KR20180062923A - APPARATUS AND METHODS TO INSTALL AND MANAGE eSIM PROFILES - Google Patents

Abstract

The present invention relates to a communication technique for fusing a 5G communication system for supporting a higher data transfer rate than a 4G system with an IoT technology, and a system thereof. The present invention can be applied to intelligence type services (for example, a smart home, a smart building, a smart city, a smart car, or a connected car, healthcare, digital education, retail business, security and safety related services, etc.) based on a 5G communication technology and an IoT related technology. The present invention discloses a device and a method for securely providing a profile to a terminal in a communication system. A method for controlling a terminal comprises the following steps of: transmitting a terminal authentication request message including information on operation type requested by a server; receiving a terminal authentication response message including the information corresponding to the arbitrary operation type based on the terminal authentication request message from the server; and performing an arbitrary operation based on the terminal authentication response message.

Description

[0001] APPARATUS AND METHODS TO INSTALL AND MANAGE eSIM PROFILES [0002]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and apparatus for communication connection by downloading and installing a communication service to a terminal in a communication system. The present invention also relates to a method and apparatus for downloading, installing and managing a profile on-line in a communication system.

Efforts are underway to develop an improved 5G or pre-5G communication system to meet the growing demand for wireless data traffic after commercialization of the 4G communication system. For this reason, a 5G communication system or a pre-5G communication system is called a system after a 4G network (Beyond 4G network) communication system or after a LTE system (Post LTE). To achieve a high data rate, 5G communication systems are being considered for implementation in very high frequency (mmWave) bands (e.g., 60 gigahertz (60GHz) bands). In order to mitigate the path loss of the radio wave in the very high frequency band and to increase the propagation distance of the radio wave, in the 5G communication system, beamforming, massive MIMO, full-dimension MIMO (FD-MIMO ), Array antennas, analog beam-forming, and large scale antenna technologies are being discussed. Further, in order to improve the network of the system, the 5G communication system has developed an advanced small cell, an advanced small cell, a cloud radio access network (cloud RAN), an ultra-dense network (D2D), a wireless backhaul, a moving network, a cooperative communication, Coordinated Multi-Points (CoMP), and interference cancellation ) Are being developed. In addition, in the 5G system, the Advanced Coding Modulation (ACM) scheme, Hybrid FSK and QAM Modulation (FQAM) and Sliding Window Superposition Coding (SWSC), the advanced connection technology, Filter Bank Multi Carrier (FBMC) (non-orthogonal multiple access), and SCMA (sparse code multiple access).

On the other hand, the Internet is evolving into an Internet of Things (IoT) network in which information is exchanged between distributed components such as objects in a human-centered network where humans generate and consume information. IoE (Internet of Everything) technology, which combines IoT technology with big data processing technology through connection with cloud servers, is also emerging. In order to implement IoT, technology elements such as sensing technology, wired / wireless communication, network infrastructure, service interface technology and security technology are required. In recent years, sensor network, machine to machine , M2M), and MTC (Machine Type Communication). In the IoT environment, an intelligent IT (Internet Technology) service can be provided that collects and analyzes data generated from connected objects to create new value in human life. IoT is a field of smart home, smart building, smart city, smart car or connected car, smart grid, health care, smart home appliance, and advanced medical service through fusion of existing information technology . ≪ / RTI >

Accordingly, various attempts have been made to apply the 5G communication system to the IoT network. For example, technologies such as a sensor network, a machine to machine (M2M), and a machine type communication (MTC) are implemented by techniques such as beamforming, MIMO, and array antennas It is. The application of the cloud RAN as the big data processing technology described above is an example of the convergence of 5G technology and IoT technology.

A UICC (Universal Integrated Circuit Card) is a smart card inserted into a mobile communication terminal or the like and is also called a UICC card. And a connection control module for connecting to the network of the mobile communication provider may be included in the UICC. Examples of such access control modules include a Universal Subscriber Identity Module (USIM), a Subscriber Identity Module (SIM), and an IP Multimedia Service Identity Module (ISIM). A UICC containing a USIM is also commonly referred to as a USIM card. Similarly, a UICC that includes a SIM module is also commonly referred to as a SIM card. In the following description of the present invention, a SIM card will be used in a conventional sense including a UICC card, a USIM card, a UICC including an ISIM, and the like. That is, even if the SIM card is a SIM card, its technical application can be equally applied to a USIM card, an ISIM card, or a general UICC card.

The SIM card stores personal information of the mobile communication subscriber and performs subscriber authentication and traffic security key generation when accessing the mobile communication network, thereby enabling secure mobile communication use.

At the time of proposing the present invention, the SIM card is generally manufactured as a dedicated card for a specific operator upon request of a specific mobile communication provider at the time of manufacturing a card, and is provided with authentication information for network connection of the provider, for example, USIM Universal Subscriber Identity Module) application, International Mobile Subscriber Identity (IMSI), K-value, and OPc value are pre-loaded on the card. Accordingly, the manufactured SIM card is supplied by the mobile communication provider to the subscriber, and if necessary, performs management such as installation, modification, and deletion of the application in the UICC using OTA (Over The Air) can do. The subscriber can insert the UICC card into the owned mobile communication terminal and use the network and application service of the corresponding mobile communication provider. When the terminal is replaced, the UICC card is moved from the existing terminal to the new terminal, Authentication information, mobile communication telephone number, personal telephone directory, and the like can be used as they are in a new terminal.

However, the SIM card is inconvenient for a user of a mobile communication terminal to receive services of another mobile communication company. The user of the mobile communication terminal has to physically acquire the SIM card to receive the service from the mobile communication service provider. For example, when traveling to another country, it is inconvenient to obtain a local SIM card in order to receive local mobile communication services. The roaming service solves the above inconvenience to a certain extent, but there is also a problem that the service can not be received if the contract is not made between the service provider and the service provider.

On the other hand, when the SIM module is remotely downloaded and installed in the UICC card, the inconvenience can be largely solved. That is, the SIM module of the mobile communication service desired to be used by the user at a desired point of time can be downloaded to the UICC card. The UICC card can also download and install a plurality of SIM modules, and select and use only one of the SIM modules. Such a UICC card may or may not be fixed to the terminal. In particular, a UICC fixed to a terminal is called an euICC (embedded UICC). Typically, the eUICC means a UICC card that can be fixed to a terminal and remotely download and select a SIM module. In the present invention, a UICC card that can download and select a SIM module remotely will be referred to as an eUICC. In other words, the UICC card which can be remotely downloaded and selected from the UICC cards, which is fixed or not fixed to the terminal, will be collectively used as the eUICC. Also, I will use the term "eUICC profile" collectively for the downloaded SIM module information.

Disclosure of Invention Technical Problem [8] The present invention provides a method and an apparatus for a communication connection by selecting a communication service in a communication system. It is another object of the present invention to provide a method and apparatus for downloading, installing, and managing a profile for online connection of a terminal in a communication system. The present invention also provides an apparatus and method for securely providing a profile to a terminal in a communication system.

Particularly, the present invention proposes a solution of the following part for the above purpose.

- How the terminal sends a message requesting profile download or profile remote management to the profile management server (SM-DP +)

- A method of returning reference information to be used when the profile management server (SM-DP +) selectively returns the profile download or profile remote management to the terminal and the terminal generates profile download or profile remote management request message to be transmitted to the next step

- A message exchange procedure between the terminal and the profile management server (SM-DP +)

In a wireless communication system according to an exemplary embodiment of the present invention, a terminal includes an input unit (User Interface unit) for displaying a type of an event (profile download or profile remote management) , An identifier (EID) of the eUICC in the terminal, an identifier (EventRequestType) indicating the type of event to be performed by the terminal, an identifier (RPMConfig) indicating whether the terminal permits profile remote management And a transmitter capable of transmitting at least one of an identifier (ICCID) of a profile to be subjected to profile remote management by the terminal and an identifier (OperatorID) of a provider providing a current communication service to the terminal, In response, one or more events to be performed by the terminal from the profile management server (SM-DP +) and one A display unit for displaying information on one or more events to be performed by the terminal to a user and inputting a user's consent for performing the events, (User Interface Unit), and includes a control unit for determining whether to proceed or stop performing the at least one event based on the inputted agreement, and when it is determined to proceed with the execution of the event (SM-DP +), and a transmission unit. The terminal includes a control unit for performing an event, and includes a control unit and a transmission unit that can transmit the result of the event to the profile management server (SM-DP + A control unit and a transmission unit capable of transmitting a message requesting the next event to the profile management server (SM-DP +) .

The profile management server SM-DP + in the wireless communication system according to the embodiment of the present invention includes an event storage for storing events (profile download or profile remote management) to be performed by the eUICC of the terminal, (EID) of an e-UICC in the terminal, an identifier (EventRequestType) indicating a type of an event to be performed by the terminal, and an identifier An identifier (RPMConfig) indicating whether the terminal permits profile remote management, an identifier (ICCID) of a profile to be subjected to profile remote management by the terminal, and an identifier (OperatorID) of a provider providing a current communication service to the terminal A receiver capable of receiving one or more euICC authentication information, and a receiver capable of receiving eUICC authentication information including a signature And a determination unit for selecting one or more events to be performed by the terminal by comparing the priority of the events stored in the event storage of the profile management server (SM-DP +) with the messages of the terminal including the prize, And a determination unit for determining the type and number of one or more events to be performed by the terminal during a stored event, wherein the terminal determines whether one or more events to be performed by the terminal and one or more types and numbers And a receiver capable of receiving at least one event from the terminal and receiving a message requesting the next event from the terminal, the receiver comprising: a transmitter capable of transmitting at least one event,

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are not restrictive of the invention, unless further departing from the spirit and scope of the invention as defined by the appended claims. It will be possible.

According to the embodiment of the present invention, in the communication system, the terminal informs the profile management server (SM-DP +) of the input of the current user and the terminal must perform the profile download from the profile management server (SM-DP + The user can selectively receive an event to be performed, and receive guidance on an event to be performed next. Accordingly, if more than one event (profile download or profile remote management) is waiting in the profile management server (SM-DP +), the terminal can automatically request and receive the next event and perform the event.

1 is a diagram illustrating a method for connecting a terminal to a mobile communication network using a UICC on which a fixed profile is installed.
2 is a diagram illustrating a message exchange procedure between a terminal and a profile server when one or more profiles are installed through a profile server.
3 is a diagram illustrating a message exchange procedure between a terminal and a profile server when one or more profiles are installed through the profile server and one or more profile remote management is performed.
4 is a diagram illustrating a method of specifying an event type corresponding to a command input by a user when a terminal requests an event to a profile server according to an embodiment of the present invention.
5 is a diagram illustrating a method for a profile server to manage an event repository in accordance with one embodiment of the present invention.
6 is a diagram illustrating a method for setting whether a profile server can bundle one or more events according to an embodiment of the present invention.
7 is a diagram illustrating a method for delivering an event to be performed when a profile server configures an event response message according to an embodiment of the present invention.
8 is a diagram illustrating a method of delivering an event to be performed next when a profile server configures an event response message according to an embodiment of the present invention.
9 is a diagram illustrating a procedure in which a profile server configures an event response message according to an embodiment of the present invention.
10, 11, and 12 are diagrams illustrating a message procedure in which a terminal and a profile server sequentially receive and perform one or more events according to an embodiment of the present invention.
13 is a diagram illustrating a procedure in which a terminal requests a 'download profile' to a server and receives a response thereto according to an embodiment of the present invention.
FIG. 14 is a diagram illustrating a procedure in which a terminal requests a 'profile remote management' to a server and receives a response thereto according to an embodiment of the present invention.
15 is a diagram illustrating a procedure in which a terminal requests all kinds of events to a server and receives a response thereto according to an embodiment of the present invention.
FIG. 16 is a diagram illustrating a method for sequentially processing events after a terminal acquires data for all events according to an embodiment of the present invention. Referring to FIG.
17 is a diagram illustrating a method in which a terminal acquires and processes data for each event according to a reception order of events according to an embodiment of the present invention.
18 is a diagram illustrating a method for a profile server to create and attach a separate signature to each profile remote management and profile summary information data according to one embodiment of the present invention.
19 is a diagram showing a method of specifying a processing order of each data while a profile server creates and attaches a separate signature to each profile remote management and profile summary information data according to an embodiment of the present invention.
20 is a diagram illustrating a method in which a profile server creates and attaches a common signature to each of a plurality of profile remote management and profile summary information data according to an embodiment of the present invention.
21 is a diagram showing a method of specifying a processing order of each data while the profile server creates and attaches a common signature to a part of each profile remote management and profile summary information data according to an embodiment of the present invention.
Figures 22 and 23 are diagrams illustrating a method for generating a signature and arranging data in accordance with various embodiments of the present invention.
24A, 24B and 26 illustrate a method of configuring a user interface (UI) on a terminal according to various embodiments of the present invention.
28 is a block diagram illustrating components of a terminal according to an embodiment of the present invention.
29 is a block diagram illustrating components of a server according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

In the following description of the embodiments of the present invention, descriptions of techniques which are well known in the technical field of the present invention and are not directly related to the present invention will be omitted. This is for the sake of clarity of the present invention without omitting the unnecessary explanation.

The specific terminology used in the following description is provided to aid understanding of the present invention, and the use of such specific terminology may be changed into other forms without departing from the technical idea of the present invention.

First, terms used in this specification will be defined.

In this specification, the UICC is a smart card inserted into a mobile communication terminal, and stores personal information such as network connection authentication information, a phone book, and SMS of a mobile communication subscriber. When the subscriber is connected to a mobile communication network such as GSM, WCDMA, LTE, Authentication and traffic security key generation to enable safe mobile communication. The UICC is equipped with a communication application such as SIM (Subscriber Identification Module), USIM (Universal SIM), and ISIM (IP Multimedia SIM) depending on the type of the mobile communication network to which the subscriber accesses. It can provide a high-level security function for mounting various application applications.

In this specification, the eUICC (embedded UICC) is a chip-type security module embedded in a non-detachable terminal capable of being inserted into or detached from a terminal. eUICC can download and install profiles using OTA (Over The Air) technology. The eUICC can be named UICC, which can download and install profiles.

In this specification, a method of downloading and installing a profile using the OTA technology in the eUICC can be applied to a removable UICC capable of being inserted and removed in a terminal. That is, the embodiment of the present invention can be applied to a UICC that can download and install a profile using OTA technology.

As used herein, the term UICC may be intermixed with SIM, and the term eUICC may be intermixed with eSIM.

In the present specification, a profile may mean that an application, a file system, an authentication key value, etc. stored in the UICC are packaged in a software form.

In the present specification, the USIM Profile may mean the same meaning as the profile, or the information contained in the USIM application in the profile is packaged in software form.

In the present specification, the profile providing server includes a function of generating a profile, encrypting a generated profile, generating a profile remote management command, or encrypting a generated profile remote management command, and includes a Subscription Manager Data Preparation (SM-DP) , Profile Manager (SM-DP +), Off-card entity of Profile Domain, Profile Encryption Server, Profile Creation Server, Profile Provisioner, Profile Provider, Profile Provisioning Credentials holder).

In this specification, the profile management server includes a Subscription Manager Secure Routing (SM-SR), a Subscription Manager Secure Routing Plus (SM-SR +), an off-card entity of an eUICC Profile Manager or a PMC holder (Profile Management Credentials holder) ). ≪ / RTI >

In the present specification, when referring to the profile providing server, the combination of the functions of the profile management server may be collectively referred to. Therefore, it is needless to say that, in various embodiments of the present invention, the operation may be performed in the profile management server with respect to the operation of the profile providing server in the following description. Similarly, it goes without saying that the operation of describing the profile management server or the SM-SR may be performed by the profile providing server.

The term " terminal " as used herein includes a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber unit , A subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit / receive unit (WTRU), a mobile node, a mobile, or other terminology. Various embodiments of the terminal may be used in various applications such as cellular telephones, smart phones with wireless communication capabilities, personal digital assistants (PDAs) with wireless communication capabilities, wireless modems, portable computers with wireless communication capabilities, Devices, gaming devices with wireless communication capabilities, music storage and playback appliances with wireless communication capabilities, Internet appliances capable of wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions have. The terminal may include an M2M (Machine to Machine) terminal, an MTC (Machine Type Communication) terminal / device, but is not limited thereto. In this specification, the terminal may be referred to as an electronic device.

In this specification, an electronic device can be embedded with an installable UICC by downloading a profile. If the UICC is not embedded in the electronic device, the UICC physically separated from the electronic device may be inserted into the electronic device and connected to the electronic device. For example, a UICC in the form of a card may be inserted into an electronic device. The electronic device may include the terminal, and the terminal may be a terminal including a UICC that can download and install a profile. In addition to being able to embed the UICC in the terminal, if the terminal and the UICC are separated, the UICC can be inserted into the terminal and inserted into the terminal and connected to the terminal. An installable UICC by downloading a profile may be referred to as eUICC, for example.

In this specification, the terminal or the electronic device may include software or an application installed in the terminal or the electronic device to control the UICC or the eUICC. The software or application may be referred to, for example, as a Local Profile Assistant (LPA).

In this specification, the profile delimiter includes a Profile ID, an Integrated Circuit Card ID (ICCID), a Matching ID, an Event ID, an Activation Code, an Activation Code Token, an ISD-P Or a Profile Domain (PD). The Profile ID can represent a unique identifier of each profile. The profile delimiter may include an address of a profile providing server (SM-DP +) capable of indexing a profile.

In this specification, the eUICC identifier (eUICC ID) may be the unique identifier of the eUICC embedded in the terminal and may be referred to as EID. In addition, if the provisioning profile is pre-installed in the eUICC, it may be an identifier of the corresponding provisioning profile (Provisioning Profile's Profile ID). Also, as in the embodiment of the present invention, if the terminal and the eUICC chip are not separated, the terminal ID may be used. It may also refer to a specific secure domain of the eUICC chip.

In this specification, a Profile Container can be named as a Profile Domain. The Profile Container may be a Security Domain.

In this specification, an APDU (application protocol data unit) may be a message for a UE to interwork with an eUICC. Also, the APDU may be a message for the PP or PM to cooperate with the eUICC.

In this specification, Profile Provisioning Credentials (PPC) may be a means used for mutual authentication and profile encryption and signature between the profile providing server and the eUICC. The PPC includes at least one of a symmetric key, a Rivest Shamir Adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a Root certification authority (CA) . When there are a plurality of profile providing servers, different PPCs may be stored or used in the eUICC for each of a plurality of profile providing servers.

 In this specification, the PMC (Profile Management Credentials) may be a means used for mutual authentication and encryption between the profile management server and the eUICC and transmission data encryption and signature. The PMC may include one or more of a symmetric key, an RSA certificate and a private key, an ECC certificate and private key, a Root CA, and a certificate chain. When there are a plurality of profile management servers, different PMCs may be stored or used in the eUICC for each of the plurality of profile management servers.

In this specification, the AID may be an application identifier. This value can be a delimiter that identifies different applications within the eUICC.

In this specification, an event may be a term collectively referred to as a profile download or a remote profile management or other profile or management / processing instruction of an eUICC. Profile Download (Profile Download) can be mixed with Profile Installation. Also, the event type can be used as a term indicating whether a specific event is a profile download, a remote profile management, another profile, or an eUICC management / processing command. The event type may be an operation type or an operation type, Class or OperationClass), an Event Request Type, an Event Class, and an Event Request Class.

In this specification, a Profile Package may be used as a term to denote a data object of a specific profile or mixed with a profile, and may be named a Profile TLV or a Profile Package TLV. A protected profile package (PPP) or a protected profile package TLV (PPP TLV) if the profile package is encrypted using encryption parameters. When a profile package is encrypted using an encryption parameter that can be decrypted only by a specific eUICC, it can be named a Bound Profile Package (BPP) or a Bundled Profile Package TLV (BPP TLV). The profile package TLV may be a data set (set) representing information constituting a profile in the TLV (Tag, Length, Value) format.

In this specification, the Remote Profile Management (RPM) includes a Profile Remote Management, a Remote Management, a Remote Management Command, a Remote Command, a Remote Profile Management Package (RPM Package), a Profile Remote Management Package, a Remote Management Package, a Remote Management Command Package, and a Remote Command Package. RPM can be used to change the state of a particular profile (Enabled, Disabled, Deleted), or to update the contents of a particular profile (for example, Profile Nickname or Profile Metadata) It can be used for applications. The RPM may include one or more remote management commands, in which case the profiles subject to each remote management command may be the same or different for each remote management command.

In this specification, the AKA may represent an authentication and key agreement, and may represent an authentication algorithm for accessing the 3GPP and 3GPP2 networks.

In the present specification, K is a cryptographic key value stored in the eUICC used in the AKA authentication algorithm.

In the present specification, OPc is a parameter value that can be stored in the eUICC used in the AKA authentication algorithm.

In this specification, the NAA is a network access application application, and may be an application program such as a USIM or ISIM for storing in a UICC and connecting to a network. The NAA may be a network connection module.

In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

1 is a diagram illustrating a method of connecting a mobile communication network of a terminal using a UICC on which a profile fixed to the terminal is mounted.

Referring to FIG. 1, a UICC 120 may be inserted into a terminal 110. At this time, the UICC may be detachable or unintentionally embedded in the terminal. The fixed profile of the UICC on which the fixed profile is mounted means that the 'connection information' that can be connected to a specific communication company is fixed. The access information may be, for example, the K or Ki value required to authenticate the network with the IMSI and the subscriber identifier, which are the subscriber identifiers.

Then, the terminal can perform authentication with the authentication processing system of the mobile communication company (for example, HLR (home location register) or AuC) using the UICC. The authentication process may be an Authenticide and Key Agreement (AKA) process. If the authentication is successful, the terminal can use the mobile communication service such as telephone or mobile data using the mobile communication network 130 of the mobile communication system.

2 is a diagram illustrating a message exchange procedure between the terminal 230 and the profile server 250 when one or more profiles are installed through the profile server.

Referring to FIG. 2, in step 201, the terminal 230 receives a "Profile Profile" command from the user and performs a TLS connection and a Mutual Authentication procedure with the profile server 250 in step 203 can do. In step 205, the UE may transmit the eUICC identifier (EID) of the UE to the final procedure of the mutual authentication procedure. In step 207, the profile server can check the list of events to be installed in the corresponding terminal through the EID. In step 209, the profile server can select the event having the highest priority among the list of events (profile 1 installed in this embodiment). In step 211, the profile server may return summary information of the selected profile to the terminal. In step 213, the terminal displays the profile summary information to the user to obtain a user agreement on the profile installation. In step 215, the terminal may transmit the user agreement to the profile server to receive the profile package. In step 217, the terminal successfully installs the profile package and can transmit the result to the profile server in step 219.

The profile package installation procedure can not inform the terminal that there is more waiting events in the profile server after the execution and processing of the specific event when one or more events are waiting in the profile server. In addition, the user has to input the "Add Profile" command several times to the terminal in order to install one or more profiles.

3 is a diagram illustrating a message exchange procedure between the terminal 230 and the profile server 250 when one or more profiles are installed through the profile server and one or more remote management is performed.

3, the terminal 230 receives a "Add PRofile" command from the user in step 301, and performs a TLS connection and a mutual authentication procedure with the profile server 250 in step 303 can do. In step 305, the terminal may transmit the eUICC identifier (EID) of the UE to the last procedure of the mutual authentication procedure. In step 307, the profile server can confirm a list (profile or remote management) of events to be installed in the corresponding terminal through the EID. In step 309, the profile server can select the event having the highest priority among the event list (remote management 1 in this embodiment). In step 311, the profile server may return the selected remote management command to the terminal. In step 313, the terminal can perform the received remote management command. In step 315, the terminal may transmit the execution result of the remote management command to the profile server.

The profile installation and remote management execution procedure can not inform the terminal that there is more waiting event in the profile server after the execution and processing of the specific event when one or more events are waiting in the profile server. In addition, according to the present embodiment, although the user has issued the "Add Profile" command to the terminal in step 301, the terminal first receives the remote management command, which is the highest priority event from the profile server, So that the user is confused.

4 is a diagram illustrating a method of specifying an event type corresponding to a command inputted by a user when the terminal 230 requests an event to the profile server 250 according to the application of the present invention.

Referring to FIG. 4, in step 401, the terminal may receive a "Profile Profile" command from the user. In step 403, the terminal may complete the TLS security association and mutual authentication procedure with the profile server, and may request an event by specifying an event type corresponding to the profile download. At this time, the event type may be represented by text ("ProfileDownload" in the present embodiment), or by one of the numerical enumerations corresponding thereto. For example, if the numeric string "0, 1" corresponds to "profile download" and "profile remote management", the number "0" can be used instead of the text "ProfileDownload". In step 403, the terminal informs the profile server whether the current user has activated the profile remote management function of the terminal, or may announce the identifier (Operator ID) of the provider currently providing the communication service to the terminal have. In step 405, the profile server can select a profile installation event having a high priority according to the request of the terminal. The event type, whether to activate the profile management function, how to use the business entity identifier information by the profile server, and how to manage the event priority will be described in detail in the following embodiments.

Referring to FIG. 4, in step 407, the terminal may receive a "Refresh Profile" command from the user. In step 409, the terminal may complete the TLS security association and mutual authentication procedure with the profile server, and may request an event by specifying the event type corresponding to the profile remote management. At this time, the event type may be represented by text ("RPM" in the present embodiment) or by one of the numerical enumerations corresponding thereto. For example, if the numeric string "0, 1" corresponds to "profile download" and "profile remote management", the number "1" can be used instead of the text "RPM". In step 409, the terminal informs the profile server whether the current user has activated the profile remote management function of the terminal, or may announce the identifier (Operator ID) of the provider providing the current communication service to the terminal have. In step 411, the profile server may select a profile remote management event having a high priority according to a request of the terminal. The event type, whether to activate the profile management function, how to use the business entity identifier information by the profile server, and how to manage the event priority will be described in detail in the following embodiments.

Referring to FIG. 4, in step 413, the terminal may receive an "Update All" command from the user. In step 415, the terminal completes the TLS security association and mutual authentication procedure with the profile server, and requests the event by specifying the event type corresponding to the profile download and profile remote management. At this time, the event type may be represented by a single text ("ANY" in the present embodiment), a value of one or more of the corresponding numeric columns, or a combination of the methods used in the profile download or profile remote management . For example, when the text of "ProfileDownload, RPM" is used instead of the text "ANY", or when the numeric string "0, 1, 2" corresponds to "download profile", "profile remote management" The number '2' can be used, or the numeric string '0, 1' can be used. In step 415, the terminal informs the profile server whether the current user has activated the profile remote management function of the terminal, or may announce the identifier (Operator ID) of the provider providing the current communication service to the terminal have. In step 417, the profile server may select a high priority event (profile download or profile remote management) according to the request of the terminal. The event type, whether or not to activate the profile management function, how the profile server utilizes the business entity identification information, and how to manage the event priority will be described in detail in the following embodiments.

5 is a diagram showing how a profile server manages an event storage according to the application of the present invention.

Referring to FIG. 5, the profile server may manage an event storage classified by an eUICC identifier (EID). Each event repository may store one or more events that the eUICC (or terminal) should perform ('profile download' or 'profile remote management'). Also, the events stored in each event repository have respective priorities, and the method of estimating the priority may follow one or more of the following examples, but is not limited to the following list.

 - The order in which events are registered in the event repository

 - Priority value assigned when the carrier registers an event

 - the type of event (for example, profile download may have a higher priority than profile remote management)

 - Priority value that the profile server arbitrarily judges and assigns

Also, if one or more events have the same priority, the profile server may sort the events in any order. In the embodiment of the present invention, the priority of the event is managed in the form of First-In First-Out (FIFO) according to the order in which the event is registered in the event store. However, May be estimated in various ways.

6 is a diagram illustrating a method for setting whether a plurality of events can be bundled into one message when the profile server transmits one or more events to the terminal according to the application of the present invention.

Referring to FIG. 6, the profile server can manage a chart for setting whether to transmit a specific event type and a different event type according to an event type.

Referring to FIG. 6A, the profile server may be configured to group all events and send them regardless of the event type.

Referring to FIG. 6B, the profile server permits only group remote management events to be bundled and transmitted, and bundles and transmits profile download events, or does not allow a bundle of profile download events and profile remote management events to be transmitted.

Referring to FIG. 6C, the profile server permits only the profile remote management event and the profile download event to be bundled and transmitted, and it can be set not to bundle the profile download events or to transmit the profile remote management events together.

Referring to FIG. 6D, the profile server may not allow any event to be bundled and transmitted.

Although the example of two kinds of events is described in the present embodiment, it is needless to say that, when the number of types of events is increased to three or more as described above, the size of the diagram may be increased accordingly. Also, it should be noted that the setting of whether or not to transmit a bundle for each event type is not limited to the example of the bundle transmission setting for each event type shown in FIGS. 6A to 6D, and may be set differently depending on the combination of events to be bundled.

FIG. 7 is a diagram illustrating a 'Current Events' event and a 'Next Event' waiting for event storage in the terminal, according to the application of the present invention. Is configured to configure a 'current event' information when the profile server constructs a response message to be returned to the terminal.

Referring to FIG. 7, in step 701, the terminal 230 may transmit an event request message to the profile server 250. The configuration and detailed description of the event request message will be referred to the embodiment of FIG. In response to the event request message of the terminal, in step 703, the profile server stores one or more 'Current Events' selected according to the priority in the event repository and information of events remaining in the event repository Can be used to configure an event response message. At this time, selection of the current event can be performed as follows according to the event type specified in the event request message of the terminal, the event storage state of the profile server, and the priority transmission permission setting.

The profile server may manage a priority setting table that allows an event of lower priority to be transmitted to the terminal before the higher priority event, depending on each event kind.

Referring to FIG. 7A, even if the profile download event is lower in priority than the profile remote management event, the terminal can be transmitted first to the terminal if the terminal requests it, but if the profile remote management event has a lower priority than the profile download event, It can be set such that it can not be transmitted first to the terminal. At this time, if the event priority of the event repository is sorted in the same order as the embodiment of the profile server 250, if the terminal explicitly requests the profile download event, the profile download event (Profile 1) Second and third priority RMM events RPM1 and RPM2 and may be transmitted to the terminal via the 'Current Event' field. In this case, the remaining events RPM1, RPM2, RPM3, and Profile2 may be included in 'Next Events' according to the embodiment of FIG. 8 to be described later.

Referring to FIG. 7B, except for the priority of an event, any event can be set so that it can not be transmitted prior to other events. At this time, if the event priority of the event repository is sorted in the same order as the embodiment of the profile server 250, even if the terminal explicitly requests the profile download event, the profile remote management event RPM1, which is the highest priority event, Therefore, the 'Current Event' field becomes an empty field so that no event may be transmitted to the terminal. In this case, the remaining events RPM1, RPM2, Profile1, RPM3, and Profile2 may be included in 'Next Events' according to the embodiment of FIG. 8 to be described later.

7A and FIG. 7B, only one event is selected according to whether or not transmission is first set. However, as described above in the embodiment of FIG. 6, one or more events may be selected . For example, in addition to the embodiment of FIG. 7A, if the bundle transmission of the profile download event is enabled as in the embodiment of FIG. 6A, the 'Current Events' field in step 703a of FIG. Download events (Profile1 and Profile2) may be transmitted simultaneously.

FIG. 8 is a diagram illustrating a 'Current Events' event and a 'Next Event' waiting for event storage in the terminal, according to the application of the present invention. And 'Next Events' when the profile server configures the response message to be returned to the terminal,

Referring to FIG. 8, in step 801, the terminal 230 may transmit an event request message to the profile server 250. The configuration and detailed description of the event request message will be referred to the embodiment of FIG. In response to the event request message of the terminal, in step 803, the profile server stores one or more 'Current Events' selected according to the priority in the event repository, and information on events remaining in the event repository Can be used to configure an event response message. At this time, although one remote management event (RPM1) is selected in accordance with the request of the terminal in the present embodiment regarding the selection of the current event, according to the bundle transmission availability setting of the profile server One or more events may be selected and the event type specified in the event request message of the terminal may be retrieved from the event repository and transmitted prior to the highest priority event as in the embodiment of FIG. Further, the information of the next event can be composed in a complex manner using one or more of the following information elements, and the information elements that can be used are not limited thereto.

 - Event type of the highest priority event among the remaining events

 - Event type of one or more residual events

 - Presence of one or more residual events

 - Number of each event type when classifying the residual event by event type

For example, in the embodiment of FIG. 8, when only the event type of the highest priority event is returned, the event response message may be configured as follows.

 - Current Events = RPM1, Next Events = "RPM"

As another example, in the embodiment of FIG. 8, when returning the event type of all remaining events, the event response message may be configured as follows.

 - Current Events = RPM1, Next Events = "RPM, ProfileDownload, RPM, ProfileDownload"

As another example, in the embodiment of FIG. 8, when the remaining events are classified according to the event types and the number of each event type is returned, the event response message may be configured as follows.

 - Current Events = RPM1, Next Events = "RPM (2), ProfileDownload (2)"

As another example, in the embodiment of FIG. 8, when returning that one or more remaining events remain regardless of the event type, the event response message may be configured as follows.

 - Current Events = RPM1, Next Events = TRUE

In the embodiment, the text ("RPM" or "ProfileDownload") is used for the representation of the event type, but it is needless to say that the text as well as the numeric string can be used as described above in the embodiment of FIG. In addition, when it is desired to inform the terminal that one or more events exist regardless of the event type, a binary Boolean having true / false (TRUE / FALSE) may be used instead of the text or numeric string.

FIG. 9 is a flow chart illustrating an event response message for an event request message of a terminal according to the application of the present invention by referring to the event bundle transmission and event priority transmission setting described in the embodiments of FIGS. 6 to 8 Fig.

Referring to FIG. 9, in step 901, the profile server may receive an event request message from the terminal. According to the embodiment of FIG. 4, the event request message may specify the type of event requested by the terminal and whether the profile remote management function is activated / deactivated (On / Off) in the current terminal.

If the confirmation of step 913 is unsuccessful after the execution of step 901, the profile server, in step 903, sets events in the event repository corresponding to the eUICC of the terminal that transmitted the event request message according to the embodiment of FIG. 5 You can sort by rank order.

In step 905, the profile server determines whether the type of the highest priority event in the event repository matches the type of the event requested by the terminal in step 901. [

If the checking procedure in step 905 fails or the checking procedure in step 909 is successful, in step 907, the profile server analyzes the event corresponding to the event type requested by the terminal according to the embodiment of FIG. 7, Make sure you can send in priority over my highest priority event.

If the checking procedure in step 907 is successful, in step 915, the profile server searches for events having the highest priority among the events matching the event type requested by the terminal in the event repository.

In step 905, the profile server determines whether the event is a profile remote management event. In step 901, the profile server remote management function of the current terminal is added to the event request message of the terminal received in step 901 Make sure it is disabled (Off).

If the verification procedure in step 909 fails, the profile server extracts the event from the event repository according to the embodiment of FIG. 7 described above and adds the event to the 'Current Events' field.

After step 911, the profile server confirms in step 913 whether other events can be bundled with the corresponding events according to the embodiment of FIG.

If the confirmation procedure of step 913 fails or the confirmation procedure of step 907 fails, the profile server configures a 'Next Events' field according to the embodiment of FIG. 8 in step 917.

After step 917, the profile server may transmit an event response message including 'Current Events' and 'Next Events' to the terminal in step 919. If it fails to transmit the event response message or receives a reply to the processing failure of the event response message from the terminal in the future, the profile server may restore the event extraction operation in the event store in step 911 performed one or more times .

10 is a diagram illustrating an example of a procedure in which the terminal 230 sequentially receives and executes one or more events from the profile server 250 according to the application of the present invention. In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated, the event repository of the profile server is arranged according to the event registration time order, The management event can not be bundled, but the profile download event can be bundled, and any event can not be transmitted prior to priority, and the configuration of the 'next event' only describes the event type of the highest priority event in the event store .

Referring to FIG. 10, in step 1001, the terminal may receive a command for "Add Profile" from the user.

In step 1003, the terminal performs a TLS secure connection and a mutual authentication procedure with the profile server, and may request a profile download event to the profile server according to the request of the user according to the embodiment of FIG.

In step 1005, the profile server may notify the terminal that one or more profile remote management events are waiting with the profile download event (ICCID2), which is the highest priority event of the event repository, according to the embodiments of FIGS. 6 to 9 described above.

In step 1007, the terminal can establish a profile (ICCID2) according to the received profile download event.

In step 1009, the terminal may transmit the execution result (i.e., the installation result of the profile (ICCID2 Installation Result)) to the profile server for the profile download event that has been performed.

In step 1011, the profile server can inform the terminal that the event execution result has been successfully received. Also, the profile server may notify the terminal of 'Next Events' remaining in the event store in step 1011 as well as step 1005. The two types of messages that announce 'Next Events' are mutually complementary and may announce 'next event' in both messages, or announce 'next event' in only one of the two messages. If you announce 'next event' in both messages, the 'next event' list in the two messages may be different. For example, if the priority of the events in the event repository of the profile server is changed during the execution of steps 1007 to 1009 after the message transmission in step 1005, the 'next event' list included in the message of step 1011 may be changed.

In step 1013, the terminal may request an event to be performed next to the profile server again according to the 'next event' list announced by the profile server in steps 1005 to 1011. When transmitting the re-request message, if the TLS security association and the mutual authentication procedure between the MS and the profile server in step 1003 are still valid, the MS may omit the TLS security association and the mutual authentication procedure with the profile server. Also, the terminal informs the user that it is going to request an event to the profile server, if necessary, and transmits the event request message to the profile server after obtaining the user's agreement. If the user does not agree, the terminal may terminate the procedure without further requesting an event. If the event to be performed next is a profile remote management event according to the 'next event' list, since the identifier of the profile to be the target of the event is not clear, the terminal sets the event request type (EventReqType) And may not specify a profile identifier. A method that does not specify a profile identifier may be to send a NULL string or not to transmit a profile identifier field.

In step 1015, the profile server may notify the terminal that one or more profile remote management events are waiting with the profile remote management event (Update ICCID1), which is the highest priority event of the event repository, according to the embodiment of FIGS. 6 to 9 have.

In step 1017, the terminal can manage the profile (change the content of the profile corresponding to ICCID1) according to the received profile remote management event.

In step 1019, the terminal can transmit the result of the execution of the profile remote management event (i.e., the result of changing the profile (ICCID1 Update Result)) to the profile server.

In step 1021, the profile server may inform the terminal that the event execution result has been successfully received. Also, the profile server may notify the terminal of the 'next event' remaining in the event store in step 1021 as well as step 1015, similar to the procedure of step 1011 described above. For a detailed description of the configuration of the 'next event' list, refer to the description of step 1011.

In step 1023, the terminal may request an event to be performed next to the profile server again according to the 'next event' list announced by the profile server in steps 1015 to 1021, as in the procedure of step 1013 described above. For a detailed description of TLS and secure connections and user agreements, see step 1013. Also, if the event to be performed next is a profile remote management event according to the 'next event' list, the terminal does not recognize the event request type (EventReqType) as all events ("ANY ") And do not specify the profile ID (Profile ID). The method of specifying 'all events' will be described with reference to the embodiment of FIG. It will be easily understood that the subsequent procedure can be performed through the repetition of steps 1001 to 1023 described above.

11 is a diagram illustrating an example of a procedure in which the terminal 230 sequentially receives and executes one or more events from the profile server 250 according to the application of the present invention. In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated, the event repository of the profile server is arranged according to the event registration time order, Management events can be bundled, but profile download events can not be bundled, and any event can not be transmitted prior to priority, and the configuration of 'Next event' describes the type and number of all events in the event repository .

Referring to FIG. 11, in step 1101, the terminal selects a specific profile (ICCID1 in this embodiment) from a user and receives a command for a "Refresh Profile ".

In step 1103, the terminal performs a TLS secure connection and a mutual authentication procedure with the profile server, and requests a profile remote management event to the profile server according to the request of the user according to the embodiment of FIG.

In step 1105, the profile server searches for the profile download event, which is the highest priority event in the event repository, according to the embodiment of FIGS. 6 to 9 described above. If the event does not match the event type (profile remote management) It can not forward any events because it can not be transmitted in priority order and can notify the terminal that one profile download event and three profile remote management events are waiting using the 'next event' list.

In step 1107, the UE informs the user who has issued the profile update command that the 'profile update is not currently possible and the profile installation (Add Profile) should be preferentially performed' according to the received 'next event' list, . If the user does not agree, the terminal may terminate the procedure without further action.

In step 1109, the terminal may request an event to be performed next to the profile server again according to the 'next event list' announced by the profile server in step 1105 and the user agreement received in step 1107. Upon transmission of the re-request message, if at least one of the TLS security association or the mutual authentication procedure between the terminal and the profile server in step 1103 has already been completed, or a new event request message has a new transaction identifier (Transaction ID) If so, the terminal may perform a new TLS security association and mutual authentication procedure with the profile server.

In step 1111, the profile server, in accordance with the embodiment of FIGS. 6 to 9 described above, uses the 'next event' list together with the profile download event (ICCID2), which is the highest priority event of the event repository, Can be notified to the terminal. In the present embodiment, the profile package is transmitted in an immediate response to step 1109. However, as shown in the example of FIG. 2, the profile information is transmitted first (step 211) After the user agreement is obtained again (step 213), the terminal requests the profile package to the profile server (step 215) and transmits the profile package to the terminal. In this case, the additional user agreement may be integrated with the user agreement in step 1107. [

In step 1113, the terminal can establish a profile (ICCID2) according to the received profile download event (more specifically, a profile package).

In step 1115, the terminal may transmit the result of the execution of the profile download event (i.e., the installation result of the profile (ICCID2 Installation Result)) to the profile server.

In step 1119, the profile server may inform the terminal that the event execution result has been successfully received. Also, although not shown in the figure, the profile server may repeat the 'next event' list in step 1111 in step 1119, as in the embodiment of FIG.

In step 1119, the terminal may request an event to be performed next to the profile server again according to the 'next event' list announced by the profile server in steps 1111 to 1117, similar to the procedure of step 1109 described above. Refer to the description of step 1109 for a detailed description of TLS and secure connection and user agreement. Also, if the event to be performed next is a profile remote management event according to the 'next event' list, the terminal does not recognize the event request type (EventReqType) as all events ("ANY ").

In step 1121, the profile server bundles other profile remote management events (Enable ICCID2, Disable ICCID1) together with the profile remote management event (Update ICCID1), which is the highest priority event in the event store, according to the embodiment of Figs. Lt; / RTI > Also, since there are no pending events in the event repository after the bundle of the corresponding profile remote management events, there is nothing in the 'next event' list ("Nothing More"). The method of notifying that the 'next event' list is empty may be performed by using text, using NULL data, omitting the 'next event' list itself as in the present embodiment, Or the like can be used.

In step 1123, the terminal can sequentially process the received profile remote management events. It will be easily understood that the subsequent procedure can be performed through the repetition of steps 1101 to 1123 described above.

12 is a diagram illustrating an example of a procedure in which the terminal 230 sequentially receives and executes one or more events from the profile server 250 according to the application of the present invention. In this embodiment, the profile corresponding to ICCID1 is installed / activated in the terminal, the profile remote management function of the terminal is activated, the event repository of the profile server is arranged according to the event registration time order, It is assumed that only the profile remote management event can be transmitted prior to the profile download event and the configuration of the 'next event' describes only the event type of the highest priority event in the event repository .

Referring to FIG. 12, in step 1201, the terminal selects a specific profile (ICCID1 in this embodiment) from a user and receives a command for a "Refresh Profile ".

In step 1203, the terminal performs a TLS secure connection and a mutual authentication procedure with the profile server, and requests a profile remote management event to the profile server according to the request of the user according to the embodiment of FIG.

In step 1205, the profile server searches for a profile download event, which is the highest priority event in the event repository, according to the embodiment of FIGS. 6 to 9 described above. If the event does not match the event type requested by the terminal (profile remote management) , The profile remote management event can be transmitted prior to the priority. Therefore, the event having the highest priority (in this embodiment, Update ICCID1) among the events matching the event type (profile remote management) requested by the terminal in the event repository is transmitted first . In addition, the profile server may use the 'next event' list to notify the terminal that the profile download event, which is the highest priority event in the event repository, is waiting for the event except for the event.

In step 1207, the terminal can perform the received profile remote management event. The report on the result of the execution of the profile remote management event can then be omitted if necessary.

In step 1209, the UE informs the user who has issued the profile update command that the 'Add Profile' needs to be performed after the profile update 'according to the received' Next Event 'list, and can obtain the user's agreement . If the user does not agree, the terminal may terminate the procedure without further action.

In step 1211, the terminal may request an event to be performed next to the profile server again based on the 'next event' list announced by the profile server in step 1205. Upon transmission of the re-request message, at least one of the TLS security association or the mutual authentication procedure between the terminal and the profile server in step 1203 has already been completed, or a new event request message has a new transaction identifier (Transaction ID) If so, the terminal may perform a new TLS security association and mutual authentication procedure with the profile server.

In step 1213, the profile server, in accordance with the embodiment of FIGS. 6 to 9 described above, uses the 'next event' list together with the profile download event (ICCID2), which is the highest priority event in the event repository, Can be notified to the terminal. In the present embodiment, the profile package is transmitted in an immediate response to step 1211. However, as shown in the example of FIG. 2, the profile information is transmitted first (step 211) After the user agreement is obtained again (step 213), the terminal requests the profile package to the profile server (step 215) and transmits the profile package to the terminal. In this case, the additional user agreement may be integrated with the user agreement in step 1209 above.

In step 1215, the terminal can establish a profile (ICCID2) according to the received profile download event (more specifically, the profile package).

In step 1217, the terminal may transmit the execution result (i.e., the profile installation result (ICCID2 Installation Result)) to the profile server for the profile download event that has been performed.

In step 1219, the profile server may inform the terminal that the event execution result has been successfully received. Also, although not shown in the figure, the profile server may repeat the 'next event' list of step 1113 in step 1219, as in the embodiment of FIG.

In step 1221, the terminal may request the profile server to perform an event to be performed next in accordance with the 'next event' list announced by the profile server in steps 1213 to 1219, as in the procedure of step 1211 described above. Refer to the description of step 1211 for a detailed description of TLS and secure connections and user agreements. Also, if the event to be performed next is a profile remote management event according to the 'next event' list, the terminal can not recognize the event request type (EventRqeType) as all events ("ANY ").

In step 1223, the profile server, in accordance with the embodiment of FIGS. 6 to 9 described above, together with the profile remote management event (Enable ICCID2), which is the highest priority event of the event repository, Can be notified to the terminal.

In step 1225, the terminal can manage the profile (activate ICCID2) according to the received profile remote management event. Further, the subsequent procedure may be performed through the repetition of steps 1201 to 1225 described above.

13 is a flowchart illustrating a procedure of requesting the profile server 250 to download a 'profile' and receiving a response to the 'profile download', when the profile is installed through the profile server according to another embodiment of the present invention. Fig.

Referring to FIG. 13, in step 1301, the terminal 230 may transmit an 'arbitrary character string (challenge)' to the profile server 250. The communication in step 1301 may be protected through HTTPS to TLS security association. In step 1303, the profile server 250 may transmit a 'random challenge' to the terminal 230 along with the signature of the server. In step 1305, the terminal 230 may transmit a terminal authentication request message to the profile server 250. Specifically, the terminal 230 can transmit information on the type of a specific event (OperationType) requested together with the signature of the terminal 230 using the terminal authentication request message to the profile server 250. In this example, a case where a profile is waiting in the event repository 270 of the profile server and the terminal requests 'profile download (profile DL)' will be described. In step 1303 to step 1305, the message exchange procedure between the terminal 230 and the profile server 250 may be named mutual authentication. In step 1307, the profile server 250 may transmit a terminal authentication response message to the terminal 230. Specifically, the profile server 250 includes profile metadata and a one-time public key as part of the preparation for downloading the profile, as the terminal 230 requests in step 1305 And transmits the terminal authentication response message to the terminal 230. The profile summary information may include the name of the service provider, the logo and the fare information set by the service provider, and the like. In step 1309, the terminal 230 may receive an end user consent for profile installation based on the profile summary information received in step 1307. [ If the user agrees to the profile installation, the terminal 230 may send a one-time public key to the profile server 250 in step 1311. [ In step 1313, the terminal 230 and the profile server 250 combine the disposable public keys exchanged in steps 1307 to 1311 and the corresponding one-time private key to generate a session key Can be generated. In step 1315, the profile server 250 may return the encrypted profile package to the terminal 230 using the session key generated in step 1313. In step 1317, the terminal 230 may decrypt and install the encrypted profile package.

The profile downloading procedure is a procedure for downloading a profile package required for actual profile installation, as described in steps 1311 to 1315, Additional message exchange is required.

14 is a diagram illustrating a procedure in which the terminal 230 requests the profile server 250 to perform 'profile remote management' and receives a response to the request when performing remote management through the profile server.

Referring to FIG. 14, in step 1401, the terminal 230 can transmit 'an arbitrary character string (challenge)' to the profile server 250. The communication in step 1401 may be protected through HTTPS to TLS security association. In step 1403, the profile server 250 may transmit a 'random challenge' to the terminal 230 along with the signature of the server. In step 1405, the terminal 230 may request the profile server 250 for a specific event type (OperationType) together with the signature of the terminal. In this example, a case where a remote management command is waiting in the event repository 270 of the profile server and the terminal 230 requests 'profile remote management (RPM)' will be described. In steps 1403 through 1405, the message exchange procedure between the terminal 230 and the profile server 250 may be referred to as mutual authentication. In step 1407, the profile server 250 may send a package (RPM Command Package) including the profile remote management command to the terminal 230, as the terminal 230 requests in step 1405. [ In step 1409, the terminal 230 may receive an end user consent for profile management based on the profile remote management received in step 1407. [ If the user agrees to remote management of the profile, the terminal 230 can perform the profile remote management command in step 1411. [

In the profile remote management procedure, the terminal 230 can receive all the profile remote management commands in step 1407. Therefore, compared with the profile download procedure described above with reference to FIG. 13, 230 and the profile server 250 once more.

FIG. 15 is a flowchart illustrating a procedure in which the terminal 230 requests all kinds of events from the profile server 250 and receives a response to the request, when installing two profiles through the profile server and performing two remote management operations. Fig.

Referring to FIG. 15, in step 1501, the terminal 230 may transmit 'an arbitrary character string (challenge)' to the profile server 250. The communication in step 1501 may be protected through HTTPS to TLS security association. In step 1503, the profile server 250 may transmit a 'random challenge' to the terminal 230 along with the signature of the server. In step 1505, the terminal 230 may request the profile server 250 for a specific event type (OperationType) together with the signature of the terminal. In this example, two remote management commands and two profiles are waiting in the event server 270 of the profile server, and the terminal requests 'ALL'. In step 1503 to step 1505, the message exchange procedure between the terminal 230 and the profile server 250 may be named mutual authentication. In step 1507, the profile server 250 may simultaneously transmit the profile remote management 1, the profile summary information 1, the profile remote management 2, and the profile summary information 2 as requested by the terminal 230 in step 1505. In step 1509, the terminal 230 may receive an end user consent for profile management and installation based on the profile remote management or profile summary information received in step 1507.

After step 1509, when the user agrees, the terminal 230 must perform the profile remote management and profile installation procedure. At this time, profile remote management (profile remote management 1 and profile remote management 2) can be performed immediately after step 1509, while profile installation (profile summary information 1 and profile summary information 2) It is necessary to additionally perform a one-time message exchange between the terminal 230 and the profile server 250 as described above in step 1315 to secure the profile package. A specific method for the terminal 230 to sequentially process profile remote management and profile installation will be described in detail with reference to FIG. 16 to FIG.

In addition, the profile summary information and the profile remote management data in step 1507 need to be accompanied by the signature of the profile server 250 for verifying data integrity. At this time, if the signature for the profile summary information data is different from the signature generation method for the profile remote management data (for example, the digital signature algorithm or the type of the digital certificate for signature), the profile server 250 generates the signature The arrangement can be suitably coordinated so that the terminal 230 can easily verify signatures and process each data. The manner in which the profile server 250 generates the digital signature and arranges the data will be described in detail with reference to FIG. 18 to FIG.

FIG. 16 is a diagram illustrating a method of sequentially processing events after the terminal 230 secures data for all events according to the application of the present invention.

Referring to FIG. 16, in step 1601, the terminal 230 and the profile server 250 may perform mutual authentication. The mutual authentication procedure and the operation request message of the terminal 230 will be described in detail with reference to steps 1503 to 1505 of FIG. In step 1603, the profile server 250 may simultaneously transmit the profile remote management 1, the profile summary information 1, the profile remote management 2, and the profile summary information 2. In step 1605, the terminal 230 may receive an end user consent for profile remote management and installation based on the profile remote management or profile summary information received in step 1603. If the user agrees, the terminal 230 can request the profile package 1 and the profile package 2 corresponding to the profile summary information 1 and the profile summary information 2, respectively, from the profile server 250 in steps 1607 to 1609 . In step 1603, the terminal 230 performs profile remote management 1 in step 1611, installs the profile package 1 in step 1613, and installs the profile package 1 in step 1615 in accordance with the data processing procedure specified by the profile server 250 in step 1603. In step 1615, Management 2 may be performed, and the profile package 2 may be installed in step 1617.

In step 1607, the terminal 230 collects data necessary for processing each event (i.e., profile package for profile installation) for all kinds of events received in step 1603 in step 1607, In step 1603, the profile server 250 may process profile remote management and profile installation according to a data processing procedure.

17 is a diagram showing a method in which the terminal 230 secures and processes data for each event according to the reception order of events according to the application of the present invention.

Referring to FIG. 17, in step 1701, the terminal 230 and the profile server 250 may perform a mutual authentication procedure. The mutual authentication procedure and the operation request message of the terminal 230 will be described in detail with reference to steps 1503 to 1505 of FIG. In step 1703, the profile server 250 may simultaneously transmit the profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2 at the same time. In step 1705, the terminal 230 may receive an end user consent for profile remote management and installation based on the profile remote management or profile summary information received in step 1703. If the user agrees, the terminal 230 performs the profile remote management 1 in step 1707 according to the data processing procedure specified by the profile server 250 in step 1703, and the profile 230 corresponding to the profile summary information 1 in step 1709 The profile package 1 is installed in step 1711, the profile remote management 2 is performed in step 1713, the profile package 2 corresponding to the profile summary information 2 is received in step 1715, and the profile package 2 is installed in step 1717 .

In the above procedure, the terminal 230 first performs the profile remote management for all kinds of events received in step 1703 in the order of data processing specified by the profile server 250 in step 1703 without securing additional data, If necessary, a profile package may be further secured from the profile server 250 as in steps 1709 or 1715 to process the profile installation.

FIG. 18 is a flowchart illustrating a process of transmitting profile management information to a profile server 250 according to an embodiment of the present invention when the profile server 250 delivers profile management information or profile summary information to the profile server 250 message in steps 1603 through 1703 of FIG. , A method of creating and attaching a separate signature to each profile remote management and profile summary information data.

Referring to FIG. 18, profile server 250 may generate digital signatures 1803 and 1811 for 1801 profile remote management 1 data and 1809 profile remote management 2 data, respectively. The profile server 250 may also generate digital signatures 1807 and 1815 for 1805 profile summary information 1 data and 1813 profile summary information 2 data, respectively. At this time, the terminal 230 can process the data in the order of receiving the data from the profile server 250, even if the profile server 250 does not specify the processing order of each data. In this embodiment, the terminal 230 can process data in the order of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2.

In the above configuration, the profile server 250 has an advantage that various kinds of algorithms and digital certificates used for signature generation of each data can be utilized because each data is accompanied by a separate signature.

FIG. 19 is a flow chart illustrating a process of transmitting profile management information to a profile server 250 according to an embodiment of the present invention when the profile server 250 transmits profile management information or profile summary information to the profile server 250 message in steps 1603 to 1703 of FIG. , A method of attaching a separate signature to each profile remote management and profile summary information data and attaching and specifying the processing order of each data is shown.

Referring to FIG. 19, the profile server 250 may generate 1903 and 1911 digital signatures for 1901 profile remote management 1 data and 1909 profile remote management 2 data, respectively. The profile server 250 may also generate 1907 and 1915 digital signatures for 1905 profile summary information 1 data and 1913 profile summary information 2 data, respectively. In addition, the profile server 250 can specify the processing order of each data. For example, in this embodiment, in which four data are transmitted, the profile server 250 stores 1901 profile remote management 1 data in the first (1/4) of four, 1905 profile summary information 1 data in the second 2/4), 1909 Profile Remote Management 2 Data for the third (3/4) of the four, 1913 Profile summary information 2 Data can specify in each data that it is the fourth of the four (4/4).

In the above configuration, the profile server 250 has an advantage that various kinds of algorithms and digital certificates used for signature generation of each data can be utilized because each data is accompanied by a separate signature. In addition, the profile server 250 has an advantage in that the order of data transmission can be freely adjusted since each data specifies the processing order separately. At this time, the present embodiment in which the profile server 250 specifies the data processing order is not limited to the above-described FIG. 19, and the data processing order can be specified in the embodiment of FIG.

FIG. 20 is a flow chart illustrating a process of transmitting profile management information to a profile server 250 according to an embodiment of the present invention when the profile server 250 transmits profile management information or profile summary information to the profile server 250 message in steps 1603 through 1703 of FIG. , A method of creating and attaching a common signature to a part of each profile remote management and profile summary information data.

Referring to FIG. 20, the profile server 250 may generate a 2011 digital signature for the 2001 profile remote management 1 data and the 2009 profile remote management 2 data. The profile server 250 may also generate a digital signature of 2015 for all 2005 profile summary information 1 data and 2013 profile summary information 2 data. At this time, the terminal 230 can process the data in the order of receiving the data from the profile server 250, even if the profile server 250 does not specify the processing order of each data. In this embodiment, the terminal 230 can process data in the order of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2.

It should be noted that the data in which the profile server 250 generates a common signature in the above configuration is not necessarily limited to the same kind of data. For example, although FIG. 20 illustrates the case of generating a common signature by dividing the profile summary information and profile summary information, the profile server 250 may be configured so that the signature generation method (i.e., the signature generation algorithm and the digital certificate) A common signature can be generated. In the above configuration, the profile server 250 can skip the signature on the data sharing the signature, so that the amount of data transmitted from the profile server 250 to the terminal 230 can be reduced. In the configuration of FIG. 20, after the terminal 230 receives all the data of the profile server 250, it is necessary to separately collect data to be signed to verify the signature. In this embodiment, the terminal 230 should collect the first 2001 profile remote management 1 data and the third 2009 profile remote management 2 data that are received in order to verify the signature of 2011, , The data of the second 2005 profile summary information 1 and the data of the fourth 2013 profile summary information 2 received should be collected separately.

FIG. 21 is a flowchart illustrating a method of transmitting a profile management message according to an embodiment of the present invention, when the profile server 250 delivers profile management information or profile summary information to the profile server 250 message in steps 1603 through 1703 of FIG. , A method of creating and attaching a common signature to a part of each profile remote management and profile summary information data and specifying processing order of each data.

Referring to FIG. 21, the profile server 250 may generate 2111 digital signatures for 2101 profile remote management 1 data and 2109 profile remote management 2 data. The profile server 250 may also generate 2115 digital signatures for all 2105 profile summary information 1 data and 2113 profile summary information 2 data. In addition, the profile server 250 can specify the processing order of each data. For example, in this embodiment, in which four data are transmitted, the profile server 250 stores 2101 profile remote management 1 data in the first (1/4) of the four profiles, 2105 in the profile summary information 1 data in the second 2/4), 2109 Profile remote management 2 Data can be specified in each of the third (3/4), 2113 profile summary information 2 data is the fourth (4/4) of the four.

20, it should be noted that the data in which the profile server 250 generates the common signature in the configuration of FIG. 21 is not necessarily limited to the same type of data. In the above configuration, the profile server 250 can skip the signature on the data sharing the signature, so that the amount of data transmitted from the profile server 250 to the terminal 230 can be reduced. In addition, the profile server 250 has an advantage in that the order of data transmission can be freely adjusted since each data specifies the processing order separately. For example, the profile server 250 may include 2101 profile remote management 1 data sharing the 2111 signature and 2109 profile remote management 1 data sharing the 2111 signature in order to eliminate the procedure in which the terminal 230 collects data for signature verification in the embodiment of FIG. Profile remote management 2 data is placed just before the 2111 signature, 2105 profile summary information 1 data and 2113 profile summary information 2 data sharing the 2115 signature can be placed just before the 2115 signature. At this time, the terminal 230 processes the data in the order of profile remote management 1, profile summary information 1, profile remote management 2, and profile summary information 2 in the order of data processing specified by the profile server 250 after signature verification of 2111 and 2115 can do.

It should be noted that the signature generation and data arrangement embodiments of Figs. 18 to 21 can be used in parallel with the procedures of Figs. 16 to 17 above. In this case, the procedure for verifying each signature of FIGS. 18 to 21 may be selectively performed at a necessary point in the procedure of FIG. 16 to FIG. The present invention is not limited to the following embodiments and may be performed at a time when signature verification is required according to the implementation of the terminal 230. [

Fig. 22 shows an embodiment in which the signature generation and data arrangement method of Fig. 18 is used in the procedure of Fig. 17 and FIG. 18 are omitted, and it is assumed that the terminal 230 receives a message of the form 2290 from the profile server 250 in step 2201. FIG. The terminal 230 receives the user agreement (End User Consent) in step 2203, verifies the signature of the server 2205, performs the profile remote management 1 in step 2207, verifies the signature of the server 2209, and, in step 2211, 1, installs profile package 1 in step 2213, verifies the signature of 2215, performs profile remote management 2 in step 2217, verifies the signature of 2219, and compares the profile The profile package 2 corresponding to the summary information 2 may be received and the profile package 2 may be installed in step 2223. [

Fig. 23 shows another embodiment in the case of using the signature generation and data placement method of Fig. 18 in the procedure of Fig. 16 and 18 are omitted, and it is assumed that the terminal 230 receives a message of the form 2290 from the profile server 250 in step 2301. In this case, The terminal 23 receives the user agreement (End User Consent) in step 2303, verifies the signature of 2305, receives the profile package 1 corresponding to the profile summary information 1 in step 2307, verifies the signature of 2309, The profile package 2 corresponding to the profile summary information 2 is received in step 2311, the signature of the 2313 is verified, the profile remote management 1 is performed in step 2315, the profile package 1 is installed in step 2317, The profile remote management 2 is performed in step 2321, and the profile package 2 is installed in step 2323.

As described above, since the verification of the signature among the data received by the terminal 230 can be performed at the time when the terminal 230 is required after receiving the data, it is possible to perform verification of the signature before the procedure of inputting the end user consent . For example, although not shown in separate drawings, when the signature generation and data allocation method of FIG. 21 is used in the procedure of FIG. 16, the terminal 230 transmits the signature 2111 of FIG. 21 And 2115 signatures, and perform steps 1605 and thereafter in FIG.

19, when the signature generation and data arrangement method of FIG. 19 is used in the procedure of FIG. 17, the terminal 230 transmits the signature creation and data allocation method of FIG. 19 after step 1705 of FIG. 19, the signature 1907 of FIG. 19 is verified, the signature 1907 of FIG. 19 is verified, the steps 1709 through 1711 of FIG. 17 are performed, the signature 1911 of FIG. 19 is verified, 17, step 1713 of FIG. 17, verification of the signature 815 of FIG. 19, and steps 1715 to 1717 of FIG. 17 may be performed.

24A, 24B, and 26A to 26C illustrate a UI (User Interface) to receive an end user consent in step 1605 or 1705 in the procedures of FIGS. 16 to 17 Various embodiments of the method are shown. 24A to 24B to 26 to be described later, the profile remote management 1 2710, the profile summary information 1 2730, the profile remote management 2 2750, the profile summary It is assumed that the data of the information 2 1670 is received and the profile 230 is provided with profile 0 and is active and the profile remote management 1 2710 receives the profile 0 update 2711, The profile summary information 1 2730 includes data for the 'profile 1 installation 1631' and the profile remote management 2 2760 includes the profile 1 update 2751 , Profile 1 activation 2753 and profile 0 deletion 2755 remote command and profile summary information 2 2770 contains data for profile 2 installation 2771 .

24A and 24B, when the terminal 230 receives data as shown in FIG. 27, the terminal 230 transmits a user interface 2401 shown in FIG. 24A or a user interface 2403 shown in FIG. Can be output. In the 2401 or 2403 message, the terminal 230 sequentially outputs all the procedures included in the data of FIG. 27 to obtain the user's agreement. The order in which each procedure is output may follow the order in which the terminal 230 receives each procedure or may follow the order in which the terminal 230 processes each procedure. Consent to each procedure may require individual user checks, such as 2401, and require consent of the user to integrate the whole, such as 2403. Although not shown separately in FIGS. 24A and 24B, the terminal 230 may additionally indicate the name, logo, service charge, etc. of the service provider with respect to the profile to be subjected to the procedure, A user identification number (PIN) or the like may be additionally output.

Referring to FIG. 25, when the terminal 230 receives data as shown in FIG. 27, the terminal 230 can output a user interface of the same type as 2501 to the user. In the 2501 message, the terminal 230 classifies the procedures included in the data of FIG. 27 according to the profiles to be subjected to the respective procedures, and outputs the classified results. Also, although not separately shown in FIG. 25, the terminal 230 may request the consent of individual users for the sets of procedures classified according to each profile, like the 1301 message in FIGS. 24A and 24B. Although not shown separately in FIG. 25, the terminal 230 may additionally indicate the name, logo, and service charge of the service provider with respect to the profile to be subjected to each procedure, or may include a separate password set by the user or the service provider A personal identification number (PIN), and the like.

Referring to FIG. 26, when the terminal 230 receives data as shown in FIG. 27, the terminal 230 can output a user interface of the same type as that of the terminal 1501 to the user. In the 1501 message, the terminal 230 classifies the procedures included in the data of FIG. 27 according to the type of each procedure, and outputs the classified results. Also, although not separately shown in FIG. 26, the terminal 230 may request the consent of individual users for the sets of procedures classified according to each type, like the 2401 message in FIGS. 24A and 24B. Although not shown separately in FIG. 26, the terminal 230 may additionally indicate the name, logo, and service charge of the service provider with respect to the profile to be subjected to the procedure, or may include a separate password set by the user or the service provider A personal identification number (PIN), and the like.

It should be noted that the user interface corresponding to FIGS. 24A and 24B to 26 can be applied to all the embodiments to which FIG. 16 to FIG. 17 described above are applied. Therefore, it is needless to say that the user interface corresponding to FIG. 24A, FIG. 24B to FIG. 26 may be applied to the procedure of receiving the user agreement at step 2203 or 2303 of FIG. 22 to FIG.

28 is a diagram illustrating a terminal 2800 according to an embodiment of the present invention.

28, the terminal 2800 may include a transmission / reception unit 2810 and a control unit 2820. [ In addition, the terminal 2800 may include a UICC 2830. The UICC 2830 may be embedded in the terminal 2800 and may be an eUICC embedded in the terminal 2800. [

The transmission / reception unit 2810 can transmit and receive signals, information, data, and the like.

Meanwhile, the control unit 2820 can control the overall operation of the terminal 2800. The control unit 2820 can control the overall operation of the terminal 2800 according to an embodiment of the present invention as described above.

In addition, the UICC 2830 may download the profile and install the profile. In addition, the UICC 2830 can manage the profile. The UICC 2830 may operate under the control of the controller 2820. Or UICC 2830 may include a processor or controller for installing the profile, or may have an application installed.

29 is a diagram illustrating components of a server 2900 according to an embodiment of the present invention. For example, the server 2900 may be a profile server.

The server 2900 may include a transmission / reception unit 2910 and a control unit 2920.

The transmission / reception unit 2910 can transmit and receive signals, information, data, and the like. For example, the transceiver 2910 may transmit a profile to the terminal.

On the other hand, the controller 2920 is a component for controlling the server 2900 as a whole. The controller 2920 can control the overall operation of the server 2900 according to an embodiment of the present invention as described above.

In the concrete embodiments of the present invention described above, the elements included in the invention are expressed singular or plural in accordance with the specific embodiment shown. It should be understood, however, that the singular or plural representations are selected appropriately according to the situations presented for the convenience of description, and the present invention is not limited to the singular or plural constituent elements, And may be composed of a plurality of elements even if they are expressed.

While the present invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not limited to the disclosed embodiments, but is capable of various modifications within the scope of the invention. Therefore, the scope of the present invention should not be limited by the illustrated embodiments, but should be determined by the scope of the appended claims and equivalents thereof.

110: terminal 120: UICC
130: Mobile communication network

Claims (20)

A method for controlling a terminal,
Transmitting a terminal authentication request message including information on an operation type requested by the server;
Receiving, from the server, a terminal authentication response message including information corresponding to the arbitrary event type, based on the terminal authentication request message; And
Performing the arbitrary event based on the terminal authentication response message; ≪ / RTI > The method according to claim 1,
The event type includes:
Profile download event and profile management (RPM) event, or all events stored in the server. The method according to claim 1,
The terminal authentication response message includes:
Wherein the terminal authentication request message includes at least one profile metadata if the terminal authentication request message includes information requesting a profile download event. The method of claim 3,
Wherein the performing comprises:
Receiving an encrypted profile package from the server based on the at least one profile summary information; And
Decrypting and installing the encrypted profile package; ≪ / RTI > The method according to claim 1,
The terminal authentication response message includes:
Wherein the at least one profile remote management command package comprises at least one profile remote management command package if the terminal authentication request message includes information requesting a profile remote management event. 6. The method of claim 5,
Wherein the performing comprises:
Performing a profile remote management command based on the at least one profile remote management command package; ≪ / RTI > In a server control method,
Receiving from the terminal a terminal authentication request message including information on an operation type requested by the terminal to the server; And
Transmitting a terminal authentication response message including information corresponding to the arbitrary event type to the terminal based on the terminal authentication request message; ≪ / RTI > 8. The method of claim 7,
The event type includes:
Profile download event and profile management (RPM) event, or all events stored in the server. 8. The method of claim 7,
The terminal authentication response message includes:
Wherein the terminal authentication request message includes at least one profile metadata if the terminal authentication request message includes information requesting a profile download event,
Wherein the encrypted profile package is decrypted and installed by the terminal when the encrypted profile package is transmitted from the server to the terminal based on the at least one profile summary information. 8. The method of claim 7,
The terminal authentication response message includes:
And at least one profile remote management command package when the terminal authentication request message includes information requesting a profile remote management event,
Wherein, by the terminal, a profile remote management command is performed based on the at least one profile remote management command package. In the terminal,
A transmitting and receiving unit for transmitting and receiving signals; And
And transmits the terminal authentication request message including information on an operation type requested by the server to the terminal, and transmits, from the server, the terminal authentication request message including information corresponding to the arbitrary event type, A control unit controlling the transceiver to receive an authentication response message and controlling to perform the arbitrary event based on the terminal authentication response message; . 12. The method of claim 11,
The event type includes:
A profile download event and a remote profile management (RPM) event, or all events stored in the server. 12. The method of claim 11,
The terminal authentication response message includes:
Wherein the terminal includes at least one profile metadata if the terminal authentication request message includes information requesting a profile download event. 14. The method of claim 13,
Wherein,
Controls the transceiver to receive the encrypted profile package from the server based on the at least one profile summary information, and decrypts and installs the encrypted profile package. 12. The method of claim 11,
The terminal authentication response message includes:
Wherein the terminal includes at least one profile remote management command package if the terminal authentication request message includes information requesting a profile remote management event. 16. The method of claim 15,
Wherein,
And to perform a profile remote management command based on the at least one profile remote management command package. In the server,
A transmitting and receiving unit for transmitting and receiving signals; And
The terminal receives from the terminal a terminal authentication request message including information on an operation type requested by the terminal to the server, and based on the terminal authentication request message, information corresponding to the arbitrary event type is included A terminal authentication response message to the terminal; / RTI > 18. The method of claim 17,
The event type includes:
A profile download event and a remote profile management (RPM) event, or is an event stored in the server. 18. The method of claim 17,
The terminal authentication response message includes:
Wherein the terminal authentication request message includes at least one profile metadata if the terminal authentication request message includes information requesting a profile download event,
Wherein when the encrypted profile package is transmitted from the server to the terminal based on the at least one profile summary information, the encrypted profile package is decrypted and installed by the terminal. 18. The method of claim 17,
The terminal authentication response message includes:
And at least one profile remote management command package when the terminal authentication request message includes information requesting a profile remote management event,
Wherein the profile is managed by the terminal based on the at least one profile remote management command package.

Images