US20150271173A1 - Method of managing shared file and device for authenticating subscriber by using same - Google Patents

Method of managing shared file and device for authenticating subscriber by using same Download PDF

Info

Publication number
US20150271173A1
US20150271173A1 US14/424,286 US201314424286A US2015271173A1 US 20150271173 A1 US20150271173 A1 US 20150271173A1 US 201314424286 A US201314424286 A US 201314424286A US 2015271173 A1 US2015271173 A1 US 2015271173A1
Authority
US
United States
Prior art keywords
file
profile
network access
application
exemplary embodiment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/424,286
Inventor
Myoung Hee Seo
Jin Hyoung LEE
Kwan Lae KIM
Chul Hyun Park
Hyung Jin Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
KT Corp
Original Assignee
KT Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KT Corp filed Critical KT Corp
Priority claimed from PCT/KR2013/007518 external-priority patent/WO2014035092A1/en
Assigned to KT CORPORATION reassignment KT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KIM, KWAN LAE, LEE, HYUNG JIN, LEE, JIN HYOUNG, PARK, CHUL HYUN, SEO, MYOUNG HEE
Publication of US20150271173A1 publication Critical patent/US20150271173A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • An apparatus and a method consistent with exemplary embodiment broadly relate to shared file management for a subscriber certification device, and to a shared file management method for a multi-profile environment, and a subscriber certification apparatus using the same.
  • a universal integrated circuit card is a smart card that is tangible and can be inserted into a terminal and configured to perform network access certification.
  • the UICC may include network access applications (NAAs) which are applications for access to several networks of providers, such as a universal subscriber identity module (USIM) for WCDMA/LTE network access or a subscriber identity module (SIM) for GSM network access.
  • NAAs network access applications
  • USIM universal subscriber identity module
  • SIM subscriber identity module
  • eSIM embedded SIM
  • eUICC machine to machine
  • the eUICC provides a network access certification function, similarly to the existing detachable UICC.
  • access to networks of several providers should be processed using one UICC due to a difference between physical structures, and there are many issues such as eUICC opening/distribution/subscriber information security.
  • a solution thereto may be necessary.
  • international standardization organizations such as GSMA and ETSI have standardized necessary elements including a top structure together with related companies such as providers, manufactures, or SIM vendors.
  • An aspect of exemplary embodiments is to provide a shared file management method that is efficient for a multi-profile environment.
  • Another aspect of exemplary embodiments is to provide a subscriber certification apparatus using the shared file management method.
  • Illustrative, non-limiting embodiments may overcome the above disadvantages and other disadvantages not described above.
  • the inventive concept is not necessarily required to overcome any of the disadvantages described above, and the illustrative, non-limiting embodiments may not overcome any of the problems described above.
  • the appended claims should be consulted to ascertain the true scope of the invention.
  • a method of managing files of a subscriber certification module includes forming a file structure having one or more profiles for providing network access to a mobile terminal; storing the formed file structure on the subscriber certification module which is a card embedded into the mobile terminal, and managing one or more files included in the file structure in response to a request.
  • the managing includes updating, deleting, or adding an access profile for the network access in the file structure.
  • the file may include state information of one or more network access applications.
  • the file structure may include a master file, and one or more files associated with the master file.
  • the one or more files associated with the master file may include an application directory file which may include a network access application list and state information of each network access application in the list.
  • a state of each network access application may be an activated state or a deactivated state.
  • the method may further include receiving the request from an external interworking device.
  • the external interworking device may include a mobile network operator server or a subscription manager server remote from the mobile terminal.
  • the method may further include receiving the request from a shared file manager or a profile, located in the subscriber certification module.
  • the managing of one or more files included in the file structure in response to the request may include updating data stored in the application directory file in response to a request with an access right.
  • the access right for updating of the application directory file may be based on an administrator certification.
  • the managing of the files included in the file structure in response to the request may further include registering network access application related information for an added profile when a new profile is installed.
  • a subscriber certification apparatus built into and installed in a mobile terminal apparatus includes a shared file memory which stores one or more profile-related files and one or more corresponding network access applications with respective state information and a processor configured to manage one or more profile-related files.
  • the managing including updating, deleting, or adding one or more network access application and/or data therein.
  • the shared file memory may further store a master file, and one or more files associated with the master file.
  • the subscriber certification card may further include a shared file manager that manages one or more files included in the shared file memory.
  • the shared file manager may manage the one or more profiles and related file stored in the shared file memory.
  • One or more files or file information stored in the shared file memory may be changed in response to a request from the processor, the shared file manager, or an external interworking device.
  • eUICC eco-system providers of the eUICC
  • eco-system providers of the eUICC such as eUICC card manufacturers, network service providers, and profile management servers.
  • FIG. 1 is a block diagram illustrating a eUICC according to an exemplary embodiment.
  • FIG. 2 is a diagram illustrating a file structure for a subscriber certification device according to an exemplary embodiment.
  • FIG. 3 is a diagram illustrating a data structure of an application directory file for a UICC according to an exemplary embodiment.
  • FIG. 4 is a diagram illustrating a data structure of an application directory file according to an exemplary embodiment.
  • FIG. 5 is a diagram illustrating a file structure and data of the application directory file when there is no profile according to an exemplary embodiment.
  • FIG. 6 is a diagram illustrating a file structure and data of the application directory file when a profile is installed according to an exemplary embodiment.
  • FIG. 7 is a diagram illustrating a file structure and data of the application directory file when a profile is additionally installed according to an exemplary embodiment.
  • FIG. 8 is a flow diagram illustrating a directory data updating method according to an exemplary embodiment.
  • FIG. 9 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 10 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 11 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 12 is a flowchart of a method of managing shared files according to an exemplary embodiment.
  • Exemplary embodiments may be variously changed, and may include several other exemplary embodiments. Specific exemplary embodiments will be illustrated in the drawings and described in detail.
  • eUICC embedded UICC
  • eSIM embedded SIM
  • eUICC embedded UICC
  • eSIM embedded SIM
  • Terminal in an exemplary embodiment may be referred to as a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber Unit (SU), a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit/receive unit (WTRU), a mobile node, mobile device, or other terms.
  • MS mobile station
  • UE user equipment
  • UT user terminal
  • AT access terminal
  • SU subscriber Unit
  • SS subscriber station
  • WTRU wireless transmit/receive unit
  • Various exemplary embodiments of the terminal may include a cellular phone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a photographing device such as a digital camera having a wireless communication function, a gaming device having a wireless communication function, music storage and playback appliances having a wireless communication function, or internet appliances capable of wireless Internet accessing and browsing, as well as a portable component or handset devices with combinations of such functions.
  • PDA personal digital assistant
  • portable computer having a wireless communication function
  • a photographing device such as a digital camera having a wireless communication function
  • a gaming device having a wireless communication function
  • music storage and playback appliances having a wireless communication function
  • internet appliances capable of wireless Internet accessing and browsing, as well as a portable component or handset devices with combinations of such functions.
  • the terminal may include an M2M (Machine to Machine) terminal or an MTC (Machine Type Communication) terminal/device in an exemplary embodiment, but is not limited thereto.
  • M2M Machine to Machine
  • MTC Machine Type Communication
  • each block or each operation described in exemplary embodiments may indicate a module, a segment, or some codes that include one or more executable instructions for executing a specific logical function(s).
  • functions described in blocks or operations can be generated in a different order. For example, two blocks or operations illustrated in succession can be performed simultaneously or can be performed in a reverse order according to their functions.
  • a detachable UICC is generally developed according to a standard of a network provider (MNO), and a structure and a data value thereof are not changed except for personalization-related data (for example, MSISDN) after commercialization.
  • MNO network provider
  • MSISDN personalization-related data
  • a profile may be added, state-changed, or deleted at a time when the eUICC is commercialized and operated, unlike a detachable UICC in the related art.
  • the eUICC can be used by several network providers (MNO) in the form of one chip due to physical characteristics. In this case, it is necessary to support the same file structure, security attributes, logic characteristics, and commands as those of an existing detachable UICC.
  • MNO network providers
  • a module called a profile is defined for post personalization of an application for a network access certification function of several providers to the eUICC, and requirements are established to remotely install and manage this module.
  • Exemplary embodiments provides a method of efficiently managing shared files in an eUICC so as to provide a file structure and functions compatible with an existing UICC in a multi-profile environment.
  • a specific file structure of eUICC is provided in which multiple profiles are included.
  • FIG. 1 is a block diagram illustrating eUICC according to an exemplary embodiment.
  • components to be described below with reference to FIG. 1 are components defined by functional division rather than physical division, and may be defined by their functions.
  • Each component in an exemplary embodiment, may be implemented by hardware and/or a program code and a processing unit that perform each function.
  • the functions of two or more components may be included as one component and may be implemented as such.
  • a name of each component is not intended to physically divide the component and is given to suggest a representative function of each component. It is to be noted that an exemplary embodiment is not limited by the name of each component.
  • the eUICC 100 may include a profile 110 , and a shared file storage 130 , and may selectively include a shared file manager 120 .
  • the profile 110 is a module including one or more network access applications (including parameter data, a file structure or the like for network access), and network access credentials.
  • the profile can be accessed with a unique value (ID) on the eUICC, and types of profile include a provisioning profile, an operational profile, and the like.
  • ID unique value
  • the provisioning profile is a profile including one or more network access applications and related network access credentials that enable access to a communication network when the provisioning profile is installed on the eUICC to provide transport capability for eUICC and profile management between the eUICC and a subscription manager-secure routing (SM-SR).
  • SM-SR subscription manager-secure routing
  • the operational profile is a profile including one or more network access applications and related connection credentials.
  • the shared file storage 130 stores one or more profile related files.
  • the file storage also includes state information of one or more network access applications related to the one or more profiles.
  • the file structure stored in the shared file storage 130 includes a master file, and one or more files associated with the master file.
  • the one or more files associated with the master file include an application directory file including a network access application list and state information of each network access application.
  • the shared file storage may be a memory in the eUICC 100 .
  • the eUICC may selectively include the shared file manager 120 .
  • the shared file manager 120 manages the one or more files included in the shared file storage 130 , and may request registration, state change, deletion, or the like of the network access application with respect to the one or more files included in the shared file storage 130 .
  • the profile 110 can manage the one or more files included in the shared file storage 130 and can request registration, state change, deletion, or the like of the network access application with respect to the one or more files included in the shared file storage 130 .
  • the profile and the shared file manager may be implemented on a microprocessor or the like.
  • the eUICC 100 is connected to one or more external interworking devices 200 , and may interwork with a MNO-OTA (Mobile Network Operator-Over The Air) and a MNO core network (not illustrated).
  • MNO-OTA Mobile Network Operator-Over The Air
  • MNO core network not illustrated
  • the one or more external interworking devices 200 may be, for example, subscription mangers (SMs) that are subscription manager modules, or profile owner servers (MNOs).
  • SMs subscription mangers
  • MNOs profile owner servers
  • the SMs and MNOs are a combination of hardware and software and may include at least a processor and a memory according to an exemplary embodiment.
  • the MNO-OTA and the MNO core network are operated by an entity that provides communication service to customers over a mobile network, that is, a mobile network operator, and communicate with the terminal.
  • the subscription manager module serves to safely perform a function of directly managing the operational profiles and the provisioning profiles on the eUICC.
  • the subscription manager module also serves to prepare for the operational profiles and the provisioning profiles to be safely provisioned on the eUICC, such as, to perform encryption of the profile.
  • the eUICC provides a method of selecting a network access application (NAA) of a profile (an activated profile or an installed profile) to be compatible with an existing UICC (that is, a detachable UICC) even when the profile is changed.
  • NAA network access application
  • specific examples of the method of selecting the network access application of the profile may include a method of directly selecting the network access application using an application ID (AID; Application Identifier), a method of directly selecting the network access application using a value of a part of the AID, and a method of selecting the network access application through Elementary Files Directory (EF DIR ).
  • AID Application ID
  • EF DIR Elementary Files Directory
  • the eUICC according to an exemplary embodiment to support a file structure and a protocol independent from the application defined in ETSI TS 102 221 to be compatible with an existing UICC regardless of installation of the profile and the state of the profile.
  • a file structure and a management method when several profiles are dynamically installed are provided.
  • the eUICC by defining the shared file structure including an applications list, an eUICC ID, preferred language, and the like installed in the eUICC in a multi-profile environment, the eUICC provides a data structure and a network access function compatible with an existing detachable USIM card.
  • Exemplary embodiment provides a method of managing an application list in EF DIR according to installation/deletion of a profile, and a method of managing a shared file access right (access condition).
  • FIG. 2 is a diagram illustrating a file structure for the subscriber certification device according an exemplary embodiment.
  • an MF (master file) 3000 is located on the top, three essential files (EF: elementary file) 3100, that is, EF PL (Preferred Languages) 3130 , EF ICCID (Integrated Circuit Card (ICC) Identification) 3110 , and EF ARR ( ) 3120 , and a DF (Dedicated File) 3200 for phone book information are arranged under the MF 3000 .
  • EF PL Preferred Languages
  • EF ICCID Integrated Circuit Card (ICC) Identification
  • EF ARR ( ) 3120 a DF (Dedicated File) 3200 for phone book information
  • the network access application is configured as a separate ADF (Application DF) (for example, ADF 1 3311 and ADF 2 3321 illustrated in FIG. 2 ), and the application ID (AID) and application label values 3310 and 3320 are included in the EF DIR 3300 under the MF, and have forms that can be referred to.
  • ADF Application DF
  • AID application ID
  • application label values 3310 and 3320 are included in the EF DIR 3300 under the MF, and have forms that can be referred to.
  • the EF PL 3130 among the essential EFs 3100 located under the MF 3000 is a file including n preferred language codes (n being a positive number greater than 0), and the EF ICCID 3110 is a file including the only identification number for a UICC.
  • EF DIR 3300 is a file having a list of first level applications such as USIMs installed in UICC.
  • EFs and DFs located under the MF 3000 can be referred to as a shared file system.
  • a file structure in which EF PL 3130 , EF ICCID 3110 , EF arr 3120 , and EF DIR 3300 are arranged as essential files under the master file 3000 as illustrated in FIG. 2 may be used as a file structure for eUICC according to an exemplary embodiment.
  • EF PL 3130 is a file including the preferred language code, and may include a language code list of a country which can provide service with eUICC. EF PL 3130 can be updated, with a language code currently set in the terminal having a highest priority, if necessary.
  • An update access right of EF PL 3130 is a user certification number (User PIN), and when the user inputs his or her certification number, a language code priority may be changed.
  • EF ICCID 3100 is a file including a unique identification number of UICC, and its value is not changed after first recording. Therefore, the value cannot be modified even when the profile is added or deleted, and a separate management function is not necessary.
  • EF DIR 3300 includes an identifier of an application installed in UICC, the terminal may select a necessary application by referring to its value at the time of UICC initialization and perform network access certification.
  • EF DIR 3300 it is necessary for an AID (Application Identifier) value of the network access application of the profile to be able to be added/deleted according to additional/deletion of the profile.
  • An update access right of EFDIR 3300 is a manger certification (ADM), and a security for management of its value is also necessary.
  • a method of managing shared files for UICC in a multi-profile environment is provided. More specifically, in an exemplary embodiment, a method of managing UCC shared files in an environment in which network access applications related to a profile are added, state-changed, or deleted, for example, according to addition, state change, or deletion of the profile, is provided.
  • exemplary embodiments of the shared file management method as defined below for a eUICC in a multi-profile environment are provided.
  • a second exemplary embodiment of the method of managing shared files includes a method of managing a state of a network access application according to its change of state.
  • a state management method related to a change in a state of an application according to an exemplary embodiment is needed.
  • a third exemplary embodiment of the method of managing shared files provides security for giving manager rights among shared file access rights and value (ADM: ADMinistration access conditions) management. This is because, when profile-related data, such as an NAA list of EF DIR , is unintentionally modified/deleted due to no ADM value security and right management, access certification through NAA corresponding to the modified/deleted profile-related data may be impossible.
  • ADM ADMinistration access conditions
  • a general directory file for a UICC will be first described so as to assist in understanding of exemplary embodiments prior to describing methods of managing shared files according to various exemplary embodiments, as described above.
  • FIG. 3 is a diagram illustrating the data structure of the application directory file for the UICC according to an exemplary embodiment.
  • the application directory file EF DIR 4000 for the UICC includes items of AID TLV 4001 and label TLV 4002 , and is a linear fixed record type of file including several records 4100 as illustrated in a lower part of FIG. 3 .
  • an application template data object including an application identifier (AID) and an application label forms one record 4100 .
  • AID is set to “2F00” and the EF DIR data update right for the AID is set as administrator certification (ADM). Additionally, in an exemplary embodiment, read access is set to allowed.
  • FIG. 4 is a diagram illustrating the data structure of the application directory file according to an exemplary embodiment.
  • the application directory file 5000 includes items of AID TLV, label TLV, and life cycle state integer (LCSI) TLV 5003 .
  • a state code item 5003 is added for state management of the NAA in a multi-profile environment, unlike the application directory file structure according to an exemplary embodiment illustrated in FIG. 3 .
  • the life cycle state integer (LCSI) item 5003 of the network access application indicates a current state of the application.
  • the life cycle state integer of the application can be seen through FCI at an application selection time, but it may be necessary for the state value of the application to be seen at a time point before selection of each application, such as a case in which a terminal requests a user to select one of several applications.
  • an external interworking device for example, a terminal
  • FIG. 5 is a diagram illustrating a file structure and data of the application directory file when there is no a profile according to an exemplary embodiment.
  • FIG. 5 illustrates the file structure and the data of the directory file when there is no profile installed in an initial eUICC and there is no selectable NAA.
  • FIG. 5 illustrates the file structure and the data of the directory file when there is no profile installed in an initial eUICC and there is no selectable NAA.
  • FIG. 6 is a diagram illustrating a file structure and data of an application directory file when a profile is installed according to an exemplary embodiment.
  • FIG. 6 illustrates, for example, a state of the application directory file when profile 1 is installed and NAA 1 6100 is added while there is no installed profile in the file such as an exemplary embodiment described above with respect to FIG. 5 .
  • ADF 1 for NAA 1 is added to the eUICC file structure. Accordingly, data of an AID value, a label, and a state value 5003 for ADF 1 is added to EF DIR 5000 . In an exemplary embodiment illustrated in FIG. 6 , the operation state value 5003 of NAA 1 is set to “Activated.”
  • FIG. 7 is a diagram illustrating a file structure and data of an application directory file when a profile is added according to an exemplary embodiment.
  • FIG. 7 illustrates a state in which profile 2 is additionally installed and NAA 2 ( 6200 ) of profile 2 is added according to an exemplary embodiment when one profile already exists in the file structure such as an exemplary embodiment described above with reference to FIG. 6 . It can be confirmed from FIG. 7 that ADF 2 for NAA 2 is added in the eUICC file structure.
  • an NAA 2 record is added to the EF DIR file 5000 , and the state of NAA 1 is changed to a deactivated state as illustrated in FIG. 7 .
  • the EF DIR update access right is administrator certification (ADM).
  • the ADM value for manager right acquisition is generally a hex digit with a length of 8 bytes, similarly to a user certification number (User PIN; User Personal Identification Number), and right acquisition using the ADM value is possible after certification of a correct value through a VERIFY PIN command.
  • An EF DIR data updating scheme can be classified into two methods, according to exemplary embodiments, including a method of managing the ADM value in an external interworking device, and a method of managing the ADM value in an eUICC internal module, depending on whether an ADM management entity is an eUICC external device (or module) or an internal module (or device).
  • the eUICC internal module When the ADM value is managed by the eUICC internal module, two following management methods are included based on an eUICC internal structure.
  • the profile directly registers, deletes, or state-changes an AID, a label, and a state value of a profile-related NAA in the EF DIR .
  • the shared file manager on the eUICC is requested to register, delete, or change the data.
  • a method of updating the directory data according to an exemplary embodiment may further include an updating method through OTA in an external interworking device, for example, a profile owner or an external shared file manager without using an ADM value certification scheme.
  • FIG. 8 is a diagram illustrating a directory data updating method according to an exemplary embodiment.
  • the external interworking device 400 when the ADM value is managed by the external interworking device 400 , the external interworking device 400 registers NAA in the EF DIR 3300 after the profile is installed.
  • An exemplary embodiment of the external interworking device 400 includes a subscription manager module (SM; Subscription Manager) or a profile owner server (MNO server).
  • SM subscription manager module
  • MNO server profile owner server
  • a procedure in which the external interworking device 400 registers a NAA list of the profile in the EF DIR 3300 includes acquiring an EF DIR update right through ADM certification (in operation S 810 ), selecting an EF DIR (in operation S 820 ), searching for an unused record number after the EF DIR selection (in operation S 830 ), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S 840 ).
  • error processing and subsequent processing such as re-attempt of registration due to the error, that may occur may be performed by the external interworking device 400 .
  • a procedure of changing or deleting the state value of the NAA record of the profile of EF DIR through a procedure similar to the registration when changing and deleting of the state of the profile is attempted may be necessary.
  • the error processing and the subsequent processing that can occur may be performed by the external interworking device 400 .
  • the external interworking device 400 should be a device or a module that is reliable by the profile owner (for example, MNO), and management such as generation, distribution, or updating of an initial ADM value may be performed in an manner that is reliable by the profile owner.
  • the profile owner for example, MNO
  • FIG. 9 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • a method of registering NAA in EF DIR is provided when each profile 110 located in the eUICC internal module has the ADM value and directly manages the NAA list related to the profile among directory data updating methods according to an exemplary embodiment.
  • a procedure of registering NAA in EF DIR may be performed at a time of profile data installation (in operation S 910 ).
  • a procedure of registering NAA in EF DIR may include acquiring an EF DIR update right through ADM certification (in operation S 921 ), selecting an EF DIR (in operation S 922 ), searching for a unused record number after the EF DIR selection (in operation S 923 ), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S 924 ), similar to an exemplary embodiment described above with reference to FIG. 8 .
  • an error that may occur in the registration process can be processed in the profile 110 , and the profile 110 can return an appropriate processing result such as success or failure to the external interworking device 400 (in operation S 930 ).
  • a UICC application programming interface defined in ETSI TS102241 can be used as the interface between the profile and the shared file system inside the eUICC, according to an exemplary embodiment.
  • a procedure of changing or deleting a state value of the NAA record of the profile 110 in EF DIR using a procedure similar to the registration, even at the time of the state changing and the deletion of the profile may be necessary.
  • an error that can occur is processed in the profile 110 , and an appropriate processing result is returned to the external interworking device 400 .
  • the profile 110 has the ADM value
  • a reliable method may be needed between the owner of the profile and the eUICC issuing entity.
  • a network service provider that can install a profile in the eUICC may need a method of securing security and reliability of the data of the shared file of eUICC.
  • FIG. 10 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 10 illustrates an exemplary embodiment in which NAA is registered in the EF DIR when the shared file manager 120 separately present in the eUICC internal module has the ADM value, and manages the NAA list related to the profile in the directory data updating methods according to an exemplary embodiment such as exemplary embodiments described above.
  • the procedure of registering NAA in the EF DIR is started by the installed profile 110 requesting the shared file manager 120 to register NAA when the profile data is installed in the eUICC in response to the profile installation request (in operation S 1010 ) of the external interworking device 400 (in operation S 1021 ).
  • the procedure of registering NAA in the EF DIR includes acquiring an EF DIR update right through ADM certification (in operation S 1031 ), selecting EF DIR (in operation S 1032 ), searching for a unused record number after selecting EF DIR (in operation S 1033 ), and performing updating of a NAA AID, a label, a state value with respect to the unused record number (in operation S 1034 ), similarly to some other exemplary embodiments described above.
  • the shared file manager 120 may determine error situation such as effectiveness of NAA AID to be registered, overlap with a previously registered AID, or presence of an available record, and return appropriate error content to the profile (operations S 1022 , S 1023 or S 1024 ).
  • An UICC application programming interface defined in ETSI TS102241 may be used as the interface between the shared file manager 120 and the shared file storage 130 in the eUICC, similarly to an exemplary embodiment described above with reference to FIG. 9 , and an exemplary interface between the profile 110 and the shared file manager 120 may be defined as will be described below according to an exemplary embodiment.
  • the module may provide functions such as NAA registration, state change, and NAA deletion to an internal interface.
  • an application programming interface (API) for calling each function may be configured to include, for example, commands below:
  • the profile 110 may request the shared file manager 120 to change or delete a state value of its own NAA record in the EF DIR through the internal interworking interface, similarly to the registration procedure.
  • the shared file manager 120 may determine an error that may occur and inform the profile 110 of an appropriate error situation.
  • the shared file manager 120 on the eUICC has the ADM value according to an exemplary embodiment, it is not necessary for the owner of the profile to know the ADM value. Further, since the shared file manager 120 manages the ADM value, the eUICC shared file data is less likely to be changed or deleted by other modules, and reliability and the safety of the shared file data can be improved.
  • FIG. 11 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 11 illustrates an exemplary embodiment of a method of registering NAA in the EF DIR when the shared file is managed through OTA among the directory data updating methods according to an exemplary embodiment such as the ones described above.
  • SMS short message service
  • a procedure similar to other exemplary embodiments described above is performed when only a command part actually input to the eUICC card is considered except for an SMS message part on a network.
  • a procedure of updating values in the shared file includes a selecting an EF DIR (in operation S 1110 ), searching for a unused record number after the EF DIR selection (in operation S 1120 ), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S 1130 ), similarly to other exemplary embodiments described above except for the ADM value certification procedure.
  • error processing may be performed by a module that processes an OTA message.
  • the external interworking device 400 may change or delete the state value of the NAA record of the profile of the EF DIR through the OTA message, similarly to the registration, such as the registration described above in other exemplary embodiments.
  • error processing that may be needed and subsequent operations may be performed by the external interworking device 400 , that is, a module that actually generates and processes the OTA message.
  • the external interworking device 400 When the external interworking device 400 manages an OTA key value, the external interworking device 400 should be a module that is reliable for the profile owner (for example, MNO), management such as generation, distribution, and updating of an initial OTA key value is performed in a manner that is reliable for the profile owner.
  • MNO profile owner
  • management such as generation, distribution, and updating of an initial OTA key value is performed in a manner that is reliable for the profile owner.
  • FIG. 12 is a flowchart illustrating a method of managing shared files according to an exemplary embodiment.
  • the method of managing shared files may include forming a shared file for one or more profiles (in operation S 1200 ), and updating shared file data (in operation S 1300 ).
  • the shared file for one or more profiles may have the file structure such as the one described above with reference to FIGS. 4 to 7 . That is, the shared file structure for the eUICC according to an exemplary embodiment includes a master file, and one or more files associated with the master file.
  • one or more files associated with the master file include an application directory file.
  • the application directory file may include a network access application list and state information of each network access application.
  • a state of the network access application may be in an activated or deactivated state.
  • updating the shared file data may include sub-operations, such as the ones illustrated in FIG. 12 . That is, the system checks if there is an additionally installed profile (in operation S 1310 ). When there is the installed profile, an update right is acquired through an administrator certification (in operation S 1320 ). When the update right is acquired or obtained, the application directory file is selected (in operation S 1330 ), an unused record number is searched for (in operation S 1340 ), and then, updating related to the network access application of the profile is performed in the detected unused record number (in operation S 1350 ).
  • the entity that updates the shared file data may be the shared file storage 130 .
  • the shared file manager 120 or the profile 110 when the profile 110 or the shared file manager 120 is located between the shared file storage 130 and the external interworking device 400 , the shared file manager 120 or the profile 110 returns a result of performing the updating to the profile 110 or the external interworking device 400 (in operation S 1360 ).
  • the shared file management method can be implemented as a computer-readable program code in a computer-readable recording medium.
  • the computer-readable recording medium includes all types of recording devices in which data that can be read by a computer system is stored.
  • the computer-readable recording medium includes, for example, a ROM, a RAM, a CD-ROM, a DVD-ROM, a Blu-ray, a magnetic tape, a floppy disk, an optical data storage device, or the like, and further includes a medium implemented in the form of carrier waves (for example, transmission over the Internet).
  • the computer-readable recording medium is distributed to computing systems connected over a network, and a computer-readable code can be stored and executed in a distributed manner. Also, a functional program code for performing exemplary embodiments can be easily inferred by programmers in the technical field to which exemplary embodiments belongs.
  • the essential files include the preferred language file EF PL , the only identifier file EF ICCID , and the network access application list file EF DIR , and the preferred language file and the identifier file are files that cannot be modified or can be modified.
  • the shared file management method is provided. Specifically, various methods for addition, state change, and deletion of the network access application in the network access application list file in a multi-profile environment have been described according to various exemplary embodiments, and a security issue and a related processing procedure for each method have been defined.
  • eco-system providers of the eUICC such as eUICC card manufacturers, network service providers, and profile management servers.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method of managing a file of a subscriber authenticating module embedded in a terminal device and a module for authenticating a subscriber by using the method. The method of managing the file includes configuring a file structure for one or more profiles and managing one or more files included in the file structure in response to a request. Thus, the method is efficient for a multiple-profile environment.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of priority from Korean Patent Application No. 10-2012-0094803, filed on Aug. 29, 2012 and Korean Patent Application No. 10-2013-0057765, filed on May 22, 2013, in the Korean Intellectual Property Office, the disclosures of which are incorporated herein by reference in their entirety. This application is a National Stage Entry of the PCT Application No. PCT/KR2013/007518 filed on Aug. 22, 2013, the entire disclosure of which is also incorporated herein by reference in its entirety.
    • BACKGROUND
  • 1. Field
  • An apparatus and a method consistent with exemplary embodiment broadly relate to shared file management for a subscriber certification device, and to a shared file management method for a multi-profile environment, and a subscriber certification apparatus using the same.
  • 2. Description of Related Art
  • A universal integrated circuit card (UICC) is a smart card that is tangible and can be inserted into a terminal and configured to perform network access certification. The UICC may include network access applications (NAAs) which are applications for access to several networks of providers, such as a universal subscriber identity module (USIM) for WCDMA/LTE network access or a subscriber identity module (SIM) for GSM network access.
  • An embedded SIM (hereinafter, eSIM or eUICC) integrally mounted at the time of terminal manufacture for terminals requiring a small size and durability such as machine to machine (M2M) terminals, instead of an existing detachable UICC, has been proposed.
  • The eUICC provides a network access certification function, similarly to the existing detachable UICC. However, access to networks of several providers should be processed using one UICC due to a difference between physical structures, and there are many issues such as eUICC opening/distribution/subscriber information security. A solution thereto may be necessary. In order to solve this, international standardization organizations such as GSMA and ETSI have standardized necessary elements including a top structure together with related companies such as providers, manufactures, or SIM vendors.
  • However, most standards related to eUICC implementation have not been clearly defined, and technical issues related to a profile still exist.
    • SUMMARY
  • An aspect of exemplary embodiments is to provide a shared file management method that is efficient for a multi-profile environment.
  • Another aspect of exemplary embodiments is to provide a subscriber certification apparatus using the shared file management method.
  • Illustrative, non-limiting embodiments may overcome the above disadvantages and other disadvantages not described above. The inventive concept is not necessarily required to overcome any of the disadvantages described above, and the illustrative, non-limiting embodiments may not overcome any of the problems described above. The appended claims should be consulted to ascertain the true scope of the invention.
  • According to an exemplary embodiment, a method of managing files of a subscriber certification module is provided. The method includes forming a file structure having one or more profiles for providing network access to a mobile terminal; storing the formed file structure on the subscriber certification module which is a card embedded into the mobile terminal, and managing one or more files included in the file structure in response to a request. The managing includes updating, deleting, or adding an access profile for the network access in the file structure.
  • The file may include state information of one or more network access applications.
  • Further, the file structure may include a master file, and one or more files associated with the master file.
  • The one or more files associated with the master file may include an application directory file which may include a network access application list and state information of each network access application in the list.
  • A state of each network access application may be an activated state or a deactivated state.
  • The method may further include receiving the request from an external interworking device.
  • The external interworking device may include a mobile network operator server or a subscription manager server remote from the mobile terminal.
  • The method may further include receiving the request from a shared file manager or a profile, located in the subscriber certification module.
  • The managing of one or more files included in the file structure in response to the request may include updating data stored in the application directory file in response to a request with an access right.
  • The access right for updating of the application directory file may be based on an administrator certification.
  • Further, the managing of the files included in the file structure in response to the request may further include registering network access application related information for an added profile when a new profile is installed.
  • According to an aspect of an exemplary embodiment, a subscriber certification apparatus built into and installed in a mobile terminal apparatus includes a shared file memory which stores one or more profile-related files and one or more corresponding network access applications with respective state information and a processor configured to manage one or more profile-related files. The managing including updating, deleting, or adding one or more network access application and/or data therein.
  • The shared file memory may further store a master file, and one or more files associated with the master file.
  • The subscriber certification card may further include a shared file manager that manages one or more files included in the shared file memory.
  • Further, the shared file manager may manage the one or more profiles and related file stored in the shared file memory.
  • One or more files or file information stored in the shared file memory may be changed in response to a request from the processor, the shared file manager, or an external interworking device.
  • According to exemplary embodiments, by providing the shared file management method that is efficient for a multi-profile environment, it is possible to embody roles and development ranges of eco-system providers of the eUICC, such as eUICC card manufacturers, network service providers, and profile management servers.
    • BRIEF DESCRIPTION OF DRAWINGS
  • Non-limiting and non-exhaustive exemplary embodiments will be described in conjunction with the accompanying drawings. Understanding that these drawings depict only exemplary embodiments and are, therefore, not to be intended to limit its scope, the exemplary embodiments will be described with specificity and detail taken in conjunction with the accompanying drawings, in which:
  • FIG. 1 is a block diagram illustrating a eUICC according to an exemplary embodiment.
  • FIG. 2 is a diagram illustrating a file structure for a subscriber certification device according to an exemplary embodiment.
  • FIG. 3 is a diagram illustrating a data structure of an application directory file for a UICC according to an exemplary embodiment.
  • FIG. 4 is a diagram illustrating a data structure of an application directory file according to an exemplary embodiment.
  • FIG. 5 is a diagram illustrating a file structure and data of the application directory file when there is no profile according to an exemplary embodiment.
  • FIG. 6 is a diagram illustrating a file structure and data of the application directory file when a profile is installed according to an exemplary embodiment.
  • FIG. 7 is a diagram illustrating a file structure and data of the application directory file when a profile is additionally installed according to an exemplary embodiment.
  • FIG. 8 is a flow diagram illustrating a directory data updating method according to an exemplary embodiment.
  • FIG. 9 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 10 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 11 is a flow diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 12 is a flowchart of a method of managing shared files according to an exemplary embodiment.
    •  DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
  • Exemplary embodiments may be variously changed, and may include several other exemplary embodiments. Specific exemplary embodiments will be illustrated in the drawings and described in detail.
  • However, the present invention is not limited to exemplary embodiments, and should be construed as including all modifications, equivalents, and alternatives falling within the spirit and scope of an inventive concept.
  • The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of inventive concept. As used herein, the singular forms “a,” “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises,” “comprising,” “includes” and/or “including,” when used herein, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
  • Unless otherwise defined, all terms including technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which inventive concept belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
  • Terms to be described below are defined in consideration of functions in exemplary embodiments, and may be referred to as other terms according to intention of a client, an operator or a user, a precedent, or the like. Therefore, terms should be defined based on content throughout this specification.
  • The term eUICC (embedded UICC) or eSIM (embedded SIM) in an exemplary embodiment has a meaning distinguished from an existing detachable UICC and is an embedded SIM (Subscriber Identity Module) integrally mounted with a terminal at the time of a manufacture of a terminal.
  • “Terminal” in an exemplary embodiment may be referred to as a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber Unit (SU), a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit/receive unit (WTRU), a mobile node, mobile device, or other terms. Various exemplary embodiments of the terminal may include a cellular phone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a photographing device such as a digital camera having a wireless communication function, a gaming device having a wireless communication function, music storage and playback appliances having a wireless communication function, or internet appliances capable of wireless Internet accessing and browsing, as well as a portable component or handset devices with combinations of such functions.
  • In addition, the terminal may include an M2M (Machine to Machine) terminal or an MTC (Machine Type Communication) terminal/device in an exemplary embodiment, but is not limited thereto.
  • Further, each block or each operation described in exemplary embodiments may indicate a module, a segment, or some codes that include one or more executable instructions for executing a specific logical function(s). Further, in exemplary embodiments, it is to be understood that functions described in blocks or operations can be generated in a different order. For example, two blocks or operations illustrated in succession can be performed simultaneously or can be performed in a reverse order according to their functions.
  • Hereinafter, exemplary embodiments will be described in detail with reference to the accompanying drawings. In order to facilitate general understanding in describing exemplary embodiments, the same elements on the drawings are denoted with the same reference numerals and repeated description thereof will be omitted.
  • A detachable UICC is generally developed according to a standard of a network provider (MNO), and a structure and a data value thereof are not changed except for personalization-related data (for example, MSISDN) after commercialization.
  • However, there may be a multi-profile on the eUICC, and a profile may be added, state-changed, or deleted at a time when the eUICC is commercialized and operated, unlike a detachable UICC in the related art.
  • Thus, the eUICC can be used by several network providers (MNO) in the form of one chip due to physical characteristics. In this case, it is necessary to support the same file structure, security attributes, logic characteristics, and commands as those of an existing detachable UICC.
  • A module called a profile is defined for post personalization of an application for a network access certification function of several providers to the eUICC, and requirements are established to remotely install and manage this module.
  • Exemplary embodiments provides a method of efficiently managing shared files in an eUICC so as to provide a file structure and functions compatible with an existing UICC in a multi-profile environment.
  • That is, in an exemplary embodiment, a specific file structure of eUICC is provided in which multiple profiles are included.
  • FIG. 1 is a block diagram illustrating eUICC according to an exemplary embodiment.
  • According to an exemplary embodiment, components to be described below with reference to FIG. 1 are components defined by functional division rather than physical division, and may be defined by their functions. Each component, in an exemplary embodiment, may be implemented by hardware and/or a program code and a processing unit that perform each function. The functions of two or more components may be included as one component and may be implemented as such.
  • Therefore, in an exemplary embodiment, a name of each component is not intended to physically divide the component and is given to suggest a representative function of each component. It is to be noted that an exemplary embodiment is not limited by the name of each component.
  • The eUICC 100 according to an exemplary embodiment may include a profile 110, and a shared file storage 130, and may selectively include a shared file manager 120.
  • The profile 110 according to an exemplary embodiment is a module including one or more network access applications (including parameter data, a file structure or the like for network access), and network access credentials. The profile can be accessed with a unique value (ID) on the eUICC, and types of profile include a provisioning profile, an operational profile, and the like.
  • The provisioning profile is a profile including one or more network access applications and related network access credentials that enable access to a communication network when the provisioning profile is installed on the eUICC to provide transport capability for eUICC and profile management between the eUICC and a subscription manager-secure routing (SM-SR).
  • The operational profile is a profile including one or more network access applications and related connection credentials.
  • The shared file storage 130 stores one or more profile related files. The file storage also includes state information of one or more network access applications related to the one or more profiles.
  • The file structure stored in the shared file storage 130 includes a master file, and one or more files associated with the master file. Here, the one or more files associated with the master file include an application directory file including a network access application list and state information of each network access application. In an exemplary embodiment, the shared file storage may be a memory in the eUICC 100.
  • Meanwhile, according to an exemplary embodiment to be described with reference to FIG. 11 below, the eUICC may selectively include the shared file manager 120. The shared file manager 120 manages the one or more files included in the shared file storage 130, and may request registration, state change, deletion, or the like of the network access application with respect to the one or more files included in the shared file storage 130.
  • In an exemplary embodiment in which the shared file manager 120 is not separately defined, the profile 110 according to an exemplary embodiment can manage the one or more files included in the shared file storage 130 and can request registration, state change, deletion, or the like of the network access application with respect to the one or more files included in the shared file storage 130. In an exemplary embodiment, the profile and the shared file manager may be implemented on a microprocessor or the like.
  • The eUICC 100 according to an exemplary embodiment is connected to one or more external interworking devices 200, and may interwork with a MNO-OTA (Mobile Network Operator-Over The Air) and a MNO core network (not illustrated).
  • In this case, the one or more external interworking devices 200 may be, for example, subscription mangers (SMs) that are subscription manager modules, or profile owner servers (MNOs). The SMs and MNOs are a combination of hardware and software and may include at least a processor and a memory according to an exemplary embodiment.
  • The MNO-OTA and the MNO core network are operated by an entity that provides communication service to customers over a mobile network, that is, a mobile network operator, and communicate with the terminal.
  • The subscription manager module serves to safely perform a function of directly managing the operational profiles and the provisioning profiles on the eUICC. The subscription manager module also serves to prepare for the operational profiles and the provisioning profiles to be safely provisioned on the eUICC, such as, to perform encryption of the profile.
  • The eUICC according to an exemplary embodiment as illustrated in FIG. 1 provides a method of selecting a network access application (NAA) of a profile (an activated profile or an installed profile) to be compatible with an existing UICC (that is, a detachable UICC) even when the profile is changed.
  • According to an exemplary embodiment, specific examples of the method of selecting the network access application of the profile may include a method of directly selecting the network access application using an application ID (AID; Application Identifier), a method of directly selecting the network access application using a value of a part of the AID, and a method of selecting the network access application through Elementary Files Directory (EFDIR).
  • Further, it is preferable for the eUICC according to an exemplary embodiment to support a file structure and a protocol independent from the application defined in ETSI TS 102 221 to be compatible with an existing UICC regardless of installation of the profile and the state of the profile.
  • In an exemplary embodiment, a file structure and a management method when several profiles are dynamically installed are provided.
  • Specifically, in an exemplary embodiment, by defining the shared file structure including an applications list, an eUICC ID, preferred language, and the like installed in the eUICC in a multi-profile environment, the eUICC provides a data structure and a network access function compatible with an existing detachable USIM card.
  • Exemplary embodiment provides a method of managing an application list in EFDIR according to installation/deletion of a profile, and a method of managing a shared file access right (access condition).
  • FIG. 2 is a diagram illustrating a file structure for the subscriber certification device according an exemplary embodiment.
  • In the file structure according to an exemplary embodiment illustrated in FIG. 2, an MF (master file) 3000 is located on the top, three essential files (EF: elementary file) 3100, that is, EFPL (Preferred Languages) 3130, EFICCID (Integrated Circuit Card (ICC) Identification) 3110, and EFARR ( ) 3120, and a DF (Dedicated File) 3200 for phone book information are arranged under the MF 3000.
  • Further, the network access application (NAA) is configured as a separate ADF (Application DF) (for example, ADF1 3311 and ADF2 3321 illustrated in FIG. 2), and the application ID (AID) and application label values 3310 and 3320 are included in the EF DIR 3300 under the MF, and have forms that can be referred to.
  • The EF PL 3130 among the essential EFs 3100 located under the MF 3000 is a file including n preferred language codes (n being a positive number greater than 0), and the EF ICCID 3110 is a file including the only identification number for a UICC.
  • Further, EF DIR 3300 is a file having a list of first level applications such as USIMs installed in UICC.
  • According to an exemplary embodiment, EFs and DFs located under the MF 3000 can be referred to as a shared file system.
  • A file structure in which EF PL 3130, EF ICCID 3110, EF arr 3120, and EF DIR 3300 are arranged as essential files under the master file 3000 as illustrated in FIG. 2 may be used as a file structure for eUICC according to an exemplary embodiment.
  • In an exemplary embodiment, EF PL 3130 is a file including the preferred language code, and may include a language code list of a country which can provide service with eUICC. EF PL 3130 can be updated, with a language code currently set in the terminal having a highest priority, if necessary. An update access right of EF PL 3130 is a user certification number (User PIN), and when the user inputs his or her certification number, a language code priority may be changed.
  • EF ICCID 3100 is a file including a unique identification number of UICC, and its value is not changed after first recording. Therefore, the value cannot be modified even when the profile is added or deleted, and a separate management function is not necessary.
  • Since EF DIR 3300 includes an identifier of an application installed in UICC, the terminal may select a necessary application by referring to its value at the time of UICC initialization and perform network access certification. In EF DIR 3300, it is necessary for an AID (Application Identifier) value of the network access application of the profile to be able to be added/deleted according to additional/deletion of the profile. An update access right of EFDIR 3300 is a manger certification (ADM), and a security for management of its value is also necessary.
  • In connection therewith, in an exemplary embodiment, a method of managing shared files for UICC in a multi-profile environment is provided. More specifically, in an exemplary embodiment, a method of managing UCC shared files in an environment in which network access applications related to a profile are added, state-changed, or deleted, for example, according to addition, state change, or deletion of the profile, is provided.
  • Specifically, exemplary embodiments of the shared file management method as defined below for a eUICC in a multi-profile environment are provided.
  • With the method of managing shared files according to a first exemplary, there may initially be no network access application on the eUICC. When several profiles are installed, several network access applications may be added. Accordingly, when the network access application is added or deleted in this way, effectiveness of the application ID (AID) of the added or deleted NAA should be checked and a corresponding value should be added or delete to or from EFDIR.
  • A second exemplary embodiment of the method of managing shared files includes a method of managing a state of a network access application according to its change of state. When the state of the network access application is changed to Activated/Deactivated, a state management method related to a change in a state of an application according to an exemplary embodiment is needed.
  • A third exemplary embodiment of the method of managing shared files provides security for giving manager rights among shared file access rights and value (ADM: ADMinistration access conditions) management. This is because, when profile-related data, such as an NAA list of EFDIR, is unintentionally modified/deleted due to no ADM value security and right management, access certification through NAA corresponding to the modified/deleted profile-related data may be impossible.
  • A general directory file for a UICC will be first described so as to assist in understanding of exemplary embodiments prior to describing methods of managing shared files according to various exemplary embodiments, as described above.
  • FIG. 3 is a diagram illustrating the data structure of the application directory file for the UICC according to an exemplary embodiment.
  • Referring to FIG. 3, the application directory file EF DIR 4000 for the UICC includes items of AID TLV 4001 and label TLV 4002, and is a linear fixed record type of file including several records 4100 as illustrated in a lower part of FIG. 3.
  • In the data structure of the directory file illustrated in FIG. 3, according to an exemplary embodiment, an application template data object including an application identifier (AID) and an application label, forms one record 4100. In FIG. 3, according to an exemplary embodiment, AID is set to “2F00” and the EFDIR data update right for the AID is set as administrator certification (ADM). Additionally, in an exemplary embodiment, read access is set to allowed.
  • FIG. 4 is a diagram illustrating the data structure of the application directory file according to an exemplary embodiment.
  • The application directory file 5000 according to an exemplary embodiment illustrated in FIG. 4 includes items of AID TLV, label TLV, and life cycle state integer (LCSI) TLV 5003.
  • In an exemplary embodiment, a state code item 5003 is added for state management of the NAA in a multi-profile environment, unlike the application directory file structure according to an exemplary embodiment illustrated in FIG. 3.
  • The life cycle state integer (LCSI) item 5003 of the network access application indicates a current state of the application.
  • The life cycle state integer of the application can be seen through FCI at an application selection time, but it may be necessary for the state value of the application to be seen at a time point before selection of each application, such as a case in which a terminal requests a user to select one of several applications.
  • Therefore, when the application state value is added as one item of the EFDIR record according to an exemplary embodiment, an external interworking device (for example, a terminal) can easily recognize a list of access applications in an active state by only referring to the file.
  • Hereinafter, changes to the file structure when the access application is added according to the addition of the profile will be described with reference to FIGS. 5 to 7 according to an exemplary embodiment.
  • FIG. 5 is a diagram illustrating a file structure and data of the application directory file when there is no a profile according to an exemplary embodiment.
  • FIG. 5 illustrates the file structure and the data of the directory file when there is no profile installed in an initial eUICC and there is no selectable NAA. In an exemplary embodiment of the file structure illustrated in FIG. 5, there are shared files in the eUICC, but the EFDIR data 5000 is empty.
  • FIG. 6 is a diagram illustrating a file structure and data of an application directory file when a profile is installed according to an exemplary embodiment.
  • FIG. 6 illustrates, for example, a state of the application directory file when profile 1 is installed and NAA1 6100 is added while there is no installed profile in the file such as an exemplary embodiment described above with respect to FIG. 5.
  • Referring to FIG. 6, ADF1 for NAA1 is added to the eUICC file structure. Accordingly, data of an AID value, a label, and a state value 5003 for ADF1 is added to EF DIR 5000. In an exemplary embodiment illustrated in FIG. 6, the operation state value 5003 of NAA1 is set to “Activated.”
  • FIG. 7 is a diagram illustrating a file structure and data of an application directory file when a profile is added according to an exemplary embodiment.
  • FIG. 7 illustrates a state in which profile 2 is additionally installed and NAA2 (6200) of profile 2 is added according to an exemplary embodiment when one profile already exists in the file structure such as an exemplary embodiment described above with reference to FIG. 6. It can be confirmed from FIG. 7 that ADF2 for NAA2 is added in the eUICC file structure.
  • According to an exemplary embodiment, when it is assumed that existing profile 1 is disabled and NAA1 is changed to a deactivated state, an NAA2 record is added to the EFDIR file 5000, and the state of NAA1 is changed to a deactivated state as illustrated in FIG. 7.
  • Hereinafter, exemplary embodiments of management methods regarding how to manage the shared file will be described.
  • To Update Data of an Application Directory File
  • The EFDIR update access right according to an exemplary embodiment is administrator certification (ADM).
  • The ADM value for manager right acquisition is generally a hex digit with a length of 8 bytes, similarly to a user certification number (User PIN; User Personal Identification Number), and right acquisition using the ADM value is possible after certification of a correct value through a VERIFY PIN command.
  • An EFDIR data updating scheme according to the addition of the network access application can be classified into two methods, according to exemplary embodiments, including a method of managing the ADM value in an external interworking device, and a method of managing the ADM value in an eUICC internal module, depending on whether an ADM management entity is an eUICC external device (or module) or an internal module (or device).
  • When the ADM value is managed by the eUICC internal module, two following management methods are included based on an eUICC internal structure.
  • A. When Each Profile has an ADM Value
  • The profile directly registers, deletes, or state-changes an AID, a label, and a state value of a profile-related NAA in the EFDIR.
  • B. When the Shared File Manager has the ADM Value
  • After the profile is installed, the shared file manager on the eUICC is requested to register, delete, or change the data.
  • A method of updating the directory data according to an exemplary embodiment may further include an updating method through OTA in an external interworking device, for example, a profile owner or an external shared file manager without using an ADM value certification scheme.
  • Hereinafter, the directory data updating methods according to exemplary embodiments will be described with reference to FIGS. 8 to 11.
  • FIG. 8 is a diagram illustrating a directory data updating method according to an exemplary embodiment.
  • In an exemplary embodiment illustrated in FIG. 8, when the ADM value is managed by the external interworking device 400, the external interworking device 400 registers NAA in the EF DIR 3300 after the profile is installed.
  • An exemplary embodiment of the external interworking device 400 includes a subscription manager module (SM; Subscription Manager) or a profile owner server (MNO server).
  • A procedure in which the external interworking device 400 registers a NAA list of the profile in the EF DIR 3300 includes acquiring an EFDIR update right through ADM certification (in operation S810), selecting an EFDIR (in operation S820), searching for an unused record number after the EFDIR selection (in operation S830), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S840).
  • In this case, error processing and subsequent processing, such as re-attempt of registration due to the error, that may occur may be performed by the external interworking device 400.
  • Meanwhile, a procedure of changing or deleting the state value of the NAA record of the profile of EFDIR through a procedure similar to the registration when changing and deleting of the state of the profile is attempted may be necessary. In this case, the error processing and the subsequent processing that can occur may be performed by the external interworking device 400.
  • When the ADM value is managed by the external interworking device 400, the external interworking device 400 should be a device or a module that is reliable by the profile owner (for example, MNO), and management such as generation, distribution, or updating of an initial ADM value may be performed in an manner that is reliable by the profile owner.
  • FIG. 9 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • In an exemplary embodiment illustrated in FIG. 9, a method of registering NAA in EFDIR is provided when each profile 110 located in the eUICC internal module has the ADM value and directly manages the NAA list related to the profile among directory data updating methods according to an exemplary embodiment.
  • A procedure of registering NAA in EFDIR may be performed at a time of profile data installation (in operation S910). A procedure of registering NAA in EFDIR may include acquiring an EFDIR update right through ADM certification (in operation S921), selecting an EFDIR (in operation S922), searching for a unused record number after the EFDIR selection (in operation S923), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S924), similar to an exemplary embodiment described above with reference to FIG. 8.
  • According to an exemplary embodiment, an error that may occur in the registration process can be processed in the profile 110, and the profile 110 can return an appropriate processing result such as success or failure to the external interworking device 400 (in operation S930).
  • In this case, a UICC application programming interface (API) defined in ETSI TS102241 can be used as the interface between the profile and the shared file system inside the eUICC, according to an exemplary embodiment.
  • Meanwhile, a procedure of changing or deleting a state value of the NAA record of the profile 110 in EFDIR using a procedure similar to the registration, even at the time of the state changing and the deletion of the profile may be necessary. In this case, in an exemplary embodiment, an error that can occur is processed in the profile 110, and an appropriate processing result is returned to the external interworking device 400.
  • When the profile 110 has the ADM value, it is necessary for an eUICC issuing entity to distribute the ADM value of eUICC to the owner of each profile. In this case, according to an exemplary embodiment, a reliable method may be needed between the owner of the profile and the eUICC issuing entity. Further, a network service provider that can install a profile in the eUICC may need a method of securing security and reliability of the data of the shared file of eUICC.
  • FIG. 10 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 10 illustrates an exemplary embodiment in which NAA is registered in the EFDIR when the shared file manager 120 separately present in the eUICC internal module has the ADM value, and manages the NAA list related to the profile in the directory data updating methods according to an exemplary embodiment such as exemplary embodiments described above.
  • In an exemplary embodiment illustrated in FIG. 10, the procedure of registering NAA in the EFDIR is started by the installed profile 110 requesting the shared file manager 120 to register NAA when the profile data is installed in the eUICC in response to the profile installation request (in operation S1010) of the external interworking device 400 (in operation S1021).
  • The procedure of registering NAA in the EFDIR includes acquiring an EFDIR update right through ADM certification (in operation S1031), selecting EFDIR (in operation S1032), searching for a unused record number after selecting EFDIR (in operation S1033), and performing updating of a NAA AID, a label, a state value with respect to the unused record number (in operation S1034), similarly to some other exemplary embodiments described above.
  • In this case, the shared file manager 120 may determine error situation such as effectiveness of NAA AID to be registered, overlap with a previously registered AID, or presence of an available record, and return appropriate error content to the profile (operations S1022, S1023 or S1024).
  • An UICC application programming interface defined in ETSI TS102241 may be used as the interface between the shared file manager 120 and the shared file storage 130 in the eUICC, similarly to an exemplary embodiment described above with reference to FIG. 9, and an exemplary interface between the profile 110 and the shared file manager 120 may be defined as will be described below according to an exemplary embodiment.
  • When the shared file manager 120 is separately present in the eUICC as in an exemplary embodiment illustrated in FIG. 10, the module may provide functions such as NAA registration, state change, and NAA deletion to an internal interface. In this case, an application programming interface (API) for calling each function may be configured to include, for example, commands below:
      • register (NAAs list and initial state): This may be used to register NAA (of the profile) in the EFDIR, and the parameters may include a NAA list and an initial state.
      • update (NAA ID and state): This may be used to change a state of NAA registered in the EFDIR, and parameters include a NAA ID and a state to be changed.
      • delete (NAA ID or NAAs list): This may be used to delete NAA registered in the EFDIR, and parameters include a NAA ID or NAA list to be deleted.
  • Meanwhile, even at the time of state-changing or deleting of the profile, the profile 110 according to an exemplary embodiment may request the shared file manager 120 to change or delete a state value of its own NAA record in the EFDIR through the internal interworking interface, similarly to the registration procedure.
  • In this case, the shared file manager 120 may determine an error that may occur and inform the profile 110 of an appropriate error situation.
  • When the shared file manager 120 on the eUICC has the ADM value according to an exemplary embodiment, it is not necessary for the owner of the profile to know the ADM value. Further, since the shared file manager 120 manages the ADM value, the eUICC shared file data is less likely to be changed or deleted by other modules, and reliability and the safety of the shared file data can be improved.
  • FIG. 11 is a diagram illustrating a directory data updating method according to yet another exemplary embodiment.
  • FIG. 11 illustrates an exemplary embodiment of a method of registering NAA in the EFDIR when the shared file is managed through OTA among the directory data updating methods according to an exemplary embodiment such as the ones described above.
  • In the method of managing the eUICC shared file through OTA illustrated in FIG. 11, according to an exemplary embodiment, a short message service (SMS) message used for a mobile communication system can be utilized.
  • In an exemplary embodiment illustrated in FIG. 11, a procedure similar to other exemplary embodiments described above is performed when only a command part actually input to the eUICC card is considered except for an SMS message part on a network.
  • That is, a procedure of updating values in the shared file includes a selecting an EFDIR (in operation S1110), searching for a unused record number after the EFDIR selection (in operation S1120), and performing updating of the NAA AID, the label, and the state value for the unused record number (in operation S1130), similarly to other exemplary embodiments described above except for the ADM value certification procedure.
  • With the method of managing the shared file through OTA as in an exemplary embodiment, it is possible to guarantee confidentiality and integrity of the message through a previously shared OTA key. In this case, according to an exemplary embodiment, error processing that may be needed, may be performed by a module that processes an OTA message.
  • Meanwhile, even in an exemplary embodiment described above, at the time of changing or deleting the state of the profile, the external interworking device 400 may change or delete the state value of the NAA record of the profile of the EFDIR through the OTA message, similarly to the registration, such as the registration described above in other exemplary embodiments. In this case, error processing that may be needed and subsequent operations may be performed by the external interworking device 400, that is, a module that actually generates and processes the OTA message.
  • When the external interworking device 400 manages an OTA key value, the external interworking device 400 should be a module that is reliable for the profile owner (for example, MNO), management such as generation, distribution, and updating of an initial OTA key value is performed in a manner that is reliable for the profile owner.
  • FIG. 12 is a flowchart illustrating a method of managing shared files according to an exemplary embodiment.
  • The method of managing shared files according to an exemplary embodiment may include forming a shared file for one or more profiles (in operation S1200), and updating shared file data (in operation S1300).
  • The shared file for one or more profiles according to an exemplary embodiment may have the file structure such as the one described above with reference to FIGS. 4 to 7. That is, the shared file structure for the eUICC according to an exemplary embodiment includes a master file, and one or more files associated with the master file.
  • In an exemplary embodiment, one or more files associated with the master file include an application directory file. The application directory file may include a network access application list and state information of each network access application.
  • In this case, a state of the network access application may be in an activated or deactivated state.
  • Meanwhile, updating the shared file data (in operation S1300) may include sub-operations, such as the ones illustrated in FIG. 12. That is, the system checks if there is an additionally installed profile (in operation S1310). When there is the installed profile, an update right is acquired through an administrator certification (in operation S1320). When the update right is acquired or obtained, the application directory file is selected (in operation S1330), an unused record number is searched for (in operation S1340), and then, updating related to the network access application of the profile is performed in the detected unused record number (in operation S1350).
  • The entity that updates the shared file data (in operation S1300) according to an exemplary embodiment may be the shared file storage 130. According to an exemplary embodiment, when the profile 110 or the shared file manager 120 is located between the shared file storage 130 and the external interworking device 400, the shared file manager 120 or the profile 110 returns a result of performing the updating to the profile 110 or the external interworking device 400 (in operation S1360).
  • It is to be understood that some of sub-operation of updating the shared file data (operation S1300) may be omitted or changed according to each exemplary embodiment of the exemplary data updating methods described above.
  • The shared file management method according to exemplary embodiments including operations, operation orders, and commands described above can be implemented as a computer-readable program code in a computer-readable recording medium.
  • The computer-readable recording medium includes all types of recording devices in which data that can be read by a computer system is stored. For example, the computer-readable recording medium includes, for example, a ROM, a RAM, a CD-ROM, a DVD-ROM, a Blu-ray, a magnetic tape, a floppy disk, an optical data storage device, or the like, and further includes a medium implemented in the form of carrier waves (for example, transmission over the Internet).
  • Further, the computer-readable recording medium is distributed to computing systems connected over a network, and a computer-readable code can be stored and executed in a distributed manner. Also, a functional program code for performing exemplary embodiments can be easily inferred by programmers in the technical field to which exemplary embodiments belongs.
  • The methods of managing shared files of eUICC in a multi-profile environment and the apparatus using the same have been described above using various exemplary embodiments.
  • Among the shared files of eUICC, the essential files include the preferred language file EFPL, the only identifier file EFICCID, and the network access application list file EFDIR, and the preferred language file and the identifier file are files that cannot be modified or can be modified.
  • On the other hand, it is necessary for the network access application list file EFDIR to be updated as the profile is installed, state-changed, or deleted. Accordingly, in an exemplary embodiment, the shared file management method is provided. Specifically, various methods for addition, state change, and deletion of the network access application in the network access application list file in a multi-profile environment have been described according to various exemplary embodiments, and a security issue and a related processing procedure for each method have been defined.
  • According to an exemplary embodiment, it is possible to embody roles and development ranges of eco-system providers of the eUICC, such as eUICC card manufacturers, network service providers, and profile management servers.
  • The above description of exemplary embodiments is provided for the purpose of illustration, and it will be understood by those skilled in the art that various changes and modifications may be made without changing a technical conception and/or any essential features of exemplary embodiments. Thus, above-described exemplary embodiments are exemplary in all aspects, and do not limit the present disclosure.
  • While exemplary embodiments have been described above in detail, it should be understood that various modification and changes may be made without departing from the spirit and scope of the inventive concept as defined in the appended claims and their equivalents.

Claims (23)

1-21. (canceled)
22. A method of managing files of a subscriber certification module comprising:
forming a file structure having at least one profile for providing network access to a mobile terminal;
storing the formed file structure on the subscriber certification module which is a card embedded into the mobile terminal; and
managing said at least one file in the file structure in response to a request,
wherein the managing comprises at least one of updating, deleting, and adding an access profile for the network access in the file structure.
23. The method according to claim 22,
wherein the at least one file comprises state information of at least one network access application.
24. The method according to claim 22,
wherein the file structure comprises a master file, and at least one file associated with the master file.
25. The method according to claim 24,
wherein the at least one file associated with the master file comprises an application directory file, which comprises a network access application list and state information of each network access application in the network access application list.
26. The method according to claim 25,
wherein a state of said each network access application is an activated state or a deactivated state.
27. The method according to claim 22, further comprising:
receiving the request from an external interworking device.
28. The method according to claim 27,
wherein the external interworking device comprises a mobile network operator server or a subscription manager server.
29. The method according to claim 22, further comprising:
receiving the request from a shared file manager or a profile located in the subscriber certification module.
30. The method according to claim 25,
wherein the managing of said at least one file included in the file structure in response to the request comprises updating data stored in the application directory file in response to a request with an access right.
31. The method according to claim 30,
wherein the access right is based on an administrator certification.
32. The method according to claim 22,
wherein the managing of the at least one file included in the file structure in response to the request further comprises registering network access application related information for an added profile in response to a new profile being installed onto the subscriber certification module.
33. A subscriber certification card built into and installed in a mobile terminal apparatus, the subscriber certification card comprising:
a shared file memory configured to store at least one profile-related file and at least one corresponding network access application with state information; and
a processor configured to manage the at least one profile-related file,
wherein the processor manages the at least one profile-related file by updating, deleting, or adding at least one of a network access application and data therein.
34. The subscriber certification card according to claim 33,
wherein the shared file memory is further configured to store a master file, and at least one file associated with the master file.
35. The subscriber certification card according to claim 34,
wherein the at least one file associated with the master file comprises an application directory file, wherein the application directory file comprises a network access application list and state information of each network access application in the network application list.
36. The subscriber certification card according to claim 33, further comprising:
a shared file manager configured to manage at least one file in the shared file memory.
37. The subscriber certification card according to claim 33,
wherein subscriber certification card is an embedded universal integrated circuit card built into the mobile terminal apparatus.
38. The subscriber certification card according to claim 33,
wherein at least one of: at least one file and file information stored in the shared file memory is changed in response to a request from at least one of the processor and an external interworking device remote from the mobile terminal apparatus.
39. The subscriber certification apparatus according to claim 38,
wherein the external interworking device comprises a mobile network operator server or a subscription manager server.
40. The subscriber certification apparatus according to claim 39,
wherein data stored in an application directory file is updated in response to the request with an access right.
41. The subscriber certification apparatus according to claim 40,
wherein the access right for updating is based on an administrator certification.
42. The subscriber certification apparatus according to claim 33,
wherein a state of the network access application is one of an activated state and a deactivated state.
43. The method of claim 22, wherein the subscriber certification module is an embedded universal integrated circuit card built into the mobile terminal.
US14/424,286 2012-08-29 2013-08-22 Method of managing shared file and device for authenticating subscriber by using same Abandoned US20150271173A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR10-2012-0094803 2012-08-29
KR20120094803 2012-08-29
KR1020130057765A KR102067474B1 (en) 2012-08-29 2013-05-22 Method for managing shared files and subscriber identidy apparatus embedded in user terminal using the method
KR10-2013-0057765 2013-05-22
PCT/KR2013/007518 WO2014035092A1 (en) 2012-08-29 2013-08-22 Method of managing shared file and device for authenticating subscriber by using same

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/007518 A-371-Of-International WO2014035092A1 (en) 2012-08-29 2013-08-22 Method of managing shared file and device for authenticating subscriber by using same

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/696,284 Continuation US10862881B2 (en) 2012-08-29 2017-09-06 Method of managing shared files and device for authenticating subscriber by using same

Publications (1)

Publication Number Publication Date
US20150271173A1 true US20150271173A1 (en) 2015-09-24

Family

ID=50642369

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/424,286 Abandoned US20150271173A1 (en) 2012-08-29 2013-08-22 Method of managing shared file and device for authenticating subscriber by using same
US15/696,284 Active US10862881B2 (en) 2012-08-29 2017-09-06 Method of managing shared files and device for authenticating subscriber by using same

Family Applications After (1)

Application Number Title Priority Date Filing Date
US15/696,284 Active US10862881B2 (en) 2012-08-29 2017-09-06 Method of managing shared files and device for authenticating subscriber by using same

Country Status (2)

Country Link
US (2) US20150271173A1 (en)
KR (1) KR102067474B1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106412887A (en) * 2016-06-15 2017-02-15 苏州畅途网络科技有限公司 Virtual SIM card rapid authentication method, system, server and terminal
US20170171742A1 (en) * 2015-12-11 2017-06-15 Apple Inc. EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD (eUICC) FILE SYSTEM MANAGEMENT WITH PROFILE SWITCHING
US10129736B2 (en) 2014-07-17 2018-11-13 Samsung Electronics Co., Ltd. Method and device for updating profile management server
US10194316B2 (en) 2014-10-27 2019-01-29 Samsung Electronics Co., Ltd. Method of changing profile using identification module and electronic device implementing same
US20190042808A1 (en) * 2016-03-23 2019-02-07 Sony Corporation Information processing device and information processing method
US20200137030A1 (en) * 2018-10-30 2020-04-30 Stmicroelectronics S.R.L. Method for generating personalized profile package data for integrated circuit cards
US11006266B2 (en) * 2019-03-04 2021-05-11 Cisco Technology, Inc. Onboarding device using embedded subscriber identification module

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102141372B1 (en) * 2012-11-06 2020-08-05 삼성전자주식회사 Terminal device with built-in subscriber identification module and profile selection method for this
DE102014110990A1 (en) * 2014-08-01 2016-02-04 Bundesdruckerei Gmbh Method for changing the control data of a chip card and chip card system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100197350A1 (en) * 2007-10-15 2010-08-05 Kt Corporation Method and apparatus for controlling the uicc application file
US20110207454A1 (en) * 2010-02-25 2011-08-25 Garg Ankit Authenticating and registering roaming mobile users
US20130122864A1 (en) * 2011-05-06 2013-05-16 David T. Haggerty Methods and apparatus for providing management capabilities for access control clients
US20130165073A1 (en) * 2011-12-23 2013-06-27 Nokia Corporation Method and apparatus for emulating a plurality of subscriptions
US20130227646A1 (en) * 2012-02-14 2013-08-29 Apple Inc. Methods and apparatus for large scale distribution of electronic access clients
US20130231087A1 (en) * 2012-03-05 2013-09-05 Rogers Communications Inc. Radio management method and system using embedded universal integrated circuit card
US20130295997A1 (en) * 2012-05-04 2013-11-07 Apple Inc. Device initiated card provisioning via bearer independent protocol
US8887257B2 (en) * 2011-04-26 2014-11-11 David T. Haggerty Electronic access client distribution apparatus and methods

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6425522B1 (en) * 1998-07-23 2002-07-30 Hitachi, Ltd. IC card information processing system, and apparatus and cards for the same
US8090844B2 (en) * 2004-10-08 2012-01-03 Truecontext Corporation Content management across shared, mobile file systems
CA2615659A1 (en) 2005-07-22 2007-05-10 Yogesh Chunilal Rathod Universal knowledge management and desktop search system
KR100858650B1 (en) * 2007-01-08 2008-09-16 주식회사 케이티프리텔 Method and device for sharing contents between computer and mobile
AR073125A1 (en) * 2008-08-25 2010-10-13 Interdigital Patent Holdings UNIVERSAL INTEGRATED CIRCUIT CARD THAT HAS A USER VIRTUAL IDENTIFICATION MODULE FUNCTION.
WO2010078614A1 (en) 2009-01-08 2010-07-15 Relevancenow Pty Limited Chatbots
US9807608B2 (en) 2009-04-20 2017-10-31 Interdigital Patent Holdings, Inc. System of multiple domains and domain ownership
US8649335B2 (en) * 2009-12-01 2014-02-11 At&T Intellectual Property I, L.P. Service models for roaming mobile device
US9173085B2 (en) * 2012-07-06 2015-10-27 Blackberry Limited Methods and apparatus for use in transferring an assignment of a secure chip subscription managers

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100197350A1 (en) * 2007-10-15 2010-08-05 Kt Corporation Method and apparatus for controlling the uicc application file
US20110207454A1 (en) * 2010-02-25 2011-08-25 Garg Ankit Authenticating and registering roaming mobile users
US8887257B2 (en) * 2011-04-26 2014-11-11 David T. Haggerty Electronic access client distribution apparatus and methods
US20130122864A1 (en) * 2011-05-06 2013-05-16 David T. Haggerty Methods and apparatus for providing management capabilities for access control clients
US20130165073A1 (en) * 2011-12-23 2013-06-27 Nokia Corporation Method and apparatus for emulating a plurality of subscriptions
US20130227646A1 (en) * 2012-02-14 2013-08-29 Apple Inc. Methods and apparatus for large scale distribution of electronic access clients
US20130231087A1 (en) * 2012-03-05 2013-09-05 Rogers Communications Inc. Radio management method and system using embedded universal integrated circuit card
US20130295997A1 (en) * 2012-05-04 2013-11-07 Apple Inc. Device initiated card provisioning via bearer independent protocol

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10129736B2 (en) 2014-07-17 2018-11-13 Samsung Electronics Co., Ltd. Method and device for updating profile management server
US10194316B2 (en) 2014-10-27 2019-01-29 Samsung Electronics Co., Ltd. Method of changing profile using identification module and electronic device implementing same
US10531285B2 (en) 2014-10-27 2020-01-07 Samsung Electronics Co., Ltd. Method of changing profile using identification module and electronic device implementing same
US20170171742A1 (en) * 2015-12-11 2017-06-15 Apple Inc. EMBEDDED UNIVERSAL INTEGRATED CIRCUIT CARD (eUICC) FILE SYSTEM MANAGEMENT WITH PROFILE SWITCHING
US10187788B2 (en) * 2015-12-11 2019-01-22 Apple Inc. Embedded universal integrated circuit card (eUICC) file system management with profile switching
US10674352B2 (en) 2015-12-11 2020-06-02 Apple Inc. Embedded universal integrated circuit card (eUICC) file system management with profile switching
US11064352B2 (en) 2015-12-11 2021-07-13 Apple Inc. Embedded universal integrated circuit card (eUICC) file system management with profile switching
US20190042808A1 (en) * 2016-03-23 2019-02-07 Sony Corporation Information processing device and information processing method
CN106412887A (en) * 2016-06-15 2017-02-15 苏州畅途网络科技有限公司 Virtual SIM card rapid authentication method, system, server and terminal
US20200137030A1 (en) * 2018-10-30 2020-04-30 Stmicroelectronics S.R.L. Method for generating personalized profile package data for integrated circuit cards
US11792166B2 (en) * 2018-10-30 2023-10-17 Stmicroelectronics S.R.L. Method for generating personalized profile package data for integrated circuit cards
US11006266B2 (en) * 2019-03-04 2021-05-11 Cisco Technology, Inc. Onboarding device using embedded subscriber identification module

Also Published As

Publication number Publication date
US20180013759A1 (en) 2018-01-11
US10862881B2 (en) 2020-12-08
KR20140029139A (en) 2014-03-10
KR102067474B1 (en) 2020-02-24

Similar Documents

Publication Publication Date Title
US10862881B2 (en) Method of managing shared files and device for authenticating subscriber by using same
US10334443B2 (en) Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same
US10187798B2 (en) Terminal device having subscriber identity device and method for selecting profile thereof
US10368236B2 (en) Method and system for downloading and installing UICC terminal profile on a terminal from a profile manager
US9451446B2 (en) SIM profile brokering system
US10142830B2 (en) Communication system
EP2708069B1 (en) Sim lock for multi-sim environment
KR102116269B1 (en) Method for managing profiles in subscriber identidy module embedded in user terminal and apparatus using the method
US8863240B2 (en) Method and system for smart card migration
RU2442295C2 (en) Apparatus and methods for network identification of open market wireless devices
US10901716B2 (en) Implicit file creation in APDU scripts
US11805397B2 (en) IMEI binding and dynamic IMEI provisioning for wireless devices
CN110121859A (en) A kind of Information Authentication method and relevant device
WO2019161939A1 (en) Methods, devices, and computer programs for provisioning or controlling operator profiles in terminals
KR102216293B1 (en) Subscriber certification module using provisioning profile and method of accessing network using the same
US20230057543A1 (en) Method and server for pushing data to mno
KR20160114877A (en) Method and apparatus for downloading policy rule in wireless communication system

Legal Events

Date Code Title Description
AS Assignment

Owner name: KT CORPORATION, KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SEO, MYOUNG HEE;LEE, JIN HYOUNG;KIM, KWAN LAE;AND OTHERS;REEL/FRAME:035105/0267

Effective date: 20150203

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION