USRE49465E1 - Method and apparatus for setting profile - Google Patents

Method and apparatus for setting profile Download PDF

Info

Publication number
USRE49465E1
USRE49465E1 US16/537,077 US201916537077A USRE49465E US RE49465 E1 USRE49465 E1 US RE49465E1 US 201916537077 A US201916537077 A US 201916537077A US RE49465 E USRE49465 E US RE49465E
Authority
US
United States
Prior art keywords
profile
terminal
module
identifier
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US16/537,077
Inventor
Duckey Lee
Jungje SON
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to US16/537,077 priority Critical patent/USRE49465E1/en
Application granted granted Critical
Publication of USRE49465E1 publication Critical patent/USRE49465E1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/43Security arrangements using identity modules using shared identity modules, e.g. SIM sharing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/45Security arrangements using identity modules using multiple identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • H04W8/245Transfer of terminal data from a network towards a terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • H04W8/265Network addressing or numbering for mobility support for initial activation of new user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier

Definitions

  • the present invention generally relates to a method and apparatus for setting profiles stored in a mobile terminal.
  • a Universal Integrated Circuit Card is a smart card inserted and used in a mobile terminal.
  • the UICC stores personal information of a mobile communication subscriber, such as authentication information for network access, phonebook data, and text messages.
  • a mobile communication network such as a Global System for Mobile Communications (GSM), Wideband Code Division Multiple Access (WCDMA) or Long Term Evolution (LTE) network
  • GSM Global System for Mobile Communications
  • WCDMA Wideband Code Division Multiple Access
  • LTE Long Term Evolution
  • the UICC may store communication applications including a Subscriber Identity Module (SIM), Universal Subscriber Identity Module (USIM), and IP Multimedia Services Identity Module (ISIM) according to the type of mobile communication network to which the subscriber connects.
  • SIM Subscriber Identity Module
  • USIM Universal Subscriber Identity Module
  • ISIM IP Multimedia Services Identity Module
  • the UICC provides a high level security function to install a variety of applications such as electronic wallets, tickets and passports.
  • a typical UICC is manufactured as a proprietary smart card of a specific mobile network operator according to requests of the mobile network operator.
  • a UICC is pre-embedded with authentication information for access to the corresponding mobile operator network (e.g. USIM application, International Mobile Subscriber Identity (IMSI), and key value (K)).
  • IMSI International Mobile Subscriber Identity
  • K key value
  • the mobile network operator receives a manufactured UICC and provides the received UICC to a subscriber, and later, if necessary, performs management of the UICC by installing, modifying and removing an application through Over-The-Air (OTA) programming or the like.
  • OTA Over-The-Air
  • the subscriber may manipulate the mobile terminal to use network and application services of the corresponding mobile network operator.
  • the subscriber removes the UICC from the existing terminal and inserts it into a new terminal.
  • the authentication information, the mobile phone number and the phonebook data stored in the UICC may be used in the new terminal.
  • ETSI European Telecommunications Standards Institute
  • Removable UICC cards may be unsuitable for machine-to-machine (M2M) devices, such as smart home appliances, electricity meters, water meters and Closed Circuit Television (CCTV) cameras, which require access to mobile data networks in various deployment environments without direct human intervention.
  • M2M machine-to-machine
  • CCTV Closed Circuit Television
  • a new embedded secure element would enable authentication information of various mobile network operators to be installed and managed in a secure and flexible manner when a user who has purchased a corresponding mobile terminal subscribes to a mobile network operator, unsubscribes from a mobile network operator, or changes mobile network operators. According to various usage scenarios such as a purchase of a new terminal, the new embedded secure element would also enable configured authentication information and stored user data to be securely transferred to a new mobile terminal.
  • an aspect of the present invention is to provide an effective method for setting a profile.
  • a method for setting profiles for a profile server includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.
  • FIG. 1 illustrates an architecture of a communication system according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a profile setting procedure according to an embodiment of the present invention.
  • FIG. 3 illustrates a data structure in a mobile terminal according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a profile activation procedure according to an embodiment of the present invention.
  • FIG. 5 is a sequence diagram illustrating a profile setting procedure according to a first embodiment of the present invention.
  • FIG. 6 is a sequence diagram illustrating a profile setting procedure according to a second embodiment of the present invention.
  • FIG. 7 is a block diagram of a profile provider according to an embodiment of the present invention.
  • FIG. 8 is a block diagram of a profile manager according to an embodiment of the present invention.
  • FIG. 9 is a block diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 1 illustrates an architecture of a communication system according to an embodiment of the present invention.
  • the communication system includes first and second mobile terminals 105 and 106 , first and second embedded Secure Elements (eSEs) 107 and 108 , respectively installed in the first and second mobile terminals 105 and 106 , a profile provider 102 , first and second profile managers 103 and 104 , and an address search server 111 .
  • the address search server 111 may be omitted.
  • the first and second embedded secure elements 107 and 108 may include an embedded secure element that may be attached to a substrate of the first or second mobile terminals 105 and 106 or installed therein.
  • the embedded UICC eUICC
  • First and second profiles 109 and 110 are installed as software items in the first and second embedded secure elements 107 and 108 , respectively.
  • the first and second profiles 109 and 110 are software packages containing information corresponding to one or more existing removable UICCs.
  • the first and second profiles 109 and 110 may be defined as software packages that contain user data, such as one or more applications, subscriber authentication information and phonebook data, embedded in a UICC.
  • the profile provider 102 may be directly operated by a Mobile Network Operator (MNO) or may be operated by an agent fully trusted by the MNO.
  • MNO Mobile Network Operator
  • the profile provider 102 generates a profile for a subscriber subscribing to the corresponding mobile network operator, encrypts the profile, and sends the encrypted profile to the first and second profile managers 103 and 104 .
  • the profile provider 102 may be implemented as, for example, a profile providing server as in FIG. 1 .
  • the first and second profile managers 103 and 104 manage profiles for the first and second embedded secure elements 107 and 108 , respectively. Due to characteristics of secure elements based on smart card technology, the same security key information is configured in both the first and second embedded secure elements 107 and 108 and the first and second profile managers 103 and 104 before the first and second mobile terminals 105 and 106 are sold to a user (typically, at the time of terminal manufacture). Hence, the first and second profile managers 103 and 104 may be operated by the manufacturer of the first and second embedded secure elements 107 and 108 or the first and second mobile terminals 105 and 106 .
  • the first and second profile managers 103 and 104 may be implemented as, for example, a profile management server as in FIG. 1 .
  • the first and second profile managers 103 and 104 each receive an encrypted profile from the profile provider 102 and securely send the same to the corresponding first and second embedded secure elements 107 and 108 , which decrypt and install the profiles. Thereafter, the first and second profile managers 103 and 104 each perform profile management including profile activation, deactivation, backup or deletion.
  • the first and second embedded secure elements 107 and 108 may store multiple profiles. In this case, if the first and second mobile terminals 105 and 106 connect to a mobile communication network, one of the profiles stored in the first and second embedded secure elements 107 and 108 is selected and used.
  • FIG. 2 is a flowchart of a profile setting procedure according to an embodiment of the present invention.
  • FIG. 2 describes a procedure in which, in response to a request for a profile transfer from the first embedded secure element 107 to the second embedded secure element 108 , profile information of the first embedded secure element 107 is backed up and reconfigured so as to be installable in the second embedded secure element 108 , the reconfigured profile is installed in the second embedded secure element 108 , and processing continues according to the results of installation and Authentication Center (AuC) update.
  • AuC Authentication Center
  • the profile provider 102 or first profile manager 103 receives a profile transfer request from a user or user terminal.
  • the profile transfer request message may include an identifier of the first mobile terminal 105 or first embedded secure element 107 and an identifier of the second mobile terminal 106 or second embedded secure element 108 .
  • the profile transfer request message may further include, an indication of the desired profile, at least one of a profile identifier, Mobile Subscriber Integrated Services Digital Network-Number (MSISDN, phone number), and IMSI.
  • MSISDN Mobile Subscriber Integrated Services Digital Network-Number
  • the profile manager 103 sends a profile backup request message to the first mobile terminal 105 .
  • the first profile 109 stored in the first embedded secure element 107 is backed up, encrypted, and sent to the profile providing server 102 .
  • the first embedded secure element 107 of the first mobile terminal 105 encrypts the first profile 109 using a public key in a certificate of the profile provider server 102 .
  • the first embedded secure element 107 of the first mobile terminal 105 generates a symmetric key for encryption and decryption and encrypts the first profile 109 using the symmetric key, and encrypts the symmetric key using the public key in the certificate of the profile provider server 102 and sends the encrypted symmetric key to the profile provider server 102 .
  • the first mobile terminal 105 encrypts the entire contents of the first profile 109 for transfer.
  • the first mobile terminal 105 encrypts only user data of the first profile 109 (such as phonebook data) excluding security-sensitive data (such as the USIM authentication key K) and sends the encrypted data.
  • the profile provider 102 may add data corresponding to the unsent contents at step 204 (described below).
  • the user selects a portion of applications and data constituting the first profile 109 to be transferred to the second embedded secure element 108 .
  • FIG. 3 illustrates a structure of data in a mobile terminal according to an embodiment of the present invention.
  • the mobile terminal 300 has a terminal ID 302 .
  • the eSE 310 embedded in the mobile terminal 300 has an eSE ID 303 .
  • the eSE 310 stores a profile 320 .
  • the profile 320 has a profile ID 304 .
  • the profile 320 includes a USIM 330 .
  • the USIM 330 includes an IMSI 307 and K 308 .
  • the profile 320 further includes supplementary values 305 and 306 , which are used to deactivate the profile 320 when the profile 320 is illegitimately copied or cloned to another eSE.
  • the profile 320 may further include an eSE ID 305 indicating the identifier of the eSE in which the profile 320 is to be installed.
  • terminal ID may be used instead of eSE ID, eSE ID and terminal ID may be used together, or a combination of eSE ID and terminal ID may be used. Later, for ease of description, it is assumed that only eSE ID is used in the field 305 .
  • the profile 320 may further include a digital signature 306 .
  • the digital signature 306 may be used to detect illegitimate modification of the eSE ID 305 or USIM 330 by a third party attempting to clone the eSE 310 .
  • the profile provider may generate the digital signature 306 by applying a digital signing procedure to the profile ID 304 , eSE ID and/or terminal ID 305 , and IMSI 307 and/or K 308 of the USIM 330 .
  • the digital signature 306 may be generated using the following Equation 1.
  • Digital Signature RSAwithSHA1(Profile ID
  • the digital signature 306 is generated using only the profile ID 304 and eSE ID 305 . That is, the digital signature 306 is generated using the following Equation 2.
  • Digital Signature RSAwithSHA1(Profile ID
  • illegitimate copying of the profile 320 is prevented while illegitimate copying of the USIM 330 is not prevented.
  • illegitimate copying of the profile 320 is not prevented, while illegitimate copying of the USIM 330 is prevented.
  • FIG. 4 is a flowchart of a profile activation procedure according to an embodiment of the present invention.
  • the mobile terminal 300 activates the profile according to the procedure of FIG. 4 , and detects illegitimate copying of the profile and/or the USIM.
  • the embedded secure element (eSE) 310 selects a profile.
  • the eSE 310 selects a profile according to a user selection through the touchscreen or keypad.
  • the eSE 310 when the mobile terminal 300 boots or transitions from flight mode to communication mode, the eSE 310 automatically selects a profile.
  • the eSE 310 selects at least one stored profile in a suitable manner.
  • the eSE 310 verifies the eSE ID in the selected profile.
  • the terminal ID may be used instead of the eSE ID, or a combination of the eSE ID and terminal ID may be used.
  • step 404 the eSE 310 determines whether the eSE ID is correct. If the eSE ID is correct, the eSE 310 proceeds to step 404 at which the eSE 310 does not use the selected profile. Here, the eSE 310 discards the selected profile. Then, the eSE 310 selects another profile and repeats the above procedure. Here, a profile having an incorrect identifier is not used. If the eSE ID is correct, the eSE 310 proceeds to step 405 .
  • the eSE 310 verifies the digital signature in the selected profile. If the digital signature is correct, the eSE 310 proceeds to step 406 at which the eSE 310 uses the selected profile. If the digital signature is not correct, the eSE 310 proceeds to step 404 at which the eSE 310 does not use the selected profile and discards it.
  • the profile provider 102 reconfigures the second profile 110 using data in the received first profile 109 .
  • the profile provider 102 replaces the identifier of the first embedded secure element 107 in the first profile 109 with the identifier of the second embedded secure element 108 and regenerates the signature correspondingly.
  • the profile provider 102 generates the second profile using the USIM authentication key K of the second profile 110 to be installed in the second embedded secure element 108 at step 204 .
  • the K of the second profile 110 may differ from that of the first profile 109 .
  • the profile provider 102 sends the AuC of the corresponding mobile network operator a request for updating the K of the first profile 109 with that of the second profile 110 .
  • the AuC updates the K in accordance with the profile. While the first profile 109 is not removed from the first embedded secure element 107 , as the K of the AuC is changed, the first mobile terminal 105 is unable to connect to a 3GPP network using the USIM of the first profile 109 . In other words, when a connection approval request is received from the first mobile terminal 105 using the first profile 109 , the AuC performs authentication using the K stored in the AuC. In this embodiment of the present invention, as the K stored in the AuC is updated with the K corresponding to the second profile 110 , the connection approval request made by the first mobile terminal 105 using the old K is rejected.
  • the reconfigured second profile 110 is installed in the second embedded secure element 108 .
  • the installation result is sent to the profile provider 102 and the first and second profile managers 103 and 104 .
  • the procedure ends.
  • the first profile 109 installed in the first mobile terminal 105 remains in the same state as before the profile transfer request was made.
  • the profile provider 102 proceeds to step 206 at which the profile provider 102 sends an update K request to the AuC.
  • the AuC updates the K and sends the update result to the profile provider 102 .
  • the profile provider 102 proceeds to step 208 at which the profile provider 102 sends a request message for deleting the first profile 109 to the first mobile terminal 105 . Then, the first mobile terminal 105 deletes the first profile 109 . As described above, although the first profile 109 is not removed at step 208 due to a technical error or malicious intent, as the AuC has updated the K at operation 206 , the first mobile terminal 105 using the first profile 109 is not allowed to access the network.
  • step 206 the profile provider 102 proceeds to step 207 at which the profile provider 102 sends a request message to delete the second profile 110 to the second mobile terminal 106 . Then, the second mobile terminal 106 deletes the second profile 110 and returns to the state before the profile transfer request was made.
  • the second profile 110 is not removed due to a technical error or malicious intent, as the AuC has failed to update the K at step 206 , the second mobile terminal 106 using the second profile 110 is not allowed to access the communication network.
  • the profile is transferred from the first mobile terminal 105 to the second mobile terminal 106 in a secure manner. If a failure occurs at any step of the procedure, the initial state is recovered as in the case of transaction processing.
  • FIG. 5 is a sequence diagram illustrating a profile setting procedure according to an embodiment of the present invention.
  • FIG. 5 may be realized on the system disclosed in FIG. 1 .
  • the MNO 502 receives a profile transfer request message from a user 500 .
  • the profile transfer request message includes an identifier of the first mobile terminal 105 or first embedded secure element 107 and an identifier of the second mobile terminal 106 or second embedded secure element 108 . If multiple profiles are stored in the first embedded secure element 107 , the profile transfer request message further includes, to indicate a desired profile, at least one of a profile identifier, MSISDN and IMSI.
  • step 510 user authentication is performed between the MNO 502 and the user 500 . A request from an unauthorized user is rejected. If user authentication is successfully, the procedure continues to the next step.
  • step 515 the MNO 502 forwards the received profile transfer request message to the profile provider 102 .
  • the profile provider 102 sends a query to the address search server 111 and receives a corresponding response therefrom.
  • the address search server 111 is implemented as a distributed server such as a Domain Name Service (DNS) server.
  • DNS Domain Name Service
  • the profile provider 102 may directly store and manage addresses corresponding to individual embedded secure elements.
  • the profile provider 102 finds the address of the first profile manager 103 without external communication, where the address may be in the form of an IP address and/or a domain address.
  • the profile provider 102 sends a profile backup request message to the first profile manager 103 , using the found address, where the profile backup request message includes an identifier of the first profile 109 to be transferred, an identifier of the first embedded secure element 107 (or the first mobile terminal 105 ), and a certificate of the profile provider 102 .
  • the certificate of the profile provider 102 includes an identifier of the MNO 502 as a field, and signing is performed based thereon.
  • the first profile manager 103 forwards the profile backup request message to the first mobile terminal 105 .
  • the first profile manager 103 extracts the identifier of the first mobile terminal 105 or first embedded secure element 107 from the received profile backup request message, and identifies the destination to which the profile backup request message is to be forwarded.
  • an SMS message may be sent as a profile backup request message to the desired terminal, where the profile backup request message includes an identifier of the first profile 109 and a certificate of the profile provider 102 .
  • the first mobile terminal 105 Upon reception of the profile backup request message, at step 535 , the first mobile terminal 105 encrypts the profile.
  • the first embedded secure element 107 of the first mobile terminal 105 identifies the identifier of the target profile 109 from the received profile backup request message.
  • the first embedded secure element 107 encrypts at least a portion of the target profile 109 .
  • Profile encryption is described in detail with reference to FIG. 2 .
  • step 540 the first mobile terminal 105 sends the encrypted profile to the first profile manager 103 . Only when the MNO ID contained in the certificate of the profile provider is identical to the MNO ID contained in the profile 109 and the certificate is determined to be valid, are steps 535 (encryption) and 540 (transfer) performed.
  • step 545 the first profile manager 103 forwards the backed-up profile to the profile provider 102 .
  • step 550 the profile provider 102 configures a second profile 110 on the basis of the received profile and a new K.
  • a description of how to configure the second profile 110 is provided with reference to FIGS. 2 to 4 .
  • step 555 the profile provider 102 finds the address of the profile manager 105 related to the second embedded secure element 108 that will receive the second profile 110 through communication with the address search server 111 .
  • Address search is similar to that in step 520 .
  • the profile provider 102 directly maintains address information′, it finds a desired address without external communication.
  • step 560 the profile provider 102 installs the second profile 110 in the second embedded secure element 108 of the second mobile terminal 106 via the second profile manager 104 .
  • the second profile 110 may be encrypted as in the case of the first profile 109 . If installation is successful, the procedure continues to the next step.
  • step 565 the profile provider 102 sends the AuC of the MNO 502 a request message for updating the K of the corresponding profile.
  • step 570 the AuC notifies the profile provider 102 of the update result.
  • step 575 the profile provider 102 sends a request message for deleting the first profile 109 to the first mobile terminal 105 . If update of the K is unsuccessful, the second profile 110 will be deleted.
  • FIG. 6 is a sequence diagram illustrating a profile setting procedure according to an embodiment of the present invention.
  • FIG. 6 The embodiment of the invention disclosed in FIG. 6 is similar to that of FIG. 5 , but differs in that profile transfer is triggered by the first mobile terminal 105 .
  • the first mobile terminal 105 attempts to transfer the first profile 109 to the second embedded secure element 108 of the second mobile terminal 106 .
  • the first mobile terminal 105 finds the address of a profile manager related to the first embedded secure element 107 through communication with the address search server 111 . As described above, when the first mobile terminal 105 directly maintains such addresses, step 605 is skipped.
  • the first mobile terminal 105 uses the found address, sends a profile transfer request message to the first profile manager 103 .
  • the profile transfer request message includes an identifier of the first embedded secure element 107 , an identifier of a profile to be transferred (e.g. Profile ID, MSISDN or IMSI), and an identifier of the second embedded secure element 108 .
  • step 615 the first profile manager 103 finds the address of a profile provider 102 related to the first embedded secure element 107 through communication with the address search server 111 . As described above, when the first profile manager 103 directly maintains such addresses, step 615 may be skipped.
  • step 620 the first profile manager 103 forwards the received profile transfer request message to the profile provider 102 .
  • steps 620 to 675 are identical or similar to steps 520 to 575 of FIG. 5 , and hence a detailed description thereof is omitted.
  • FIG. 7 is a block diagram of a profile provider according to an embodiment of the present invention.
  • the profile provider includes a communication unit 710 and a control unit 720 .
  • the communication unit 710 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 .
  • the communication unit 710 receives a profile transfer request message and sends a profile backup request message.
  • the communication unit 710 sends an update request message for the K to the AuC and receives a corresponding result message.
  • the communication unit 710 sends and receives encrypted profiles.
  • the control unit 720 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the profile provider accordingly. In particular, in FIG. 7 , the control unit 720 decrypts an encrypted profile and encrypts a plaintext profile.
  • FIG. 8 is a block diagram of a profile manager according to an embodiment of the present invention.
  • the profile manager includes a communication unit 810 and a control unit 820 .
  • the communication unit 810 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 .
  • the communication unit 810 sends and receives a profile transfer request message and a profile backup request message.
  • the communication unit 810 sends and receives encrypted profiles.
  • the control unit 820 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the profile manager accordingly.
  • FIG. 9 is a block diagram of a mobile terminal according to an embodiment of the present invention.
  • the mobile terminal includes a communication unit 910 and a control unit 920 .
  • the control unit 920 includes an embedded secure element 930 .
  • the communication unit 910 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 .
  • the communication unit 910 sends and receives a profile transfer request message and a profile backup request message.
  • the communication unit 910 sends and receives encrypted profiles.
  • the control unit 920 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the mobile terminal accordingly.
  • the control unit 920 installs a profile in the embedded secure element 930 or uninstalls a profile therefrom.
  • the control unit 920 encrypts or decrypts a profile.
  • steps performed by the embedded secure element 930 some steps suitable for external processing may be performed by an entity external to the embedded secure element 930 .
  • the UICC when changing a terminal from a first terminal to a second terminal, the UICC is removed from the first terminal and be is inserted into the second terminal. In this case, as a physical card is transferred, the problem of card copying or duplication between two terminals does not arise.
  • the existing profile of the first mobile terminal can be safely transferred to the second mobile terminal. Moreover, after the profile is successfully transferred, only the second profile of the second mobile terminal is usable. When a failure occurs during profile transfer, the initial state is restored and only the first profile of the first mobile terminal is usable. Hence, characteristics of transaction processing (all or nothing) are achieved.
  • applications added later to the profile e.g. NFC banking/card application
  • data added by the user e.g. phonebook
  • unlike an existing removable UICC which carries all stored data when removed from or inserted into a terminal
  • the backed-up first profile is reconfigured by the profile providing server into a second profile through data addition or modification so that the second profile is installable in the second embedded secure element.
  • security information such as USIM key (K) is excluded from the backup target. Hence, the security risk is minimized even if the backed-up profile is leaked.
  • the first eSE ID is replaced with the second eSE ID so that the second profile is operable only in the second embedded secure element, preventing illegitimate profile copying.
  • the K managed by the AuC is changed. Hence, even when the first profile is not removed from the first embedded secure element, the first profile cannot be illegitimately used. Thereby, a security mechanism is provided.
  • security sensitive information e.g. authentication key K of the USIM application
  • the profile providing server adds corresponding data during profile reconfiguration, thereby minimizing the risk due to leakage.
  • the user or manager it is possible for the user or manager to designate applications and data to be backed up or transferred.
  • the profile provider when a profile is successfully copied to the new embedded secure element, the profile is deleted from the old embedded secure element. It is necessary to cope with the possibility that two copies of the same profile are present in two mobile terminals due to one copy not being deleted because of an error or malicious intent.
  • the profile provider when a new profile is configured, the profile provider changes the USIM K and updates the AuC accordingly, preventing access to the communication network using the old profile.
  • a profile is configured to include the identifier of the embedded secure element in which the profile is to be installed (eSE ID) and an associated digital signature, so that the profile is either not installable or is inoperable in a different embedded secure element.
  • the digital signature prevents the eSE ID from being modified.
  • the digital signature may be generated on the basis of a concatenation of important parameters in the profile (e.g. profile ID, eSE ID and IMSI) and a public key of the certificate of the profile providing server. Other similar schemes may be used to generate the digital signature.
  • the profile provider may change certain values and regenerate the digital signature.
  • blocks of a flowchart (or sequence diagram) and a combination of flowcharts may be represented and executed by computer program instructions.
  • These computer program instructions may be loaded on a processor of a general purpose computer, special purpose computer or programmable data processing equipment. When the loaded program instructions are executed by the processor, they create a means for carrying out functions described in the flowchart.
  • the computer program instructions may be stored in a computer readable memory that is usable in a specialized computer or a programmable data processing equipment, it is also possible to create articles of manufacture that carry out functions described in the flowchart.
  • the computer program instructions may be loaded on a computer or a programmable data processing equipment, when executed as processes, they may carry out steps of functions described in the flowchart.
  • a block of a flowchart may correspond to a module, a segment or code containing one or more executable instructions implementing one or more logical functions, or to a part thereof.
  • functions described by blocks may be executed in an order different from the listed order. For example, two blocks listed in sequence may be executed at the same time or executed in reverse order.
  • unit may refer to a software component or hardware component such as a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC) capable of carrying out a function or an operation.
  • FPGA Field Programmable Gate Array
  • ASIC Application Specific Integrated Circuit
  • a unit or the like is not limited to hardware or software.
  • a unit or the like may be configured so as to reside in an addressable storage medium or to drive one or more processors.
  • Units or the like may refer to software components, object-oriented software components, class components, task components, processes, functions, attributes, procedures, subroutines, program code segments, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays or variables.
  • a function provided by a component and unit may be a combination of smaller components and units, and may be combined with other components and units to compose large components and units.
  • Components and units may be configured to drive a device or one or more processors in a secure multimedia card.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A method and apparatus for setting profiles are provided. The profile setting method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.

Description

PRIORITY
This application is a continuation of U.S. application Ser. No. 14/292,256, which was filed in the U.S. Patent and Trademark Office on May 30, 2014, claims priority under 35 U.S.C. §119(a) to a Korean Patent Application filed on May 30, 2013 in the Korean Intellectual Property Office and assigned Serial No. 10-2013-0061851, the entire content of which is incorporated herein by reference.
BACKGROUND
1. Field of Invention
The present invention generally relates to a method and apparatus for setting profiles stored in a mobile terminal.
2. Description of the Related Art
A Universal Integrated Circuit Card (UICC) is a smart card inserted and used in a mobile terminal. The UICC stores personal information of a mobile communication subscriber, such as authentication information for network access, phonebook data, and text messages. When the mobile terminal connects to a mobile communication network such as a Global System for Mobile Communications (GSM), Wideband Code Division Multiple Access (WCDMA) or Long Term Evolution (LTE) network, the UICC performs subscriber authentication and traffic security key generation to thereby enable secure mobile communication. The UICC may store communication applications including a Subscriber Identity Module (SIM), Universal Subscriber Identity Module (USIM), and IP Multimedia Services Identity Module (ISIM) according to the type of mobile communication network to which the subscriber connects. In addition, the UICC provides a high level security function to install a variety of applications such as electronic wallets, tickets and passports.
A typical UICC is manufactured as a proprietary smart card of a specific mobile network operator according to requests of the mobile network operator. At the time of shipment, such a UICC is pre-embedded with authentication information for access to the corresponding mobile operator network (e.g. USIM application, International Mobile Subscriber Identity (IMSI), and key value (K)). Hence, the mobile network operator receives a manufactured UICC and provides the received UICC to a subscriber, and later, if necessary, performs management of the UICC by installing, modifying and removing an application through Over-The-Air (OTA) programming or the like. After inserting the UICC into a mobile terminal, the subscriber may manipulate the mobile terminal to use network and application services of the corresponding mobile network operator. To change terminals, the subscriber removes the UICC from the existing terminal and inserts it into a new terminal. Hence, the authentication information, the mobile phone number and the phonebook data stored in the UICC may be used in the new terminal.
The European Telecommunications Standards Institute (ETSI) has defined physical configurations and logical functions of UICCs to maintain worldwide compatibility. The form factor specifying physical configurations has continuously decreased: mini-SIMs (most widely used) were followed by micro-SIMs (introduced several years ago), and nano-SIMs (introduced in recent years). The development of smaller SIM cards has contributed to the development of smaller terminals. However, it is expected that it will be difficult to standardize UICC cards smaller than recently specified nano-SIMs because of the high likelihood of losing a card. It is also expected that it will be difficult to further miniaturize removable UICC cards, because space for card slots is needed in terminals.
Removable UICC cards may be unsuitable for machine-to-machine (M2M) devices, such as smart home appliances, electricity meters, water meters and Closed Circuit Television (CCTV) cameras, which require access to mobile data networks in various deployment environments without direct human intervention.
To address the above-mentioned problems, it is proposed to embed a secure element that has UICC or similar functions in a mobile terminal at the time of manufacture, in place of a removable UICC. However, such an embedded secure element would be irremovable after being installed in a mobile terminal. Hence, the mobile terminal may be unable to pre-store authentication information for access to a mobile operator network (such as USIM application, IMSI and key value) at the time of manufacture unless the mobile terminal is manufactured as a proprietary terminal of a particular mobile network operator. It would only be possible to configure such authentication information in a mobile terminal after a user who has purchased a mobile terminal subscribes to a mobile network operator.
In addition, unlike an existing UICC card that is manufactured and distributed as a proprietary card of a particular mobile network operator, a new embedded secure element would enable authentication information of various mobile network operators to be installed and managed in a secure and flexible manner when a user who has purchased a corresponding mobile terminal subscribes to a mobile network operator, unsubscribes from a mobile network operator, or changes mobile network operators. According to various usage scenarios such as a purchase of a new terminal, the new embedded secure element would also enable configured authentication information and stored user data to be securely transferred to a new mobile terminal.
SUMMARY
The present invention has been made to address the above problems and disadvantages and to provide at least the advantages described below. Accordingly, an aspect of the present invention is to provide an effective method for setting a profile.
In accordance with an aspect of the present invention, a method for setting profiles for a profile server is provided. The method includes receiving, from a first terminal, a profile transfer request message that requests transfer of a first profile or portion thereof from a first secure element to a second secure element; configuring a second profile using the first profile or portion thereof; and sending, to a second terminal, the configured second profile.
BRIEF DESCRIPTION OF THE DRAWINGS
The above and other aspects, features, and advantages of the present invention will be more apparent from the following detailed description, taken in conjunction with the accompanying drawings, in which:
FIG. 1 illustrates an architecture of a communication system according to an embodiment of the present invention;
FIG. 2 is a flowchart of a profile setting procedure according to an embodiment of the present invention;
FIG. 3 illustrates a data structure in a mobile terminal according to an embodiment of the present invention;
FIG. 4 is a flowchart of a profile activation procedure according to an embodiment of the present invention;
FIG. 5 is a sequence diagram illustrating a profile setting procedure according to a first embodiment of the present invention;
FIG. 6 is a sequence diagram illustrating a profile setting procedure according to a second embodiment of the present invention;
FIG. 7 is a block diagram of a profile provider according to an embodiment of the present invention;
FIG. 8 is a block diagram of a profile manager according to an embodiment of the present invention; and
FIG. 9 is a block diagram of a mobile terminal according to an embodiment of the present invention.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE PRESENT INVENTION
Hereinafter, embodiments of the present invention are described in detail with reference to the accompanying drawings.
Descriptions of functions and constructions that are well-known in the relevant art and are not directly related with the present invention are omitted to avoid obscuring the subject matter of the present invention.
In the drawings, some elements are exaggerated, omitted or only outlined in brief, and thus may not be drawn to scale. The same reference numbers are used throughout the drawings to refer to the same or like elements.
FIG. 1 illustrates an architecture of a communication system according to an embodiment of the present invention.
Referring to FIG. 1 , the communication system includes first and second mobile terminals 105 and 106, first and second embedded Secure Elements (eSEs) 107 and 108, respectively installed in the first and second mobile terminals 105 and 106, a profile provider 102, first and second profile managers 103 and 104, and an address search server 111. In an embodiment of the present invention, the address search server 111 may be omitted.
The first and second embedded secure elements 107 and 108 may include an embedded secure element that may be attached to a substrate of the first or second mobile terminals 105 and 106 or installed therein. The embedded UICC (eUICC) is a type of secure element embedded in a terminal. First and second profiles 109 and 110 are installed as software items in the first and second embedded secure elements 107 and 108, respectively. The first and second profiles 109 and 110 are software packages containing information corresponding to one or more existing removable UICCs. For example, the first and second profiles 109 and 110 may be defined as software packages that contain user data, such as one or more applications, subscriber authentication information and phonebook data, embedded in a UICC.
The profile provider 102 may be directly operated by a Mobile Network Operator (MNO) or may be operated by an agent fully trusted by the MNO. The profile provider 102 generates a profile for a subscriber subscribing to the corresponding mobile network operator, encrypts the profile, and sends the encrypted profile to the first and second profile managers 103 and 104. The profile provider 102 may be implemented as, for example, a profile providing server as in FIG. 1 .
The first and second profile managers 103 and 104 manage profiles for the first and second embedded secure elements 107 and 108, respectively. Due to characteristics of secure elements based on smart card technology, the same security key information is configured in both the first and second embedded secure elements 107 and 108 and the first and second profile managers 103 and 104 before the first and second mobile terminals 105 and 106 are sold to a user (typically, at the time of terminal manufacture). Hence, the first and second profile managers 103 and 104 may be operated by the manufacturer of the first and second embedded secure elements 107 and 108 or the first and second mobile terminals 105 and 106. The first and second profile managers 103 and 104 may be implemented as, for example, a profile management server as in FIG. 1 .
The first and second profile managers 103 and 104 each receive an encrypted profile from the profile provider 102 and securely send the same to the corresponding first and second embedded secure elements 107 and 108, which decrypt and install the profiles. Thereafter, the first and second profile managers 103 and 104 each perform profile management including profile activation, deactivation, backup or deletion. According to the terminal state of a subscription to mobile network operators, the first and second embedded secure elements 107 and 108 may store multiple profiles. In this case, if the first and second mobile terminals 105 and 106 connect to a mobile communication network, one of the profiles stored in the first and second embedded secure elements 107 and 108 is selected and used.
FIG. 2 is a flowchart of a profile setting procedure according to an embodiment of the present invention.
FIG. 2 describes a procedure in which, in response to a request for a profile transfer from the first embedded secure element 107 to the second embedded secure element 108, profile information of the first embedded secure element 107 is backed up and reconfigured so as to be installable in the second embedded secure element 108, the reconfigured profile is installed in the second embedded secure element 108, and processing continues according to the results of installation and Authentication Center (AuC) update.
Referring to FIG. 2 , at step 202, the profile provider 102 or first profile manager 103 receives a profile transfer request from a user or user terminal. The profile transfer request message may include an identifier of the first mobile terminal 105 or first embedded secure element 107 and an identifier of the second mobile terminal 106 or second embedded secure element 108. When multiple profiles are stored in the first embedded secure element 107, the profile transfer request message may further include, an indication of the desired profile, at least one of a profile identifier, Mobile Subscriber Integrated Services Digital Network-Number (MSISDN, phone number), and IMSI. Then, the profile manager 103 sends a profile backup request message to the first mobile terminal 105.
At step 203, the first profile 109 stored in the first embedded secure element 107 is backed up, encrypted, and sent to the profile providing server 102. Here, the first embedded secure element 107 of the first mobile terminal 105 encrypts the first profile 109 using a public key in a certificate of the profile provider server 102. Alternatively, the first embedded secure element 107 of the first mobile terminal 105 generates a symmetric key for encryption and decryption and encrypts the first profile 109 using the symmetric key, and encrypts the symmetric key using the public key in the certificate of the profile provider server 102 and sends the encrypted symmetric key to the profile provider server 102.
In an embodiment of the present invention, the first mobile terminal 105 encrypts the entire contents of the first profile 109 for transfer. In another embodiment of the present invention, the first mobile terminal 105 encrypts only user data of the first profile 109 (such as phonebook data) excluding security-sensitive data (such as the USIM authentication key K) and sends the encrypted data. In this case, the profile provider 102 may add data corresponding to the unsent contents at step 204 (described below). In another embodiment of the present invention, if necessary, the user selects a portion of applications and data constituting the first profile 109 to be transferred to the second embedded secure element 108.
FIG. 3 illustrates a structure of data in a mobile terminal according to an embodiment of the present invention.
Referring to FIG. 3 , the mobile terminal 300 has a terminal ID 302. The eSE 310 embedded in the mobile terminal 300 has an eSE ID 303. The eSE 310 stores a profile 320.
The profile 320 has a profile ID 304. The profile 320 includes a USIM 330. The USIM 330 includes an IMSI 307 and K 308. The profile 320 further includes supplementary values 305 and 306, which are used to deactivate the profile 320 when the profile 320 is illegitimately copied or cloned to another eSE. The profile 320 may further include an eSE ID 305 indicating the identifier of the eSE in which the profile 320 is to be installed. Here, terminal ID may be used instead of eSE ID, eSE ID and terminal ID may be used together, or a combination of eSE ID and terminal ID may be used. Later, for ease of description, it is assumed that only eSE ID is used in the field 305.
The profile 320 may further include a digital signature 306. The digital signature 306 may be used to detect illegitimate modification of the eSE ID 305 or USIM 330 by a third party attempting to clone the eSE 310. The profile provider may generate the digital signature 306 by applying a digital signing procedure to the profile ID 304, eSE ID and/or terminal ID 305, and IMSI 307 and/or K 308 of the USIM 330.
In one embodiment of the present invention, the digital signature 306 may be generated using the following Equation 1.
Digital Signature=RSAwithSHA1(Profile ID|eSE ID|IMSI)   Equation 1
When the digital signature 306 is generated using the profile ID 304, eSE ID 305 and IMSI 307, illegitimate copying of both the profile 320 and the USIM 330 through examination of the digital signature 306 is prevented.
In another embodiment of the present invention, the digital signature 306 is generated using only the profile ID 304 and eSE ID 305. That is, the digital signature 306 is generated using the following Equation 2.
Digital Signature=RSAwithSHA1(Profile ID|eSE ID)   Equation 2
In this embodiment of the present invention, illegitimate copying of the profile 320 is prevented while illegitimate copying of the USIM 330 is not prevented.
In another embodiment of the present invention, the digital signature 306 may be generated using only the profile ID 304 and IMSI 307. That is, the digital signature 306 may be generated using the following Equation 3.
Digital Signature=RSAwithSHA1(Profile ID|IMSI)   Equation 3
In this embodiment of the present invention, illegitimate copying of the profile 320 is not prevented, while illegitimate copying of the USIM 330 is prevented.
FIG. 4 is a flowchart of a profile activation procedure according to an embodiment of the present invention. The mobile terminal 300 activates the profile according to the procedure of FIG. 4 , and detects illegitimate copying of the profile and/or the USIM.
Referring to FIG. 4 , at step 402, the embedded secure element (eSE) 310 selects a profile. In an embodiment of the present invention, the eSE 310 selects a profile according to a user selection through the touchscreen or keypad. In another embodiment of the present invention, when the mobile terminal 300 boots or transitions from flight mode to communication mode, the eSE 310 automatically selects a profile. The eSE 310 selects at least one stored profile in a suitable manner.
At step 403, the eSE 310 verifies the eSE ID in the selected profile. As described above, the terminal ID may be used instead of the eSE ID, or a combination of the eSE ID and terminal ID may be used.
If the eSE ID is not correct, the eSE 310 proceeds to step 404 at which the eSE 310 does not use the selected profile. Here, the eSE 310 discards the selected profile. Then, the eSE 310 selects another profile and repeats the above procedure. Here, a profile having an incorrect identifier is not used. If the eSE ID is correct, the eSE 310 proceeds to step 405.
At step 405, the eSE 310 verifies the digital signature in the selected profile. If the digital signature is correct, the eSE 310 proceeds to step 406 at which the eSE 310 uses the selected profile. If the digital signature is not correct, the eSE 310 proceeds to step 404 at which the eSE 310 does not use the selected profile and discards it.
Referring to FIG. 2 , at step 204, the profile provider 102 reconfigures the second profile 110 using data in the received first profile 109.
For profile reconfiguration with reference to a scheme for illegitimate copy prevention described in FIGS. 3 and 4 , the profile provider 102 replaces the identifier of the first embedded secure element 107 in the first profile 109 with the identifier of the second embedded secure element 108 and regenerates the signature correspondingly.
In addition, if the reconfigured second profile 110 is successfully installed in the second embedded secure element 108, the existing first profile 109 installed in the first embedded secure element 107 is removed or invalidated. If the first profile 109 is not removed due to a technical error or malicious intent, to prevent illegitimate use of the first profile 109, the profile provider 102 generates the second profile using the USIM authentication key K of the second profile 110 to be installed in the second embedded secure element 108 at step 204. The K of the second profile 110 may differ from that of the first profile 109. Alternatively, the profile provider 102 sends the AuC of the corresponding mobile network operator a request for updating the K of the first profile 109 with that of the second profile 110. Then, the AuC updates the K in accordance with the profile. While the first profile 109 is not removed from the first embedded secure element 107, as the K of the AuC is changed, the first mobile terminal 105 is unable to connect to a 3GPP network using the USIM of the first profile 109. In other words, when a connection approval request is received from the first mobile terminal 105 using the first profile 109, the AuC performs authentication using the K stored in the AuC. In this embodiment of the present invention, as the K stored in the AuC is updated with the K corresponding to the second profile 110, the connection approval request made by the first mobile terminal 105 using the old K is rejected.
At step 205, the reconfigured second profile 110 is installed in the second embedded secure element 108. The installation result is sent to the profile provider 102 and the first and second profile managers 103 and 104.
If installation of the second profile 110 is unsuccessful, the procedure ends. Hence, the first profile 109 installed in the first mobile terminal 105 remains in the same state as before the profile transfer request was made.
If installation of the second profile 110 is successful, the profile provider 102 proceeds to step 206 at which the profile provider 102 sends an update K request to the AuC. The AuC updates the K and sends the update result to the profile provider 102.
If update of the K is successful, the profile provider 102 proceeds to step 208 at which the profile provider 102 sends a request message for deleting the first profile 109 to the first mobile terminal 105. Then, the first mobile terminal 105 deletes the first profile 109. As described above, although the first profile 109 is not removed at step 208 due to a technical error or malicious intent, as the AuC has updated the K at operation 206, the first mobile terminal 105 using the first profile 109 is not allowed to access the network.
If update of the K is unsuccessful at step 206, the profile provider 102 proceeds to step 207 at which the profile provider 102 sends a request message to delete the second profile 110 to the second mobile terminal 106. Then, the second mobile terminal 106 deletes the second profile 110 and returns to the state before the profile transfer request was made. Here, although the second profile 110 is not removed due to a technical error or malicious intent, as the AuC has failed to update the K at step 206, the second mobile terminal 106 using the second profile 110 is not allowed to access the communication network.
Through the procedure described above, the profile is transferred from the first mobile terminal 105 to the second mobile terminal 106 in a secure manner. If a failure occurs at any step of the procedure, the initial state is recovered as in the case of transaction processing.
FIG. 5 is a sequence diagram illustrating a profile setting procedure according to an embodiment of the present invention.
The embodiment described in FIG. 5 may be realized on the system disclosed in FIG. 1 .
Referring to FIG. 5 , at step 505, the MNO 502 receives a profile transfer request message from a user 500. With regard to FIG. 2 , the profile transfer request message includes an identifier of the first mobile terminal 105 or first embedded secure element 107 and an identifier of the second mobile terminal 106 or second embedded secure element 108. If multiple profiles are stored in the first embedded secure element 107, the profile transfer request message further includes, to indicate a desired profile, at least one of a profile identifier, MSISDN and IMSI.
In step 510, user authentication is performed between the MNO 502 and the user 500. A request from an unauthorized user is rejected. If user authentication is successfully, the procedure continues to the next step.
In step 515, the MNO 502 forwards the received profile transfer request message to the profile provider 102.
In step 520, to find the address of a profile manager related to the first embedded secure element 107 of the first mobile terminal 105 at which the profile to be transferred is stored, the profile provider 102 sends a query to the address search server 111 and receives a corresponding response therefrom. Instead of the address search server 111, another type of address search interface or address storage device may beused. The address search server 111 is implemented as a distributed server such as a Domain Name Service (DNS) server. Alternatively, the profile provider 102 may directly store and manage addresses corresponding to individual embedded secure elements. In this embodiment of the present invention, the profile provider 102 finds the address of the first profile manager 103 without external communication, where the address may be in the form of an IP address and/or a domain address.
In step 525, the profile provider 102 sends a profile backup request message to the first profile manager 103, using the found address, where the profile backup request message includes an identifier of the first profile 109 to be transferred, an identifier of the first embedded secure element 107 (or the first mobile terminal 105), and a certificate of the profile provider 102. The certificate of the profile provider 102 includes an identifier of the MNO 502 as a field, and signing is performed based thereon.
In step 530, the first profile manager 103 forwards the profile backup request message to the first mobile terminal 105. The first profile manager 103 extracts the identifier of the first mobile terminal 105 or first embedded secure element 107 from the received profile backup request message, and identifies the destination to which the profile backup request message is to be forwarded. In particular, if an MSISDN is delivered through step 515, an SMS message may be sent as a profile backup request message to the desired terminal, where the profile backup request message includes an identifier of the first profile 109 and a certificate of the profile provider 102.
Upon reception of the profile backup request message, at step 535, the first mobile terminal 105 encrypts the profile. The first embedded secure element 107 of the first mobile terminal 105 identifies the identifier of the target profile 109 from the received profile backup request message. The first embedded secure element 107 encrypts at least a portion of the target profile 109. Profile encryption is described in detail with reference to FIG. 2 .
In FIG. 5 , in step 540, the first mobile terminal 105 sends the encrypted profile to the first profile manager 103. Only when the MNO ID contained in the certificate of the profile provider is identical to the MNO ID contained in the profile 109 and the certificate is determined to be valid, are steps 535 (encryption) and 540 (transfer) performed.
In step 545, the first profile manager 103 forwards the backed-up profile to the profile provider 102.
In step 550, the profile provider 102 configures a second profile 110 on the basis of the received profile and a new K. A description of how to configure the second profile 110 is provided with reference to FIGS. 2 to 4 .
In FIG. 5 , in step 555, the profile provider 102 finds the address of the profile manager 105 related to the second embedded secure element 108 that will receive the second profile 110 through communication with the address search server 111. Address search is similar to that in step 520. As described above, when the profile provider 102 directly maintains address information′, it finds a desired address without external communication.
In step 560, the profile provider 102 installs the second profile 110 in the second embedded secure element 108 of the second mobile terminal 106 via the second profile manager 104. The second profile 110 may be encrypted as in the case of the first profile 109. If installation is successful, the procedure continues to the next step.
In step 565, the profile provider 102 sends the AuC of the MNO 502 a request message for updating the K of the corresponding profile.
In step 570, the AuC notifies the profile provider 102 of the update result.
If update of the K is successful, in step 575, the profile provider 102 sends a request message for deleting the first profile 109 to the first mobile terminal 105. If update of the K is unsuccessful, the second profile 110 will be deleted.
FIG. 6 is a sequence diagram illustrating a profile setting procedure according to an embodiment of the present invention.
The embodiment of the invention disclosed in FIG. 6 is similar to that of FIG. 5 , but differs in that profile transfer is triggered by the first mobile terminal 105.
Referring to FIG. 6 , according to a user input or the like, the first mobile terminal 105 attempts to transfer the first profile 109 to the second embedded secure element 108 of the second mobile terminal 106. In step 605, the first mobile terminal 105 finds the address of a profile manager related to the first embedded secure element 107 through communication with the address search server 111. As described above, when the first mobile terminal 105 directly maintains such addresses, step 605 is skipped.
In step 610, the first mobile terminal 105, using the found address, sends a profile transfer request message to the first profile manager 103. The profile transfer request message includes an identifier of the first embedded secure element 107, an identifier of a profile to be transferred (e.g. Profile ID, MSISDN or IMSI), and an identifier of the second embedded secure element 108.
In step 615, the first profile manager 103 finds the address of a profile provider 102 related to the first embedded secure element 107 through communication with the address search server 111. As described above, when the first profile manager 103 directly maintains such addresses, step 615 may be skipped.
In step 620, the first profile manager 103 forwards the received profile transfer request message to the profile provider 102.
Subsequently, steps 620 to 675 are identical or similar to steps 520 to 575 of FIG. 5 , and hence a detailed description thereof is omitted.
FIG. 7 is a block diagram of a profile provider according to an embodiment of the present invention.
Referring to FIG. 7 , the profile provider includes a communication unit 710 and a control unit 720.
The communication unit 710 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 . For example, in FIG. 7 , the communication unit 710 receives a profile transfer request message and sends a profile backup request message. The communication unit 710 sends an update request message for the K to the AuC and receives a corresponding result message. In addition, the communication unit 710 sends and receives encrypted profiles.
The control unit 720 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the profile provider accordingly. In particular, in FIG. 7 , the control unit 720 decrypts an encrypted profile and encrypts a plaintext profile.
FIG. 8 is a block diagram of a profile manager according to an embodiment of the present invention.
Referring to FIG. 8 , the profile manager includes a communication unit 810 and a control unit 820.
The communication unit 810 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 . For example, in FIG. 8 the communication unit 810 sends and receives a profile transfer request message and a profile backup request message. In addition, the communication unit 810 sends and receives encrypted profiles.
The control unit 820 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the profile manager accordingly.
FIG. 9 is a block diagram of a mobile terminal according to an embodiment of the present invention.
Referring to FIG. 9 , the mobile terminal includes a communication unit 910 and a control unit 920. The control unit 920 includes an embedded secure element 930.
The communication unit 910 sends and receives signals, which are required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 . For example, in FIG. 9 , the communication unit 910 sends and receives a profile transfer request message and a profile backup request message. In addition, the communication unit 910 sends and receives encrypted profiles.
The control unit 920 performs processing required to realize at least part of the embodiments described in connection with FIGS. 1 to 6 and controls individual components of the mobile terminal accordingly. In particular, in FIG. 9 , the control unit 920 installs a profile in the embedded secure element 930 or uninstalls a profile therefrom. The control unit 920 encrypts or decrypts a profile. Among steps performed by the embedded secure element 930, some steps suitable for external processing may be performed by an entity external to the embedded secure element 930.
With regard to a removable UICC, when changing a terminal from a first terminal to a second terminal, the UICC is removed from the first terminal and be is inserted into the second terminal. In this case, as a physical card is transferred, the problem of card copying or duplication between two terminals does not arise.
In an environment where a software profile corresponding to one existing UICC is transferred between two embedded secure elements of different terminals, the problem of illegitimate copying or duplicated usage of a profile may arise. Additionally, in the event that a failure occurs while the profile of a first mobile terminal is copied to a second mobile terminal and is removed, both the first mobile terminal and the second mobile terminal may use the profile or neither may use the profile. This is an erroneous situation.
According to various embodiments of the present invention, when a user purchases a new mobile terminal or replaces an existing mobile terminal, the existing profile of the first mobile terminal can be safely transferred to the second mobile terminal. Moreover, after the profile is successfully transferred, only the second profile of the second mobile terminal is usable. When a failure occurs during profile transfer, the initial state is restored and only the first profile of the first mobile terminal is usable. Hence, characteristics of transaction processing (all or nothing) are achieved. In addition to applications provided initially by the MNO, applications added later to the profile (e.g. NFC banking/card application) and data added by the user (e.g. phonebook) may be transferred. In one embodiment of the present invention, unlike an existing removable UICC (which carries all stored data when removed from or inserted into a terminal), it is possible to back up and transfer all or a portion of the contents of a profile according to user or MNO selection.
The backed-up first profile is reconfigured by the profile providing server into a second profile through data addition or modification so that the second profile is installable in the second embedded secure element. When a profile is backed up, security information such as USIM key (K) is excluded from the backup target. Hence, the security risk is minimized even if the backed-up profile is leaked.
During profile reconfiguration, the first eSE ID is replaced with the second eSE ID so that the second profile is operable only in the second embedded secure element, preventing illegitimate profile copying. In addition, when the second profile is generated, the K managed by the AuC is changed. Hence, even when the first profile is not removed from the first embedded secure element, the first profile cannot be illegitimately used. Thereby, a security mechanism is provided.
In an embodiment of the present invention, security sensitive information (e.g. authentication key K of the USIM application) in the contents of a profile is not backed up, and the profile providing server adds corresponding data during profile reconfiguration, thereby minimizing the risk due to leakage. In the present invention, it is possible for the user or manager to designate applications and data to be backed up or transferred.
As described above, when a profile is successfully copied to the new embedded secure element, the profile is deleted from the old embedded secure element. It is necessary to cope with the possibility that two copies of the same profile are present in two mobile terminals due to one copy not being deleted because of an error or malicious intent. In an embodiment of the present invention, when a new profile is configured, the profile provider changes the USIM K and updates the AuC accordingly, preventing access to the communication network using the old profile.
As described above, it is necessary to prevent a profile from being copied to another embedded secure element without permission.
In an embodiment of the present invention, a profile is configured to include the identifier of the embedded secure element in which the profile is to be installed (eSE ID) and an associated digital signature, so that the profile is either not installable or is inoperable in a different embedded secure element. The digital signature prevents the eSE ID from being modified. The digital signature may be generated on the basis of a concatenation of important parameters in the profile (e.g. profile ID, eSE ID and IMSI) and a public key of the certificate of the profile providing server. Other similar schemes may be used to generate the digital signature. When the profile is transferred, the profile provider may change certain values and regenerate the digital signature.
It is known to those skilled in the art that blocks of a flowchart (or sequence diagram) and a combination of flowcharts may be represented and executed by computer program instructions. These computer program instructions may be loaded on a processor of a general purpose computer, special purpose computer or programmable data processing equipment. When the loaded program instructions are executed by the processor, they create a means for carrying out functions described in the flowchart. As the computer program instructions may be stored in a computer readable memory that is usable in a specialized computer or a programmable data processing equipment, it is also possible to create articles of manufacture that carry out functions described in the flowchart. As the computer program instructions may be loaded on a computer or a programmable data processing equipment, when executed as processes, they may carry out steps of functions described in the flowchart.
A block of a flowchart may correspond to a module, a segment or code containing one or more executable instructions implementing one or more logical functions, or to a part thereof. In some cases, functions described by blocks may be executed in an order different from the listed order. For example, two blocks listed in sequence may be executed at the same time or executed in reverse order.
In the description, the word “unit”, “module” or the like may refer to a software component or hardware component such as a Field Programmable Gate Array (FPGA) or an Application Specific Integrated Circuit (ASIC) capable of carrying out a function or an operation. However, “unit” or the like is not limited to hardware or software. A unit or the like may be configured so as to reside in an addressable storage medium or to drive one or more processors. Units or the like may refer to software components, object-oriented software components, class components, task components, processes, functions, attributes, procedures, subroutines, program code segments, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays or variables. A function provided by a component and unit may be a combination of smaller components and units, and may be combined with other components and units to compose large components and units. Components and units may be configured to drive a device or one or more processors in a secure multimedia card.
The above description is provided to assist in a comprehensive understanding of various embodiments of the present invention. It includes various specific details to assist in that understanding but these are to be regarded as mere examples. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure.
Embodiments of the present invention have been described with reference to the accompanying drawings. Specific terms or words used in the description should be construed in accordance with the spirit of the present invention without limiting the subject matter thereof. It should be understood that many variations and modifications of the basic inventive concept described herein will still fall within the spirit and scope of the present invention as defined in the appended claims and their equivalents.

Claims (20)

What is claimed is:
1. A method for a profile server, the method comprising:
receiving, from a first terminal, a first message that requests transfer of a portion or a whole of a first profile from a first module in the first terminal to a second module in a second terminal;
generating a second profile using including the portion or the whole of the first profile and an identifier of the second module of the second terminal and a signature which is obtained based on the identifier of the second module of the second terminal; and
transmitting, to the second terminal, the generated second profile;
transmitting, to an authentication server, in response to the second profile being successfully installed in the second module, a third message requesting update of authentication key information stored in the authentication server based on the second profile; and
transmitting, to the first terminal, a fourth message that requests a deletion of the first profile in case that the authentication key information is updated successfully.
2. The method of claim 1, wherein receiving of the first message comprises: receiving, from the first terminal, includes the portion or the whole of the first profile.
3. The method of claim 1, further comprising:
transmitting, to the first terminal, a second message requesting the portion or the whole of the first profile; and
receiving, from the first terminal, the portion or the whole of the first profile.
4. The method of claim 1, further comprising:
transmitting, if the second profile is successfully installed in the second module, a third message requesting update of authentication key information associated with the second profile to an authentication center (AuC).
5. The method of claim 4 1, further comprising:
transmitting, to the first terminal, a fourth fifth message that requests a deletion of the first profileif the authentication key information is updated successfully, when the second profile is successfully installed in the second module of the second terminal.
6. A profile server, comprising:
a transceiver; and
a controller configured to:
control the transceiver to receive, via the transceiver, from a first terminal, a first message that requests transfer of a portion or a whole of a first profile from a first module in the first terminal to a second module in a second terminal, and
generate a second profile using including the portion or the whole of the first profile and an identifier of the second module of the second terminal and a signature which is obtained based on the identifier of the second module of the second terminal, and
control the transceiver to transmit, via the transceiver, to the second terminal, the generated second profile,
transmit, to an authentication server, via the transceiver, when the second profile is successfully installed in the second module, a third message requesting update of authentication key information stored in the authentication server based on the second profile, and
transmit, to the first terminal, a fourth message that requests a deletion of the first profile in case that the authentication key information is updated successfully.
7. The profile server of claim 6, wherein the controller is further configured to control the transceiver to receive, from the first terminal, first message includes the portion or the whole of the first profile.
8. The profile server of claim 6, wherein the controller is further configured to control the transceiver to transmit, via the transceiver, to the first terminal, a second message requesting the portion or the whole of the first profile, and receive, via the transceiver, from the first terminal, the portion or the whole of the first profile.
9. The profile server of claim 6, wherein the controller is further configured to control the transceiver to transmit, if the second profile is successfully installed in the second module, a third message requesting update of authentication key information associated with the second profile to an authentication center (AuC) transmit, via the transceiver, to the first terminal, a fourth message that requests a deletion of the first profile if the authentication key information is updated successfully.
10. The profile server of claim 9 claim 6, wherein the controller is further configured to control the transceiver to transmit, via the transceiver, to the first terminal, a forth fifth message that requests a deletion of the first profileif the authentication key information is updated successfully, when the second profile is successfully installed in the second module of the second terminal.
11. The profile server of claim 6, wherein the first profile includes at least one of an identifier of the first module, an identifier of the first terminal, and a signature obtained based on the identifier of the first module, and
wherein the second profile includes at least one of the identifier of the second module, an identifier of the second terminal, and the signature which is obtained based on the identifier of the second module of the second terminal.
12. The method of claim 1, wherein the first profile includes at least one of an identifier of the first module, an identifier of the first terminal, and a signature obtained based on the identifier of the first module, and
wherein the second profile includes at least one of the identifier of the second module, an identifier of the second terminal, and the signature which is obtained based on the identifier of the second module of the second terminal.
13. A method for a terminal, the method comprising:
transmitting, to a profile server, a first message that requests transfer of a portion or a whole of a first profile from a first module in the terminal to a second module in another terminal;
receiving, from the profile server, a second message that requests a deletion of the first profile; and
deleting the first profile from the first module based on the second message,
wherein an authentication server is requested to update authentication key information based on a second profile, in response to the second profile being successfully installed in the second module,
wherein the second message is transmitted from the profile server to the terminal, in response to the second profile including the portion of the first profile and an identifier of the second module of the another terminal and a signature which is obtained based on the identifier of the second module of the another terminal being generated by the profile server, the second profile being transmitted from the profile server to the another terminal, the second profile being successfully installed in the second module, and the authentication kev information stored in the authentication server being successfully updated based on the second profile.
14. The method of claim 13, wherein the first message includes the portion or the whole of the first profile.
15. The method of claim 13, further comprising:
receiving, from the profile server, a third message requesting the portion or the whole of the first profile; and
transmitting, to the profile server, the portion or the whole of the first profile based on the third message.
16. The method of claim 13, wherein the first profile includes at least one of an identifier of the first module, an identifier of the terminal, and a signature obtained based on the identifier of the first module, and
wherein the second profile includes at least one of the identifier of the second module, an identifier of the another terminal, and the signature which is obtained based on the identifier of the second module of the another terminal.
17. A terminal, comprising:
a transceiver,
a first module; and
a controller configured to:
transmit, via the transceiver, to a profile server, a first message that requests transfer of a portion or a whole of a first profile from the first module to a second module in another terminal,
receive, via the transceiver, from the profile server, a second message that requests a deletion of the first profile, and
delete the first profile from the first module based on the second message,
wherein an authentication server is requested to update authentication key information based on a second profile, when the second profile is successfully installed in the second module, and
wherein the second message is transmitted from the profile server to the terminal, when the second profile including the portion of the first profile and an identifier of the second module of the another terminal and a signature which is obtained based on the identifier of the second module of the another terminal is generated by the profile server, the second profile is transmitted from the profile server to the another terminal, the second profile is successfully installed in the second module, and the authentication key information stored in the authentication serve is successfully updated based on the second profile.
18. The terminal of claim 17, wherein the first message includes the portion or the whole of the first profile.
19. The terminal of claim 17, wherein the controller is further configured:
receive, via the transceiver, from the profile server, a third message requesting the portion or the whole of the first profile, and
transmit, via the transceiver, to the profile server, the portion or the whole of the first profile based on the third message.
20. The terminal of claim 17, wherein the first profile includes at least one of an identifier of the first module, an identifier of the terminal, and a signature obtained based on the identifier of the first module, and
wherein the second profile includes at least one of the identifier of the second module, an identifier of the another terminal, and the signature which is obtained based on the identifier of the second module of the another terminal.
US16/537,077 2013-05-30 2019-08-09 Method and apparatus for setting profile Active USRE49465E1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/537,077 USRE49465E1 (en) 2013-05-30 2019-08-09 Method and apparatus for setting profile

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR1020130061851A KR102133450B1 (en) 2013-05-30 2013-05-30 Method and apparatus for setting profile
KR10-2013-0061851 2013-05-30
US14/292,256 US9232392B2 (en) 2013-05-30 2014-05-30 Method and apparatus for setting profile
US14/998,103 US9800993B2 (en) 2013-05-30 2015-12-23 Method and apparatus for setting profile
US16/537,077 USRE49465E1 (en) 2013-05-30 2019-08-09 Method and apparatus for setting profile

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/998,103 Reissue US9800993B2 (en) 2013-05-30 2015-12-23 Method and apparatus for setting profile

Publications (1)

Publication Number Publication Date
USRE49465E1 true USRE49465E1 (en) 2023-03-14

Family

ID=51985659

Family Applications (3)

Application Number Title Priority Date Filing Date
US14/292,256 Active 2034-07-04 US9232392B2 (en) 2013-05-30 2014-05-30 Method and apparatus for setting profile
US14/998,103 Ceased US9800993B2 (en) 2013-05-30 2015-12-23 Method and apparatus for setting profile
US16/537,077 Active USRE49465E1 (en) 2013-05-30 2019-08-09 Method and apparatus for setting profile

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US14/292,256 Active 2034-07-04 US9232392B2 (en) 2013-05-30 2014-05-30 Method and apparatus for setting profile
US14/998,103 Ceased US9800993B2 (en) 2013-05-30 2015-12-23 Method and apparatus for setting profile

Country Status (6)

Country Link
US (3) US9232392B2 (en)
EP (1) EP3005092A4 (en)
JP (2) JP6471150B2 (en)
KR (1) KR102133450B1 (en)
CN (2) CN110225488B (en)
WO (1) WO2014193188A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5139462A (en) * 1991-09-24 1992-08-18 Curtis Gabe Automated swing

Families Citing this family (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9350550B2 (en) 2013-09-10 2016-05-24 M2M And Iot Technologies, Llc Power management and security for wireless modules in “machine-to-machine” communications
US9100175B2 (en) 2013-11-19 2015-08-04 M2M And Iot Technologies, Llc Embedded universal integrated circuit card supporting two-factor authentication
US10498530B2 (en) 2013-09-27 2019-12-03 Network-1 Technologies, Inc. Secure PKI communications for “machine-to-machine” modules, including key derivation by modules and authenticating public keys
US10700856B2 (en) * 2013-11-19 2020-06-30 Network-1 Technologies, Inc. Key derivation for a module using an embedded universal integrated circuit card
KR102209031B1 (en) 2014-03-25 2021-01-28 삼성전자주식회사 Apparatus and method for subscribing to network in wireless communication system
FR3021835B1 (en) * 2014-05-27 2016-06-17 Oberthur Technologies PROFILE MANAGEMENT METHOD AND SERVER
US9253226B2 (en) 2014-06-30 2016-02-02 Linkedin Corporation Guided edit optimization
US9886288B2 (en) * 2014-06-30 2018-02-06 Microsoft Technology Licensing, Llc Guided edit optimization
US9853977B1 (en) 2015-01-26 2017-12-26 Winklevoss Ip, Llc System, method, and program product for processing secure transactions within a cloud computing system
KR102333395B1 (en) 2015-02-17 2021-12-03 삼성전자 주식회사 Method and apparatus for receiving profile information at a terminal in a wireless communication system
KR102358130B1 (en) 2015-03-25 2022-02-04 삼성전자 주식회사 Method and apparatus for swapping terminals in a wireless communication system
WO2016167536A1 (en) * 2015-04-13 2016-10-20 Samsung Electronics Co., Ltd. Method and apparatus for managing a profile of a terminal in a wireless communication system
KR20160124648A (en) * 2015-04-20 2016-10-28 삼성전자주식회사 Method and apparatus for downloading and installing a profile
ES2743576T3 (en) 2015-04-13 2020-02-19 Samsung Electronics Co Ltd Procedure and apparatus for managing a profile of a terminal in a wireless communication system
US9877190B1 (en) * 2015-06-04 2018-01-23 Sprint Communications Company L.P. System and method for authentication and sharing of subscriber data
EP3340668B1 (en) * 2015-09-11 2019-08-21 Huawei Technologies Co., Ltd. Profile processing method, profile processing apparatus, user terminal and euicc
KR102621499B1 (en) 2015-11-13 2024-01-09 삼성전자주식회사 Method and device for downloading a profile to an embedded universal integrated circuit card (eUICC) of a terminal
KR102490497B1 (en) * 2015-12-28 2023-01-19 삼성전자주식회사 Method and apparatus for receiving/transmitting profile in communication system
US9648443B1 (en) * 2016-01-21 2017-05-09 Amdocs Development Limited System, method, and computer program for device management
EP3476142B1 (en) 2016-06-23 2023-04-26 Telefonaktiebolaget LM Ericsson (PUBL) Methods and entities for ending a subscription
EP3476144B1 (en) 2016-06-23 2021-04-21 Telefonaktiebolaget LM Ericsson (publ) A method enabling migration of a subscription
KR102484367B1 (en) 2016-09-09 2023-01-04 삼성전자주식회사 Method and System for Controlling UICC and eUICC
FR3057431A1 (en) * 2016-10-07 2018-04-13 Orange TECHNIQUE FOR TRANSFERRING A PROFILE OF ACCESS TO A NETWORK
JP6879450B2 (en) * 2016-10-19 2021-06-02 大日本印刷株式会社 Electronic information storage device, profile conversion method, and profile conversion program
KR101831604B1 (en) * 2016-10-31 2018-04-04 삼성에스디에스 주식회사 Method for transmitting data, method for authentication, and server for executing the same
KR102497592B1 (en) * 2016-12-16 2023-02-08 삼성전자 주식회사 Method and apparatus for downloading a profile
KR102705484B1 (en) * 2017-01-03 2024-09-11 삼성에스디에스 주식회사 System and method for converting application
CN108990046B (en) * 2017-05-31 2020-09-29 北京华弘集成电路设计有限责任公司 Connection method of mobile network
CN108990058B (en) * 2017-05-31 2021-02-09 北京华弘集成电路设计有限责任公司 Soft SIM and embedded security unit
US10412682B2 (en) * 2017-08-30 2019-09-10 Qualcomm Incorporated Mechanism to update/download profile using low power or no power
KR102458790B1 (en) 2017-09-07 2022-10-25 삼성전자 주식회사 Method and apparatus of supporting profile transfer of devices in wireless communication system
EP3484198A1 (en) * 2017-11-09 2019-05-15 Gemalto Sa A method for a service provider to launch a targeted service implemented by an application belonging to a security domain of an euicc
JP6541816B1 (en) 2018-02-23 2019-07-10 Kddi株式会社 Communication control apparatus, communication setting method, communication setting program and communication system
CN110225487B (en) 2018-03-02 2020-12-15 华为技术有限公司 Profile generating and acquiring method, related equipment and storage medium
US10917790B2 (en) * 2018-06-01 2021-02-09 Apple Inc. Server trust evaluation based authentication
US10791461B1 (en) 2018-06-25 2020-09-29 Sprint Communications Company L.P. Mobile communication device user authenticator
CN116996876A (en) 2018-10-29 2023-11-03 苹果公司 Cellular service account transfer and authentication
JP7103198B2 (en) * 2018-12-14 2022-07-20 富士通株式会社 Contract application destination switching device, contract application destination switching system, and contract application destination switching method
KR20200101257A (en) 2019-02-19 2020-08-27 삼성전자주식회사 Method and apparatus for device change in mobile communication system
WO2020171475A1 (en) * 2019-02-19 2020-08-27 삼성전자 주식회사 Device changing method and apparatus of wireless communication system
WO2020184995A1 (en) * 2019-03-13 2020-09-17 삼성전자 주식회사 Method and device for changing euicc terminal
DE102019001840B3 (en) * 2019-03-15 2020-04-23 Giesecke+Devrient Mobile Security Gmbh PROCESS FOR PROVIDING SUBSCRIPTION PROFILES, SUBSCRIBER IDENTITY MODULE AND SUBSCRIPTION SERVER
JP6871975B2 (en) * 2019-06-11 2021-05-19 Kddi株式会社 Communication control device and communication setting method
FR3099258B1 (en) * 2019-07-26 2022-06-24 Idemia Identity & Security France Dynamic adaptation of a secure element execution environment to profiles
CN112492577B (en) * 2019-09-12 2022-04-08 中国移动通信有限公司研究院 Profile migration method and device, SM-DP + and operator background system
CN110839234A (en) * 2019-09-30 2020-02-25 恒宝股份有限公司 Code number transfer system, method and device, electronic equipment and storage medium
CN110933659A (en) * 2019-11-27 2020-03-27 Oppo广东移动通信有限公司 User identification number migration method, device, terminal and storage medium
CN111163455B (en) * 2020-02-18 2023-04-07 Oppo广东移动通信有限公司 User identification number migration method, device, terminal and storage medium
CN111935697B (en) * 2020-08-06 2022-08-19 中国联合网络通信集团有限公司 eSIM discovery service method, discovery server and eSIM terminal
US11963261B2 (en) 2020-08-26 2024-04-16 Samsung Electronics Co., Ltd. Method and apparatus for recovering profile in case of device change failure
US11240641B1 (en) * 2020-11-12 2022-02-01 Amazon Technologies, Inc. Automated device grouping

Citations (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1384689A (en) 2001-05-04 2002-12-11 西门子公司 Storing and accessing method and device of multimedia message transmitting service related information
US20040025021A1 (en) * 2002-07-30 2004-02-05 Makoto Aikawa Smart card and settlement terminal
US20050279826A1 (en) * 2004-05-13 2005-12-22 Gemplus Secure transfer of data between two smart cards
US20050283533A1 (en) 2002-08-26 2005-12-22 Marc Schluter Method for the transmission of user data objects according to a profile information object
JP2007513534A (en) 2003-05-22 2007-05-24 アクサルト・エス・アー Remote SIM card replacement and activation process
WO2008017788A2 (en) 2006-08-08 2008-02-14 France Telecom Method of communication by means of messages and associated device
US20080261561A1 (en) 2007-04-20 2008-10-23 Telefonaktiebolaget Lm Ericsson (Publ) Secure Soft SIM Credential Transfer
WO2009103623A2 (en) 2008-02-22 2009-08-27 Telefonaktiebolaget L M Ericsson (Publ) Methods and apparatus for wireless device registration
CN101652776A (en) 2007-04-03 2010-02-17 诺基亚公司 Systems, methods, devices, and computer program products for arranging a user's media files
CN101938742A (en) 2009-06-30 2011-01-05 华为技术有限公司 Method for reversely cloning subscriber identity module, device and system
JP2011028522A (en) 2009-07-24 2011-02-10 Softbank Mobile Corp Host device, authentication method, and content processing method content processing system
KR20110078627A (en) 2009-12-31 2011-07-07 삼성전자주식회사 Method and system for supporting security in mobile telecommunication system
US20120108207A1 (en) 2010-10-28 2012-05-03 Schell Stephan V Methods and apparatus for delivering electronic identification components over a wireless network
US20120115441A1 (en) 2010-11-03 2012-05-10 Schell Stephan V Methods and apparatus for access data recovery from a malfunctioning device
CN102457834A (en) 2010-10-28 2012-05-16 苹果公司 Methods and apparatus for storage and execution of access control clients
EP2461613A1 (en) 2010-12-06 2012-06-06 Gemalto SA Methods and system for handling UICC data
US20120164981A1 (en) 2009-08-31 2012-06-28 Gemalto Sa Method for communicating data between a secure element and a network access point and a corresponding secure element
CN102761870A (en) 2012-07-24 2012-10-31 中兴通讯股份有限公司 Terminal authentication and service authentication method, system and terminal
US20130012159A1 (en) 2011-07-04 2013-01-10 Sony Europe Limited Mobile communications
CN102892102A (en) 2011-07-19 2013-01-23 中国移动通信集团公司 Method, system and device for binding mobile terminal and smart card in mobile network
KR20130026351A (en) 2011-09-05 2013-03-13 주식회사 케이티 Method and apparatus for managing profile of embedded uicc, provisioning method and mno-changing method using the same
WO2013036010A1 (en) 2011-09-05 2013-03-14 주식회사 케이티 Certification method using an embedded uicc certificate, provisioning and mno changing methods using the certification method, embedded uicc therefor, mno system, and recording medium
WO2013036009A1 (en) 2011-09-05 2013-03-14 주식회사 케이티 Method for managing embedded uicc and embedded uicc, mno system, provision method, and method for changing mno using same
WO2013048084A2 (en) 2011-09-28 2013-04-04 주식회사 케이티 Profile management method, embedded uicc, and device provided with the embedded uicc
WO2013066077A1 (en) 2011-11-04 2013-05-10 주식회사 케이티 Method for managing multiple profiles in an embedded uicc, and embedded uicc and terminal therefor
US8474050B2 (en) * 2007-04-13 2013-06-25 At&T Intellectual Property I, L.P. System and apparatus for transferring data between communication elements
WO2013123233A2 (en) 2012-02-14 2013-08-22 Apple Inc. Methods and apparatus for large scale distribution of electronic access clients
US20140136933A1 (en) * 2012-11-09 2014-05-15 Linkedin Corporation User profile improvement system
US20140235210A1 (en) 2011-09-05 2014-08-21 Kt Corporation Method for managing embedded uicc and embedded uicc, mno system, provision method, and method for changing mno using same
US8863240B2 (en) * 2010-10-20 2014-10-14 T-Mobile Usa, Inc. Method and system for smart card migration
US20140308991A1 (en) 2011-11-04 2014-10-16 Kt Corporation Method for managing multiple profiles in an embedded uicc, and embedded uicc and terminal therefor
US20140329502A1 (en) 2011-09-05 2014-11-06 Kt Corporation Certification method using an embedded uicc certificate, provisioning and mno changing methods using the certification method, embedded uicc therefor, mno system, and recording medium

Patent Citations (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030119552A1 (en) 2001-05-04 2003-06-26 Josef Laumen Method for storing MMS (Multimedia Messaging Service) related information, related method for accessing MMS-related information, related storage medium, related apparatus and related software programs
CN1384689A (en) 2001-05-04 2002-12-11 西门子公司 Storing and accessing method and device of multimedia message transmitting service related information
US20040025021A1 (en) * 2002-07-30 2004-02-05 Makoto Aikawa Smart card and settlement terminal
US20050283533A1 (en) 2002-08-26 2005-12-22 Marc Schluter Method for the transmission of user data objects according to a profile information object
JP2007513534A (en) 2003-05-22 2007-05-24 アクサルト・エス・アー Remote SIM card replacement and activation process
US20070167161A1 (en) 2003-05-22 2007-07-19 Diana Cheng Remote sim card replacement and activation process
US20050279826A1 (en) * 2004-05-13 2005-12-22 Gemplus Secure transfer of data between two smart cards
WO2008017788A2 (en) 2006-08-08 2008-02-14 France Telecom Method of communication by means of messages and associated device
US20100005143A1 (en) 2006-08-08 2010-01-07 France Telecom Method of communication by messages and associated device
CN101652776A (en) 2007-04-03 2010-02-17 诺基亚公司 Systems, methods, devices, and computer program products for arranging a user's media files
US20170147574A1 (en) 2007-04-03 2017-05-25 Nokia Technologies Oy Systems, Methods, Devices, And Computer Program Products For Arranging A User's Media Files
US8474050B2 (en) * 2007-04-13 2013-06-25 At&T Intellectual Property I, L.P. System and apparatus for transferring data between communication elements
JP2010532107A (en) 2007-04-20 2010-09-30 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Secure transfer of soft SIM credentials
US8712474B2 (en) * 2007-04-20 2014-04-29 Telefonaktiebolaget L M Ericsson (Publ) Secure soft SIM credential transfer
US20080261561A1 (en) 2007-04-20 2008-10-23 Telefonaktiebolaget Lm Ericsson (Publ) Secure Soft SIM Credential Transfer
WO2009103623A2 (en) 2008-02-22 2009-08-27 Telefonaktiebolaget L M Ericsson (Publ) Methods and apparatus for wireless device registration
CN101938742A (en) 2009-06-30 2011-01-05 华为技术有限公司 Method for reversely cloning subscriber identity module, device and system
JP2011028522A (en) 2009-07-24 2011-02-10 Softbank Mobile Corp Host device, authentication method, and content processing method content processing system
CN102577454A (en) 2009-08-31 2012-07-11 格马尔托股份有限公司 A method for communicating data between a secure element and a network access point and a corresponding secure element
US20120164981A1 (en) 2009-08-31 2012-06-28 Gemalto Sa Method for communicating data between a secure element and a network access point and a corresponding secure element
KR20110078627A (en) 2009-12-31 2011-07-07 삼성전자주식회사 Method and system for supporting security in mobile telecommunication system
US20120263298A1 (en) 2009-12-31 2012-10-18 Samsung Electronics Co. Ltd. Method and system for supporting security in a mobile communication system
US8863240B2 (en) * 2010-10-20 2014-10-14 T-Mobile Usa, Inc. Method and system for smart card migration
CN102457834A (en) 2010-10-28 2012-05-16 苹果公司 Methods and apparatus for storage and execution of access control clients
US20120108207A1 (en) 2010-10-28 2012-05-03 Schell Stephan V Methods and apparatus for delivering electronic identification components over a wireless network
US20120115441A1 (en) 2010-11-03 2012-05-10 Schell Stephan V Methods and apparatus for access data recovery from a malfunctioning device
WO2012076480A1 (en) 2010-12-06 2012-06-14 Gemalto Sa Method for exporting on a secure server data comprised on a uicc comprised in a terminal
US10242210B2 (en) 2010-12-06 2019-03-26 Gemalto Sa Method for managing content on a secure element connected to an equipment
US20120190354A1 (en) * 2010-12-06 2012-07-26 Gemal To Sa UICCs EMBEDDED IN TERMINALS OR REMOVABLE THERE FROM
EP2461613A1 (en) 2010-12-06 2012-06-06 Gemalto SA Methods and system for handling UICC data
US20130012159A1 (en) 2011-07-04 2013-01-10 Sony Europe Limited Mobile communications
CN102892102A (en) 2011-07-19 2013-01-23 中国移动通信集团公司 Method, system and device for binding mobile terminal and smart card in mobile network
WO2013036009A1 (en) 2011-09-05 2013-03-14 주식회사 케이티 Method for managing embedded uicc and embedded uicc, mno system, provision method, and method for changing mno using same
WO2013036010A1 (en) 2011-09-05 2013-03-14 주식회사 케이티 Certification method using an embedded uicc certificate, provisioning and mno changing methods using the certification method, embedded uicc therefor, mno system, and recording medium
US20140329502A1 (en) 2011-09-05 2014-11-06 Kt Corporation Certification method using an embedded uicc certificate, provisioning and mno changing methods using the certification method, embedded uicc therefor, mno system, and recording medium
US20140235210A1 (en) 2011-09-05 2014-08-21 Kt Corporation Method for managing embedded uicc and embedded uicc, mno system, provision method, and method for changing mno using same
KR20130026351A (en) 2011-09-05 2013-03-13 주식회사 케이티 Method and apparatus for managing profile of embedded uicc, provisioning method and mno-changing method using the same
US20140219447A1 (en) 2011-09-05 2014-08-07 Kt Corporation Method for managing profile of embedded uicc, and embedded uicc, embedded uicc-equipped terminal, provision method, and method for changing mno using same
WO2013048084A2 (en) 2011-09-28 2013-04-04 주식회사 케이티 Profile management method, embedded uicc, and device provided with the embedded uicc
US20140237101A1 (en) 2011-09-28 2014-08-21 Kt Corporation Profile management method, embedded uicc, and device provided with the embedded uicc
US20140308991A1 (en) 2011-11-04 2014-10-16 Kt Corporation Method for managing multiple profiles in an embedded uicc, and embedded uicc and terminal therefor
WO2013066077A1 (en) 2011-11-04 2013-05-10 주식회사 케이티 Method for managing multiple profiles in an embedded uicc, and embedded uicc and terminal therefor
US20130227646A1 (en) 2012-02-14 2013-08-29 Apple Inc. Methods and apparatus for large scale distribution of electronic access clients
WO2013123233A2 (en) 2012-02-14 2013-08-22 Apple Inc. Methods and apparatus for large scale distribution of electronic access clients
CN102761870A (en) 2012-07-24 2012-10-31 中兴通讯股份有限公司 Terminal authentication and service authentication method, system and terminal
US20150208238A1 (en) 2012-07-24 2015-07-23 Zte Corporation Terminal identity verification and service authentication method, system and terminal
US20140136933A1 (en) * 2012-11-09 2014-05-15 Linkedin Corporation User profile improvement system

Non-Patent Citations (11)

* Cited by examiner, † Cited by third party
Title
Chinese Office Action dated Apr. 28, 2018 issued in counterpart application No. 201480031102.8, 20 pages.
Chinese Office Action dated Jul. 2, 2021 issued in counterpart application No. 201910355873.7, 21 pages.
ETSI TC SCP, Liaison Statement on New Work Item for eUICC, S1-113233, 3GPP TSG-SA WG1 #56, Nov. 14-18, 2011, 42 pages.
European Search Report dated Nov. 14, 2016 issued in counterpart application No. 14803675.9-1870, 10 pages.
GSM Association, Embedded SIM Task Force Requirements and Use Cases 1.0, GSMA, Feb. 21, 2011, 38 pages.
Indian Office Action dated Jun. 15, 2020 issued in counterpart application No. 3782/KOLNP/2015, 6 pages.
Japanese Office Action dated Jul. 23, 2018 issued in counterpart application No. 2016-516453, 5 pages.
Japanese Office Action dated Nov. 25, 2019 issued in counterpart application No. 2019-007980, 8 pages.
Korean Office Action dated Apr. 10, 2019 issued in counterpart application No. 10-2013-0061851, 7 pages.
KR Decision of Grant dated Apr. 7, 2020 issued in counterpart application No. 10-2013-0061851, 4 pages.
Wikipedia: "Create, Read, Update and Delete", XP055316816, May 23, 2013, 2 pages.

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5139462A (en) * 1991-09-24 1992-08-18 Curtis Gabe Automated swing

Also Published As

Publication number Publication date
CN110225488A (en) 2019-09-10
US20160134991A1 (en) 2016-05-12
JP6820082B2 (en) 2021-01-27
WO2014193188A1 (en) 2014-12-04
EP3005092A1 (en) 2016-04-13
US9800993B2 (en) 2017-10-24
KR20140140882A (en) 2014-12-10
JP6471150B2 (en) 2019-02-13
US9232392B2 (en) 2016-01-05
CN110225488B (en) 2022-07-08
JP2016531459A (en) 2016-10-06
US20140357229A1 (en) 2014-12-04
CN105308560A (en) 2016-02-03
CN105308560B (en) 2019-05-28
EP3005092A4 (en) 2016-12-14
JP2019083557A (en) 2019-05-30
KR102133450B1 (en) 2020-07-13

Similar Documents

Publication Publication Date Title
USRE49465E1 (en) Method and apparatus for setting profile
US10638314B2 (en) Method and apparatus for downloading a profile in a wireless communication system
US10334443B2 (en) Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same
US10349267B1 (en) Systems and methods for transferring SIM profiles between eUICC devices
US10911939B2 (en) Embedded universal integrated circuit card profile management method and apparatus
US9843585B2 (en) Methods and apparatus for large scale distribution of electronic access clients
US11025611B2 (en) Method and apparatus of constructing secure infra-structure for using embedded universal integrated circuit card
CN106211122A (en) For managing method and corresponding sim module and the computer program of the multiple profiles in sim module
KR20160101626A (en) Method and apparatus for receiving profile information at a terminal in a wireless communication system
EP3541106A1 (en) Methods and apparatus for euicc certificate management
KR102340461B1 (en) Method and apparatus for setting profile
US12082297B2 (en) Backlog mechanism for subscriber profiles on EUICCs
CN116088885A (en) Operating system updating method and device, universal integrated circuit card and storage medium

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY