WO2023227386A1 - Procédé de gestion de profils de service d'un élément sécurisé - Google Patents

Procédé de gestion de profils de service d'un élément sécurisé Download PDF

Info

Publication number
WO2023227386A1
WO2023227386A1 PCT/EP2023/062659 EP2023062659W WO2023227386A1 WO 2023227386 A1 WO2023227386 A1 WO 2023227386A1 EP 2023062659 W EP2023062659 W EP 2023062659W WO 2023227386 A1 WO2023227386 A1 WO 2023227386A1
Authority
WO
WIPO (PCT)
Prior art keywords
profile
profile data
service
management device
centralized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2023/062659
Other languages
English (en)
French (fr)
Inventor
Katarzyna WISNIEWSKA
Tomasz Wozniak
Pawel KARPINSKI
Jacek MACUDA
Marek Kociecki
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Idemia France SAS
Original Assignee
Idemia France SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Idemia France SAS filed Critical Idemia France SAS
Priority to KR1020247039006A priority Critical patent/KR20250010616A/ko
Priority to EP23724857.0A priority patent/EP4529734A1/fr
Priority to JP2024568984A priority patent/JP2025519087A/ja
Publication of WO2023227386A1 publication Critical patent/WO2023227386A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • H04W8/205Transfer to or from user equipment or user record carrier
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data

Definitions

  • the present invention relates to the management of service profiles in a secure element of a host terminal.
  • a secure element, SE is a tamper-proof hardware component or platform (typically a chip or smart card) used in a host terminal (typically a mobile terminal) and capable of securely hosting applications and data in compliance with security rules and requirements set by trusted authorities.
  • An increasingly used form factor of the SE is the embedded secure element, eSE (for “embedded Secure Element”).
  • eSE embedded Secure Element
  • This embedded secure element is generally soldered to the host terminal.
  • iSE Integrated Secure Element
  • the secure element then becomes an integral part of the main processor (for example as a secure core in addition to other processor cores).
  • the secure elements are programmed according to the desired applications.
  • an eSE or iSE can form the secure element necessary for numerous uses or services based on NFC (Near Field Communication) communication implemented by a host mobile terminal.
  • NFC Near Field Communication
  • an N FC payment service requires the user's secret banking information which is advantageously stored in the eSE, protected from any untimely access. This is also the case for a public transport service where the eSE makes it possible to identify the user at gantries.
  • a secure element is the embedded UlCC (for “Universal Integrated Circuit Card”, or “universal integrated circuit card” in French) which provides the credentials of a subscriber to authenticate on one or more networks of mobile telephony, particularly via different operators.
  • UlCC Universal Integrated Circuit Card
  • iSE configured as a SIM card (for “Subscriber Identity Module”, or “subscriber identity module” in French).
  • SIM card for “Subscriber Identity Module”, or “subscriber identity module” in French.
  • eUICC for “embedded UICC”
  • iUlCC for “integrated UICC”.
  • the main specifications of a card eUlCC are defined by the GSMA group (for “Global System for Mobile Communications Association”) in the GSMA SGP.02 v3.2 standard entitled “Remote Provisioning Architecture for Embedded UICC - Technical Specification - Version 3.2” dated June 27, 2017.
  • LPA for “Local Profile Administration”, or “administration of local profiles” in French.
  • the LPA is located in the operating system of the host terminal or in the secure element of the host terminal, and provides the interface between the secure element and the entity, on the communication network, of the management operator profiles (for example the subscription management server SM-DP+, for “Subscription Manager Data Preparation+”). This allows, for example, the user of the host terminal to install a new profile in the secure element, or to activate, deactivate or delete a profile already installed in the secure element.
  • Figure 1 represents a host terminal 101 comprising a secure element 102, for example an ellICC, and a communication agent 103.
  • the host terminal 101 can be for example a mobile telephone, a device embedded in a car and managed remotely. distance via the car manufacturer's information system, or any other type of connected object.
  • the secure element 102 typically stores one or more profiles.
  • the communication agent 103 is located in the operating system of the host terminal 101 or in the secure element 102 of the host terminal 101, and provides the interface between the secure element 102 and the various external profile management devices CLPAj 105a, 105b, 105c, as detailed below.
  • the system of Figure 1 also includes an SM-DP+ server (for “Subscription Manager Data Preparation”, or data preparation and subscription management server in French) 104 of a mobile network, which server stores or receives several profiles to be transmitted to the secure element 102.
  • SM-DP+ server for “Subscription Manager Data Preparation”, or data preparation and subscription management server in French
  • SM-DP+ server for “Subscription Manager Data Preparation”, or data preparation and subscription management server in French
  • SM-DP+ server for “Subscription Manager Data Preparation”, or data preparation and subscription management server in French
  • the management of profiles stored on the secure element 102 is ensured by a plurality of external CLPAj profile management devices 105a, 105b, 105c which are not in the host terminal 101, but are devices (or servers) remote in the network.
  • the external profile management devices CLPAj 105a, 105b, 105c provide, for the services which are respectively associated with them, the profile management functions in place of the LPA entity defined for example in the GSMA SGP standard .22 v2.0 titled “RSP Technical Specification – Version 2.0” dated October 14, 2016.
  • Each external CLPAj profile management device 105a, 105b, 105c is thus configured to communicate on the one hand with the SM-DP+ server 104 and obtain one (or more) command relating to the management of a profile of the secure element 102 (for example a command to install or delete a profile), and on the other hand with the communication agent 103 of the host terminal 101 to send said profile management command to it.
  • the communication agent 103 is further configured to send the profile management command to the secure element 102.
  • this system does not make it possible to effectively manage the evolution of external profile management devices for a given service (for example, an external profile management device out of service, or not capable of updating the profile, replacing one external profile management device with another, etc.).
  • a given service for example, the migration to a new service provider is accompanied by a change in the profile management device associated with this service.
  • the secure element is not informed of this development, and is not aware of the address of the new profile management device. No mechanism is currently planned to switch to a new external profile management device for an already existing service.
  • a first aspect of the invention relates to a method for managing service profiles of a secure element of a host terminal, the management method being implemented by a centralized profile management device external to the host terminal.
  • the process may include:
  • profile data is meant one or more data associated with a service profile, making it possible to install or update a profile on the secure element.
  • a “processing device” may be an external device or server managed by a service provider, on which profile data associated with one or more services managed by the service provider is stored. Subsequently, a processing device is also called a “profile management device”. “Event triggering an update of a service profile” means any event leading to the search and sending of profile data among the profile data stored in the centralized profile management device. 206.
  • the centralized profile management device can receive an interrogation request from the secure element (“pull mode”), or can be configured to check at predetermined times whether profile data is available and send it if necessary to the secure element.
  • the above method makes it possible to advantageously manage the case where several profile data corresponding to the same service are received from at least two different processing devices, which was not possible with the architecture of Figure 1. Furthermore, the presence of a centralized management device as the only entity with which the host terminal communicates makes it possible to eliminate certification issues.
  • the sent profile data can be sent by the centralized profile management device to a communication agent of the host terminal, the communication agent being configured to transmit said profile data to the secure element. profile.
  • the centralized profile management device may further receive other profile data intended for at least one other secure element, wherein each profile data is received with an identifier of a secure element for which it is intended, in which each stored profile data is further stored in association with the identifier of the secure element for which it is intended, and in which the most recent profile data among the stored profile data associated with said service is sent with the identifier of the secure element for which it is intended.
  • the centralized profile management device can be configured to manage the profiles of a plurality of secure elements, whether or not belonging to the same host terminal.
  • each profile data received from a processing device may include an identifier of the secure element for which it is intended.
  • each stored profile data can be respectively associated with version data, in which the version data is representative of a reception time by the centralized profile management device or is a version number of a profile associated with the profile data, wherein the sent profile data corresponds to the profile data having the most recent version data among the stored profile data associated with said service.
  • each profile data may be received with respective service identification data, and the method may further comprise:
  • a service identification data among the received service identification data may be:
  • each profile data is received with information making it possible to determine which service it corresponds to. It is thus possible to associate, when storing profile data, said data and the corresponding service.
  • the method may further comprise, for each profile data associated with the service received:
  • the profile data sent is the most recent profile data among the stored profile data associated with said service and the current service provider associated with the secure element for said service.
  • current service provider is meant the service provider at the time the triggering event is detected. Indeed, between the receipt of at least part of the profile data and the detection of the triggering event, the provider of the service concerned may have changed.
  • the profile data sent to the terminal is chosen from the profile data stored in the centralized profile management device and associated with the current service provider.
  • detection of the event triggering the update of the service profile of the secure element may include:
  • Such embodiments correspond to a “pull” mode.
  • the host terminal sends a request corresponding to a given service to ask if a new version of the profile associated with the service is available, and retrieve it if necessary.
  • this request is lost or sent to the wrong entity. Indeed, nothing is planned to dynamically manage changes in network addresses or providers. In the present invention, this problem no longer arises because all interrogation requests are sent to the same entity, whose network address is fixed.
  • the interrogation request may further include an identifier of the secure element.
  • each of the plurality of processing devices may have a respective first asymmetric key pair, each first asymmetric key pair comprising a private key and a public key, the public key being shared between the processing device and the centralized profile management device.
  • Each received profile data may be signed with the private key of the transmitting processing device.
  • the method may further comprise, for each profile data received:
  • processing device By transmitting processing device, we mean the processing device from which the profile data was received. Such verification of the signature of the processing device makes it possible to verify that the profile data was indeed issued by an authorized and trusted entity, and that it was not corrupted between its sending and its reception.
  • the public key of the security device processing can be broadcast to the centralized profile management device in a digital certificate.
  • the centralized profile management device may have a second asymmetric key pair, the second asymmetric key pair comprising a private key of the centralized profile management device and a public key of the centralized profile management device, the key public of the second pair of asymmetric keys being shared between the centralized profile management device and the secure element.
  • said profile data can be signed using the private key of the centralized profile management device.
  • the profile data is therefore doubly signed, on the one hand with the private key of the transmitting processing device, and on the other hand with the private key of the centralized profile management device.
  • the public key of the second asymmetric key pair (therefore the public key of the centralized profile management device) can be sent to the secure element in a second digital certificate.
  • the public keys of the processing devices must also be communicated to the secure element (for example, the certificate of each processing device can be sent from the centralized profile management device to the secure element, and possibly this certificate can be signed using the private key of the centralized profile management device). This allows the secure element, when it receives the profile data, to verify that it has not been modified since it was sent by the processing device, and to “trace” its path (transmitting processing device - centralized profile management device - secure element).
  • Another aspect of the invention relates to a centralized profile management device for managing communication profiles of a secure element of a host terminal, the centralized profile management device being external to the host terminal.
  • the centralized profile management device can be configured to:
  • Another aspect of the invention relates to a system comprising a host terminal having a secure element, a centralized profile management device external to the host terminal and a plurality of processing devices, in which the centralized profile management device can be configured For :
  • the secure element can be configured to:
  • each of the plurality of processing devices may have a respective first asymmetric key pair, each first asymmetric key pair comprising a private key and a public key, the public key being shared between the processing device and the centralized profile management system.
  • Each profile data received may be signed with the private key of the transmitting processing device, and the centralized profile management device may further be configured to, for each profile data received:
  • the centralized profile management device may have a second asymmetric key pair, the second asymmetric key pair comprising a private key of the centralized profile management device and a public key of the centralized profile management device of profiles, the public key of the second pair of asymmetric keys being shared between the centralized profile management device and the secure element.
  • said profile data may be signed (possibly in addition to the first signature below). above) using the private key of the centralized profile management device before being sent to the host terminal.
  • the public key of each of the plurality of processing devices may be shared with the secure element and the secure element may be configured to:
  • Another aspect of the invention relates to a computer program product comprising instructions for implementing the above method, when this program is executed by a processor
  • Another aspect of the invention relates to a non-transitory computer-readable medium storing a program which, when executed by a processor of a centralized profile management device, causes the centralized profile management device to perform the method as defined above.
  • the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment (comprising firmware, resident software, microcodes, etc.) or an embodiment combining software and hardware aspects which can all be collectively called here "circuit", "module” or "system”. Additionally, the present invention may take the form of a computer program product embodied in any tangible expression medium having computer-usable program code embodied in the medium.
  • a tangible or non-transitory medium may include a storage medium such as a hard disk drive, a magnetic tape device or a semiconductor memory device and the like.
  • a transient medium may include a signal such as an electrical signal, an electronic signal, an optical signal, an acoustic signal, a magnetic signal or an electromagnetic signal, for example a microwave or RF (radio frequency) signal.
  • Figure 1 shows an example of a prior art communication system including external profile management devices.
  • Figure 2 represents an example of a communication system comprising a centralized profile management device according to one or more embodiments of the invention.
  • Figure 3 represents an example of a flowchart of a method of managing a service profile according to one or more embodiments of the invention.
  • Figure 4 represents steps of a method of managing a service profile according to a particular embodiment of the invention.
  • Figure 5 represents an alternative embodiment to the embodiment presented in Figure 4.
  • Figure 6 represents an example of a centralized profile management device for executing a transaction according to one or more embodiments of the invention.
  • the invention proposes to modify the architecture of the prior art to integrate an external profile management device (or server) configured to receive, from different service providers, and retransmit, to a host terminal integrating an element secure, profile data to install or update profiles corresponding to different services of this secure element.
  • the profile data is no longer directly sent from the servers associated with the different providers to the host terminal, but is sent to a so-called centralized profile management device, which retransmits at least part of it to the host terminal.
  • centralized profile management device which retransmits at least part of it to the host terminal.
  • Such an architecture makes it possible to effectively manage situations where data corresponding to the same service is sent by several servers (for example in the context of a change of service provider).
  • the proposed system also eliminates the need for each supplier to have certification for each of the premises in which the servers are located. Indeed, since the data is sent from the centralized profile management system, only the premises hosting the latter require certification.
  • Figure 2 represents an example of a communication system comprising a centralized profile management device according to one or more embodiments of the invention.
  • the system shown in Figure 2 comprises a host terminal 201 comprising a secure element 202, for example an eUlCC, and a communication agent (denoted DAG in Figure 2) 203.
  • the host terminal 201 can be for example a mobile telephone, a device embedded in a car and managed remotely by the car manufacturer's information system, or any other type of connected object.
  • the secure element 202 typically stores one or more profiles (also called “service profiles”, or “subscriptions”). Each profile is associated with a service provided by an operator called a “service provider”.
  • Each service provider may have a DPAj 205a, 205b, 205c profile management device (or server) (DPA for “Distant Profile Administrator” in French, even if any other terminology may be used), on which profiles associated with this service are stored.
  • DPA Disistant Profile Administrator
  • a DPAj profile management device 205a, 205b, 205c can store the most recent version of a profile for the service concerned, and possibly previous versions of this profile (for example, each new available version of the profile of service can be stored in the DPAj profile management device 205a, 205b, 205c in addition to or instead of the previous version).
  • the communication agent 203 is located in the operating system of the host terminal 201 or in the secure element 202 of the host terminal 201, and provides the interface between the secure element 202 and the centralized profile management device ( denoted TS in Figure 2) 206 whose functions are detailed below.
  • the host terminal can be managed by a remote terminal management platform 204 (denoted DMP, for “Device Management Platform” in English).
  • the communication agent 203 creates the interface between the secure element 202 and the remote management platform of the terminal 204.
  • the system of Figure 2 further comprises a centralized profile management device TS 206.
  • This centralized profile management device 206 is configured to receive, from the external profile management devices DPAj 205a, 205b, 205c, data associated with service profiles (called “profile data”) prepared by them.
  • the profile data sent by the DPAj profile management devices 205a, 205b, 205c can be complete profiles (ie a set of data constituting a profile), for example new profiles to install, or data to update profiles already installed on the secure element 202.
  • the term “update” of a profile is used subsequently to designate both the installation of a new profile on the secure element 202 or the update of a profile already installed on the secure element 202.
  • each external DPAj profile management device 205a, 205b, 205c can send to the centralized profile management device 206 profile data corresponding to one or more profiles for the services they implement.
  • the profile data may be sent by the DPAj profile management devices 205a, 205b, 205c to the centralized profile management device 206 in association with an identifier of the secure element 202 to which it are intended.
  • the centralized profile management device 206 can receive profile data for the secure elements of several host terminals, and/or for several secure elements of the same host terminal. In this case, it is necessary for the centralized profile management device 206 to know for which secure element the profile data it receives is intended.
  • profile data may be sent by a DPAj profile management device 205a, 205b, 205c to the centralized profile management device 206 in association with service identification data .
  • This service identification data allows the centralized profile management device 206 to determine to which service the received profile data corresponds.
  • the service identification data can be for example:
  • the centralized profile management device 206 can also have access to a table (for example stored in a memory of the centralized profile management device 206 or on a remote server) or a database associating the identifier or address to an identifier of the service associated with the data of profile received. Using this table, the centralized profile management device 206 can determine, from the service identification data received, the service associated with the data received.
  • a table for example stored in a memory of the centralized profile management device 206 or on a remote server
  • a database associating the identifier or address to an identifier of the service associated with the data of profile received.
  • the centralized profile management device 206 can determine, from the service identification data received, the service associated with the data received.
  • the service identification data makes it possible to determine the service associated with the profile data received.
  • the centralized profile management device 206 When the centralized profile management device 206 receives profile data from a DPAj profile management device 205a, 205b, 205c, it stores it in memory, in association with the service with which it is associated. In one or more embodiments, this association can be made from the service identifier.
  • a first profile management device e.g. DPAi 205a
  • a second profile management device e.g. DPA2 205b
  • each DPAj profile management device 205a, 205b, 205c has a respective pair of asymmetric keys, each pair being composed of a public key KcpA, P ub,i and a key private KcpA, P riv,i.
  • the public key KcpA, P ub,i of each profile management device DPAj 205a, 205b, 205c is shared with the centralized profile management device 206 (ie the centralized profile management device 206 knows the public key K C pA , P ub,i of each DPAj profile management device 205a, 205b, 205c).
  • the public key KcpA, P ub,i of a DPAj profile management device 205a, 205b, 205c can be sent in a digital certificate issued by a certification body to the DPAj profile management device 205a , 205b, 205c.
  • a profile management device DPAj 205a, 205b, 205c can then send, to the centralized profile management device 206, signed profile data, with a signature generated using the private key K C pA, P nv, i of the DPAj profile management device 205a, 205b, 205c.
  • the centralized profile management device 206 When the centralized profile management device 206 receives the profile data, it verifies the signature: it in turn calculates a signature from this data and the public key KcpA, P ub,i of the profile management device DPAj 205a, 205b, 205c from which he received the profile data, then compares the two signatures. If the two signatures match, this indicates that the profile data was sent by an “authorized” entity, and the data is stored in a memory of the centralized profile management device 206. If the two signatures do not match, the profile data is deleted and is not stored in the memory of the centralized profile management device 206. This makes it possible to verify the integrity and origin (traceability) of the data received.
  • the centralized profile management device 206 can send one or more profile data among the profile data that it has stored in memory, directly to the communication agent 203 (for example following a direct request from the agent 203 to the centralized device 206), or alternatively to the remote management platform of the terminal 204 (which transmits them to the communication agent 203).
  • the communication agent 203 then transmits the profile data(s) to the secure element 202, which can install or update one or more corresponding profiles.
  • the profile data may be sent in association with service identification data (detailed above), so that the secure element can determine the profile to be updated, and/or in association with the security management device.
  • DPAj profiles 205a, 205b, 205c from which the profile data was sent (this is particularly advantageous when the data is signed using a private key KcpA, P nv,i of the issuing profile management device, such as detailed below, so that the secure element can verify the signature using the public key KcpA, P ub,i of the issuing profile management device).
  • the profile data can be sent in association with an identifier of the secure element (this is particularly advantageous when the terminal includes several secure elements 202, so that the communication agent 203 sends the data to the secure element 202 including the profile concerned by the update).
  • the centralized profile management device 206 can store several profile data associated with the same service and received from several respective DPAj profile management devices 205a, 205b, 205c. It may therefore be necessary for the centralized profile management device 206 to know, for a given service, which profile data associated with this service to send to the communication agent 203 or to the remote management platform of the terminal 204. In one or more embodiments, for a given service, the most recent profile data among the stored profile data associated with this service is sent. For example, it is possible to record, for each stored profile data, its date of reception or any information representative of this date by the centralized profile management device 206, and the profile data sent is that having the date of most recent reception (ie the last profile data received). Alternately, each stored profile data can be saved with a corresponding profile version number, and the profile data sent is that corresponding to the most recent version.
  • the profile data can further be stored in association with the identifier of the secure element for which the profile data is intended, and the profile data sent may be the most recent profile data among the stored profile data associated with this service and the identifier of the secure element 202.
  • the profile data may be sent with an identifier of the provider of the associated service, and the centralized profile management device 206 can have access to a table or a database which links a secure element with a list of service providers with which the user has subscribed.
  • the profile data sent may be the most recent profile data among the profile data stored for a given service and provided by the provider of this service associated with the secure element 202.
  • the memory of the centralized device profile management 206 can be partitioned into memory areas according to the service providers, each memory area corresponding to a respective provider, and when the secure element sends a request to retrieve an update of one of its profiles (“mode pull” detailed below), it receives in response profile data from among the profile data stored in the memory areas associated with the service providers with which the user of the host terminal 201 has taken out a subscription.
  • mode pull detailed below
  • pointers which refer to the respective addresses of the memory zones associated with the service providers with which the user of the host terminal 201 has taken out a subscription.
  • the centralized profile management device 206 has a pair of asymmetric keys, the pair being composed of a public key K T s, P ub and a private key K ⁇ s.priv.
  • the public key K ⁇ s.pub of the centralized profile management device 206 is shared with the secure element 202.
  • the public key K T s, P ub of the centralized profile management device 206 can be sent in a digital certificate, which is delivered by a certification body to the centralized profile management device 206.
  • the centralized profile management device 206 can in turn sign the profile data (possibly previously signed using the private key KcpA, P riv,i of the profile management device DPAj 205a, 205b, 205c transmitter) with its private key K ⁇ s.priv, and send the signed data (possibly doubly signed) to the management platform of the terminal 204 or to the communication agent 203 of the terminal 201.
  • the secure element 202 receives the profile data, it in turn verifies the signature: it in turn calculates a signature from this data and the public key K ⁇ s.pub of the centralized profile management device 206, then compares the two signatures. If these match, the relevant profile of the secure element is updated from the data received.
  • the profile is not updated and the received profile data is deleted.
  • the data received by the secure element 202 is doubly signed (ie from the private key K C pA,priv,i of the profile management device DPAj 205a, 205b, 205c transmitter and the private key KTS .PHV of the centralized profile management device 206), it is necessary that the secure element also has knowledge of the public key KcpA.pub.i of the profile management device DPAj 205a, 205b, 205c issuer.
  • the public key K C pA,pub,i of the DPAj profile management device 205a, 205b, 205c can be sent by the centralized profile management device 206 to the secure element 202 (via the platform management of the terminal 204 or to the communication agent 203 of the terminal 201).
  • this public key KcpA.pub.i of the profile management device DPAj 205a, 205b, 205c can be sent by the centralized profile management device 206 in its digital certificate possibly signed by the centralized profile management device 206 using its private key KTS.PHV.
  • the secure element 202 verifies the two signatures, one from the public key KcpA.pub.i of the DPAj profile management device 205a, 205b, 205c issuer, and the other from from the public key K ⁇ s.pub of the centralized profile management device 206. If both verifications are successful, then the profile concerned of the secure element is updated from the data received. Otherwise, the profile is not updated and the received profile data is deleted. This double verification makes it possible on the one hand to verify that the profile data comes from an “authorized” entity, and on the other hand that it has not been modified since it was sent by the external profile management device DPAj 205a, 205b, 205c transmitter.
  • the external DPAj profile management devices 205a, 205b, 205c do not communicate directly with the host terminal 201 or with the terminal management platform 204.
  • the profiles are sent from the external DPAj profile management devices 205a, 205b, 205c to the centralized profile management device 206, which in turn transmits them to the host terminal 201.
  • the host terminal 201 or the remote terminal management platform 204) only receives profiles from one single entity, which resolves the certification issues mentioned above and facilitates the management of changes in service providers.
  • the acquisition of profiles is done in “pull” mode, that is to say at the request of the secure element 202.
  • the secure element 202 sends, via the communication agent 203, a query request to find out if profile data (corresponding to a new profile / a new version of a profile) is available.
  • this request is sent to the external profile management device CLPAj 105a, 105b, 105c of the service provider associated with the profile concerned.
  • the user it is possible for the user to change service provider, or for the service provider to change external CLPAj profile management device 105a, 105b, 105c.
  • Figure 3 represents an example of a flowchart of a method of managing a service profile according to one or more embodiments of the invention.
  • the centralized profile management device 206 receives profile data for a given service.
  • this profile data is signed using the private key KcpA.priv of the DPAj profile management device 205a, 205b, 205c from which the profile data was received, as detailed above.
  • the signature can then be verified (step 302) using the public key KcpA, P ub,i of the profile management device DPAj 205a, 205b, 205c from which the profile data was received. If the verification fails (step 302, arrow “K” in Figure 3), the data is deleted (step 303). If the verification is successful (step 302, arrow “O” in Figure 3), the data is stored in a memory of the centralized profile management device 206 in association with the service concerned (step 304).
  • the centralized profile management device 206 continues to receive profile data for the service concerned (step 301), possibly verifying them (step 302) and deleting them (step 303) or storing them in memory (step 304).
  • the most recent profile data among the associated stored profile data to the service concerned is sent to the communication agent 203 or to the remote management platform of the terminal 204 (step 307).
  • the profile data can be signed using the private key K T s, P nv of the centralized profile management device 206 (step 306) before being sent to step 307, as detailed below. above.
  • the triggering event for an update of a profile of the secure element can be any event causing the most recent profile data to be sent by the centralized profile management device 206 to the communication agent 203 or to the remote terminal management platform 204.
  • this triggering event may be the reception, by the centralized profile management device 206, of an interrogation request from the secure element 202 and sent via the communication agent 203, to find out if profile data associated with a given service is available (such an interrogation request may in particular include an identifier of the service concerned).
  • These embodiments correspond to a “pull mode” and examples are detailed in Figures 4 and 5.
  • this triggering event can correspond to the reception, from the DPAj profile management device 205a, 205b, 205c which sends the data, that the profile must be updated as quickly as possible or upon receipt of the data from the profile management device DPAj 205a, 205b, 205c.
  • the trigger events correspond to predefined times (for example periodically) at which the updating of a profile must be carried out (for example, every week, or at each restart of the host terminal, etc. ).
  • Figure 4 represents steps of a method of managing a service profile according to a particular embodiment of the invention.
  • This embodiment corresponds to a “pull” mode, in which the communication agent 203 of the host terminal 201 is configured to send interrogation requests to the centralized profile management device 206 (possibly via the remote terminal management platform 204) to retrieve profile data in return in order to update a profile of the secure element 202 of the host terminal 201. Furthermore, in the embodiment of Figure 4, it is assumed that the host terminal is managed by a remote terminal management platform 204.
  • a profile management device DPAj 205a, 205b, 205c sends (“pushes”) profile data to the centralized profile management device 206 (denoted TS in Figure 4).
  • this profile data can be signed.
  • the signature of the profile data can be verified (step 402), and stored in the memory of the centralized profile management device 206 only if the verification is successful.
  • the profile data is stored in association with the corresponding service, and in association with version data (profile version number associated with the profile data received or date of receipt of the profile data for example).
  • the profile data can optionally be signed a second time using the private key K ⁇ s.priv of the centralized profile management device 206 (step 403).
  • the signed/double-signed profile data is then encapsulated in a packet (step 404), which is stored in the centralized profile management device 206.
  • the packet may further include data of service identification and/or an identifier of the secure element for which it is intended.
  • the centralized profile management device 206 sends a notification to the DPAj profile management device 205a, 205b, 205c to inform it of the result of the processing carried out (steps 402 to 403) on the profile data previously received. In a way, it acknowledges the reception and storage of the profile data received.
  • Steps 401 to 405 may be repeated for a plurality of profile data received from different DPAj profile management devices 205a, 205b, 205c and for different services.
  • the centralized profile management device 206 can have in memory a plurality of packets intended for the same secure element 202, among which at least two packets are associated with the same service and come from two different DPAj profile management devices 205a, 205b, 205c.
  • the communication agent 203 of the host terminal 201 sends an interrogation request to the remote management platform of the terminal 204 (denoted DMP in Figure 4), which is transmitted in step 407 to the centralized profile management device 206.
  • the interrogation request may, depending on the embodiments, include an identifier of the secure element and/or an identifier of the service for which it is asked if an update is available.
  • Polling requests can be, for example, sent periodically (for example every week) or following the action of a user of the host terminal 201.
  • the interrogation request can be signed using a private key K S E, P riv of the secure element, the private key KsE.priv being part of a pair of asymmetric keys (K S E, P riv, KsE, P ub) composed of a private key KsE, P riv and a public key KsE, P ub associated with the secure element 202.
  • the public key KsE, P ub of the secure element 202 can be shared with the centralized profile management device 206.
  • the centralized profile management device 206 can verify the signature of the request at the step 408 with the public key K S E, P ub of the secure element 202.
  • the centralized profile management device 206 sends to the remote terminal management platform 204 the most recent profile data among the profile data stored on the centralized profile management device 206 and associated with the service concerned (step 409).
  • the service concerned can be determined, for example, from a service identifier included in the interrogation request.
  • the interrogation request does not include a service identifier and in step 409, the centralized profile management device 206 sends, for each service for which it stores profile data, the most recent profile data. recent associated with this service.
  • the centralized profile management device 206 sends a plurality of profile data, each being the most recent profile data for a given service.
  • step 410 the profile data(s) are sent from the remote management platform of the terminal 204 to the communication agent 203 of the terminal 201, to then be transmitted to the secure element 202.
  • the secure element can then update the profile(s) corresponding to the profile data(s) received, provided that the signature(s) associated with the profile data(s) received are valid.
  • Figure 5 represents an alternative embodiment to the embodiment presented in Figure 4.
  • the host terminal is not managed by a remote terminal management platform 204, and the communication agent 203 communicates directly with the centralized profile management device 206.
  • Steps 401 to 405 and 408 are the same as in Figure 4.
  • Steps 506 and 509 correspond respectively to steps 406-407 on the one hand, and 409-410 on the other hand of Figure 4.
  • the interrogation request is sent directly from the communication agent 203 of the host terminal 201 (denoted TERM in Figure 5) to the centralized profile management device 206 (denoted TS in Figure 5), and in step 509, the profile data(s) are sent directly from the centralized profile management device 206 to the communication agent 203 of the host terminal 201.
  • the profile data(s) received by the communication agent 203 are then transmitted to the secure element 202.
  • the secure element can then update the or the profiles corresponding to the profile data(s) received, provided that the signature(s) associated with the profile data(s) received are valid.
  • Figure 6 represents an example of a centralized profile management device for executing a transaction according to one or more embodiments of the invention.
  • the device 600 comprises a memory 605 (denoted MEM in Figure 6) to store instructions allowing the implementation of the method, the profile data received, and temporary data to carry out the different steps of the method as described previously.
  • the device further comprises a circuit 604 (denoted PROC in Figure 6).
  • This circuit can be, for example:
  • processor capable of interpreting instructions in the form of a computer program
  • a programmable electronic chip such as an FPGA chip (for “Field-Programmable Gate Array” in English), like a SOC (for “System On Chip” in English) or like an ASIC (for “Application Specific Integrated Circuit” in English) .
  • FPGA chip for “Field-Programmable Gate Array” in English
  • SOC for “System On Chip” in English
  • ASIC for “Application Specific Integrated Circuit” in English
  • SOCs or system on a chip are embedded systems that integrate all the components of an electronic system into a single chip.
  • An ASIC is a specialized electronic circuit that brings together tailor-made functionalities for a given application. ASICs are generally configured during manufacture and can only be simulated by the user.
  • FPGA Field-Programmable Gate Array
  • type programmable logic circuits are electronic circuits that can be reconfigured by the user.
  • the device 600 comprises at least one input interface 603 (denoted INP in Figure 6) for receiving profile data from a profile management device DPAj 205a, 205b, 205c, and an output interface 606 (denoted OUT in Figure 6) for providing profile data to the terminal management platform 204 or to the agent communication 203 of the terminal 201.
  • the centralized device can include, to allow easy interaction with a user, a screen 601 and a keyboard 602.
  • the keyboard is optional, in particular in the context of a centralized device having the shape of a touchscreen tablet, for example.
  • the device 600 may be a computer, a computer network, an electronic component, or another device comprising a processor operationally coupled to a memory, as well as, depending on the chosen embodiment, a data storage unit, and other associated hardware elements such as a network interface and a media drive for reading from and writing to removable storage media (not shown in the figure).
  • the removable storage medium may be, for example, a compact disc (CD), a video/digital versatile disc (DVD), a flash disk, a USB key, etc.
  • the memory, data storage unit, or removable storage medium contains instructions that, when executed by control circuit 604, cause control circuit 604 to perform or control the input interface 603, output interface 606, data storage in memory 605 and/or data processing portions of the implementation examples of the proposed method described herein.
  • the control circuit 604 may be a component implementing the control of the units 603, 605 and 606 of the device 600.
  • the device 600 can be implemented in software form, in which case it takes the form of a program executable by a processor, or in hardware form (or “hardware"), such as an application specific integrated circuit (ASIC). , a system on chip (SOC), or in the form of a combination of hardware and software elements, such as for example a software program intended to be loaded and executed on an electronic component described above (e.g. FPGA, processor) .
  • the device 600 can also use hybrid architectures, such as for example architectures based on a CPU+FPGA, a GPU (Graphics Processing Unit) or an MPPA (Multi-Purpose Processor Array).
  • Figure 3 is a typical example of a program of which certain instructions can be carried out with the centralized profile management device described.
  • Figure 3 can correspond to the flowchart of the general algorithm of a computer program within the meaning of the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
PCT/EP2023/062659 2022-05-23 2023-05-11 Procédé de gestion de profils de service d'un élément sécurisé Ceased WO2023227386A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
KR1020247039006A KR20250010616A (ko) 2022-05-23 2023-05-11 보안 요소의 서비스 프로파일들을 관리하기 위한 방법
EP23724857.0A EP4529734A1 (fr) 2022-05-23 2023-05-11 Procédé de gestion de profils de service d'un élément sécurisé
JP2024568984A JP2025519087A (ja) 2022-05-23 2023-05-11 セキュアエレメントのサービスプロファイルを管理する方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FRFR2204935 2022-05-23
FR2204935A FR3135805A1 (fr) 2022-05-23 2022-05-23 Procédé de gestion de profils de service d’un élément sécurisé

Publications (1)

Publication Number Publication Date
WO2023227386A1 true WO2023227386A1 (fr) 2023-11-30

Family

ID=83594316

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2023/062659 Ceased WO2023227386A1 (fr) 2022-05-23 2023-05-11 Procédé de gestion de profils de service d'un élément sécurisé

Country Status (5)

Country Link
EP (1) EP4529734A1 (https=)
JP (1) JP2025519087A (https=)
KR (1) KR20250010616A (https=)
FR (1) FR3135805A1 (https=)
WO (1) WO2023227386A1 (https=)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9020479B1 (en) * 2010-02-18 2015-04-28 Amazon Technologies, Inc. Single version of a user device modem for use with different wireless carriers
US20180070224A1 (en) * 2015-03-25 2018-03-08 Samsung Electronics Co., Ltd Method and apparatus for downloading profile in wireless communication system
US20200396593A1 (en) * 2017-08-30 2020-12-17 Telefonaktiebolaget Lm Ericsson (Publ) SIM Provisioning
FR3111042A1 (fr) 2020-05-28 2021-12-03 Idemia France Procédé et dispositifs de gestion de profils de communication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR104E (https=)

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9020479B1 (en) * 2010-02-18 2015-04-28 Amazon Technologies, Inc. Single version of a user device modem for use with different wireless carriers
US20180070224A1 (en) * 2015-03-25 2018-03-08 Samsung Electronics Co., Ltd Method and apparatus for downloading profile in wireless communication system
US20200396593A1 (en) * 2017-08-30 2020-12-17 Telefonaktiebolaget Lm Ericsson (Publ) SIM Provisioning
FR3111042A1 (fr) 2020-05-28 2021-12-03 Idemia France Procédé et dispositifs de gestion de profils de communication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Remote Provisioning Architecture for Embedded UICC - Technical Spécification - Version 3.2", STANDARD GSMA SGP.02 V3.2, 27 June 2017 (2017-06-27)
"RSP Technical Spécification - Version 2.0", STANDARD GSMA SGP.22 V2.0, 14 October 2016 (2016-10-14)

Also Published As

Publication number Publication date
JP2025519087A (ja) 2025-06-24
KR20250010616A (ko) 2025-01-21
EP4529734A1 (fr) 2025-04-02
FR3135805A1 (fr) 2023-11-24

Similar Documents

Publication Publication Date Title
EP2741466B1 (fr) Procédé et système de gestion d'un élément sécurisé intégré ese
EP3241137B1 (fr) Procede mis en oeuvre dans un document d'identite et document d'identite associe
FR3053203A1 (fr) Technique de telechargement d'un profil d'acces a un reseau
WO2015121418A2 (fr) Procédé de déploiement d'un ensemble d'application(s) logicielle(s)
FR3025377A1 (fr) Gestion de tickets electroniques
FR3032847A1 (fr) Technique de connexion a un service
EP3519958B1 (fr) Procédé d'audit d'une ressource virtualisée déployée dans un réseau informatique en nuage
EP3456025B1 (fr) Technique d'authentification d'un dispositif utilisateur
EP3667530B1 (fr) Accès sécurise à des données chiffrées d'un terminal utilisateur
CN114500119B (zh) 区块链服务的调用方法和装置
EP4529734A1 (fr) Procédé de gestion de profils de service d'un élément sécurisé
WO2021123629A1 (fr) Technique d'administration d'un profil d'acces a un reseau de communication
EP4078922B1 (fr) Procédé d'obtention d'une commande relative à un profil d'accès réseau d'un module de sécurité de type euicc
WO2015092307A1 (fr) Procédé de test et de mise à jour du système d'un terminal par un module d'identité de souscripteur et dispositifs associés
EP3278542B1 (fr) Système et procédé d'exécution d'une application dans un terminal muni d'une carte a puce
EP4049409A1 (fr) Technique de communication entre une application mettant en oeuvre un service et un serveur
EP1413158B1 (fr) Procede d'acces a un service specifique propose par un operateur virtuel et carte a puce d'un dispositif correspondant
FR3065140A1 (fr) Procede d'obtention d'une commande relative a un profil d'acces a un reseau
WO2020259980A1 (fr) Procedes et dispositifs de securisation d'un reseau de peripherie a acces multiple
EP3912065B1 (fr) Autorisation du chargement d'une application dans un élément de sécurité
FR3018021A1 (fr) Procede et systeme de securisation de transactions offertes par une pluralite de services entre un appareil mobile d'un utilisateur et un point d'acceptation
FR3134493A1 (fr) Procédé d’activation d’un profil utilisateur dans un équipement terminal, dispositif, système et programme d’ordinateur correspondant
FR3128089A1 (fr) Procédé et dispositif de sélection d’une station de base
FR3096479A1 (fr) Procédé de vérification qu’un utilisateur d’un site web est un être humain, et plateforme de vérification associée
FR3026528A1 (fr) Procede de protection d'un terminal mobile contre des attaques

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23724857

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024568984

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 18867922

Country of ref document: US

ENP Entry into the national phase

Ref document number: 20247039006

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2023724857

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2023724857

Country of ref document: EP

Effective date: 20241223

WWP Wipo information: published in national office

Ref document number: 2023724857

Country of ref document: EP