KR20210110145A - Apparatus and methods for remote management and verifying remote management authorization - Google Patents

Abstract

The present invention relates to a communication technique that converges a fifth-generation (5G) communication system for supporting a higher data rate after a fourth-generation (4G) system with Internet of things (IoT) technology, and a system thereof. The present invention can be applied to intelligent services (e.g., smart homes, smart buildings, smart cities, smart or connected cars, healthcare, digital education, retail business, and security and safety related services, etc.) on the basis of fifth-generation communication technology and IoT-related technology. According to some embodiments of the present invention, a method for performing remote management and verifying a remote management right comprises the following steps: receiving a remote management command package for remotely controlling a predetermined security service module and a remote security service module management certificate of a security service module management server from the security service module management server; acquiring certificate information set in a security module used for remote management of the security service module corresponding to at least one of a security service module family identifier of the security service module, a security service module family manager identifier, and a security service module possession identifier; and verifying the remote security service module management certificate of a bundle management server and the remote management command package by using the acquired certificate information.

Description

REMOTE MANAGEMENT AND REMOTE MANAGEMENT AUTHORIZATION VERIFICATION METHOD AND DEVICE {APPARATUS AND METHODS FOR REMOTE MANAGEMENT AND VERIFYING REMOTE MANAGEMENT AUTHORIZATION}

The present disclosure relates to a method and apparatus for verifying remote management and remote management authority, and more specifically, by selecting and selecting an identifier or valid certificate and certificate issuer information of a server capable of remotely managing a security service installed in a terminal in a terminal It relates to a method and apparatus for verifying the validity of a certificate and the validity of a remote management command.

Efforts are being made to develop an improved 5G communication system or pre-5G communication system in order to meet the increasing demand for wireless data traffic after the commercialization of the 4G communication system. For this reason, the 5G communication system or the pre-5G communication system is called a system after the 4G network (Beyond 4G Network) communication system or after the LTE system (Post LTE). In order to achieve high data rates, 5G communication systems are being considered for implementation in very high frequency (mmWave) bands (eg, 60 gigabytes (60 GHz) bands). In order to mitigate the path loss of radio waves in the ultra-high frequency band and increase the propagation distance of radio waves, in the 5G communication system, beamforming, massive MIMO, full dimensional MIMO, FD-MIMO ), array antenna, analog beam-forming, and large scale antenna technologies are being discussed. In addition, for network improvement of the system, in the 5G communication system, an evolved small cell, an advanced small cell, a cloud radio access network (cloud RAN), and an ultra-dense network (ultra-dense network) , Device to Device communication (D2D), wireless backhaul, moving network, cooperative communication, Coordinated Multi-Points (CoMP), and reception interference cancellation Technology development is underway. In addition, in the 5G system, Hybrid FSK and QAM Modulation (FQAM) and Sliding Window Superposition Coding (SWSC), which are advanced coding modulation (ACM) methods, and Filter Bank Multi Carrier (FBMC), NOMA, which are advanced access technologies, (non-orthogonal multiple access), and sparse code multiple access (SCMA) are being developed.

On the other hand, the Internet is evolving from a human-centered connection network where humans create and consume information to an Internet of Things (IoT) network that exchanges and processes information between distributed components such as objects. Internet of Everything (IoE) technology, which combines big data processing technology through connection with cloud servers, etc. with IoT technology, is also emerging. In order to implement IoT, technology elements such as sensing technology, wired and wireless communication and network infrastructure, service interface technology, and security technology are required. , M2M), and MTC (Machine Type Communication) are being studied. In the IoT environment, an intelligent IT (Internet Technology) service that collects and analyzes data generated from connected objects and creates new values in human life can be provided. IoT is the field of smart home, smart building, smart city, smart car or connected car, smart grid, health care, smart home appliance, advanced medical service, etc. can be applied to

Accordingly, various attempts are being made to apply the 5G communication system to the IoT network. For example, in technologies such as sensor network, machine to machine (M2M), and machine type communication (MTC), 5G communication technology is implemented by techniques such as beam forming, MIMO, and array antenna. there will be The application of a cloud radio access network (cloud RAN) as the big data processing technology described above is an example of the convergence of 5G technology and IoT technology.

As various services can be provided according to the above-mentioned and the development of mobile communication systems, a method for effectively providing these services is required. More specifically, the terminal selects a valid certificate and certificate issuer information that can be used when downloading and installing a server identifier that can remotely manage the security service installed in the terminal or a bundle between the terminal and the server, and check the validity of the selected certificate. There is a need for a method and apparatus for verification.

The disclosed embodiment is a device for remotely installing a security service module in a security module installed in an electronic device, providing a security service through the security information stored in the security module and the security service module, and remotely controlling the installed security service module and methods may be provided.

In addition, the disclosed embodiment provides a certificate to be used for remote management of a bundle that is divided into different bundle family identifiers or bundle family identifiers and bundle family manager identifiers or bundle family identifiers, bundle family management identifiers and bundle owner identifiers between the terminal and the bundle management server. Apparatus and methods for selecting and verifying may be provided.

The present invention for solving the above problems is a control signal processing method in a wireless communication system, the method comprising: receiving a first control signal transmitted from a management server; processing the received first control signal; and transmitting a second control signal generated based on the processing to the management server.

According to some embodiments of the present disclosure, a remote management certificate management and verification method of a terminal includes a remote management command package for remotely controlling a specific security service module from a security service module management server and a remote security service module of the security service module management server receiving a management certificate; Obtaining certificate information set in a security module that can be used for remote management of a security service module corresponding to at least one of a security service module family identifier of the security service module, a security service module family manager identifier, and an identifier owned by a security service module step; and verifying the remote security service module management certificate of the bundle management server and the remote management command package by using the obtained certificate information.

In addition, a terminal according to some embodiments of the present disclosure includes a transceiver; and obtains remote security service module management certificate information that can be used for remote management of a specific security service module corresponding to at least one of the security service module family identifier and the security service module family manager identifier, from the bundle management server, and provides a security service It may include at least one processor controlling to receive a remote management command package for remotely controlling the module and a remote security service module management certificate of the security service module management server.

In addition, according to some embodiments of the present disclosure, the at least one processor writes a remote management command package for remotely controlling the security service module and a remote security service module management certificate of the security service module management server to the security service module. Certificate information set in a security module that can be used when remotely managing a security service module corresponding to at least one of the set security service module family identifier, the security service module family manager identifier, and the security service module-owned identifier of the set security service module Based on the verification, it can be controlled so that the security service module can be managed remotely.

The technical problems to be achieved in the present disclosure are not limited to the technical problems mentioned above, and other technical problems not mentioned will be clearly understood by those of ordinary skill in the art to which the present disclosure belongs from the description below. will be able

According to various embodiments of the present disclosure, the terminal may verify and perform a remote bundle management command.

1 is a diagram illustrating a method of connecting a mobile communication network of a terminal using an SSP in which a telecom bundle having a profile is mounted, according to some embodiments of the present disclosure.
2 is a conceptual diagram illustrating an internal structure of a Smart Secure Platform (SSP) according to some embodiments of the present disclosure.
3 is a view illustrating a certificate hierarchy (Certificate Hierarchy or Certificate Chain) issued by a certificate issuer (CI), a public key included in each certificate, and a certificate issuer (Certificate) according to some embodiments of the present disclosure; It is a diagram showing an example of a digital signature configuration of an Issuer, CI).
4 is a view illustrating a certificate hierarchy (Certificate Hierarchy or Certificate Chain) issued by a certificate issuer (CI), a public key included in each certificate, and a certificate issuer (Certificate) according to some embodiments of the present disclosure; It is a diagram showing an example of a digital signature configuration of an Issuer, CI).
5 is a diagram illustrating examples of internal and external components of a terminal for downloading and installing a bundle to an SSP by the terminal according to some embodiments of the present disclosure.
6 is a diagram illustrating an example of a procedure in which a subscriber subscribes to a service through a service provider and a service provider and a bundle management server prepare for bundle download according to some embodiments of the present disclosure.
7 is a diagram illustrating an example of a configuration of a terminal and a method in which a service provider, a bundle management server, and a terminal manager interact with each other according to some embodiments of the present disclosure.
8 is a diagram illustrating an example of a general procedure in which a terminal performs bundle remote management according to some embodiments of the present disclosure.
9 is a diagram illustrating an example of a general procedure in which a terminal performs bundle remote management according to some embodiments of the present disclosure.
10 is a diagram illustrating an example of setting a bundle policy according to some embodiments of the present disclosure.
11 is a diagram illustrating an example of setting SSP remote management for remote bundle management according to some embodiments of the present disclosure.
12 is a diagram illustrating an example of a procedure for setting SSP remote management authority between a terminal manager, a service provider, and a bundle management server, and between a terminal manager and an SSP, according to some embodiments of the present disclosure.
13 is a diagram illustrating an example of a procedure in which the bundle management server generates a remote bundle management command according to some embodiments of the present disclosure.
14 is a diagram illustrating an example of a procedure for a terminal to verify and perform a remote bundle management command received from a bundle management server according to some embodiments of the present disclosure.
15 is a diagram illustrating a configuration of a terminal according to some embodiments of the present disclosure.
16 is a diagram illustrating a configuration of a bundle management server according to some embodiments of the present disclosure.

Hereinafter, embodiments of the present disclosure will be described in detail with reference to the accompanying drawings.

In describing the embodiments of the present disclosure, descriptions of technical contents that are well known in the technical field to which the present disclosure pertains and are not directly related to the present disclosure will be omitted. This is to more clearly convey the gist of the present disclosure without obscuring the gist of the present disclosure by omitting unnecessary description.

For the same reason, some components are exaggerated, omitted, or schematically illustrated in the accompanying drawings. In addition, the size of each component does not fully reflect the actual size. In each figure, the same or corresponding elements are assigned the same reference numerals.

Advantages and features of the present disclosure, and a method of achieving them will become apparent with reference to the embodiments described below in detail in conjunction with the accompanying drawings. However, the present disclosure is not limited to the embodiments disclosed below, but may be implemented in a variety of different forms, only the present embodiments allow the present disclosure to be complete, and those of ordinary skill in the art to which the present disclosure pertains. It is provided to fully understand the scope of the disclosure, and the present disclosure is only defined by the scope of the claims. Like reference numerals refer to like elements throughout.

At this time, it will be understood that each block of the flowchart diagrams and combinations of the flowchart diagrams may be performed by computer program instructions. These computer program instructions may be embodied in a processor of a general purpose computer, special purpose computer, or other programmable data processing equipment, such that the instructions performed by the processor of the computer or other programmable data processing equipment are not described in the flowchart block(s). Create means to perform functions. These computer program instructions may also be stored in a computer-usable or computer-readable memory that may direct a computer or other programmable data processing equipment to implement a function in a particular manner, and thus the computer-usable or computer-readable memory. It is also possible that the instructions stored in the flow chart block(s) produce an article of manufacture containing instruction means for performing the function described in the flowchart block(s). The computer program instructions may also be mounted on a computer or other programmable data processing equipment, such that a series of operational steps are performed on the computer or other programmable data processing equipment to create a computer-executed process to create a computer or other programmable data processing equipment. It is also possible that instructions for performing the processing equipment provide steps for performing the functions described in the flowchart block(s).

Additionally, each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s). It should also be noted that in some alternative implementations it is also possible for the functions recited in blocks to occur out of order. For example, two blocks shown one after another may in fact be performed substantially simultaneously, or it is possible that the blocks are sometimes performed in the reverse order according to the corresponding function.

At this time, the term '~ unit' used in this embodiment means software or hardware components such as FPGA or ASIC, and '~ unit' performs certain roles. However, '~part' is not limited to software or hardware. The '~ unit' may be configured to reside on an addressable storage medium or may be configured to refresh one or more processors. Thus, as an example, '~' denotes components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables. The functions provided in the components and '~ units' may be combined into a smaller number of components and '~ units' or further separated into additional components and '~ units'. In addition, components and '~ units' may be implemented to play one or more CPUs in a device or secure multimedia card.

Specific terms used in the following description are provided to help the understanding of the present disclosure, and the use of such specific terms may be changed to other forms without departing from the technical spirit of the present disclosure.

SE (Secure Element) stores security information (eg, mobile communication network access key, user identification information such as ID/passport, credit card information, encryption key, etc.), and a control module (eg, For example, it means a security module composed of a single chip that can mount and operate a network access control module such as USIM, encryption module, key generation module, etc.). SE can be used in various electronic devices (eg, smartphones, tablets, wearable devices, automobiles, IoT devices, etc.), and provides security services (eg, mobile communication network access, payment, user authentication, etc.).

SE can be divided into UICC (Universal Integrated Circuit Card), eSE (Embedded Secure Element), and SSP (Smart Secure Platform), which is an integrated form of UICC and eSE, etc. ), embedded, and integrated into a specific device or system on chip (SoC).

A UICC (Universal Integrated Circuit Card) is a smart card inserted into a mobile communication terminal and used, and is also called a UICC card. The UICC may include an access control module for accessing a network of a mobile communication service provider. Examples of the access control module include a Universal Subscriber Identity Module (USIM), a Subscriber Identity Module (SIM), and an IP Multimedia Service Identity Module (ISIM). A UICC including a USIM is usually called a USIM card. Similarly, a UICC including a SIM module is commonly referred to as a SIM card. On the other hand, the SIM module may be loaded during UICC manufacturing, or a SIM module of a mobile communication service that a user wants to use at a desired time may be downloaded to the UICC card. The UICC card can also be used by downloading and installing a plurality of SIM modules and selecting at least one SIM module among them. Such a UICC card may or may not be fixed to the terminal. A UICC that is fixed and used in a terminal is called eUICC (embedded UICC), and in particular, a communication processor of the terminal, an application processor, or a System-On-Chip including a single processor structure in which these two processors are integrated. The UICC built into the (SoC) is sometimes referred to as an iUICC (Integrated UICC). In general, eUICC and iUICC may refer to UICC cards that are fixed to a terminal and used, and that can be selected by downloading a SIM module remotely. In the present disclosure, a UICC card that can remotely download and select a SIM module is collectively referred to as an eUICC or an iUICC. That is, among UICC cards that can be remotely downloaded and selected by downloading a SIM module, UICC cards that are fixed or not fixed to the terminal are collectively used as eUICC or iUICC. Also, the downloaded SIM module information is collectively used as the term eUICC profile, iUICC profile, or more simply, profile.

An Embedded Secure Element (eSE) refers to a fixed SE that is used by being fixed to an electronic device. The eSE is usually manufactured exclusively for the manufacturer at the request of the terminal manufacturer, and may be manufactured including the operating system and framework. eSE remotely downloads and installs an applet-type service control module and can be used for various security services such as e-wallet, ticketing, e-passport, and digital key. In the present disclosure, a single-chip type SE attached to an electronic device capable of remotely downloading and installing a service control module is collectively referred to as an eSE.

SSP (Smart Secure Platform) is capable of integrating UICC and eSE functions in a single chip. can be divided into The SSP may consist of one primary platform (PP) and at least one secondary platform bundle (SPB) operating on the PP, and the primary platform includes a hardware platform and a low level operating system (LLOS). ), and the secondary platform bundle may include at least one of a high-level operating system (HLOS) and an application running on the HLOS. Secondary platform bundles are also called SPBs or bundles. The bundle accesses the resources of the PP's central processing unit and memory through the Primary Platform Interface (PPI) provided by the PP and can be run on the PP through this. Communication applications such as SIM (Subscriber Identification Module), USIM (Universal SIM), and ISIM (IP Multimedia SIM) can be loaded in the bundle, and various application applications such as electronic wallet, ticketing, e-passport, digital key, etc. can

The SSP may be used for the above-described UICC or eSE purpose according to a bundle that is downloaded and installed remotely, and a plurality of bundles may be installed in a single SSP and operated at the same time to mix the uses of UICC and eSE. That is, when the bundle including the profile operates in the SSP, the SSP can be used as a UICC for accessing the network of the mobile communication service provider. A corresponding UICC bundle may be operated by downloading and selecting at least one or more profiles, such as eUICC or iUICC, into the bundle remotely. In addition, when a bundle including a service control module loaded with an application that can provide services such as electronic wallet, ticketing, e-passport or digital key on the SSP operates in the SSP, the SSP can be used for the purpose of eSE. A plurality of service control modules may be installed and operated as integrated into one bundle, or may be installed and operated as an independent bundle.

Hereinafter, the terms used in the present disclosure will be described in more detail.

In the present disclosure, the SSP is a removable (rSSP, Removable SSP), fixed (eSSP, Embedded SSP), and integrated (iSSP, Integrated SSP) built-in SoC that can support the functions of UICC and eSE in a single chip. It is a security module in the form of a chip that can be distinguished. SSP can be installed by downloading a bundle from an external Secondary Platform Bundle Manager (SPB Manager) using OTA (Over The Air) technology.

In the present disclosure, a method for downloading and installing a bundle using OTA technology in an SSP includes a removable SSP (rSSP) that can be inserted and removed from a terminal, a fixed SSP (eSSP) installed in the terminal, and is included in the SoC installed in the terminal. The same can be applied to the integrated SSP (iSSP).

In this disclosure, the term UICC may be used interchangeably with SIM, and the term eUICC may be used interchangeably with eSIM. Also, in the present disclosure, the term SSP may be used interchangeably with eUICC and eSIM.

In the present disclosure, the secondary platform bundle (SPB) is driven by using the resources of the PP on the primary platform (PP) of the SSP, for example, the UICC bundle is an application, file stored in the existing UICC. It may mean that a system, an authentication key value, and the operating system (HLOS) in which they operate are packaged in the form of software. In the present disclosure, a secondary platform bundle may be mixed with a bundle, a Profile, and an Applet. In the present disclosure, the security service module may be used interchangeably with SSP and bundle.

In the present disclosure, a USIM Profile may have the same meaning as a profile or may mean that information included in a USIM application within the profile is packaged in a software form.

In the present disclosure, the operation of enabling a bundle by a terminal or an external server is a service provided by the terminal by changing the state of the corresponding profile to an enabled state (for example, a communication service through a communication service provider) , a credit card payment service, a user authentication service, etc.) may mean an operation of setting to receive. An activated bundle may be expressed as an “enabled bundle”. The bundle in the active state may be stored in an encrypted state in a storage space inside or outside the SSP.

The bundle activated in the present disclosure is an external input (eg, user input, push, application request in a terminal, authentication request of a communication operator, PP management message, etc.) or an operation inside the bundle (eg, timer, polling) ) according to the driving state (Active). The bundle in the running state is loaded into the running memory inside the SSP from the storage space inside or outside the SSP, and it processes security information using the security control unit (Secure CPU) inside the SSP and provides security services to the terminal. have.

In the present disclosure, the operation of disabling the bundle by the terminal or the external server may mean an operation of changing the state of the bundle to the disabled state and setting the terminal so that the terminal cannot receive the service provided by the bundle. have. A profile in a deactivated state may be expressed as a “disabled bundle”. The bundle in the active state may be stored in an encrypted state in a storage space inside or outside the SSP.

In the present disclosure, the operation of the terminal or the external server to delete the bundle is an operation of changing the state of the bundle to the deleted state so that the terminal or the external server can no longer activate or deactivate the bundle. can mean A bundle in a deleted state may be expressed as a “deleted bundle”.

In the present disclosure, the bundle management server generates a bundle by a request of a service provider or other bundle management server, encrypts the generated bundle, generates a bundle remote management command, or encrypts the generated bundle remote management command function can be provided. The bundle management server that provides the above functions is SPB Manager (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), IDS (Image Delivery Server), SM-DP (Subscription Manager Data Preparation), SM-DP+ (Subscription Manager Data) Preparation plus), Admin Bundle Server, Managing SM-DP+ (Managing Subscription Manager Data Preparation plus), Bundle Encryption Server, Bundle Creation Server, Bundle Provisioner (BP), Bundle Provider (Bundle Provider), BPC holder (Bundle Provisioning) Credentials holder).

In the present disclosure, the bundle management server downloads, installs, or updates bundles from the SSP and manages settings of keys and certificates for remote management of bundle states. The bundle management server that provides the above functions is Secondary Platform Bundle Manager (SPBM), Remote Bundle Manager (RBM), Image Delivery Server (IDS), Subscription Manager Secure Routing (SM-SR), Subscription Manager Secure Routing (SM-SR+). Plus), off-card entity of eUICC Profile Manager or PMC holder (Profile Management Credentials holder), and EM (eUICC Manager) may be expressed as at least one.

In the present disclosure, the opening intermediary server is SPBM (Secondary Platform Bundle Manager), RBM (Remote Bundle Manager), SPBDS (Secondary Platform Bundle Discovery Sever), BDS (Bundle Discovery Sever), SM-DS (Subscription Manager Discovery Service), DS ( Discovery Service), a Root SM-DS, and an Alternative SM-DS. The opening mediation server may receive an event registration request (Register Event Request, Event Register Request) from one or more bundle management servers or opening mediation servers. Also, one or more opening mediation servers may be used in combination. In this case, the first opening mediation server may receive an event registration request from not only the bundle management server but also the second opening mediation server. In the present disclosure, the function of the opening intermediary server may be integrated into the bundle management server.

In the present disclosure, the bundle management server may collectively refer to a combination of a function of generating, encrypting, and transmitting a bundle or bundle remote management command, and a function of setting the SSP and managing the installed bundle. In addition, it may be a generic term for a combination of the functions of the opening intermediary server. Therefore, in various embodiments of the present disclosure, the operations of the bundle management server and the opening intermediary server may be performed in one bundle management server. In addition, each function may be divided and performed by a plurality of bundle management servers separated from each other. In addition, in the specification of the present disclosure, the bundle management server or the opening intermediary server may be expressed as a bundle server. The bundle server may be one of the bundle management server and the opening mediation server, or may be a device including both the bundle management server and the opening mediation server.

In this publication, the bundle management server and the opening mediation server may be collectively referred to as SPBM or RBM. The bundle server may also be referred to as a bundle management server. It may also be referred to as a security service module management server.

The term 'terminal' used in the present disclosure refers to a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, and a subscriber unit (Subscriber Unit). , subscriber station (SS), wireless device, wireless communication device, wireless transmit/receive unit (WTRU), mobile node, mobile, or other terms. Various embodiments of the terminal include a cellular phone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, and a digital camera having a wireless communication function. devices, gaming devices with wireless communication capabilities, music storage and playback appliances with wireless communication capabilities, Internet home appliances capable of wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions. have. In addition, the terminal may include a machine to machine (M2M) terminal and a machine type communication (MTC) terminal/device, but is not limited thereto. In the present disclosure, a terminal may be referred to as an electronic device.

In the present disclosure, an SSP that can be installed by downloading a bundle may be embedded in the electronic device. When the SSP is not embedded in the electronic device, the SSP physically separated from the electronic device may be inserted into the electronic device and connected to the electronic device. For example, the SSP may be inserted into the electronic device in the form of a card. The electronic device may include a terminal, and in this case, the terminal may be a terminal including an SSP that can be installed by downloading a bundle. The SSP may be embedded in the terminal, and when the terminal and the SSP are separated, the SSP may be inserted into the terminal, and may be inserted into the terminal and connected to the terminal.

In the present disclosure, the terminal or electronic device may include software or an application installed in the terminal or electronic device to control the SSP. The software or application may be referred to as, for example, a Local Bundle Assistant (LBA) or a Local Bundle Manager (LBM). Also, in the present disclosure, the term LBA or LBM may be used interchangeably with Local Profile Assistant (LPA).

In the present disclosure, the bundle identifier refers to a factor matching a bundle identifier (SPB ID), a bundle family identifier (SPB Family ID), a bundle family manager identifier (SPB Family Custodian Object ID), a bundle Matching ID, and an event identifier (Event ID). can be The bundle identifier (SPB ID) may indicate a unique identifier of each bundle. The bundle family identifier may indicate an identifier for classifying a type of a bundle (eg, a telecom bundle for accessing a mobile communication company network). In this disclosure, the bundle family identifier may be referred to as spbFamilyId. The bundle family manager identifier may indicate an identifier that identifies a subject (eg, a telecommunication service provider, a terminal manufacturer, a specific organization, etc.) that manages the bundle family identifier. In the present disclosure, the bundle family manager identifier may be referred to as Oid. The bundle identifier can be used as a value that can index the bundle in the bundle management server. In the present disclosure, the SSP identifier (SSP ID) may be a unique identifier of an SSP embedded in the terminal, and may be referred to as sspID. Also, when the terminal and the SSP chip are not separated as in the embodiment of the present disclosure, it may be a terminal ID. In addition, it may refer to a specific bundle identifier (SPB ID) in the SSP. In more detail, it may refer to the bundle identifier of an administrative bundle or loader (SPBL, Secondary Platform Bundle Loader) that installs and manages activation, deactivation, and deletion of other bundles in the SSP. The SSP may have a plurality of SSP identifiers, and the plurality of SSP identifiers may be a value derived from a single unique SSP identifier.

In the present disclosure, a loader (SPBL, Secondary Platform Bundle Loader) may refer to a management bundle that installs other bundles in the SSP and manages activation, deactivation, and deletion. The LBA of the terminal or the remote server can install, activate, deactivate, or delete a specific bundle through the loader. In this disclosure, the loader may also be referred to as an SSP.

In the present disclosure, BPC (Bundle Provisioning Credentials) may be a means used for mutual authentication and bundle encryption and signing between the bundle management server and the SSP. BPC may include one or more of a symmetric key, a Rivest Shamir Adleman (RSA) certificate and a private key, an elliptic curved cryptography (ECC) certificate and a private key, a root certification authority (CA), and a certificate chain. can Also, when there are a plurality of bundle management servers, different BPCs can be stored or used in the SSP for each of the plurality of bundle management servers.

In the present disclosure, Profile Management Credentials (PMC) may be a means used for mutual authentication and transmission data encryption and signature between the profile management server and the eUICC. The PMC may include one or more of a symmetric key, an RSA certificate and a private key, an ECC certificate and a private key, a root CA, and a certificate chain. In addition, when there are multiple profile management servers, different PMCs for each of the plurality of profile management servers can be stored or used in the eUICC.

In the present disclosure, an event may be a general term for bundle download, remote bundle management, or other bundle or SSP management/processing commands. An event may be named as a remote bundle provisioning operation (Remote Bundle Provisioning Operation, or RBP operation, or RBP operation) or an event record, and each event is a corresponding event identifier (Event Identifier) , Event ID, EventID) or matching identifier (Matching Identifier, Matching ID, MatchingID), and the address (FQDN, IP Address, or URL) of the bundle management server or opening intermediary server where the event is stored, or each server identifier at least one or more It may be referred to as data containing. Bundle Download may be used interchangeably with Bundle Installation. Event Type may also be used as a term to indicate whether a particular event is a bundle download, remote bundle management (eg delete, enable, disable, replace, update, etc.), or other bundle or SSP management/processing commands. and can be named as an operation type (Operation Type or OperationType), an operation classification (Operation Class or OperationClass), an event request type (Event Request Type), an event classification (Event Class), an event request class (Event Request Class), etc. .

In the present disclosure, the bundle image (or Image) may be used interchangeably with a bundle or as a term representing a data object of a specific bundle, and may be named as a bundle TLV or bundle image TLV (Bundle Image TLV). . If the bundle image is encrypted using encryption parameters, it can be named as Protected Bundle Image (PBI) or Protected Bundle Image TLV (PBI TLV). When a bundle image is encrypted using an encryption parameter that can only be decrypted by a specific SSP, it may be named as a Bound Bundle Image (BBI) or a Bound Bundle Image TLV (BBI TLV). The bundle image TLV may be a data set expressing information constituting a profile in a TLV (Tag, Length, Value) format.

In the present disclosure, local bundle management (Local Bundle Management, LBM) is bundled local management (Bundle Local Management), local management (Local Management), local management command (Local Management Command), local command (Local Command), local bundle management package (LBM Package), a bundle local management package (Bundle Local Management Package), a local management package (Local Management Package), a local management command package (Local Management Command Package), may be named as a local command package (Local Command Package). LBM changes the status (Enabled, Disabled, Deleted) of a specific bundle through software installed in the terminal, or the contents of a specific bundle (eg, a bundle nickname (Bundle Nickname), or bundle summary information (Bundle Metadata), etc.) ) can be used for updating. The LBM may include one or more local management commands. In this case, the bundles targeted for each local management command may be the same or different for each local management command.

In the present disclosure, remote bundle management (Remote Bundle Management, RBM) is bundle remote management (Bundle Remote Management), remote management (Remote Management), remote management command (Remote Management Command), remote command (Remote Command), remote bundle management package (RBM Package), a bundle remote management package (Bundle Remote Management Package), a remote management package (Remote Management Package), a remote management command package (Remote Management Command Package), may be named as a remote command package (Remote Command Package). RBM changes the status (Enabled, Disabled, Deleted) of a specific bundle, or changes the contents of a specific bundle (eg, bundle nickname (Bundle Nickname), or bundle summary information (Bundle Metadata), etc.) (update) can be used for The RBM may include one or more remote management commands, and a bundle targeted for each remote management command may be the same or different for each remote management command.

In the present disclosure, a target bundle may be used as a term referring to a bundle that is a target of a local management command or a remote management command.

In the present disclosure, a certificate (Certificate) or digital certificate (Digital Certificate) is an asymmetric key (Asymmetric Key)-based mutual authentication consisting of a public key (PK) and a secret key (SK) pair ) may represent a digital certificate used for Each certificate includes one or more public keys (PK), a public key identifier (PKID) corresponding to each public key, and an identifier of the certificate issuer (CI) that issued the corresponding certificate. (Certificate Issuer ID) and digital signature (Digital Signature) may be included. In addition, the certificate issuer may be named as a certification issuer, a certificate authority (CA), a certification authority, and the like. In the present disclosure, a public key (PK) and a public key identifier (PKID) are a specific public key or a certificate including the corresponding public key, or a part of a specific public key or a certificate including the corresponding public key. A part, or a result of an operation of a specific public key (eg, Hash), or a value of an operation result (eg, Hash) of a certificate including the corresponding public key (eg, Hash), or a portion of a specific public key The same meaning refers to the operation result (eg, hash) value, the operation result (eg, hash) value of a part of the certificate including the corresponding public key, or the storage space in which data is stored. can be mixed.

In the present disclosure, certificates (primary certificate) issued by one certificate issuer are used to issue another certificate (secondary certificate), or secondary certificates are used to jointly issue tertiary or higher certificates In this case, the correlation between the certificates can be named as Certificate Chain or Certificate Hierarchy, in which case the CI certificate used to issue the first certificate is the Root of Certificate , Root CI, Root CI Certificate, Root CA, Root CA Certificate, and the like.

In the present disclosure, a service provider may indicate a business that issues a requirement to a bundle management server to request bundle generation, and provides a service to a terminal through the bundle. For example, it may represent a mobile operator or operator that provides a communication network access service through a bundle in which a communication application is loaded, and the business support system (BSS), Operational Supporting System of the communication service provider. System, OSS), POS terminal (Point of Sale Terminal), and other IT systems may be collectively referred to. In addition, in the present disclosure, the service provider is not limited to expressing only one specific business, and may be used as a term referring to a group or association (association or consortium) of one or more businesses or an agent representing the group or association. In addition, in the present disclosure, a service provider may be named as an operator (Operator or OP or Op.), bundle owner (BO), image owner (IO), etc., and each service provider has a name and/or unique At least one identifier (Object Identifier, OID) may be set or assigned. If a service provider refers to a group or association or agency of more than one entity, the name or unique identifier of any group or association or agency shall be shared by all entities belonging to that group or association or all entities collaborating with such entity. It can be a name or a unique identifier.

In the present disclosure, the device manager issues a requirement to the bundle management server or service provider to request bundle creation, subscribes to the service provider, and provides the service to the SSP of the terminal it manages through the bundle. It can represent a business that does Also, the terminal manager may be a service subscriber who has signed a contract with a service provider and subscribed to a service provided by the service provider. For example, it may indicate an operator or M2M service provider that provides and uses a remote measurement service using an IoT terminal, and may refer to a terminal manufacturer or enterprise that manufactures and sells terminals. In the present disclosure, the terminal manager is not limited to expressing only one specific business, and may be used as a term referring to a group or association (association or consortium) of one or more businesses or an agent representing the group or association. Also, in the present disclosure, a terminal manager may be named as a bundle owner (BO), a bundle manager, an image owner (IO), a service subscriber (Subscriber), etc., and each terminal manager has a name and/or unique At least one identifier (Object Identifier, OID) may be set or assigned. If the terminal manager refers to a group or association or agency of one or more businesses, the name or unique identifier of any group or association or agency is shared by all businesses belonging to the group or association or all businesses collaborating with the agency It can be a name or a unique identifier.

In the present disclosure, AKA may indicate authentication and key agreement, and may indicate an authentication algorithm for accessing 3GPP and 3GPP2 networks.

In the present disclosure, K (or K value) may be an encryption key value stored in the eUICC used for the AKA authentication algorithm.

In the present disclosure, OPc may be a parameter value that may be stored in the eUICC used for the AKA authentication algorithm.

In the present disclosure, NAA is a network access application (Network Access Application) application program, and may be an application program such as USIM or ISIM stored in UICC to access a network. The NAA may be a network access module.

In the present disclosure, the telecom bundle may be a bundle that is equipped with at least one NAA or a function for remotely downloading and installing at least one NAA. In the present disclosure, the telecom bundle may include a telecom bundle identifier indicating it.

And, in describing the present disclosure, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present disclosure, the detailed description thereof will be omitted.

Hereinafter, various embodiments of a method and apparatus for installing and managing bundles online through a remote server will be described.

1 is a diagram illustrating a method for connecting a mobile communication network of a terminal using an SSP in which a telecom bundle having a profile is mounted, according to some embodiments of the present disclosure.

As shown in FIG. 1 , the SSP 120 may be embedded in the SoC 130 of the terminal 110 . In this case, the SoC 130 may be a communication processor, an application processor, or a processor in which the two processors are integrated. In addition, the SSP 120 may be a removable type 122 in the form of an independent chip without being integrated into the SoC, or may be a built-in type 124 pre-built in the terminal 110 .

The bundle in which the profile is loaded may mean that it includes 'access information' for accessing a specific carrier. For example, the access information may be a K or Ki value required to authenticate to the network together with an International Mobile Subscriber Identity (IMSI), which is a subscriber identifier, and a subscriber identifier.

The terminal 110 authenticates with an authentication processing system (eg, Home Location Register (HLR) or Authentication Center (AuC)) of a mobile communication company using at least one of the telecom bundles 140 and 150 installed in the SSP 120 . can be performed. For example, the authentication process may be an Authentication and Key Agreement (AKA) process. When the authentication is successful, the terminal 110 may use a mobile communication service such as a telephone call or mobile data use using the mobile communication network 160 of the mobile communication system. The two telecom bundles 140 and 150 may store different authentication information, respectively, and the terminal 110 may use the mobile communication network by operating the two telecom bundles 140 and 150 simultaneously or time-divisionally according to settings. .

In addition, the terminal 110 can use the payment bundle 170 installed in the SSP 120 to use an online payment through a terminal app or an offline payment through an external credit card PoS (Point of Sale) device, and the electronic ID bundle 180 may be used to authenticate the identity of the terminal owner.

2 is a conceptual diagram illustrating an internal structure of a Smart Secure Platform (SSP) according to some embodiments of the present disclosure.

In FIG. 2 , the SSP 210 may include one Primary Platform (PP) 220 and at least one or more Secondary Platform Bundles (SPB) 230 and 240 operating thereon. . The primary platform 220 may include hardware (not disclosed) and at least one low level operating system (LLOS) 222 . The secondary platform bundle 230 may include a high-level operating system (HLOS) 232 and at least one or more applications 234 operating thereon. Each of the secondary platform bundles 230 and 240 uses a primary platform interface (PPI) 250 to access resources such as the central processing unit and memory of the primary platform 220, and through this, the SSP 210 ) can be driven.

3 is a view illustrating a certificate hierarchy (Certificate Hierarchy or Certificate Chain) issued by a certificate issuer (CI), a public key included in each certificate, and a certificate issuer (Certificate) according to some embodiments of the present disclosure; It is a diagram showing an example of a digital signature configuration of an Issuer, CI). In the present disclosure, a certificate issuer (CI) may be used interchangeably with a certificate authority (CA).

Referring to FIG. 3 , a certificate issuer (CI) generates a public key (313) and a secret key (Secret Key) to be used by the certificate issuer (CI), and among them, the public key (313) is used as its own. You can create a CI certificate (Certificate Issuer Certificate, CI Certificate, 311) by including it in the certificate, and attach a digital signature (315) generated by using your secret key to your certificate to the certificate. have.

Also, referring to FIG. 3 , the CI certificate 311 may be used to issue ( 391 ) the certificate 331 of the object 1 . Object 1 may be, for example, a bundle management server (SPBM). Object 1 generates a public key (Public Key, 333) and a secret key (Secret Key) to be used by itself, and among them, public key (Public Key, 333) is included in its certificate to generate object 1 certificate (331) can do. Object 1 may request a certificate issuer (CI) to receive the certificate issuer's digital signature (CI Digital Signature, 335) using the certificate issuer's CI Secret Key. At this time, the object 1 certificate 331 is an identifier 337 of the issuer of the certificate corresponding to the public key (CI Public Key, 313) of the certificate issuer that should be used when verifying the digital signature 335 of the issuer of the certificate included in the corresponding certificate. ) may be included. The identifier 337 of the certificate issuer may include at least one of a public key identifier (CI Public Key ID) of the certificate issuer and a CI identifier (CI ID, CI Object ID, Object Universally Unique Identifier, and Object UUID).

Also, referring to FIG. 3 , the CI certificate 311 may be used to issue ( 393 ) the certificate 351 of the object 2 . The object 2 may be, for example, an SSP maker. Object 2 generates a public key (Public Key, 353) and a secret key (Secret Key) to be used by itself, and among these, public key (353) is included in its certificate to generate object 2 certificate (351). can do. Object 2 may request a certificate issuer and use the certificate issuer's CI Secret Key to receive the certificate issuer's digital signature (CI Digital Signature, 355). At this time, the object 2 certificate 351 is an identifier of the certificate issuer corresponding to the public key (CI Public Key, 313) of the certificate issuer that should be used when verifying the digital signature 355 of the issuer of the certificate included in the corresponding certificate. 357) may be included. The identifier 357 of the certificate issuer may include at least one of a public key identifier (CI Public Key ID) of the certificate issuer and a CI identifier (CI ID, CI Object ID, Object Universally Unique Identifier, and Object UUID). The certificate issuer signatures 335 and 355 included in the object 1 certificate 331 and the object 2 certificate 351 may have different values, but the public key identifier 357 of the certificate issuer may have the same value.

Also, referring to FIG. 3 , the certificate 351 of the object 2 may be used to issue (395) the certificate 371 of the object 3 . The object 3 may be, for example, an SSP manufactured by an SSP maker or a secondary platform bundle loader (SPBL) mounted inside the SSP. Object 3 generates a public key (373) and a secret key (Secret Key) to be used by itself, and among them, the object 3 certificate (351) is obtained by including the public key (373) in its certificate. can create Object 3 may request object 2 and use object 2's secret key to receive object 2's digital signature (Digital Signature, 375). At this time, the object 3 certificate 271 may include an identifier 377 corresponding to the public key 253 of the object 2 to be used when verifying the signature 375 of the object 2 included in the corresponding certificate. can The identifier 377 may include at least one of an issuer's public key identifier (Public Key ID) and issuer identifier (Object ID, Object Universally Unique Identifier, Object UUID).

Also, although not shown in FIG. 3 , at least one sub-certificate issuer (Sub Certificate Issuer, Sub CI, or Sub Certificate Authority, Sub CA) may exist between the certificate issuer (CI) and the objects 1 and 2. The sub-issuer certificate may be issued by the certificate issuer (CI) by using the CI certificate 311, or by another certificate sub-issuer using its sub-issuer certificate. The certificate sub-issuer may issue an object 1 or object 2 certificate using its sub-issuer certificate.

Also, although not shown in FIG. 3 , at least one sub-certificate issuer (Sub Certificate Issuer, Sub CI, or Sub Certificate Authority, Sub CA) may exist between the object 2 and the object 3 . The sub-issuer certificate may be issued by the object 2 by using the object 2 certificate 351, or by another certificate sub-issuer using its sub-issuer certificate. A certificate sub-issuer can issue an object 3 object 2 certificate using its sub-issuer certificate.

Referring to FIG. 3 , the extended setting value 317, 339, 359, or 379 of each certificate 311, 331, 351 or 371 is the bundle family identifier (SPB Family) of the bundle that can be downloaded and installed with the corresponding certificate. ID) or a bundle family identifier (SPB Family ID) and a bundle family manager identifier (SPB Family Custodian Object ID).

The object 1 certificate 331, the object 2 certificate 351, and the object 3 certificate 371 shown in the example of FIG. 3 all have the same CI certificate 311 as a top-level certificate or a root of certificate. have. Accordingly, the object 1, the object 2, and the object 3 may need the CI certificate 311 or the CI public key 313 included therein to authenticate each other. More specifically, in the example of FIG. 3 , in order for object1 and object2 to authenticate each other using a digital certificate and signature, object1 includes the signature of object2 and object2 certificate 351 and CI public key 313 . is required, and object 2 may need object 1's signature, object 1 certificate 331 and CI public key 313. In addition, in the example of FIG. 3 , in order for object 1 and object 3 to authenticate each other using a digital certificate and signature, object 1 includes the signature of object 3, object 3 certificate 371 , object 2 certificate 351 and CI The public key 313 is required, and the object 3 may require the signature of the object 1 , the object 1 certificate 331 , and the CI public key 313 . In this case, the object 2 certificate 351 with respect to the object 3 certificate 371 may be referred to as a certificate sub-issuer (Sub Certificate Issuer, Sub CI, or Sub Certificate Authority, Sub CA) certificate.

4 is a view illustrating a certificate hierarchy (Certificate Hierarchy or Certificate Chain) issued by a certificate issuer (CI), a public key included in each certificate, and a certificate issuer (Certificate) according to some embodiments of the present disclosure; It is a diagram showing an example of a digital signature configuration of an Issuer, CI).

Referring to FIG. 4 , a CI certificate 421 may be used to issue ( 497 ) a connection certificate 441 , or an object 2 certificate 451 may be used to issue ( 499 ) a connection certificate 441 . In addition, the CI certificate 421 and the object 2 certificate 451, and the sub-issuer certificates (not shown) that may exist between the object 2 certificate 451 and the object 3 certificate 471 connect the connection certificate 441 . It can be used to issue The connection certificate 441 may receive a digital signature 445 using the issuer's secret key. In this case, the connection certificate 441 may include an identifier 447 corresponding to the public key of the issuer to be used when checking the signature 445 included in the corresponding certificate. The identifier 447 may include at least one of an issuer's public key identifier (Public Key ID) and issuer identifier (Object ID, Object Universally Unique Identifier, Object UUID). The public key 443 of the connection certificate 441 is a value corresponding to the issuer identifier 447 of the object 1 certificate 431 , or a sub-issuer certificate that may exist between the CI certificate 411 and the object 1 certificate 431 . It may be a value corresponding to the issuer identifier of the ones (not shown). The extension setting value 449 of the connection certificate 441 includes the bundle family identifier (SPB Family ID) or the bundle family identifier (SPB Family ID) of the bundle that the issuer permitted so that object 1 can download to object 3 with the corresponding certificate. It may include a bundle family manager identifier (SPB Family Custodian Object ID).

Referring to FIG. 4, the extended setting values (417, 427, 439, 449, 459, or 479) of each certificate (411, 421, 431, 441, 451, or 471) are bundles that can be downloaded and installed with the corresponding certificate. It may include a bundle family identifier (SPB Family ID) or a bundle family identifier (SPB Family ID) and a bundle family manager identifier (SPB Family Custodian Object ID).

In addition, although not shown in FIG. 4 , at least one or more sub-certificate issuers (Sub Certificate Issuer, Sub CI, or Sub Certificate Authority, Sub CA) may exist between the certificate issuer (CI) and the objects 1 and 2. The sub-issuer certificate may be issued by the certificate issuer (CI) by using the CI certificate 311, or by another certificate sub-issuer using its sub-issuer certificate. The certificate sub-issuer may issue an object 1 or object 2 certificate using its sub-issuer certificate. The extension settings of the sub-issuer certificate include the bundle family identifier (SPB Family ID) or bundle family identifier (SPB Family ID) and the bundle family manager identifier (SPB Family Custodian Object ID) that can be downloaded and installed with the certificate. can do.

Also, although not shown in FIG. 4 , at least one sub-certificate issuer (Sub Certificate Issuer, Sub CI, or Sub Certificate Authority, Sub CA) may exist between the object 2 and the object 3 . The sub-issuer certificate may be issued by the object 2 by using the object 2 certificate 351, or by another certificate sub-issuer using its sub-issuer certificate. A certificate sub-issuer can issue an object 3 object 2 certificate using its sub-issuer certificate.

Referring to FIG. 4 , the illustrated object 1 certificate 431 and object 2 certificate 451 have different CI certificates 411 and CI certificates 421, respectively, as a top-level certificate or a root of certificate. can Accordingly, object 2 and object 3 may need the CI certificate 411 and the CI public key 413 included therein to authenticate object 1 . In addition, the CI certificate 421 and the CI public key 423 included therein may be required for the object 1 to authenticate the objects 2 and 3 . More specifically, in the example of FIG. 4 , in order for object1 and object2 to authenticate each other using a digital certificate and signature, object1 includes the signature of object2 and object2 certificate 451 and CI public key 423 . is required, and object2 may require object1's signature, object1 certificate 431 and CI public key 413. In addition, in the example of FIG. 3 , in order for object 1 and object 3 to authenticate each other using a digital certificate and signature, object 1 includes the signature of object 3, object 3 certificate 471, object 2 certificate 451, and CI The public key 423 is required, and the object 3 may require the signature of the object 1 , the object 1 certificate 431 , and the CI public key 413 .

Referring to FIG. 4 , in order for object 3 to authenticate object 1 , a connection certificate 441 , a CI certificate 421 , and a public key 423 included therein may be required. More specifically, in the example of FIG. 4 , in order for object 3 to authenticate object 1 using the digital certificate and signature of object 1, object 3 uses the signature of object 1 and object 1 certificate 431 and connection certificate 441 . and CI public key 423 may be required. In addition, in order for object 3 to authenticate object 1 , a connection certificate 441 , object 2 certificate 451 , and a CI certificate 421 and/or a public key 423 included therein may be required. More specifically, in the example of FIG. 4 , in order for object 3 to authenticate object 1 using the digital certificate and signature of object 1, object 3 includes the signature of object 1, object 1 certificate 431, connection certificate 441, Object2 certificate 451 and CI public key 423 may be required.

5 is a diagram illustrating an example of internal and external components for a terminal to download and install a bundle to an SSP according to some embodiments of the present disclosure;

In FIG. 5 , the terminal 510 may be a terminal in which the SSP 530 is mounted and the LBA 512 for controlling the SSP 530 is installed. The SSP 530 may be embedded in the terminal 510 or may be removable. The SSP 530 may include a primary platform 531 , a secondary platform bundle loader (SPBL) 533 , and one or more secondary platform bundles 535 , 537 , or 539 . In addition, the secondary platform bundle 535 , 537 , or 539 is not installed in the SSP 530 at the time of shipment of the terminal, but may be remotely downloaded and installed after shipment.

Also, referring to FIG. 5 , each bundle may have a different bundle family identifier or a bundle family identifier and a bundle family manager identifier 541 or 542 . The SSP 530 or the SPBL 533 may store and manage the certificate settings 551 allowed to download and install bundles having different bundle family identifiers or bundle family identifiers and bundle family manager identifiers. The LBA 512 may request the certificate setting 551 from the SSP 530 or the SPBL 533 , and the certificate setting may be copied and stored in the LBA 512 .

Referring to FIG. 5 , the SSP 530 or the SPBL 533 may store and manage certificate information 552 , 553 , or 554 to which different family identifiers and different bundle family manager identifiers are allocated. The certificate information 552 , 553 , or 554 to which the family identifier and the bundle family manager identifier are assigned may be used for downloading a bundle including the assigned family identifier and the bundle family identifier. The SSP 530 or the SPBL 533 may refuse to download and install a bundle that does not include the family identifier and the bundle family identifier assigned to the corresponding certificate information 552 , 553 , or 554 .

Referring to FIG. 5 , the SSP 530 or the SPBL 533 may store and manage certificate information 555 or 556 to which different bundle family identifiers are allocated and to which the bundle family manager identifier is not allocated. The certificate information 555 or 556 to which the family identifier is assigned may be used for downloading a bundle including the assigned family identifier.

Referring to FIG. 5 , the SSP 530 or the SPBL 533 may store and manage certificate information 557 to which the bundle family identifier and the bundle family manager identifier are not assigned.

In FIG. 5, the certificate information 552, 553, 554, 555, 556, 557 stored and managed by the SSP 530 or the SPBL 533 is a CI certificate or a public key identifier of the CI certificate in FIGS. It may be a certificate existing in a certificate hierarchy issued by an issuer (Certificate Issuer, CI) or a public key identifier of the corresponding certificate. When the bundle is downloaded and installed from the bundle management server 551 or 553, the SSP 430 or the SPBL 433 receives the bundle family identifier assigned to the bundle or the certificate information set in the bundle family identifier and the bundle family manager identifier. and transmit the information to the bundle management server 551 or 553 . The certificate information may be a certificate or a public key (Public Key) of a certificate issuer (CI) in the corresponding certificate hierarchy, and an identifier (eg, CI ID, CI ID, CI) corresponding to the corresponding certificate and public key. Object ID, Object Universally Unique Identifier, Object UUID, CI Public Key ID).

6 is a diagram illustrating an example of a procedure in which a subscriber subscribes to a service through a service provider and a service provider and a bundle management server prepare for bundle download according to some embodiments of the present disclosure.

In FIG. 6 , the terminal 600 may be a terminal in which the SSP 610 is mounted and the LBA 620 for controlling the SSP 610 is installed. Also, although not shown in the drawings, the bundle requested by the service provider 640 may be generated and waiting in the bundle management server 650 , and the service provider 640 may include a bundle identifier (SPB ID), a bundle family of the generated bundle. At least one of an identifier (SPB Family ID), a bundle family manager identifier (SPB Family Custodian Object ID), and an address (SPBM Addr) of the bundle management server 650 may be possessed.

Referring to FIG. 6 , a subscriber 630 may select and subscribe to a service (eg, a data service through a mobile communication network, etc.) provided by the service provider 640 in operation 6001 . In this case, the subscriber 630 may selectively transmit the identifier (SSP ID) of the SSP 610 installed in the terminal 600 where the bundle is installed to the service provider 640 in order to use the service provided by the service provider 640 to the service provider 640 . have.

In operation 6003 , the service provider 640 and the bundle providing server 650 may perform a bundle download preparation procedure. In operation 6003, the service provider 640 may selectively transmit the identifier (SSP ID) of the SSP 610 to which the bundle is to be installed to the bundle management server 650, and may provide a service selected by the subscriber from among bundles prepared to the server. At least one of a specific bundle identifier (SPB ID), a bundle family identifier (SPB Family ID), and a bundle family manager identifier (SPB Family Custodian Object ID) may be transmitted to the bundle management server 650 . In operation 6003, the bundle management server 650 may select one of a bundle having a delivered specific bundle identifier, a bundle having a bundle family identifier, a bundle having a bundle family identifier and a bundle family manager identifier, and service the identifier of the selected bundle. may be transmitted to the provider 640 . The service provider 640 or the bundle providing server 650 may newly generate a bundle Matching ID capable of distinguishing the selected bundle. Also, the bundle providing server 650 may connect and manage the delivered SSP identifier (SSP ID) and the selected bundle. In operation 6003, the bundle management server 650 may transmit a bundle management server address (SPBM Addr) from which the selected bundle can be downloaded. In this case, the bundle management server address may be the address of itself or another bundle management server where the prepared bundle is stored, or it may be an address of another bundle management server that can store and obtain download information (server address, etc.) of the prepared bundle.

Referring to FIG. 6 , in operation 6005 , the service provider 640 may deliver the prepared bundle download information to the subscriber 630 . The bundle download information includes at least one of the bundle management server address where the bundle is prepared (SPBM Addr), the bundle matching ID of the prepared bundle, the bundle family identifier of the prepared bundle (SPB Family ID), and the bundle family manager identifier (SPB Family Custodian ID). can be transmitted as

Referring to FIG. 6 , bundle download information may be transmitted to the LBA 620 of the terminal 600 in operation 6006 . The bundle download information includes the address (SPBM Addr) of the bundle management server to which the LBA 620 will access, the bundle identifier of the bundle prepared in operation 6003, the bundle family identifier of the prepared bundle (SPBM Family ID), the bundle family manager identifier (SPB Family Custodian) Object ID). The bundle identifier may include at least one of a bundle Matching ID and a bundle Event ID generated in operation 6003 . In addition, the bundle identifier may include at least one of a bundle family identifier and a bundle family manager identifier (SPB Family Custodian Object ID) of the prepared bundle. The bundle event ID may include at least one of the bundle matching ID of the bundle prepared in operation 6003 and the address of the bundle management server. The bundle download information is input by the subscriber 630 to the LBA 620 (eg, QR code scanning, direct text input, etc.) or by using a push input through an information providing server (not shown) to the LBA 620 ). can be entered in Also, the LBA 620 may access the information providing server (not shown) set in the terminal 600 in advance to receive bundle download information.

7 illustrates an example of a configuration of a terminal 700 and a method in which a service provider 730, a bundle management server 740, and a device subscription manager 750 interact with each other according to some embodiments of the present disclosure. is a drawing that

Referring to FIG. 7 , the terminal 700 may include at least one bundle management software (or LBA) 710 and at least one SSP 720 . Also, the SSP 720 may include at least one SPBL 760 and a bundle 770 .

In operation 7001 , the service provider 730 may request remote management of the bundle from at least one bundle management server 740 . In this case, the bundle management server 740 may be owned by the service provider 730 or operated by a third party through a contract. In addition, the remote management request may include at least one of new installation of a bundle, activation, deactivation, deletion of the installed bundle, and acquisition and modification of bundle information.

In operation 7002 , the terminal manager 750 may request remote management of the bundle from at least one bundle management server 740 . In this case, the bundle management server 740 may be owned by the service provider 730 or the terminal manager 750 or operated by a third party through a contract.

In addition, the terminal manager 750 may request remote management of the bundle from the service provider 730 through operation 7003 . In response to the request, the service provider 730 may request the remote management of the bundle from at least one bundle management server 70 in operation 7001 .

In operation 7004 , the bundle management server 740 may transmit a remote management command to the bundle management software 710 . In this case, the remote management command may be a remote management command generated by the bundle management server 740 in response to at least one of the remote management requests for a specific bundle requested in operations 7001 , 7002 , and 7003 .

In operation 7005, the bundle management software 710 may check at least one of a bundle setting indicated by the remote management command, a bundle management software setting, an SPBL setting, and a terminal setting. In addition, when confirmation of the user 760 is required to execute the corresponding remote management command according to the confirmed setting, confirmation of the user 760 may be requested and received.

In operation 7006 , a remote management command may be transmitted to the SSP 720 through the bundle management software 710 . In the present disclosure, the bundle management operation by the service provider as described above may be referred to as remote SPB management.

In operation 7006, the SSP 720 or the SPBL 760 may check the bundle policy for processing the received remote bundle management command. The bundle policy may be stored in the bundle 770 , the SPBL 760 , or the bundle management software 710 , and the confirmation of the bundle policy may further include the bundle management software 710 to the bundle management server 740 . . For a more detailed method of confirming the bundle policy, reference will be made to drawings to be described later.

8 is a diagram illustrating an example of a general procedure in which the terminal 800 performs bundle remote management according to some embodiments of the present disclosure.

In FIG. 8 , the configuration of the terminal 800 , the LBA 810 , the SSP 820 , the service provider 830 , the bundle management server 840 , and the user 850 will be described with reference to the description of FIG. 7 , respectively. do.

Referring to FIG. 8 , in operation 8001 , the LBA 810 may discover that a remote management command for the SSP 820 exists in the bundle management server 840 . In operation 8001, a user may use a general user interface that interacts with the terminal. For example, the user 750 may input a specific operation (eg, scanning a QR code) to the LBA 710 or select a specific menu of the LBA 710 . Also, operation 8001 may be input from the bundle management server 840, a third bundle management server (not shown), or a specific server (not shown).

Referring to FIG. 8 , in operation 8002 , the LBA 801 may request and download a remote bundle management command from the bundle management server 840 . In this case, the LBA 810 may request information for requesting a remote bundle management command from the SSP 820 , and transmit the information to the bundle management server 840 . In operation 8003 , the bundle management server 840 may verify the corresponding information, and after the verification is successfully performed, it may transmit a remote bundle management command corresponding to the request to the LBA 810 . The remote bundle management command may include at least one of an identifier of a bundle targeting bundle management, a bundle family identifier of the target bundle, a bundle family manager identifier of the target bundle, a bundle owner identifier of the target bundle, and a remote management command type.

In operation 8004 , the LBA 810 may check the policy of the bundle or the SSP 820 for remote bundle management. The LBA 810 may check the bundle policy of the target bundle stored in the terminal 800 by using the target bundle identifier set in the remote bundle management command. In this case, the bundle policy may be stored in the bundle metadata, and the bundle metadata may be stored in the LBA 810 or the SSP 820 . If a remote management operation requiring end user consent is performed according to the bundle policy, the LBA 810 may request the user to confirm the remote management command. In addition, the bundle policy for remote bundle management may be set in the LBA 810, and when performing a remote management operation that requires user confirmation (End User Consent) according to the bundle policy set in the LBA 810, the LBA 810 may request the user to confirm the remote management command. In addition, when user confirmation is required for at least one of the bundle policy stored in the bundle metadata for the remote management command and the bundle policy set in the LBA 810, the LBA 810 may request the user to confirm the remote management command. have. In operation 8004, a user may use a general user interface that interacts with the terminal. When performing a remote management operation requiring user confirmation (End User Consent) according to the bundle policy, the LBA 810 may perform operation 8005 after successfully performing user confirmation. If a remote management operation that does not require user confirmation (End User Consent) is performed according to the bundle policy, the LBA 810 may perform operation 8005 without user confirmation.

In operation 8004, if End User Consent is set as essential for a remote management command in at least one of the bundle's metadata, the terminal 800, the LBA 810, and the SSP 820, the LBA 810 may perform operation 8005 after successfully performing user verification. The setting may be set, for example, in the case of a user terminal in which the user's confirmation is essential, such as a smart phone. If user confirmation is not possible, the LBA 810 may reject the remote management command.

In operation 8004, if it is necessary to verify the remote bundle management server that has transmitted the remote bundle management command according to the bundle policy, the LBA 810 selectively determines whether the bundle management server 840 corresponds to the bundle management server allowing remote management command delivery in the bundle policy. can be verified. When the LBA 810 selectively performs the verification, the LBA 810 may perform operation 8005 after successfully verifying the remote bundle management server.

In operation 8005 , the LBA 810 may request remote bundle management from the SSP 820 . In operation 8006 , the SSP 820 may check the bundle policy of the target bundle or the remote bundle management policy set in the SSP 820 to perform remote bundle management. For example, in the case of a remote bundle management operation to install a bundle, the SSP 820 transmits summary information (Bundle Metadata) and/or a part of the bundle policy of the bundle to be installed in the SSP 820 through the LBA 810 . It can be received from the bundle management server (840). As another example, the SSP 820 may further receive all or part of the bundle policy from the LBA 810 in addition to the bundle policy stored therein. Also, the SSP 820 may check the bundle policy of the target bundle stored in the SSP 820 by using the target bundle identifier set in the remote bundle management command. A detailed operation in which the SSP 820 checks the bundle policy will be described with reference to the drawings to be described later.

If it is necessary to verify the remote bundle management server that has transmitted the remote bundle management command according to the bundle policy, the SSP 820 may verify whether the bundle management server 840 corresponds to the bundle management server allowing remote management command transmission in the bundle policy. . If it is a remote bundle management command transmitted from an unauthorized bundle management server, the SSP 820 may terminate remote bundle management. Also, even when remote bundle management is performed on a bundle for which remote management is not permitted according to the bundle policy, the SSP 820 may terminate remote bundle management.

In addition, when it is necessary to verify the remote bundle management server according to the bundle policy, the SSP 820 validates the bundle management server 840 that has transmitted the remote management command, the verification stored in the bundle policy of the bundle specified by the transmitted remote management command. A method or a verification key (credential) may be used. For example, in the bundle policy, a public key that can be used to verify a digital signature, a digital certificate, a Public Key Identifier (PKID) corresponding to the public key of a digital certificate, or a higher level that can verify a digital certificate A public key of the certificate or a corresponding public key identifier may be stored. The stored information may be information associated with a digital certificate for remote bundle management corresponding to its own bundle issued by the service provider 830 or the bundle owner to the bundle management server 840 . In addition, the bundle policy may optionally include whether or not the bundle management server verification is required together with the information. The SSP 820 may verify the digital signature included in the received remote bundle management command according to the setting. If it is a remote bundle management command transmitted from the bundle management server for which verification is not possible, the SSP 820 may terminate the remote bundle management.

In operation 8007 , the SSP 820 may transmit the result of the remote management command to the LBA 810 . In addition, the LBA 810 may notify the user of the execution result of the remote management command through the user interface in operation 8008 . In addition, the LBA 810 may notify the execution result of the remote management command to the bundle management server 840, and in operation 8010, the bundle management server 840 may notify the service provider 830 of the remote bundle management execution result. have. The execution result announced in operation 8010 may include some or all of the remote bundle management execution result transmitted from the LBA 810 in operation 8009 .

9 is a diagram illustrating an example of a general procedure in which the terminal 900 performs bundle remote management according to some embodiments of the present disclosure.

In FIG. 9 , the configuration of the terminal 900 , the LBA 910 , the SSP 920 , the service provider 930 , the bundle management server 940 , and the user 950 will be described with reference to the description of FIG. 7 , respectively. do.

Referring to FIG. 9 , in operation 9001 , the LBA 910 may discover that a remote management command for the SSP 920 exists in the bundle management server 940 . In operation 9001, a user may use a general user interface that interacts with the terminal. For example, the user 950 may input a specific operation (eg, scanning a QR code) to the LBA 910 or select a specific menu of the LBA 910 . In addition, operation 9001 may be input from the bundle management server 840, a third bundle management server (not shown), or a specific server (not shown) without the intervention of the user 950 .

Referring to FIG. 9 , in operation 9002 , the LBA 910 may request and download a remote bundle management command from the bundle management server 940 . In this case, the LBA 910 may request information for requesting a remote bundle management command from the SSP 920 , and transmit the information to the bundle management server 940 . In operation 9003 , the bundle management server 940 may verify the corresponding information, and after the verification is successfully performed, it may transmit a remote bundle management command corresponding to the request to the LBA 910 . The remote bundle management command may include at least one of an identifier of a bundle targeted for bundle management, a bundle family identifier of the target bundle, a bundle family manager identifier of the target bundle, a bundle owner identifier of the target bundle, and a remote management command type.

In operation 9004 , the LBA 910 may request remote bundle management from the SSP 920 . In operation 9005 , the SSP 920 may check the bundle policy of the target bundle or the remote bundle management policy set in the SSP 920 to perform remote bundle management. For example, in the case of a remote bundle management operation of installing a bundle, the SSP 920 transmits summary information (Bundle Metadata) and/or a part of the bundle policy of the bundle to be installed in the SSP 920 through the LBA 910 . It can be received from the bundle management server 940 . As another example, the SSP 920 may further receive all or part of the bundle policy from the LBA 910 in addition to the bundle policy stored therein. As another example, the SSP 920 may preferentially apply the remote bundle management policy set in the SSP 920 regardless of bundle summary information. As another example, the SSP 920 may check the bundle policy of the target bundle stored in the terminal 900 using the target bundle identifier set in the remote bundle management command. A detailed operation in which the SSP 920 checks the bundle policy will be described with reference to the drawings to be described later.

If it is necessary to verify the remote bundle management server that has delivered the remote bundle management command according to the bundle policy, the SSP 920 may verify whether the bundle management server 940 corresponds to the bundle management server allowing remote management command transmission in the bundle policy. . If it is a remote bundle management command transmitted from a bundle management server that is not allowed, the SSP 920 may end remote bundle management. Also, even when remote bundle management is performed on a bundle for which remote management is not permitted according to the bundle policy, the SSP 920 may terminate remote bundle management.

As a result of checking the bundle policy, if a terminal manager or subscriber consent verification is required for remote management, the SSP 920 may confirm the subscriber intention in operation 9006 . In the present disclosure, a subscriber may be a user or an organization that purchases a bundle to use a specific service from the service provider 930 , or may be a terminal manager (individual or group) who manages the terminal 900 . The execution of operation 9006 may further include the terminal 900 , the service provider 930 , the terminal manager 950 , and/or the bundle management server 940 . The implementation of operation 9006 is a service provider 930 or terminal manager (for example, a remote management request message, or an arbitrary string generated by the bundle management server 940 to SSP 920) for arbitrary data. 950), or the terminal manager 950 or the service provider 930 provides the bundle management server 940, the LBA 910, the SSP 920, and/or the bundle installed in the terminal. A variety of other means provided by the terminal 900 , the bundle management server 940 , the service provider 930 , and the terminal manager 950 may be utilized, such as checking a single secret key (credential key). The subscriber identification verification means to be used in operation 9006 may be set in the bundle policy, and if not set in the bundle policy, the terminal 900 or the bundle management server 940 . Any means agreed/selected by the service provider 930 or the terminal manager 950 may be utilized. If, as a result of checking the bundle policy, subscriber confirmation verification is not required for the corresponding remote management, operation 9006 may be omitted. If the subscriber identification verification fails, the SSP 920 may end remote management. If the subscriber identity verification is not required or the subscriber identity verification succeeds, the SSP 920 may perform remote management of the target bundle.

In addition, when it is necessary to verify the remote bundle management server according to the bundle policy, the SSP 920 stores in the bundle policy of the bundle designated by the transmitted remote management command to verify the bundle management server 940 that has transmitted the remote management command. A verification method or a verification key (credential) may be used. For example, the bundle policy includes a public key that can be used to verify a digital signature, a digital certificate, a public key identifier (PKID) corresponding to the public key of a digital certificate or digital certificate, and a higher level that can verify a digital certificate. A public key of the certificate or a corresponding public key identifier may be stored. The stored information may be information related to a digital certificate for remote bundle management for its own bundle issued to the bundle management server 940 by the service provider 930 or the bundle owner. In addition, the bundle policy may optionally include whether or not the bundle management server verification is required together with the information. The SSP 920 may verify the digital signature included in the received remote bundle management command according to the setting. If it is a remote bundle management command transmitted from the bundle management server for which verification is not possible, the SSP 920 may terminate remote bundle management.

In addition, when it is necessary to verify the remote bundle management server that has transmitted the remote bundle management command according to the bundle policy, the SSP 920 may verify whether the bundle management server 940 corresponds to the bundle management server allowing remote management command transmission in the bundle policy. . If it is a remote bundle management command transmitted from a bundle management server that is not allowed, the SSP 920 may end remote bundle management. Also, even when remote bundle management is performed on a bundle for which remote management is not permitted according to the bundle policy, the SSP 920 may terminate remote bundle management. In operation 9007 , the SSP 920 may transmit the result of the remote management command to the LBA 910 . In addition, in operation 9008, the LBA 810 may notify the execution result of the remote management command to the bundle management server 840, and in operation 9009, the bundle management server 840 to the service provider 830 or the terminal manager 950. The results of remote bundle management can be announced. The execution result announced in operation 9009 may include some or all of the remote bundle management execution result transmitted from the LBA 910 in operation 9008 .

10 is a diagram illustrating an example of setting a bundle policy according to some embodiments of the present disclosure.

Referring to FIG. 10 , the bundle policy 1010 may be expressed as a series of parameters. Although the bundle policy 1010 of FIG. 10 is expressed in the form of a table for convenience of explanation, it does not necessarily have the form of a table, and may be composed of an arrangement of variables. Also, it should be noted that the set values of each variable shown in FIG. 10 merely represent an example of a bundle policy for convenience of explanation, and actual set values may be different for each bundle.

The bundle policy 1010 may include the types of local management or remote management commands received by each bundle (“Command” list, 1011). Each remote management command may be expressed as a string or a numeric string indicating the corresponding command. In FIG. 10, the local management or remote management commands are five types of "Install", "Enable", "Disable", "Delete", and "Update Metadata". is expressed, but the types of local management or remote management commands that the command type 1011 may include are not limited thereto, and may be extended to other various bundle management commands. In addition, although it is expressed that local management or remote management commands are separately expressed in FIG. 10, one or more local management or remote management commands may be grouped and expressed. For example, it is possible to divide and express the commands corresponding to bundled installation and other commands by dividing them into two types of "Install" and "Etc. or Others", and "All commands (All commands)" )", it is also possible to express all commands as one type without distinction of command types.

The bundle policy 1010 may include a “Local Management” configuration 1012 indicating detailed settings for local management of the corresponding command according to the classification of the command type 1011 .

More specifically, the local management setting 1012 may further include an indicator (“Allowed” indicator, 1012a) indicating whether each local management command is allowed. If the local management command of the bundle is allowed, the indicator 1012a may be expressed as a character string indicating “Yes”, a string of numbers, or a boolean. If the local management command of the bundle is not allowed, the indicator 1012a may be expressed as a character string representing “No”, a string of numbers, or a boolean.

In addition, the local management setting 1012 may further include an indicator (“End User consent” indicator, 1012b) indicating whether the execution of each local management command necessarily requires user intention (End User consent). If the local management command of the bundle must be initiated by the end user, the indicator 1012b may be expressed as a string, a number string, and/or a boolean indicating “Required”. have. If the local management command of the bundle does not necessarily need to be initiated by the user and the terminal can initiate it itself, the indicator 1012b is a string, a numeric string, and/or a logical symbol indicating “Not Required”. It can be expressed as (boolean). If the local management command of the bundle is not allowed according to the setting of the local management command permission indicator 1012a, the indicator 1012b is a string indicating “Not Applicable (N/A)”, a numeric string, or It can be expressed as a boolean.

The bundle policy 1010 may include a remote management configuration (“Remote Management” configuration, 1013 ) indicating detailed settings for remote management of the corresponding command according to the classification of the command type 1011 .

More specifically, the remote management setting 1013 may further include an indicator (“Allowed” indicator, 1013a) indicating whether each remote management command is allowed. If the remote management command of the bundle is permitted, the indicator 1013a may be expressed as a character string indicating “Yes”, a string of numbers, or a boolean. If the remote management command of the bundle is not allowed, the indicator 1013a may be expressed as a character string representing “No”, a string of numbers, or a boolean.

In addition, the remote management setting 1013 may further include an indicator (“End User Consent” indicator 1013b) indicating whether the execution of each remote management command necessarily requires user consent. If the remote management command of the bundle requires user consent, the indicator 1013b may be expressed as a character string, a numeric string, and/or a boolean indicating “Required”, and Accordingly, the means of confirming user intention may be indicated in more detail. If the user consent is described as "required" but the means is not specified or the terminal cannot use the indicated user consent confirmation means, the terminal may arbitrarily select one of the available confirmation means. If the remote management command of the bundle does not require user consent, the indicator 1013b may be expressed as a string indicating “Not Required”, a string of numbers, and/or a boolean. . If the remote management command of the bundle is not allowed according to the setting of the remote management command permission indicator 1013a, the indicator 1013b is a string representing “Not Applicable (N/A)”, a numeric string, or It can be expressed as a boolean.

In addition, the remote management setting 1013 selectively selects an indicator ("SPBM Verification" indicator, 1013c) indicating whether the execution of each remote management command requires the information confirmation (SPBM Verification) of the bundle management server that has transmitted the remote management command. may include more. The marker may optionally further include a verification key (Credential) that can be used in a series of methods or verification methods that can verify information of the bundle management server. If the means is not specified, it may indicate that verification is not required. If it is necessary to check the information of the bundle management server that has transmitted the remote management command to perform the remote management command of the bundle, the indicator 1013c may be expressed as a string and/or a numeric string indicating the identifier of the bundle management server, and is necessary may include identifiers of a plurality of bundle management servers. The bundle management server identifier may be referred to as data including at least one address (FQDN, IP Address, or URL) of the bundle management server or a unique identifier (Object Identifier, OID) of each server. In addition, the bundle management server identifier may not be included according to the command type 1011 , and different bundle management server identifiers may be included according to the command type 1011 . If digital signature verification using a digital certificate designated by the service provider or bundle owner is required to verify the bundle management server that has transmitted the remote management command to perform the remote management command of the bundle, the indicator 1013c is the service provider or bundle owner A public key that can be used to verify a specified digital signature, a digital certificate, a public key identifier (PKID) corresponding to a public key of a digital certificate, or a public key of a digital certificate; A public key identifier corresponding to may be stored. The indicator 1013c may include a shared secret key (a password, a symmetric key, etc.) designated by a service provider or a bundle owner. The indicator 1013c may include a plurality of verification methods.

In addition, the remote management setting 1013 may further include an indicator (“Subscriber Consent Verification” indicator 1013d) indicating whether the execution of each remote management command necessarily requires Subscriber Consent Verification. If subscriber identification verification is required to perform the remote management command of the bundle, the indicator 1013d may be expressed as a string, a numeric string, and/or a boolean indicating “Required”, and Accordingly, the means of verifying the subscriber identity may be indicated in more detail. For example, you can verify security information such as the subscriber's secret key ("Credential Key" in 1013d), verify the digital signature using the subscriber's digital certificate ("Signed Token" in 1013d), or use various other verification methods. have. If the subscriber verification verification is described as "Required" but the means is not specified, or if the terminal and/or bundle management server cannot use the indicated subscriber identification verification means, the terminal and/or bundle management server use One of the possible verification means can be arbitrarily selected. If subscriber identification verification is not required to perform the remote management command of the bundle, the indicator 1013d may be expressed as a string, a numeric string, and/or a boolean indicating “Not Required”. can If the remote management command of the bundle is not allowed according to the setting of the remote management command permission indicator 1013a, the indicator 1013d is a string indicating “Not Applicable (N/A)”, a numeric string, or It can be expressed as a boolean.

In addition, the remote management setting 1013 may optionally further include an indicator (“SPBM Owner Verification” indicator, 1013e) indicating whether the execution of each remote management command necessarily requires confirmation of the subject requesting the remote management command. . If it is necessary to confirm the subject requesting the remote management command to perform the remote management command of the bundle, the indicator 1013e may be expressed as a string and/or a numeric string indicating the identifier of the bundle owner or administrator, and if necessary Accordingly, it may include identifiers of multiple bundle owners or administrators. The bundle owner identifier or bundle manager identifier may be a unique identifier (Object Identifier, OID) of a service provider or a terminal manager, and may be referred to as data including at least one unique identifier. In addition, the bundle owner identifier or bundle manager identifier may not be included according to the command type 1011 , and different bundle owner identifiers or bundle manager identifiers may be included according to the command type 1011 .

11 is a diagram illustrating an example of setting SSP remote management for remote bundle management according to some embodiments of the present disclosure.

Referring to FIG. 11 , the SSP remote management setting 1110 may be expressed as a series of parameters. Although the bundle policy 1110 of FIG. 11 is expressed in the form of a table for convenience of explanation, it does not necessarily have the same form as a table, and may be composed of an arrangement of variables. In addition, it should be noted that the set values of each variable shown in FIG. 11 merely represent an example of the SSP remote management setting for convenience of explanation, and actual set values may be different from each other.

The SSP remote management setting 1110 may include an identifier 1120 indicating the classification of bundles installed or to be installed in the SSP. The identifier indicating the classification of bundles installed or to be installed in each SSP may include one of a bundle family identifier, a bundle family manager identifier, a bundle owner identifier, or a terminal manager identifier, and may appear in various combinations of the identifiers listed above. . Although it is expressed as a combination of a bundle family identifier, a bundle family manager identifier, and a bundle owner identifier in FIG. 10, it may be expressed as a combination of various values settable for other bundles, bundle metadata, and remote bundle management commands. For example, it may be expressed as a combination 1120a of a bundle family identifier, bundle family manager identifier, and bundle owner identifier, which is an SSP remote management setting applied to a bundle in which a specific bundle family identifier, bundle family manager identifier, and bundle owner identifier are set. can refer to It may also be expressed as a combination 1120b of a bundle family identifier and a bundle family manager identifier, which may refer to an SSP remote management setting applied to a bundle in which a specific bundle family identifier and a bundle family manager identifier are set, regardless of the bundle owner identifier. It may be a setting that is applied strongly. In addition, it may be expressed 1120c only with the bundle family identifier, which may refer to the SSP remote management setting applied to the bundle in which a specific bundle family identifier is set, and may be a setting applied regardless of the bundle family manager identifier and the bundle owner identifier. “All identifier combinations (ALL)” 1120d may refer to all bundles regardless of identifiers set in the bundle. It may also be a setting that additionally includes a specific remote bundle management command.

In addition, the SSP remote management setting 1110 indicates a means for confirming the intention of the subscriber (“Subscriber Intent Verification Method” indicator, 1130) when the execution of each remote management command necessarily requires Subscriber Consent Verification. )can do. For example, when the received remote bundle management command includes a digital signature of a subscriber, 1130 includes a public key that can be used to verify the digital signature, a digital certificate or a public key identifier corresponding to the public key of the digital certificate, digital It may include a public key identifier (PKID) corresponding to the public key of the upper certificate that can verify the certificate. In addition, security information such as the subscriber's secret key and various other verification methods may be specified. For subscriber identification verification, if the means is not specified, or if the terminal and/or bundle management server cannot use the indicated subscriber identification verification means, the terminal and/or bundle management server may arbitrarily select one of the available verification methods. . If the means is not specified, it may indicate that verification is not required.

12 is a diagram illustrating an example of a procedure for setting an SSP remote management authority between a terminal manager, a service provider, and a bundle management server and between a terminal manager and an SSP according to some embodiments of the present disclosure.

Referring to FIG. 12 , the terminal manager 1210 provides the bundle management server 1220 with the authority to generate and transmit the remote bundle management command of the bundle installed or to be installed in the terminal 1230 managed by the terminal manager 1220. A bundle management token 1250 may be issued. The remote bundle management token 1250 may be in the form of a digital certificate proving that the remote bundle management authority exists, and may include a public key paired with a specific secret key held by the bundle management server 1220 . In addition, the remote bundle management token 1250 is at least one of the following values that the terminal manager 1210 can designate a bundle that can be remotely managed by the bundle management server 1220 among bundles installed or to be installed in the terminal 1230 managed by the terminal manager 1210. One may optionally include.

- Bundle manageable period or remote bundle management token validity period

- Identifier of the terminal or SSP on which the bundle is installed or will be installed

- bundle identifier

- bundle family identifier

- bundle family manager identifier

- bundle owner identifier

- Terminal manager identifier

- Remote bundle management commands granted to the bundle management server

- Is it possible to issue a new remote bundle management token?

In addition, the remote bundle management token 1250 may further include a digital signature of the terminal manager generated by the secret key used when the terminal manager 1210 issues the remote bundle management token 1250 . The terminal manager 1210 may possess digital certificates 1260a and 1260b including a public key paired with the private key. Also, the digital certificate 1260b may be issued using a secret key paired with the higher digital certificate 1260a.

In addition, the bundle management server 1220 uses the secret key paired with the remote bundle management token 1250 issued from the terminal manager 1210 to the other bundle management servers 1220a and 1220b, and another remote bundle management token ( 1250a, 1250b) can be issued. If the remote bundle management token 1250 is set so that a new token cannot be issued, the bundle management server 1220 may not be able to issue a remote bundle management token. The digital certificates 1250a and 1250b may selectively include at least one of values that the bundle management servers 1220a and 1220b can designate remotely manageable bundles, and the corresponding value is the remote bundle management token by the terminal manager 1210. The value specified in 1250 may be the same as or include some values, and may be different from each other.

12, the terminal 1230 can verify the remote bundle management token 1250 issued by the terminal manager 1210 and the remote bundle management token 1250a, 1250b issued by the bundle management server 1220. A digital certificate or public key 1260c may be stored. The digital certificate or public key 1260c may be the same as the digital certificates 1260a and 1260c of the terminal manager 1210, or may be the same as the public key included in the corresponding digital certificate. The digital certificate or public key 1260c may be one of means for confirming the subscriber intention described above in FIG. 11 .

13 is a diagram illustrating an example of a procedure in which the bundle management server generates a remote bundle management command according to some embodiments of the present disclosure.

Referring to FIG. 13 , in operation 13001 , the service provider 1300 or the terminal manager 1310 may request the bundle management server 1320 to generate a remote bundle management command. In operation 13001, the service provider 1300 or the terminal manager 1310 may request generation of a remote bundle management command including at least one of the following request values.

- Target terminal or SSP identifier

- target bundle identifier

- the bundle family identifier of the target bundle

- the bundle family manager identifier of the target bundle

- the bundle owner identifier of the target bundle

- Remote management commands (e.g. install, enable, disable, delete, etc.)

Referring to FIG. 13 , in operation 13002, the bundle management server 1320 determines whether the terminal manager 1310 or the service provider 1300 requesting the remote bundle management command has the authority to request the remote bundle management command of the bundle. can be determined selectively. At this time, the bundle management server 1320 selects at least one value among the request values delivered by the terminal manager 1310 or the service provider 1300 who requested the remote bundle management command in operation 13001, and the selected request value manages the bundle. If it does not match the value set in the server 1320, the remote bundle management reputation creation may be rejected. For example, the bundle owner identifier of the requested target bundle does not match the terminal manager 1310 or the service provider 1300, or the terminal manager 1310 or the service provider 1300 does not have the request authority for the remote management command requested. , the bundle management server 1320 does not have the authority to generate a specific remote bundle management command for the requested target bundle, or information of the target bundle (eg, target terminal or SSP identifier, target bundle identifier, bundle family identifier of the target bundle, If at least one of the bundle family manager identifier of the target bundle and the bundle owner identifier of the target bundle) and at least one of the requested command information do not match, generation of the remote bundle management command may be rejected.

The management server 1320 may selectively check a setting for a bundle targeted by the requested remote bundle management command, and generate a remote bundle management command. The remote bundle management command may include at least one of the following values.

- target bundle identifier

- the bundle family identifier of the target bundle

- the bundle family manager identifier of the target bundle

- the bundle owner identifier of the target bundle

- Remote management commands (e.g. install, enable, disable, delete, etc.)

In addition, when it is set to require subscriber confirmation verification for a remote bundle management command in the configuration for the bundle, the bundle management server may digitally sign the remote bundle management command with a private key. The secret key used at this time may be a secret key paired with one matching the setting of the target bundle among the remote bundle management tokens issued by the terminal manager 1210 in FIG. 12 . In addition, in selecting the secret key for generating the digital signature, the identifier of the terminal or SSP in which the bundle is installed or to be installed among the information set in the remote bundle management token, the bundle identifier, the bundle family identifier, the bundle family manager identifier, and the bundle owner identifier , a terminal manager identifier, and at least one of remote bundle management commands permitted to the bundle management server and at least one set value for the bundle may select a secret key paired with a remote bundle management token. In addition to the digital signature, the subscriber verification verification value may be a verification value generated using a shared secret previously shared between the bundle management server and the target bundle or target SSP.

In addition, when the setting for the bundle includes a verification method or a verification key specified by the service provider or the bundle owner for the remote bundle management command, the bundle management server provides information that can be verified with the verification key in the remote bundle management command. You can also add For example, a service provider or bundle owner may perform digital signature with a private key paired with the corresponding certificate to enable verification with a digital certificate included in the bundle policy. In addition, information that can be verified with a shared secret key (shared secret, password, symmetric key, etc.) specified by the service provider or bundle owner may be included.

In operation 13002, the bundle management server 1320 may generate one digital signature including a plurality of remote bundle management commands when it is allowed to generate a digital signature with the same private key for a plurality of remote bundle management commands.

When the remote bundle management command is successfully generated in operation 13002, the bundle management server 1320 may generate an identifier (CodeM) of the remote bundle management command, and may store it in connection with the target SSP identifier and the remote bundle management command.

In operation 13003 , the bundle management server 1320 may deliver the remote bundle management command generation result (success or failure) to the service provider 1300 or the terminal manager 1310 . When the remote bundle management command generation is successful, the bundle management server 1320 may selectively include and transmit an identifier of the remote bundle management command.

14 is a diagram illustrating an example of a procedure for a terminal to verify and perform a remote bundle management command received from a bundle management server according to some embodiments of the present disclosure.

Referring to FIG. 14 , in operation 14001 , the terminal 1400 may request and receive a remote bundle management command from the bundle management server 1430 . The operation may be received by the LBA 1410 of the terminal 1400 using the information of the SSP 1420 . When the bundle management server 1430 transmits the remote bundle management command to the LBA 1410, a digital certificate that can be used to verify the digital signature for verification of subscribers included in the remote bundle management command or a higher certificate of the corresponding certificate. can be delivered together. In this case, the digital certificate may be a remote bundle management token issued by the terminal administrator to the bundle management server. In addition, a digital certificate that can be used to verify the signature for verifying the bundle management server included in the remote bundle management command or a higher-level certificate of the corresponding certificate can be selectively delivered. The remote bundle management command may include at least one of an identifier of a bundle targeted for bundle management, a bundle family identifier of the target bundle, a bundle family manager identifier of the target bundle, a bundle owner identifier of the target bundle, and a remote management command type.

In operation 14002, the LBA 1410 may check information set in the received remote bundle management command. The LBA 1410 includes at least one of a target bundle identifier, a bundle family identifier of the target bundle, a bundle family manager identifier of the target bundle, a bundle owner identifier of the target bundle, and a remote management command type among the information set in the remote bundle management command and the terminal 1400 ) can be compared with the policy of the target bundle stored in The bundle policy may be stored in the terminal 1400, the LBA 1410, the SSP 1420, or metadata of the bundle, and the priority for application may vary depending on implementation. In operation 14002, when the LBA 1410 requires user confirmation before executing the remote bundle management command in the compared bundle policy, the LBA 1410 may perform user confirmation.

In operation 14003 , the LBA 1410 may transmit a remote bundle management command to the SSP 1420 . In this case, the LBA 1420 may transmit some or all of the remote bundle management commands received from the bundle management server 1430 in operation 14001 . In addition, the delivered remote bundle management command may be a remote management (activation, deactivation, deletion, information request, etc.) of a pre-installed bundle or an installation command of a new bundle. In addition, a digital certificate that can be used to verify a digital signature for verifying a subscriber included in the remote bundle management command and a higher-level certificate of the corresponding certificate can be delivered together. In addition, a digital certificate that can be used to verify the signature for verifying the bundle management server included in the remote bundle management command or a higher-level certificate of the corresponding certificate can be selectively delivered.

In operation 14004, the SSP 1420 may check the policy of the bundle of the target bundle. At this time, the SSP 1420 includes at least one of the target bundle identifier, the bundle family identifier of the target bundle, the bundle family manager identifier of the target bundle, the bundle owner identifier of the target bundle, and the type of remote management command among the information set in the remote bundle management command and the terminal ( 1400) may be compared with the policy of the target bundle stored in the . The policy of the bundle may mean remote management settings among those described in FIG. 10 . In addition, the policy of the bundle may be set in the SSP 1420 rather than the bundle metadata.

In operation 14004, if Subscriber Consent Verifiation is set as essential in executing the corresponding remote bundle management command, the SSP 1420 verifies the subscriber confirmation included in the remote bundle management command transmitted from the LBA 1410. value can be verified. Confirmation of the setting may be confirmed through a bundle policy set in bundle metadata or a self-bundle policy set in the SSP 1420 .

When verifying the digital signature included in the remote bundle management command in operation 14004, the SSP 1420 checks the SSP remote management setting as shown in FIG. 11 , and selects the subscriber confirmation verification means required for the verification set for the target bundle. can In this case, the subscriber identification verification means may be set in the bundle policy in the bundle's metadata, and the SSP may select this.

For example, to verify the digital signature of the subscriber to the received remote bundle management command, the SSP 1420 may include a public key that can be used to verify the digital signature, a digital certificate, or a public key identifier corresponding to the public key of the digital certificate; A public key identifier (PKID) corresponding to the public key of a higher-level certificate capable of verifying the digital certificate may be selected. In addition, security information such as a subscriber's secret key and other various verification methods may be selected according to the subscriber verification verification value. As the verification means, a bundle policy or SSP remote management setting matching at least one of a bundle identifier, a bundle family identifier, a bundle family manager identifier, and a bundle owner/terminal manager identifier of the target bundle may be selected. If the means is not specified, it may indicate that verification is not required.

When performing verification of the digital signature, the SSP 1420 may verify a digital certificate that can be used to verify the digital signature for verifying subscriber confirmation transmitted along with the remote bundle management command and an upper certificate of the corresponding certificate. At this time, in verifying that the digital certificate is valid, at least one of the validity period included in the corresponding certificate, the bundle identifier, the bundle family identifier, the bundle family manager identifier, the bundle owner/terminal manager identifier, and the permitted remote bundle management command is The method may further include confirming that the policy of the target bundle matches the SSP remote management setting.

If the subscriber identification verification is successful, the SSP 1420 may perform the remote bundle management command. If the verification fails, the SSP 1420 may refuse to execute the remote bundle management command.

In operation 14004, when the information verification (SPBM Verification) of the bundle management server that has transmitted the remote management command is set as essential in the execution of the remote bundle management command, the SSP 1420 performs the remote bundle management delivered from the LBA 1410. You can verify the bundle management server verification verification value included in the command. Confirmation of the setting may be confirmed through a bundle policy set in bundle metadata or a self-bundle policy set in the SSP 1420 .

When verifying the digital signature included in the remote bundle management command in operation 14004, the SSP 1420 may check the bundle policy of the target bundle as shown in FIG. 10 , and select a verification means required for verification set in the bundle policy. .

For example, the received remote bundle management command includes a digital signature of the bundle management server, and to verify this, the SSP 1420 uses a public key, a digital certificate, or A public key identifier corresponding to the public key of the digital certificate and a public key identifier (PKID) corresponding to the public key of a higher level certificate capable of verifying the digital certificate may be selected. In addition, according to the bundle management server verification verification value, security information such as a secret key and various other verification methods may be selected. If the means is not specified, it may indicate that verification is not required.

If the information check verification of the bundle management server is successful, the SSP 1420 may perform the remote bundle management command. If the verification fails, the SSP 1420 may refuse to execute the remote bundle management command.

In addition, the SSP 1420 may check whether the bundle policy of the bundle targeted by the remote bundle management command is set to verify at least one of End User Consent and Subscriber Consent Verifiation. If it is set not to perform both user verification and subscriber verification verification, the SSP 1420 may refuse to perform the corresponding remote management command. If it is set to perform user verification or subscriber verification verification, the SSP 1420 or LBA 1410 may perform the set verification verification and, if verification is successful, perform a corresponding remote bundle management command.

In operation 14005, the SSP 1420 may transmit the execution result of the remote bundle management command to the LBA 1410.

15 is a diagram illustrating a configuration of a terminal according to some embodiments of the present disclosure.

As shown in FIG. 15 , the terminal may include a transceiver 1510 and at least one processor 1520 . Also, the terminal may include an SSP 1530 . For example, the SSP 1530 may be inserted into the terminal or may be built into the terminal. The at least one processor 1520 may be referred to as a controller.

However, the configuration of the terminal is not limited to FIG. 13 , and may include more or fewer components than the components shown in FIG. 15 . According to some embodiments, the transceiver 1510 , at least one processor 1520 , and a memory (not shown) may be implemented in the form of one chip. In addition, when the SSP 1530 is embedded, it may be implemented in the form of a single chip including the SSP 1530 . According to some embodiments, the transceiver 1510 may transmit and receive signals, information, data, etc. according to various embodiments of the present disclosure with the bundle management server. The transceiver 1510 may include an RF transmitter for up-converting and amplifying a frequency of a transmitted signal, and an RF receiver for low-noise amplifying and down-converting a received signal. However, this is only an embodiment of the transceiver 1510, and components of the transceiver 1510 are not limited to the RF transmitter and the RF receiver. Also, the transceiver 1510 may receive a signal through a wireless channel, output it to the at least one processor 1520 , and transmit a signal output from the at least one processor 1520 through a wireless channel.

According to some embodiments, the transceiver 1510 may receive, from the bundle management server, a certificate of the bundle management server, CI information to be used by the SSP 1530, a bundle family identifier, a bundled bundle, and the like. Also, the transceiver 1510 may transmit CI information corresponding to a specific bundle family identifier, authentication information of the SSP 1530, and the like to the bundle management server.

Meanwhile, at least one processor 1520 is a component for overall controlling the terminal. At least one processor 1520 may control the overall operation of the terminal according to various embodiments of the present disclosure as described above.

Meanwhile, the SSP 1530 may include a processor or a controller for installing and controlling a bundle, or an application may be installed therein.

According to some embodiments, at least one processor or controller in the SSP 1530 checks CI (Certificate Issuer) information that can be used when downloading and installing a specific bundle corresponding to a specific bundle family identifier, and is preset in the SSP. At least one of the delivered bundle management server certificate, the CI information to be used by the SSP, and the bundle family identifier may be verified based on the CI information for each bundle family identifier.

Also, according to some embodiments, at least one processor 1520 controls the transceiver 1510 to transmit CI information corresponding to a specific bundle family identifier to the bundle management server, and from the bundle management server to the bundle management server certificate , CI information to be used by a Smart Secure Platform (SSP), and at least one of a bundle family identifier may be received.

The SSP 1530 according to various embodiments may download a bundle and install the bundle. Also, the SSP 1530 may manage bundles.

Also, according to some embodiments, the SSP 1530 may operate under the control of the processor 1520 . Alternatively, the SSP 1530 may include a processor or a controller for installing and controlling a bundle, or an application may be installed therein. Some or all of the application may be installed in the SSP 1530 or a memory (not shown).

Meanwhile, the terminal may further include a memory (not shown), and may store data such as a basic program, an application program, and setting information for the operation of the terminal. In addition, the memory is a flash memory type (Flash Memory Type), a hard disk type (Hard Disk Type), a multimedia card micro type (Multimedia Card Micro Type), card type memory (eg, SD or XD memory, etc.), magnetic Memory, magnetic disk, optical disk, RAM (Random Access Memory, RAM), SRAM (Static Random Access Memory), ROM (Read-Only Memory, ROM), PROM (Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read- Only Memory) may include at least one storage medium. In addition, the processor 15020 may perform various operations using various programs, contents, data, etc. stored in the memory.

16 is a diagram illustrating a configuration of a bundle management server according to an embodiment of the present disclosure.

According to some embodiments, the bundle management server may include a transceiver 1610 and at least one processor 1620 . However, the configuration of the bundle management server is not limited to FIG. 16 , and may include more or fewer components than the components shown in FIG. 16 . According to some embodiments, the transceiver 1610 , at least one processor 1620 , and a memory (not shown) may be implemented in the form of one chip.

According to some embodiments, the transceiver 1610 may transmit and receive signals, information, data, etc. according to various embodiments of the present disclosure with a terminal, a subscriber, or a service provider. For example, the transceiver 1610 receives a specific bundle family identifier or certificate information corresponding to the bundle family identifier and the bundle family manager identifier, the authentication information of the SSP, etc. from the terminal, and the certificate of the bundle management server, the SSP to the terminal The certificate information to be used, the bundle family identifier, the bundled bundle, etc. can be transmitted.

The transceiver 1610 may include an RF transmitter for up-converting and amplifying a frequency of a transmitted signal, and an RF receiver for low-noise amplifying and down-converting a received signal. However, this is only an example of the transceiver 1610, and components of the transceiver 1610 are not limited to the RF transmitter and the RF receiver. Also, the transceiver 1610 may receive a signal through a wireless channel, output it to the at least one processor 1620 , and transmit a signal output from the at least one processor 1620 through a wireless channel.

Meanwhile, at least one processor 1620 is a component for overall controlling the bundle management server. The processor 1620 may control the overall operation of the bundle management server according to various embodiments of the present disclosure as described above. The one or more processors 1620 may be referred to as a controller.

According to some embodiments, at least one processor 1620 selects a certificate of the bundle management server to be transmitted to the terminal, and certificate information to be used by the SSP of the terminal, and verifies the SSP Credential of the terminal, You can create SPBMToken and Bound Bundle.

In addition, according to some embodiments, the at least one processor 1620 transmits a certificate of the bundle management server, certificate information to be used by the SSP, a bundle family identifier, a bundled bundle, etc. to the terminal, and corresponds to a specific bundle family identifier from the terminal. The transceiver 1610 may be controlled to receive certificate information, authentication information of the SSP, and the like.

Meanwhile, the bundle management server may further include a memory (not shown), and may store data such as a basic program, an application program, and setting information for the operation of the bundle management server. In addition, the memory is a flash memory type (Flash Memory Type), a hard disk type (Hard Disk Type), a multimedia card micro type (Multimedia Card Micro Type), card type memory (eg, SD or XD memory, etc.), magnetic Memory, magnetic disk, optical disk, RAM (Random Access Memory, RAM), SRAM (Static Random Access Memory), ROM (Read-Only Memory, ROM), PROM (Programmable Read-Only Memory), EEPROM (Electrically Erasable Programmable Read- Only Memory) may include at least one storage medium. In addition, the processor 16020 may perform various operations using various programs, contents, data, etc. stored in the memory.

In the specific embodiments of the present disclosure described above, components included in the disclosure are expressed in the singular or plural according to the specific embodiments presented. However, the singular or plural expression is appropriately selected for the context presented for convenience of description, and the present disclosure is not limited to the singular or plural element, and even if the element is expressed in plural, it is composed of the singular or singular. Even an expressed component may be composed of a plurality of components.

Meanwhile, although specific embodiments have been described in the detailed description of the present disclosure, various modifications are possible without departing from the scope of the present disclosure. Therefore, the scope of the present disclosure should not be limited to the described embodiments and should be defined by the claims described below as well as the claims and equivalents.

The various embodiments of the present disclosure and the terms used therein are not intended to limit the technology described in the present disclosure to a specific embodiment, and should be understood to include various modifications, equivalents, and/or substitutions of the embodiments. In connection with the description of the drawings, like reference numerals may be used for like components. The singular expression may include the plural expression unless the context clearly dictates otherwise. In this disclosure, expressions such as "A or B", "at least one of A and/or B", "A, B or C" or "at least one of A, B and/or C", etc., refer to all of the items listed together. Possible combinations may be included. Expressions such as "first", "second", "first" or "second" can modify the corresponding elements regardless of order or importance, and are only used to distinguish one element from another element. The components are not limited. When an (eg, first) component is referred to as being “connected (functionally or communicatively)” or “connected” to another (eg, second) component, that component An element may be directly connected to the other element or may be connected through another element (eg, a third element).

The term “module” used in the present disclosure includes a unit composed of hardware, software, or firmware, and may be used interchangeably with terms such as, for example, logic, logic block, component, or circuit. A module may be an integrally formed part or a minimum unit or a part of performing one or more functions. For example, the module may be configured as an application-specific integrated circuit (ASIC).

Various embodiments of the present disclosure provide software (eg, a machine-readable storage media) (eg, an instruction stored in an internal memory or an external memory) that can be read by a machine (eg, a computer). For example, a program) A device is a device capable of calling a stored command from a storage medium and operating according to the called command, and may include the terminal 250 according to various embodiments. When an instruction is executed by a processor (eg, the processor 820 of FIG. 8 or the processor 920 of FIG. 9 ), the processor directly or using other components under the control of the processor corresponds to the instruction An instruction may include code generated or executed by a compiler or interpreter.

The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' means that the storage medium does not include a signal and is tangible, and does not distinguish that data is semi-permanently or temporarily stored in the storage medium.

Methods according to various embodiments disclosed in the present disclosure may be provided by being included in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product may be distributed in the form of a machine-readable storage medium (eg, compact disc read only memory (CD-ROM)) or online through an application store (eg, Play Store™). have. In the case of online distribution, at least a part of the computer program product may be temporarily stored or temporarily generated in a storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

Each of the components (eg, a module or a program) according to various embodiments may be composed of a single or a plurality of entities, and some sub-components of the above-described corresponding sub-components may be omitted, or other sub-components may be used. may be further included in various embodiments. Alternatively or additionally, some components (eg, a module or a program) may be integrated into a single entity and perform the same or similar functions performed by each corresponding component before being integrated. According to various embodiments, operations performed by a module, program, or other component may be sequentially, parallel, repetitively or heuristically executed, or at least some operations may be executed in a different order, omitted, or other operations may be added. can

Claims (1)

A control signal processing method in a wireless communication system, comprising:
Receiving a first control signal transmitted from the management server;
processing the received first control signal; and
and transmitting a second control signal generated based on the processing to the management server.

Images