WO2013065991A1 - Procédé et carte euicc pour fournir une fonction de commande de politique - Google Patents

Procédé et carte euicc pour fournir une fonction de commande de politique Download PDF

Info

Publication number
WO2013065991A1
WO2013065991A1 PCT/KR2012/008759 KR2012008759W WO2013065991A1 WO 2013065991 A1 WO2013065991 A1 WO 2013065991A1 KR 2012008759 W KR2012008759 W KR 2012008759W WO 2013065991 A1 WO2013065991 A1 WO 2013065991A1
Authority
WO
WIPO (PCT)
Prior art keywords
pcf
euicc
engine
rule
security
Prior art date
Application number
PCT/KR2012/008759
Other languages
English (en)
Korean (ko)
Inventor
이진형
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020120117969A external-priority patent/KR102012340B1/ko
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Publication of WO2013065991A1 publication Critical patent/WO2013065991A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present invention provides a method for providing a policy control function (PCF: Policy Control Function, hereinafter "PCF") of the embedded UICC (eUICC), and eUICC for the same It is about.
  • PCF Policy Control Function
  • a UICC Universal Integrated Circuit Card
  • the UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes.
  • the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user.
  • IMSI International Mobile Subscriber Identity
  • the UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.
  • SIM Subscriber Identity Module
  • GSM Global System for Mobile communications
  • USBMA Wideband Code Division Multiple Access
  • the user mounts the UICC on the user's terminal
  • the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal.
  • the user replaces the terminal the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.
  • Terminals requiring miniaturization for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC.
  • M2M machine-to-machine
  • an eUICC structure has been proposed which is a removable UICC.
  • the eUICC should contain user information using the UICC in IMSI format.
  • the existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider.
  • the manufactured terminal can be assigned IMSI in the eUICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied.
  • Both the mobile operator and the terminal manufacturer ordering the terminal have to pay attention to the product inventory and there is a problem that the product price increases.
  • the user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of eUICC, there is a need for a method for allowing a user to open a terminal regardless of a mobile communication provider.
  • PM Profile Manager
  • SMs are mainly discussed as being responsible for information management for eUICC, information management for various mobile operators, and authentication and remote information changes for mobile operators. It has not been decided yet.
  • An object of the present invention is to define the function and structure of the Policy Control Function (PCF) of the eUICC.
  • PCF Policy Control Function
  • Another object of the present invention is to provide a method for providing a Policy Control Function (PCF) of an eUICC.
  • PCF Policy Control Function
  • Another object of the present invention is to provide a detailed structure of the Policy Control Function (PCF) of the eUICC and a method of operating the PCF through the same.
  • PCF Policy Control Function
  • the present invention is an embedded Universal Integrated Circuit Card (eUICC) for providing a policy control function (PCF), PCF Rule (PCF Rule) for containing the policy information; And an PCUI engine that performs a policy based on the PCF rule when an eUICC external entity attempts to access a PCF application target.
  • eUICC embedded Universal Integrated Circuit Card
  • PCF policy control function
  • PCF Rule PCF Rule
  • the present invention provides a method for providing a Policy Control Function (PCF) of an embedded Universal Integrated Circuit Card (eUICC), wherein the PCF engine in the eUICC accesses an eUICC resource of an external entity. If this is attempted (S600), querying the PCF rule to be applied (S602); And (S602 ⁇ S608) performing the PCF Enforcement on the basis of the PCF rule by the PCF engine.
  • PCF Policy Control Function
  • eUICC embedded Universal Integrated Circuit Card
  • Figure 1 shows the overall service architecture including the eUICC to which the present invention is applied.
  • FIG. 2 shows a system architecture of an SM separation environment to which the present invention may be applied.
  • FIG. 3 is a diagram illustrating a basic structure and operation of a PCF and an eUICC for the same according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating an example of a PCF rule structure according to an embodiment of the present invention.
  • FIG. 5 is a diagram illustrating an example of a PCF application target according to an embodiment of the present invention.
  • FIG. 6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.
  • M2M (Machine-to-Machine) terminal which is actively discussed in the current GSMA, should be small in size.
  • a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.
  • the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as “MNO”) that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).
  • MNO mobile network operator
  • the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.
  • the eUICC or eSIM that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference.
  • the international standardization bodies of GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM manufacturers, as well as necessary elements including top-level structures.
  • the central point of the issue is SM, called Subscription Manager, which issues and subscribes operator information (which can be used in other expressions such as Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package, etc.) to eSIM.
  • Subscription Refers to an entity or its function / role that plays an overall administrative role for eSIM, such as handling a process for a change or MNO change.
  • SM has been classified into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which directly carries operator information on eSIM. Proposed a scheme to transmit the data, but the details are insufficient.
  • eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through.
  • IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.).
  • Java Card Platform Java Card Platform is one of the platforms that can provide services and load multiple applications, such as smart cards.
  • SIM requires a SIM service management platform that is responsible for loading and managing applications.
  • the SIM service management platform issues data to the SIM memory area through authentication and security with management keys.
  • the Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
  • eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).
  • management keys UICC OTA Key, GP ISD Key, etc.
  • SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package.
  • SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).
  • OTA Over-The-Air
  • GP SCP GP Secure Communication Protocol
  • MNO1 is SM1
  • SM1 is SM4
  • SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
  • a mobile network operator refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.
  • eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).
  • Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • a device's provider in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • Provisioning refers to a process of loading a profile into an eUICC
  • a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.
  • Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.
  • eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.
  • Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .
  • a profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.
  • PCFs policy control functions
  • Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.
  • An Active Profile is called an Active Profile when a file or application is selectable by the UICC-Terminal interface under the control of the PCF associated with the MNO.
  • a PCF Rule Policy Control Function Rule is a rule defined by the MNO that controls the management of provisioning or operational profiles in the eUICC. Policy Control Function Rules can be in the network, the eUICC platform, or in a provisioning or operational profile.
  • PCF Policy Control Function
  • Policy Control Function Rules can be executed in the eUICC platform and / or at the Subscription Manager level or the MNO level.
  • the Control Authority refers to an entity authorized by the MNO of update / delete / activate / deactivate remotely during the swap of an Operational or Provisioning Profile.
  • the SM Subscribescription Manager
  • the SM is a subscription management device, an entity that performs management functions of the eUICC, and is authorized by the MNO of update / delete / activate / deactivate remotely during the swap of Operational or Provisioning Profiles. This means entity.
  • Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.
  • eSIM eUICC
  • the eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • MNO systems one or more SM systems
  • eUICC manufacturer system an eUICC manufacturer system
  • device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • the dashed line in FIG. 1 shows the trust circle, and the two solid lines represent the secure link.
  • the MNO and eUICC must be able to decode the MNO Credentials information, that is, the profile (operation profile, provisioning profile, etc.).
  • the profile operation profile, provisioning profile, etc.
  • the only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • Subscriptions cannot be switched within the eUICC outside of operator policy control.
  • the user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.
  • the MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.
  • MNO credentials or profiles must be done in a secure manner from end to end.
  • the transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO.
  • No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • the operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.
  • SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.
  • the SM has no direct relationship with the MNO subscriber for subscription management.
  • the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.
  • the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts.
  • the donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.
  • the architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC.
  • the SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.
  • SM can be divided into two sub-functions such as SM-SR and SM-DP.
  • SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.
  • SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission.
  • the key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Can be added.
  • SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.
  • SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC.
  • the key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC.
  • To manage communication with eUICC 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).
  • the SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.
  • the circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery.
  • MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves.
  • EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.
  • 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.
  • FIG. 2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.
  • the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.
  • the arrangement of the SM-DP and the MNO system may be implemented differently from FIG. 2.
  • the SM-DP may be linked with the SM-SR
  • the MNO system may be linked with the SM-DP.
  • eSIM is a different SIM-based service, such as profiles are issued and managed internally by eSIM from eSIM external entities (MNOs, manufacturers, service providers, etc.), and unlike multiple SIMs, multiple profiles can be loaded simultaneously.
  • MNOs eSIM external entities
  • multiple profiles can be loaded simultaneously.
  • MNOs manufacturers, service providers, etc.
  • the entity that issues and manages the profile to the eSIM manages the security policy for the eSIM itself or the profile that is issued and managed by the eSIM.
  • PCF and Policy Control Function Policy Control Function
  • the present invention proposes a highly scalable PCF providing method in an eSIM environment.
  • the highly scalable PCF providing method in the eSIM environment proposed by the present invention will be described in more detail below.
  • eSIM is described and described as eUICC.
  • FIG. 3 is a diagram illustrating the basic structure and operation of the PCF 310 and the eUICC 300 for the same according to an embodiment of the present invention.
  • a policy control function (PCF) 310 includes a PCF rule 311 and a PCF engine 312. .
  • PCF 310 basic operation according to an embodiment of the present invention is performed as follows.
  • the eUICC external object 30 may interwork with the PCF engine 320. After applying the PCF through (S300), if the access to the PCF application object 320 is authorized based on this, the eUICC external entity 30 may access the PCF application object 320 (S302).
  • the eUICC external entity 30 described herein is an entity performing an operation on the eUICC 300, and may include one or more of a mobile network operator (MNO), a manufacturer, a service provider, a subscription manager (SM), and the like. It may also be a device equipped with the eUICC 300.
  • MNO mobile network operator
  • SM subscription manager
  • the eUICC 300 for providing the PCF is based on the PCF rule 311 and the PCF rule 311 that records the policy information, and when the eUICC external entity 30 attempts to access the PCF application target 320. PCF engine 312, etc. that perform the policy.
  • the PCF rule 311 mentioned above is a file in one or more forms of an extensible type length value (TLV) and an eXtensible Markup Language (XML) including policy information to be applied by the PCF engine 3120.
  • TLV extensible type length value
  • XML eXtensible Markup Language
  • FIG. 4 is a diagram illustrating an example of a PCF rule 311 structure according to an embodiment of the present invention.
  • the PCF rule 311 is an extensible file type, and includes a target, an action to be applied to the protected object, secret information necessary for the action, and a secret information base. You can define one or more of the security methods of.
  • the target mentioned above may be, for example, one of a file, an application, a profile, or the PCF rule itself.
  • Actions to be applied to the above-mentioned targets include, for example, Read, Write, Update, Lock, Unlock, Delete, Delete, It may include one or more of Backup and Select.
  • the above-mentioned confidential information may include, for example, a user PIN (Personal Identification Number) and various credentials defined in the eUICC environment.
  • the various credentials are, for example, eUICC Access Credential, Profile Access Credential, Profile Protection Credential, Authorized OEM Credential It may include one or more of an OEM Credential, a Service Provider Credential, an Application Access Credential, and the like.
  • the above-mentioned security method stores information about the security method utilizing the confidential information. For example, whether it is encryption, authentication, integrity, etc.
  • One or more provisionable security functions and security algorithm information applied to provide the security function may be stored.
  • the security algorithm information may include, for example, information about 3DES CBC Mode, PKCS # 1, SHA-1, and the like.
  • field (s) necessary for PCF application may be added.
  • the PCF engine 312 described above may be a software module such as an applet that performs a policy based on the PCF rule 311.
  • the PCF engine 312 when attempting to access the PCF application target 320, that is, eUICC resources of the eUICC external object 30, the authority for the operation of the eUICC external object 30 is obtained so that the eUICC external object ( 30) can be performed to perform the operation.
  • the PCF engine 312 may perform one or more security associations among encryption, authentication, and integrity verification based on the PCF rule 311. Can be.
  • the eUICC external entity 30 operates in conjunction with the PCF engine 320 when attempting to access the PCF application object 320. After obtaining the authority for, and performing the corresponding action. At this time, when the eUICC external object 30 outside the eUICC 300 attempts to access a specific file, profile, etc., the eUICC external object 30 works with the PCF engine 312 based on the PCF rule 311.
  • One or more security associations may be performed, such as encryption, authentication, and integrity verification.
  • the PCF engine 312 managing the file updates the file outside of the eUICC 300. It performs security operation (eg authentication) necessary for operation and can update the file only when it is successful.
  • security operation eg authentication
  • the PCF engine 312 managing the profile is external to the eUICC 300 and the corresponding profile. It performs a security operation based on the associated credential, and can only perform a backup operation if it succeeds.
  • the PCF application object 320 mentioned above may be, for example, a common file for various management purposes in the eUICC 300, a profile mounted in the eUICC 300, and details (eg, a file, an application, etc.) present in each profile. And the like.
  • This PCF application target 320 will be described in more detail with reference to FIG. 5.
  • FIG. 5 is a diagram illustrating an example of a PCF application target 320 according to an embodiment of the present invention.
  • the PCF may be applied to the entire eUICC 300.
  • the common files for various management purposes in the eUICC 300 eg, the eUICC identifier, profile list, currently active profile list, and profile information mounted in the eUICC 300.
  • the entire profile mounted on the eUICC 300 can be applied to the PCF.
  • the PCF may be applied to each profile mounted in the eUICC 300 or to sub-items (eg, Files, Applications, etc.) existing in each profile.
  • sub-items eg, Files, Applications, etc.
  • PCF Policy Control Function, 310
  • Policy Control Function 310
  • the PCF Policy Control Function 310 described in this specification may mean a function such as defining, updating, or deleting a policy rule for implementing a policy.
  • PCF Policy Control Function
  • Policy Control Function 310 not only means defining / update / delete function of a policy rule, but also executes a policy rule for implementing a policy. It may be a concept including a policy enforcement function (PEF), which means a function of).
  • PEF policy enforcement function
  • PCF rule 311 described in the present specification may be referred to as a policy rule meaning an operation required for implementing a policy, a condition for implementing the policy, and the like.
  • FIG. 6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.
  • the eUICC external entity 30 performs a specific action on the eUICC 300, such as an MNO, a manufacturer, a service provider, and a subscription manager (SM).
  • SM subscription manager
  • the objects that need to be is assumed that a specific PCF 310 (PCF rule 311 + PCF engine 312) is associated with each other in the eUICC resource 320 to be described instead of the term PCF application target 320.
  • the eUICC platform may be a platform such as a Java Card Platform or a Global Platform including a COS (Chip OS) in the eUICC 300, and implements functions for providing general operations and services of the eUICC 300. It is.
  • the PCUI providing method of the eUICC 300 attempts to access the eUICC resource 320 of the eUICC external entity 30 (S600).
  • the eUICC external entity 30 may not know how the PCF is set in the eUICC resource 320 to which the eUICC external entity 30 wishes to access. In this case, it may initially attempt to access the eUICC resource 320 without prior knowledge of the PCF. (Optionally, it is not recommended that a DoS attack on the eUICC 300 can be attempted.)
  • the PCF engine 312 refers to the PCF rule 311 to be applied by the PCF 310 internally as described above, and if necessary, the PCF rule 311 in real time. ).
  • step S602 the PCF engine 312 (in the case where step S600 is preceded), the PCF rule (311) excluding the credential among the PCF rules inquired and inquired the PCF rule (311) Can be delivered to the eUICC external entity 30 (arrows shown by dashed lines) to reveal and carry out future procedures.
  • the PCF engine 312 receives a PCF Enforcement request from the eUICC external entity 30 and performs a response to perform a security operation required for applying the PCF rule.
  • step (S604) calculating the PCF application result based on the PCF application request received from the eUICC external entity (30) by the PCF engine (312), and applying the PCF calculated by the PCF engine (312) And transmitting the result to the eUICC external entity 30 (S608).
  • step S604 described above the eUICC external entity 30 performs a PCF Enforcement request based on the PCF rule 311 received from the PCF rule 311 or the PCF engine 312 that it knows, and accordingly In response to the PCF application request, the PCF engine 312 performs a security operation necessary for applying the PCF rule.
  • the PCF engine 312 is based on the PCF rule application request (eg MAC (Message Authentication Code), PIN, security key, digital signature, etc.) delivered by the eUICC external entity 30 based on the result of applying the PCF rule.
  • PCF rule application request eg MAC (Message Authentication Code), PIN, security key, digital signature, etc.
  • step S608 the PCF engine 312 transmits the PCF rule application result (eg, Access Granted / Denied, Operation Permitted / Denied, etc.) to the eUICC external entity 30.
  • the PCF rule application result eg, Access Granted / Denied, Operation Permitted / Denied, etc.
  • step S608 the eUICC external entity 30 that has received the PCF rule application result may perform actions that are intended to be performed, based on the PCF rule application result of the PCF engine 311.
  • PCF Policy Control Function
  • the present invention may provide a method for providing a policy control function of the eUICC 300 according to a defined function and structure.
  • the present invention can provide a detailed structure of the policy control function of the eUICC (300) and a PCF operation method through the same.
  • Extensive PCF rule provision method provides flexibility in responding to necessary actions, targets, and confidential information as the eUICC (eSIM) environment changes in the future. It may provide a basic structure of the PCF rule 311 does not exist.
  • eUICC resources (eSIM resources) 320 such as files, profiles, and PCF rules to which PCF rules are applied may be safely managed and utilized.

Abstract

L'invention concerne un procédé pour fournir une fonction de commande de politique (PCF) et, de manière plus spécifique, un procédé pour fournir une PCF ainsi qu'une carte eUICC pour celle-ci qui définit la fonction et la structure pour la PCF d'une carte eUICC et qui, à cet effet, définit la structure détaillée de la PCF de la carte eUICC.
PCT/KR2012/008759 2011-11-02 2012-10-24 Procédé et carte euicc pour fournir une fonction de commande de politique WO2013065991A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20110113374 2011-11-02
KR10-2011-0113374 2011-11-02
KR1020120117969A KR102012340B1 (ko) 2011-11-02 2012-10-23 정책 제어 기능 제공 방법 및 eUICC
KR10-2012-0117969 2012-10-23

Publications (1)

Publication Number Publication Date
WO2013065991A1 true WO2013065991A1 (fr) 2013-05-10

Family

ID=48192296

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/008759 WO2013065991A1 (fr) 2011-11-02 2012-10-24 Procédé et carte euicc pour fournir une fonction de commande de politique

Country Status (1)

Country Link
WO (1) WO2013065991A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075840B2 (en) 2014-01-10 2018-09-11 Samsung Electronics Co., Ltd. Device and operation method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005128746A (ja) * 2003-10-23 2005-05-19 Sony Corp 携帯無線通信装置。
KR20050053920A (ko) * 2003-12-03 2005-06-10 한국전자통신연구원 연속적인 usim카드 응용 로딩 방법
KR20090046607A (ko) * 2007-11-06 2009-05-11 삼성전자주식회사 자동적인 사용자 정보의 백업을 위한 정보 저장 장치,이동통신기기 및 사업자 시스템
KR20090085319A (ko) * 2008-02-04 2009-08-07 주식회사 케이티테크 이동통신단말기의 사용 잠금 제어 방법
KR20100072112A (ko) * 2008-12-05 2010-06-30 주식회사 케이티 단말에 선호 사업자망의 변경을 자동 업데이트하는 방법 및장치

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005128746A (ja) * 2003-10-23 2005-05-19 Sony Corp 携帯無線通信装置。
KR20050053920A (ko) * 2003-12-03 2005-06-10 한국전자통신연구원 연속적인 usim카드 응용 로딩 방법
KR20090046607A (ko) * 2007-11-06 2009-05-11 삼성전자주식회사 자동적인 사용자 정보의 백업을 위한 정보 저장 장치,이동통신기기 및 사업자 시스템
KR20090085319A (ko) * 2008-02-04 2009-08-07 주식회사 케이티테크 이동통신단말기의 사용 잠금 제어 방법
KR20100072112A (ko) * 2008-12-05 2010-06-30 주식회사 케이티 단말에 선호 사업자망의 변경을 자동 업데이트하는 방법 및장치

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GSM ASSOCIATION: "Embedded SIM Task Force Requirements and Use Cases", EMBEDDED SIM TASK FORCE: REQUIREMENTS & USE CASES, VER 1.0, 21 February 2011 (2011-02-21), pages 4 - 5, 8, 29-31 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075840B2 (en) 2014-01-10 2018-09-11 Samsung Electronics Co., Ltd. Device and operation method thereof

Similar Documents

Publication Publication Date Title
WO2013048084A2 (fr) Procédé de gestion de profil, uicc intégré, et dispositif pourvu de l'uicc intégré
KR102026612B1 (ko) 신뢰관계 형성 방법 및 이를 위한 내장 uⅰcc
WO2013036009A1 (fr) Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant
WO2016010312A1 (fr) Procédé et dispositif pour installer un profil d'une carte à circuit intégré universelle incorporée (euicc)
WO2013036010A1 (fr) Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement
KR101891326B1 (ko) 내장 uicc 환경에서의 신뢰성 있는 sm을 이용한 가입 변경 방법 및 내장 uicc 장치
KR102001869B1 (ko) eUICC의 프로파일 관리방법 및 그를 이용한 eUICC, eUICC 탑재 단말과, 프로비저닝 방법 및 MNO 변경 방법
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
WO2013066077A1 (fr) Procédé pour gérer plusieurs profils dans une carte uicc intégrée, carte uicc intégrée et terminal correspondant
KR20170121129A (ko) eUICC의 키정보 관리방법 및 그를 이용한 eUICC, MNO시스템, 프로비저닝 방법 및 MNO 변경 방법
WO2013036011A2 (fr) Procédé permettant de gérer un profil d'uicc intégrée et uicc intégrée, terminal équipé d'une uicc intégrée, procédé d'approvisionnement et procédé de modification de mno associé
WO2014171707A1 (fr) Procédé et système de sécurité destinés à prendre en charge des communications mobiles d'une politique de restriction en matière de renouvellement d'abonnement ou d'abonnement supplémentaire
US10826945B1 (en) Apparatuses, methods and systems of network connectivity management for secure access
KR101891330B1 (ko) 내장 uicc 환경에서의 신뢰성 있는 sm을 이용한 가입 방법 및 내장 uicc 장치
WO2021045573A1 (fr) Appareil et procédé de fourniture de données d'abonnement à un terminal enregistré non abonné dans un système de communication sans fil
KR20130026958A (ko) 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체
CN101248644A (zh) 用户数据的管理
WO2019009557A1 (fr) Procédé et appareil destinés à examiner un certificat numérique par un terminal esim et serveur
WO2020050701A1 (fr) Appareil et procédé au moyen desquels un dispositif ssp et un serveur négocient des certificats numériques
CN109792604A (zh) 一种eUICC配置文件管理方法及相关装置
WO2013065983A1 (fr) Procédé de modification de droits à un domaine de sécurité pour une carte de stockage de données, serveur, carte de stockage de données et borne correspondante
WO2013066016A1 (fr) Procédé pour créer une relation de confiance et carte uicc intégrée correspondante
KR102012340B1 (ko) 정책 제어 기능 제공 방법 및 eUICC
WO2013065991A1 (fr) Procédé et carte euicc pour fournir une fonction de commande de politique
KR20130049748A (ko) 내장 uicc 내 프로파일 백업 방법, 내장 uicc, 외부 개체, 백업 장치 및 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12845910

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12845910

Country of ref document: EP

Kind code of ref document: A1