WO2022214796A1 - System and method for provisioning profiles - Google Patents

Abstract

A method or system for provisioning eSIMs comprising: receiving a request to upload and install at least one profile associated with a subscription manager data preparation (SM-DP) server to an eSIM associated with a subscription manager secure routing (SM-SR) server; determining whether the SM-DP server associated with the at least one profile of the request and the SM-SR server associated with the eSIM of the request are an allowable pairing based on stored respective mappings between a plurality of SM-DP servers and a plurality of SM-SR servers; if the pairing is allowable, constructing a message based on the corresponding stored mapping; and using the constructed message to upload and install the at least one profile to the eSIM.

Description

SYSTEM AND METHOD FOR PROVISIONING PROFILES

[0001] The present application relates generally to a system and a method for provisioning profiles onto a SIM, and in particular for automating the remote provisioning of profiles onto an eSIM.

Background

[0002] There is an increasing interest in wireless connected devices with wireless data connections, for example, for use as communication channels for the automatic reporting of data by the devices and sending of data and instructions to the devices. Such wireless connected devices and their connectivity are commonly referred to as the Internet of Things (loT), and may also be referred to as machine to machine (M2M) communication. In operation of the M2M or loT devices it may be desirable to carry out updates of the software and/or firmware on the loT devices.

[0003] In order to provide wireless connectivity, each of the wireless connected devices comprises a subscriber identity module (SIM). Conventionally, SIMs were removable physical cards. However, to provide more flexibility, M2M/loT devices are moving away from using removable physical SIM cards to use Embedded Universal Integrated Circuit Card (eUICC) enabled SIMs, commonly referred to as eSIMs, which allow different eSIM profiles to be stored on a SIM, and to be remotely provisioned over the air to the eSIM. The different eSIM profiles stored on and/or remotely provisioned to each eSIM can then be used by the eSIM for communication with wireless communications networks. In the present application the term "eSIM" is used to refer to the eUICC enabled SIM, but should be noted that the term "eSIM" is also sometimes instead used to refer to the eSIM profiles.

[0004] An advantage of using eSIM cards is flexibility. For example, an owner or controller of an M2M/loT device comprising an eSIM is able to change the mobile communication connectivity available to the M2M/loT device by remotely provisioning a new eSIM profile to the eSIM in an "over the air" (OTA) manner, without having to physically access the M2M/loT device.

[0005] According to GSMA guidelines, in the M2M model for remote eSIM provisioning, the remote eSim provisioning is carried out by a Subscription Manager Data Preparation (SM- DP), which is responsible for preparing, storing and protecting operator profiles, and for downloading and installing profiles onto the eSIM, in cooperation with a Subscription Manager Secure Routing (SM-SR), which is responsible for managing the status of profiles on the eSIM and secures the communication link with the eUICC/eSIM for the SM-DP. According to GSMA guidelines, an eUICC may only communicate with one SM-SR, whilst an SM-SR may communicate with multiple SM-DPs. Therefore, if the necessary integration between the SM- SR and SM-DP are in place, a profile from a mobile network operator (MNO) associated with an SM-DP may be downloaded on to any eUICC associated with the SM-SR. Typically, an MNO will have a static pairing of their own SM-DP and SM-SR instances, and an eSIM associated with the SM-SR of the MNO may be remotely provisioned with profiles associated with SM-DPs of the MNO. With the development of loT enterprise platforms, which monitor and control profiles in plural loT devices on behalf of operators of the loT devices, there is need for greater flexibility to allow selection of a custom pairing of SM-SR and SM-DP so as to enable the downloading of a profile to the eSIM from multiple sources, and ideally from any desired MNO. However, means for doing this are outside the current GSMA standards.

[0006] It is an aim of certain embodiments of the disclosure to solve, mitigate or obviate, at least partly, at least one of the problems and/or disadvantages associated with the prior art. Certain embodiments aim to provide at least one of the advantages described below. However, the embodiments described below are not limited to implementations which solve any or all of the disadvantages described above.

Summary

[0007] This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to determine the scope of the claimed subject matter. Variants and alternative features which facilitate the working of the invention and/or serve to achieve a substantially similar technical effect should be considered as falling into the scope of the invention disclosed herein.

[0008] In a first aspect, the present disclosure provides a server comprising: at least one processor; a storage module configured to store respective mappings between a plurality of subscription manager data preparation (SM-DP) servers and a plurality of subscription manager secure routing (SM-SR) servers; an interface module configured to receive a request to upload and install at least one profile associated with an SM-DP serverto an eSIM associated with an SM-SR server; and a configuration module configured to determine whether the SM- DP server associated with the at least one profile of the request and the SM-SR server associated with the eSIM of the request correspond to a stored mapping, and if so, to construct a message based on that stored mapping; wherein the interface module is further configured to use the constructed message to upload and install the at least one profile to the eSIM

[0009] In a second aspect, the present disclosure provides a method for provisioning eSIMs, the method comprising: receiving a request to upload and install at least one profile associated with a subscription manager data preparation (SM-DP) server to an eSIM associated with a subscription manager secure routing (SM-SR) server; determining whether the SM-DP server associated with the at least one profile of the request and the SM-SR server associated with the eSIM of the request are an allowable pairing based on stored respective mappings between a plurality of SM-DP servers and a plurality of SM-SR servers; if the pairing is allowable, constructing a message based on the corresponding stored mapping; and using the constructed message to upload and install the at least one profile to the eSIM.

[0010] In a third aspect, the present disclosure provides a computer-readable medium comprising code or computer instructions stored thereon, which when executed by a processor, causes the processor to perform the method according to the second aspect.

[0011] The methods described herein may be performed by software in machine readable form on a tangible storage medium e.g. in the form of a computer program comprising computer program code means adapted to perform all the steps of any of the methods described herein when the program is run on a computer and where the computer program may be embodied on a computer readable medium. Examples of tangible (or non-transitory) storage media include disks, thumb drives, memory cards etc. and do not include propagated signals. The software can be suitable for execution on a parallel processor or a serial processor such that the method steps may be carried out in any suitable order, or simultaneously.

[0012] This application acknowledges that firmware and software can be valuable, separately tradable commodities. It is intended to encompass software, which runs on or controls “dumb” or standard hardware, to carry out the desired functions. It is also intended to encompass software which “describes” or defines the configuration of hardware, such as HDL (hardware description language) software, as is used for designing silicon chips, or for configuring universal programmable chips, to carry out desired functions.

[0013] The preferred features may be combined as appropriate, as would be apparent to a skilled person, and may be combined with any of the aspects of the invention.

Brief Description of the Drawings

[0014] Embodiments of the invention will be described, by way of example, with reference to the following drawings, in which:

[0015] Figure 1 is a schematic illustration of an exemplary OTA provisioning process according to the GSMA guidelines;

[0016] Figure 2 illustrates a provision system according to an embodiment of the present invention; [0017] Figure 3 illustrates a provision server device according to an embodiment of the present invention; and

[0018] Figure 4 is a flow chart of an exemplary OTA provisioning process according to the GSMA guidelines.

[0019] Common reference numerals are used throughout the figures to indicate similar features.

Detailed Description

[0020] Embodiments of the present invention are described below by way of example only. These examples represent the best mode of putting the invention into practice that are currently known to the Applicant although they are not the only ways in which this could be achieved. The description sets forth the functions of the example and the sequence of steps for constructing and operating the example. However, the same or equivalent functions and sequences may be accomplished by different examples.

[0021] Figure 1 illustrates an explanatory example of an OTA provisioning process according to the GSMA guidelines in the M2M model. Referring to figure 1 , an M2M/loT device 100 is equipped with an eSIM 102. The eSIM 102 is arranged for secure communication with a Subscription Manager Secure Routing (SM-SR) 104 using the GSMA ES5 interface, and the SM-SR 104 is arranged for secure communication with a Subscription Manager Data Preparation (SM-DP) 106 using the GSMA ES3 interface. A Mobile Network Operator (MNO) 108 associated with the eSIM 102, the SM-SR 104, and the SM-DP 106 is arranged for communication with the eSIM 102 using the GSMA ES6 interface, with the SM-SR 104 using the GSMA ES4 interface, and with the SM-DP 106 using the GSMA ES2 interface.

[0022] In order to provision a new profile to the eSIM 102, the MNO 108 transmits information (for example, subscription information, an eUICC-ID (EID), an SM-SR ID (SRID), etc) to the associated SM-DP 106, which then prepares and encrypts a profile supported by the MNO 108 for the eSIM 102 of the loT device 100. The new generated profile is then transmitted by the SM-DP 106 to the eSIM 102 in an OTA session using the GSMA ES8 interface, which is secured by the SM-SR 104, the SM-SR 104 providing hardware control of the eSIM 102, while the SM-DP 106 provides encrypted MNO operator credentials for use on the eSIM 102. The loT device 100 then installs the received subscriber profile on the eSIM 102. Based on the installed subscriber profile, the loT device 102 may then use a mobile communication service through a network, supported by the MNO 108. [0023] Although the OTA provisioning process of Figure 1 can enable provisioning of profiles to the eSIM 102 from any of a plurality of SM-DPs 106, these SM-DPs 106 must all be associated with the single SM-SR 104 able to communicate with the eSIM 102. As a result, although the GSMA guidelines theoretically allow OTA provisioning of profiles from any MNO 108 to any eSIM 102, in practice the GSMA guidelines only enable the OTA provisioning of a profile to an eSIM 102 from SM-DPs 106 associated with a single MNO 108.

[0024] Furthermore, if the necessary integration between the SM-SR 104 and SM-DP 106 servers is in place, profiles of the MNO 108 can be downloaded on to any eUICC associated with the SM-SR 104 for operational use. Typically, an MNO 108 will have a static pairing of their own SM-DP 106 and SM-SR 104 instances. However, proprietary platforms, such as loT enterprise platforms, are likely to want to be able to independently select a custom pairing of SM-SR 104 and SM-DP 106, regardless of whether they are related to a common MNO 108, and to enable the downloading of a profile to the SIM from multiple sources.

[0025] Under GSMA guidelines, the SM-SR is the component that provides hardware control to the SIM whilst the SM-DP prepares the encrypted operator credentials. To enable a custom pairing, it is necessary to build a specific request or message that triggers the SM-SR to communicate with a specific SM-DP outside of the MNO based pairing using the ES3 interface.

[0026] Figure 2 illustrates an example of a provisioning system 210 according to an embodiment. In some examples, the provisioning system 210 may be operated by a proprietary platform, such as an loT enterprise platform, to enable the proprietary platform to offer a range of profiles to users or customers of the proprietary platform, without the ability of the customers to deploy these profiles to the eSIMs of the customer devices being arbitrarily limited to eSIM and profile pairings supported by agreements between the MNOs 220 respectively associated with the eSIM and the profile.

[0027] Referring to Figure 2, the provisioning system 210 includes a user interface 240, a provisioning server 250, and is connected to at least two MNOs 220-1 and 220-2, and a user electronic device including an eUICC/eSIM 290. The eUICC/eSIM 290 may be provided by an eUICC manufacturer 270. Although only one eSIM 290 is shown in figure 2, for simplicity and clarity, the provisioning server 250 may be connected to any desired number of eSIMs. In practical implementations the provisioning server 250 will generally be connectable to a very large number of eSIMS 290.

[0028] Each MNO 220-1 and 220-2 has an associated SM-DP server 225 and an SM-SR server 227, for example SM-DP-1 225-1 and SM-SR-1 227-1 are associated with MNO-1 220-1 , and SM-DP-2 225-2 and SM-SR-2 227-2 are associated with MNO-2 220-2. [0029] Each MNO 220-1 , 220-2 is communicatively coupled to the provisioning server 250. According to an embodiment of the present invention, only the SM-SR servers 227-1 , 227-2 of specific MNOs 220-1. 220-2 may be communicatively coupled to and managed by the provisioning server 250. However, in other configurations the SM-SR servers of any MNO may be communicatively coupled to the provisioning server 250. Although only two MNOs 220 are shown in figure 2, for simplicity and clarity, the provisioning server 250 may be connected to any desired number of MNOs. The provisioning server 250 may be managed by a proprietary platform. In some examples there may be an intermediary server device between one or more of the SM-SRs 227-1 , 227-2 and the provisioning server 250.

[0030] The MNOs 220-1 , 220-2 may transmit configuration information, for example SM-DP or SM-SR servers) configuration information, to the provisioning server 250. In some embodiments, the MNOs 220-1 , 220-2 may exchange data with different SM-DP servers or a plurality of SM-SR servers. For example, SM-SR-1 server 227-2 of MNO-1 220-1 may disconnect from SM-DP-1 server 225-1 and connect via the provisioning server 250 to SM- DP-2 server 225-2 of MNO-2220-2.

[0031] The eUICC/eSIM 290 is built-into a user device (typically at the time of manufacture) by the eUICC manufacturer 270, and, as is explained above, under GSMA guidelines the eSIM 290 is linked to a specific SM-SR 227 of a specific MNO 220 at the time of commissioning. In the illustrated example, the eSIM 290 is linked to the SM-SR 227-1 of the MNO-1 220-1.

[0032] Accordingly, adding a profile associated with the MNO-1 to the eSIM 290 using conventional techniques is straightforward. However, for the reasons set out above, adding a profile associated with a different MNO 220, such as the MNO-2 220-2 to the eSIM 290 is a technically complicated process. It should be borne in mind that this problem is exacerbated because a user could require different profiles from a multiple number of MNOs to be installed on the same eSIM 290. Therefore, there is a requirement to manage the interoperability of eSIMS with SM-SR and SM-DP servers of different MNOs in an efficient manner.

[0033] In the embodiment of figure 2, the interoperability of an eSIM 290 with profiles from plural different MNOs may be achieved via the provisioning server 250 that securely manages relationships between a number of SM-SR servers 227 and multiple SM-DP servers 227 (and multiple MNOs 220), based on a profile requirement provided by the user.

[0034] In the embodiment of figure 2, the provisioning server 290 generates a request or message which is then used to enable an eSIM 290 to be provided with a specific profile, this message comprising a specific combination of configuration information to be uploaded onto the eSIM 290, the configuration information enabling the eSIM 290 to communicate with an SM-DP 225 of the MNO 220 supporting the desired profile, even if the SM-DP 225 is associated with an MNO 220 which is not associated with the eSIM 290, for example the SM-DP 225-2 associated with the MNO 220-2 of figure 2, so that the SM-DP and the SM-SR have different subscription managers (SM). The specific profile may be a profile identified in a user request.

[0035] Figure 3 illustrates an example of a provisioning server 250 which may be used in the embodiment of Figure 2. Referring to Figure 3, the provisioning server 250 includes a processor 330 that is communicatively coupled to an interface module 310, a configuration module 320, a transaction module 340, and a storage module 350. The storage module 350 is communicatively coupled to the configuration module 320 and the transaction module 340.

[0036] As shown in Figure 2, provisioning server 250 is configured to communicate with the MNOs 220 and the electronic devices comprising the eSIMs 290. For example the provisioning server 250 may be connected to a network (wireless communication or wired communication) and may communicate with the MNOs, the user electronic device and the eUICC via the interface module 310.

[0037] Figure 4 is a flow chart illustrating a provisioning method according to the embodiment of figure 2. The flow chart illustrated in Figure. 4 includes operations processed at a server device, for example the provisioning server 250, as illustrated in Figures 2 and 3.

[0038] Referring to Figure 4, the method begins in a block 410, when the interface module 310 of the provisioning server 250 receives a request to download and/or install a specific new profile to an eSIM 290. In the illustrated embodiment, this request may be generated and sent to the provisioning server 250 from the user interface 240, based on user input. Typically, the user interface 240 may offer users a selection or menu of possible profiles supported by the provisioning server 250 (and by the proprietary platform operating the provisioning server 250), together with details of the connectivity offered by each profile and associated costs or limitations. The user may then select one or more new profiles to be downloaded to one or more of the eSIMS 290 of the users devices. As is explained above, each new profile may be associated with any MNO (for example MNO-2), regardless of whether this MNO is associated with the eSIM 290. In some examples the request may comprise a list of configuration parameters, for example at least one of a profile ID, a profile type, MNO information, eUICC/eSIM configuration, an ID of the profile SM-DP associated with the profile, or a profile type etc.

[0039] As discussed above, the received profile request may be a direct request from a user or controller of an electronic device comprising the eSIM 290 sent from the user interface 240 to the provisioning server 250. Alternatively, in other examples, the request may be received from an intermediary unit, for example a profile generation server or other remote device. In some embodiments, the request may be an automated request. In some examples, the provisioning server device 250 may comprise a request buffer to receive incoming requests, and continuously monitor the request buffer to check for any new pending requests awaiting action.

[0040] Next, in a block 420, based on the received profile request, the processor 330 queries the configuration module 320 to authenticate the profile pairing of SM-SR and SM-DP required in order for the requested profile to be provisioned onto the eSIM 290. To carry out this authentication, the configuration module 320 performs a series of checks based on data stored on the provisioning server 250 and/or a remote server.

[0041] In the illustrated embodiment, the configuration module 320 authenticates the profile pairing by checking whether the combination of SM-DP and SM-SR required by the requested eUICC/eSIM and profile pairing is identified as a permitted combination in a configuration table. The configuration table is maintained by the configuration module 320, and contains SM-DP and SM-SR combinations which are permitted by the respective owners of the different SM- DPs and SM-SRs. Typically, these owners are the MNOs associated with and/or operating the different SM-DPs and SM-SRs.

[0042] In a block 430, the configuration module 320 determines whether the associated eSIM and profile pairing is allowable. The configuration module 320 checks whether a mapping between the SM-SR associated with the eSIM 290 and the SM-DP associated with the requested profile is identified as allowable in the configuration table. For example, in figure 2, the eUICC/eSIM 290 is associated with SM-SR-1 of MNO-1 , while the requested profile may be associated with SM-DP-2 of MNO-2.

[0043] In the illustrated embodiment the configuration module 320 uses one or more configuration tables of allowable SM-DP to SM-SR pairings to determine whether the requested eUICC/eSIM and profile pairing is allowable. In other examples, different approaches to checking whether specific combinations are permitted may be used.

[0044] If the SIM profile pairing is determined to be allowable, for example if the mapping between the SM-SR and the SM-DP is allowable (the SM-SR and SM-DP may be associated with different MNOs, as in the example above), in block 440, the configuration module 320 retrieves the necessary parameter values and other information required to generate a transaction message enabling the requested allowable eSIM and profile pairing, and provides this information, and optionally an authorisation, to the transaction module 340. For example the configuration module 320 may provide the transaction module 340 with a list of pathways mapping SM-SR-1 (of MNO-1) with SM-DP-2 (of MNO-2) so that the requested profile supported by MNO-1 can be added to the eSIM 290 of the user device.

[0045] In block 450, the transaction module 340, based on the list of predetermined parameters and other information provided by the configuration module 320, generates a message or transaction, such as a URL link that may be used to generate and/or install the profile, and provides this message to the interface module 310. The transaction module 340 may generate the message, such as a URL link using one or more transaction tables, as will be discussed below. For example, the message may comprise a URL link to MNO-2, together with a password and/or an authentication key. The passwords or authentication keys may be used to authenticate the generation and downloading and/or installation of the profile, for example authorising SM-SR-1 (of MNO-1) to connect with SM-DP-2 (of MNO-2).

[0046] In block 460, the interface module 310 sends the generated message, such as a URL link and the authenticated list of parameters to be installed onto the eSIM 290 to the SM-SR associated with the eSIM 290. When the SM-SR receives the message, such as a URL link and parameters, the SM-SR uses the message content, such as the URL link and the parameters to contact the SM-DP associated with the profile and generate and install the profile onto the eSIM 290.

[0047] Alternatively, in block 470, if the configuration module 320 determines that the associated eSIM-profile pairing is not allowable, it returns an error message in block 480 to the processor 330 of the provisioning server 250, which is communicated to the user interface 240, for the attention of the user, via the interface module 310. In some embodiments, the error message may contain a message for the user to contact the MNO and/or the RSP. In other embodiments, when the request is an automated request, the error message may contain information with identifiers that may trigger associated processes.

[0048] In a specific embodiment, all of the allowable SM-DP to SM-SR pairings are stored in an eSIM configuration table in one or more databases of the storage module 350. Accordingly, the configuration module 320 can authenticate a requested eSIM and profile pairing simply by checking whether the combination of SM-DP and SM-SR required by the requested eSIM and profile pairing is present in the configuration table.

[0049] In a specific embodiment, the eSIM configuration table may comprise an entry for each possible eSIM configuration, that is, each possible configuration of an SM-DP to SM-SR pairings. An example of a possible configuration entry for a specific configuration is shown in Table 1 .

Table 1 - eSIM configuration table

[0050] In table 1 , the left column gives the name of each item in the configuration entry, while the right column indicated the meaning of that item.

[0051] In the specific example of Table 1 , each entry in the eSIM configuration table for a specific eSIM configuration comprises: a database identifier for the configuration; a name for the configuration; a database identifier for the SM-DP; a database identifier for the SM-SR; a platform realm identifier; an entity identifier for the entity in the SM-DP that the configuration maps to; a name for the entity in the SM-DP that the configuration maps to; an entity identifier for the entity in the SM-SR that the configuration maps to; an entity name for the entity in the SM-SR that the configuration maps to. The various database identifiers are identifiers used in the one or more databases of the provisioning server 300. It is not essential for the entry to include both a name and an identifier for the same item, although this may improve efficiency by allowing a readily machine searchable database identifier and a human recognisable name to be used. Some platforms may not be divided into realms or regions, so that a realm identifier may not be required. The skilled person would understand that this list is not exhaustive and could include fewer, different, or more parameters as appropriate in any specific implementation.

[0052] As shown in Table 1 , and as discussed above, each entry in the eSIM configuration table includes a database ID for each of the SM-DP configuration and the SM-SR configuration required by the eSIM configuration. In this embodiment, all of the SM-DP and SM-SR configurations are stored in an RSP configuration table in one or more databases of the storage module 350. An example of a possible configuration entry for a specific SM-SR or SM-DP configuration in the RSP configuration table is shown in Table 2.

Table 2 - RSP configuration table

[0053] In the specific example of Table 2, each entry in the RSP configuration table for an SM-

DP or an SM-SR comprises: a database identifier for the device configuration; a name for the device configuration; a name of the provider (typically an MNO) associated with the device; a URL for the API of the device; a validity period which the system will wait before a request to access the device is deemed to have failed; a database identifier for the authentication details for the device; the URL the device should send responses to after a request has been completed; the version of the WSDLs used by the device; a type identifier to identify the device as an SM-DP or an SM-SR; and a platform realm identifier. Similarly to Table 1 , the various database identifiers are identifiers used in the one or more databases of the provisioning server 300. It is not essential for the entry to include both a name and an identifier for the same item, although this may improve efficiency by allowing a readily machine searchable database identifier and a human recognisable name to be used. Some platforms may not be divided into realms or regions, so that a realm identifier may not be required. In some examples entries for SM-DPs and SM-SRs may be stored separately, so that the type of the device does not need to be identified in the entry itself. The skilled person would understand that this list is not exhaustive and could include fewer, different, or more parameters as appropriate in any specific implementation.

[0054] As shown in Table 2 and as discussed above, each entry in the RSP configuration table includes a database ID for the authorisation details of the RSP configuration.

[0055] In the specific example of Table 3, each entry in the RSP authentication table for an RSP (SM-DP or an SM-SR) comprises: a database identifier for the authentication link; an identifier of the type of authentication, in this example BASIC or SSL; a pointer to the location where the SSL key file can be located; a pointer to where the SSL certificate file can be located; an identifier of the SSL version in use by the RSP; a username of the RSP; and a pointer to where any required password can be found. Similarly to Table 1 , the various database identifiers are identifiers used in the one or more databases of the provisioning server 300. The pointers may be pointers to locations in the storage module 350 of the provisioning server, and/or may be pointers to external storage locations. The skilled person would understand that this list is not exhaustive and could include fewer, different, or more parameters as appropriate in any specific implementation.

[0056] In some examples, the RSP configuration table, such as Table 2, can also be linked to additional attributes of the RSP configuration by including additional entries for these attributes. In such examples, the details and values of these additional attributes are stored in an RSP attribute table in one or more databases of the storage module 350. An example of a possible RSP attribute entry for a specific SM-SR or SM-DP configuration in the RSP authentication table is shown in Table 4.

Table 4 - RSP configuration attribute value table

[0057] In the specific example of Table 4, each entry in the RSP configuration attribute table for an RSP (SM-DP or an SM-SR) configuration comprises: an identifier for the RSP attribute value; an identifier of the RSP configuration; an identifier of the attribute the value is for; and a value for the attribute.

[0058] The configurations are mapped to particular eSIMs in a subscriber table. An example of a possible configuration entry for a specific subscriber table is shown in Table 5.

Table 5 - Subscriber table

[0059] In the specific example of Table 5, each entry in the subscriber table comprises: a database identifier for the subscriber; an ICCID of the subscriber; an identifier of the eSIM configuration used by the subscriber; a platform realm used by the subscriber; an EID of the subscriber (if it has one); and a termination value indicating whether or not the subscriber has been terminated. In some examples, each subscriber is a specific eSIM 290. Similarly to Table 1 , the database identifiers are identifiers used in the one or more databases of the provisioning server 300. The skilled person would understand that this list is not exhaustive and could include fewer, different, or more parameters as appropriate in any specific implementation.

[0060] In an embodiment, the transaction module 340 comprises an outbound request handler which builds the message or transaction to implement a requested eSIM-profile pairing in block 450 using the tables set out above, or corresponding information in some other format. The outbound request handler picks up the pairing requests from a transaction log table maintained by an outgoing request handler of the interface module 310. The outgoing request handler may periodically check the transaction log table for pairing requests requiring implementation.

[0061] An example of a possible eSIM-profile pairing request entry useable in the transaction log table is shown in Table 6.

Table 6 - Transaction table pick up

Identifier for the transaction

[0062] In the specific example of Table 5, each entry in the transaction log table comprises: an identifier for the transaction; an identifier for the profile the transaction is for, which maps to the subscriber table, such as Table 4; an identifier for the parent subscriber, this will be any physical or integrated SIM supporting the eSIM, and again maps to the subscriber table, such as Table 4; a status identifier indicating the status of the requested transaction request, for example, pending, sent, successful, or failed; an identifier of the SM-SR to be used; a unique message identifier to be sent to the RSP; a descriptor of the action to be performed, for example to enable a profile, disable a profile, audit a profile, etc.; the platform realm the transaction is for; an identifier for the company (i.e. , customer or user of the provisioning server) the transaction is for; when the request was sent; when the request was completed; any error subject code received from the RSP on failure; any error subject received from the RSP on failure; any error reason code received from the RSP on failure; and any error reason received from the RSP on failure. The skilled person would understand that this list is not exhaustive and could include fewer, different, or more parameters as appropriate in any specific implementation.

[0063] The outbound request handler uses the tables identified above, together with a further table or database which lists all of the SIMs associated with the provisioning server 250, and the customer or user (for example which company) each SIM belongs to, to build a SOAP request using the information from the transaction log table, and from the other tables as necessay. The outbound request handler adds the required authentication from the RSP authentication table, such as Table 3. Finally, the outbound request handler sends the completed SOAP request to the url identified in the RSP configuration table, such as Table 2, to execute installation of the profile according to the request in block 460.

[0064] According to a specific embodiment of the present invention, the provisioning server may instruct an SM-DP server to transmit a created profile to the SM-SR server. The provisioning server may identify a specific SM-DP server, and transmit profile information to the identified SM-DP server to create a provisioning profile, based on user requirement.

[0065] According to a specific embodiment of the present invention, the SM-SR server may perform authentication processes with the provisioning server, before creating a provisioning profile.

[0066] The eSIM 290 may be comprised in a user device. The eSIM 290 may be configured to download and install an MNO profile, for example a profile-2 may be generated at SM-DP-2 server of MNO-2 and downloaded onto the eSIM 290 via the SM-SR-1 server via OTA provisioning. The MNO profile may indicate subscriber information along with data and applications associated with the specific subscriber of an MNO. The profile may include both a subscriber profile (corresponding to an MNO-2 profile) and a provisioning profile.

[0067] According to another embodiment of the present invention, once authenticated and connected, the SM-SR-1 server may receive a plurality of profiles from the SM-DP-2 server. The SM-SR-1 server may receive a plurality of profiles in bulk from the SM-DP-2 server, for example via a dedicated connection or via an intermediary server device.

[0068] Upon receiving the profiles, the provisioning server may generate a file comprising a set of parameters that are used to upload and install the created profile on an eSIM of an electronic device. This generated file may, for example, be an API, such as a transaction API.

[0069] According to an embodiments of the present invention, the provisioning server may be arranged to commission the same file to be uploaded and installed on a plurality of electronic devices.

[0070] The provisioning server 250 may be a server independent of the MNO 220 or the SM- SR 227 server or the SM-DP 225 server.

[0071] The provisioning server 250 may perform an overall management on the eSIM 290 included in the electronic device. For example, the provisioning server 250 may perform a function for checking and/or managing installation, deletion, enabling, disabling, etc., of a profile in the eSIM 290.

[0072] The interface module may receive the request message associated with installation of the profile, wirelessly.

[0073] Examples of the wireless communication may include at least one of wireless-fidelity (Wi-Fi), Bluetooth (BT), near field communication (NFC), global positioning system (GPS), or cellular communication, e.g., through a 3<rd>generation (3G), a long term evolution (LTE), an LTE-advanced (LTE-A), a code division multiple access (CDMA), a wideband code division multiple access (WCDMA), a universal mobile telecommunications system (UMTS), a wireless broadband (WiBro), or a global system for mobile communications (GSM) communication system). Examples of wired communication may include at least one of a universal serial bus (USB), a high definition multimedia interface (HDMI), a recommended standard-232 (RS-232), or a plain old telephone service (POTS).

[0074] The network may be a telecommunications network including at least one of a computer network, an internet, an internet of things, or a telephone network. A protocol (e.g., a transport layer protocol, a data link layer protocol, or a physical layer protocol) for communication between the electronic device and an external device may be supported by at least one of the kernel, the middle ware, the application programming interface, the application, or the communication interface.

[0075] In accordance with some embodiments of the present invention, the storage module stores a plurality of parameters related to the authentication and configuration process. The storage module comprises a memory that stores data, for example configuration data. The storage module may locally store data, for example at a local memory, or remotely access and store data at a secure storage location, for example a remote server.

[0076] The storage module may store an eUICC configuration, RSP configuration, and mapping between eUICC configuration, RSP configuration, or a transaction configuration.

[0077] In addition to storing data, the memory may also store instructions received from the processor or other components (e.g., the interface module, the configuration module and the transaction module etc.) or generated by the processor and/or the other components. The memory may store a signing key for development, a signing key for commercial use, and a unique ID of the electronic device for example the unique ID of the eUICC.

[0078] According to an embodiment of the present invention, the processor of the provisioning server may process queries received from the electronic device or the eUICC. For example, the processor may receive a request message from a user to install a profile associated with MNO-2 on an electronic device that already has a profile associated with MNO-1 installed on it. Based on received request, the processor may query the configuration module to authenticate the received request message based on a p re-determined mapping stored in the storage module. For example, the storage module stores a valid mapping between the SM- SR-1 of MNO-1 and the SM-DP-2 of MNO-2.

[0079] If it is determined that the mapping is a compatible one, that is SM-SR-1 may validly connect to SM-DP-2 (this could be because a contract has been signed during MNO on- boarding process), the request message is authenticated and a transaction is generated, via the transaction module. The transaction comprises a list of configuration parameters that dictate the secure disconnection of the SM-SR-1 server from SM-DP-1 server of MNO-1 and connection with the SM-DP-2 server of MNO-2. The new transaction is updated and stored in the storage module and executed at the interface module, for example the transaction module may be executed using a request handler that periodically scans for any pending transactions.

[0080] The processor may also initiate a process for installing the new profile using a set of predetermined parameters, in response to the received request via an application, for example a URL.

[0081] Herein, the term "user" refers to a person that uses an electronic device or to another device (e.g., an artificial electronic device) that uses the electronic device.

[0082] Herein, the term "module" may represent a unit including one or more combinations of hardware, software and firmware. The term "module" may be interchangeably used with the terms "unit", "logic", "logical block", "component" and "circuit" . The "module" may be a minimum unit of an integrated component or may be a part thereof. The "module" may be a minimum unit for performing one or more functions or a part thereof. The "module" may be implemented mechanically or electronically. For example, the "module" may include at least one of an application-specific IC (ASIC) chip, a field-programmable gate array (FPGA), and a programmable-logic device for performing some operations, which are known or will be developed.

[0083] The provisioning server 250 may comprise a single server or network of servers. In some examples the functionality of the provisioning server 250 may be provided by a network of servers distributed across a geographical area, such as a worldwide distributed network of servers, and a user may be connected to an appropriate one of the network of servers based upon a user location. [0084] The above description discusses embodiments of the invention with reference to a single user for clarity. It will be understood that in practice the system may be shared by a plurality of users, and possibly by a very large number of users simultaneously.

[0085] An electronic device 290 according to an embodiment of the present invention may include a smartphone, a tablet personal computer (PC), a mobile phone, a video telephone, an electronic book reader, a desktop PC, a laptop PC, a netbook computer, a workstation, a server, a personal digital assistant (PDA), a portable multimedia player (PMP), a Motion Picture Experts Group (MPEG-1 or MPEG-2) Audio Layer 3 (MP3) player, a mobile medical device, a camera, a wearable device (e.g., a head-mounted-device (HMD), such as electronic glasses), electronic apparel, an electronic bracelet, an electronic necklace, an electronic accessory, an electronic tattoo, a smart watch, etc.

[0086] Further, an electronic device may be a smart home appliance, such as a television (TV), a digital versatile disc (DVD) player, an audio component, a refrigerator, an air conditioner, a cleaner, an oven, a microwave oven, a washing machine, an air cleaner, a set-top box, a home automation control panel, a security control panel, a TV box (e.g., Samsung HomeSync<®>, Apple TVR<®>, or Google TVR<®>), a game console (e.g., Xbox<®>or PlayStation<®>), an electronic dictionary, an electronic key, a camcorder, an electronic picture frame, etc.

[0087] Additionally, an electronic device may be a medical device, such as a portable medical measurement device (e.g., a blood glucose monitoring device, a heartbeat measuring device, a blood pressure measuring device, a body temperature measuring device, etc.), a magnetic resonance angiography (MRA) device, a magnetic resonance imaging (MRI) device, a computed tomography (CT) device, a scanner, an ultrasonic device, a navigation device, a global positioning system (GPS) receiver, an event data recorder (EDR), a flight data recorder (FDR), a vehicle infotainment device, electronic equipment for vessels (e.g., a navigation system and a gyrocompass), avionics equipment, a security device, a head unit for a vehicle, an industrial or home robot, an automatic teller machine (ATM), a point of sales (POS) device, or internet of things (e.g., light bulbs, various sensors, electric or gas meters, sprinkler devices, fire alarms, thermostats, street lamps, toasters, exercise equipment, hot water tanks, heaters, boilers, etc.).

[0088] An electronic device may also be a part of furniture or buildings/structures having communication functions, electronic boards, electronic signature receiving devices, projectors, and measuring instruments (e.g., water meters, electricity meters, gas meters, and wave meters) including metal cases. Further, an electronic device may be a flexible device. Additionally, an electronic device according to an embodiment of the present invention may be one or more combinations of the above-mentioned example devices.

[0089] The electronic device and the provisioning server 250 according to an embodiment of the present invention are not limited to the above-mentioned example devices.

[0090] In the described embodiments, the SM-DP and SM-SR have different SMs because they are associated with different MNOs. The present disclosure may also be used when the SM-DP and SM-SR have different SMs for other reasons.

[0091] The embodiments described above may be fully automatic. In some examples a user or operator of the system may manually instruct some steps of the method to be carried out.

[0092] In the described embodiments of the invention the system may be implemented as any form of a computing and/or electronic device. Such a device may comprise one or more processors which may be microprocessors, controllers or any other suitable type of processors for processing computer executable instructions to control the operation of the device in order to gather and record routing information. In some examples, for example where a system on a chip architecture is used, the processors may include one or more fixed function blocks (also referred to as accelerators) which implement a part of the method in hardware (rather than software or firmware). Platform software comprising an operating system or any other suitable platform software may be provided at the computing-based device to enable application software to be executed on the device.

[0093] Various functions described herein can be implemented in hardware, software, or any combination thereof. If implemented in software, the functions can be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media may include, for example, computer-readable storage media. Computer-readable storage media may include volatile or non-volatile, removable or non-removable media implemented in any method ortechnology for storage of information such as computer readable instructions, data structures, program modules or other data. A computer-readable storage media can be any available storage media that may be accessed by a computer. By way of example, and not limitation, such computer-readable storage media may comprise RAM, ROM, EEPROM, flash memory or other memory devices, CD-ROM or other optical disc storage, magnetic disc storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Disc and disk, as used herein, include compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk, and blu-ray disc (BD). Further, a propagated signal is not included within the scope of computer-readable storage media. Computer-readable media also includes communication media including any medium that facilitates transfer of a computer program from one place to another. A connection, for instance, can be a communication medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of communication medium. Combinations of the above should also be included within the scope of computer-readable media.

[0094] Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, hardware logic components that can be used may include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs). Complex Progrmmable Logic Devices (CPLDs), etc.

[0095] Although illustrated as a single system, it is to be understood that the computing device may be a distributed system. Thus, for instance, several devices may be in communication by way of a network connection and may collectively perform tasks described as being performed by the computing device.

[0096] Although illustrated as a local device it will be appreciated that the computing device may be located remotely and accessed via a network or other communication link (for example using a communication interface).

[0097] The term 'computer' is used herein to refer to any device with processing capability such that it can execute instructions. Those skilled in the art will realise that such processing capabilities are incorporated into many different devices and therefore the term 'computer' includes PCs, servers, mobile telephones, personal digital assistants and many other devices.

[0098] Those skilled in the art will realise that storage devices utilised to store program instructions can be distributed across a network. For example, a remote computer may store an example of the process described as software. A local or terminal computer may access the remote computer and download a part or all of the software to run the program. Alternatively, the local computer may download pieces of the software as needed, or execute some software instructions at the local terminal and some at the remote computer (or computer network). Those skilled in the art will also realise that by utilising conventional techniques known to those skilled in the art that all, or a portion of the software instructions may be carried out by a dedicated circuit, such as a DSP, programmable logic array, or the like.

[0099] It will be understood that the benefits and advantages described above may relate to one embodiment or may relate to several embodiments. The embodiments are not limited to those that solve any or all of the stated problems or those that have any or all of the stated benefits and advantages. Variants should be considered to be included into the scope of the invention.

[00100] Any reference to 'an' item refers to one or more of those items. The term 'comprising' is used herein to mean including the method steps or elements identified, but that such steps or elements do not comprise an exclusive list and a method or apparatus may contain additional steps or elements.

[00101]As used herein, the terms "component" and "system" are intended to encompass computer-readable data storage that is configured with computer-executable instructions that cause certain functionality to be performed when executed by a processor. The computer- executable instructions may include a routine, a function, or the like. It is also to be understood that a component or system may be localized on a single device or distributed across several devices.

[00102] Further, as used herein, the term "exemplary" is intended to mean "serving as an illustration or example of something".

[00103] Herein, the expressions "have", "may have", "include" and "comprise", or "may include" and "may comprise" used herein indicate existence of corresponding features (e.g., elements such as numeric values, functions, operations, or components) but do not exclude presence of additional features. Further, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim.

[00104] The figures illustrate exemplary methods. While the methods are shown and described as being a series of acts that are performed in a particular sequence, it is to be understood and appreciated that the methods are not limited by the order of the sequence. For example, some acts can occur in a different order than what is described herein. In addition, an act can occur concurrently with another act. Further, in some instances, not all acts may be required to implement a method described herein.

[00105] Further, the expressions "A or B", "at least one of A or/and B", or "one or more of A or/and B", etc., used herein, may include any and all combinations of one or more of the associated listed items. For example, the term "A or B", "at least one of A and B", or "at least one of A or B" may refer to a scenario where at least one A is included, a scenario where at least one B is included, or a scenario where both of at least one A and at least one B are included. [00106] The terms, such as "first", "second", "third", etc., as used herein may refer to various elements of various embodiments of the present invention, but do not limit the elements. For example, such terms do not limit an order and/or priority of the elements. Further, such terms may be used to distinguish one element from another element. For example, "a first user device" and "a second user device" indicate different user devices, not an order or priority of the user devices. Accordingly, a first element may be referred to as a second element, and similarly, a second element may be referred to as a first element.

[00107] Moreover, the acts described herein may comprise computer-executable instructions that can be implemented by one or more processors and/or stored on a computer-readable medium or media. The computer-executable instructions can include routines, sub-routines, programs, threads of execution, and/or the like. Still further, results of acts of the methods can be stored in a computer-readable medium, displayed on a display device, and/or the like.

[00108] Herein, when an element/module (e.g., a first element/module) is referred to as being "(operatively or communicatively) coupled with/to" or "connected to" another element/module (e.g., a second element/module), the first element/module can be directly coupled with/to or connected to the second element/module or an intervening element (e.g., a third element/module) may be present there between. However, when the first element is referred to as being "directly coupled with/to" or "directly connected to" the second element, there are no intervening elements (e.g., a third element) there between.

[00109] The expression "configured to" used herein may be used as, for example, the expression "suitable for", "having the capacity to", "designed to", "adapted to", "made to", or "capable of. The term "configured to" does not mean only "specifically designed to" in hardware. Instead, the expression "a device configured to" may mean that the device is "capable of operating together with another device or other components. For example, a "processor configured to perform A, B, and C" may mean a dedicated processor (e.g., an embedded processor) for performing a corresponding operation or a generic-purpose processor (e.g., a central processing unit (CPU) or an application processor), which may perform corresponding operations by executing one or more software programs which are stored in a memory device.

[00110] It will be also be appreciated that, throughout the description and claims of this specification, language in the general form of "X for Y" (where Y is some action, activity or step and X is some means for carrying out that action, activity or step) encompasses means X adapted or arranged specifically, but not exclusively, to do Y. The terms of a singular form may include plural forms unless otherwise specified. [00111] Unless otherwise specified, all terms used herein, which include technical or scientific terms, have the same meanings that are generally understood by a person skilled in the art. It will be further understood that terms, which are defined in a dictionary and commonly used, should also be interpreted as customary in the relevant related art and not in an idealized or overly formal sense unless expressly so defined herein in various embodiments of the present invention. In some cases, even if terms are defined in the specification, they may not be interpreted to exclude embodiments of the present invention.

[00112] The order of the steps of the methods described herein is exemplary, but the steps may be carried out in any suitable order, or simultaneously where appropriate. Additionally, steps may be added or substituted in, or individual steps may be deleted from any of the methods without departing from the scope of the subject matter described herein. Aspects of any of the examples described above may be combined with aspects of any of the other examples described to form further examples without losing the effect sought.

[00113] It will be understood that the above description of a preferred embodiment is given by way of example only and that various modifications may be made by those skilled in the art.

What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable modification and alteration of the above devices or methods for purposes of describing the aforementioned aspects, but one of ordinary skill in the art can recognize that many further modifications and permutations of various aspects are possible. Accordingly, the described aspects are intended to embrace all such alterations, modifications, and variations that fall within the scope of the appended claims.

Claims

Claims:

1. A server comprising: at least one processor; a storage module configured to store respective allowed mappings between a plurality of subscription manager data preparation (SM-DP) servers and a plurality of subscription manager secure routing (SM-SR) servers; an interface module configured to receive a request to upload and install at least one profile associated with an SM-DP server to an eSIM associated with an SM-SR server; and a configuration module configured to determine whether the SM-DP server associated with the at least one profile of the request and the SM-SR server associated with the eSIM of the request correspond to a stored allowed mapping, and if so, to construct a message based on that stored mapping; wherein the interface module is further configured to use the constructed message to upload and install the at least one profile to the eSIM.

2. The server of claim 1 , wherein one or more of the plurality of SM-DP servers and one or more of the plurality of SM-SR servers have different subscription managers (SMs).

3. The server of claim 1 or claim 2, wherein one or more of the plurality of SM-DP servers and one or more of the plurality of SM-SR servers are associated with different Mobile

Network Operators (MNOs).

4. The server of any preceding claim, wherein the interface module is further configured to use the constructed message to instruct transmission of the at least one profile, from at least one of the plurality of SM-DP servers to the eSIM, using over the air (OTA) transmission means.

5. The server of any preceding claim, wherein the constructed message comprises at least one of a profile identifier (ID), mobile network operator (MNO) information, and an ID of the SM-DP server.

6. The server of any preceding claim, wherein the received request comprises a list of configuration parameters, comprising at least one of: a profile ID; a profile type; MNO information; an eSIM configuration; an ID of the profile SM-DP; a profile type.

7. The server according to any preceding claim, wherein the constructed message comprises a URL link.

8. A method for provisioning eSIMs, the method comprising: receiving a request to upload and install at least one profile associated with a subscription manager data preparation (SM-DP) server to an eSIM associated with a subscription manager secure routing (SM-SR) server; determining whether the SM-DP server associated with the at least one profile of the request and the SM-SR server associated with the eSIM of the request are an allowable pairing based on stored respective mappings between a plurality of SM-DP servers and a plurality of SM-SR servers; if the pairing is allowable, constructing a message based on the corresponding stored mapping; and using the constructed message to upload and install the at least one profile to the eSIM.

9. The method of claim 8, wherein one or more of the plurality of SM-DP servers and one or more of the plurality of SM-SR servers have different subscription managers (SMs.

10. The method of claim 8 or claim 9, wherein one or more of the plurality of SM-DP servers and one or more of the plurality of SM-SR servers are associated with different Mobile Network Operators (MNOs).

11. The method of any one of claims 8 to 10, wherein constructed message is used to instruct transmission of the at least one profile, from at least one of the plurality of SM- DP servers to the eSIM, using over the air (OTA) transmission means.

12. The method of any one of claims 8 to 11 , wherein the constructed message comprises at least one of a profile identifier (ID), mobile network operator (MNO) information, and an ID of the SM-DP server.

13. The method of any one of claims 8 to 12, wherein the received request comprises a list of configuration parameters, comprising at least one of: a profile ID; a profile type; MNO information; an eSIM configuration; an ID of the profile SM-DP; a profile type.

14. The method of any one of claims 8 to 13, wherein the constructed message comprises a URL link.

15. A computer-readable medium comprising code or computer instructions stored thereon, which when executed by a processor, causes the processor to perform the method according to any one of claims 8 to 14.