KR102607207B1 - Method and apparatus for secondary platform bundle download using activation code - Google Patents

Abstract

A terminal according to some embodiments of the present disclosure receives data including an activation code from a service provider, detects the activation code, distinguishes each element of the activation code, and the activation code includes a bundle separator. It identifies whether SSP basic information is available, distinguishes between SSP basic information and family-specific information in the activation code, and if the activation code includes SSP basic information, bundle download can be performed using the SSP basic information.

Description

Bundle download method and device for SSP using activation code {METHOD AND APPARATUS FOR SECONDARY PLATFORM BUNDLE DOWNLOAD USING ACTIVATION CODE}

This disclosure relates to a method and device for downloading, installing, and storing a bundle on a smart security medium of a terminal.

In order to meet the increasing demand for wireless data traffic following the commercialization of the 4G communication system, efforts are being made to develop an improved 5G communication system or pre-5G communication system. For this reason, the 5G communication system or pre-5G communication system is called a Beyond 4G Network communication system or a Post LTE system. To achieve high data rates, 5G communication systems are being considered for implementation in ultra-high frequency (mmWave) bands (such as the 60 GHz band). In order to alleviate the path loss of radio waves in the ultra-high frequency band and increase the transmission distance of radio waves, the 5G communication system uses beamforming, massive array multiple input/output (massive MIMO), and full dimensional MIMO (FD-MIMO). ), array antenna, analog beam-forming, and large scale antenna technologies are being discussed. In addition, to improve the network of the system, the 5G communication system uses advanced small cells, advanced small cells, cloud radio access networks (cloud RAN), and ultra-dense networks. , Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), and interference cancellation. Technology development is underway. In addition, the 5G system uses advanced coding modulation (ACM) methods such as FQAM (Hybrid FSK and QAM Modulation) and SWSC (Sliding Window Superposition Coding), and advanced access technologies such as FBMC (Filter Bank Multi Carrier) and NOMA. (non-orthogonal multiple access), and SCMA (sparse code multiple access) are being developed.

Meanwhile, the Internet is evolving from a human-centered network where humans create and consume information to an IoT (Internet of Things) network that exchanges and processes information between distributed components such as objects. IoE (Internet of Everything) technology, which combines IoT technology with big data processing technology through connection to cloud servers, etc., is also emerging. In order to implement IoT, technological elements such as sensing technology, wired and wireless communication and network infrastructure, service interface technology, and security technology are required. Recently, sensor networks for connection between things, and machine to machine communication (Machine to Machine) are required to implement IoT. , M2M), and MTC (Machine Type Communication) are being researched. In an IoT environment, intelligent IT (Internet Technology) services that create new value in human life can be provided by collecting and analyzing data generated from connected objects. IoT is used in fields such as smart homes, smart buildings, smart cities, smart cars or connected cars, smart grids, healthcare, smart home appliances, and advanced medical services through the convergence and combination of existing IT (information technology) technologies and various industries. It can be applied to .

Accordingly, various attempts are being made to apply the 5G communication system to the IoT network. For example, technologies such as sensor network, Machine to Machine (M2M), and Machine Type Communication (MTC) are implemented through 5G communication technologies such as beam forming, MIMO, and array antennas. There is. The application of cloud radio access network (cloud RAN) as the big data processing technology described above can be said to be an example of the convergence of 5G technology and IoT technology. As various services can be provided as described above and with the development of mobile communication systems, there is a need for a method to effectively provide these services.

The disclosed embodiment is a method for installing the bundle on the smart security medium of the electronic device after the user pays for the service to be received and obtains permission by utilizing the bundle to be installed on the electronic device, and configures an activation code that can be recognized by the terminal software. Suggest a way to do it.

According to some embodiments of the present disclosure, a method of operating a service provider includes the steps of defining an activation code to be input by a terminal in order to perform a secondary platform bundle download operation on a smart secure medium (Smart Secure Platform); Adding family-specific information including a bundle separator to the activation code; and providing an activation code to the terminal.

Additionally, according to some embodiments of the present disclosure, a method of operating a terminal includes receiving data including an activation code from a service provider; detecting the activation code; Distinguishing each component (element, field value) of the activation code; identifying whether the activation code includes a bundle delimiter; detecting a bundle family value from the activation code; Distinguishing between SSP basic information and family-specific information in the activation code; Interpreting family-specific information using the family value of the bundle; If the activation code does not contain the SSP basic information, or if the activation code contains only information about the activation code of a pre-existing specific service (e.g., eSIM activation code), activate the bundle of the family or activate the bundle of the family. selecting one of the following to download an applet (eg, eSIM profile) within the activated bundle or the selected bundle; Upon receiving the activation code, checking terminal settings to determine whether to download a smart security medium bundle or an applet within an existing bundle; and, when the activation code includes SSP basic information, performing a bundle download using the SSP basic information.

The technical problems to be achieved by this disclosure are not limited to the technical problems mentioned above, and other technical problems not mentioned can be clearly understood by those skilled in the art from the description below. You will be able to.

Figure 1 is a diagram illustrating a terminal equipped with an SSP and an LBA application installed according to some embodiments of the present disclosure.
FIG. 2 is a diagram illustrating a procedure for downloading a bundle using an SSP activation code in an SSP terminal according to some embodiments of the present disclosure.
FIG. 3 is a diagram illustrating a procedure for downloading a bundle or applet using an SSP activation code in an SSP terminal or a terminal equipped with other security media other than SSP according to some embodiments of the present disclosure.
FIG. 4 is a diagram illustrating an example of a method of inputting an SSP activation code into an SSP terminal according to some embodiments of the present disclosure.
FIG. 5 is a diagram illustrating an example of the configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.
FIG. 6 is a diagram illustrating another example of the configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.
FIG. 7A is a diagram illustrating the operation procedure of the SSP terminal when detecting an activation code according to some embodiments of the present disclosure.
FIG. 7B is another diagram illustrating the operation procedure of the SSP terminal when the terminal detects an activation code according to some embodiments of the present disclosure.
FIG. 8A is a diagram illustrating a procedure in which an SSP terminal detects and interprets an activation code according to some embodiments of the present disclosure.
FIG. 8B is another diagram illustrating a procedure in which an SSP terminal detects and interprets an activation code according to some embodiments of the present disclosure.
FIG. 9A is a diagram illustrating a procedure for detecting and interpreting an SSP activation code by a terminal equipped with a security medium other than SSP (eg, eUICC) according to some embodiments of the present disclosure.
FIG. 9B is a diagram illustrating a procedure for detecting and interpreting an SSP activation code by a terminal equipped with a security medium other than the SSP (eg, eUICC) according to some embodiments of the present disclosure.
FIG. 10 is a diagram illustrating the structure of a terminal according to some embodiments of the present disclosure.
FIG. 11 is a diagram illustrating the structure of a service provider according to some embodiments of the present disclosure.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the attached drawings.

In describing embodiments of the present disclosure, description of technical content that is well known in the technical field to which the present disclosure belongs and that is not directly related to the present disclosure will be omitted. This is to convey the gist of the present disclosure more clearly without obscuring it by omitting unnecessary explanation.

For the same reason, some components are exaggerated, omitted, or schematically shown in the accompanying drawings. Additionally, the size of each component does not entirely reflect its actual size. In each drawing, identical or corresponding components are assigned the same reference numbers.

The advantages and features of the present disclosure and methods for achieving them will become clear by referring to the embodiments described in detail below along with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below and may be implemented in various different forms. The present embodiments are merely intended to ensure that the present disclosure is complete, and those of ordinary skill in the art to which the present disclosure pertains are not limited to the present disclosure. It is provided to fully inform the scope of the disclosure, and the disclosure is defined only by the scope of the claims. Like reference numerals refer to like elements throughout the specification.

At this time, it will be understood that each block of the processing flow diagram diagrams and combinations of the flow diagram diagrams can be performed by computer program instructions. These computer program instructions can be mounted on a processor of a general-purpose computer, special-purpose computer, or other programmable data processing equipment, so that the instructions performed through the processor of the computer or other programmable data processing equipment are described in the flow chart block(s). Creates the means to perform functions. These computer program instructions may also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular manner, so that the computer-usable or computer-readable memory It is also possible to produce manufactured items containing instruction means that perform the functions described in the flowchart block(s). Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operational steps are performed on the computer or other programmable data processing equipment to create a process that is executed by the computer, thereby generating a process that is executed by the computer or other programmable data processing equipment. Instructions that perform processing equipment may also provide steps for executing the functions described in the flow diagram block(s).

Additionally, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s). Additionally, it should be noted that in some alternative execution examples it is possible for the functions mentioned in the blocks to occur out of order. For example, it is possible for two blocks shown in succession to be performed substantially at the same time, or it is possible for the blocks to be performed in reverse order depending on the corresponding function.

At this time, the term '~unit' used in this embodiment refers to software or hardware components such as FPGA or ASIC, and the '~unit' performs certain roles. However, '~part' is not limited to software or hardware. The '~ part' may be configured to reside in an addressable storage medium and may be configured to reproduce on one or more processors. Therefore, as an example, '~ part' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or may be further separated into additional components and 'parts'. Additionally, components and 'parts' may be implemented to regenerate one or more CPUs within a device or a secure multimedia card.

Specific terms used in the following description are provided to aid understanding of the present disclosure, and the use of such specific terms may be changed to other forms without departing from the technical spirit of the present disclosure.

SE (Secure Element) stores security information (e.g. mobile communication network access key, user identification information such as ID/passport, credit card information, encryption key, etc.) and a control module that uses the stored security information (e.g. USIM, etc.) It refers to a security module composed of a single chip that can be mounted and operated (network access control module, encryption module, key generation module, etc.). SE can be used in various electronic devices (e.g. smartphones, tablets, wearable devices, cars, IoT devices, etc.), and provides security services (e.g. telecommunication network access, payment, user authentication, etc.) through security information and control modules. can be provided.

SE can be divided into UICC (Universal Integrated Circuit Card), eSE (Embedded Secure Element), and SSP (Smart Secure Platform), which is an integrated form of UICC and eSE. Depending on the type of connection or installation in the electronic device, SE can be removable. ), Embedded, and Integrated, which are integrated into a specific device or SoC (system on chip).

UICC (Universal Integrated Circuit Card) is a smart card used by inserting into a mobile communication terminal, and is also called a UICC card. The UICC may include an access control module for accessing the mobile carrier's network. Examples of access control modules include Universal Subscriber Identity Module (USIM), Subscriber Identity Module (SIM), and IP Multimedia Service Identity Module (ISIM). A UICC that includes USIM is usually called a USIM card. Likewise, a UICC containing a SIM module is commonly called a SIM card. Meanwhile, the SIM module can be mounted at the time of UICC manufacturing, or the user can download the SIM module of the mobile communication service he or she wants to use to the UICC card at any time. The UICC card can also download and install multiple SIM modules and select at least one SIM module among them for use. These UICC cards may or may not be fixed to the terminal. A UICC that is fixed to a terminal and used is called eUICC (embedded UICC). In particular, it is a System-On-Chip that includes a single processor structure that integrates the terminal's Communication Processor, Application Processor, or these two processors. The UICC built into the (SoC) is also called iUICC (Integrated UICC). Typically, eUICC and iUICC can refer to UICC cards that are fixed to a terminal and can be selected by remotely downloading a SIM module. In this disclosure, a UICC card that can remotely download and select a SIM module is collectively referred to as eUICC or iUICC. In other words, among the UICC cards that can be selected by downloading a SIM module remotely, UICC cards that are fixed or not fixed to the terminal are collectively referred to as eUICC or iUICC. Additionally, the downloaded SIM module information is collectively referred to as eUICC profile, iUICC profile, or more simply profile.

eSE (Embedded Secure Element) refers to a fixed SE that is fixed to an electronic device. eSE is usually manufactured exclusively for manufacturers at the request of the terminal manufacturer, and may be manufactured including an operating system and framework. eSE remotely downloads and installs an applet-type service control module and can be used for various security services such as electronic wallet, ticketing, electronic passport, and digital key. In this disclosure, an SE in the form of a single chip attached to an electronic device that can remotely download and install a service control module is collectively referred to as eSE.

A smart security device (SSP, Smart Secure Platform) can be simply called SSP as it can support integrated support of UICC and eSE functions on a single chip. SSP can be divided into removable type (rSSP, Removable SSP), fixed type (eSSP, Embedded SSP), and integrated type built into the SoC (iSSP, Integrated SSP). SSP can be composed of one primary platform (PP, Primary Platform) and at least one secondary platform bundle (SPB, Secondary Platform Bundle) that operates on the PP, and the primary platform consists of a hardware platform and a low level operating system (LLOS). ), and the secondary platform bundle may include at least one of a High-level Operating System (HLOS) and an application running on HLOS. An application running on HLOS of a secondary platform bundle may be called an applet. Secondary platform bundles are also called SPBs or bundles. The bundle can access resources such as the PP's central processing unit and memory through the Primary Platform Interface (PPI) provided by the PP and run on the PP. The bundle can be equipped with communication applications such as SIM (Subscriber Identification Module), USIM (Universal SIM), and ISIM (IP Multimedia SIM), and can also be equipped with various application applications such as electronic wallet, ticketing, electronic passport, digital key, etc. You can.

SSP can be used for the above-described UICC or eSE purposes depending on the bundle downloaded and installed remotely, and multiple bundles can be installed on a single SSP and operated simultaneously to mix the purposes of UICC and eSE. In other words, if the bundle containing the profile is running, the SSP can be used as a UICC to access the mobile communication service provider's network. Like the eUICC or iUICC, the corresponding UICC bundle can be operated by downloading and selecting at least one or more profiles into the bundle from a remote location. Additionally, if a bundle including a service control module loaded with an application that can provide services such as electronic wallet, ticketing, electronic passport, or digital key operates on the SSP, the SSP can be used for the purpose of eSE. Multiple service control modules may be installed and operated integrated into one bundle, or may be installed and operated as independent bundles.

Hereinafter, the terms used in this disclosure will be described in more detail.

In this disclosure, the SSP is a removable type (rSSP, Removable SSP), a fixed type (eSSP, Embedded SSP), and an integrated type built into the SoC (iSSP, Integrated SSP) that can integrate and support the functions of UICC and eSE in a single chip. It is a security module in the form of a chip that can be distinguished. SSP can use OTA (Over The Air) technology to download and install bundles from an external bundle management server (Secondary Platform Bundle Manager, SPB Manager).

In this disclosure, the method of downloading and installing the bundle using OTA technology in the SSP includes a removable SSP (rSSP) that can be inserted and removed from the terminal, a fixed SSP (eSSP) installed in the terminal, and a SoC installed in the terminal. The same can be applied to integrated SSP (iSSP).

In this disclosure, the term UICC may be used interchangeably with SIM, and the term eUICC may be used interchangeably with eSIM.

In this disclosure, the Secondary Platform Bundle (SPB) is run on the Primary Platform (PP) of the SSP using the resources of the PP. For example, the UICC bundle is an application and file system stored in the existing UICC. , authentication key values, and the operating system (HLOS) on which they operate are packaged in software form. In this disclosure, a secondary platform bundle may be referred to as a bundle.

In this disclosure, USIM Profile (USIM Profile) may have the same meaning as profile or may mean packaging the information included in the USIM application within the profile in software form.

In the present disclosure, the operation of a terminal or an external server to activate a bundle is to change the status of the corresponding profile to the enabled state so that the terminal can use the services provided by the bundle (e.g., communication service through a telecommunication service provider, credit, etc.) This may refer to the operation of setting up to receive a card payment service, user authentication service, etc.). A bundle in an activated state may be expressed as an “enabled Bundle.” Bundles in the activated state may be stored in an encrypted state in storage space inside or outside the SSP.

In the present disclosure, the activated bundle is driven according to external input of the bundle (e.g., user input, push, request from an application in the terminal, authentication request from a communication service provider, PP management message, etc.) or an operation within the bundle (e.g., timer, polling). The status can be changed to Active. The bundle in the running state is loaded into the driving memory inside the SSP from storage space inside or outside the SSP, and uses the security control device (Secure CPU) inside the SSP to process security information and provide security services to the terminal. there is.

In the present disclosure, the operation of a terminal or an external server disabling a bundle may mean an operation of changing the state of the bundle to disabled so that the terminal cannot receive the service provided by the bundle. there is. A profile in a disabled state may be expressed as a “disabled Bundle.” Bundles in the activated state may be stored in an encrypted state in storage space inside or outside the SSP.

In the present disclosure, the bundle management server creates a bundle, encrypts the created bundle, generates a bundle remote management command, or encrypts the generated bundle remote management command at the request of a service provider or another bundle management server. It may include functions that: The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-DP (Subscription Manager Data Preparation), and SM-DP+ (Subscription Manager Data Preparation). plus), manager bundle server, Managing SM-DP+ (Managing Subscription Manager Data Preparation plus), bundle encryption server, bundle creation server, bundle provider (Bundle Provisioner, BP), bundle provider (Bundle Provider), BPC holder (Bundle Provisioning Credentials holder).

In the present disclosure, the bundle management server may download, install, or update the bundle from the SSP and manage the settings of keys and certificates for remotely managing the status of the bundle. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-SR (Subscription Manager Secure Routing), and SM-SR+ (Subscription Manager Secure Routing). Plus), off-card entity of eUICC Profile Manager, PMC holder (Profile Management Credentials holder), or EM (eUICC Manager).

In this disclosure, the opening mediation server includes SPBM (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), SPBDS (Secondary Platform Bundle Discovery Sever), BDS (Bundle Discovery Sever), SM-DS (Subscription Manager Discovery Service), and DS ( Discovery Service), Root SM-DS, and Alternative SM-DS. The opening mediation server may receive an event registration request (Register Event Request, Event Register Request) from one or more bundle management servers or opening mediation servers. Additionally, one or more opening mediation servers may be used in combination, and in this case, the first opening mediation server may receive an event registration request from not only the bundle management server but also the second opening mediation server. In the present disclosure, the function of the opening mediation server may be integrated into the bundle management server.

The term 'terminal' used in this disclosure refers to a mobile station (MS), user equipment (UE), user terminal (UT), wireless terminal, access terminal (AT), terminal, and subscriber unit. , a Subscriber Station (SS), a wireless device, a wireless communication device, a Wireless Transmit/Receive Unit (WTRU), a mobile node, a mobile, or other terms. Various embodiments of the terminal include a cellular phone, a smart phone with a wireless communication function, a personal digital assistant (PDA) with a wireless communication function, a wireless modem, a portable computer with a wireless communication function, and a digital camera with a wireless communication function. It may include devices, gaming devices with wireless communication functions, music storage and playback home appliances with wireless communication functions, Internet home appliances capable of wireless Internet access and browsing, as well as portable units or terminals that integrate combinations of such functions. there is. Additionally, the terminal may include, but is not limited to, an M2M (Machine to Machine) terminal and an MTC (Machine Type Communication) terminal/device. In this disclosure, a terminal may be referred to as an electronic device. In this disclosure, an electronic device may be equipped with an SSP that can be installed by downloading a bundle. If the SSP is not built into the electronic device, the SSP, which is physically separated from the electronic device, may be inserted into the electronic device and connected to the electronic device. For example, an SSP can be inserted into an electronic device in the form of a card. The electronic device may include a terminal, and in this case, the terminal may be a terminal that includes an SSP that can be installed by downloading a bundle. Not only can the SSP be built into the terminal, but if the terminal and the SSP are separated, the SSP can be inserted into the terminal, and can be inserted into the terminal and connected to the terminal.

In the present disclosure, the terminal or electronic device may include a Local Bundle Assistant (LBA) or Local Bundle Manager (LBM), which is software or application installed in the terminal or electronic device to control the SSP.

In the present disclosure, the terminal or electronic device may include Local Profile Assistant (LPA), which is software or application installed in the terminal or electronic device to control the eUICC. LPA can be implemented as part of the Local Bundle Assistant (LBA) or can exist in the terminal as a separate application from the LBA. The LPA may be software or an application that can control the eSIM bundle of a terminal equipped with an SSP.

In the present disclosure, the bundle identifier may be referred to as a factor that matches the bundle family identifier (SPB Family Identifier), bundle Matching ID, and event identifier (Event ID). The bundle identifier (SPB ID) may indicate a unique identifier for each bundle. The bundle family identifier (SPB Family Identifier) may represent an identifier that distinguishes the type of bundle (e.g., a telecom bundle for connecting to a mobile carrier network). The bundle delimiter can be used as a value to index the bundle in the bundle management server. In the present disclosure, the SSP identifier (SSP ID) may be a unique identifier of the SSP built into the terminal and may be referred to as sspID. Additionally, if the terminal and the SSP chip are not separated as in the embodiment of the present disclosure, it may be the terminal ID. Additionally, it may refer to a specific bundle identifier (SPB ID) within the SSP. More specifically, it may refer to the bundle identifier of a management bundle or loader (SPBL, Secondary Platform Bundle Loader) that installs other bundles in the SSP and manages activation, deactivation, and deletion. An SSP may have multiple SSP identifiers, and the multiple SSP identifiers may be values derived from a single, unique SSP identifier.

In this disclosure, the loader (SPBL, Secondary Platform Bundle Loader) may refer to a management bundle that installs other bundles in the SSP and manages activation, deactivation, and deletion. The terminal's LBA or a remote server can install, activate, deactivate, or delete a specific bundle through the loader. In this disclosure, the loader may also be referred to as SSP.

In the present disclosure, event may be a general term for bundle download, remote bundle management, or other management/processing commands of a bundle or SSP. An event may be named Remote Bundle Provisioning Operation, or RBP Operation, or Event Record, and each event has a corresponding event identifier. , Event ID, EventID) or matching identifier (Matching Identifier, Matching ID, MatchingID), and the address (FQDN, IP Address, or URL) of the bundle management server or opening mediation server where the event is stored, or at least one identifier for each server It may be referred to as the data it contains. Bundle download can be used interchangeably with bundle installation. Event Type can also be used as a term to indicate whether a particular event is a bundle download, remote bundle management (e.g. delete, activation, deactivation, replacement, update, etc.), or other bundle or SSP management/processing command. It can be named as operation type (Operation Type or OperationType), operation class (Operation Class or OperationClass), event request type (Event Request Type), event class (Event Class), event request class, etc. .

In the present disclosure, Local Bundle Management (LBM) includes Bundle Local Management, Local Management, Local Management Command, Local Command, and Local Bundle Management Package. It may be named (LBM Package), Bundle Local Management Package, Local Management Package, Local Management Command Package, and Local Command Package. LBM changes the status (Enabled, Disabled, Deleted) of a specific bundle through software installed on the terminal, or changes the contents of a specific bundle (e.g., bundle nickname, bundle summary information (Bundle Metadata), etc. ) can be used to change (update). LBM may include one or more local management commands, in which case the bundle targeted by each local management command may be the same or different for each local management command.

In the present disclosure, target bundle may be used as a term referring to a bundle that is the target of a local management command or a remote management command.

In this disclosure, a service provider may request the creation of a bundle by issuing a request to the bundle management server and indicate a business that provides services to the terminal through the bundle. For example, it can represent a mobile operator that provides communication network access services through a bundle equipped with a communication application, and the communication operator's Business Supporting System (BSS), Operational Supporting System, OSS), POS terminal (Point of Sale Terminal), and other IT systems can all be collectively referred to. In addition, in the present disclosure, the term "service provider" is not limited to expressing only one specific business, and may also be used as a term referring to a group or association (association or consortium) of one or more businesses, or an agent (representative) representing the group or association. Additionally, in this disclosure, the service provider may be named as an operator (Operator or OP or Op.), a bundle owner (BO), an image owner (IO), etc., and each service provider may have a name and/or a unique name. At least one identifier (Object Identifier, OID) can be set or assigned. If the Service Provider refers to a group or association or agency of more than one business entity, the name or unique identifier of any group or association or agency is shared by all businesses belonging to that group or association or all businesses working with that agency. It can be a name or a unique identifier.

In this disclosure, NAA is a network access application program, and may be an application program such as USIM or ISIM that is stored in the UICC and is used to access the network. NAA may be a network access module.

In the present disclosure, a Telecom bundle may be a bundle equipped with at least one NAA, or a bundle equipped with a function to download and install at least one NAA remotely. In the present disclosure, a telecom bundle may include a telecom bundle identifier referring to it.

In the present disclosure, the eSIM bundle may be a bundle that has an eUICC OS running inside it and functions like an eUICC to receive a profile from the terminal. In the present disclosure, an eSIM bundle may include a telecom bundle identifier designating it.

In the present disclosure, the SSP activation code is predetermined information for downloading a bundle to an SSP terminal, and may be named SSP Activation Code.

In the present disclosure, the eSIM activation code is predetermined information for downloading a profile to an eSIM terminal or SSP terminal, and may be named eSIM Activation Code. The eSIM Activation Code may include the SM-DP+ address that must be accessed to download the profile, or the address of the SM-DS server that can inform the SM-DP+ address, and can be used as a matching identifier for a specific profile on SM-DP+. Can include Activation Code Token value. If the eSIM Activation Code is entered in the form of a QR code, 'LPA:' may be added as a prefix to the data contained in the QR code.

In the present disclosure, the activation code may collectively refer to an SSP activation code and an eSIM activation code. In general, in the present disclosure, the activation code may be any activation code before determining that it is an SSP activation code or an eSIM activation code, and when entered into the terminal, it may be interpreted by the terminal as either an SSP activation code or an eSIM activation code.

In the present disclosure, the SSP activation code delimiter may be included as a component of the SSP activation code to indicate that the terminal can download a bundle (Bundle, Secondary Platform Bundle) through the activation code. The SSP activation code delimiter may also be named a bundle indicator.

Also, in describing the present disclosure, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the gist of the present disclosure, the detailed description will be omitted.

Below, various embodiments of how to install a bundle or applet (eg, profile) on a SSP terminal and a terminal equipped with other security media using the SSP activation code will be described.

If the compatibility of the activation code is not guaranteed, the user or service provider must provide an appropriate activation code according to the security device of the user's terminal, and the user will need to enter an activation code appropriate for the terminal he or she will use. It can degrade the user experience. The disclosed embodiment to solve this problem is a smart security device compatible with an activation code that can install applets (e.g., eSIM profile) of services (e.g., mobile communication network access, payment, user authentication, digital key, etc.) within the bundle. Configure the bundle activation code.

The activation code according to the embodiment of the present disclosure can also be used as a method of downloading, installing, and storing the applet inside the bundle, and can also be used to download, install, and store the applet on a secure medium (e.g., eUICC, eSE) other than a smart security medium. It can also be used as a storage method.

According to an embodiment of the present disclosure, if a service provider provides a service using an existing activation code, the service provider may not provide the existing activation code and the activation code for the smart security medium separately to the user. Additionally, according to various embodiments of the present disclosure, a user can selectively download a bundle or applet by entering an activation code for a smart security medium into the terminal. Additionally, according to various embodiments of the present disclosure, a smart security media terminal may perform bundle download or applet download according to information in the activation code. In addition, according to various embodiments of the present disclosure, applet download (e.g., profile download) can be performed even if a terminal that is not a smart security medium terminal (e.g., a terminal that supports only eSIM) receives the smart security medium bundle activation code.

This disclosure includes the following embodiment of a method for installing a bundle or applet (eg, profile) on a terminal equipped with an SSP terminal and other security media using an SSP activation code. However, the embodiments of the present disclosure are not limited to the embodiments below.

- How to define an SSP activation code that allows an SSP terminal to download a bundle or applet

- How to define an SSP activation code that allows a terminal equipped with an eSIM device or other secure medium to download an applet

- How the SSP terminal detects the SSP activation code and interprets its components

- How to download the bundle using the SSP activation code on the SSP terminal

- How to download the applet using the SSP activation code on the SSP terminal

- How to download an applet (e.g. profile) using an SSP activation code on a device equipped with an eSIM device or other secure media

- How a terminal equipped with an eSIM terminal or other secure medium detects the SSP activation code and interprets its components

- How to download the bundle using the SSP activation code on a device equipped with an eSIM device or other secure media

Hereinafter, various embodiments of a method and device for downloading a bundle or applet to a terminal using an SSP activation code to an SSP terminal or a terminal equipped with other security media will be described in detail through drawings.

Figure 1 is a diagram illustrating a terminal equipped with an SSP and an LBA application installed according to some embodiments of the present disclosure.

Referring to FIG. 1, a Smart Secure Platform (SSP) consisting of a Secondary Platform Bundle Loader 131 and a Primary Platform 132 according to some embodiments of the present disclosure. A terminal 110 is shown, which is equipped with a medium) 130 and implements a Local Bundle Assistant (LBA) 120, an application within the terminal that can control the SSP 130. The SSP 130 may be comprised of at least one primary platform 132 and at least one secondary platform bundle loader 131. Additionally, the SSP 130 may include a Secondary Platform Bundle 140, and the Bundle 140 includes an Application 141 and at least one High-level Operating System. It may include (142). The bundle 140 may be run within the SSP 130 by accessing resources such as a central processing unit and memory within the primary platform 132 or the SSP 130 using a primary platform interface (not disclosed).

Referring to FIG. 1, the LBA 120 includes an activation code start detection unit 121 that can detect the start of the activation code, an activation code analysis unit 122 that can interpret each element of the activation code, and an activation code inside the activation code. It may include a bundle and applet download trigger 123 that uses information to initiate an operation to download a bundle or applet. In addition to the activation code start detection unit 121, the activation code analysis unit 122, and the bundle and applet download trigger 123, the LBA (120) includes components that perform various operations related to the operation of installing a bundle within the SSP. It can include a server for controlling bundles installed inside the SSP or a component that processes user input and transmits commands to the SSP. At this time, the command transmitted by the LBA 120 may be executed by the primary platform 132 through the secondary platform bundle loader 131.

The SSP activation code or other activation code (e.g., eSIM activation code) is detected by the activation code start detection unit 121 of the LBA 120 in the terminal 110, and the internal information is interpreted by the activation code interpretation unit 122. The bundle and applet download trigger 123 may start a bundle or applet download operation based on the interpreted information. To perform a bundle or applet download operation, the LBA 120 may transmit a command to the secondary platform bundle loader 131 of the SSP 130.

FIG. 2 is a diagram illustrating a procedure for downloading a bundle using an SSP activation code in the SSP terminal 230 according to some embodiments of the present disclosure. According to some embodiments, the SSP terminal 230 may be a terminal that has the SSP 232 built in and the LBA application 231 installed. Here, the SSP 232 may include, but is not limited to, an eSIM bundle 233 and a telecom bundle 234.

In step 201, the user 221 can subscribe to the service to be received through the bundle through the agency 211 and pay for it. In step 202, the dealer 211 may deliver an SSP activation code containing information to download the bundle to the user 221. In step 203, the user 221 may input the SSP activation code into the SSP terminal 230 to cause the SSP terminal 230 to perform a bundle download operation. The method for the user 221 to input the SSP activation code into the terminal in step 203 is to receive the SSP activation code in the form of a QR code and then scan the QR code on the terminal (204) or to input the SSP activation code string into the terminal. Direct input (205) may be one of the methods. The method for the user 221 in step 203 to input the SSP activation code into the terminal may include another method of inputting the contents of the activation code into the terminal in addition to QR code scanning (204) and direct input (205).

In step 206, the LBA 231 may perform a bundle download operation with the SPB Manager server 242 or the SPB Manager server 243 including the SM-DP+ function using the information of the SSP activation code.

Figure 3 shows a procedure for downloading a bundle or applet using an SSP activation code from the SSP terminal 330 or a terminal (e.g., eSIM terminal) 350 equipped with a security medium other than SSP according to some embodiments of the present disclosure. This is a drawing showing . According to some embodiments, the SSP terminal 330 may be a terminal with a built-in SSP and an LBA application installed. Additionally, the terminal 350 equipped with other security media other than SSP may be a terminal equipped with an eUICC and an LPA application.

In step 301, the user 321 can sign up for a service to be received through a bundle or applet through the agency 311 and pay for the service. In step 302, the dealer 311 may deliver an SSP activation code containing information to download the bundle or applet to the user 321. It should be noted that the order of steps 301 and 302 may be reversed. In step 303, the user 321 may input the SSP activation code into the terminals 330 and 350. In step 303, the method for the user 321 to input the SSP activation code into the terminal 330, 350 is to receive the SSP activation code in the form of a QR code and then scan the QR code on the terminal 330, 350 (304). Alternatively, it may be one of the methods of directly entering (305) the string of the SSP activation code into the terminal (330, 350). The method for the user 321 in step 303 to input the SSP activation code into the terminal (330, 350) is to input the contents of the activation code into the terminal (330, 350) in addition to scanning the QR code (304) and direct input (305). Another method may be included.

The terminal (330, 350) that has received the activation code in step 306 is connected to the SM-DP+ server (341) or SPB Manager (343) with SM-DP+ function through the LPA (351) or LBA (331) implementing the LPA function. You can request a profile download. The profile at step 306 can be any applet. In step 306, the activation code may include one of the minimum information required to receive the applet (e.g., address of SM-DP+, applet matching ID, eUICC identifier).

The SSP terminal 330, which has received the activation code in step 307, can request a bundle download from the SPB Manager 342 and 343 through the LBA 331. In step 307, the LBA 331 may trigger a bundle download procedure in the SPB Manager 342 and 343 using the information contained in the activation code. Information that can be utilized by the LBA (331) in step 307 may include at least one of the domain address or IP address of the SPB Manager (342, 343), a identifier of the bundle, CODE_M, which is a bundle matching identifier on the server, or a family identifier of the bundle. there is.

FIG. 4 is a diagram illustrating an example of a method for inputting an SSP activation code into the SSP terminal 410 according to some embodiments of the present disclosure.

The SSP activation code can be entered into the SSP terminal 410 in the form of direct input (421), QR code scanning (422), or link clicking (423).

When providing the SSP activation code to the user, the service provider may provide a first string 431 that the user can directly input 421 into the SSP terminal 410. Additionally, the service provider may provide the SSP activation code to the user in the form of a QR code, and the QR code may be generated by encoding a string generated based on the first string 431. The user can enter the SSP activation code by directly entering (421) the first string 431 received from the service provider into the LBA application of the SSP terminal 410. The first string 431 can be entered into the LBA through a third-party application or manufacturer application within the terminal.

The string for generating a QR code can be created by encoding the first string (431) as is, or it can be created by adding the string “LBA:” in front of the first string (431) and then encoding it, like the second string (432). there is. A string for generating a QR code can also be created by adding the string “LPA:” in front of the first string 431, like the third string 433. The third string 433 can be used when generating an SSP activation code including an eSIM activation code as a QR code. In particular, the third string 433 can be used for compatibility with GSMA SGP.22 v2-based eSIM terminals. The QR code generated based on the third string 433 can be used for the purpose of generating an SSP activation code that can also be used for v2 eSIM terminals that follow the GSMA SGP.22 standard.

The SSP activation code in the form of a QR code may be detected by a camera in the terminal 410, a QR code scanning application, or an LBA application and input into the terminal 410.

In the QR code scanning 422 method, when a SSP activation code in the form of a QR code is detected by a camera in the terminal 410, a third-party application, or a manufacturer application, if a specific string is present in the detected code, the terminal 410 can perform the bundle download procedure by directly transmitting the information of the SSP activation code to the LBA through internal application linkage operation. In this case, the specific string present in the detected code may be a string that serves as a scheme for the Uniform Resource Identifier (URI) [RFC3986] and may be a string such as "lba:".

The service provider can provide a string in a link-clickable format so that the user can enter the SSP activation code by clicking the link (423). In order to have the user enter the SSP activation code by clicking the link (423), the service provider may provide the user with a string with “lba:” at the beginning of the string, as in the fourth string (434). In order to have the user enter the SSP activation code by clicking the link (423), the service provider can provide the user with a string with “lpa:” at the beginning of the string, as in the fifth string (435). In addition to the fourth string 434 and the fifth string 435, the service provider can provide the user with a string that can be clicked on (423) by placing a specific string in front, and the user clicks on the link (423) The LBA or LPA in the terminal 410 may receive the SSP activation code. The service provider may deliver a string in a link-clickable form to the user via SMS, email, or other applications to enable the user to enter the SSP activation code by clicking the link 423.

When the SSP activation code starts with a specific string, such as the second string 432, the fourth string 434, and the fifth string 435, this specific string can be used as an SSP activation code delimiter.

FIG. 5 is a diagram illustrating an example of the configuration of an SSP activation code including a family-specific field according to some embodiments of the present disclosure.

Referring to FIG. 5, the SSP basic activation code 510 can be expressed as a series of elements called SSP basic information. The SSP basic activation code 510 may include an SSP activation code delimiter 511. The position of the SSP activation code delimiter 511 may be located at any position within the SSP basic activation code 510. Meanwhile, to indicate the start of the SSP basic activation code, the SSP activation code delimiter 511 may be located at the frontmost element of the SSP basic activation code 510. The SSP basic activation code 510 may include a family identifier (Family Identifier, 512) of the bundle to be downloaded by the terminal through the activation code. The SSP basic activation code 510 may include the address 513 of the SPB Manager server that the terminal must connect to to download the bundle through the activation code. The SSP basic activation code 510 may include CODE_M 514, which is the matching ID of the bundle to be downloaded by the terminal through the activation code. CODE_M (514) can also be used as a matching ID to select the bundle to be downloaded from the SPB Manager server that downloads the bundle. The SSP basic activation code 510 may include Challenge_S 515, which is an auxiliary matching ID of the bundle to be downloaded by the terminal through the activation code. Challenge_S (515) can also be used as an auxiliary matching ID to select the bundle to be downloaded from the SPB Manager server that downloads the bundle. It should be noted that the order of elements (512, 513, 514, 515) including the SSP activation code delimiter (511) in the SSP basic activation code (510) may be changed. Additionally, each element (511, 512, 513, 514, 515) of the SSP basic activation code can be distinguished by inserting a delimiter such as '$' between adjacent elements. The method of distinguishing each element of the SSP basic activation code is not limited to inserting characteristic strings. The SSP basic activation code 510 may also include other elements in addition to those shown in FIG. 5. The SSP activation code separator 511 may be distinguished from other elements using a string such as '%ETSI-SSP%'. The SSP activation code delimiter 511 can be any unique string that will not be found in the value of an existing field or a string expected to be used in a field that may be added in the future.

Referring to FIG. 5, the SSP activation code 550 may be composed of an SSP basic activation code 510 and a family special field 530. The family special field 530 may be an eSIM Activation code containing information to download a profile to the eUICC or other information to download an applet to the eSE. The configuration of the SSP activation code 550 in FIG. 5 is a diagram showing some embodiments in which the SSP basic activation code 510 is located next to all information in the family special field 530. In the configuration of the SSP activation code 550 in FIG. 5, the SSP activation code separator 511 can be used as a separator to distinguish the family special field 530 and the SSP basic activation code 510. In FIG. 5 , the configuration of the family special field 530 in the SSP activation code 550 may be determined by the value of the family identifier 512.

Although not shown in FIG. 5, the order of each component of the SSP basic activation code 510 in the SSP activation code 550 and each component of the family special field 530 may be changed.

FIG. 6 is a diagram showing another example of the configuration of an SSP activation code including a family special field according to some embodiments of the present disclosure.

Referring to FIG. 6, the SSP basic activation code 610 can be expressed as a series of elements. In FIG. 6, the SSP activation code delimiter 615 may be present at any position within the SSP basic activation code 610. Meanwhile, to indicate the end of the SSP activation code, the SSP activation code delimiter 615 may be located in the last element of the SSP basic activation code 610. Among the components of the SSP basic activation code, the description of the family identifier (611), SPB Manager address (612), CODE_M (613), and Challenge_S (614) is omitted since it overlaps with the description in FIG. 5. Additionally, each element (611, 612, 613, 614, 615) of the SSP basic activation code can be distinguished by inserting a delimiter such as '$' between adjacent elements. The method of distinguishing each element of the SSP basic activation code is not limited to inserting characteristic strings. The SSP basic activation code 610 may also include elements other than those shown in FIG. 6.

According to FIG. 6, the SSP activation code 650 may be composed of an SSP basic activation code 610 and a family special field 630. Among the descriptions of the family special field 630, descriptions that overlap with those of FIG. 5 will be omitted. The configuration of the SSP activation code 650 in FIG. 6 is an example in which the family special field 630 is located after the SSP basic activation code 610. In the configuration of the SSP activation code 650 in FIG. 6, the SSP activation code delimiter 615 can be used as a delimiter to distinguish the SSP basic activation code 610 and the family special field 630. In FIG. 6 , the configuration of the family special field 630 in the SSP activation code 650 may be determined by the value of the family identifier 611.

Although not shown in FIG. 6, the order of each component of the SSP basic activation code 610 in the SSP activation code 650 and each component of the family special field 630 may be changed.

FIG. 7A is a diagram illustrating the operation procedure of the SSP terminal when detecting an activation code according to some embodiments of the present disclosure.

In step 701, when predetermined information is input to the SSP terminal, the SSP terminal detects an activation code from the input predetermined information, and when the activation code is detected, the elements within the activation code can be interpreted. Predetermined information input to the SSP terminal can be input through manual or automatic input methods, including QR code scanning, user text input, image input using a camera, and link clicking. Predetermined information input to the SSP terminal may be provided in one of the embodiments described in FIG. 4. The terminal may determine that the activation code is included in predetermined information input to the terminal according to preconfigured settings. A method for the terminal to receive a predetermined input may include displaying a screen asking the user to enter an activation code, receiving the input, or scanning a QR code. A method for the terminal to recognize that an activation code is input in step 701 may include a method for the terminal to recognize that the data of the QR code starts with 'LBA:' or 'LPA:'. A method for the terminal to recognize that an activation code is input in step 701 may include a method for the LBA to recognize the user clicking a specific link.

In step 701, the SSP terminal may receive certain information that can be used to receive an SSP activation code. Certain information that can be used to receive an SSP activation code may be referred to as SSP activation code acquisition information. SSP activation acquisition information can be provided after the user purchases a bundle or service from a service provider. SSP activation code acquisition information may be provided to the terminal in the form of a URL (Universal Resource Locator), and the terminal may obtain the SSP activation code through a specific website through the URL. In step 701, the terminal can interpret the elements included in the activation code according to the configuration of the activation code.

In step 702, the terminal may determine whether there is an SSP activation code delimiter among the elements of the interpreted activation code.

If the SSP activation code delimiter is present in the activation code in step 702, the terminal can check whether downloading the bundle to the SSP is the default setting in step 703. If there are no related settings, the terminal can default to downloading the bundle to the SSP. In step 703, the bundle download settings may be set according to the family identifier of the bundle, and the determination of the terminal in step 703 may be based on the terminal settings set for the bundle family identifier in the activation code.

If bundle download is set in the SSP, in step 704, the terminal can start the bundle download procedure using the information in the activation code. In step 704, the terminal may attempt to communicate with the SPB Manager to download the bundle using at least one of the SPB Manager's address in the activation code, the family identifier of the bundle, CODE_M, and challenge_S values.

If the SSP activation code delimiter is not detected in the activation code in step 702, or if the SSP activation code delimiter is present in the activation code in step 703, but bundle download is not set in the terminal for the family identifier of the bundle, in step 705, the terminal You can perform the operation of installing an applet in the bundle of the corresponding family identifier. In step 705, the terminal can activate a bundle already installed in the SSP corresponding to the family identifier in the activation code or select one of the activated bundles. If the family identifier does not exist in the activation code, the terminal may activate or select the bundle set by default in the terminal.

If the bundle to be used is selected in step 705, the terminal can download an applet to the bundle in step 706. If the family identifier of the bundle is a Telecom family identifier in step 706], the applet may be a profile.

FIG. 7B is another diagram illustrating the operation procedure of the SSP terminal when the terminal detects an activation code according to some embodiments of the present disclosure. FIG. 7B may show a case where the family identifier of the bundle is a Telecom family identifier in the embodiment to be disclosed in FIG. 7A. Steps 711 to 714 may correspond to steps 701 to 704 of FIG. 7A described above. In the following description of FIG. 7B, steps corresponding to the steps of FIG. 7A described above will be briefly described. In Step 712 If the family identifier of the bundle is a Telecom family identifier, in step 715, the terminal can activate the eSIM bundle or select one of the activated eSIM bundles.

If the family identifier of the bundle in step 712 is a Telecom family identifier, the operation of downloading the applet in step 716 may be a profile download procedure according to the GSMA Remote SIM Provisioning standard.

Figures 8a and 8b are diagrams illustrating a procedure in which an SSP terminal detects and interprets an activation code according to some embodiments of the present disclosure. In Figures 8a and 8b, the eSIM activation code defined in GSMA SGP.22 is taken as an example of an activation code other than the SSP activation code.

FIG. 8A is a diagram showing how an SSP terminal interprets and operates an activation code when the SSP activation code according to some embodiments of the present disclosure follows the embodiment shown in FIG. 5.

In step 801, the terminal may detect an activation code input. The terminal may display a screen where the user inputs an activation code for the purpose of downloading a bundle or applet from the terminal LBA application, have the user enter a QR code, click a specific link, or detect the QR code in the camera application. If a QR code input, link click, or character string input is detected in the terminal in step 801, the terminal in step 802 adds an eSIM activation code prefix (e.g., 'LPA:' or ' You can check whether lpa:') exists.

In step 802, if it is confirmed that the data input to the terminal has an eSIM activation code prefix, in step 803, the terminal parses the remaining data among the data input to the terminal using a delimiter ($) to form an element. Values can be decomposed. The method of parsing element values is not limited to using the $ delimiter, and each element can be decomposed according to the division method used when configuring the SSP activation code.

In step 804, the terminal may check whether there is an SSP activation code delimiter among the decomposed element values. If an SSP activation code delimiter (e.g., %ETSI-SSP%) exists among the element values decomposed in step 803, the activation code entered by the terminal is an SSP activation code and contains information for downloading the bundle. You can recognize it as code.

If there is an SSP activation code separator among the elements disassembled in step 803, in step 810 the terminal recognizes that the inputted activation code is an SSP activation code capable of bundle download, and activates it in the elements located based on the SSP activation code separator. Bundle download can be performed using information (e.g. SPB Manager address, CODE_M values, etc.). Depending on the user's terminal settings (applet installation has priority over bundle installation), the terminal may perform profile download by proceeding to step 811 without performing step 810, even if the SSP activation code delimiter is present among the elements disassembled in step 803. there is.

If there is no SSP activation code delimiter among the elements disassembled in step 803, the terminal may perform step 811 by considering the activation code input by the terminal to be an eSIM activation code, not an SSP activation code. In step 811, the terminal transmits the parsed elements to the LPA, selects an eSIM bundle within the terminal (if there is no activated eSIM bundle, activates one), and performs a GSMA eSIM profile download procedure.

If the eSIM activation code is not detected at the beginning of the data entered into the terminal in step 802, the terminal may check whether there is an SSP activation code prefix (eg, 'LBA:' or 'lba:') in step 805.

If it is confirmed in step 805 that the SSP activation code prefix exists in the data input to the terminal, in step 806, the terminal may parse the element value of the remaining data among the input data based on the delimiter ($). . The method of parsing element values is not limited to using the $ delimiter, and each element can be decomposed according to the division method used when configuring the SSP activation code. In step 810, the terminal may perform bundle download based on the parsed element value.

If it is confirmed in step 805 that the data input to the terminal does not have an SSP activation code prefix, in steps 807 and 808, the terminal detects the value of the first element among the input data, and detects the value of the first element among the input data. You can check whether this is the SSP activation code delimiter. If it is confirmed in steps 802 and 805 that there is no eSIM activation code prefix or SSP activation code prefix in the data input to the terminal (i.e., activation code input), the terminal enters the activation code in step 801 instead of entering the QR code. It may be received as a string input. In this case, the activation code entered into the terminal is the SSP activation code depending on whether the first data (i.e., the first data) among the data entered into the terminal is an SSP activation code delimiter. You can judge whether it is or not.

If the first element value (i.e., the first element value) among the element values parsed by the terminal in step 808 is the SSP activation code delimiter, the terminal may parse the remaining data among the input data in step 809. . In step 810, the terminal may perform bundle download based on the parsed data.

If the first element value among the element values parsed by the data received by the terminal in step 808 is not an SSP activation code delimiter, the corresponding activation code may not be an SSP activation code capable of bundle download. Accordingly, the terminal may perform profile download according to steps 803, 804, and 811.

FIG. 8B is a diagram showing how an SSP terminal interprets and operates an activation code when the SSP activation code according to some embodiments of the present disclosure follows the embodiment shown in FIG. 6.

In step 821, the terminal may detect an activation code input. When the activation code input is detected, in step 822, the terminal can check whether the eSIM activation code prefix ('LPA:') is present in the input data (i.e., activation code input).

If it is confirmed in step 822 that the eSIM activation code prefix exists in the data input to the terminal, in step 823 the terminal may parse the remaining information among the input data to decompose the element values. In step 830, the terminal transmits the parsed element values to the LPA and selects the eSIM bundle to perform a profile download procedure.

If it is confirmed in step 822 that the data input to the terminal does not have an eSIM activation code prefix, in step 824 the terminal can parse the input data using a delimiter to decompose the element values. The method of parsing element values is not limited to using the $ delimiter, and each element can be decomposed according to the division method used when configuring the SSP activation code. In step 825, the terminal may determine whether the value of the last element among the decomposed element values is an SSP activation code delimiter (e.g., %ETSI-SSP%).

If it is determined in step 825 that the value of the last element is an SSP activation code delimiter, the terminal considers that the activation code received by the terminal is an SSP activation code that includes only the SSP basic activation code, which is information for downloading the bundle, and performs step 829. can be performed. In step 829, the terminal can download the bundle using the decomposed element values (family identifier of the bundle, SPB Manager address, CODE_M, etc.).

If it is determined in step 825 that the last element value is not the SSP activation code delimiter, in step 826 the terminal finds the position where the SSP activation code delimiter is located among the decomposed element values. If there is an SSP activation code delimiter among the decomposed element values, the terminal determines that the preceding elements based on the SSP activation code delimiter are the elements of the SSP basic activation code, which are information that can be used for downloading the bundle (the family identifier of the bundle, SPB Manager address, CODE_M), and the trailing elements can be regarded as the value of the family special field that can download the applet of the bundle. At this time, the terminal can interpret the value of each element of the family special field by using the family identifier in the SSP basic activation code. For example, if the family identifier of the bundle is a Telecom family identifier, the terminal can interpret each element of the family special field as corresponding to the eSIM activation code. If the SSP activation code delimiter does not exist among the element values decomposed in step 826, the terminal may regard it as an error and end the procedure.

If in step 826 the terminal succeeds in distinguishing between the SSP basic activation code and the family special field based on the SSP activation code separator, in step 827 the terminal determines which of bundle download and applet download within the bundle has priority in the SSP settings within the terminal. Check if

If the priority of the bundle download is higher in step 827 or there is no priority setting, the terminal can perform the bundle download in step 829 using the element value of the SSP basic activation code.

If the terminal setting in step 827 allows installation of only applets in the bundle or gives priority to applet installation, in step 828, the terminal can install the applet using the element value of the family special field. As a specific example of step 828, when the family identifier of the bundle is a Telecom family identifier, the terminal can interpret the value of each element by corresponding the family special field to the eSIM activation code. If the value of the family special field is interpreted in step 828, the terminal may transmit the family special field to the LPA in step 830. Additionally, the terminal can select one of the eSIM bundles activated within the terminal and have the LPA perform a procedure to install a profile in the selected eSIM bundle.

Figures 9a and 9b are diagrams illustrating a procedure in which a terminal equipped with a security medium other than the SSP (eg, eUICC) detects and interprets the SSP activation code.

FIG. 9A is a diagram illustrating a procedure in which an eSIM terminal detects and interprets an SSP activation code according to the embodiment of FIG. 5.

For activation code input detection in step 901, refer to step 801 in FIG. 8A. In step 902, the LPA of the terminal may parse the activation code. If the elements of the activation code parsed in step 903 follow the format of the eSIM activation code defined in the eSIM standard, the terminal can perform a profile download procedure in step 905. An example of the fact that the activation code parsed in step 903 follows the format of the eSIM activation code begins with the value of AC_FORMAT defined in the standard, and the SM-DP+ address, AC_TOKEN and other optional elements are separated by the order and delimiter defined in the standard. This may include cases where this is the case. If the activation code elements parsed in step 903 are not interpreted as an eSIM activation code, the terminal may process an error in step 904 and end the procedure.

FIG. 9B is a diagram illustrating a procedure in which an eSIM terminal detects and interprets an SSP activation code according to the embodiment of FIG. 6.

Step 911, step 912, and step 913 of FIG. 9B refer to the description of step 901, step 902, and step 903 of FIG. 9A. If the activation code entered into the terminal is parsed in step 916 and determined to follow the format of the eSIM activation code in step 913, the LPA of the terminal can perform profile download using the information in the activation code. If it is determined that the element parsed in step 913 does not follow the format of the eSIM activation code, in step 915 the terminal may determine whether an SSP activation code delimiter is present among the parsed elements. If the SSP activation code delimiter exists in step 915, the information after the SSP activation code delimiter is information in the family special field, so in step 916, the terminal can extract only the information immediately following the SSP activation code delimiter and perform step 912 again. . If the family special field present after the SSP activation code delimiter is an eSIM activation code, the terminal can pass the judgment in step 913 and perform the profile download procedure in step 914. If the SSP activation code delimiter is not detected in step 915, the terminal may process an error and end the procedure in step 917.

Figure 10 is a diagram showing the structure of a terminal according to some embodiments of the present disclosure.

As shown in FIG. 10, the terminal of the present disclosure may include a processor 1001, a transceiver 1002, and a memory 1003. However, the components of the terminal are not limited to the examples described above. For example, the terminal may include more or fewer components than the aforementioned components. In addition, the processor 1001, the transceiver 1002, and the memory 1003 may be implemented in the form of a single chip. The structure of the terminal 100 shown in FIG. 1 may correspond to the structure of the terminal 1000 in FIG. 10, but is not limited thereto.

According to some embodiments, the processor 1001 may control a series of processes in which the terminal can operate according to the above-described embodiments of the present disclosure. There may be a plurality of processors 1001, and the processor 1001 may perform the methods according to the embodiments of the present disclosure described above by executing a program stored in the memory 1003.

The transceiver unit 1002 can transmit and receive signals with a service provider. Signals transmitted and received from a service provider may include control information and data. The transceiver 1002 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency. However, this is only an example of the transceiver 1002, and the components of the transceiver 1002 are not limited to the RF transmitter and RF receiver. Additionally, the transceiver 1002 may receive a signal through a wireless channel and output it to the processor 1001, and transmit the signal output from the processor 1001 through a wireless channel.

According to some embodiments, the memory 1003 may store programs and data necessary for operation of the terminal. Additionally, the memory 1003 can store control information or data included in signals transmitted and received by the terminal. The memory 1003 may be composed of a storage medium such as ROM, RAM, hard disk, CD-ROM, and DVD, or a combination of storage media. Additionally, there may be multiple memories 1003.

FIG. 11 is a diagram illustrating the structure of a service provider according to some embodiments of the present disclosure.

As shown in FIG. 11, the service provider of the present disclosure may include a processor 1101, a transceiver 1102, and a memory 1103. However, the components of the service provider are not limited to the above examples. For example, a service provider may include more or fewer components than the components described above. In addition, the processor 1101, the transceiver 1102, and the memory 1103 may be implemented in the form of a single chip. The processor 1101 can control a series of processes so that the service provider can operate according to the above-described embodiment of the present disclosure.

The transmitting and receiving unit 1102 can transmit and receive signals to and from the terminal. Signals transmitted and received from the terminal may include control information and data. The transceiver 1102 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency. However, this is only an example of the transceiver unit 1302, and the components of the transceiver unit 1102 are not limited to the RF transmitter and RF receiver. Additionally, the transceiver 1102 may receive a signal through a wireless channel and output it to the processor 1101, and transmit the signal output from the processor 1101 through a wireless channel. There may be a plurality of processors 1101, and the processor 1101 may perform the above-described methods according to various embodiments of the present disclosure by executing a program stored in the memory 1103.

According to some embodiments, the memory 1103 may store programs and data necessary for the operation of the service provider. Additionally, the memory 1103 may store control information or data included in signals transmitted and received by the service provider. The memory 1103 may be composed of a storage medium such as ROM, RAM, hard disk, CD-ROM, and DVD, or a combination of storage media. Additionally, there may be multiple memories 1103. Methods according to embodiments described in the claims or specification of the present disclosure may be implemented in the form of hardware, software, or a combination of hardware and software.

When implemented as software, a computer-readable storage medium that stores one or more programs (software modules) may be provided. One or more programs stored in a computer-readable storage medium are configured to be executable by one or more processors in an electronic device (configured for execution). One or more programs include instructions that cause the electronic device to execute methods according to embodiments described in the claims or specification of the present disclosure.

These programs (software modules, software) include random access memory, non-volatile memory including flash memory, read only memory (ROM), and electrically erasable programmable ROM. (EEPROM: Electrically Erasable Programmable Read Only Memory), magnetic disc storage device, Compact Disc-ROM (CD-ROM: Compact Disc-ROM), Digital Versatile Discs (DVDs), or other types of It can be stored in an optical storage device or magnetic cassette. Alternatively, it may be stored in a memory consisting of a combination of some or all of these. Additionally, a plurality of each configuration memory may be included.

In addition, the program can be accessed through a communication network such as the Internet, Intranet, LAN (Local Area Network), WLAN (Wide LAN), or SAN (Storage Area Network), or a combination of these. It may be stored in an attachable storage device that can be accessed. This storage device can be connected to a device performing an embodiment of the present disclosure through an external port. Additionally, a separate storage device on a communications network may be connected to the device performing embodiments of the present disclosure.

In the specific embodiments of the present disclosure described above, elements included in the disclosure are expressed in singular or plural numbers depending on the specific embodiment presented. However, singular or plural expressions are selected to suit the presented situation for convenience of explanation, and the present disclosure is not limited to singular or plural components, and even components expressed in plural may be composed of singular or singular. Even expressed components may be composed of plural elements.

Meanwhile, in the detailed description of the present disclosure, specific embodiments have been described, but of course, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure should not be limited to the described embodiments, but should be determined not only by the scope of the patent claims described later, but also by the scope of this patent claim and equivalents.

The various embodiments of the present disclosure and the terms used herein are not intended to limit the technology described in the present disclosure to specific embodiments, and should be understood to include various modifications, equivalents, and/or replacements of the embodiments. In connection with the description of the drawings, similar reference numbers may be used for similar components. Singular expressions may include plural expressions, unless the context clearly dictates otherwise. In the present disclosure, expressions such as “A or B”, “at least one of A and/or B”, “A, B or C” or “at least one of A, B and/or C” refer to all of the items listed together. Possible combinations may be included. Expressions such as "first", "second", "first" or "second" can modify the corresponding components regardless of order or importance, and are only used to distinguish one component from another component. The components are not limited. When a component (e.g. a first) component is said to be "connected (functionally or communicatively)" or "connected" to another (e.g. a second) component, it means that the component is connected to the other component. It may be connected directly to a component or may be connected through another component (e.g., a third component).

The term “module” used in this disclosure includes a unit comprised of hardware, software, or firmware, and may be used interchangeably with terms such as logic, logic block, component, or circuit, for example. A module may be an integrated part, a minimum unit that performs one or more functions, or a part thereof. For example, a module may be comprised of an application-specific integrated circuit (ASIC).

Various embodiments of the present disclosure are software (e.g., program) including instructions stored in a machine (e.g., computer) readable storage media (e.g., internal memory or external memory). The device is a device capable of calling instructions stored from a storage medium and operating according to the called instructions, and may include a terminal according to various embodiments. When the instructions are executed by a processor, the processor The function corresponding to the instruction may be performed directly or using other components under the control of the processor. The instruction may include code generated or executed by a compiler or interpreter.

A storage medium that can be read by a device may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium does not contain signals and is tangible, and does not distinguish whether the data is stored semi-permanently or temporarily in the storage medium.

Methods according to various embodiments disclosed in the present disclosure may be included and provided in a computer program product. Computer program products are commodities and can be traded between sellers and buyers. The computer program product may be distributed on a machine-readable storage medium (e.g. compact disc read only memory (CD-ROM)) or online through an application store (e.g. Play Store™). In the case of online distribution, at least a portion of the computer program product may be at least temporarily stored or created temporarily in a storage medium such as the memory of a manufacturer's server, an application store's server, or a relay server. Each component (e.g., module or program) according to various embodiments may be composed of a single or plural entity, and some of the above-described sub-components may be omitted, or other sub-components may be variously used. Further examples may be included. Alternatively or additionally, some components (e.g., modules or programs) may be integrated into a single entity and perform the same or similar functions performed by each corresponding component prior to integration. According to various embodiments, operations performed by a module, program, or other component may be executed sequentially, in parallel, iteratively, or heuristically, or at least some operations may be executed in a different order, omitted, or other operations may be added. You can.

Claims (16)

In a wireless communication system, a method of a terminal with a built-in SSP (smart secure platform),
Obtaining an activation code including an SSP activation code and an embedded subscriber identity module (eSIM) activation code;
detecting an SSP activation code delimiter from the activation code;
detecting the SSP activation code from the activation code using the SSP activation code delimiter; and
downloading at least one of the bundle or applet using the SSP activation code,
The method wherein the activation code separator is used to distinguish the SSP activation code from the eSIM activation code. The method of claim 1, wherein the eSIM activation code is used by a local profile assistant (LPA) to download a profile to an embedded universal integrated circuit card (eUICC). According to claim 1,
The SSP activation code delimiter is located at the beginning of the SSP activation code,
In the activation code, the eSIM activation code is located before the SSP activation code. According to claim 1,
The SSP activation code delimiter is located at the end of the SSP activation code,
In the activation code, the eSIM activation code is located after the SSP activation code. The method of claim 1, wherein the SSP activation code includes at least one of a family identifier of the bundle, an address of a secondary platform bundle (SPB) management server from which the bundle is downloaded, or a matching identifier of the bundle. method. According to clause 5,
The family identifier of the bundle is a telecom family identifier,
The bundle is a telecom bundle,
A method, wherein the applet is a profile. The method of claim 1, wherein downloading at least one of the bundle or applet comprises downloading the at least one of the bundle or applet from a SPB management server via a local bundle assistant (LBA). The method of claim 1, wherein obtaining the activation code includes obtaining the activation code through at least one of scanning a quick response (QR) code, entering text, or linking. In a wireless communication system, in a terminal with a built-in SSP (smart secure platform),
Transmitter and receiver; and
Comprising at least one processor, wherein the at least one processor includes:
Obtain activation codes, including an SSP activation code and an embedded subscriber identity module (eSIM) activation code,
Detect the SSP activation code delimiter from the activation code,
Detecting the SSP activation code from the activation code using the SSP activation code delimiter,
Download at least one of the bundle or applet using the SSP activation code,
The activation code separator is used to distinguish the SSP activation code from the eSIM activation code. The terminal of claim 9, wherein the eSIM activation code is used to download a profile to an embedded universal integrated circuit card (eUICC) by a local profile assistant (LPA). According to clause 9,
The SSP activation code delimiter is located at the beginning of the SSP activation code,
In the activation code, the eSIM activation code is located before the SSP activation code. According to clause 9,
The SSP activation code delimiter is located at the end of the SSP activation code,
In the activation code, the eSIM activation code is located after the SSP activation code. The method of claim 9, wherein the SSP activation code includes at least one of a family identifier of the bundle, an address of a secondary platform bundle (SPB) management server from which the bundle is downloaded, or a matching identifier of the bundle. Terminal. According to claim 13,
The family identifier of the bundle is a telecom family identifier,
The bundle is a telecom bundle,
The applet is a profile, a terminal. The terminal of claim 9, wherein the at least one processor downloads at least one of the bundle or the applet from the SPB management server through a local bundle assistant (LBA). The terminal of claim 9, wherein the at least one processor obtains the activation code through at least one of scanning a quick response (QR) code, entering text, or linking.

Images