedIdTransac stored in step 817 as a value of requestType meaning Type-C. In step 828, signedIdTransac and ID_TRANSAC may be included in the bundle information request function commmand. In step 828, the bundle information request function command may not include SSP credential and terminal information.

In step 829, the SPB manager 403 may receive the bundle information request function command and check the requestType. When requestType is Type-C, the SPB Manager 403 performs a procedure to check whether the first bundle is requested. The first bundle request confirmation procedure may be a method of verifying signedIdTransac included in the bundle information request function command. signedIdTransac is used as a value of requestType and may mean that it is Type-C. signedIdTransac is verified using the SPBL signing certificate verified in step 819. The verification of signedIdTransac may be a process of verifying whether the signature of the SSP for ID_TRANSAC included in the bundle information request function command received by the SPB Manager 403 at 818 is signedIdTransac using an SPBL signature certificate. After verifying whether signedIdTransac is a signature for ID_TRANSAC received in step 818, the SPB Manager 403 generates second bundle information. The second bundle information generation operation may correspond to the second bundle information generation operation in step 429 of FIG. 4. The SPB Manager 403 having completed signedIdTransac verification and generation of the second bundle information in step 829 may respond to the LBA 402 by including the second bundle information in a response to the bundle information request function command in step 830.

9 is a diagram for explaining a process of requesting second bundle information after an SSP terminal receives first bundle information from an SPB manager according to an embodiment of the present disclosure. In particular, FIG. 9 relates to an embodiment in which a first bundle information request function command and a second bundle information request function command exist separately, and second bundle information is generated after the first bundle information is generated.

The previous steps including step 916 in FIG. 9 may correspond to the steps described above with reference to FIG. 4.

In step 918, the LBA 402 may transmit a first bundle information request function command to the SPB manager 403. The first bundle information request function command may include SSP credential and terminal information, and this command is specified to request first bundle information, and unlike the above-described embodiments, information on the request type may not be included. have.

Steps 919, 921, and 925 may correspond to steps 419, 421 and 425 described above with reference to FIG. 4.

In step 928, the LBA 402 may transmit a second bundle information request function command to the SPB manager 403. The second bundle information request function command may include SSP credential and terminal information, and this command is specified to request second bundle information, and unlike the above-described embodiments, information on the request type may not be included. have.

The SPB manager receiving the second bundle information request function command in step 928 may perform step 929. In step 929, the SPB manager may perform a procedure of determining whether the SSP terminal has received the first bundle information based on the SSP credential and terminal information included in the second bundle information request function command. In step 929, the SPB manager may perform the operation of step 919 once more.

Meanwhile, when the SSP terminal sends the second bundle request function command in step 918, the SPB manager may perform step 919 and then skip step 921 and perform an operation (step 929) of generating second bundle information. The bundle request function command for not performing step 921 may be defined as a function command different from the second bundle request function command transmitted in step 928.

Step 930 may correspond to step 430 described above with reference to FIG. 4.

10 is a flowchart illustrating an operation of the SPB Manager when the SPB Manager receives a bundle information request function command during a bundle download procedure.

The start of the operation of the SPB manager in FIG. 10 starts with receiving a function command through the Si2 interface, which is an interface between the LBA and the SPB manager. Upon receiving the function command through the Si2 interface, the SPB manager determines whether the received function command is a bundle or a command requesting first bundle information according to FIG. 1001. The function command is referred to as a bundle information request function command in the present disclosure, and may also be referred to as Si2GetBoundSpbImageCommand, Si2GetBoundSpbImageMetadataCommand, or the like. The bundle information request function command may include SSP Credential, terminal information, and requestType.

The function command received in FIG. 1001 is a bundle information request function command indicating Type-A (a type that requests second bundle information) or Type-B (a type that requests only first bundle information) defined in step 418 of FIG. In this case, according to step 1002, the first session key generation, SBPL signature certificate verification, SSP credential verification, bundle selection, check whether the SSP terminal requesting the bundle download can download the bundle, and metadata generation may be performed. Step 1002 may correspond to an operation performed by the SPB Manager in step 419 of FIG. 4.

The SPB manager, which normally performed step 1002 according to step 1003, can check whether the requestType included in the bundle information request command is Type-B (a type that only requests first bundle information) according to step 1004. When requestType is Type-B (a type that only requests first bundle information), according to step 1005, a response to the LBA including first bundle information may be performed. In step 1005, the SPB Manager may include serverChallenge together with the first bundle information in the response according to some embodiments. The SPB manager who has not normally performed all the operations in step 1002 may transmit an error message in response to the LBA in step 1010.

In step 1004, if the requestType included in the bundle information request command is Type-A (a type that requests second bundle information), the SPB manager generates second bundle information according to FIG.509 and includes the generated second bundle information. To respond to the LBA. The second bundle information generation operation may correspond to the second bundle information generation operation in step 429 of FIG. 4.

When the function command received in step 1006 includes the Type-C defined in step 418 of FIG. 4 (the type that requests the second bundle information after requesting the first bundle information), the SPB manager performs the function command according to step 507. It is possible to perform an operation of verifying whether the terminal that transmitted is the terminal that has previously requested the first bundle information. The verification operation of step 1007 may be performed as one of the following.

-Procedure of confirming whether the first bundle information is requested in step 529 of FIG. 5: It may be simplified to a process of checking whether the SSP credential transmitted in step 5295 is the same as the SSP credential transmitted in step 518.

-SignedChallenge verification in step 629 of FIG. 6: The SPB Manager 403 verifies the signedChallenge included in the received command. signedChallenge may be included in requestType. The SPB Manager 403 verifies the signedChallenge included in the bundle information request function command with the public key included in the SPBL (loader) certificate verified in step 619. The signedChallenge can be verified by verifying that it is the signature of the serverChallenge value delivered by the SPB Manager 403 to the LBA 002 in step 621.

-SignedChallenge verification in step 729 of FIG. 7: The signedChallenge is verified using the SPBL signature certificate verified in step 719. The verification of signedChallenge may be a process of verifying whether the signature of the SSP for the severChallenge created by the SPB Manager 403 in bb14c is the signedChallenge using the SPBL signature certificate.

-SignedIdTransac verification of step 829 of FIG. 8: The signedIdTransac included in the bundle information request function command is verified. signedIdTransac is used as a value of requestType and may mean that it is Type-C. signedIdTransac is verified using the SPBL signing certificate verified in step 819. The verification of signedIdTransac may be a process of verifying whether the signature of the SSP for ID_TRANSAC included in the bundle information request function command received by the SPB Manager 403 in bb18 is signedIdTransac, using the SPBL signature certificate.

After successfully performing the verification operation of step 1007, the SPB Manager performs step 1009. If the verification operation of step 1007 fails, an error message may be delivered according to step 1010.

11 is a flowchart illustrating an operation of an SSP terminal according to an embodiment.

In step 1110, the SSP terminal may transmit a request for first bundle information including the bundle identifier and metadata to the SPB server. Step 1110 may correspond to step 418, step 518, step 618, step 718, step 818, and step 918 of FIGS. 4 to 9, respectively.

In step 1120, the SSP terminal may verify the validity of the first bundle information received from the SPB server according to the request. Step 1120 may correspond to step 425, step 525, step 625, step 725, step 825, and step 925 of FIGS. 4 to 9, respectively.

In step 1130, as the first bundle information is verified to be valid, the SSP terminal may transmit a request for second bundle information including encrypted data regarding the bundle to the SPB server. Step 1130 may correspond to step 428, step 528, step 628, step 728, step 828, and step 928 of FIGS. 4 to 9.

In step 1140, the SSP terminal may receive the second bundle information from the SPB server as it is determined that the SSP terminal is the terminal that requested the first bundle information based on the request for the second bundle information. Step 1140 may correspond to step 430, step 530, step 630, step 730, step 830, and step 930 of FIGS. 4 to 9.

12 is a flowchart illustrating an operation of an SPB server according to an embodiment.

In step 1210, the SPB server may receive a request for first bundle information including a bundle identifier and metadata from the SSP terminal. Step 1110 may correspond to step 418, step 518, step 618, step 718, step 818, and step 918 of FIGS. 4 to 9, respectively.

In step 1220, the SPB server may transmit the first bundle information to the SSP terminal according to the request. Step 1220 may correspond to step 421, step 521, step 621, step 721, step 821, and step 921 of FIGS. 4 to 9.

In step 1230, as the first bundle information is verified to be valid, the SPB server may receive a request for second bundle information including encrypted data regarding the bundle from the SSP terminal. Step 1130 may correspond to step 428, step 528, step 628, step 728, step 828, and step 928 of FIGS. 4 to 9.

In step 1240, the SPB server may transmit the second bundle information to the SSP terminal as it is determined that the SSP terminal is the terminal requesting the first bundle information based on the request for the second bundle information. Step 1140 may correspond to step 430, step 530, step 630, step 730, step 830, and step 930 of FIGS. 4 to 9.

13 is a block diagram of an SSP terminal according to an embodiment.

The SSP terminal 1300 may include an LBA 1310, a processor 1320, a transceiver 1330, and a memory 1340.

The LBA 1310 and the processor 1320 may correspond to the LBA and SSP described above with reference to FIGS. 1 to 9, and the block diagram shown in FIG. 13 is only an example, and the LBA may be configured inside the processor. .

The transceiver 1330 may transmit and receive signals to and from other devices, for example, an SPB server. To this end, the transceiver 1330 may include an RF transmitter that up-converts and amplifies a frequency of a transmitted signal, and an RF receiver that amplifies a received signal with low noise and down-converts a frequency.

The memory 1340 may store signals transmitted and received by the SSP terminal, and may store commands necessary to perform the above-described operations.

14 is a block diagram of an SPB server 1400 according to an embodiment.

The SPB server 1400 may include a transceiver 1410, a processor 1420, and a memory 1430.

The transceiver 1410 may transmit and receive signals to and from other devices, for example, SSP terminals. To this end, the transceiving unit 1410 may include an RF transmitter that up-converts and amplifies a frequency of a transmitted signal, and an RF receiver that amplifies a received signal with low noise and down-converts a frequency.

The processor 1420 may control the SPB server 1400 to perform the operation of the SPB manager described above with reference to FIGS. 1 to 9.

The memory 1430 may store signals transmitted and received by the SPB server 1400 and may store commands required to perform the above-described operations.

In the above-described specific embodiments of the present disclosure, components included in the disclosure are expressed in the singular or plural according to the presented specific embodiments. However, the singular or plural expression is selected appropriately for the situation presented for convenience of description, and the present disclosure is not limited to the singular or plural constituent elements, and even constituent elements expressed in plural are composed of the singular or singular. Even the expressed constituent elements may be composed of pluralities.

Meanwhile, although specific embodiments have been described in the detailed description of the present disclosure, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure is limited to the described embodiments and should not be determined, and should be determined by the scope of the claims as well as the equivalents of the claims to be described later.

Various embodiments of the present disclosure and terms used therein are not intended to limit the technology described in the present disclosure to a specific embodiment, and should be understood to include various modifications, equivalents, and/or substitutes of the corresponding embodiment. In connection with the description of the drawings, similar reference numerals may be used for similar elements. Singular expressions may include plural expressions unless the context clearly indicates otherwise. In this disclosure, expressions such as "A or B", "at least one of A and/or B", "A, B or C" or "at least one of A, B and/or C" are all of the items listed together It can include possible combinations. Expressions such as "first", "second", "first" or "second" can modify the corresponding elements regardless of their order or importance, and are only used to distinguish one element from another. The components are not limited. When it is stated that a certain (eg, first) component is “(functionally or communicatively) connected” or “connected” to another (eg, second) component, the certain component is It may be directly connected to the component or may be connected through another component (eg, a third component).

The term "module" used in the present disclosure includes a unit composed of hardware, software, or firmware, and may be used interchangeably with terms such as, for example, logic, logic blocks, parts, or circuits. A module may be an integrally configured component or a minimum unit or a part of one or more functions. For example, the module may be configured as an application-specific integrated circuit (ASIC).

Various embodiments of the present disclosure are software (eg, programs) including instructions stored in a machine-readable storage media (eg, internal memory or external memory) that can be read by a machine (eg, a computer). A device is a device capable of calling a command stored from a storage medium and operating according to the called command, and may include a terminal according to various embodiments of the present disclosure. When the command is executed by a processor, the processor The instruction may perform a function corresponding to the instruction directly or using other components under the control of the processor, and the instruction may include a code generated or executed by a compiler or an interpreter.

A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here,'non-transient' means that the storage medium does not contain a signal and is tangible, but does not distinguish between semi-permanent or temporary storage of data in the storage medium.

A method according to various embodiments disclosed in the present disclosure may be included in a computer program product and provided. Computer program products can be traded between sellers and buyers as commodities. The computer program product may be distributed online in the form of a device-readable storage medium (eg, compact disc read only memory (CD-ROM)) or through an application store (eg, Play StoreTM). In the case of online distribution, at least some of the computer program products may be temporarily stored or temporarily generated in a storage medium such as a server of a manufacturer, a server of an application store, or a memory of a relay server. Each of the constituent elements (eg, modules or programs) according to various embodiments may be composed of a singular or a plurality of entities, and some sub-elements of the aforementioned sub-elements are omitted, or other sub-elements are various. It may be further included in the embodiment. Alternatively or additionally, some constituent elements (eg, a module or a program) may be integrated into one entity, and functions performed by each corresponding constituent element prior to the consolidation may be performed identically or similarly. Operations performed by modules, programs, or other components according to various embodiments may be sequentially, parallel, repetitively or heuristically executed, or at least some operations may be executed in a different order, omitted, or other operations may be added. I can.

Claims (20)

In the method for the terminal to provide bundle information,
Obtaining a smart secure platform (SSP) credential;
Transmitting a request command including a request type for the acquired SSP credential and bundle information to a server; And
When the SSP credential is verified by the server, receiving first bundle information or second bundle information from the server based on the request type; Including,
The first bundle information includes secondary platform bundle (SPB) metadata on the second bundle information. The method of claim 1,
The receiving step includes, when the request type is determined as the first type, receiving the second bundle information from the server. The method of claim 1,
The receiving step,
Receiving the first bundle information from the server when the request type is determined as the second type;
Verifying the received first bundle information;
Transmitting a request command for the second bundle information to the server; And
When the request type of the request command for the second bundle information is determined as a third type, and the request command for the second bundle information is verified in the server based on the SSP credential, the second Including; receiving bundle information. The method of claim 1,
The SPB metadata includes a set of custodian specific data corresponding to a family identifier. delete In the method for the server to provide bundle information,
Receiving a request command including a request type for a smart secure platform (SSP) credential of the terminal and bundle information from the terminal;
Identifying a request type for the bundle information from the request command; And
When the SSP credential is verified, transmitting first bundle information or second bundle information to the terminal based on the identified request type; Including,
The first bundle information includes secondary platform bundle (SPB) metadata on the second bundle information. The method of claim 6,
If the request type is determined as the first type, transmitting the second bundle information; further comprising. The method of claim 6,
The transmitting step,
Transmitting the first bundle information to the terminal when the request type is determined as the second type;
Receiving a request command for the second bundle information from the terminal based on the transmitted first bundle information being verified by the terminal;
Verifying the request command for the second bundle information based on the SSP credential when the request type of the request command for the second bundle information is determined as a third type; And
Containing, when the request command for the second bundle information is verified, transmitting the second bundle information to the terminal. The method of claim 6,
The SPB metadata includes a set of custodian specific data corresponding to a family identifier. delete In the terminal,
A transceiver; And
Including at least one processor,
The at least one processor,
Acquire a smart secure platform (SSP) credential,
Transmitting a request command including a request type for the acquired SSP credential and bundle information to the server through the transceiver,
When the SSP credential is verified in the server, first bundle information or second bundle information is received from the server based on the request type through the transmission/reception unit,
The first bundle information includes secondary platform bundle (SPB) metadata for the second bundle information. The method of claim 11,
The at least one processor, when the request type is determined as the first type, receives the second bundle information from the server through the transceiver. The method of claim 11, wherein the at least one processor,
When the request type is determined as the second type, receiving the first bundle information from the server through the transceiver,
Verify the received first bundle information,
Transmitting a request command for the second bundle information to the server through the transceiver,
When the request type of the request command for the second bundle information is determined as a third type, and the request command for the second bundle information is verified in the server based on the SSP credential, the server through the transceiver Receiving the second bundle information from the terminal. The method of claim 11,
The SPB metadata includes a set of custodian specific data corresponding to a family identifier. delete On the server,
A transceiver; And
Including at least one processor,
The at least one processor,
A request command including a request type for a smart secure platform (SSP) credential and bundle information of the terminal is received from the terminal through the transceiver,
Identify the request type for the bundle information from the request command,
When the SSP credential is verified, transmits first bundle information or second bundle information to the terminal based on the identified request type through the transceiver,
The first bundle information includes secondary platform bundle (SPB) metadata on the second bundle information. The method of claim 16, wherein the at least one processor,
When the request type is determined as the first type, the server to transmit the second bundle information through the transceiver. The method of claim 16, wherein the at least one processor,
When the request type is determined as the second type, the first bundle information is transmitted to the terminal through the transmission/reception unit,
Based on the transmitted first bundle information being verified in the terminal, a request command for the second bundle information is received from the terminal through the transceiver,
When the request type of the request command for the second bundle information is determined as the third type, the request command for the second bundle information is verified based on the SSP credential,
When the request command for the second bundle information is verified, the server transmitting the second bundle information to the terminal through the transceiver. The method of claim 16,
The SPB metadata includes a set of custodian specific data corresponding to a family identifier. delete

Images