WO2013036009A1 - Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant - Google Patents

Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant Download PDF

Info

Publication number
WO2013036009A1
WO2013036009A1 PCT/KR2012/007062 KR2012007062W WO2013036009A1 WO 2013036009 A1 WO2013036009 A1 WO 2013036009A1 KR 2012007062 W KR2012007062 W KR 2012007062W WO 2013036009 A1 WO2013036009 A1 WO 2013036009A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
key
profile
mno
information
Prior art date
Application number
PCT/KR2012/007062
Other languages
English (en)
Korean (ko)
Inventor
박재민
이진형
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020110102428A external-priority patent/KR101792885B1/ko
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to US14/342,980 priority Critical patent/US9521547B2/en
Publication of WO2013036009A1 publication Critical patent/WO2013036009A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention provides a method for managing key information of an embedded Universal Integrated Circuit Card (UICC), ie, an eUICC, an MNO system, a provisioning method, and an MNO change method, in particular, a profile for managing various profiles of an eUICC.
  • UICC embedded Universal Integrated Circuit Card
  • the present invention relates to a method of managing and using an eUICC public key, which is a profile access credentials, and key information thereof.
  • a UICC Universal Integrated Circuit Card
  • the UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes.
  • the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user.
  • IMSI International Mobile Subscriber Identity
  • the UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.
  • SIM Subscriber Identity Module
  • GSM Global System for Mobile communications
  • USBMA Wideband Code Division Multiple Access
  • the user mounts the UICC on the user's terminal
  • the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal.
  • the user replaces the terminal the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.
  • Terminals requiring miniaturization for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC.
  • M2M machine-to-machine
  • an eUICC structure has been proposed which is a removable UICC.
  • the eUICC should contain user information using the UICC in IMSI format.
  • the existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider.
  • the manufactured terminal can be assigned IMSI in the eUICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied.
  • Both mobile operators and terminal manufacturers ordering terminals have no choice but to pay attention to product inventory, which leads to a problem that product prices rise.
  • the user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of eUICC, there is a need for a method for allowing a user to open a terminal regardless of a mobile communication provider.
  • eUICC subscriber information of various mobile operators to UICC from a remote location. Accordingly, a subscription management device (Subscription Manager) or profile for managing subscriber information is therefore required. Profile Manager (hereinafter referred to as 'PM') is under discussion.
  • Such SMs are mainly discussed as being responsible for information management of eUICC, information management of various telecommunication carriers, authentication of remote carriers, and change of remote information. It has not been decided yet.
  • the present invention provides a method for managing information on profile access credentials of an eUICC.
  • Another object of the present invention is to provide a method for managing key information for an eUICC public key as a profile access credential capable of decrypting an encrypted profile.
  • Another object of the present invention is to provide a method for managing a key of an eUICC in an environment in which an SM is implemented in a secure routing (SM-SR) and a data preparation (SM-DP).
  • SM-SR secure routing
  • SM-DP data preparation
  • EUICC provides a method of holding / managing the corresponding secret key).
  • Another object of the present invention is to provide a method for storing and managing profile access credentials used by an eUICC to access a profile (provisioning profile, operation profile, etc.) and transmitting information about the profile access credentials to an external entity.
  • the eUICC in the built-in UICC (eUICC) interlocked with the communication service provider (MNO) system, the subscription management system (SM), the eUICC is a process for checking the status and capability with external entities such as the MNO system or SM
  • the eUICC provides a key information management method of the eUICC that provides key information including information such as a key generation algorithm, a key length, and a key generation method as information on its state and capability.
  • Another embodiment of the present invention is a provisioning method in an eUICC system including a telecommunications operator (MNO) system, a subscription management system (SM) and a built-in UICC (eUICC) linked thereto, wherein the MNO system is profiled from the eUICC.
  • MNO telecommunications operator
  • SM subscription management system
  • eUICC built-in UICC
  • Another embodiment of the present invention is a provisioning method in an eUICC system including a telecommunications operator (MNO) system, a subscription management system (SM), and a built-in UICC (eUICC) linked thereto, wherein the MNO system uses a profile from the eUICC.
  • MNO telecommunications operator
  • SM subscription management system
  • eUICC built-in UICC
  • Another embodiment of the present invention is a method of changing an MNO in an eUICC system including a telecommunication service provider (MNO) system, a subscription management system (SM), and a built-in UICC (eUICC) linked thereto, wherein a receiving MNO system is provided from the eUICC.
  • MNO telecommunication service provider
  • SM subscription management system
  • eUICC built-in UICC
  • Another embodiment of the present invention is a built-in UICC (eUICC) interlocked with a communication service provider (MNO) system, subscription management system (SM), the eUICC is to decode the profile transmitted from an external entity such as the MNO system or SM.
  • EUICC includes information about key generation algorithm, key length information, key generation method, etc. to one of the external entities. Provides an eUICC that provides
  • Another embodiment of the present invention is a built-in UICC (eUICC) interworking with a communication service provider (MNO) system, subscription management system (SM), the eUICC is a chip operation system (Chip OS; COS), SIM platform, SIM An eUICC includes a service management platform and a PKI key information profile for storing and managing key information on a profile access credential capable of decrypting a profile transmitted from the MNO system or the SM.
  • MNO communication service provider
  • SM subscription management system
  • COS chip operation system
  • SIM platform SIM
  • An eUICC includes a service management platform and a PKI key information profile for storing and managing key information on a profile access credential capable of decrypting a profile transmitted from the MNO system or the SM.
  • Another embodiment of the present invention is a telecommunications operator (MNO) system interworking with a subscription management system (SM) and a built-in UICC (eUICC), the MNO system is provisioning or MNO from the eUICC in the process of provisioning or MNO of eUICC
  • MNO telecommunications operator
  • SM subscription management system
  • eUICC built-in UICC
  • the present invention provides an MNO system for receiving PKI key information on an eUICC public key capable of encrypting an eUICC profile required for modification, encrypting the eUICC profile with the eUICC, and then transmitting the eUICC profile to the eUICC.
  • Figure 1 shows the overall service architecture including the eUICC to which the present invention is applied.
  • FIG. 2 shows a system architecture of an SM separation environment to which the present invention may be applied.
  • FIG. 3 is an overall flowchart of a provisioning process according to an embodiment of the present invention.
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process according to an embodiment of the present invention.
  • FIG. 5 illustrates an internal structure of an eUICC or eSIM according to an embodiment of the present invention.
  • FIG. 6 illustrates an example of a file structure of an eUICC applied to an embodiment of the present invention.
  • M2M (Machine-to-Machine) terminal which is actively discussed in the current GSMA, should be small in size.
  • a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.
  • the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as 'MNO') that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).
  • IMSI International Mobile Subscriber Identity
  • the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.
  • the eUICC or eSIM that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference.
  • the international standardization bodies of GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM manufacturers, as well as necessary elements including top-level structures.
  • the central point of the issue is SM, called Subscription Manager, which issues and subscribes operator information (which can be used in other expressions such as Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package, etc.) to eSIM.
  • Subscription Refers to an entity or its function / role that plays an overall administrative role for eSIM, such as handling a process for a change or MNO change.
  • SM has been classified into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which directly carries operator information on eSIM. Proposed a scheme to transmit the data, but the details are insufficient.
  • Profile Access Credentials ie, eUICC public key and corresponding secret key, used for encrypting a profile in a system composed of MNO, SM, eUICC, etc. are stored in the eUICC. Suggest ways to manage. In addition, it also proposes a method for transmitting information on the profile access credential inside the eUICC to an external entity for use in encryption.
  • eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through.
  • IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.).
  • Java Card Platform Java Card Platform is one of the platforms that can provide services and load multiple applications, such as smart cards.
  • SIM requires a SIM service management platform that is responsible for loading and managing applications.
  • the SIM service management platform issues data to the SIM memory area through authentication and security with management keys.
  • the Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
  • eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).
  • management keys UICC OTA Key, GP ISD Key, etc.
  • a key that can be expressed as a management key or an eSIM management key or an eUICC management key or a security key is an eSIM access authentication key to securely deliver business information to the eSIM, and eUICC as a profile access credential mainly dealt with in the present invention. This is a distinct concept from public / private keys.
  • SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package.
  • SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).
  • OTA Over-The-Air
  • GP SCP GP Secure Communication Protocol
  • MNO1 is SM1
  • SM1 is SM4
  • SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
  • a mobile network operator refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.
  • a subscription manager is a subscription management device and performs a management function of an eUICC.
  • eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).
  • Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • a device's provider in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • Provisioning refers to a process of loading a profile into an eUICC
  • a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.
  • Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.
  • eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.
  • Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .
  • a profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.
  • PCFs policy control functions
  • Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.
  • Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.
  • eSIM eUICC
  • the eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • MNO systems one or more SM systems
  • eUICC manufacturer system an eUICC manufacturer system
  • device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • the dashed line in FIG. 1 shows the trust circle, and the two solid lines represent the secure link.
  • the MNO and eUICC must be able to decode the MNO Credentials information, that is, the profile (operation profile, provisioning profile, etc.).
  • the profile operation profile, provisioning profile, etc.
  • the only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • Subscriptions cannot be switched within the eUICC outside of operator policy control.
  • the user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.
  • the MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.
  • MNO credentials or profiles must be done in a secure manner from end to end.
  • the transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO.
  • No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • the operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.
  • SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.
  • the SM has no direct relationship with the MNO subscriber for subscription management.
  • the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.
  • the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts.
  • the donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.
  • the architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC.
  • the SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.
  • SM can be divided into two sub-functions such as SM-SR and SM-DP.
  • SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.
  • SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission.
  • the key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Can be added.
  • SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.
  • SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC.
  • the key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC.
  • To manage communication with eUICC 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).
  • the SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.
  • the circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery.
  • MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves.
  • EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.
  • 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.
  • FIG. 2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.
  • the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.
  • SM-DP can be linked with SM-SR and MNO system can be linked with SM-DP
  • the eUICC can guarantee integrity, confidentiality, and authenticity for loading various profiles (provisioning profile, operation profile, etc.). May include mechanisms.
  • An example of such a mechanism may include an encryption / decryption mechanism using a public key and a private key of eUICC, which is a profile access credential as described below, and optionally an electronic signature using a public and private key of SM. Can be.
  • the various profiles within the eUICC architecture must be very secured by a secure mechanism that can guarantee integrity, confidentiality and authenticity, so that profiles are transferred to the eUICC (rather than being provisioned at the manufacturing stage).
  • a very safe mechanism is needed to protect the system.
  • the eUICC can store / manage profile access credentials and information on them that can manage or handle various profiles (provisioning profile, operation profile, etc.) in the eUICC, and provide them to external entities. have.
  • profile access credentials eg, provisioning profile, operation profile, etc.
  • profiles provisioning profiles, operation profiles, etc.
  • an endpoint e.g., Subscription Manager
  • an encrypted profile transmitted from an external entity can be decrypted using the profile access credential.
  • the profile access credential in the present specification refers to data used to decrypt a profile received from an external entity such as an SM or an MNO, and is not necessarily limited to the above terms, and performs equivalent functions. It may be expressed in other terms, such as profile installation credentials, profile installer credentials, and so on.
  • one embodiment of the present invention includes a method of using an eUICC public key as a profile access credential that can encrypt / decrypt the following profile or profile management data.
  • the eUICC public key / secret key pair as the profile access credential may be generated in the eUICC manufacturing step and stored inside the eUICC, and the eUICC may be dynamically generated according to a request from an external interface (SM, etc.). You can also create and save it.
  • SM external interface
  • Public key / secret key generation methods include various algorithms such as Rivest Shamir Adleman (RSA), Elliptic Curve Cryptography (ECC), Diffie-Hellman (DH), DSA, or Digital Signature Standard (DSS).
  • RSA Rivest Shamir Adleman
  • ECC Elliptic Curve Cryptography
  • DH Diffie-Hellman
  • DSS Digital Signature Standard
  • the key length, the key generation algorithm, and the like may be different.
  • the eUICC public key / secret key and its PKI key information as a statically or dynamically generated profile access credential must be stored and managed stably inside the eUICC, and as an external entity related to encryption / decryption.
  • the public key and PKI key information it is necessary to perform smooth public key encryption and decryption.
  • Profile Access Credentials that is, public key and corresponding secret key, used for encrypting a profile in a system composed of MNO, SM, eUICC, etc.
  • key information key generation algorithm, key length, key generation method, etc.
  • it also proposes a method for transmitting information on the profile access credential inside the eUICC to an external entity for use in encryption.
  • FIG. 3 is an overall flowchart of a provisioning process corresponding to a first subscription in a system to which the present invention is applied.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO. (Request activation; S310) Then, in step S320, the eUICC is transmitted between the MNO and the eUICC. Status request and technical capability control request / confirmation are performed (eUICC status request and technical capability control; S320).
  • IMEI device identification information
  • eICCid eUICC identification information
  • This step S320 is a process for the eUICC to provide information about its state and technical capabilities to an external entity, and is not limited to the above expression, and may be represented by a state and capability checking process.
  • the eUICC may provide PKI key information (key generation algorithm, key length, key generation method, etc.) as information on the state and capability according to the present embodiment to the corresponding MNO system.
  • the eUICC may provide its public key generated by the PKI key information to a corresponding SM (especially, SM-SR).
  • step S330 the MNO collects eUICC identity verification and information about the device (eUICC) between the SM-SR (eUICC identity verification and collect information about device).
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR according to an embodiment of the present invention.
  • the acquisition of such a public key may be static or dynamic. If the static key is made publicly, the eUICC is already manufactured at the time of manufacture of the eUICC, and specifically disclosed through a cryptographic operation processor (CCP, etc.) in the eUICC. A key and a secret key are generated so that the eUICC stores a secret key, and the public key is shared by all SM-SRs so that the public key for a specific eUICC can be recognized. The public key for the eUICC is delivered to the MNO.
  • CCP cryptographic operation processor
  • the SM-SR when there is a request from the MNO (including specific eUICC identification information), the SM-SR requests the corresponding eUICC to transmit the public key, and the eUICC is issued to an eUICC-equipped terminal.
  • a communication module provisioning module, issuing module, opening module, etc.
  • one security module mounted in the eUICC may be commonly installed in the eUICC according to an eUICC manufacturing step or an eUICC policy thereafter, and a plurality of security modules may be installed for each MNO according to the eUICC policy and each MNO policy.
  • the MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through the SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • Primary encryption, step S340 In this case, in order to provide authenticity, the SM-DP may generate an additional digital signature with its own private key. That is, in step S340, the SM-DP may sign the profile with its own private key or secret key for authentication.
  • the generation of such a profile and the encryption using the eUICC public key need not necessarily be performed by the SM-DP, and the MNO system may perform it by itself.
  • the MNO sends the primary encrypted (eUICC) profile to the SM-SR and requests secondary encryption
  • the SM-SR uses the eUICC management keys (eUICC OTA key, GP ISD key, etc.) already stored.
  • the second eUICC profile is encrypted and transferred to the MNO.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S360).
  • the public key or certificate of the SM-DP may be transmitted to the eUICC together to provide authentication. have.
  • eUICC Since eUICC already knows eUICC management key, it decrypts first and then decrypts the profile to be used for provisioning by second decryption using the secret key corresponding to its public key (already known at the manufacturing or public key dynamic generation stage). can do.
  • the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) for certificate verification (to verify that it is an eUICC profile created from the SM-DP corresponding to the public key obtained from the MNO). Signature verification can be performed).
  • step S370 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR that have finished provisioning.
  • step S310 the eUICC identification information (eICCid, etc.) is public data and must be integrated and protected inside the eUICC.
  • step S320 and S330 the status request and technical possibility control provide proof of the eUICC identity (trusted eUICC), and should be able to confirm the eligibility of the eUICC characteristic for the MNO service.
  • a double encryption mechanism is used for generating and transmitting an eUICC profile. That is, the generation profile linked to the eUICC by the SM-DP is encrypted by an encryption mechanism that can only be read by the target eUICC, and the digital signature is performed by the SM-DP to confirm that the profile is generated from a legitimate SM-DP.
  • SM-SR encrypts the generated profile with an eUICC management key to authenticate and protect the eUICC during delivery.
  • the SM-SR database may be updated at the end of the subscription installation (Subscription installation).
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process to which the present invention is applied.
  • the provisioning process of FIG. 3 is similar to the provisioning process of FIG. 3 (that is, after the change, the new MNO corresponds to the MNO of FIG. 3), except that the new MNO performs negotiation and transfer of rights to the donor MNO before and after profile generation for the new MNO. (Step S440 ').
  • the difference between the MNO change process of FIG. 4 and the provisioning process of FIG. 3 is that, using a provisioning or operation active profile, an activation request is sent to a donor MNO OTA bearer, and the new MNO is either new OTA or OTI. To request a path from the SM-SR to download the profile.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO (Receiving MNO) to be changed. (Request activation; S410) Then, step S420 An eUICC status request and technical capability control request / confirmation is performed between the receiving MNO and the eUICC in (eUICC status request and technical capability control; S420).
  • IMEI device identification information
  • eICCid eUICC identification information
  • the eUICC is information about a PKI key (key generation algorithm, key) which is a public key (PK) or profile access credential information as one of information on its state and technical capability. Length, key generation, etc.) may be included in the corresponding receiving MNO system or SM-SR, which is the same as the provisioning process S320.
  • a PKI key key generation algorithm, key
  • PK public key
  • Length, key generation, etc. may be included in the corresponding receiving MNO system or SM-SR, which is the same as the provisioning process S320.
  • step S430 the receiving MNO collects eUICC identity verification and information about the device (eUICC) between the SM-SR (eUICC identity verification and collect information about device).
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR according to an embodiment of the present invention.
  • the acquisition of such a public key may be static or dynamic. If the static key is made publicly, the eUICC is already manufactured at the time of manufacture of the eUICC, and specifically disclosed through a cryptographic operation processor (CCP, etc.) in the eUICC. A key and a secret key are generated so that the eUICC stores a secret key, and the public key is shared by all SM-SRs so that the public key for a specific eUICC can be recognized. The public key for the eUICC is delivered to the MNO.
  • CCP cryptographic operation processor
  • Receiving MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • the SM-DP may generate an additional digital signature with its private key. That is, in step S440 SM-DP can digitally sign the profile with its own private key or secret key for authentication.
  • This negotiation and the right transmission step S440 ' may be performed before or after step S440.
  • This negotiation and rights transfer step (S440 ') is a process in which a new receiving MNO asks a previous MNO (donor MNO) whether the corresponding eUICC is justified, and transfers rights (information) due to the MNO change. .
  • a new MNO (Receiving MNO) requests authentication of the donor MNO after notifying of a subscription switching or MNO change, and this authentication may be provided by a policy control function.
  • the SM-SR stores the eUICC management key (eUICC OTA key, GP ISD key, etc.) already stored. Secondly encrypt the eUICC profile by using and transmits to the MNO.
  • eUICC management key eUICC OTA key, GP ISD key, etc.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S460).
  • the public key or certificate of the SM-DP can be transmitted to the eUICC together to provide authentication. have.
  • the eUICC Since eUICC already knows the eUICC management key, it decrypts it first, and then decrypts it with the secret key corresponding to its public key (which is already known at the manufacturing or public key dynamic generation stage), so that the profile to be used for MNO change is completely Can be decrypted
  • the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) for certificate verification (to verify that it is an eUICC profile created from the SM-DP corresponding to the public key obtained from the MNO). Signature verification can be performed).
  • step S470 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR which have finished provisioning.
  • a method for managing the public key / private key (private key) used for encryption of the eUICC profile in this way is proposed. That is, the present invention proposes a method for applying various PKI technologies in an environment that is utilized during the life cycle of the eUICC by generating a PKI key at the eUICC manufacturing stage in the SM role separation environment proposed by the GSMA.
  • the eUICC in the present invention is a PKI key pair is generated on the basis of various PKI technologies (eg, RSA, ECC, DH, etc.) at the manufacturing stage by the SIM vendor (Vendor), the generated PKI key Detailed information about (hereinafter referred to as PKI key information) is stored separately in eUICC.
  • PKI key information Detailed information about
  • the public key / secret key may be dynamically generated by using the issuance processing module and the security module in the terminal.
  • the PKI key information for the generated PKI should be securely stored in the eUICC.
  • PKI key information in the present specification may include one or more of a key generation algorithm, a key length, a key generation method, but is not limited thereto, and other than the public key / secret key itself generated by the PKI.
  • the concept includes all relevant information.
  • the format of storing the PKI itself or PKI key information in the eUICC may be a file type such as an elementary file (EF), a file structure type such as a tag, length, or value (TLV), or an application type such as an applet, but is not limited thereto. no.
  • EF elementary file
  • TLV file structure type
  • applet an application type such as an applet
  • the PKI itself and PKI key information can be stored inside the eUICC in the form of a single profile, where the PKI-related profile is a key info profile, an administration profile, and a common profile. ), But is not limited to general profile. In the following description, the key information profile will be described.
  • FIG. 5 illustrates an internal structure of an eUICC according to an embodiment of the present invention.
  • the eUICC 500 is included in a device or terminal in a non-removable manner, inside the eUICC chip OS (COS) 510 of the lowest level and the SIM platform of the upper level 520, a higher level SIM service management platform 530, and the like, including a PKI key information profile 540 according to the present invention.
  • COS eUICC chip OS
  • the key information profile 540 is stored in the form of an EF type key information profile such as, for example, EF_eSIMPKI.
  • the key information profile 540 is not limited to the above-described format. It may be in the form of a file structure such as) or in the form of an application such as an applet.
  • the PKI key information or key information profile stored in the eUICC may include, for example, information on a key generation method of ALG_RSA / ALG_RSA_CRT / ALG_DSA, and information on key lengths such as 1024 and 2048, but is not limited thereto. .
  • an application 550 having a specific function may be installed on the SIM service management platform 530, and the application may perform a function of extracting a key information profile and transmitting it to an external entity (eg, an MNO system).
  • an external entity eg, an MNO system
  • such an application itself may store / manage the key information profile according to the present invention.
  • the eUICC 500 may include a provisioning profile, operator information or operation profile for each operator, and a security module corresponding thereto.
  • the operation profile and the security module may be included differently for each operator or MNO, but only one operation profile may be activated at a specific time.
  • eUICC management key managed by the SM-SR is included in the “eUICC”, including but not limited to, for example, a UICC OTA key, a Global Platform (ISD) IsSD Security Domain (ISD) key, and the like. Information about may be stored.
  • the eUICC operation according to an embodiment of the present invention is based on the flow of FIG. 3 or 4.
  • the MNO system may request key information from a key information profile that manages PKI key information in the eUICC.
  • the MNO system for example, reads EF_eSIMPKI, or selects and runs a specific application (SELECT) to drive the PKI key according to the present invention through a method of requesting data (ie, PKI key information) Information can be obtained.
  • the (receiving) MNO system may check which public key generation algorithm or method is generated for a specific eUICC public key acquired through SM-SR in steps S330 and S430 of FIGS. 3 and 4. Based on this information, the necessary profile can be encrypted using the public key of the corresponding eUICC via the SM-DP in steps S340 and S440.
  • FIG. 6 shows an example of a file structure (UICC Application Structure) of the eUICC applied to this embodiment.
  • a file type stored in an eUICC or an eSIM may be largely divided into a master file (MF), a dedicated file (DF), and an elementary file (EF). have.
  • MF master file
  • DF dedicated file
  • EF elementary file
  • MF refers to a unique Mandatory File that contains an Access Condition and may optionally contain DFs and EFs.
  • a DF is a file that enables functional grouping of a file.
  • the DF may be a parent file of DFs and / or EFs, and may be referred to as a file identifier.
  • DF TELECOM is set to '7F10' and DF GSM is set to '7F20' in the DF.
  • DF TELECOM may be optionally used and includes application independent information.
  • the DF PHONEBOOK under DF TELECOM , '7F10' is set to '5F3A' for DF MULTIMEDIA , '5F3B' for DF MULTIMEDIA , and '5F50' for DF GRAPHIC .
  • EF DIR is a linear fixed file under MF, which is a kind of application independent file.
  • the PKI key information according to the present embodiment may be stored in the form of EF_eSIMPKI, which is a basic file, and included in the file structure of the eUICC.
  • EF_eSIMPKI may be located under DF TELECOM (file identifier 7F10), may have a '6F1X' as a file identifier, and 'X' in the 6F1X file identifier of EF_eSIMPKI is 0 to F It can mean one of the values.
  • the file structure of the eUICC or eSIM according to the present embodiment is not limited to FIG. 6, and other forms (for example, a file structure such as a TLV or an application form such as an applet) for storing necessary PKI key information are also included. It will be possible.

Abstract

La présente invention se rapporte à des authentifiants d'accès à un profil qui sont utilisés pour coder des profils dans un système comprenant : un opérateur de réseau mobile (MNO) ; un gestionnaire d'abonnement (SM) ; une UICC intégrée (eUICC) ; et similaires. De façon plus spécifique, la présente invention se rapporte à un procédé adapté pour stocker et gérer une clé de publication d'eUICC ainsi qu'une clé secrète correspondante, ou similaire, à l'intérieur de l'eUICC. La présente invention se rapporte d'autre part à un procédé adapté pour transmettre des informations relatives à des authentifiants d'accès à un profil à l'intérieur de l'eUICC, ainsi qu'à des entités externes en vue d'un codage et similaires.
PCT/KR2012/007062 2011-09-05 2012-09-04 Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant WO2013036009A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/342,980 US9521547B2 (en) 2011-09-05 2012-09-04 Method for managing embedded UICC and embedded UICC, MNO system, provision method, and method for changing MNO using same

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2011-0089639 2011-09-05
KR20110089639 2011-09-05
KR10-2011-0102428 2011-10-07
KR1020110102428A KR101792885B1 (ko) 2011-09-05 2011-10-07 eUICC의 키정보 관리방법 및 그를 이용한 eUICC, MNO시스템, 프로비저닝 방법 및 MNO 변경 방법

Publications (1)

Publication Number Publication Date
WO2013036009A1 true WO2013036009A1 (fr) 2013-03-14

Family

ID=47832397

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/007062 WO2013036009A1 (fr) 2011-09-05 2012-09-04 Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant

Country Status (1)

Country Link
WO (1) WO2013036009A1 (fr)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533634A (zh) * 2013-10-25 2014-01-22 中国联合网络通信集团有限公司 激活配置文件的系统、eUICC及其激活配置文件的方法
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US20140357229A1 (en) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
WO2015184064A1 (fr) * 2014-05-30 2015-12-03 Apple Inc. Stockage sécurisé d'un module électronique d'identité d'abonné sur un dispositif de communications sans fil
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
TWI554123B (zh) * 2014-05-23 2016-10-11 蘋果公司 電子用戶識別模組供應
CN106465107A (zh) * 2014-07-07 2017-02-22 华为技术有限公司 嵌入式通用集成电路卡管理的授权方法及装置
CN107660346A (zh) * 2015-03-25 2018-02-02 三星电子株式会社 用于在无线通信系统中下载简档的方法和设备
US9967247B2 (en) 2014-05-01 2018-05-08 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US20200228962A1 (en) * 2014-11-17 2020-07-16 Samsung Electronics Co., Ltd. Apparatus and method for profile installation in communication system
US10768918B2 (en) 2013-12-05 2020-09-08 Huawei Device Co., Ltd. Method and device for downloading profile of operator
CN114556977A (zh) * 2019-10-21 2022-05-27 谷歌有限责任公司 即时eSIM测试简档生成器
US11381964B2 (en) 2014-05-20 2022-07-05 Nokia Technologies Oy Cellular network authentication control

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003530012A (ja) * 2000-03-31 2003-10-07 ノキア コーポレイション パケット・データ・ネットワークにおける認証方法
US7382882B1 (en) * 1998-07-03 2008-06-03 Nokia Corporation Secure session set up based on the wireless application protocol
KR20080077786A (ko) * 2007-02-21 2008-08-26 주식회사 케이티프리텔 이동통신 단말기 및 가입자 식별 모듈을 이용한 개인 인증방법 및 장치
EP2175674A1 (fr) * 2008-10-13 2010-04-14 Vodafone Holding GmbH Procédé et système pour l'appairage de dispositifs

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7382882B1 (en) * 1998-07-03 2008-06-03 Nokia Corporation Secure session set up based on the wireless application protocol
JP2003530012A (ja) * 2000-03-31 2003-10-07 ノキア コーポレイション パケット・データ・ネットワークにおける認証方法
KR20080077786A (ko) * 2007-02-21 2008-08-26 주식회사 케이티프리텔 이동통신 단말기 및 가입자 식별 모듈을 이용한 개인 인증방법 및 장치
EP2175674A1 (fr) * 2008-10-13 2010-04-14 Vodafone Holding GmbH Procédé et système pour l'appairage de dispositifs

Cited By (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10015665B2 (en) 2012-11-16 2018-07-03 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US8898769B2 (en) 2012-11-16 2014-11-25 At&T Intellectual Property I, Lp Methods for provisioning universal integrated circuit cards
US10834576B2 (en) 2012-11-16 2020-11-10 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US10681534B2 (en) 2012-11-16 2020-06-09 At&T Intellectual Property I, L.P. Methods for provisioning universal integrated circuit cards
US8959331B2 (en) 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US9886690B2 (en) 2012-11-19 2018-02-06 At&T Mobility Ii Llc Systems for provisioning universal integrated circuit cards
US9185085B2 (en) 2012-11-19 2015-11-10 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
US20140357229A1 (en) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
WO2014193188A1 (fr) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Procédé et appareil de configuration de profils
US9800993B2 (en) 2013-05-30 2017-10-24 Samsung Electronics Co., Ltd Method and apparatus for setting profile
USRE49465E1 (en) 2013-05-30 2023-03-14 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
US9232392B2 (en) 2013-05-30 2016-01-05 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
US9036820B2 (en) 2013-09-11 2015-05-19 At&T Intellectual Property I, Lp System and methods for UICC-based secure communication
US10091655B2 (en) 2013-09-11 2018-10-02 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US10735958B2 (en) 2013-09-11 2020-08-04 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US9461993B2 (en) 2013-09-11 2016-10-04 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US11368844B2 (en) 2013-09-11 2022-06-21 At&T Intellectual Property I, L.P. System and methods for UICC-based secure communication
US9419961B2 (en) 2013-10-04 2016-08-16 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US10122534B2 (en) 2013-10-04 2018-11-06 At&T Intellectual Property I, L.P. Apparatus and method for managing use of secure tokens
US9124573B2 (en) 2013-10-04 2015-09-01 At&T Intellectual Property I, Lp Apparatus and method for managing use of secure tokens
US10104062B2 (en) 2013-10-23 2018-10-16 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US10778670B2 (en) 2013-10-23 2020-09-15 At&T Intellectual Property I, L.P. Apparatus and method for secure authentication of a communication device
US9208300B2 (en) 2013-10-23 2015-12-08 At&T Intellectual Property I, Lp Apparatus and method for secure authentication of a communication device
CN103533634A (zh) * 2013-10-25 2014-01-22 中国联合网络通信集团有限公司 激活配置文件的系统、eUICC及其激活配置文件的方法
US10375085B2 (en) 2013-10-28 2019-08-06 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US11005855B2 (en) 2013-10-28 2021-05-11 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US9813428B2 (en) 2013-10-28 2017-11-07 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US9240994B2 (en) 2013-10-28 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for securely managing the accessibility to content and applications
US10104093B2 (en) 2013-10-28 2018-10-16 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US11477211B2 (en) 2013-10-28 2022-10-18 At&T Intellectual Property I, L.P. Apparatus and method for securely managing the accessibility to content and applications
US10567553B2 (en) 2013-11-01 2020-02-18 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US9628587B2 (en) 2013-11-01 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US10701072B2 (en) 2013-11-01 2020-06-30 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9313660B2 (en) 2013-11-01 2016-04-12 At&T Intellectual Property I, Lp Apparatus and method for secure provisioning of a communication device
US9240989B2 (en) 2013-11-01 2016-01-19 At&T Intellectual Property I, Lp Apparatus and method for secure over the air programming of a communication device
US9882902B2 (en) 2013-11-01 2018-01-30 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9942227B2 (en) 2013-11-01 2018-04-10 At&T Intellectual Property I, L.P. Apparatus and method for secure over the air programming of a communication device
US10200367B2 (en) 2013-11-01 2019-02-05 At&T Intellectual Property I, L.P. Apparatus and method for secure provisioning of a communication device
US9729526B2 (en) 2013-11-27 2017-08-08 At&T Intellectual Property I, L.P. Apparatus and method for secure delivery of data from a communication device
US9413759B2 (en) 2013-11-27 2016-08-09 At&T Intellectual Property I, Lp Apparatus and method for secure delivery of data from a communication device
US9560025B2 (en) 2013-11-27 2017-01-31 At&T Intellectual Property I, L.P. Apparatus and method for secure delivery of data from a communication device
US10768918B2 (en) 2013-12-05 2020-09-08 Huawei Device Co., Ltd. Method and device for downloading profile of operator
US10476859B2 (en) 2014-05-01 2019-11-12 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US9967247B2 (en) 2014-05-01 2018-05-08 At&T Intellectual Property I, L.P. Apparatus and method for managing security domains for a universal integrated circuit card
US11381964B2 (en) 2014-05-20 2022-07-05 Nokia Technologies Oy Cellular network authentication control
US9998925B2 (en) 2014-05-23 2018-06-12 Apple Inc. Electronic subscriber identity module provisioning
TWI621360B (zh) * 2014-05-23 2018-04-11 蘋果公司 電子用戶識別模組供應
TWI554123B (zh) * 2014-05-23 2016-10-11 蘋果公司 電子用戶識別模組供應
US10061942B2 (en) 2014-05-30 2018-08-28 Apple Inc. Secure storage of an electronic subscriber identity module on a wireless communication device
WO2015184064A1 (fr) * 2014-05-30 2015-12-03 Apple Inc. Stockage sécurisé d'un module électronique d'identité d'abonné sur un dispositif de communications sans fil
CN106465107A (zh) * 2014-07-07 2017-02-22 华为技术有限公司 嵌入式通用集成电路卡管理的授权方法及装置
US10623952B2 (en) 2014-07-07 2020-04-14 Huawei Technologies Co., Ltd. Method and apparatus for authorizing management for embedded universal integrated circuit card
US20200228962A1 (en) * 2014-11-17 2020-07-16 Samsung Electronics Co., Ltd. Apparatus and method for profile installation in communication system
US10986487B2 (en) * 2014-11-17 2021-04-20 Samsung Electronics Co., Ltd. Apparatus and method for profile installation in communication system
CN107660346B (zh) * 2015-03-25 2021-04-13 三星电子株式会社 用于在无线通信系统中下载简档的方法和设备
CN113207118A (zh) * 2015-03-25 2021-08-03 三星电子株式会社 用于通信系统中传送简档的方法和设备
CN107660346A (zh) * 2015-03-25 2018-02-02 三星电子株式会社 用于在无线通信系统中下载简档的方法和设备
US10939279B2 (en) 2015-03-25 2021-03-02 Samsung Electronics Co., Ltd. Method and apparatus for downloading profile in wireless communication system
CN113207118B (zh) * 2015-03-25 2024-03-12 三星电子株式会社 用于通信系统中传送简档的方法和设备
CN114556977A (zh) * 2019-10-21 2022-05-27 谷歌有限责任公司 即时eSIM测试简档生成器

Similar Documents

Publication Publication Date Title
WO2013036009A1 (fr) Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant
KR102026612B1 (ko) 신뢰관계 형성 방법 및 이를 위한 내장 uⅰcc
KR101885483B1 (ko) eUICC의 키정보 관리방법 및 그를 이용한 eUICC, MNO시스템, 프로비저닝 방법 및 MNO 변경 방법
WO2013048084A2 (fr) Procédé de gestion de profil, uicc intégré, et dispositif pourvu de l'uicc intégré
WO2016010312A1 (fr) Procédé et dispositif pour installer un profil d'une carte à circuit intégré universelle incorporée (euicc)
KR102001869B1 (ko) eUICC의 프로파일 관리방법 및 그를 이용한 eUICC, eUICC 탑재 단말과, 프로비저닝 방법 및 MNO 변경 방법
WO2013036010A1 (fr) Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement
WO2013036011A2 (fr) Procédé permettant de gérer un profil d'uicc intégrée et uicc intégrée, terminal équipé d'une uicc intégrée, procédé d'approvisionnement et procédé de modification de mno associé
KR101954450B1 (ko) 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체
WO2014193181A1 (fr) Procédé et appareil d'installation de profil
KR101891326B1 (ko) 내장 uicc 환경에서의 신뢰성 있는 sm을 이용한 가입 변경 방법 및 내장 uicc 장치
KR101891330B1 (ko) 내장 uicc 환경에서의 신뢰성 있는 sm을 이용한 가입 방법 및 내장 uicc 장치
WO2019009557A1 (fr) Procédé et appareil destinés à examiner un certificat numérique par un terminal esim et serveur
GB2392590A (en) Establishing a chain of secure communication links for delegation
WO2013066077A1 (fr) Procédé pour gérer plusieurs profils dans une carte uicc intégrée, carte uicc intégrée et terminal correspondant
WO2020050701A1 (fr) Appareil et procédé au moyen desquels un dispositif ssp et un serveur négocient des certificats numériques
WO2013065983A1 (fr) Procédé de modification de droits à un domaine de sécurité pour une carte de stockage de données, serveur, carte de stockage de données et borne correspondante
KR101443161B1 (ko) 능력 정보를 이용한 내장형 범용 아이씨카드의 프로파일 프로비저닝 방법 및 이를 위한 이동통신 단말기
WO2013066016A1 (fr) Procédé pour créer une relation de confiance et carte uicc intégrée correspondante
KR20130049748A (ko) 내장 uicc 내 프로파일 백업 방법, 내장 uicc, 외부 개체, 백업 장치 및 시스템
WO2013176502A1 (fr) Procédé permettant de fournir des informations relatives à un fournisseur de communications mobiles et dispositif permettant la mise en œuvre dudit procédé
WO2013065991A1 (fr) Procédé et carte euicc pour fournir une fonction de commande de politique
WO2019229188A1 (fr) Accès d'abonné à des réseaux sans fil
WO2013066114A1 (fr) Procédé de sauvegarde de sécurité d'un profil existant dans une carte uicc intégrée, carte uicc intégrée, entité externe et dispositif de sauvegarde de sécurité
KR100974661B1 (ko) 가상 사설망 서버와 송수신하는 데이터를 보안처리 하는방법 및 스마트 카드

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12830708

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 14342980

Country of ref document: US

122 Ep: pct application non-entry in european phase

Ref document number: 12830708

Country of ref document: EP

Kind code of ref document: A1