WO2014035092A1 - 공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 - Google Patents
공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 Download PDFInfo
- Publication number
- WO2014035092A1 WO2014035092A1 PCT/KR2013/007518 KR2013007518W WO2014035092A1 WO 2014035092 A1 WO2014035092 A1 WO 2014035092A1 KR 2013007518 W KR2013007518 W KR 2013007518W WO 2014035092 A1 WO2014035092 A1 WO 2014035092A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- profile
- application
- shared file
- files
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/068—Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
Definitions
- the present invention relates to shared file management for subscriber authentication apparatus, and more particularly, to a shared file management method for efficient multi-profile environment and a subscriber authentication apparatus using the same.
- a UICC Universal Integrated Circuit Card
- the UICC may include NAA (Network Access Applications), which is an application for accessing various networks of operators such as a universal subscriber identity module (USIM) for WCDMA / LTE network access and a subscriber identity module (SIM) for GSM network access.
- NAA Network Access Applications
- USIM universal subscriber identity module
- SIM subscriber identity module
- eSIM embedded SIM
- eUICC embedded SIM
- eUICC provides network access authentication function similar to existing detachable UICC, but due to its physical structure, eUICC should be able to handle network access of multiple operators with one UICC, and there are many issues such as eUICC opening / distribution / subscriber information security. And it is necessary to prepare a plan for this.
- international standardization bodies such as GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM vendors, as well as necessary elements including top-level structures.
- An object of the present invention for overcoming the above problems is to provide an efficient shared file management method in a multi-profile environment.
- Another object of the present invention is to provide a subscriber authentication device using the shared file management method.
- a file management method of a subscriber authentication module installed in a terminal device for achieving the above object comprises a file structure for at least one profile and included in the file structure upon request. Managing one or more files.
- the file contains state information of one or more network connection applications.
- the file structure also includes a master file and one or more files associated with the master file.
- One or more files associated with the master file include an application directory file containing a list of network connection applications and status information of each network connection application.
- the state of the network connection application may be activated or deactivated.
- the file management method may further include receiving the request from an external companion device.
- the external companion device includes a mobile network operator server or a subscription manager module.
- the file management method may further include receiving the request from a shared file manager or profile located in the subscriber authentication module.
- Managing one or more files included in the file structure in response to the request may include updating data stored in the application directory file according to a request having access authority.
- the access right for updating the application directory file according to the present invention is based on administrator (ADM) authentication.
- the managing of the file included in the file structure according to the request may further include registering network connection application related information on a profile added when a new profile is installed.
- a subscriber authentication device installed in a terminal device.
- the subscriber authentication device includes a shared file storage unit for storing one or more profile-related files, and the file storage unit is one associated with the one or more profiles. State information of the above network connection application is included.
- the shared file storage unit may include a master file and one or more files associated with the master file.
- the subscriber authentication device may further include a shared file manager that manages one or more files included in the shared file storage.
- the one or more profiles may manage related files included in the shared file storage.
- One or more files or file information included in the shared file storage unit may be changed by a request of the profile, the shared file manager, or an external companion device.
- the role and development scope between eUICC's eco-system operators such as an eUICC card manufacturer, a network service provider, and a profile management server can be specified.
- FIG. 1 is a block diagram of an eUICC according to an embodiment of the present invention.
- FIG. 2 is a view showing an embodiment of a file structure for a subscriber authentication apparatus according to the present invention.
- 3 is a data structure diagram of an application directory file for UICC.
- FIG. 4 is a data structure diagram of an application directory file according to a preferred embodiment of the present invention.
- FIG. 5 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when there is no profile.
- FIG. 6 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when a profile is installed.
- FIG. 7 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when a profile is additionally installed.
- FIG. 8 is a flowchart illustrating an operation of a method of updating directory data according to the present invention.
- FIG. 9 is a flowchart illustrating an operation of another method of updating directory data according to the present invention.
- FIG. 10 is a flowchart illustrating operations of a directory data updating method according to another embodiment of the present invention.
- FIG. 11 is a flowchart illustrating operations of a directory data updating method according to another embodiment of the present invention.
- FIG. 12 is a flowchart illustrating a method of managing a shared file according to an exemplary embodiment of the present invention.
- eUICC embedded UICC
- eSIM embedded SIM
- the term 'terminal' includes a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber unit, It may be referred to as a subscriber station (SS), a wireless device, a wireless communication device, a wireless transmit / receive unit (WTRU), mobile node, mobile or other terms.
- Various embodiments of the terminal may be photographed such as a cellular telephone, a smart phone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, or a digital camera having a wireless communication function.
- PDA personal digital assistant
- Devices, gaming devices with wireless communications capabilities, music storage and playback appliances with wireless communications capabilities, internet appliances with wireless Internet access and browsing, as well as portable units or terminals incorporating combinations of such functions. have.
- the terminal may include a machine to machine (M2M) terminal, a machine type communication (MTC) terminal / device, but is not limited thereto.
- M2M machine to machine
- MTC machine type communication
- each block or step described herein may represent a portion of a module, segment, or code that includes one or more executable instructions for executing a particular logical function (s).
- a particular logical function s.
- the functions noted in the blocks or steps may occur out of order. For example, it is also possible that two blocks or steps shown in succession are performed simultaneously, or that the blocks or steps are sometimes performed in the reverse order, depending on the function in question.
- Removable UICCs are generally developed in accordance with the specifications of network operators (MNOs), and their structure and data values remain unchanged except for personalization-related data (eg, MSISDN) after commercialization.
- MNOs network operators
- MSISDN personalization-related data
- a multi-profile may exist on the eUICC, and a profile may be added, changed state or deleted even when the eUICC is commercially operated.
- eUICC can be used by multiple network operators (MNOs) with one chip due to its physical characteristics, and in this case, it is necessary to support the same file structure, security characteristics, logical characteristics, and commands as the existing removable UICC.
- MNOs network operators
- the present invention provides a method for efficiently managing shared files in an eUICC to provide a file structure and a function compatible with an existing UICC in a multi-profile environment.
- the present invention intends to suggest a solution for a specific file structure of an eUICC including a multiple profile, and is not specifically defined in the current standard in this regard.
- FIG. 1 is a block diagram of an eUICC according to an embodiment of the present invention.
- the components to be described below with reference to FIG. 1 may be defined by functions that each performs as components defined by functional divisions, not physical divisions.
- Each of the components may be implemented in hardware and / or program code and a processing unit for performing each function, and the functions of two or more components may be included in one component and implemented.
- the eUICC 100 may include a profile 110 and a shared file storage unit 130, and may optionally include a shared file manager 120.
- Profile 110 is a module that includes one or more network connection applications (including parameter data, file structure, etc. for network connection) and network connection credentials.
- the profile can be accessed with a unique value (ID) on the eUICC, and the types of profile include a provisioning profile and an operator profile.
- ID unique value
- Provisioning profile when installed on eUICC to provide transport capability for eUICC and profile management between eUICC and Subscription Manager-Secure Routing (SM-SR), allows access to the communications network.
- SM-SR Subscription Manager-Secure Routing
- a profile containing one or more network connection applications and associated network connection credentials.
- An operator profile is a profile that includes one or more network connection applications and associated connection credentials.
- the shared file storage unit 130 stores one or more profile related files.
- the file store also includes state information of one or more network connected applications associated with one or more profiles.
- the file structure stored in the shared file storage 130 includes a master file and one or more files associated with the master file, where the one or more files associated with the master file include a list of network connection applications and status information of each network connection application. Contains application directory files.
- the eUICC may optionally include a shared file manager 120.
- the shared file manager 120 manages one or more files included in the shared file storage 130, and registers, changes, and deletes a network connection application with respect to one or more files included in the shared file storage 130. You can request
- the profile 110 may manage one or more files included in the shared file storage 130, and the shared file storage 130 For the one or more files included in the network connection application can be requested to register, change status, delete, and the like.
- the eUICC 100 may be connected to one or more external interworking devices 200 and interwork with a mobile network operator-over the air (MNO-OTA) and an MNO core network (not shown).
- MNO-OTA mobile network operator-over the air
- MNO core network not shown
- the at least one external companion device 200 may be, for example, a subscription management module (SM), a profile owner server (MNO) server, or the like.
- SM subscription management module
- MNO profile owner server
- the MNO-OTA and MNO core networks are operated by an entity that provides communication services to customers via a mobile network, namely a mobile network operator, and communicate with the terminal.
- the subscription management module is responsible for securely performing a function of directly managing service provider profiles and provisioning profiles on the eUICC.
- the subscription management module also performs the role of preparing the operator profile and the provisioning profiles to be securely provisioned on the eUICC, eg, encryption of the profile.
- the eUICC is a network connection application (NAA) of a profile (an active profile or an installed profile) in a manner compatible with an existing UICC (i.e., a removable UICC) even when the profile is changed. It provides a way to choose.
- NAA network connection application
- a specific embodiment of the method for selecting a network connection application of a profile includes a method of directly selecting using an application identifier (AID) and a direct selection using a partial value of an AID.
- AID application identifier
- the eUICC according to the present invention preferably supports an application-independent, file structure and protocol defined in ETSI TS 102 221 to be compatible with the existing UICC irrespective of the profile installation and profile state.
- the present invention provides a file structure and management method when several profiles are dynamically installed.
- the eUICC by defining a shared file structure including an application list installed in the eUICC, an eUICC ID, a preferred language, and the like in a multi-profile environment, the eUICC provides a data structure compatible with an existing removable USIM card and a network access function. .
- the present invention also provides a method for managing an application list in the EF DIR and a method for managing shared file access conditions according to profile installation / deletion.
- FIG. 2 is a view showing an embodiment of a file structure for a subscriber authentication apparatus according to the present invention.
- the master file MF Master File 3000 is located at the top, and three essential files (EF: Elementary File (EF) 3100) are located below the MF 3000.
- EF Elementary File
- Preferred Languages ( PL ) 3130, EF ICCID (ICC Identification) 3110, EF DIR (Directory) 3120, and Dedicated File (DF) 3200 for phonebook information are disposed.
- the network connection application is composed of a separate ADF (Application DF) (for example, ADF1 (3311, ADF2 3331) shown in Figure 2), the application ID (AID) and the application label ( The label values 3310 and 3320 are included in the EF DIR 3300 under the MF for reference.
- ADF Application DF
- ADF1 3311, ADF2 33311
- AID application ID
- the label values 3310 and 3320 are included in the EF DIR 3300 under the MF for reference.
- the EF PL 3130 is a file containing n preferred language codes
- the EF ICCID 3110 is a file containing a unique identification number for the UICC.
- the EF DIR 3300 is a file having a list of first level applications (eg, USIM) installed in the UICC.
- first level applications eg, USIM
- the EF and the DFs located below the MF 3000 may be referred to as a shared file system.
- the EF PL 3130, the EF ICCID 3110, and the EF DIR 3300 are disposed under the master file 3000 as an essential file, as shown in FIG. File structures can be used.
- the EF PL 3130 is a file including a preferred language code, and may include a list of language codes of countries that can provide services with the eUICC, and if necessary, the language codes set in the current terminal to have the highest priority. Updatable
- the update access authority of the EF PL 3130 is a user identification number (User PIN), if the user enters the user identification number normally, language code priority can be changed.
- the EF ICCID 3100 is a file containing a unique identification number of the UICC.
- the value is a value that does not change after the initial recording. Therefore, even in the case of adding or deleting a profile, the value cannot be modified and no separate management function is required.
- the EF DIR 3300 includes an identifier of an application installed in the UICC, so that the terminal may select a required application by referring to a corresponding value when initializing the UICC and perform network access authentication.
- the EF DIR 3300 needs to be able to add / delete an AID (Application Identifier) value of a network access application of the corresponding profile according to the profile addition / deletion.
- the update access authority of the EF DIR (3300) is administrator authentication (ADM). It is also necessary to review the security of the value management.
- the present invention provides a method for managing shared files for UICC in a multi-profile environment. More specifically, a method of managing UICC shared files in an environment in which network-connected applications related to a profile are added, changed, or deleted according to a profile change, for example, a profile is added, a profile is changed, or a profile is deleted. To present.
- the present invention includes embodiments of a shared file management method as defined below for eUICC in a multi-profile environment.
- a network access application may not initially exist on an eUICC, and when several profiles are installed, several network access applications may be added. Can be. Therefore, when the network access application is added or deleted, it is necessary to check the validity of the application ID (AID) of the NAA to be added or deleted, and to add or delete the corresponding value to the EF DIR .
- AID application ID
- a second embodiment of the shared file management method according to the present invention includes a state management method according to a network connection application state change.
- the network connection application state is changed to activated / deactivated, it will be essential that the state management method related to application state change according to the present invention is essential.
- a third embodiment of the method for managing a shared file according to the present invention provides security for granting administrator authority and managing value (ADM) of access rights of shared files.
- ADM administrator authority and managing value
- NAA corresponding to this modified / deleted profile related data is required. This is because the connection authentication may not be possible.
- 3 is a data structure diagram of an application directory file for UICC.
- the application directory file EF DIR 4000 for UICC includes AID TLV 4001 and label TLV 4002 entries, and includes several records 4100 as shown at the bottom of FIG. 3.
- an application template data object including an application identifier (AID) and a corresponding application label forms one record 4100.
- the AID is shown as "2F00", and the EF DIR data update authority for the corresponding AID may be confirmed by being set as an administrator authentication (ADM).
- ADM administrator authentication
- FIG. 4 is a data structure diagram of an application directory file according to a preferred embodiment of the present invention.
- the application directory file according to the preferred embodiment of the present invention shown in FIG. 4 includes an AID TLV, a label TLV, and an LCSI TLV 5003 item.
- the status code item 5003 has been added for the state management of the NAA in the multi-profile environment.
- a Life Cycle Status Integer (LCSI) 5003 item of a network connected application indicates a current state of the corresponding application.
- the application life cycle state value may be known through the FCI at the time of application selection, but it may be necessary to know the state value of the application before each application selection, such as when the terminal requests the user to select one of several applications.
- the external companion device for example, the terminal, etc.
- the external companion device can easily grasp the list of the connected applications in the active state only by referring to the corresponding file.
- FIG. 5 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when there is no profile.
- FIG. 5 shows the file structure and file data of a directory when there is no profile installed in the initial eUICC and there is no selectable NAA.
- the EF DIR data 5000 is empty.
- FIG. 6 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when a profile is installed.
- FIG. 6 shows the state of the application directory file when there is no profile installed in the file as shown in FIG. 5, but, for example, profile 1 is installed and NAA1 6100 is added.
- ADF1 for NAA1 is added as an eUICC file structure, and accordingly, AID value, label, and state value 5003 data for ADF1 is added to EF DIR 5000.
- the operating state value 5003 of NAA1 is set to "activated".
- FIG. 7 illustrates data of a file structure and an application directory file according to an embodiment of the present invention when a profile is additionally installed.
- FIG. 7 illustrates a state in which profile 2 is additionally installed in the situation shown in the embodiment of FIG. 6, so that NAA2 6200 of profile 2 is added.
- ADF2 for NAA2 has been added as an eUICC file structure.
- NAA2 record is included in the EF DIR file 5000. As it is added, the value of NAA1 changes to inactive.
- the EF DIR update access right is administrator authentication (ADM).
- the ADM value for gaining administrator authority is usually 8 hexadecimal digits, the same as the User PIN (User Personal Identification Number), and the gain of authority through ADM value is obtained after valid value authentication through VERIFY PIN command. It is possible.
- the method of updating EF DIR data according to the addition of a network connection application is largely a method of managing ADM values in an external interworking device and an eUICC internal module. There are two ways to manage ADM values.
- the ADM value is owned by shared file management
- the directory data updating method according to the present invention may further include an update method through OTA by an external companion device, for example, a profile owner or an external shared file manager, without using an ADM value authentication method.
- an external companion device for example, a profile owner or an external shared file manager
- FIG. 8 is a flowchart illustrating an operation of a method of updating directory data according to the present invention.
- An embodiment of the present invention illustrated in FIG. 8 is performed when the external companion device 400 registers the NAA in the EF DIR 3300 after the profile installation is completed, when the external companion device 400 manages the ADM value. For example.
- the preferred embodiment of the external companion device 400 may include a subscription management module (SM) or a profile owner server (MNO server).
- SM subscription management module
- MNO server profile owner server
- the procedure for registering the NAA list of the profile to the EF DIR 3300 by the external interworking device 400 may be performed after obtaining EF DIR update authority through ADM authentication (S810), selecting EF DIR (S820), and selecting EF DIR.
- Error processing that may occur at this time and subsequent processing such as registration retry according to the error may be performed in the external companion device 400.
- the external companion device 400 When the ADM value is managed by the external companion device 400, the external companion device 400 must be a device or module trusted by the profile owner (for example, MNO), and the initial ADM value is generated, distributed, and updated. And the like can be performed in a manner trusted by the profile owner.
- the profile owner for example, MNO
- FIG. 9 is a flowchart illustrating an operation of another method of updating directory data according to the present invention.
- each profile 110 located in an eUICC internal module owns an ADM value to directly generate a profile-related NAA list in the profile 110 itself.
- an embodiment of a method of registering a NAA in an EF DIR is shown.
- the procedure of registering the NAA in the EF DIR may be performed at the time of profile data installation (S910).
- the procedure for registering the NAA in the EF DIR is the same as the embodiment described above with reference to FIG. 8.
- the EF DIR update authority acquisition step (S921), the EF DIR selection step (S922), and the unused record number after the EF DIR selection are performed through ADM authentication.
- an error that may occur in the registration process may be processed by the profile 110 itself, and the profile 110 may return an appropriate processing result such as success or failure to the external companion device 400 (S930).
- the interface between the profile and the shared file system in the eUICC may be a UICC application programming interface (API) defined in ETSI TS 102 241.
- API application programming interface
- a procedure of changing or deleting a state value of a NAA record of a corresponding profile 110 in the EF DIR may be required through a procedure similar to registration.
- the probable error must be handled by the profile itself 110 and should be able to return an appropriate processing result to the external companion device 400.
- the eUICC issuer needs to distribute the ADM value of the eUICC to the owner of each profile, in which case a reliable scheme may be needed between the profile owner and the eUICC issuer.
- the network service provider network service provider
- the network service provider may need a method for securing the security and reliability of the data of the shared file of the eUICC.
- FIG. 10 is a flowchart illustrating operations of a directory data updating method according to another embodiment of the present invention.
- FIG. 10 illustrates a case in which the shared file manager 120 separately exists in the eUICC internal module owns an ADM value and the shared file manager 120 manages a profile related NAA list among directory data update methods according to the present invention.
- a preferred embodiment of registering NAA in EF DIR is shown.
- the procedure of registering NAA in the EF DIR is shared by the installed profile 110 at the time when profile data is installed in the eUICC according to the profile installation request (S1010) of the external companion device 400.
- the file management unit 120 starts by requesting registration (REGISTER) (S1021).
- the procedure for registering the NAA in the EF DIR is similar to the steps described above with respect to other embodiments.
- the EF DIR update authority acquisition step (S1031), the EF DIR selection step (S1032), and the unused record number after the EF DIR selection are performed through ADM authentication.
- the shared file management unit 120 may determine an error situation, such as the validity of the NAA AID to be registered, whether or not to overlap with the pre-registered AID, whether the available record exists, and return the appropriate error contents to the profile (S1022, S1023). , Or S1024).
- the UICC application programming interface defined in ETSI TS 102 241 may be used, as in the embodiment described above with reference to FIG. 9.
- An exemplary interface between the profile 110 and the shared file manager 120 may be defined as described below.
- the module may provide functions such as NAA registration, state change, and NAA deletion as an internal interface.
- an application programming interface (API) for calling each function may include, for example, the following commands.
- NAAs list, initial state it can be used to register (the profile) NAA in EF DIR, and as a parameter includes a list of NAA and the initial state.
- NAA ID is used to change the state of the register DIR NAA to EF, and the parameter comprises a state change and NAA ID.
- NAA ID list or NAAs it is used to delete the NAA register DIR to the EF, and the parameter to be deleted includes a list ID NAA or NAA.
- the profile 110 changes the state value of its NAA record in the EF DIR to the shared file manager 120 through the internal interworking interface, similarly to the registration procedure. May be requested to be deleted or to be deleted.
- the error that may occur may be determined by the shared file manager 120 to inform an appropriate error situation in the profile 110.
- the profile owner does not need to know the ADM value.
- the shared file manager 120 manages the ADM value, the eUICC shared file data is less likely to be changed or deleted by another module, thereby ensuring the reliability and safety of the shared file data.
- FIG. 11 is a flowchart illustrating operations of a directory data updating method according to another embodiment of the present invention.
- FIG. 11 illustrates an embodiment of a method of registering NAA in EF DIR in the case of managing a shared file through OTA among the above-described method of updating directory data according to the present invention.
- an SMS message used in a mobile communication system may be utilized.
- the embodiment shown in FIG. 11 also proceeds to a procedure similar to the other embodiments described above, considering only the command portion input to the actual eUICC card except for the SMS (Short Message Service) message processing portion on the network.
- SMS Short Message Service
- a method of managing a shared file through OTA may ensure the confidentiality and integrity of a message through a pre-shared OTA key.
- error handling that may occur may be performed by a module that processes an OTA message.
- the external companion device 400 also changes the NAA record state value of the corresponding profile of the EF DIR through the OTA message, similarly to the registration, when the profile state is changed or deleted. You can delete it.
- possible error handling and subsequent actions may be performed by the external companion device 400, that is, a module that generates and processes the actual OTA message.
- the device 400 must be a module trusted by the profile owner (eg, MNO) and manages the creation, distribution, and updating of initial OTA key values. Is performed in a manner that the profile owner can trust.
- the profile owner eg, MNO
- FIG. 12 is a flowchart illustrating a method of managing a shared file according to an exemplary embodiment of the present invention.
- a shared file configuration step (S1200) and a shared file data update step (S1300) for one or more profiles may be included.
- the shared file for one or more profiles according to the present invention has a file structure as discussed above with reference to FIGS. 4 through 7. That is, the shared file structure for the eUICC according to the present invention includes a master file and one or more files associated with the master file.
- the one or more files associated with the master file may include an application directory file
- the application directory file may include an application directory file including a list of network connection applications and status information of each network connection application.
- the state of the network connection application may be an active or inactive state.
- the shared file data update step S1300 may include detailed steps as shown in FIG. 12. That is, by checking whether there is a profile to be additionally installed (S1310), and if there is a profile to be installed, an update authority is obtained through administrator authentication (S1320). When the update authority is obtained, an application directory file is selected (S1330), an unused record number is searched (S1340), and the network access application related update of the corresponding profile is performed to the found unused record number (S1350).
- the subject of the shared file data update S1300 according to the present invention may be the shared file storage unit 130.
- the shared file manager 120 or the profile 110 performs an update.
- the profile 110 or the external companion device performs an update.
- the shared file management method according to the present invention including the above-described steps, operation procedures, and instructions through the above embodiments may be implemented as computer-readable program code on a computer-readable recording medium.
- Computer-readable recording media include all types of recording devices that store data that can be read by a computer system. For example, there are ROM, RAM, CD-ROM, DVD-ROM, Blu-ray, magnetic tape, floppy disk, optical data storage, and the like, and also include those implemented in the form of a carrier wave (eg, transmission over the Internet). .
- the computer readable recording medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
- the functional program code for carrying out the technical idea of the present invention can be easily inferred by programmers in the technical field to which the present invention belongs.
- the required files are the preferred language file (EF PL ), the unique identifier file (EF ICCID ), and the network connection application list file (EF DIR ). Is a file that does not occur.
- the network connection application list file (EF DIR ) needs to update data as the profile is installed, changed state, or deleted.
- EF DIR network connection application list file
- a shared file management method is proposed. Specifically, in the multi-profile environment, various methods for adding, changing status, and deleting networked applications are specified in the networked application list file, and security issues and related processing procedures for each method are defined.
- eUICC eco-system operators of eUICC
- eUICC card manufacturers such as eUICC card manufacturers, network service providers, profile management server.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (21)
- 단말 장치에 내장되어 설치되는 가입자 인증 모듈의 파일 관리 방법으로서,하나 이상의 프로파일에 대한 파일 구조(structure)를 구성하는 단계; 및요청에 따라 상기 파일 구조에 포함된 하나 이상의 파일을 관리하는 단계를 포함하는, 파일 관리 방법.
- 청구항 1에 있어서,상기 파일은 하나 이상의 네트워크 접속 어플리케이션의 상태 정보를 포함하는, 파일 관리 방법.
- 청구항 1에 있어서,상기 파일 구조는,마스터 파일 및 상기 마스터 파일과 연관된 하나 이상의 파일을 포함하는, 파일 관리 방법.
- 청구항 3에 있어서,상기 마스터 파일과 연관된 하나 이상의 파일은,네트워크 접속 어플리케이션 리스트 및 각 네트워크 접속 어플리케이션의 상태 정보를 포함하는 어플리케이션 디렉토리 파일을 포함하는, 파일 관리 방법.
- 청구항 4에 있어서,상기 네트워크 접속 어플리케이션의 상태는 활성(activated) 또는 비활성(deactivated) 상태인, 파일 관리 방법.
- 청구항 1에 있어서,외부 연동 장치로부터 상기 요청을 수신하는 단계를 더 포함하는, 파일 관리 방법.
- 청구항 6에 있어서,상기 외부 연동 장치는,이동 네트워크 사업자(Mobile Network Operator) 서버 또는 가입 관리 모듈(Subscription Manager)을 포함하는, 파일 관리 방법.
- 청구항 1에 있어서,상기 가입자 인증 모듈 내에 위치하는 공유 파일 관리부 또는 프로파일로부터 상기 요청을 수신하는 단계를 더 포함하는, 파일 관리 방법.
- 청구항 4에 있어서,상기 요청에 따라 상기 파일 구조에 포함된 하나 이상의 파일을 관리하는 단계는,접근 권한을 갖는 요청에 따라 상기 어플리케이션 디렉토리 파일이 저장하는 데이터를 업데이트하는 단계를 포함하는, 파일 관리 방법.
- 청구항 9에 있어서,상기 접근 권한은 관리자 인증에 기초하는, 파일 관리 방법.
- 청구항 1에 있어서,상기 요청에 따라 상기 파일 구조에 포함된 하나 이상의 파일을 관리하는 단계는,새로운 프로파일이 설치되는 경우 추가되는 프로파일에 대한 네트워크 접속 어플리케이션 관련 정보를 등록하는 단계를 더 포함하는, 파일 관리 방법.
- 단말 장치에 내장되어 설치되는 가입자 인증 장치로서,하나 이상의 프로파일 관련 파일을 저장하는 공유 파일 저장부를 포함하고,상기 파일 저장부는 상기 하나 이상의 프로파일과 관련된 하나 이상의 네트워크 접속 어플리케이션의 상태 정보를 포함하는, 가입자 인증 장치.
- 청구항 12에 있어서,상기 공유 파일 저장부는,마스터 파일 및 상기 마스터 파일과 연관된 하나 이상의 파일을 포함하는, 가입자 인증 장치.
- 청구항 13에 있어서,상기 마스터 파일과 연관된 하나 이상의 파일은,네트워크 접속 어플리케이션 리스트 및 각 네트워크 접속 어플리케이션의 상태 정보를 포함하는 어플리케이션 디렉토리 파일을 포함하는, 가입자 인증 장치.
- 청구항 12에 있어서,상기 공유 파일 저장부에 포함된 하나 이상의 파일을 관리하는 공유 파일 관리부를 더 포함하는, 가입자 인증 장치.
- 청구항 12에 있어서,상기 하나 이상의 프로파일은 상기 공유 파일 저장부에 포함된 관련 파일을 관리하는, 가입자 인증 장치.
- 청구항 12에 있어서,상기 공유 파일 저장부가 포함하는 하나 이상의 파일 또는 파일 정보는,상기 프로파일, 또는 상기 공유 파일 관리부, 또는 외부 연동 장치의 요청에 의해 변경되는, 가입자 인증 장치.9
- 청구항 17에 있어서,상기 외부 연동 장치는 이동 네트워크 사업자(Mobile Network Operator) 서버 또는 가입 관리 모듈(Subscription Manager)을 포함하는, 가입자 인증 장치.
- 청구항 18에 있어서,상기 어플리케이션 디렉토리 파일이 저장하는 데이터는 접근 권한을 갖는 요청에 따라 업데이트되는, 가입자 인증 장치.
- 청구항 19에 있어서,업데이트를 위한 상기 접근 권한은 관리자 인증에 기초하는, 가입자 인증 장치.
- 청구항 12에 있어서,상기 네트워크 접속 어플리케이션의 상태는 활성(activated) 또는 비활성(deactivated) 상태인, 가입자 인증 장치.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/424,286 US20150271173A1 (en) | 2012-08-29 | 2013-08-22 | Method of managing shared file and device for authenticating subscriber by using same |
US15/696,284 US10862881B2 (en) | 2012-08-29 | 2017-09-06 | Method of managing shared files and device for authenticating subscriber by using same |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20120094803 | 2012-08-29 | ||
KR10-2012-0094803 | 2012-08-29 | ||
KR10-2013-0057765 | 2013-05-22 | ||
KR1020130057765A KR102067474B1 (ko) | 2012-08-29 | 2013-05-22 | 공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/424,286 A-371-Of-International US20150271173A1 (en) | 2012-08-29 | 2013-08-22 | Method of managing shared file and device for authenticating subscriber by using same |
US15/696,284 Continuation US10862881B2 (en) | 2012-08-29 | 2017-09-06 | Method of managing shared files and device for authenticating subscriber by using same |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014035092A1 true WO2014035092A1 (ko) | 2014-03-06 |
Family
ID=50183850
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2013/007518 WO2014035092A1 (ko) | 2012-08-29 | 2013-08-22 | 공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2014035092A1 (ko) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016010387A1 (en) * | 2014-07-17 | 2016-01-21 | Samsung Electronics Co., Ltd. | Method and device for updating profile management server |
WO2016068550A1 (en) * | 2014-10-27 | 2016-05-06 | Samsung Electronics Co., Ltd. | Method of changing profile using identification module and electronic device implementing same |
CN107005837A (zh) * | 2014-11-17 | 2017-08-01 | 三星电子株式会社 | 用于通信系统中的简档安装的装置和方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20080065158A (ko) * | 2007-01-08 | 2008-07-11 | 주식회사 케이티프리텔 | 컴퓨터와 이동통신 단말기간의 컨텐츠 공유 방법 및 장치 |
US20110154220A1 (en) * | 2005-07-22 | 2011-06-23 | Rathod Yogesh Chunilal | Method and system for publishing and subscribing in social network |
US8090844B2 (en) * | 2004-10-08 | 2012-01-03 | Truecontext Corporation | Content management across shared, mobile file systems |
US20120041903A1 (en) * | 2009-01-08 | 2012-02-16 | Liesl Jane Beilby | Chatbots |
-
2013
- 2013-08-22 WO PCT/KR2013/007518 patent/WO2014035092A1/ko active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8090844B2 (en) * | 2004-10-08 | 2012-01-03 | Truecontext Corporation | Content management across shared, mobile file systems |
US20110154220A1 (en) * | 2005-07-22 | 2011-06-23 | Rathod Yogesh Chunilal | Method and system for publishing and subscribing in social network |
KR20080065158A (ko) * | 2007-01-08 | 2008-07-11 | 주식회사 케이티프리텔 | 컴퓨터와 이동통신 단말기간의 컨텐츠 공유 방법 및 장치 |
US20120041903A1 (en) * | 2009-01-08 | 2012-02-16 | Liesl Jane Beilby | Chatbots |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016010387A1 (en) * | 2014-07-17 | 2016-01-21 | Samsung Electronics Co., Ltd. | Method and device for updating profile management server |
US10129736B2 (en) | 2014-07-17 | 2018-11-13 | Samsung Electronics Co., Ltd. | Method and device for updating profile management server |
WO2016068550A1 (en) * | 2014-10-27 | 2016-05-06 | Samsung Electronics Co., Ltd. | Method of changing profile using identification module and electronic device implementing same |
US10194316B2 (en) | 2014-10-27 | 2019-01-29 | Samsung Electronics Co., Ltd. | Method of changing profile using identification module and electronic device implementing same |
US10531285B2 (en) | 2014-10-27 | 2020-01-07 | Samsung Electronics Co., Ltd. | Method of changing profile using identification module and electronic device implementing same |
CN107005837A (zh) * | 2014-11-17 | 2017-08-01 | 三星电子株式会社 | 用于通信系统中的简档安装的装置和方法 |
CN107005837B (zh) * | 2014-11-17 | 2020-12-18 | 三星电子株式会社 | 用于通信系统中的简档安装的装置和方法 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016153303A1 (ko) | 무선 통신 시스템에서 단말의 프로파일 설치 방법 및 장치 | |
WO2015163623A1 (en) | Method and apparatus for provisioning profiles | |
WO2016153281A1 (ko) | 무선 통신 시스템에서 프로파일을 다운로드 하는 방법 및 장치 | |
WO2013066077A1 (ko) | 내장 uicc 내 다수의 프로파일 관리 방법과 이를 위한 내장 uicc 및 단말 | |
WO2016153323A1 (ko) | 이동통신시스템에서 단말을 변경하여 이동 통신 서비스를 이용하는 방법 및 장치 | |
WO2013009044A2 (ko) | 특수 권한 기반의 내장 sim의 mno 변경방법 및 그를 위한 내장 sim과 기록매체 | |
WO2014092385A1 (ko) | 프로비져닝 프로파일을 이용하여 이동 통신 네트워크 사업자를 선택하는 방법 및 이를 이용하는 장치 | |
WO2020145623A1 (en) | Apparatus and method for handling esim profile for issp device | |
WO2016024695A1 (en) | Method and apparatus for profile download of group devices | |
WO2013009045A2 (ko) | 동적 키 생성 기반의 내장 sim의 mno 변경방법 및 그를 위한 내장 sim과 기록매체 | |
WO2013176499A2 (ko) | 정책 규칙 관리 실행을 위한 방법 및 eUICC | |
WO2014030893A1 (ko) | 단말 장치에 내장되어 설치되는 가입자 인증 모듈의 프로파일 관리 방법 및 이를 이용하는 가입자 인증 장치 | |
WO2014077544A1 (ko) | 단말 장치에 내장되어 설치되는 가입자 인증 모듈의 프로파일 구성 방법 및 이를 이용하는 장치 | |
WO2013036010A1 (ko) | 내장 uicc의 인증정보를 이용한 인증방법과, 그를 이용한 프로비저닝 및 mno 변경 방법, 그를 위한 내장 uicc, mno 시스템 및 기록매체 | |
WO2018147711A1 (en) | APPARATUS AND METHOD FOR ACCESS CONTROL ON eSIM | |
KR102067474B1 (ko) | 공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 | |
WO2020167063A1 (en) | Method and apparatus for downloading bundle to smart secure platform by using activation code | |
WO2016080595A1 (ko) | 멀티 넘버 서비스 제공 방법 | |
WO2020032445A1 (en) | Electronic device, external electronic device, and method of managing embedded subscriber identity modules of external electronic device | |
WO2020032353A1 (ko) | 전자 장치, 외부 전자 장치 및 외부 전자 장치의 esim 관리 방법 | |
WO2020055034A1 (ko) | 스마트 보안 매체에 설치된 번들의 동시 활성화 관리 방법 및 장치 | |
WO2014035092A1 (ko) | 공유 파일 관리 방법 및 이를 이용하는 가입자 인증 장치 | |
WO2014073836A1 (ko) | 가입자 인증 장치를 내장한 단말 장치 및 이를 위한 프로파일 선택 방법 | |
WO2014046421A1 (ko) | eUICC의 식별자 관리 방법 및 그 장치 | |
WO2022031148A1 (en) | Method and apparatus for installing and managing multiple esim profiles |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13832520 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14424286 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 26/06/2015) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13832520 Country of ref document: EP Kind code of ref document: A1 |