WO2017028872A1 - A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates - Google Patents

A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates Download PDF

Info

Publication number
WO2017028872A1
WO2017028872A1 PCT/EP2015/001695 EP2015001695W WO2017028872A1 WO 2017028872 A1 WO2017028872 A1 WO 2017028872A1 EP 2015001695 W EP2015001695 W EP 2015001695W WO 2017028872 A1 WO2017028872 A1 WO 2017028872A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
nvm
cloud
resources
endurance
Prior art date
Application number
PCT/EP2015/001695
Other languages
French (fr)
Inventor
Santosh Kumar Mishra
Raghavendran RANGARAJAN
Vidyaranya VUPPU
Original Assignee
Giesecke & Devrient Gmbh
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke & Devrient Gmbh filed Critical Giesecke & Devrient Gmbh
Priority to PCT/EP2015/001695 priority Critical patent/WO2017028872A1/en
Publication of WO2017028872A1 publication Critical patent/WO2017028872A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/02Addressing or allocation; Relocation
    • G06F12/0223User address space allocation, e.g. contiguous or non contiguous base addressing
    • G06F12/023Free address space management
    • G06F12/0238Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
    • G06F12/0246Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/72Details relating to flash memory management
    • G06F2212/7204Capacity control, e.g. partitioning, end-of-life degradation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/72Details relating to flash memory management
    • G06F2212/7211Wear leveling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Definitions

  • the present invention belongs to the field of non-volatile memory systems, and in that, relates generally to methodologies for achieving longevity, predictable use and reliability of hardware underlying said non-volatile memory systems.
  • a preferred embodiment of the present invention identified in the disclosures to follow specifically relates with a cloud-based method and system provisioning preemptive dynamic relocation of data for monitoring, leveling as well as warning of deleterious wear resulting from ongoing non-volatile memory updates, the latter being particularly observed during subscription management of mobile equipment, such as mobile phones, smartphones or M2M devices, hosting embedded universal integrated circuit card/s ("eUICC").
  • eUICC embedded universal integrated circuit card/s
  • Hardware media comprising non-volatile memory stores are prone to progressive degradation with repetitive use, and as such, have a definite count of write and / or erase operations that may be sustained before the memory store becomes unreliable or completely disabled for further use.
  • the aforesaid deteriorative effect implies an eventual compromise or even failure of the system involved, resulting in service downtimes besides entailing additive costs as well as procedures for replacement of the UICC or the mobile equipment itself if the UICC is in embedded form.
  • non-volatile memory erase/ write operations entail various reasons including MNO switching/ swapping, file create/ delete/ resize/ update, execution of security functions, installation/ removal of applications, selection/ deselection/ firewall security of applets or transactions relating to authentication / lifecycle status logging of eUICC involved.
  • MNO switching/ swapping file create/ delete/ resize/ update
  • execution of security functions installation/ removal of applications
  • the physical media unless preemptively wear-protected, is unevenly worn thus reducing effective life of the eUICC involved. Therefore, it would be highly advantageous to have some way of monitoring and, if possible, enhancing the endurance of non-volatile memory stores/ resources to thereby factor greater longevity, predictable use and reliability of hardware underlying said non-volatile memory systems.
  • Non-volatile memory stores are subject to stress on an ongoing basis owing to recurring erase/ write operations characteristic of subscription management wherein typically the subscriber identity module (“SIM”) and / or mobile network operator (“MNO") profiles and other information such as location information (“EFLoCI”) / location area identity (“LAI”)data and MNO-specific applets are being erased/ written upon predetermined instances including switching and swapping of the subscription involved.
  • SIM subscriber identity module
  • MNO mobile network operator
  • EDLoCI location information
  • LAI location area identity
  • MNO-specific applets are being erased/ written upon predetermined instances including switching and swapping of the subscription involved.
  • the accruing erase/ write operations exceed the materially-sustainable limit of the hardware media involved, which consequentially results in compromise of performance or even failure of said media.
  • the art therefore needs some capable way of predicting reliability of non-volatile memory stores and warning ahead in time if a debilitating event is anticipated so that the inconvenience and cost to the user due to sudden halt of connectivity may be preemptively avoided.
  • the non-volatile memory stress created due to prior subscription gets lost.
  • anew profile being logged can land in trouble due to hotspot created by said prior subscription. It would therefore be enormous desirable to have some means for tracking/ monitoring updates to non-volatile memory stores that preferably allows both predicting as well as maximizing the reliable usability and replacement of then nonvolatile memory store involved.
  • WO2013174185 discloses a cloud based virtual SIM card. Elsewhere, wear-leveling approaches for conserving on-volatile memory media are observed to come foremost, however are quick to run into limitations considering their rigid logic for equally distributing wear among pre-mapped discrete erasable memory units.
  • Subscription management particularly switching of MNO/ user profiles would entail information exchanges of the mobile equipment with different MNOs, who may not have the chance to interact themselves considering their mutual exclusivities. So the tradeoff is usually double-blind, with neither MNO knowing/ archiving the corresponding non-volatile memory update log. As consequence of this missing knowledge, incoming data may inadvertently be directed to a memory unit that is near its endurance limit, thereby resulting in system compromise or failure, shifting the blame entirely to the MNO/ user profile being availed.
  • non-volatile memory store could be subject to deliberate multiplicative write and / or erase operations by the outgoing MNO/ user profile so as to render the eUICC less effective/ ineffective to the MNO/ user profile being availed.
  • the linked functions of monitoring, tracking and wear-leveling of non-volatile memory updates needs to be outsourced, preferably to a third party trusted service provider, to thereby enable impartial performance of the means for addressing the aforementioned needs of art.
  • the present invention is identified in effectively meeting all of the objectives as set out herein under, of which: [014] It is a primary objective to provide an effective method for monitoring as well as leveling wear resulting from subscription/ profile changes and their corresponding non-volatile memory updates.
  • the method so provided is capable of implementation as a centralized off-card/ Over the air (“OTA") trusted service and thereby capable of concerted monitoring and management, in real time, of non-volatile memory stores in eUICC hosted in mobile equipment.
  • OTA Over the air
  • Fig. 1 is a schematic illustrating the application environment and scheme of implementation of the present invention.
  • the present invention is directed towards the fulfillment of objectives set forth above by enabling a cloud-based method and system for monitoring and enhancing eUICC endurance to non- volatile memory updates as particularly applied to a mobile equipment environment.
  • the application environment (000) of the present invention includes a plurality of mobile equipment/s represented by (001), corresponding eUICC represented by (002) hosted in the equipment/s (001) and a cloud service (003).
  • Equipment/s (001) and the cloud service (003) are capable of communicating over the air with each other via protocols including cellular network, internet, their equivalents and their various combinations.
  • a resource manager client program (“ResMan") and Application Protocol Data UnitfAPDU”), besides the operating system, are hosted on the eUICC (002).
  • ResMan is programmed to map the non-volatile memory resources within said eUICC (002) and create a data log having a unique ID for each available memory unit / page therein both before and after any instance of non-volatile memory update resulting from a subscription/ profile change event.
  • Said log captures data including the resource ID/ application ID, physical address of the corresponding memory unit/ page, identity of the command or file pertaining to the immediate update, and latest count of the update operation executed on the said memory unit/ page.
  • physical addresses of memory units/ pages are encrypted / masked as a security feature.
  • the aforesaid logged data preferably after conversion to hex format such as ⁇ 01+11223344+6F1 D+06>, are conveyed by the APDU, in real time or on request basis locally to the equipment/s
  • SubMan a subscription manager client program
  • cloud service 003 that serves to switch personalization of eUICC (002) according to data / pattern is received and managed by CloudMan.
  • SubMan is programmed to issue relocation/ distribution of personalization data within the non-volatile memory resources of the eUICC (002).
  • the logic to decide an appropriate non-volatile memory resource/ page is aligned to favor those resources which are not hotspots and, and have remaining/ balance endurances inversely proportional to the updating frequency of the command or file in the intended NVM update, 5
  • CloudMan and SubMan are hosted on same cloud server, however alternative embodiments are suggested herein in which said CloudMan and SubMan may be hosted on separate mutually-communicating servers, thereby optionally being subject of the same OR independent service providers. It shall be readily appreciated that the communications between eUICC, mobile equipment and cloud service shall benefit from encryption as an able security measure against erroneous and/ or unauthorized communications.
  • Utility of the present invention lies in outsourcing of intelligence for wear-leveling resulting from subscription switching and their corresponding non-volatile memory updates when particularly the outgoing and incoming MNOs do not have the reason nor any opportunity of trading information on status of non-volatile memory resources present on the eUICC (002).
  • the present inventors intend on addressing situations involving other reasons for nonvolatile memory updates including MNO switching/ swapping, file create/ delete/ resize/ update, execution of security functions, installation/ removal of applications, selection/ deselection/ firewall security of applets or transactions relating to authentication / lifecycle status logging of eUICC involved.
  • behavior of SubMan is programmed to issue instructions for relocating the update to another non-volatile memory resource on the eUICC (002) which is robust to allow execution of said update.
  • Logic of choosing suitable non-volatile memory resource for execution of an update is subject to multiple criteria/ rules. Said criteria/ rules allow selective intelligent action of SubMan in issuing relocation/ distribution instructions to non-volatile memory update(s) underway.
  • Certain embodiments of the present invention entail logic of SubMan being based on assignment of priority to the memory unit/ pages of which the least endurance has been previously exhausted. Itemized counters / logs received by CloudMan for each mapped non-volatile memory resource are used herein for short listing the resource with most endurance left. Alternatively, or in parallel, threshold limits of updating instances for each non-volatile memory units/ resource may be set in a configurable manner depending on prior knowledge of inherent characteristics of the physical media involved, upon reaching which the SubMan may issue due instructions for relocation/ distribution of the update underway to a more robust non-volatile memory resource/ area in the eUICC (002).
  • any non-volatile memory resource/ area in the eUICC (002) which has exhausted its endurance shall be avoided totally for subsequent updating operations.
  • the SubMan is programmed to issue an alert signal/ message to the user in charge of the equipment (002) informing in advance of an impending eUICC replacement requirement thereby avoiding sudden inconvenience to the user due to sudden cessation of connectivity.
  • the alert can be issued to the cloud service (003) and/ or the SubMan who are additionally configured to take cognizance and decision for replacement of the eUICC (002) accordingly.
  • Thresholds may, in separate embodiments, be defined ad-hoc by users / cloud service (003) wherein the limits may be defined according to nature of updating and communicating parties involved, such as 80% endurance for critical / frequent updates especially for M2M environments, or else up to 99% for less critical / low-frequency updates.
  • Alternative embodiments of the present invention suggest assignment of weights to logic according to nature of the file/ command comprising the update intended, and the metered occupancy of such file/ command within the non-volatile memory resources of the eUICC (002). Accordingly, a library of rules corresponding to consequential relocation/ distribution instructions are intended to comprise logic of the SubMan.
  • SubMan may, alternatively or in parallel, be programmed to alter the erase/ write sequence of a non-volatile memory update so that the non-volatile memory resources may be effectively conserved and judiciously assigned to incoming files as per their attributes including size, updating frequency and minimum residence times once introduced on non-volatile memory resources comprising the eUICC (002).
  • the SubMan shall take care to assign the same non-volatile memory resource preferably to only static data or relatively lower-frequency update file in the upcoming subscription.
  • SubMan and CloudMan may, or not, be co-hosted on the server and/or by same service provider. Hosted together, the cloud service (003) assumes role of a third- party trusted service provider overseeing, in a supervisory role, the subscription/ profile switching and their corresponding non-volatile memory updates availed by the eUICC (002).
  • the CloudMan and SubMan comprising the cloud service (003) may be segregated to different servers and/ or service providers to optionally allow exposing either in test environments designed for assessing non-volatile memory update behaviors of different MNOs / applets or the performance of encryption algorithms that may additionally be integrated in certain embodiments for preventing unauthorized communications anytime while implementation of the present invention.
  • the utility of each non-volatile memory resource is maximally utilized thereby enhancing the reliability and longevity of eUICC involved.
  • the tracking/ monitoring data thus generated for an entire ecosystem of eUICCs deployed may also serve well for applications involving big data analytics.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention is directed towards a secure methodology which, when implemented as a cloud-based service enabled for over-the-air communications with eUICC-equipped mobile equipments, enhances the endurance of said eUICC by organizing the dynamic relocation and/or relocation of erase / write cycles prescribed by instances of non-volatile memory updates including subscription switching and swapping.

Description

-: SPECIFICATION :- A cloud-based method and system for enhancing endurance of eUICC by organizing non-volatile memory updates
[001] Field of the present invention
[002] The present invention belongs to the field of non-volatile memory systems, and in that, relates generally to methodologies for achieving longevity, predictable use and reliability of hardware underlying said non-volatile memory systems.
[003] In such parlance, a preferred embodiment of the present invention identified in the disclosures to follow specifically relates with a cloud-based method and system provisioning preemptive dynamic relocation of data for monitoring, leveling as well as warning of deleterious wear resulting from ongoing non-volatile memory updates, the latter being particularly observed during subscription management of mobile equipment, such as mobile phones, smartphones or M2M devices, hosting embedded universal integrated circuit card/s ("eUICC").
[004] Background of the present invention and description of related art
[005] Hardware media comprising non-volatile memory stores are prone to progressive degradation with repetitive use, and as such, have a definite count of write and / or erase operations that may be sustained before the memory store becomes unreliable or completely disabled for further use. In an application environment centered upon mobile equipment, the aforesaid deteriorative effect implies an eventual compromise or even failure of the system involved, resulting in service downtimes besides entailing additive costs as well as procedures for replacement of the UICC or the mobile equipment itself if the UICC is in embedded form. Usually, non-volatile memory erase/ write operations entail various reasons including MNO switching/ swapping, file create/ delete/ resize/ update, execution of security functions, installation/ removal of applications, selection/ deselection/ firewall security of applets or transactions relating to authentication / lifecycle status logging of eUICC involved. In each instance a non-volatile memory page is to be erased/ written/ relocated, the physical media, unless preemptively wear-protected, is unevenly worn thus reducing effective life of the eUICC involved. Therefore, it would be highly advantageous to have some way of monitoring and, if possible, enhancing the endurance of non-volatile memory stores/ resources to thereby factor greater longevity, predictable use and reliability of hardware underlying said non-volatile memory systems. Non-volatile memory stores, as particularly constituting an eUICC, are subject to stress on an ongoing basis owing to recurring erase/ write operations characteristic of subscription management wherein typically the subscriber identity module ("SIM") and / or mobile network operator ("MNO") profiles and other information such as location information ("EFLoCI") / location area identity ("LAI")data and MNO-specific applets are being erased/ written upon predetermined instances including switching and swapping of the subscription involved. As commonly observed over time, the accruing erase/ write operations exceed the materially-sustainable limit of the hardware media involved, which consequentially results in compromise of performance or even failure of said media. The art therefore needs some capable way of predicting reliability of non-volatile memory stores and warning ahead in time if a debilitating event is anticipated so that the inconvenience and cost to the user due to sudden halt of connectivity may be preemptively avoided. Particularly in the case of subscription management when a subscription is switched, the non-volatile memory stress created due to prior subscription gets lost. As a result, anew profile being logged can land in trouble due to hotspot created by said prior subscription. It would therefore be immensely desirable to have some means for tracking/ monitoring updates to non-volatile memory stores that preferably allows both predicting as well as maximizing the reliable usability and replacement of then nonvolatile memory store involved. Additionally, centralized implementation of such tracking/ monitoring utility would be particularly advantageous considering the plurality as well as diversity of mobile equipment and their geographical distribution at any given time. As will be appreciated, such implementation is furthermore desirable due to its inherent ability to provide a concerted, real-time, dynamic control over the non-volatile memory stores constituting eUICC deployed in said mobile equipment wherein the subscription data can be effectively managed without any instance of loss or erroneous logging. [008] Notably among prior art, WO2013174185 discloses a cloud based virtual SIM card. Elsewhere, wear-leveling approaches for conserving on-volatile memory media are observed to come foremost, however are quick to run into limitations considering their rigid logic for equally distributing wear among pre-mapped discrete erasable memory units. Largely, these approaches are centered around metered endurance of the memory units and are not amenable to attributes of the non-volatile update itself, such as the file type, its update frequency, memory occupancy and other aspects. In view of the present inventors, such further intelligence is exceedingly important for achieving truly efficient lifecycle management onion-volatile memory media and thus ensure consistent, durable service life of eUICC in an mobile equipment environment.
[009] Subscription management, particularly switching of MNO/ user profiles would entail information exchanges of the mobile equipment with different MNOs, who may not have the chance to interact themselves considering their mutual exclusivities. So the tradeoff is usually double-blind, with neither MNO knowing/ archiving the corresponding non-volatile memory update log. As consequence of this missing knowledge, incoming data may inadvertently be directed to a memory unit that is near its endurance limit, thereby resulting in system compromise or failure, shifting the blame entirely to the MNO/ user profile being availed. Alternatively, non-volatile memory store could be subject to deliberate multiplicative write and / or erase operations by the outgoing MNO/ user profile so as to render the eUICC less effective/ ineffective to the MNO/ user profile being availed. Hence, the linked functions of monitoring, tracking and wear-leveling of non-volatile memory updates needs to be outsourced, preferably to a third party trusted service provider, to thereby enable impartial performance of the means for addressing the aforementioned needs of art.
[010] Plurality of MNO-specific eUICC in a single mobile equipment and/ or multiplicity of MNO profiles on the same eUICC hosted in mobile equipment are dominant evolutionary trends observed in the application environment of the present invention. Considering that these far outpace the rate of advances in materials constituting non-volatile memory media, there exists hence a pressing need for some means that bridge these avenues for further evolution of eUICC environments.
[011] The unresolved needs of art voiced hereinabove form target of research undertaken by the present inventors, who have thereby come up with novel solutions capable of meeting at least all major among said needs once and for all. Accordingly, the narration to follow enlists a few illustrious non-limiting embodiments of the present invention.
[012] Objectives of the present invention
[013] The present invention is identified in effectively meeting all of the objectives as set out herein under, of which: [014] It is a primary objective to provide an effective method for monitoring as well as leveling wear resulting from subscription/ profile changes and their corresponding non-volatile memory updates.
[015] It is yet another objective of the present invention in addition to the aforementioned objective, that the method so provided results in wear-leveling as a function of necessity-based pre-emptive relocation of data among discrete memory units comprising the non-volatile memory store.
[016] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of severally monitoring individual non-volatile memory units.
[017] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of issuing alerts in the event a predetermined threshold limit of endurance is reached for the particular non-volatile memory unit involved.
[018] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of relocating data to be updated to hence avoid non-volatile memory units which are near to their respective endurance limits.
[019] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of relocating data corresponding to non-volatile memory updates depending on qualifications of said data.
[020] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of implementation as a centralized off-card/ Over the air ("OTA") trusted service and thereby capable of concerted monitoring and management, in real time, of non-volatile memory stores in eUICC hosted in mobile equipment.
[021] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is alternatively capable of implementation locally on an eUICC hosted in a mobile equipment to thereby monitor and manage, in real time, of the local non-volatile memory store in said eUICC.
[022] It is yet another objective of the present invention in addition to the aforementioned objectives, that the method so provided is capable of implementation alternatively as a subscription-based service that may be accessed voluntarily by the user in charge of an eUICC- equipped device.
[023] It is yet another objective of the present invention in addition to the aforementioned objectives, that the system necessary for implementation of the method so provided does not mandate, or minimally if required at all, any modification to existing eUICC architecture, corresponding physical media and communication protocols associated with conventional mobile equipment. [024] These objectives are met as particularly outlined in the claims, particularly independent claims 1 and 13.
[025] Other advantageous embodiments of the invention are specified in the dependent claims. These objects, together with other objects and advantages which will become subsequently apparent, reside in the detailed description set forth below in reference to the accompanying drawings and furthermore specifically outlined in the claims.
[026] Brief description of the drawings
[027] The present invention is explained hereafter with reference to the following drawings, of which:
[028] Fig. 1 is a schematic illustrating the application environment and scheme of implementation of the present invention.
[029] Attention of the reader is now requested to the detailed description to follow which narrates few exemplary embodiments of the present invention which are considered illustrative and not restrictive in any manner whatsoever.
[030] Detailed description of the present invention
[031] The present invention is directed towards the fulfillment of objectives set forth above by enabling a cloud-based method and system for monitoring and enhancing eUICC endurance to non- volatile memory updates as particularly applied to a mobile equipment environment.
[032] According to defining principles of the present invention explained here with reference to Fig. 1 , the application environment (000) of the present invention includes a plurality of mobile equipment/s represented by (001), corresponding eUICC represented by (002) hosted in the equipment/s (001) and a cloud service (003). Equipment/s (001) and the cloud service (003) are capable of communicating over the air with each other via protocols including cellular network, internet, their equivalents and their various combinations.
[033] According to one aspect of the present invention, a resource manager client program ("ResMan") and Application Protocol Data UnitfAPDU"), besides the operating system, are hosted on the eUICC (002). ResMan is programmed to map the non-volatile memory resources within said eUICC (002) and create a data log having a unique ID for each available memory unit / page therein both before and after any instance of non-volatile memory update resulting from a subscription/ profile change event. Said log captures data including the resource ID/ application ID, physical address of the corresponding memory unit/ page, identity of the command or file pertaining to the immediate update, and latest count of the update operation executed on the said memory unit/ page. In certain embodiments as to be outlined hereafter, physical addresses of memory units/ pages are encrypted / masked as a security feature. [034] The aforesaid logged data, preferably after conversion to hex format such as <01+11223344+6F1 D+06>, are conveyed by the APDU, in real time or on request basis locally to the equipment/s
(001) . From equipment/s (001), said information is relayed, in real time or on request basis in an over-the-air communication environment, to a cloud service (003) where said data / pattern is received and managed per non-volatile memory unit/ page of the concerned eUICC by a data-mining cloud client program ("CloudMan") hosted within the cloud service (003). It is assumed, that eUICC architectures and file/ command attributes are readily advertised to CloudMan which serves for initiation of system (000) of the present invention. Further security-biased embodiments of the present invention additionally enlist incorporation of suitable encryption layers for communication instances between eUICC
(002) , equipment/s (001)and cloud service (003).
[035] Additionally, a subscription manager client program ("SubMan") is hosted within the cloud service (003) that serves to switch personalization of eUICC (002) according to data / pattern is received and managed by CloudMan. If required during a subscription switching event, SubMan is programmed to issue relocation/ distribution of personalization data within the non-volatile memory resources of the eUICC (002).The logic to decide an appropriate non-volatile memory resource/ page is aligned to favor those resources which are not hotspots and, and have remaining/ balance endurances inversely proportional to the updating frequency of the command or file in the intended NVM update, 5
11
thereby leading to overall reduction of non-volatile memory stress on account of ongoing update functions.
[036] Preferentially, CloudMan and SubMan are hosted on same cloud server, however alternative embodiments are suggested herein in which said CloudMan and SubMan may be hosted on separate mutually-communicating servers, thereby optionally being subject of the same OR independent service providers. It shall be readily appreciated that the communications between eUICC, mobile equipment and cloud service shall benefit from encryption as an able security measure against erroneous and/ or unauthorized communications.
[037] Utility of the present invention, as outlined hereinbefore, lies in outsourcing of intelligence for wear-leveling resulting from subscription switching and their corresponding non-volatile memory updates when particularly the outgoing and incoming MNOs do not have the reason nor any opportunity of trading information on status of non-volatile memory resources present on the eUICC (002). Besides subscription/ profile changes, the present inventors intend on addressing situations involving other reasons for nonvolatile memory updates including MNO switching/ swapping, file create/ delete/ resize/ update, execution of security functions, installation/ removal of applications, selection/ deselection/ firewall security of applets or transactions relating to authentication / lifecycle status logging of eUICC involved. To address such diverse scenarios where the intended non-volatile memory resource is not of ideal endurance for the update due, behavior of SubMan is programmed to issue instructions for relocating the update to another non-volatile memory resource on the eUICC (002) which is robust to allow execution of said update. Logic of choosing suitable non-volatile memory resource for execution of an update is subject to multiple criteria/ rules. Said criteria/ rules allow selective intelligent action of SubMan in issuing relocation/ distribution instructions to non-volatile memory update(s) underway.
Certain embodiments of the present invention entail logic of SubMan being based on assignment of priority to the memory unit/ pages of which the least endurance has been previously exhausted. Itemized counters / logs received by CloudMan for each mapped non-volatile memory resource are used herein for short listing the resource with most endurance left. Alternatively, or in parallel, threshold limits of updating instances for each non-volatile memory units/ resource may be set in a configurable manner depending on prior knowledge of inherent characteristics of the physical media involved, upon reaching which the SubMan may issue due instructions for relocation/ distribution of the update underway to a more robust non-volatile memory resource/ area in the eUICC (002). Understandably, any non-volatile memory resource/ area in the eUICC (002) which has exhausted its endurance shall be avoided totally for subsequent updating operations. Further alternatively, or in parallel, at an instance where the endurance limit of the a particular non-volatile memory resource is reached or its safe threshold is exceeded, the SubMan is programmed to issue an alert signal/ message to the user in charge of the equipment (002) informing in advance of an impending eUICC replacement requirement thereby avoiding sudden inconvenience to the user due to sudden cessation of connectivity. In M2M environments however where there is no human user, the alert can be issued to the cloud service (003) and/ or the SubMan who are additionally configured to take cognizance and decision for replacement of the eUICC (002) accordingly. Thresholds may, in separate embodiments, be defined ad-hoc by users / cloud service (003) wherein the limits may be defined according to nature of updating and communicating parties involved, such as 80% endurance for critical / frequent updates especially for M2M environments, or else up to 99% for less critical / low-frequency updates. Alternative embodiments of the present invention suggest assignment of weights to logic according to nature of the file/ command comprising the update intended, and the metered occupancy of such file/ command within the non-volatile memory resources of the eUICC (002). Accordingly, a library of rules corresponding to consequential relocation/ distribution instructions are intended to comprise logic of the SubMan. Accordingly, yet further embodiments of the present invention suggest SubMan may, alternatively or in parallel, be programmed to alter the erase/ write sequence of a non-volatile memory update so that the non-volatile memory resources may be effectively conserved and judiciously assigned to incoming files as per their attributes including size, updating frequency and minimum residence times once introduced on non-volatile memory resources comprising the eUICC (002). For example, if it is known a particular non-volatile memory resource has been utilized by the prior subscription for a high-frequency update file such as EFLoci, the SubMan shall take care to assign the same non-volatile memory resource preferably to only static data or relatively lower-frequency update file in the upcoming subscription. Communication of the relocation/ distribution instructions, required for organization of the intended update, as issued by SubMan are conveyed over-the-air from the cloud service (003) to the equipment/s (001) and via the APDU from said equipment/s (001) to eUICC (002) thereby completing the communication loop between the eUICC (002) and cloud service (003). In alternative embodiments of the present invention, SubMan and CloudMan may, or not, be co-hosted on the server and/or by same service provider. Hosted together, the cloud service (003) assumes role of a third- party trusted service provider overseeing, in a supervisory role, the subscription/ profile switching and their corresponding non-volatile memory updates availed by the eUICC (002). This function, as understood, is generic for subscription/ profile switching as well as swapping scenarios. Optionally in other embodiments, the CloudMan and SubMan comprising the cloud service (003) may be segregated to different servers and/ or service providers to optionally allow exposing either in test environments designed for assessing non-volatile memory update behaviors of different MNOs / applets or the performance of encryption algorithms that may additionally be integrated in certain embodiments for preventing unauthorized communications anytime while implementation of the present invention. [041] As will be realized in the performance of the present invention, the utility of each non-volatile memory resource is maximally utilized thereby enhancing the reliability and longevity of eUICC involved. Also, as a lateral advantage, the tracking/ monitoring data thus generated for an entire ecosystem of eUICCs deployed may also serve well for applications involving big data analytics.
[042] Industrial applicability of the present invention shall be clearly understood from the foregoing narration, as reiterated for emphasis in the following salient features which promise positive evolution of eUICC design:
a) Significant enhancement of reliability, management, longevity and endurance of eUICCs, particularly a plurality of eUICCs in a communications environment;
b) Provisioning of efficient wear-leveling, OTA, of non-volatile memory in plurality of eUICC-equipped devices which may be distributed over a large geographical area;
c) Real time reporting and relocation instructions for wear-leveling of non-volatile memory simultaneously in a plurality of eUICC- equipped devices;
d) Resource and cost saving / simplification of eUICC architecture by hosting non-volatile memory status data and relocation algorithm on central server;
e) Ability of MNO-specific monitoring of non-volatile memory lifecycle as a countercheck / tool for investigation of unauthorized / inadvertent actuation and/ or deliberate amplification of deteriorative erase/ write operations on eUICC non-volatile memory; f) Ability of update instance- specific monitoring to investigate particular MNO and/ or application responsible for high stress to non-volatile memory store involved, to generate recommendations / black lists for health of eUICC provided; and
g) Ability to act as a health monitor for eUICC environments, particularly in case of implementing a new operating system or device ] As will be realized, the present invention is capable of various other embodiments and that its several components and related details are capable of various alterations, all without departing from the basic concept of the present invention. Accordingly, the foregoing description will be regarded as illustrative in nature and not as restrictive in any form whatsoever. Modifications and variations of the method and system described herein will be obvious to those skilled in the art. Such modifications and variations are intended to come within ambit of the present invention, which shall thus be limited only by the appended claims

Claims

Claims
1] A cloud-based method for provisioning enhanced endurance of an embedded universal integrated circuit card(eUICC) by organizing execution of non-volatile memory (NVM) updates, comprising:
a. Selecting at least one mobile equipment for hosting said eUICC; b. Providing a first client program (ResMan) within the eUICC for consolidating the status of NVM resources on said eUICC;
c. Receiving the data consolidated by ResMan over the air at a cloud-based service for defining which among the available NVM resources are appropriate for updating;
d. Remotely organizing execution of intended NVM updates on appropriate NVM resources defined by the cloud-based service; and
e. Repeating steps a) to d) alternatively among in continuity, on request basis, and both to thereby conserve and enhance endurance of the eUICC. ] The method of claim 1 , wherein the step of consolidating NVM resource data by ResMan further comprises outputting a string both before and after an NVM update, preferably in hex format which is further preferably encrypted, for each unit NVM resource on said eUICC, coding for attributes selected from unique identification of each memory unit, its physical address, particulars of updating commands, updating application ID, updating files and latest count of updates previously executed on said memory unit. ] The method of claim 2, further comprising:
Providing an application protocol data unit(APDU) on the eUICC for locally relaying the output of ResMan through the mobile equipment hosting said eUICC, over the air to the cloud service. ] The method of claim 1 , wherein the step of defining which among the available NVM resources are appropriate for updating further comprises:
a. Providing a second client program (CloudMan) within the cloud-based service for archiving the output of ResMan received from the mobile equipment; and
b. Providing a third client program (SubMan) within the cloud- based service to instruct organized execution of NVM updates on appropriate NVM resources on the eUICC. ] The method of claim 4 wherein the instructional output of SubMan for organized execution of NVM updates is based on data archived by CloudMan, and essentially comprises:
a. requests for relocating intended NVM updates to appropriate NVM resources on the eUICC; and
b. requests for choosing an appropriate sequence of NVM resources to be utilized for execution of an intended NVM update. ] The method of claim 5, wherein the appropriate NVM resources are principally identified as those which are not hotspots and, and have balance endurances inversely proportional to the updating frequency of the command or file in the intended NVM update. ] The method of claim 5, wherein the appropriate sequences of NVM resources are principally identified as those which do not include hotspots, and are to be utilized in inverse proportionality of endurances of each NVM resource involved to the sequence of commands or files in the intended NVM update. ] The method of claim 5, wherein the instructional output of SubMan is relayed over the air from the cloud-based service to the mobile equipment, and followed by their local communication from said mobile equipment to the eUICC hosted therein. ] The method of claim 1 , wherein the SubMan is further configured to issue an alert in the event a predetermined threshold of endurance is exceeded for any NVM resource of the eUICC. 0] The method of claim 9, wherein the predetermined threshold of endurance is determined among the ones defined ad-hoc by the cloud service, and the inherent endurance known from prior knowledge of the physical media comprising the NVM resource of the eUICC. 1] The method of claim 1 , wherein the means of communication between ResMan, CloudMan and SubMan including M2M protocols, cellular network, internet, their equivalents and their various combinations are encrypted to avoid any instance of their unauthorized implementation. ] The method of claim 1 , wherein the intended NVM update is one corresponding to instances among subscription switching, subscription swapping, implementation of security features, applet execution and logging of system parameters including EFIoci and MNO-specific messaging. ]A cloud-based system for provisioning enhanced endurance of an eUICC hosted within a mobile equipment by organizing execution of NVM updates, comprising:
a. An eUICC comprising a first client program (ResMan) configured for hosting on the eUICC and logging the status of NVM resources on said eUICC, preferably in hex coded format both before and after execution of an NVM update; b. An application protocol data unit(APDU) on the eUICC for locally relaying the output of ResMan to a cloud service via the mobile equipment hosting said eUICC;
c. Said cloud service, the cloud service further comprising a second client program (CloudMan) and a third client program (SubMan) configured respectively for archiving output of ResMan and instructing organized execution of NVM updates on appropriate NVM resources on the eUICC to thereby conserve and enhance endurance of the eUICC; and
d. Encryption algorithms, preferably selected from state of art, on each of the eUICC and the cloud service, and configured for hosting as an additional layer on the eUICC and cloud service to disallow any instance of unauthorized access and implementation of the proposed system for provisioning enhanced endurance of an eUICC. ]The system of claim 13, wherein the cloud service is optionally a subscription-based service requiring registration of users who wish to provision enhanced endurance of the eUICC hosted within mobile equipment in their charge. ] The system of claim 13, wherein CloudMan and SubMan functionality are optionally hosted on separate servers to allow selective deliberate exposure of either in testing environments and, as such, optionally constituting the responsibility of separate service providers.
PCT/EP2015/001695 2015-08-17 2015-08-17 A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates WO2017028872A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/001695 WO2017028872A1 (en) 2015-08-17 2015-08-17 A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2015/001695 WO2017028872A1 (en) 2015-08-17 2015-08-17 A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates

Publications (1)

Publication Number Publication Date
WO2017028872A1 true WO2017028872A1 (en) 2017-02-23

Family

ID=54260709

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2015/001695 WO2017028872A1 (en) 2015-08-17 2015-08-17 A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates

Country Status (1)

Country Link
WO (1) WO2017028872A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3684087A1 (en) 2019-01-15 2020-07-22 Giesecke+Devrient Mobile Security GmbH On-demand provisioning of uiccs and server components

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120317337A1 (en) * 2011-06-09 2012-12-13 Microsoft Corporation Managing data placement on flash-based storage by use
WO2013174185A1 (en) 2012-05-22 2013-11-28 中兴通讯股份有限公司 Method, system and related device for realizing virtual sim card
US20140248924A1 (en) * 2010-11-12 2014-09-04 Apple Inc. Apparatus and methods for recordation of device history across multiple software emulations

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140248924A1 (en) * 2010-11-12 2014-09-04 Apple Inc. Apparatus and methods for recordation of device history across multiple software emulations
US20120317337A1 (en) * 2011-06-09 2012-12-13 Microsoft Corporation Managing data placement on flash-based storage by use
WO2013174185A1 (en) 2012-05-22 2013-11-28 中兴通讯股份有限公司 Method, system and related device for realizing virtual sim card

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3684087A1 (en) 2019-01-15 2020-07-22 Giesecke+Devrient Mobile Security GmbH On-demand provisioning of uiccs and server components

Similar Documents

Publication Publication Date Title
EP3429243B1 (en) Remote management method and device
US9451461B2 (en) Subscriber identity module for authenticating a subscriber on a communication network
US20200112851A1 (en) Apparatuses, methods and systems for implementing a system-on-chip with integrated reprogrammable cellular network connectivity
US20170215063A1 (en) Embedded subscriber identity module capable of managing communication profiles
KR20150015515A (en) System and method for providing operational intelligence for managed devices
CN108702613A (en) Embedded user identity module including communication configuration file
KR102036411B1 (en) Securing of the loading of data into a nonvolatile memory of a secure element
US20190007825A1 (en) Carrier configuration processing method, device and system, and computer storage medium
US10798160B2 (en) Resource management in a cloud environment
CN104092748A (en) Method and device for APP operation control
US10136323B2 (en) Method and device for operating a mobile terminal in a mobile communication network
CN107637110B (en) Method for loading configuration files
EP3257281A1 (en) Communication with plurality of cellular networks using cellular modem and virtual subscriber identity modules stored in software-based embedded universal integrated circuit card (euicc)
US10097629B2 (en) Methods, systems, devices, and products for peer recommendations
JP6923582B2 (en) Information processing equipment, information processing methods, and programs
US20190190951A1 (en) Honeypot adaptive security system
CN102510391B (en) Application management method and device and smart card
CN104322031A (en) Implementing policies for an enterprise network using policy instructions that are executed through a local policy framework
WO2017028872A1 (en) A cloud-based method and system for enhancing endurance of euicc by organizing non-volatile memory updates
KR20170102635A (en) Method and Apparatus for Protecting Privacy by Considering Usage Pattern of Application
CN112637821B (en) Management platform and management method of vehicle communication chip and vehicle communication management system
RU2703223C2 (en) Method of controlling operating cycles of communication profiles
CN111148054B (en) Traffic switching use method, device and storage medium
JP7202543B2 (en) eUICC and eUICC provisioning methods
WO2013098160A1 (en) Method for establishing secure card history and audit for property hand-over

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15775620

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15775620

Country of ref document: EP

Kind code of ref document: A1