WO2014073836A1 - Terminal device having subscriber identity device and method for selecting profile therefor - Google Patents

Terminal device having subscriber identity device and method for selecting profile therefor Download PDF

Info

Publication number
WO2014073836A1
WO2014073836A1 PCT/KR2013/009954 KR2013009954W WO2014073836A1 WO 2014073836 A1 WO2014073836 A1 WO 2014073836A1 KR 2013009954 W KR2013009954 W KR 2013009954W WO 2014073836 A1 WO2014073836 A1 WO 2014073836A1
Authority
WO
WIPO (PCT)
Prior art keywords
profile
application
information
communication network
provisioning
Prior art date
Application number
PCT/KR2013/009954
Other languages
French (fr)
Korean (ko)
Inventor
이형진
김관래
박철현
서명희
이진형
정윤필
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to KR10-2012-0124606 priority Critical
Priority to KR20120124606 priority
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority to KR1020130133421A priority patent/KR20140058377A/en
Priority to KR10-2013-0133421 priority
Priority claimed from US14/440,131 external-priority patent/US10111092B2/en
Publication of WO2014073836A1 publication Critical patent/WO2014073836A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/183Processing at user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Abstract

Disclosed are a terminal device having a subscriber identity device and a method for selecting a profile therefor. A mobile communication terminal device comprises: a subscriber identity module having a profile; a network authentication unit which performs an authentication procedure for a communication network on the basis of a provisioning profile among profiles, and which receives authentication completion information from an operator server of the communication network; and a network access unit which accesses the communication network on the basis of the authentication completion information, and which receives a service from the operator server on the basis of an operating profile corresponding to an operator of the communication network among the profiles. The subscriber identity device comprises: a first storage unit for storing the provisioning profile having authentication information on the communication network; a second storage unit for storing the operating profile having service access information so as to receive the service of the communication network; and a component file storage unit for storing a component file having attribute information on the profiles so as to select a profile.

Description

Terminal device with embedded subscriber authentication device and profile selection method therefor

The present invention relates to a technique for selecting a profile stored in an embedded general-purpose IC card, and more particularly, to a configuration of attribute information of a profile and a procedure of selecting a specific profile in the terminal device using the same.

A UICC (Universal Integrated Circuit Card) is a smart card that can be inserted into a terminal and used as a module for user authentication with a mobile communication network subscribed to by a user. UICC includes network information (International Mobile Subscriber Identity, Home Public Land Mobile Network, etc.), user information (Short Message Service, etc.) and telephone book (Phonebook), etc. can be stored. UICC is also known as a Subscriber Identity Module (SIM) card for Global System for Mobile communications (GSM), Wideband Code Division Multiple Access (WCDMA), and Universal Subscriber Identity Module (USIM) for Long Term Evolution (LTE). do.

Network access applications (NAAs), which are applications for accessing various networks of these operators, have been included in the UICC.

When the user mounts the UICC on the user's terminal, user authentication is made with the mobile communication network automatically subscribed using the information stored in the UICC, and the user can conveniently receive the mobile communication service through the terminal. In addition, the user can easily replace the terminal by removing the UICC from the existing terminal and mounted on a new terminal. And when the user wants to change the mobile communication provider, it is possible to simply change the mobile communication provider by replacing the UICC removed from the existing terminal with the UICC of the operator to change.

And by changing the UICC of the desired MNO can easily change the MNO to use the terminal. That is, in the conventional UICC environment, the SIM profile prepared in advance according to the requirements of the MNO is embedded in a separate card and distributed in a separate form from the terminal. A user purchases a terminal and a UICC to subscribe to a service of a specific MNO, inserts a UICC into the terminal, and uses the device after opening according to an opening procedure determined by an operator.

In the case where it is difficult to attach or detach the UICC from the terminal, that is, when the UICC is mounted inside the terminal, for example, a machine to machine (M2M) terminal, which is required to be miniaturized, and manufactured in a structure that is difficult to replace externally, Built-in UICC (Embedded UICC) (eUICC) to provide the same service as the removable UICC even when provided as a chip-integrated structure instead of a detachable structure for the case where shock and heat durability are required rather than the removable plastic structure UICC. A structure has been proposed.

eUICC provides network access authentication function similar to existing detachable UICC, but due to its physical structure, eUICC should be able to handle network access of multiple operators with one UICC, and there are many issues such as eUICC opening / distribution / subscriber information security. And it is necessary to prepare a plan for this. To address this, international standardization bodies such as GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM vendors, as well as necessary elements including top-level structures.

At ETSI, the Working Group (WG) is working to establish the eUICC standard. Currently, a module called profile is defined to post-personalize applications for network access authentication function of various operators to eUICC and remotely Has established requirements for installation and management. In addition, the management policy and application of the profile are discussed, but the specific method is not defined yet.

As such specific details related to profile management of eUICC are not defined, there are many difficulties for eUICC card manufacturers, terminal manufacturers, and eco-system operators to develop and commercialize eUICC. In addition, there is no detailed definition of a procedure for selecting a specific profile or property information of a profile required for selection when one or more profiles are mounted in the eUICC, and thus there is a difficulty in implementing a related function.

The international standard only mentions the definition of a profile, but information for selecting a specific profile in the eUICC, for example, profile type (provisioning profile, production profile), profile provider (or operator), profile status (activation or deactivation) information. And how to obtain a corresponding profile, i.e., information for selecting a specific profile, and how to select a particular profile is not discussed. Therefore, how to configure the profile attribute information such as the type of profile (provisioning profile, operation profile), profile provider (operator), profile state (activation or deactivation) information stored in the eUICC, and the mobile communication terminal may configure the profile attribute. It is necessary to define how to implement the definition of how a specific profile can be selected using the information.

An object of the present invention for solving the above problems is to propose a configuration of the attribute information for the profile stored in the eUICC, and to propose a procedure for selecting a specific profile of the terminal including the eUICC.

Furthermore, profiles for mobile network authentication and access provided by many mobile carriers are stored in a terminal device, and a profile is selected and authenticated and accessed according to need to receive services provided by a mobile communication network provider. The purpose is to make it possible.

In addition, to this end, the present invention proposes a subscriber authentication device and a terminal device having the same.

A mobile communication terminal device according to an embodiment of the present invention for achieving the above object, the subscriber authentication module having at least one profile and the provisioning profile (provisioning profile) of the at least one profile for the communication network A network authentication unit that performs an authentication procedure and receives authentication completion information from a service provider server of a communication network, and accesses a communication network based on the authentication completion information, and an operation profile corresponding to a service provider of the communication network among at least one profile profile) may be configured to include a network connection that receives a service from an operator server.

Herein, the mobile communication terminal device may further include a profile selector for selecting a provisioning profile and an operation profile based on an elementary file including attribute information for at least one profile.

Furthermore, the attribute information may include an application identifier for identifying at least one profile.

Further, the application identifier is composed of an application registration authority identifier (RID) and an application identification extension (PIX, Proprietary application Identifier eXtension), the application identification extension is an application code (application code), country code It may include at least one or more information of a (country code), an application provider code (application provider code) and an application provider field option (application provider field option).

Furthermore, the application code may include classification information for distinguishing at least one type of profile.

Furthermore, the at least one type of profile may include a provisioning profile type, an operation profile type, and an operation profile type containing data of the provisioning profile.

Subscriber authentication device according to another embodiment of the present invention for achieving the above object, in the subscriber authentication device embedded in the mobile communication terminal device to connect to the communication network using at least one profile, authentication information for the communication network A first storage to store at least one provisioning profile with a second storage to store at least one operational profile with service connection information to receive a service of a communication network, and to select at least one profile It may be configured to include an element file storage for storing an elementary file (elementary file) having attribute information for at least one profile.

Here, the subscriber authentication device may further comprise a third storage unit for storing at least one user profile having user information of the mobile communication terminal device.

Herein, the subscriber authentication device may select a provisioning profile and an operation profile based on an elementary file including attribute information about at least one profile.

Further, the attribute information may include application identifier information, application label information, and application state information for any of at least one profile.

Further, the application identifier information includes an application identifier (AID) capable of identifying any profile, and the application identifier includes an application registration identifier (RID) and an application identification extension (PIX). , Proprietary application Identifier eXtension).

Further, the application identification extension may include at least one or more information of an application code, a country code, an application provider code, and an application provider field option. Can be.

Furthermore, the application code may include classification information for distinguishing at least one type of profile.

Furthermore, the at least one type of profile may include a provisioning profile type, an operation profile type, and an operation profile type containing data of the provisioning profile.

According to another aspect of the present invention, there is provided a method for accessing a network of a mobile communication terminal device, the method for accessing a communication network using at least one profile provided in a subscriber authentication module. Performing an authentication procedure for the communication network based on a provisioning profile of the profile and receiving authentication completion information from an operator server of the communication network; accessing the communication network based on the authentication completion information; It may be configured to include the step of receiving a service from the operator server based on the operational profile (operational profile) corresponding to the operator of the communication network of the profile.

Here, before the step of receiving the authentication completion information, further comprising the step of selecting a provisioning profile and the operation profile based on an elementary file (elementary file) containing attribute information for at least one profile to be configured Can be.

Furthermore, the attribute information may include an application identifier for identifying at least one profile.

Further, the application identifier is composed of a registered application provider identifier (RID) and an application identification extension (PIX, Proprietary application Identifier eXtension), the application identification extension is an application code (application code), country code ( It may include at least one or more information of a country code, an application provider code and an application provider field option.

Furthermore, the application code may include classification information for distinguishing at least one type of profile.

Furthermore, the at least one type of profile may include a provisioning profile type, an operation profile type, and an operation profile type containing data of the provisioning profile.

When using a terminal device with a subscriber authentication device and a profile selection method therefor according to the present invention as described above, the terminal device can obtain attribute information on the profile stored in the eUICC, and select a specific profile using the same. The selected profile may be used to access a mobile communication network and provide related services.

Through such a device and method, a user of a terminal device can change a provider network so as to easily access a network of various mobile communication operators, and can receive various related services.

1 is a conceptual diagram illustrating an environment of a mobile communication terminal device and a mobile service provider server according to an embodiment of the present invention.

2 is a conceptual diagram illustrating a mobile communication terminal device and its components according to an embodiment of the present invention.

3 is a block diagram illustrating a subscriber authentication module embedded in a mobile communication terminal device and its stored information according to another embodiment of the present invention.

4 is a conceptual diagram illustrating an application TLV (Tag, Length, Value) object among attribute information of a profile according to an embodiment of the present invention.

5 is a block diagram illustrating an application identifier and its configuration information according to an embodiment of the present invention.

6 is an exemplary view for showing an example of a value of an application identifier for each profile according to an embodiment of the present invention.

7 is a block diagram illustrating a subscriber authentication device and its components according to an embodiment of the present invention.

8 is a flowchart illustrating a profile selection method of a terminal device incorporating a subscriber authentication device according to an embodiment of the present invention.

As the invention allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the written description. However, this is not intended to limit the present invention to specific embodiments, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention. In describing the drawings, similar reference numerals are used for similar elements.

Terms such as first, second, A, and B may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component. The term and / or includes a combination of a plurality of related items or any item of a plurality of related items.

When a component is referred to as being "connected" or "connected" to another component, it may be directly connected to or connected to that other component, but it may be understood that other components may be present in between. Should be. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the present invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms "comprise" or "have" are intended to indicate that there is a feature, number, step, operation, component, part, or combination thereof described in the specification, and one or more other features. It is to be understood that the present invention does not exclude the possibility of the presence or the addition of numbers, steps, operations, components, components, or a combination thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

First, terms used in the present application are defined as follows. The terms to be described below are terms defined in consideration of functions in the present invention, and may be called differently according to the intention or precedent of a client, an operator, or a user. Therefore, the definition of terms should be made based on the contents throughout the specification.

As used herein, the term "operator" refers to a mobile network operator (MNO).

Subscriber authentication module, or subscriber authentication device is an eUICC (embedded UICC) or eSIM (embedded SIM), which is distinguished from the existing removable UICC, is used in the sense of embedded SIM (Subscriber Identity Module) that is integrally mounted when manufacturing the terminal. .

The term eUICC (embedded UICC) or eSIM (embedded SIM) used in the present application is used to mean an embedded SIM (Subscriber Identity Module) that is integrally mounted when manufacturing a terminal in a meaning distinguished from an existing removable UICC.

A subscriber identification module (SIM) refers to a subscriber identification module, and a SIM profile means a specific set (set) of information parameter values possessed by the SIM. As used herein, a profile refers to such a SIM profile. Profiles are defined as profiles that can be stored in the built-in UICC, namely, MF (Master File), DF (Dedicated File), ADF (Application Dedicated File), EF (Elementary File), and Credential. do.

As used herein, a terminal is a mobile station (MS), a user equipment (UE), a user terminal (UT), a wireless terminal, an access terminal (AT), a terminal, a subscriber. As a subscriber unit (SU), subscriber station (SS), wireless device, wireless communication device, wireless transmit / receive unit (WTRU), mobile node, mobile device or other terms May be referred to. Various embodiments of the terminal include a cellular telephone, a smartphone having a wireless communication function, a personal digital assistant (PDA) having a wireless communication function, a wireless modem, a portable computer having a wireless communication function, a digital having a wireless communication function. Portable units or terminals incorporating combinations of such functions, as well as photographing devices such as cameras, gaming devices with wireless communication capabilities, music storage and playback appliances with wireless communication capabilities, internet appliances with wireless internet access and browsing Can include them.

In addition, the terminal may include a machine to machine (M2M) terminal, a machine type communication (MTC) terminal / device, but is not limited thereto.

In addition, each block or step described herein may represent a portion of a module, segment, or code that includes one or more executable instructions for executing a particular logical function (s). It should also be appreciated that in some embodiments, the functions noted in the blocks or steps may occur out of order. For example, it is also possible that two blocks or steps shown in succession are performed simultaneously, or that the blocks or steps are sometimes performed in the reverse order, depending on the function in question.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. In the following description of the present invention, the same reference numerals are used for the same elements in the drawings and redundant descriptions of the same elements will be omitted.

1 is a conceptual diagram illustrating an environment of a mobile communication terminal device 200 and a mobile communication service provider server 100 according to an embodiment of the present invention.

Referring to FIG. 1, a wireless communication network including a mobile communication network referred to as 3rd Generation (3G), Long Term Evolution (LTE), Long Term Evolution Advanced (LTE-A), etc. is operated by mobile communication operators. Each operator has a wireless communication network that can provide their services, and users may be provided with a service by accessing each operator's wireless communication network through the mobile communication terminal device 200.

Users may access a wireless communication network of a service provider to receive a service through the terminal device 200 provided by the service provider or by inserting a UICC provided by the service provider into the terminal device 200. As described above, the method of using the eUICC already embedded in the terminal device 200 is also available among the methods for accessing the wireless communication network through the UICC provided by the operator.

2 is a conceptual diagram illustrating a mobile communication terminal device 200 and its components according to an embodiment of the present invention, and FIG. 3 is embedded in the mobile communication terminal device 200 according to another embodiment of the present invention. It is a block diagram for explaining the subscriber authentication module 500 and its stored information.

2 to 3, the mobile communication terminal 200 includes a subscriber authentication module 500 having at least one profile 511, 521, 522, and 531, and at least one profile 511. Network authentication unit 210 for performing the authentication process for the communication network based on the provisioning profile (511) of the 521, 522, 531 and receiving authentication completion information from the operator server 100 of the communication network and The operator server is connected to the communication network based on the authentication completion information, and is based on an operational profile 521 or 522 corresponding to the operator of the communication network among at least one profile 511, 521, 522, or 531. It may be configured to include a network connection unit 220 receives a service from (100).

The mobile communication terminal device 200 may perform user authentication and access to the mobile communication network by using the profiles 511, 521, 522, and 531 of the eUICC 500, and the eUICC 500 may include user information (Short). It can also be used as a storage space for Message Service, Multimedia Message Service, and Phonebook.

The profile may be classified into a provisioning profile 511, a operational profile 521 and 522, an user profile 531, and the like. The provisioning profile 511 refers to a file that provides information necessary for authentication of the mobile communication network in order to support MNO opening when the eUICC 500 is not opened with the mobile communication network provider. In this case, the accessing mobile communication network may be a network of any MNO which is not specified, or may be a network of a predetermined MNO. The eUICC 500 can include one or multiple provisioning profiles 511. Alternatively, there may be an eUICC 500 that does not include a provisioning profile 511. The terminal device 200 may perform an authentication procedure of a specific mobile communication network operator and receive a service opening by using the authentication information stored in the provisioning profile 511, and receive authentication completion information thereof.

The operation profiles 521 and 522 refer to a file that provides MNO network access information for accessing the opened MNO network and receiving services after the eUICC 500 is opened with the MNO. The eUICC 500 may include one or multiple operational profiles 521, 522. If the provisioning profile 511 does not exist in the eUICC, the operational profiles 521, 522 serve as the provisioning profile 511. You can also do The terminal device 200 may access a specific mobile communication network operator and receive a service of the operator using the access information stored in the operation profiles 521 and 522.

In the eUICC 500, a plurality of provisioning profiles 511, operation profiles 521 and 522, and a user profile 531 may exist, and the terminal may select a specific profile among them according to the purpose.

The mobile communication terminal device 200 may provide a provisioning profile 511 and an operation profile based on an elementary file 541 including attribute information about at least one profile 511, 521, 522, or 531. It may be configured to further include a profile selection unit 230 for selecting (521, 522).

The profile selector 230 may select a profile by referring to attribute information of the profile in the element file 541 stored in the subscriber authentication module 500. The element file 541 may include various other information defining the profile, including an application identifier 542 corresponding to the profile. Various other information may be defined by tags, lengths, values, etc. so as to be divided into object units to determine a standard for mobile communication.

The role of each object constituting the structure and attribute information of the element file 541 will be described later.

4 is a conceptual diagram illustrating an application tag, length, and value TLV object among attribute information of a profile according to an embodiment of the present invention, and FIG. 5 is a block illustrating an application identifier 542 and its configuration information. It is also. 6 is an exemplary diagram for showing an example of the value of the application identifier 542 for each profile.

4 to 6, the attribute information may include an application identifier 542 that may identify at least one profile 511, 521, 522, 531, and may include an application identifier ( 542 may include a Registered Application Provider Identifier (RID) 543 and a Proprietary Application Identifier eXtension (PIX) 544.

In addition, the application identification extension 544 may include at least one or more information of an application code, a country code, an application provider code, and an application provider field option. Can be.

Referring to FIG. 3, the provisioning profile 511 and the operation profiles 521 and 522 stored in the eUICC 500 may be configured in the form of one or a plurality of application dedicated files (ADFs) as shown in FIG. 3. have. The ADF may store information that can be matched with an application identifier (AID) 542 among the attribute information stored in the element file 541 and the content of the profile.

In FIG. 3, reference numeral 511 denotes a provisioning profile including one ADFUSIM for WCDMA or LTE network connection, and reference numeral 521 denotes MNO # 1 configured with ADFUSIM for WCDMA or LTE network access and ADFISIM for IMS (IP Multimedia Subsystem) network access. The operation profile of 522 may represent an operation profile of MNO # 2 configured with one ADFUSIM for WCDMA or LTE network connection. 3 is only one embodiment and the number of profiles and the type of network are only one of many possible configurations.

The initial eUICC 500 may include an ADF for the provisioning profile 511 or an ADF for the operation profiles 521 and 522 serving as the provisioning profile 511. And accessing the mobile communication network through the provisioning profile 511 or the provisioning profile 511 included in the initial eUICC to access the mobile communication network for one or more MNO's operational profiles 521 and 522. You can add an ADF. In addition, an ADF for a new provisioning profile 511 may be added.

The eUICC 500 may provide an application identifier (AID) 542 for selecting a profile in the terminal device 200 and may include information on the element file 541. In this case, the subscriber authentication module 500 may include one or more component provisioning profiles 511, MNO # 1 operational profiles 521, and MNO # 2 operational profiles 522. It should be noted that this does not mean that all of them must be provided. That is, the elementary file directory (EFDIR) 541 of FIG. 3 may include one or more of AID # 1 to AID # 4 to include one or more of ADF files indicated by each AID.

Referring to FIG. 4, the element file 541 may include one or more application template TLV (Tag, Length, Value) objects as a means for providing an application identifier 542. . The application template TLV object may include application identifier information, application label information, and application state information.

An application identifier TLV object, an application label TLV object, and an application state TLV object of FIG. 4 mean an object having application identifier information, application label information, and application state information, respectively.

The application identifier TLV object may include application identifier information. The application identifier value 542 includes a registered application provider identifier (RID), which is an application registrar identifier (543), and a proprietary application identifier (PIX), which is an application identification extension (544), and may consist of a maximum of 16 bytes. Can be. For example, the application registrar identifier 543 is the hexadecimal number of 'A000000009' if defined in ETSI, 'A000000087' if defined in 3GPP, and 'A000000343' if defined in 3GPP2. Can have.

The application identification extension 544 includes proprietary information, and includes an application code, a country code, an application provider code, and an application provider field optional. It may include at least one or more information.

The application code of the application identification extension 544 may include classification information for classifying at least one type of at least one profile 511, 521, 522, or 531, and the type of at least one profile is a provisioning profile 511. ), A type of operation profile 521, 522, and a type of operation profile 521, 522 containing data of the provisioning profile 511.

The application code of the application identification extension 544 may include type information of the profile, that is, information indicating one of the provisioning profile 511 and the operation profiles 521 and 522. In addition, the application code may include information indicating a case in which the operation profile 521 or 522 is used as the provisioning profile 511 at the same time. In addition, application code in which profile type information and other information are defined may be defined. For example, any application code may be defined as a profile type being a provisioning profile 511 and a NAA (Network Access Application) being a USIM.

The country code and the application provider code may include the country and provider (or business) code of the provider of the profile, respectively. The terminal may recognize ADFs composed of the same profile type, country code, and application provider code as one profile. However, in the case of the ADF provided as the provisioning profile 511 while the operational profile 521, 522, the application code value may be different from the application code value of the ADF provided as the operational profile 521, 522. (521, 522).

The application provider field option may include type information of the profile, that is, information indicating one of the provisioning profile 511 and the operation profiles 521 and 522. In addition, the application code may include information indicating a case in which the operation profile 521 or 522 is used as the provisioning profile 511 at the same time. In addition, an application provider field option in which profile type information and other information are defined may be defined.

Referring to FIG. 6, an example of defining an application identifier value 542 is provided. The application code for the eUICC provisioning profile 511 is allocated '0201' in ETSI, the country code is 'FF82', and the provider code is 'FF3089'. If it is assumed to be ', the application identifier value 542 can be defined as shown in the first row of FIG.

If the application code for the eUICC operation profiles 521 and 522 is assigned '0202' in the ETSI, and the country code is 'FF82' and the provider code is 'FF3089', the application identifier value 542 is second. Can be defined as a line.

Application code for an eUICC operation profile (521, 522) and a provisioning profile (511) is assigned '0203' in the ETSI, assuming that the country code 'FF82' and the provider code 'FF3089' The application identifier value 542 may be defined as in the third row.

Alternatively, assume that the application code for the eUICC operation profiles 521 and 522 is assigned '0202' in the ETSI, the country code is 'FF82', and the provider code is 'FF3089', and the eUICC operation profile in the application provider field option. In addition, when an '1xxxxxxx' ('x' is an arbitrary value) is allocated as information for the case used as a provisioning profile, the application identifier value 542 may be defined as a fourth row.

7 is a block diagram illustrating a subscriber authentication apparatus 500 and its components according to an embodiment of the present invention.

Referring to FIG. 7, the subscriber authentication device 500 may include a subscriber authentication device 500 embedded in a mobile communication terminal 200 that accesses a communication network using at least one profile 511, 521, 522, or 531. A first storage unit 510 stores at least one provisioning profile 511 having authentication information for a communication network, and at least one operation profile 521 having service access information to receive a service of a communication network. And a second storage unit 520 for storing the 522 and an element file storage unit 540 for storing the elementary file 541 having attribute information for the at least one profile so as to select at least one profile. It may be configured to include).

The subscriber authentication apparatus 500 may be a subscriber authentication module 500 having a UICC embedded therein. The first storage unit 510 for storing the provisioning profile 511, the second storage unit 520 for storing the operation profiles 521 and 522, and the element file storage unit 540 for storing the element file 541 As the logically divided units, the actual location may be the same place or different places. The provisioning profile 511, the operation profiles 521 and 522, and the element file 541 have been described above and thus will not be redundantly described.

The subscriber authentication apparatus 500 may further include a third storage unit 530 that stores at least one user profile 531 having user information of the mobile communication terminal 200. .

The subscriber authentication apparatus 500 can also be used as a storage space for user information (Short Message Service, Multimedia Message Service, Phonebook, etc.). Since the third storage unit is also a logically divided unit, the actual storage location may be the same place or different places.

The subscriber authentication apparatus 500 may select a provisioning profile and an operation profile based on an elementary file including attribute information of at least one profile, and the attribute information may include at least one profile 511, 521. , 522, and 531 may include application identifier information, application label information, and application state information for any profile.

4, the element file 541 is a means for providing an application identifier 542. One or more Application Template TLV objects (TLV, Tag, Length, Value) It may include. The application template TLV object may include application identifier information, application label information, and application state information.

An application identifier TLV object, an application label TLV object, and an application state TLV object of FIG. 4 mean an object having application identifier information, application label information, and application state information, respectively. Since application identifier information is described above, it will not be repeated.

8 is a flowchart illustrating a profile selection method of a terminal device 200 incorporating a subscriber authentication device 500 according to an embodiment of the present invention.

Referring to FIG. 8, a method for accessing a network of the mobile communication terminal device 200 may include accessing a communication network using at least one profile 511, 521, 522, or 531 included in the subscriber authentication module 500. In operation S870, the authentication procedure for the communication network is performed based on the provisioning profile 511 among the at least one profile 511, 521, 522, 531, and the authentication completion information is received from the operator server 100 of the communication network. Receiving step (S880), and access to the communication network based on the authentication completion information (S890), the operation profile (521, 522) corresponding to the operator of the communication network of the at least one profile (511, 521, 522, 531) It may be configured to include a step (S895) receiving a service from the operator server 100 based on the).

The mobile communication terminal device 200 may perform user authentication and access to the mobile communication network using the profiles 511, 521, and 522 of the eUICC 500, and the eUICC may provide user information (short message service, multimedia message). It can also be used as a storage space for services, phonebooks, etc.).

The profile may be classified into a provisioning profile 511, an operation profile 521 and 522, a user profile 531, and the like. The provisioning profile 511 refers to a file that provides information necessary for authentication of the mobile communication network in order to support MNO opening when the eUICC 500 is not opened with the mobile communication network provider. In this case, the accessing mobile communication network may be a network of any MNO which is not specified, or may be a network of a predetermined MNO. The eUICC 500 can include one or multiple provisioning profiles 511. Alternatively, there may be an eUICC that does not include the provisioning profile 511. The terminal device 200 may perform an authentication procedure of a specific mobile communication network operator using the authentication information stored in the provisioning profile 511 (S870), receive a service opening, and receive authentication completion information thereof (S870). S880).

The operation profiles 521 and 522 refer to a file that provides MNO network access information for accessing the opened MNO network and receiving services after the eUICC 500 is opened with the MNO. The eUICC 500 may include one or more operational profiles 521, 522. If the provisioning profile 511 does not exist in the eUICC 500, the operational profiles 521, 522 may be provisioned profiles 511. It can also play the role of). The terminal device 200 may access a specific mobile communication network operator using the access information stored in the operation profiles 521 and 522 (S890) and receive a service of the operator (S895).

In the eUICC 500, a plurality of provisioning profiles 511, operation profiles 521 and 522, and a user profile 531 may exist, and the terminal 200 may select a specific profile among them according to the purpose (S850). ).

The network access method of the mobile communication terminal device 200 may include an element file including attribute information of at least one profile 511, 521, 522, or 531 before receiving authentication completion information (S880). The method may further include a step S850 of selecting a provisioning profile 511 and an operation profile 521 or 522 based on the elementary file.

The terminal device 200 may obtain an application template TLV object information by selecting an element file (EFDIR, Elementary File Directory) 541 of the eUICC 500 (S810) and reading a corresponding value. In addition, the application code included in the application template TLV object information is used to distinguish a profile type (provisioning profile, operation profiles 521 and 522, and operation profiles 521 and 522 which simultaneously perform the provisioning profile). And the application provider code to distinguish the profile provider, the application provider field option to the operation profile and the operation profile 521 and 522 which simultaneously serve as the provisioning profile, and the application label as the information of the profile text name. In addition, a specific profile may be selected using the application state as profile state information (S850).

2, the profile selection step (S850) may select a profile by referring to the attribute information of the profile in the element file 541 stored in the subscriber authentication module 500. The element file 541 may include various other information defining the profile, including an application identifier 542 corresponding to the profile. Various other information may be defined by tags, lengths, values, etc. so as to be divided into object units to determine a standard for mobile communication. The role of each object constituting the structure and attribute information of the element file 541 has been described above.

The attribute information may include an application identifier 542 that may identify at least one profile 511, 521, 522, 531, where the application identifier 542 includes an application registrar identifier 543 and an application identification extension ( 544, wherein the application identification extension 544 includes at least one of an application code, a country code, an application provider code, and an application provider field option. May contain information.

Referring to FIG. 3 described above, the provisioning profile 511 and the operation profiles 521 and 522 stored in the eUICC 500 may be configured in the form of one or a plurality of application dedicated files (ADFs) as shown in FIG. 3. have. The ADF may store information that can be matched with the application identifier 542 and the contents of the profile among the attribute information stored in the element file 541. Various embodiments and detailed descriptions of the configuration of the element file 541 and the application identifier 542 have been described above.

The application code may include classification information for distinguishing at least one type of profile, and the type of at least one profile may include a provisioning profile 511 type, an operation profile 521 and 522 type, and a provisioning profile 511. It may include a type of operation profile (521, 522) containing the data of.

The application code of the application identification extension 544 may include type information of the profile, that is, information indicating one of the provisioning profile 511 and the operation profiles 521 and 522. In addition, the application code may include information indicating a case in which the operation profile 521 or 522 is used as the provisioning profile 511 at the same time. In addition, application code in which profile type information and other information are defined may be defined. For example, any application code may be defined as a profile type being a provisioning profile 511 and a NAA (Network Access Application) being a USIM.

The country code and the application provider code may include the country and provider (or business) code of the provider of the profile, respectively. The terminal may recognize ADFs composed of the same profile type, country code, and application provider code as one profile. However, in the case of the ADF provided as the provisioning profile 511 while the operational profile 521, 522, the application code value may be different from the application code value of the ADF provided as the operational profile 521, 522. (521, 522).

The application provider field option may include type information of the profile, that is, information indicating one of the provisioning profile 511 and the operation profiles 521 and 522. In addition, the application code may include information indicating a case in which the operation profile 521 or 522 is used as the provisioning profile 511 at the same time. In addition, an application provider field option in which profile type information and other information are defined may be defined.

Although some aspects have been described in terms of apparatus, it is clear that these aspects represent a description of the corresponding method, where the steps of the method correspond to the apparatus. According to certain implementation requirements, embodiments of the invention may be implemented in hardware or software. Embodiments of the present invention may be performed as a computer program product having program code operative for performing one of the program codes, methods.

Although described above with reference to a preferred embodiment of the present invention, those skilled in the art will be variously modified and changed within the scope of the invention without departing from the spirit and scope of the invention described in the claims below I can understand that you can.

Claims (20)

  1. A subscriber identity module having at least one profile;
    A network authentication unit performing an authentication procedure for a communication network based on a provisioning profile of the at least one profile and receiving authentication completion information from an operator server of the communication network; And
    A network connection unit accessing the communication network based on the authentication completion information and receiving a service from the service provider server based on an operational profile corresponding to a service provider of the communication network among the at least one profile. Mobile communication terminal device.
  2. The method according to claim 1,
    The mobile communication terminal device
    And a profile selector configured to select the provisioning profile and the operation profile based on an elementary file including attribute information of the at least one profile.
  3. The method according to claim 2,
    The attribute information is
    And an application identifier for identifying the at least one profile.
  4. The method according to claim 3,
    The application identifier is
    It is composed of Registered Application Provider Identifier (RID) and Proprietary application Identifier eXtension (PIX).
    The application identification extension may include at least one or more information of an application code, a country code, an application provider code, and an application provider field option. Mobile communication terminal device.
  5. The method according to claim 4,
    The application code is
    The mobile communication terminal device comprising the classification information for distinguishing the type of the at least one profile.
  6. The method according to claim 5,
    The type of the at least one profile is
    A mobile communication terminal device comprising a provisioning profile type, an operational profile type, and an operational profile type containing data of a provisioning profile.
  7. In the subscriber authentication device embedded in the mobile communication terminal device to connect to the communication network using at least one profile,
    A first storage unit for storing at least one provisioning profile having authentication information for the communication network;
    A second storage unit storing at least one operation profile having service access information for receiving a service of the communication network; And
    And an element file storage for storing an elementary file having attribute information of the at least one profile to select the at least one profile.
  8. The method according to claim 7,
    The subscriber authentication device
    And a third storage unit which stores at least one user profile having user information of the mobile communication terminal device.
  9. The method according to claim 7,
    The subscriber authentication device
    And the provisioning profile and the operation profile are selected based on an elementary file including attribute information for the at least one profile.
  10. The method according to claim 9,
    The attribute information is
    And an application identifier information, application label information, and application status information for any of the at least one profile.
  11. The method according to claim 10,
    The application identifier information is
    An application identifier (AID) capable of identifying the arbitrary profile;
    And the application identifier comprises a registered application provider identifier (RID) and a proprietary application identifier (PIX).
  12. The method according to claim 11,
    The application identification extension is
    And at least one of application code, country code, application provider code, and application provider field option.
  13. The method according to claim 12,
    The application code is
    Subscriber authentication device comprising a classification information for distinguishing the type of the at least one profile.
  14. The method according to claim 13,
    The type of the at least one profile is
    A subscriber authentication device comprising a provisioning profile type, an operational profile type, and an operational profile type containing data of a provisioning profile.
  15. In the method of accessing the communication network using at least one profile provided in the subscriber authentication module,
    Performing an authentication procedure for the communication network based on a provisioning profile of the at least one profile and receiving authentication completion information from an operator server of the communication network; And
    Accessing the communication network based on the authentication completion information, and receiving a service from the service provider server based on an operational profile corresponding to a service provider of the communication network among the at least one profile Network connection method of a communication terminal device.
  16. The method according to claim 15,
    Before the step of receiving the authentication completion information,
    And selecting the provisioning profile and the operation profile based on an elementary file including attribute information for the at least one profile.
  17. The method according to claim 15,
    The attribute information is
    And an application identifier for identifying the at least one profile.
  18. The method according to claim 17,
    The application identifier is
    It is composed of Registered Application Provider Identifier (RID) and Proprietary application Identifier eXtension (PIX).
    The application identification extension may include at least one or more information of an application code, a country code, an application provider code, and an application provider field option. Network connection method of a mobile communication terminal device.
  19. The method according to claim 18,
    The application code is
    Network information access method of the mobile communication terminal device characterized in that it comprises a classification information for distinguishing the at least one type of profile.
  20. The method according to claim 19,
    The type of the at least one profile is
    A method of accessing a network of a mobile communication terminal device comprising a provisioning profile type, an operational profile type, and an operational profile type containing data of a provisioning profile.
PCT/KR2013/009954 2012-11-06 2013-11-05 Terminal device having subscriber identity device and method for selecting profile therefor WO2014073836A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
KR10-2012-0124606 2012-11-06
KR20120124606 2012-11-06
KR1020130133421A KR20140058377A (en) 2012-11-06 2013-11-05 Terminal device with built-in subscriber identification module and profile selection method for this
KR10-2013-0133421 2013-11-05

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/440,131 US10111092B2 (en) 2012-11-06 2013-11-05 Terminal device having subscriber identity device and method for selecting profile thereof
US15/690,959 US10187798B2 (en) 2012-11-06 2017-08-30 Terminal device having subscriber identity device and method for selecting profile thereof

Related Child Applications (3)

Application Number Title Priority Date Filing Date
US14/440,131 A-371-Of-International US10111092B2 (en) 2012-11-06 2013-11-05 Terminal device having subscriber identity device and method for selecting profile thereof
US201514440131A A-371-Of-International 2015-05-01 2015-05-01
US15/690,959 Continuation US10187798B2 (en) 2012-11-06 2017-08-30 Terminal device having subscriber identity device and method for selecting profile thereof

Publications (1)

Publication Number Publication Date
WO2014073836A1 true WO2014073836A1 (en) 2014-05-15

Family

ID=50684879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2013/009954 WO2014073836A1 (en) 2012-11-06 2013-11-05 Terminal device having subscriber identity device and method for selecting profile therefor

Country Status (1)

Country Link
WO (1) WO2014073836A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016043534A3 (en) * 2014-09-16 2016-05-06 Samsung Electronics Co., Ltd. Method for providing network service and electronic device
CN106211122A (en) * 2015-05-27 2016-12-07 意法半导体股份有限公司 Method for managing a plurality of profiles in a SIM module, and corresponding SIM module and computer program product
CN106664544A (en) * 2014-07-19 2017-05-10 三星电子株式会社 Method and device for embedded sim provisioning

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009042840A1 (en) * 2007-09-26 2009-04-02 Qualcomm Incorporated Systems and methods for provisioning wireless devices based on multiple network-service application profiles and data session conflict resolution
US20110252240A1 (en) * 2010-04-07 2011-10-13 Gordie Freedman Mobile Device Management
US20120108295A1 (en) * 2010-10-29 2012-05-03 Schell Stephan V Access data provisioning apparatus and methods
KR20120044916A (en) * 2010-10-28 2012-05-08 애플 인크. Methods and apparatus for delivering electronic identification components over a wireless network
US20120135710A1 (en) * 2010-11-12 2012-05-31 Schell Stephan V Apparatus and methods for recordation of device history across multiple software emulations

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009042840A1 (en) * 2007-09-26 2009-04-02 Qualcomm Incorporated Systems and methods for provisioning wireless devices based on multiple network-service application profiles and data session conflict resolution
US20110252240A1 (en) * 2010-04-07 2011-10-13 Gordie Freedman Mobile Device Management
KR20120044916A (en) * 2010-10-28 2012-05-08 애플 인크. Methods and apparatus for delivering electronic identification components over a wireless network
US20120108295A1 (en) * 2010-10-29 2012-05-03 Schell Stephan V Access data provisioning apparatus and methods
US20120135710A1 (en) * 2010-11-12 2012-05-31 Schell Stephan V Apparatus and methods for recordation of device history across multiple software emulations

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106664544A (en) * 2014-07-19 2017-05-10 三星电子株式会社 Method and device for embedded sim provisioning
WO2016043534A3 (en) * 2014-09-16 2016-05-06 Samsung Electronics Co., Ltd. Method for providing network service and electronic device
US10142829B2 (en) 2014-09-16 2018-11-27 Samsung Electronics Co., Ltd Method for providing network service and electronic device
CN106211122A (en) * 2015-05-27 2016-12-07 意法半导体股份有限公司 Method for managing a plurality of profiles in a SIM module, and corresponding SIM module and computer program product

Similar Documents

Publication Publication Date Title
KR101682750B1 (en) System for managing multiple subscriptions in a uicc
JP5738695B2 (en) System and method for distributing wireless network access parameters
US20040043788A1 (en) Management of parameters in a removable user identity module
US20080080399A1 (en) Enhanced node b configuration with a universal integrated circuit card
US7925256B2 (en) Multimode roaming mobile devices
US7443839B2 (en) User identification module for access to multiple communication networks
WO2017193553A1 (en) Network slicing access control method and apparatus, terminal cell and sdn controller
WO2013141600A1 (en) Granular network access control and methods thereof
US20190021047A1 (en) Method and System for Selecting Network Slice
JP5395955B2 (en) Terminal identifier in communication network
US20120036282A1 (en) Smart card driven device configuration changes
KR101527550B1 (en) Personalizing a sim by means of a unique personalized master sim
US8665842B2 (en) Methods and apparatus to discover network capabilities for connecting to an access network
WO2011084011A2 (en) Method for monitoring machine type communication device in mobile communication system
EP2243331B1 (en) Multi-pdn (packet data network) connectivity to one apn (access point name)
KR101996677B1 (en) Method, Embedded UICC, and Device for Managing Multiple Profile in Embedded UICC
CA2782886A1 (en) System for dynamic assignment of mobile subscriber identities and methods thereof
US20040180676A1 (en) Method and apparatus for determining individual or common mobile subscriber number in mobile network for handling multiple subscribers having the same calling line identity
CA2620409A1 (en) System and method for determining a subscriber's zone information
EP3509355A1 (en) Network slice selection method, terminal device, and network device
WO2008051872A1 (en) Maintenance of subscriber history for service support applications in an ip-based telecommunications system
US8369823B2 (en) Method for legitimately unlocking a SIM card lock, unlocking server, and unlocking system for a SIM card lock
US9391836B2 (en) Method and terminal for loading operator configuration information
KR20160009966A (en) A method and apparatus for updating profile managing server
EP2569986A1 (en) Methods and apparatus to provide network capabilities for connecting to an access network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13853636

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 14440131

Country of ref document: US

NENP Non-entry into the national phase in:

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.08.2015Y)

122 Ep: pct application non-entry in european phase

Ref document number: 13853636

Country of ref document: EP

Kind code of ref document: A1