WO2013036010A1 - Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement - Google Patents

Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement Download PDF

Info

Publication number
WO2013036010A1
WO2013036010A1 PCT/KR2012/007063 KR2012007063W WO2013036010A1 WO 2013036010 A1 WO2013036010 A1 WO 2013036010A1 KR 2012007063 W KR2012007063 W KR 2012007063W WO 2013036010 A1 WO2013036010 A1 WO 2013036010A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
mno
information
authentication information
authentication
Prior art date
Application number
PCT/KR2012/007063
Other languages
English (en)
Korean (ko)
Inventor
이진형
윤여민
김성철
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020110104171A external-priority patent/KR101954450B1/ko
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to US14/342,961 priority Critical patent/US9451459B2/en
Publication of WO2013036010A1 publication Critical patent/WO2013036010A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/42Security arrangements using identity modules using virtual identity modules

Definitions

  • the present invention relates to a method and apparatus for changing a subscription and mobile network operator (MNO) using authentication information of an embedded universal integrated circuit card (UIC), and a built-in UICC therefor.
  • MNO subscription and mobile network operator
  • UICC embedded universal integrated circuit card
  • a UICC Universal Integrated Circuit Card
  • the UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes.
  • the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user.
  • IMSI International Mobile Subscriber Identity
  • the UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.
  • SIM Subscriber Identity Module
  • GSM Global System for Mobile communications
  • USBMA Wideband Code Division Multiple Access
  • the user mounts the UICC on the user's terminal
  • the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal.
  • the user replaces the terminal the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.
  • Terminals requiring miniaturization for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC.
  • M2M machine-to-machine
  • an eUICC structure has been proposed which is a removable UICC.
  • the eUICC should contain user information using the UICC in IMSI format.
  • the existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider.
  • the manufactured terminal can be assigned IMSI in the eUICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied.
  • Both mobile operators and terminal manufacturers ordering terminals have no choice but to pay attention to product inventory, which leads to a problem that product prices rise.
  • the user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of eUICC, there is a need for a method for allowing a user to open a terminal regardless of a mobile communication provider.
  • eUICC subscriber information of various mobile operators to UICC from a remote location. Accordingly, a subscription management device (Subscription Manager) or profile for managing subscriber information is therefore required. Profile Manager (hereinafter referred to as 'PM') is under discussion.
  • SMs are mainly discussed as being responsible for information management for eUICC, information management for various mobile operators, and authentication and remote information changes for mobile operators. It has not been decided yet.
  • the present invention provides a method for changing subscription and MNO using authentication information in a communication environment including a built-in UICC, and a built-in UICC device therefor.
  • Another object of the present invention is to provide a method of pre-installing the authentication information of the eUICC inside the eUICC that can be reliably authenticated by the MNO and SM (can include SM-SR, SM-DP) system.
  • Another object of the present invention is to provide a method of verifying the identity of the eUICC, or including authentication information in the eUICC to verify whether the MNO and SM are reliable eUICC, or whether the MNO service can be performed in advance.
  • Another object of the present invention is to provide a method for a specific system in a trusted sector to issue authentication information for authentication of an eUICC.
  • Another object of the present invention is to provide a method of generating / managing eUICC authentication information for performing identity verification for eUICC between MNO and SM-SR in advance and storing / managing it in eUICC.
  • Another object of the present invention is to provide a method for performing a reliable subscription and MNO change (or subscription change) process by using the eUICC Certification.
  • An embodiment of the present invention is a method of authenticating a built-in UICC (eUICC) interworking with a communication service provider (MNO) system and a subscription management system (SM), wherein the eUICC is the MNO system or the SM verifies the identity of the eUICC. And storing the eUICC certificate that can be verified, and the eUICC provides an eUICC authentication method comprising transmitting the eUICC authentication information to the MNO system or the SM.
  • eUICC built-in UICC
  • MNO communication service provider
  • SM subscription management system
  • Another embodiment of the present invention is a built-in UICC (eUICC) interlocked with a communication service provider (MNO) system, subscription management system (SM), the eUICC is the MNO system or SM to verify the identity of the eUICC (Verification)
  • eUICC authentication profile including eUICC certificate information and at least one of card OS information, card platform information, and PIN (Personal Identification Number) information
  • the eUICC authentication profile stores the eUICC authentication information as the MNO.
  • Another embodiment of the present invention is a telecommunications operator (MNO) system, subscription management system (SM) and the built-in UICC (eUICC) interlocked with the MNO system and SM, the MNO system or SM verifies the identity of the eUICC (
  • Another embodiment of the present invention is a telecommunications operator (MNO) system, a subscription management system (SM) and a built-in UICC (eUICC) interworking with the MNO system and the SM, wherein the MNO system or SM verifies the identity of the eUICC.
  • MNO mobile telecommunications operator
  • SM subscription management system
  • eUICC built-in UICC
  • Transmitting the authentication information to a receiving MNO system and the receiving MNO system verifies the identity of the corresponding eUICC using the eUICC authentication information, and the receiving MNO system encrypts its operation profile by using the eUICC authentication information. transmitting to the eUICC, and the eUICC notifying the receiving MNO system and the donor MNO system of the fact that the MNO has changed. Provides a way to change the MNO.
  • Another embodiment of the present invention is an integrated UICC (eUICC) interworking with an operator system (MNO), a subscription routing system (SM), and a secure routing (SM-SR) and a data preparation (SM-DP) device.
  • eUICC integrated UICC
  • MNO operator system
  • SM subscription routing system
  • SM-SR secure routing
  • SM-DP data preparation
  • a provisioning method using the eUICC the eUICC receiving an eUICC certificate (eUICC Certificate) that can verify the identity of the eUICC from the eUICC manufacturer system or a terminal manufacturer system (eUICC Certificate) and stores in the eUICC, the subscriber's opening Transmitting the activation request or the opening request message to the MNO system in response to the request, and receiving the eUICC authentication information from the eUICC while the MNO system performs a status request and technical performance control check from the eUICC; And transmitting the eUICC authentication information to the SM-SR while the MNO system collects
  • Another embodiment of the present invention is an integrated UICC (eUICC) interworking with an operator system (MNO), a subscription routing system (SM), and a secure routing (SM-SR) and a data preparation (SM-DP) device.
  • MNO operator system
  • SM subscription routing system
  • SM-SR secure routing
  • SM-DP data preparation
  • the receiving MNO system receives the eUICC authentication information from the receiving MNO system and collecting the terminal related information from the SM-SR. Transmitting to the SR, the receiving MNO system negotiating with the donor MNO system and performing a transfer of rights, and the receiving MNO system or the SM-SR verifies the eUICC through the eUICC authentication information.
  • the receiving MNO system provides an MNO change method comprising the step of encrypting its operation profile to the eUICC.
  • Another embodiment of the present invention is a communication service provider (MNO) system, subscription management system (SM) and interworking with the MNO system and SM, a built-in UICC (eUICC) for managing the operation profile for the MNO, the eUICC Receives and stores the eUICC authentication information generated in the eUICC manufacturing step, transmits the eUICC authentication information to the MNO system, and provides an eUICC to receive and decrypt the encrypted operation profile transmitted from the MNO system.
  • MNO communication service provider
  • SM subscription management system
  • eUICC built-in UICC
  • Another embodiment of the present invention is an MNO system interworking with a subscription management system (SM) and a built-in UICC (eUICC), wherein the MNO system verifies the identity of the eUICC from the eUICC during a provisioning or MNO change process.
  • SM subscription management system
  • eUICC built-in UICC
  • Another embodiment of the present invention is a program installed in a built-in UICC (eUICC) interworking with a communication service provider (MNO) system and a subscription management system (SM), wherein the program is an MNO system or an SM identity of the eUICC. It provides a recording medium recording a program capable of performing a function of storing the eUICC certificate information (eUICC Certificate) that can be verified in the eUICC and the function of transmitting the eUICC authentication information to the MNO system or the SM. do.
  • eUICC built-in UICC
  • MNO communication service provider
  • SM subscription management system
  • Another embodiment of the present invention is interworking with a communication service provider (MNO) system, a subscription management system (SM) and the MNO system and SM, and is installed in a built-in UICC (eUICC) that manages an operation profile for the MNO.
  • the program includes a function of receiving and storing eUICC authentication information generated in the eUICC manufacturing step, transmitting the eUICC authentication information to the MNO system, and the encrypted operation profile transmitted from the MNO system.
  • a recording medium on which the program is recorded which performs a function of receiving and decoding the data.
  • Figure 1 shows the overall service architecture including the eUICC to which the present invention is applied.
  • FIG. 2 shows a system architecture of an SM separation environment to which the present invention may be applied.
  • FIG. 3 is an overall flowchart of a provisioning process according to an embodiment of the present invention.
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process according to an embodiment of the present invention.
  • FIG. 5 shows the internal structure of the entire system and eUICC to which the present invention is applied.
  • FIG. 6 illustrates an initial provisioning process using eUICC authentication information according to an embodiment of the present invention.
  • FIG. 7 illustrates an MNO change process using eUICC authentication information according to an embodiment of the present invention.
  • FIG. 8 illustrates a provisioning process using eUICC authentication information according to another embodiment of the present invention.
  • FIG. 9 illustrates an MNO change process using eUICC authentication information according to another embodiment of the present invention.
  • M2M (Machine-to-Machine) terminal which is actively discussed in the current GSMA, should be small in size.
  • a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.
  • the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as 'MNO') that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).
  • IMSI International Mobile Subscriber Identity
  • the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.
  • the eUICC or eSIM that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference.
  • the international standardization bodies of GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM manufacturers, as well as necessary elements including top-level structures.
  • the central point of the issue is SM, called Subscription Manager, which issues and subscribes operator information (which can be used in other expressions such as Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package, etc.) to eSIM.
  • Subscription Refers to an entity or its function / role that plays an overall administrative role for eSIM, such as handling a process for a change or MNO change.
  • SM has been classified into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which directly carries operator information on eSIM. Proposed a scheme to transmit the data, but the details are insufficient.
  • a plurality of MNOs, SMs, Device Vendors, and USIM vendors are involved, so whether the eUICC is an eUICC that MNOs and SMs can trust in the process of signing up and changing MNOs. It is necessary to verify whether or not MNO service can be performed.
  • eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through.
  • IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.).
  • Java Card Platform Java Card Platform is one of the platforms that can provide services and load multiple applications, such as smart cards.
  • SIM requires a SIM service management platform that is responsible for loading and managing applications.
  • the SIM service management platform issues data to the SIM memory area through authentication and security with management keys.
  • the Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
  • eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).
  • management keys UICC OTA Key, GP ISD Key, etc.
  • SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package.
  • SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).
  • OTA Over-The-Air
  • GP SCP GP Secure Communication Protocol
  • MNO1 is SM1
  • SM1 is SM4
  • SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
  • a mobile network operator refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.
  • a subscription manager is a subscription management device and performs a management function of an eUICC.
  • eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).
  • Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • a device's provider in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • Provisioning refers to a process of loading a profile into an eUICC
  • a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.
  • Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.
  • eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.
  • Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .
  • a profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.
  • PCFs policy control functions
  • Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.
  • Figure 1 shows the overall service architecture including eSIM (eUICC) to which the present invention can be applied.
  • eSIM eUICC
  • the present invention is not limited to the system as shown in FIG. 1 and the present invention is not limited to the form as long as authentication information for authenticating the eUICC can be used in a system including the eUICC according to the spirit of the present invention. .
  • the eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • MNO systems one or more SM systems
  • eUICC manufacturer system an eUICC manufacturer system
  • device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • the dotted line shows a circle of trust
  • the two solid lines mean a secure link
  • MNO and eUICC should be able to decode MNO Credentials information, that is, profiles (operation profiles, provisioning profiles, etc.).
  • profiles operation profiles, provisioning profiles, etc.
  • the only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • Subscriptions cannot be switched within the eUICC outside of operator policy control.
  • the user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.
  • the MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.
  • MNO credentials or profiles must be done in a secure manner from end to end.
  • the transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO.
  • No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • the operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.
  • SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.
  • the SM has no direct relationship with the MNO subscriber for subscription management.
  • the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.
  • the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts.
  • the donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.
  • the architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC.
  • the SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.
  • SM can be divided into two sub-functions such as SM-SR and SM-DP.
  • SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.
  • SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission.
  • the key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Can be added.
  • SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.
  • SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC.
  • the key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC.
  • To manage communication with eUICC 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).
  • the SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.
  • the circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery.
  • MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves.
  • EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.
  • 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.
  • FIG. 2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.
  • the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.
  • SM-DP can be linked with SM-SR and MNO system can be linked with SM-DP
  • FIG. 3 is an overall flowchart of a first subscription or provisioning process in a system such as FIG. 1 to which the present invention may be applied.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO. (Request activation; S310) Then, in step S320, the eUICC is between the MNO and the eUICC. Status request and technical capability control request / confirmation are performed (eUICC status request and technical capability control; S320).
  • IMEI device identification information
  • eICCid eUICC identification information
  • the MNO collects information on a device or eUICC between the SM-SR and the eUICC identity verification and collect information about device.
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR.
  • the encryption key is used to encrypt the profile and deliver it to the eUICC.
  • the encryption key is not limited to the public key, and a key based on other symmetric keys may be used.
  • the acquisition of such a public key may be static or dynamic. If the static key is made publicly, the eUICC is already manufactured at the time of manufacture of the eUICC, and specifically disclosed through a cryptographic operation processor (CCP, etc.) in the eUICC. A key and a secret key are generated so that the eUICC stores a secret key, and the public key is shared by all SM-SRs so that the public key for a specific eUICC can be recognized. The public key for the eUICC is delivered to the MNO.
  • CCP cryptographic operation processor
  • the SM-SR when there is a request from the MNO (including specific eUICC identification information), the SM-SR requests the corresponding eUICC to transmit the public key, and the eUICC is issued to an eUICC-equipped terminal.
  • a communication module provisioning module, issuing module, opening module, etc., and serves as communication and provisioning management with the outside of an eUICC-equipped terminal for eUICC provisioning or a security module (generating a cryptographic key in the eUICC).
  • Module, encryption key processing module, security policy module, Credential Manager, Profile Manager, etc. to generate the public key using eKey, and to perform security operation using the encryption key). It can be done in a manner.
  • one security module mounted in the eUICC may be commonly installed in the eUICC according to an eUICC manufacturing step or an eUICC policy thereafter, and a plurality of security modules may be installed for each MNO according to the eUICC policy and each MNO policy.
  • the MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through the SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • Primary encryption, step S340 In this case, in order to provide authenticity, the SM-DP may generate an additional digital signature with its own private key. That is, in step S340, the SM-DP may sign the profile with its own private key or secret key for authentication.
  • the generation of such a profile and the encryption using the eUICC public key need not necessarily be performed by the SM-DP, and the MNO system may perform it by itself.
  • the MNO sends the primary encrypted (eUICC) profile to the SM-SR and requests secondary encryption
  • the SM-SR uses the eUICC management keys (eUICC OTA key, GP ISD key, etc.) already stored.
  • the second eUICC profile is encrypted and transferred to the MNO.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S360).
  • the public key or certificate of the SM-DP may be transmitted to the eUICC together to provide authentication. have.
  • eUICC Since eUICC already knows eUICC management key, it decrypts first and then decrypts the profile to be used for provisioning by second decryption using the secret key corresponding to its public key (already known at the manufacturing or public key dynamic generation stage). can do.
  • the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) for certificate verification (to verify that it is an eUICC profile created from the SM-DP corresponding to the public key obtained from the MNO). Signature verification can be performed).
  • step S370 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR that have finished provisioning.
  • step S310 the eUICC identification information (eICCid, etc.) is public data and must be integrated and protected inside the eUICC.
  • step S320 and S330 the status request and technical possibility control provide proof of the eUICC identity (trusted eUICC), and should be able to confirm the eligibility of the eUICC characteristic for the MNO service.
  • a double encryption mechanism is used for generating and transmitting an eUICC profile. That is, the generation profile linked to the eUICC by the SM-DP is encrypted by an encryption mechanism that can only be read by the target eUICC, and the digital signature is performed by the SM-DP to confirm that the profile is generated from a legitimate SM-DP.
  • SM-SR encrypts the generated profile with an eUICC management key to authenticate and protect the eUICC during delivery.
  • the SM-SR database may be updated at the end of the subscription installation (Subscription installation).
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process in a system to which the present invention may be applied.
  • the provisioning process of FIG. 3 is similar to the provisioning process of FIG. 3 (that is, after the change, the new MNO corresponds to the MNO of FIG. 3), except that the new MNO performs negotiation and transfer of rights to the donor MNO before and after profile generation for the new MNO. (Step S440 ').
  • the difference between the MNO change process of FIG. 4 and the provisioning process of FIG. 3 is that, using a provisioning or operation active profile, an activation request is sent to a donor MNO OTA bearer, and the new MNO is either new OTA or OTI. To request a path from the SM-SR to download the profile.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO (Receiving MNO) to be changed. (Request activation; S410) Then, step S420 An eUICC status request and technical capability control request / confirmation is performed between the receiving MNO and the eUICC in (eUICC status request and technical capability control; S420).
  • IMEI device identification information
  • eICCid eUICC identification information
  • step S430 the receiving MNO collects eUICC identity verification and information about the device (eUICC) between the SM-SR (eUICC identity verification and collect information about device).
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR according to an embodiment of the present invention.
  • the acquisition of such a public key may be static or dynamic. If the static key is made publicly, the eUICC is already manufactured at the time of manufacture of the eUICC, and specifically disclosed through a cryptographic operation processor (CCP, etc.) in the eUICC. A key and a secret key are generated so that the eUICC stores a secret key, and the public key is shared by all SM-SRs so that the public key for a specific eUICC can be recognized. The public key for the eUICC is delivered to the MNO.
  • CCP cryptographic operation processor
  • Receiving MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • the SM-DP may generate an additional digital signature with its private key. That is, in step S440 SM-DP can digitally sign the profile with its own private key or secret key for authentication.
  • This negotiation and the right transmission step S440 ' may be performed before or after step S440.
  • This negotiation and rights transfer step (S440 ') is a process in which a new receiving MNO asks a previous MNO (donor MNO) whether the corresponding eUICC is justified, and transfers rights (information) due to the MNO change. .
  • a new MNO (Receiving MNO) requests authentication of the donor MNO after notifying of a subscription switching or MNO change, and this authentication may be provided by a policy control function.
  • the SM-SR stores the eUICC management key (eUICC OTA key, GP ISD key, etc.) already stored. Secondly encrypt the eUICC profile by using and transmits to the MNO.
  • eUICC management key eUICC OTA key, GP ISD key, etc.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S460).
  • the public key or certificate of the SM-DP can be transmitted to the eUICC together to provide authentication. have.
  • the eUICC Since eUICC already knows the eUICC management key, it decrypts it first, and then decrypts it with the secret key corresponding to its public key (which is already known at the manufacturing or public key dynamic generation stage), so that the profile to be used for MNO change is completely Can be decrypted
  • the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) for certificate verification (to verify that it is an eUICC profile created from the SM-DP corresponding to the public key obtained from the MNO). Signature verification can be performed).
  • step S470 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR which have finished provisioning.
  • the MNO system or the SM stores eUICC certificate information (eUICC Certificate) that can verify the identity of the eUICC, and in the process of provisioning or MNO change eUICC authentication information can be transmitted to the MNO system or SM.
  • eUICC certificate information eUICC Certificate
  • the MNO system or the SM verifies the identity of the corresponding eUICC using the received eUICC authentication information, and encrypts the MNO operation profile and transmits it to the eUICC only when verified.
  • the eUICC authentication information 1) the information that has been verified for one of the hardware and card OS, platform of the eUICC, 2) the information that the MNO system and SM has been pre-qualified as a reliable eUICC and 3) the MNO system It may be information that the MNO services have been verified to be mounted, and the specific form or format thereof is not limited.
  • information for identity verification of an eUICC requested by the MNO for receiving a change is received, that is, eUICC authentication information and a device.
  • Information about the data from the SM (specifically SM-SR).
  • the subscriber change is notified to the donor MNO.
  • the SM-SR related to the receiving MNO is previously identified with the identity of the eUICC. You should know all the information or terminal information that can be verified. In order to do this, a number of SM-SRs have to share all the information.
  • MNO or SM stores information that can authenticate a specific eUICC, that is, eUICC authentication information in advance or dynamically in the eUICC, such eUICC authentication information is MNO and SM
  • eUICC authentication information is MNO and SM
  • proof information about whether the eUICC is reliable or whether the corresponding eUICC is suitable for services provided by the MNO any entity in the circle of trust as shown in FIG. 1 may be issued.
  • FIG. 5 shows a configuration of an entire system according to an embodiment of the present invention.
  • the entire system includes a UE 510 and an eUICC 520 mounted therein, and a plurality of external MNO systems, and an SM-SR and an SM-example. It consists of a sector (Trusted Sector by MNO).
  • each sector is formed in a strong trust relationship by MNO (s), and a dotted line in FIG. 5 indicates a strong trust relationship.
  • the SM-SR can be operated directly within the MNOs network in the form of TSMs or MNOs with MNOs operating directly or in a strong trust relationship. A trust relationship is also established between the SM-SRs and the SM-SR may be associated with several MNOs.
  • SM-SR handles the actual subscription request and is the subject that loads MNO profile into eUICC as OTA.
  • SM-DP The Subscription Manager Data Preparation
  • TSMs and MNOs with a strong trust relationship.
  • SM-DP creates, stores, and manages MNO profiles.
  • eUICC Certification eUICC Certification
  • eUICC Certification Profile eUICC Certification Profile
  • the eUICC Certification Profile is a module that manages security and eUICC certification inside eUICC.
  • the eUICC certification information may be included in common information such as card operating system (OS) information, card platform information, and the like, and may include the following information.
  • OS card operating system
  • the eUICC certification information means all information that can perform identity verification (identity verification) for a specific eUICC between the MNO and SM-SR.
  • the subscriber can eliminate the overhead of sharing eUICC verification information between all different SM-SR when MNO changes, and can provide a more secure eUICC mechanism.
  • a personal identification number is information used selectively, means a password, and optionally included in the authentication profile.
  • the authentication profile 521 may optionally include one or more of card operating system (OS) information, card platform information, eUICC authentication information, and a PIN. As implemented in eUICC.
  • OS card operating system
  • eUICC eUICC authentication information
  • the eUICC authentication information may be stored in the form of an eUICC authentication profile as one of common information, and the common information includes card OS and platform information in addition to the eUICC authentication information.
  • eUICC hardware information and PIN information may be included.
  • FIG. 6 illustrates an initial provisioning process using eUICC authentication information according to an embodiment of the present invention.
  • the eUICC or USIM manufacturer system is issued an eUICC certificate for the eUICC hardware & software from a certain entity in the trusted sector and receives other card OS and eUICC hardware information. It is also mounted in the eUICC. (S610)
  • step S620 the terminal manufacturer (Device Vendor) to provide the eUICC containing the eUICC authentication information to be mounted on the terminal.
  • the eUICC authentication information is stored inside the eUICC in the form of an eUICC authentication profile together with other common information (Common Info.).
  • the subscriber purchases the corresponding terminal and requests the opening or provisioning to the MNO1 system (S640).
  • the request may be transmitted to the MNO1 network through a provisioning profile as shown in FIG. 5. You can also use it offline or separately online.
  • the eUICC uses the eUICC authentication profile to provide common information including one or more of card OS information, card platform information, eUICC hardware information, eUICC authentication information, and PIN information to the MNO1 system. Meanwhile, in step S650, the eUICC may provide an encryption key for encrypting the profile, and the encryption key may be an eUICC public key, an MNO profile key, or the like. It is used for the first encryption and transmission, and its form will not be limited.
  • step S660 the MNO1 system verifies the identity of the corresponding eUICC using the eUICC authentication information, verifies various common information, and receives the MNO1 OTA key from the SM-SR1 only when the information is verified.
  • the MNO OTA key is used when performing secondary encryption subsequent to the encryption key provided in step S650 described above, and may be another representation or form.
  • the MNO1 system creates an MNO1 profile through SM-DP1 and first encrypts the corresponding MNO1 profile with the MNO1 profile key received in S650 (S670), and the MNO1 system uses the MNO1 OTA on its own or through SM-SR1.
  • the MNO1 profile is ciphered again, that is, the second encryption with the key (S680). That is, double ciphering the MNO1 profile.
  • the MNO1 system transmits a double ciphered MNO1 profile to the eUICC in the form of an OTA (S690).
  • the provisioning process is terminated, and in this process, MNO1 can verify the corresponding eUICC using the eUICC authentication information.
  • FIG. 7 illustrates a process of performing MNO change using eUICC authentication information and authentication profile according to the present invention.
  • the subscriber then requests a subscription change or MNO change to the MNO3 system, which is the receiving MNO system after the change (S710).
  • the request is transmitted to the MNO3 network through a provisioning profile as shown in FIG. It may be used, but it may be used offline or separately online.
  • the eUICC uses the eUICC authentication profile to receive common information including at least one of card OS information, card platform information, eUICC hardware information, eUICC authentication information, and PIN information.
  • the eUICC may provide an encryption key for encrypting the profile, and the encryption key may be an eUICC public key, an MNO profile key, or the like. This encryption key will be used when the MNO first encrypts its profile and transmits it.
  • step S730 the receiving MNO3 system verifies the identity of the corresponding eUICC using the eUICC authentication information, checks various common information, and receives the MNO3 OTA key from the SM-SR2 only in case of verification (S730).
  • the MNO OTA key is used for secondary encryption following the encryption key provided in step S720 described above, and may be in another expression or form.
  • the receiving MNO3 system creates an MNO3 profile through SM-DP3 and first encrypts the corresponding MNO3 profile with an encryption key received in S720 (S740), and the MNO3 system uses MNO3 on its own or through SM-SR2.
  • the MNO3 profile is ciphered again, i.e., secondly encrypted using the OTA key (S750). That is, double ciphering the MNO1 profile.
  • the receiving MNO3 system transmits a double ciphered MNO3 profile to the eUICC in the form of an OTA (S760).
  • the eUICC notifies the donor MNO1 and the receiving MNO3 that the subscription change is completed from the donor MNO MNO1 to the receiving MNO3, and the donor MNO1 and the receiving MNO3 use the eUICC authentication information of the corresponding eUICC identity.
  • the final MNO change is confirmed with each other (S770).
  • the eUICC deactivates or deletes the donor MNO's profile and activates the receiving MNO profile.
  • the MNO system or SM can verify the identity of the eUICC before transmitting various profiles to the eUICC, thereby ensuring the reliability of the eUICC.
  • FIGS. 8 and 9 illustrate a case in which the provisioning and MNO change process using the eUICC authentication information according to the present invention is applied to the schemes shown in FIGS. 3 and 4.
  • FIG. 8 illustrates a provisioning process using eUICC authentication information according to another embodiment of the present invention.
  • FIG. 8 illustrates an example of using eUICC authentication information according to an embodiment of the present invention in a provisioning process.
  • a terminal manufacturer or an eUICC manufacturer in a terminal manufacturing or eUICC manufacturing stage may be configured from a specific entity in a circle of trust.
  • the entity in the trust circle for generating or issuing eUICC authentication information is the terminal manufacturer system, eUICC manufacturer system, MNO system, SM Etc., but is not limited thereto, and other certification bodies may be used.
  • the eUICC When the subscriber purchases a terminal or device equipped with the corresponding eUICC, and requests opening (S830), the eUICC transmits an activation request or opening request message including an IMEI and an eICCid to the corresponding MNO1 system (S840).
  • the MNO1 system performs eUICC Status Request and Technical Capability Control check between the eUICCs and obtains eUICC authentication information from the eUICCs (eUICC status request and technical capability control; S850)
  • the MNO1 verifies the eUICC identity by transmitting the eUICC authentication information obtained in step S850 to the SM-SR in the process of collecting information related to a corresponding device or eUICC from the SM-SR. eUICC identity verification and collect information about device; S860)
  • the provisioning process may proceed similarly to steps S340 to S370 of FIG. 3.
  • the MNO1 system creates a profile through the SM-DP and encrypts the primary with an encryption key (eUICC public key, etc.), and then through the SM-SR. Secondary encryption is performed with the eUICC management key (eUICC OTA key, GP ISD key, etc.) and transmitted to the eUICC.
  • an encryption key eUICC public key, etc.
  • Secondary encryption is performed with the eUICC management key (eUICC OTA key, GP ISD key, etc.) and transmitted to the eUICC.
  • the eUICC completes the provisioning process after decrypting the double-encrypted profile in two steps. After that, the eUICC updates the SM-SR database according to the status request and the response with the SM-SR.
  • FIG. 9 illustrates an MNO change process using eUICC authentication information according to another embodiment of the present invention.
  • the terminal manufacturer or eUICC manufacturer receives the authentication information of the corresponding eUICC from a specific entity in a circle of trust, and then stored in the corresponding eUICC is the provision of the provisioning process of FIG. Same as S810 and S820. (S910 ⁇ S930)
  • the eUICC transmits an activation request or opening request message including IMEI and eICCid to the corresponding MNO2 system (Request activation; S940).
  • the receiving MNO2 system performs eUICC status request and technical capability control check between the corresponding eUICCs, and acquires eUICC authentication information from the corresponding eUICCs (eUICC status request and technical capability). control; S950)
  • the MNO2 collects information related to the UE or eUICC from the SM-SR, and transmits the eUICC authentication information acquired in step S950 to the SM-SR2 (SM-SR connected to the MNO2) to transmit the eUICC identity.
  • Identity Verification eUICC identity verification and collect information about device; S960
  • the receiving MNO2 performs negotiation and right transfer with the donor MNO MNO1.
  • the MNO2 additionally performs verification through eUICC authentication information between the two MNOs.
  • the MNO change process may proceed similarly to steps S440 to S470 of FIG. 4.
  • the receiving MNO2 system creates a profile through the SM-DP2, and first encrypts it with an encryption key (eUICC public key, etc.) and SM-SR2 After performing secondary encryption with eUICC management key (eUICC OTA key, GP ISD key, etc.), it transmits to eUICC.
  • an encryption key eUICC public key, etc.
  • SM-SR2 After performing secondary encryption with eUICC management key (eUICC OTA key, GP ISD key, etc.), it transmits to eUICC.
  • the eUICC decrypts the double-encrypted profile in two steps and completes the MNO change process. After that, the eUICC updates the SM-SR database according to the status request and the response with the SM-SR2.
  • eUICC Certification is defined as information that can perform identity verification for a specific eUICC in the eUICC Trusted Sector, which is combined with trust such as MNO and SM-SR, and processed it.
  • a certificate profile Cert. Profile
  • the eUICC, the MNO system and the provisioning method, and the MNO change method using the eUICC authentication information may be implemented in a computer-readable program form.
  • the above-described program is encoded in a computer language such as C, C ++, JAVA, or machine language, which can be read by a computer processor (CPU). Code may be included.
  • Such code may include a function code associated with a function or the like that defines the above-described functions, and may include execution procedure-related control code necessary for the processor of the computer to execute the above-described functions according to a predetermined procedure.
  • the code may further include memory reference-related code for additional information or media required for a processor of the computer to execute the above-described functions at which location (address address) of the computer's internal or external memory. .
  • the code indicates that the processor of the computer is a communication module of the computer (eg, a wired and / or wireless).
  • the communication code may further include communication related codes such as how to communicate with any other computer or server in the remote, and what information or media should be transmitted and received during communication.
  • a functional program for implementing the present invention codes and code segments related thereto, may be used by programmers in the technical field to which the present invention pertains in consideration of a system environment of a computer that reads a recording medium and executes the program. It may be easily inferred or changed by.
  • Examples of recording media that can be read by a computer recording a program as described above include ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical media storage device, and the like.
  • a computer-readable recording medium having recorded a program as described above may be distributed to computer systems connected through a network so that computer-readable codes may be stored and executed in a distributed manner.
  • any one or more of the plurality of distributed computers may execute some of the functions presented above, and transmit the results to one or more of the other distributed computers, and receive the results.
  • the computer may also execute some of the functions presented above, and provide the results to other distributed computers as well.
  • a computer-readable recording medium recording an application which is a program for executing various functions or methods related to eUICC authentication information according to an embodiment of the present invention, includes an application store server, an application, or a corresponding service. It may be a storage medium (eg, a hard disk, etc.) included in an application provider server such as a related web server, or the application providing server itself.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention se rapporte à un système comprenant : un opérateur de réseau mobile (MNO) ; un gestionnaire d'abonnement (SM) ; et une UICC intégrée (eUICC). L'invention est caractérisée en ce que le système de MNO ou le SM sont adaptés pour : contenir un certificat d'eUICC qui peut vérifier l'identité de l'eUICC ; transférer le certificat d'eUICC au système de MNO ou au SM au cours d'une procédure de mise à disposition ou de changement de MNO ; vérifier l'identité d'une eUICC correspondante au moyen du certificat d'eUICC reçu ; et chiffrer et transférer un profil à l'eUICC seulement si la vérification est concluante. De cette manière, l'eUICC peut être vérifiée durant la procédure de mise à disposition ou de changement de MNO.
PCT/KR2012/007063 2011-09-05 2012-09-04 Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement WO2013036010A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/342,961 US9451459B2 (en) 2011-09-05 2012-09-04 Certification method using an embedded UICC certificate, provisioning and MNO changing methods using the certification method, embedded UICC therefor, MNO system, and recording medium

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2011-0089841 2011-09-05
KR20110089841 2011-09-05
KR1020110104171A KR101954450B1 (ko) 2011-09-05 2011-10-12 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체
KR10-2011-0104171 2011-10-12

Publications (1)

Publication Number Publication Date
WO2013036010A1 true WO2013036010A1 (fr) 2013-03-14

Family

ID=47832398

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/007063 WO2013036010A1 (fr) 2011-09-05 2012-09-04 Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement

Country Status (1)

Country Link
WO (1) WO2013036010A1 (fr)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103929469A (zh) * 2014-03-13 2014-07-16 中国联合网络通信集团有限公司 一种嵌入式通用集成电路卡的物联网管理平台和远程管理移动号码的方法
WO2014171711A1 (fr) * 2013-04-15 2014-10-23 삼성전자 주식회사 Procédé pour favoriser la politique de restriction des changements de prestataires de services pour l'abonné dans les communications mobiles et appareil associé
KR20140123883A (ko) * 2013-04-15 2014-10-23 삼성전자주식회사 이동 통신에서 가입 사업자 변경 제한 정책을 지원하는 정책 적용 방법 및 장치
US20140357229A1 (en) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
WO2014194783A1 (fr) * 2013-06-05 2014-12-11 华为终端有限公司 Méthode et appareil de détection de couverture de réseaux cibles
WO2016003178A1 (fr) * 2014-06-30 2016-01-07 삼성전자 주식회사 Procédé et dispositif pour transmettre et recevoir un profil pour fournir un service de communication dans un système de communication sans fil
WO2016004570A1 (fr) * 2014-07-07 2016-01-14 华为技术有限公司 Procédé et appareil d'autorisation pour la gestion d'une carte à circuit intégré universelle incorporée
CN105472607A (zh) * 2014-09-05 2016-04-06 北京三星通信技术研究有限公司 注册和漫游认证的方法及装置以及通信装置和移动终端
WO2016153303A1 (fr) * 2015-03-25 2016-09-29 삼성전자 주식회사 Procédé et appareil permettant l'installation d'un profil de terminal dans un système de communication sans fil
WO2016167551A1 (fr) * 2015-04-13 2016-10-20 삼성전자 주식회사 Technique permettant de gérer un profil dans un système de communication
CN106465460A (zh) * 2014-05-15 2017-02-22 苹果公司 用于支持嵌入式uicc上的globalplatform使用的方法和设备
CN106537961A (zh) * 2014-07-17 2017-03-22 三星电子株式会社 用于安装嵌入式通用集成电路卡的配置文件的方法和装置
CN106851628A (zh) * 2013-12-05 2017-06-13 华为终端有限公司 下载运营商的文件的方法及设备
US10033422B2 (en) 2014-05-23 2018-07-24 Huawei Technologies Co., Ltd. eUICC management method, eUICC, SM platform, and system
US10075840B2 (en) 2014-01-10 2018-09-11 Samsung Electronics Co., Ltd. Device and operation method thereof
CN109792601A (zh) * 2017-03-17 2019-05-21 华为技术有限公司 一种eUICC配置文件的删除方法和设备
US10484865B2 (en) 2014-06-30 2019-11-19 Samsung Electronics Co., Ltd. Method and device for transmitting and receiving profile for providing communication service in wireless communication system
US10555163B2 (en) 2015-01-27 2020-02-04 Nokia Solutions And Networks Oy Handling of certificates for embedded universal integrated circuit cards
EP3048776B2 (fr) 2015-01-22 2021-03-17 Nxp B.V. Procédés de gestion de contenu, produits de programme informatique et élément sécurisé
CN112616148A (zh) * 2020-12-18 2021-04-06 中国联合网络通信集团有限公司 认证方法、认证平台和认证系统
CN112637821A (zh) * 2020-12-18 2021-04-09 芜湖雄狮汽车科技有限公司 车辆通信芯片的管理平台、管理方法及车辆通信管理系统
CN113079503A (zh) * 2021-03-23 2021-07-06 中国联合网络通信集团有限公司 一种远程下载认证应用证书的方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003069560A (ja) * 2001-08-23 2003-03-07 Kyocera Communication Systems Co Ltd 認証システム、情報端末、加入者識別子発行装置、公開鍵登録装置、認証方法、プログラムおよび記録媒体
KR20050090561A (ko) * 2004-03-09 2005-09-14 주식회사 케이티프리텔 고속 패킷 데이터 통신 시스템에서의 사용자 단말기 인증방법 및 시스템
KR100822853B1 (ko) * 2006-10-31 2008-04-17 에스케이 텔레콤주식회사 이동통신 단말기의 로그인 서비스 방법 및 이를 위한이동통신 시스템과 이동통신 단말기
JP2011028522A (ja) * 2009-07-24 2011-02-10 Softbank Mobile Corp ホスト装置、認証方法、並びに、コンテンツ処理方法及びそのシステム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003069560A (ja) * 2001-08-23 2003-03-07 Kyocera Communication Systems Co Ltd 認証システム、情報端末、加入者識別子発行装置、公開鍵登録装置、認証方法、プログラムおよび記録媒体
KR20050090561A (ko) * 2004-03-09 2005-09-14 주식회사 케이티프리텔 고속 패킷 데이터 통신 시스템에서의 사용자 단말기 인증방법 및 시스템
KR100822853B1 (ko) * 2006-10-31 2008-04-17 에스케이 텔레콤주식회사 이동통신 단말기의 로그인 서비스 방법 및 이를 위한이동통신 시스템과 이동통신 단말기
JP2011028522A (ja) * 2009-07-24 2011-02-10 Softbank Mobile Corp ホスト装置、認証方法、並びに、コンテンツ処理方法及びそのシステム

Cited By (48)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10284550B2 (en) 2013-04-15 2019-05-07 Samsung Electronics Co., Ltd. Method for supporting subscriber's service provider change restriction policy in mobile communications and apparatus therefor
WO2014171711A1 (fr) * 2013-04-15 2014-10-23 삼성전자 주식회사 Procédé pour favoriser la politique de restriction des changements de prestataires de services pour l'abonné dans les communications mobiles et appareil associé
KR20140123883A (ko) * 2013-04-15 2014-10-23 삼성전자주식회사 이동 통신에서 가입 사업자 변경 제한 정책을 지원하는 정책 적용 방법 및 장치
KR102040231B1 (ko) * 2013-04-15 2019-11-06 삼성전자주식회사 이동 통신에서 가입 사업자 변경 제한 정책을 지원하는 정책 적용 방법 및 장치
US20140357229A1 (en) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
WO2014193188A1 (fr) * 2013-05-30 2014-12-04 Samsung Electronics Co., Ltd. Procédé et appareil de configuration de profils
US9232392B2 (en) 2013-05-30 2016-01-05 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
USRE49465E1 (en) 2013-05-30 2023-03-14 Samsung Electronics Co., Ltd. Method and apparatus for setting profile
US9800993B2 (en) 2013-05-30 2017-10-24 Samsung Electronics Co., Ltd Method and apparatus for setting profile
WO2014194783A1 (fr) * 2013-06-05 2014-12-11 华为终端有限公司 Méthode et appareil de détection de couverture de réseaux cibles
US9930556B2 (en) 2013-06-05 2018-03-27 Nokia Technologies Oy Method for detecting coverage of target network, and apparatus
US10768918B2 (en) 2013-12-05 2020-09-08 Huawei Device Co., Ltd. Method and device for downloading profile of operator
US10387134B2 (en) 2013-12-05 2019-08-20 Huawei Device Co., Ltd. Method and device for downloading profile of operator
CN106851628A (zh) * 2013-12-05 2017-06-13 华为终端有限公司 下载运营商的文件的方法及设备
CN106851628B (zh) * 2013-12-05 2020-08-07 华为终端有限公司 下载运营商的文件的方法及设备
US10114629B2 (en) 2013-12-05 2018-10-30 Huawei Device (Dongguan) Co., Ltd. Method and device for downloading profile of operator
US10075840B2 (en) 2014-01-10 2018-09-11 Samsung Electronics Co., Ltd. Device and operation method thereof
CN103929469A (zh) * 2014-03-13 2014-07-16 中国联合网络通信集团有限公司 一种嵌入式通用集成电路卡的物联网管理平台和远程管理移动号码的方法
CN106465460A (zh) * 2014-05-15 2017-02-22 苹果公司 用于支持嵌入式uicc上的globalplatform使用的方法和设备
US10033422B2 (en) 2014-05-23 2018-07-24 Huawei Technologies Co., Ltd. eUICC management method, eUICC, SM platform, and system
US10484030B2 (en) 2014-05-23 2019-11-19 Huawei Technologies Co., Ltd. EUICC management method, eUICC, SM platform, and system
WO2016003178A1 (fr) * 2014-06-30 2016-01-07 삼성전자 주식회사 Procédé et dispositif pour transmettre et recevoir un profil pour fournir un service de communication dans un système de communication sans fil
US10484865B2 (en) 2014-06-30 2019-11-19 Samsung Electronics Co., Ltd. Method and device for transmitting and receiving profile for providing communication service in wireless communication system
WO2016004570A1 (fr) * 2014-07-07 2016-01-14 华为技术有限公司 Procédé et appareil d'autorisation pour la gestion d'une carte à circuit intégré universelle incorporée
US10623952B2 (en) 2014-07-07 2020-04-14 Huawei Technologies Co., Ltd. Method and apparatus for authorizing management for embedded universal integrated circuit card
US10476671B2 (en) 2014-07-17 2019-11-12 Samsung Electronics Co., Ltd. Method and device for installing profile of eUICC
CN106537961B (zh) * 2014-07-17 2020-04-28 三星电子株式会社 用于安装嵌入式通用集成电路卡的配置文件的方法和装置
CN106537961A (zh) * 2014-07-17 2017-03-22 三星电子株式会社 用于安装嵌入式通用集成电路卡的配置文件的方法和装置
EP3171622A4 (fr) * 2014-07-17 2018-04-04 Samsung Electronics Co., Ltd. Procédé et dispositif pour installer un profil d'une carte à circuit intégré universelle incorporée (euicc)
CN105472607B (zh) * 2014-09-05 2020-10-16 北京三星通信技术研究有限公司 注册和漫游认证的方法及装置以及通信装置和移动终端
CN105472607A (zh) * 2014-09-05 2016-04-06 北京三星通信技术研究有限公司 注册和漫游认证的方法及装置以及通信装置和移动终端
EP3048776B2 (fr) 2015-01-22 2021-03-17 Nxp B.V. Procédés de gestion de contenu, produits de programme informatique et élément sécurisé
US10555163B2 (en) 2015-01-27 2020-02-04 Nokia Solutions And Networks Oy Handling of certificates for embedded universal integrated circuit cards
WO2016153303A1 (fr) * 2015-03-25 2016-09-29 삼성전자 주식회사 Procédé et appareil permettant l'installation d'un profil de terminal dans un système de communication sans fil
US10652731B2 (en) 2015-03-25 2020-05-12 Samsung Electronics Co., Ltd. Method and system for downloading and installing UICC terminal profile on a terminal from a profile manager
US10368236B2 (en) 2015-03-25 2019-07-30 Samsung Electronics Co., Ltd. Method and system for downloading and installing UICC terminal profile on a terminal from a profile manager
US10439823B2 (en) 2015-04-13 2019-10-08 Samsung Electronics Co., Ltd. Technique for managing profile in communication system
WO2016167551A1 (fr) * 2015-04-13 2016-10-20 삼성전자 주식회사 Technique permettant de gérer un profil dans un système de communication
US10965470B2 (en) 2015-04-13 2021-03-30 Samsung Electronics Co., Ltd. Technique for managing profile in communication system
KR20170140809A (ko) * 2015-04-13 2017-12-21 삼성전자주식회사 통신 시스템에서 프로파일을 관리하는 기법
KR102558361B1 (ko) 2015-04-13 2023-07-21 삼성전자주식회사 통신 시스템에서 프로파일을 관리하는 기법
CN109792601A (zh) * 2017-03-17 2019-05-21 华为技术有限公司 一种eUICC配置文件的删除方法和设备
CN112616148A (zh) * 2020-12-18 2021-04-06 中国联合网络通信集团有限公司 认证方法、认证平台和认证系统
CN112637821A (zh) * 2020-12-18 2021-04-09 芜湖雄狮汽车科技有限公司 车辆通信芯片的管理平台、管理方法及车辆通信管理系统
CN112616148B (zh) * 2020-12-18 2022-08-30 中国联合网络通信集团有限公司 认证方法、认证平台和认证系统
CN112637821B (zh) * 2020-12-18 2023-03-21 芜湖雄狮汽车科技有限公司 车辆通信芯片的管理平台、管理方法及车辆通信管理系统
CN113079503A (zh) * 2021-03-23 2021-07-06 中国联合网络通信集团有限公司 一种远程下载认证应用证书的方法及系统
CN113079503B (zh) * 2021-03-23 2022-11-15 中国联合网络通信集团有限公司 一种远程下载认证应用证书的方法及系统

Similar Documents

Publication Publication Date Title
WO2013036010A1 (fr) Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement
WO2013036011A2 (fr) Procédé permettant de gérer un profil d'uicc intégrée et uicc intégrée, terminal équipé d'une uicc intégrée, procédé d'approvisionnement et procédé de modification de mno associé
WO2013048084A2 (fr) Procédé de gestion de profil, uicc intégré, et dispositif pourvu de l'uicc intégré
KR102026612B1 (ko) 신뢰관계 형성 방법 및 이를 위한 내장 uⅰcc
WO2013036009A1 (fr) Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant
WO2013009045A2 (fr) Méthode de changement d'orm dans un module sim intégré basé sur la génération d'un module sim intégré, module sim intégré et support d'enregistrement prévus à cet effet
WO2016010312A1 (fr) Procédé et dispositif pour installer un profil d'une carte à circuit intégré universelle incorporée (euicc)
KR101954450B1 (ko) 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체
KR102001869B1 (ko) eUICC의 프로파일 관리방법 및 그를 이용한 eUICC, eUICC 탑재 단말과, 프로비저닝 방법 및 MNO 변경 방법
WO2016153281A1 (fr) Procédé et appareil de téléchargement de profil dans un système de communication sans fil
WO2013009044A2 (fr) Méthode de changement d'orm dans un module sim intégré basé sur un privilège spécial, module sim intégré et support d'enregistrement prévus à cet effet
WO2018147711A1 (fr) Appareil et procédé de contrôle d'accès de esim
WO2013009059A2 (fr) Procédé de paramétrage d'un terminal dans un système de communication mobile
WO2013065915A1 (fr) Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
WO2013066077A1 (fr) Procédé pour gérer plusieurs profils dans une carte uicc intégrée, carte uicc intégrée et terminal correspondant
WO2018101775A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2020050701A1 (fr) Appareil et procédé au moyen desquels un dispositif ssp et un serveur négocient des certificats numériques
KR101891326B1 (ko) 내장 uicc 환경에서의 신뢰성 있는 sm을 이용한 가입 변경 방법 및 내장 uicc 장치
WO2020226466A1 (fr) Procédé et appareil pour gérer et vérifier un certificat
WO2021112603A1 (fr) Procédé et dispositif électronique permettant de gérer des clés numériques
WO2021235893A1 (fr) Dispositif électronique et procédé destiné à un dispositif électronique permettant de fournir un service fondé sur la télémétrie
WO2020171475A1 (fr) Procédé de changement de dispositif et appareil de système de communication sans fil
WO2014077544A1 (fr) Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant
EP3530016A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2022245109A1 (fr) Procédé et dispositif pour réaliser une télémétrie de sécurité à bande ultralarge

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12830129

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 14342961

Country of ref document: US

122 Ep: pct application non-entry in european phase

Ref document number: 12830129

Country of ref document: EP

Kind code of ref document: A1