WO2024101925A1 - Procédé et appareil de génération de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil - Google Patents

Procédé et appareil de génération de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil Download PDF

Info

Publication number
WO2024101925A1
WO2024101925A1 PCT/KR2023/017994 KR2023017994W WO2024101925A1 WO 2024101925 A1 WO2024101925 A1 WO 2024101925A1 KR 2023017994 W KR2023017994 W KR 2023017994W WO 2024101925 A1 WO2024101925 A1 WO 2024101925A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
profile
factory
server
information
Prior art date
Application number
PCT/KR2023/017994
Other languages
English (en)
Korean (ko)
Inventor
강수정
윤강진
이덕기
Original Assignee
삼성전자 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020230143969A external-priority patent/KR20240068539A/ko
Application filed by 삼성전자 주식회사 filed Critical 삼성전자 주식회사
Publication of WO2024101925A1 publication Critical patent/WO2024101925A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/22Processing or transfer of terminal data, e.g. status or physical capabilities
    • H04W8/24Transfer of terminal data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/02Terminal devices

Definitions

  • This disclosure relates to a method and device for provisioning a profile in a wireless communication system. Specifically, the present disclosure relates to a method and device for provisioning a plurality of profiles to the eUICC of a terminal in a wireless communication system. .
  • 5G mobile communication technology defines a wide frequency band to enable fast transmission speeds and new services, and includes sub-6 GHz ('Sub 6GHz') bands such as 3.5 gigahertz (3.5 GHz) as well as millimeter wave (mm) bands such as 28 GHz and 39 GHz. It is also possible to implement it in the ultra-high frequency band ('Above 6GHz') called Wave.
  • 'Sub 6GHz' sub-6 GHz
  • mm millimeter wave
  • Wave ultra-high frequency band
  • Terra is working to achieve a transmission speed that is 50 times faster than 5G mobile communication technology and an ultra-low delay time that is reduced to one-tenth. Implementation in Terahertz bands (e.g., 95 GHz to 3 THz) is being considered.
  • ultra-broadband services enhanced mobile broadband, eMBB
  • ultra-reliable low-latency communications URLLC
  • massive machine-type communications mMTC
  • numerology support multiple subcarrier interval operation, etc.
  • dynamic operation of slot format initial access technology to support multi-beam transmission and broadband
  • definition and operation of BWP bandwidth-width part
  • New channel coding methods such as LDPC (low density parity check) codes for data transmission and polar codes for highly reliable transmission of control information, L2 pre-processing, and dedicated services specialized for specific services.
  • V2X vehicle-to-everything
  • NR-U new radio unlicensed
  • UE power saving NR terminal low power consumption technology
  • NTN non-terrestrial network
  • IAB IAB
  • IAB provides a node for expanding the network service area by integrating intelligent factories (industrial internet of things, IIoT) to support new services through linkage and convergence with other industries, and wireless backhaul links and access links.
  • intelligent factories industrial internet of things, IIoT
  • wireless backhaul links and access links integrated access and backhaul
  • mobility enhancement including conditional handover and DAPS (dual active protocol stack) handover
  • 2-step RACH for streamlining random access procedures.
  • Standardization in the field of wireless interface architecture/protocol for technologies such as NR is also in progress, and 5G baseline for incorporating network functions virtualization (NFV) and software-defined networking (SDN) technology Standardization in the field of system architecture/services for architecture (e.g., service based architecture, service based interface) and mobile edge computing (MEC), which provides services based on the location of the terminal, is also in progress.
  • NFV network functions virtualization
  • SDN software-defined networking
  • 5G mobile communication systems includes new waveforms, full dimensional MIMO (FD-MIMO), and array antennas to ensure coverage in the terahertz band of 6G mobile communication technology.
  • multi-antenna transmission technology such as large scale antenna, metamaterial-based lens and antenna to improve coverage of terahertz band signals, high-dimensional spatial multiplexing technology using oam (orbital angular momentum), ris(
  • oam orbital angular momentum
  • ris In addition to reconfigurable intelligent surface technology, full duplex technology, satellite, and AI (artificial intelligence) to improve the frequency efficiency of 6G mobile communication technology and improve system networks are utilized from the design stage and end-to-end.
  • the disclosed embodiment seeks to provide an apparatus and method that can effectively provide services in a wireless communication system.
  • the method in a method performed by a base station in a wireless communication system, includes a BPP (Bound Profile Package) for installation of a profile from a factory and the BPP Receiving a first message containing first encryption key information related to, installing a profile based on the first message through the eUICC, and including a result of installing the profile to the factory It may include transmitting a second message.
  • BPP Band Profile Package
  • the disclosed embodiment provides an apparatus and method that can effectively provide services in a mobile communication system.
  • Figure 1 is a diagram showing the relationship between components for provisioning a profile according to an embodiment of the present disclosure.
  • FIG. 2 is a diagram illustrating a method in which eUICC generates a pair of one-time encryption keys to be used next when a profile is successfully installed according to an embodiment of the present disclosure and sends a reply including a one-time public key.
  • FIG. 3 is a diagram illustrating a usage method in which the eUICC generates and returns a one-time encryption key pair to be used next upon successful profile installation according to an embodiment of the present disclosure.
  • FIG. 4 is a diagram illustrating a method in which the eUICC generates a one-time encryption key pair to be used next when deleting a profile according to an embodiment of the present disclosure and sends a reply including the one-time public key.
  • FIG. 5 is a diagram illustrating a method of generating key material to be used by eUICC and returning it to factory IT according to an embodiment of the present disclosure.
  • Figure 6 is a diagram for explaining the operation of preparing a large number of profiles for IFPP according to an embodiment of the present disclosure.
  • Figure 7 is a block diagram showing the structures of a profile server, factory IT, and terminal in a wireless communication system according to an embodiment of the present disclosure.
  • Figure 8 is a diagram for explaining the operation of transmitting a message requesting the creation of key material between the terminal and the eUICC.
  • Figure 9 is a block diagram showing the structure of a terminal according to an embodiment of the present disclosure.
  • Figure 10 is a block diagram showing the structure of factory IT according to an embodiment of the present disclosure.
  • Figure 11 is a block diagram showing the structure of a profile server according to an embodiment of the present disclosure.
  • Figure 12 is a diagram for explaining the operation of the eUICC and profile server according to an embodiment of the present disclosure.
  • each block of the processing flow diagram diagrams and combinations of the flow diagram diagrams can be performed by computer program instructions.
  • These computer program instructions can be mounted on a processor of a general-purpose computer, special-purpose computer, or other programmable data processing equipment, so that the instructions performed through the processor of the computer or other programmable data processing equipment are described in the flow chart block(s). It creates the means to perform functions.
  • These computer program instructions may also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular manner, so that the computer-usable or computer-readable memory
  • the instructions stored in may also produce manufactured items containing instruction means that perform the functions described in the flow diagram block(s).
  • Computer program instructions can also be mounted on a computer or other programmable data processing equipment, so that a series of operational steps are performed on the computer or other programmable data processing equipment to create a process that is executed by the computer, thereby generating a process that is executed by the computer or other programmable data processing equipment. Instructions that perform processing equipment may also provide steps for executing the functions described in the flow diagram block(s).
  • each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s).
  • each block may represent a module, segment, or portion of code that includes one or more executable instructions for executing specified logical function(s).
  • the term ' ⁇ unit' used in this embodiment refers to software or hardware components such as FPGA (field programmable gate array) or ASIC (application specific integrated circuit), and ' ⁇ unit' refers to what roles. Perform.
  • ' ⁇ part' is not limited to software or hardware.
  • the ' ⁇ part' may be configured to reside in an addressable storage medium and may be configured to reproduce on one or more processors. Therefore, as an example, ' ⁇ part' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuitry, data, databases, data structures, tables, arrays, and variables.
  • components and 'parts' may be combined into a smaller number of components and 'parts' or may be further separated into additional components and 'parts'. Additionally, components and 'parts' may be implemented to regenerate one or more CPUs within a device or a secure multimedia card.
  • the base station is the entity that performs resource allocation for the terminal, and may be at least one of Node B, base station (BS), eNode B (eNB), gNode B (gNB), wireless access unit, base station controller, or node on the network.
  • a terminal may include a user equipment (UE), a mobile station (MS), a cellular phone, a smartphone, a computer, or a multimedia system capable of performing communication functions.
  • UE user equipment
  • MS mobile station
  • a cellular phone a smartphone
  • a computer or a multimedia system capable of performing communication functions.
  • the embodiments of the present disclosure can be applied to other communication systems having a similar technical background or channel type as the embodiments of the present disclosure described below. Additionally, the embodiments of the present disclosure may be applied to other communication systems through some modifications without significantly departing from the scope of the present disclosure at the discretion of a person with skilled technical knowledge.
  • this may include the 5th generation mobile communication technology (5G, new radio, NR) developed after LTE-A, and the term 5G hereinafter may also include the existing LTE, LTE-A, and other similar services.
  • 5G new radio
  • this disclosure may be applied to other communication systems through some modifications without significantly departing from the scope of the present disclosure at the discretion of a person with skilled technical knowledge.
  • 3GPP 3rd generation partnership project
  • LTE long term evolution
  • NR 3GPP new radio
  • a universal integrated circuit card is a smart card used by inserting into a terminal, for example, a mobile communication terminal, and is also called a UICC card.
  • the UICC may include an access control module for accessing the mobile communication provider's network. Examples of such access control modules include universal subscriber identity module (USIM), subscriber identity module (SIM), and internet protocol (IP) multimedia service identity module (ISIM). Includes etc.
  • the present disclosure seeks to provide a method and device for installing profiles on the eUICC of a terminal in a factory environment of a manufacturer's terminal, in a wireless communication system.
  • the present disclosure can provide a method and device that can effectively install profiles on one eUICC one or more times in a wireless communication system in a terminal manufacturer factory environment.
  • a UICC that includes USIM is usually called a USIM card.
  • a UICC containing a SIM module is commonly called a SIM card.
  • SIM card may be used in a general sense including a UICC card, USIM card, UICC including ISIM, etc. Of course, even if it is a SIM card, its technical application can be equally applied to a USIM card, ISIM card, or general UICC card.
  • a SIM card stores the personal information of a mobile communication subscriber and can enable safe use of mobile communication by performing subscriber authentication and generating a traffic security key when accessing a mobile communication network.
  • SIM cards are generally manufactured as a dedicated card for a mobile communication operator at the request of a specific mobile communication operator when manufacturing the SIM card, and include authentication information for accessing the operator's network, for example, USIM (universal subscriber identity module)
  • the application, IMSI (international mobile subscriber identity), K value, OPc value, etc. are pre-installed on the card before shipping. Therefore, the manufactured SIM card is delivered by the mobile communication service provider and provided to the subscriber, and when necessary, management such as installation, modification, and deletion of applications within the UICC can be performed using technologies such as OTA (over the air). .
  • Subscribers can use the network and application services of mobile communication operators by inserting a UICC card into their mobile communication terminal. Also, when replacing a mobile communication terminal, the subscriber can move and insert the UICC card from the existing mobile communication terminal to a new mobile communication terminal and use the authentication information, mobile communication phone number, personal phone book, etc. stored in the UICC card as is in the new mobile communication terminal. do.
  • SIM cards may cause inconvenience to mobile communication terminal users in receiving services from other mobile communication companies.
  • Mobile communication terminal users may have the inconvenience of having to physically obtain a SIM card to receive services from a mobile communication service provider.
  • a mobile communication service provider For example, when traveling to another country, there may be the inconvenience of having to obtain a local SIM card to receive local mobile communication services.
  • Roaming services solve some of the inconvenience, but there may be issues such as high fees and inability to receive service if there is no contract between telecommunication companies.
  • the user can download the SIM module of the mobile communication service he or she wants to use to the UICC card at any time.
  • This UICC card can also download and install a plurality of SIM modules and select and use only at least one SIM module among them.
  • These UICC cards may or may not be fixed to the terminal.
  • a UICC that is fixed and used in a terminal is usually referred to as an eUICC, but in this disclosure, a UICC card that can remotely download and select a SIM module can be collectively referred to as an eUICC.
  • the UICC cards that can be selected by downloading the SIM module remotely can be collectively used as eUICC.
  • the downloaded SIM module information can be collectively referred to as a profile.
  • profiles include the Provisioning Profile, which is a profile with limited uses such as Connectivity for initial setup (e.g. only allows access to the profile server), and the Operational Profile, which is a profile with no such use restrictions, for testing purposes. It may be further divided according to use, such as a limited test profile. Provisioning Profile may also be used as a bootstrap profile.
  • remote profile provisioning standards which are eSIM standardization standards defined by GSMA, include SGP.21/22, a remote SIM provisioning standard for consumer devices, SGP.31/32, a remote SIM provisioning standard for IoT devices, and M2M devices.
  • SGP.01/02 a remote SIM provisioning standard
  • the terminal is connected to the profile download server over a network in real time, and multiple messages are exchanged between the terminal and the profile server, and common mutual authentication is performed during this process. It may be defined as the process of downloading the profile after going through it.
  • the terminal cannot assume that the network is always connected to the profile download server at the time of downloading the profile. Therefore, to solve this problem, the provisioning profile, a profile with limited use, was introduced in SGP.21/22 to provide connectivity only for initial setup to the terminal. Accordingly, terminal manufacturers may ship eUICCs equipped with a provisioning profile. In addition, based on a contract with a service provider, it may be possible for a manufacturer to ship the eUICC preloaded with the operational profile of a communication service provider that does not have the above usage restrictions.
  • the function for provisioning a profile at the factory is referred to as the in factory profile provisioning (IFPP) function, and when entering a state supporting the IFPP function, it may be indicated as entering IFPP mode or entering the IFPP state.
  • IFPP in factory profile provisioning
  • a terminal, LPA, eUICC, profile server, factory IT, SP (service provider) server, and EUM (eUICC manufacturer) server may be entities that further support the IFPP mode, or may support only the IFPP function. It can be an entity.
  • SM-DP+ one of the profile servers, supports the consumer-oriented remote SIM provisioning function defined in SGP.21/22, but may be a server that additionally supports some of the IFPP functions defined in SGP.41/42. there is.
  • SM-DP+ a profile server, may be a profile server that supports only the IFPP function.
  • a profile server operating in the IFPP state may be interchangeably referred to in the present invention as, for example, profile server f.
  • a universal integrated circuit card is a smart card used by inserting into a mobile communication terminal, and stores personal information such as mobile communication subscriber's network access authentication information, phone book, and SMS, and can be used for GSM, WCDMA, LTE, 5G, etc. It may refer to a chip that enables safe use of mobile communication by performing subscriber authentication and generating a traffic security key when accessing the same mobile communication system.
  • UICC can be equipped with communication applications such as SIM (subscriber identification module), USIM (universal SIM), and ISIM (IP multimedia SIM), depending on the type of mobile communication network the subscriber connects to. It can also be equipped with electronic wallet, ticketing, and electronic passport. It can provide high-level security functions for mounting various applications such as.
  • the embedded UICC is not limited to a security module built into the terminal and may include a removable security module that can be inserted and removed from the terminal.
  • eUICC can download and install profiles in real time or non-real time through a wired or wireless network.
  • eUICC can be named UICC that allows profile download and installation.
  • the SM-DP server that created the profile is a device that injects the profile into the eUICC through wired or wireless at the factory IT/OEM (original equipment manufacturer). It can be configured separately.
  • the method of downloading and installing a profile on an eUICC can also be applied to a removable UICC that can be inserted and removed from a terminal, as described above.
  • an embodiment of the present disclosure can be applied to a removable UICC that can be installed by downloading a profile.
  • the eUICC unique identification number (eUICC ID) may be referred to as EID.
  • UICC referred to in this disclosure may be used interchangeably with SIM, and the term eUICC may be used interchangeably with eSIM.
  • a profile may mean packaging an application, file system, authentication key value, etc. stored in the UICC in software form. Additionally, the profile can be named as access information. Additionally, in the present disclosure, USIM profile may have the same meaning as profile or may mean packaging the information included in the USIM application within the profile in software form.
  • a profile package (Profile package) or an encrypted profile package (bound Profile package (BPP)) may be used interchangeably with a profile or as a term representing a data object of a specific profile, and may be used as a term to represent a data object of a specific profile, and a profile TLV or profile package TLV ( Profile package TLV).
  • the profile identifier may be referred to as an integrated circuit card identifier (ICCID), which represents a unique identification number of the profile.
  • ICCID integrated circuit card identifier
  • the profile package is encrypted using encryption parameters, it may be named protected profile package (PPP) or protected profile package TLV (PPP TLV).
  • PPP protected profile package
  • PPP TLV protected profile package TLV
  • the profile package is encrypted using encryption parameters that can only be decrypted by a specific eUICC, it may be named a bound profile package (BPP) or a bound profile package TLV (BPP TLV).
  • a profile package TLV may be a data set that expresses information constituting a profile in a TLV (tag, length, value) format.
  • the profile server provides the function of creating a profile, encrypting the created profile, storing the created profile, generating a profile remote management command, encrypting the created profile remote management command, or using IFPP mode. It is a server that can provide or include a function to support multiple profile activation of terminals, such as SM-DP (subscription manager data preparation), SM-DP+ (subscription manager data preparation plus), and SM-SR (subscription manager secure routing). can be expressed.
  • SM-DP subscription manager data preparation
  • SM-DP+ subscription manager data preparation plus
  • SM-SR subscription manager secure routing
  • terminal' or 'device' used in this disclosure refers to mobile station (MS), user equipment (UE), mobile equipment (ME), user terminal (UT), wireless Terminal, access terminal (AT), terminal, subscriber unit, subscriber station (SS), wireless device, wireless communication device, wireless transmit/receive unit (WTRU), It may be referred to as a mobile node, mobile or other terms.
  • Various embodiments of the terminal include a cellular phone, a smart phone with a wireless communication function, a personal digital assistant (PDA) with a wireless communication function, a wireless modem, a portable computer with a wireless communication function, and a digital camera with a wireless communication function.
  • PDA personal digital assistant
  • the terminal may include devices, gaming devices with wireless communication functions, music storage and playback home appliances with wireless communication functions, Internet home appliances capable of wireless Internet access and browsing, as well as portable units or terminals that integrate combinations of such functions.
  • the terminal may include a machine to machine (M2M) terminal, a machine type communication (MTC) terminal/device, and an IoT terminal/device depending on the performance characteristics it supports.
  • M2M machine to machine
  • MTC machine type communication
  • IoT terminal/device depending on the performance characteristics it supports.
  • a terminal may be referred to as an electronic device or simply a device.
  • the terminal 120 that provides the function of installing a profile with an eUICC may also be called an eSIM terminal.
  • EUM is an eUICC manufacturer, meaning a manufacturer that produces eUICC and personalizes and provides eUICC.
  • Information transmitted by EUM can be transmitted on and offline through the EUM server or channels between separate components.
  • EUM may mean an EUM server or a role performed by EUM.
  • the terminal or device may include software or applications installed within the terminal or device to control the UICC or eUICC.
  • the software or application may be, for example, a local profile assistant (LPA), SIM manager, or IoT Profile assistant (IPA).
  • LPA local profile assistant
  • IPA IoT Profile assistant
  • Software or functions may be provided in an integrated manner.
  • LPA and IPA could be provided as one integrated app.
  • software or applications installed in a terminal or device to control a UICC or eUICC may be collectively referred to as LPA.
  • an application protocol data unit may be a message format or message exchanged between a terminal or a controller within a device and the eUICC.
  • APDU is a pair of command and response, and APDU command and APDU response may be defined in ETSI 102.221 with reference to ISO 7816.
  • the APDU command consists of CLA (class of instruction), INS (Instruction), P1 (instruction parameter 1), P2 (instruction parameter 2) as the APDU header, and Lc (number of bytes in the command) as the body.
  • the application message transmitted from the LPA or terminal may be transmitted to the eUICC in the form of an APDU, and at this time, the transmitted information may be transmitted as included in the data of the APDU.
  • AKA may represent authentication and key agreement, and may represent an authentication algorithm for accessing 3GPP and 3GPP2 networks.
  • K is an encryption key value stored in the eUICC used in the AKA authentication algorithm, and in the present disclosure, OPc may be a parameter value that can be stored in the eUICC used in the AKA authentication algorithm.
  • NAA is a network access application, and may be an application such as USIM or ISIM that is stored in the UICC and is used to access the network.
  • NAA may be a network access module.
  • end user user, subscriber, service subscriber, and user may be used interchangeably to refer to a terminal user.
  • factory IT is a device responsible for provisioning specific data or settings to the terminal in the manufacturing process and may refer to a module that includes a function to download a profile to the terminal and obtains profiles from the profile server. It may also include additional functions for saving.
  • Factory IT may be used interchangeably with factory IT equipment, factory IT server, factory provisioning equipment, factory server, and OEM, and although expressed as a server hereinafter, factory IT in the present invention includes one or more modules, for example, a server that stores data, and It may also be possible to consist of a terminal that serves to inject settings or data into the eSIM terminal.
  • OEM may be used interchangeably with terminal manufacturer and manufacturer.
  • various devices may be connected wired or wirelessly only within the manufacturer and may not allow external networks.
  • data storage servers used for the manufacturing process or communication devices that inject profiles into terminals may be connected only to the internal network without providing network connections outside the manufacturer.
  • the profile storage server inside the manufacturer may be the same device as the server that returns the profile installation results to the outside, or it may be a different device.
  • factory IT/OEM can be described as one or more devices that install a profile at a manufacturer's factory to a terminal and return the installation results.
  • service provider may be used interchangeably as a communication service provider, MNO, mobile network operator, operator, telecommunication company, and SP server.
  • the service provider may be the server of the service provider or the role performed by the service provider. It can mean.
  • the server vendor refers to a vendor that operates a profile server and may refer to a role performed by the profile server vendor.
  • the encryption key is used to encompass all encryption and decryption keys.
  • it may include a private key used to encrypt data or a public key to decrypt it, and the public key may be shared in the form of a certificate.
  • otSK.EUICC.KA to otPK.EUICC.KA represents eUICC's one time secret key (otSK) and eUICC's one time public key (otPK) defined in SGP.22, and KA may mean key agreement. there is.
  • a one-time encryption key pair or a one-time eUICC encryption key pair may mean otSK.EUICC.KA and otPK.EUICC.KA.
  • the secret key is used interchangeably as a secret key or private key
  • the public key is used interchangeably as a public key.
  • the key material is eUICC information that necessarily includes otPK.EUICC.KA and further includes capability information such as an eUICC certificate chain or eUICC info, which represents encryption key data information for one-time profile installation in a specific eUICC. You can.
  • otPK.EUICC.KA can be transmitted as the signed data of eUICC.
  • the profile server that creates a profile using this may need to verify the signed data by checking whether it has the same root of trust certificate.
  • key material may be used interchangeably with key information and encryption key information.
  • the goal is to provide a method and device to support shipping by changing and re-injecting the installed profile due to a change in business order, etc.
  • eUICC one-time encryption key otPK.EUICC.KA
  • profile change and re-injection cannot be supported because eUICC discards it after installing the profile.
  • the present disclosure requires rapid profile injection into a large number of terminals, so it is necessary to perform a process of sending and receiving messages in multiple round trips, including real-time network connection and mutual authentication procedures between the profile server and individual terminals. Since this is difficult, the goal is to overcome this problem and provide a method and device that can quickly download and install profiles on a large number of terminals.
  • a method may be needed to provision profile(s) from factory IT equipment to the terminal without considering real-time connection between the profile server and the terminal, especially the "non-real-time" between the profile server (e.g. SM-DP+) and eUICC.
  • a method of transmitting, verifying, and installing the profile encryption key may be needed that takes this into account.
  • a method that takes into account the environment of provisioning profiles in large quantities at the factory is needed, and in particular, a method and device that provides for transmitting information of a large amount of profile(s) between entities in the process of ordering and preparing profiles is needed. You can.
  • a terminal manufacturer can pre-install and ship a large number of profiles on an eSIM terminal without a real-time connection to a profile server.
  • terminal manufacturers can efficiently manage inventory by supporting shipments by reinjecting changes to installed profiles due to returns or changes in business orders.
  • the user can directly access the network by purchasing a terminal with the profile already installed, thereby eliminating the inconvenience of the user having to visit a Wi-Fi or mobile communication network to download the profile. Convenience can be increased.
  • a communication service provider can provide a terminal to a user with a provisioning profile for downloading the company's profile or an operational profile for immediately using the company's network service installed, thereby conveniently using eSIM for the user. Sex can be reconsidered.
  • Figure 1 is a diagram showing the relationship between components for provisioning a profile according to an embodiment of the present disclosure.
  • a profile server/server vendor (hereinafter referred to as a profile server or server vendor) 100 may support the function of creating a profile.
  • the profile server/server vendor 100 may support the function of storing the created profile.
  • the profile server/server vendor 100 may provide a function to encrypt the created profile.
  • the profile server/server vendor 100 may include a function to generate a remote profile management command (RPM, remote profile management) or to encrypt the generated remote profile management command.
  • the profile server/server vendor 100 supports the function of transmitting the created profile to an eSIM terminal or another profile storage server, creates a profile for IFPP, stores a profile created for IFPP, or stores a profile created for IFPP. It can support the function of encrypting profiles.
  • RPM may collectively refer to a series of procedures in which profile installation, activation, deactivation, deletion, and other functions are performed by commands transmitted from the profile server/server vendor 100 to the terminal 120.
  • the RPM may be requested by a communication service provider, service provider, or terminal owner, and a command may be generated by the profile server/server vendor 100.
  • the profile server/server vendor 100 receives a profile order request from the SP (service provider)/SP server (hereinafter referred to as SP or SP server) 150 and determines whether the request is for profile creation for IFPP. It can be determined.
  • the profile server/server vendor 100 orders the profile order information received from the factory IT server/OEM (hereinafter, may be referred to as factory IT, factory server, or OEM) 110 to SP/SP server 150.
  • factory IT server/OEM factory IT, factory server, or OEM
  • the profile and EID may be mapped in combination with EID information and prepared in the profile server/server vendor 100.
  • the SP/SP server 150 may receive the profile order request received from the factory IT server/OEM 110 and determine whether it is an order request for providing profiles for IFPP. After determination, the SP/SP server 150 places an order to provide the profiles to the profile server/server vendor 100, thereby factory-factoring one or more bound profile packages (BPPs) from the profile server/server vendor 100. It can be provided to IT/OEM (110).
  • BPPs bound profile packages
  • the terminal 120 may include an eUICC 140 and a communication modem (not shown).
  • the communication modem may be equipped with one or more baseband processors (hereinafter referred to as baseband) for wireless communication.
  • the terminal 120 may receive the BPP(s) generated for IFPP from the factory IT/OEM 110 and provide the function of installing the BPP(s) to the eUICC 140.
  • the terminal 120 may transmit the BPP to the eUICC 140 through the LPA 130 operating as LPAf, or may transmit it to the eUICC 140 without going through the LPA 130.
  • LPA 130 operating as LPAf it is not limited to the LPA 130, and other management applications in the terminal can also perform the function of LPAf.
  • the transmitted messages may be transmitted along with the BPP, specifically, parameters included in or added to the BPP. This is described in detail in steps 275, 375, 475, 575, and 675 described in FIGS. 2 to 6 below.
  • a method for transmitting a message about the installation and encryption key information of BPP transmitted to the eUICC (140) using the LPA (130) operating as LPAf it is transmitted and included in one or more messages starting with ES10x Methods may be included.
  • APDU data such as STORE DATA.
  • the factory IT/OEM 110 may receive and store BPPs from a plurality of profile servers/server vendors 100.
  • the LPA 130 may support the IFPP function with eUICC control software or application.
  • the LPA 130 may be implemented as a logical function of the terminal 120 and the eUICC 140.
  • the LPA 130 operating as LPAf may receive additional authentication information for authenticating the profile and the profile server/server vendor 100 from the factory IT/OEM 110 and provide it to the eUICC 140.
  • the LPA (130) operating as LPAf can acquire the profile installation result from the eUICC (140) and transmit it to the factory IT/OEM (110).
  • the eUICC (140) configures the profile at the factory through one or more messages of ES10x received from the LPA (130) operating as LPAf or a profile installation message received through factory IT (110) or an application or software for factory settings of the terminal. You can determine that it is a request for installation and decide to enter IFPP mode. If the eUICC 140 does not support the IFPP function, the eUICC 140 may return an error and end IFPP processing.
  • the eUICC 140 may obtain information for authentication of the profile and the profile server/server vendor 100 from the terminal 120, decrypt the profile with the information for authentication, and process the installation.
  • the eUICC 140 may return the installation result to the component that sent the request, that is, the LPA 130 operating as a specific application of the terminal or the LPAf of the terminal.
  • the eUICC (140) verifies the profile server/server vendor 100 that encrypted the profile through signature verification of the component that signed the received message, or authenticates the profile server/server vendor 100 that transmitted the message. You can also perform .
  • the eUICC (140) contains certificates (credentials) required by the security domains of the eUICC (140), for example, the root public key of the certificate issuer (certificate) for verifying the SM-DP+ certificate, which is the profile server/server vendor (100). Issuer's root public key), ECASD (embedded UICC controlling authority security domain), which is a space for storing the eUICC manufacturer's keyset, etc., and an eSIM operating platform may be included. Additionally, some of the LPA functions may be implemented in the eUICC 140.
  • the factory IT/OEM 110 is a device responsible for provisioning profiles to terminals at the factory and may be configured to include terminals such as one or more servers or PCs.
  • the factory IT/OEM 110 obtains predetermined information about the eUICCs 140, including a one-time encryption key, from the EUM/EUM server (hereinafter may be referred to as EUM or EUM server) 160, or a profile server. /All or part of the acquired information can be transmitted to the server vendor 100, or information for mapping the EID and profile to be ordered can be transmitted to the SP/SP server 150.
  • the factory IT/OEM 110 may be a server that stores the received encryption key information and BPP.
  • the factory IT/OEM (110) requests the profile server/server vendor (100) for BPP(S) for injection at the factory, or eUICC (140) from the profile server/server vendor (100) as a result of the BPP(S) request. ), you can obtain signed data from the BPP and profile server/server vendor (100) for installation.
  • Factory IT/OEM 110 may store the received BPPs and signed data in factory IT/OEM 110.
  • the factory IT/OEM 110 may select a BPP that is mapped to the EID of the target terminal to install the profile from among the received or stored BPPs and transmit the BPP to the mapped terminal during the factory setup process.
  • Some of the information exchanged between the factory IT/OEM (110) and the profile server/server vendor (100), SP server (150), and EUM (160) is transmitted through other online and offline channels (e.g., Email transmission, etc.) may be shared between entities performing different roles (i.e., terminal manufacturer, profile server operation vendor, service provider, eUICC manufacturer).
  • factory IT/OEM refers to operations performed by the terminal manufacturer or the terminal manufacturer's factory IT, and is therefore expressed as a single entity in the drawings below, but it is represented as a single entity in multiple devices (e.g. servers or PCs, etc.). It may be noted that it may be composed of a terminal). Accordingly, for example, a device within the factory IT/OEM 110 that provides an interface for requesting or obtaining BPPs from the profile server/server vendor 100 and the terminal 120 from the factory IT/OEM 110 It may be noted that the devices of the factory IT/OEM 110 at the contact point where the profile is injected or the injected installation result is obtained may be the same or different devices.
  • EUM (eUICC manufacturer) 160 is an eUICC manufacturer and can provide personalized eUICCs 140 to the terminal manufacturer by injecting key information for credentials for eUICC authentication into the eUICC 140.
  • the EUM (eUICC manufacturer) 160 may provide the OEM/factory IT/OEM 110 with certain information about the eUICCs 140, including the one-time encryption key, from the EUM (eUICC manufacturer)/EUM server 160. there is.
  • certain information about the eUICCs 140, including the one-time encryption key is stored in the profile server/server vendor at the EUM (eUICC manufacturer)/EUM server 160 at the request of the OEM 110. It can also be sent to (100).
  • the SP (service provider) 150 is a business operator that provides network services using profiles, and the SP/SP server 150 provides profile(s) for the IFPP function to the profile server/server vendor 100. You can create and prepare profiles ordered from the profile server/server vendor 100 by placing an order.
  • order information is information exchanged between the profile server/server vendor 100, factory IT server/OEM 110, EUM/EUM server 160, and SP/SP server 150. It may also be transmitted in other forms, such as through interface linking between the entity's servers or by email.
  • FIG. 2 is a diagram illustrating a method in which eUICC generates a pair of one-time encryption keys to be used next when a profile is successfully installed according to an embodiment of the present disclosure and sends a reply including a one-time public key.
  • the terminal manufacturer can pre-load the profile into the eUICC at the factory and ship it.
  • profiles can be provisioned to one or more terminals.
  • One or more terminals may include a large number of terminals. This step may include preparing profiles and transmitting them to factory IT/OEM 215 (227), and installing them in N different eUICCs 225 in factory IT (270).
  • a terminal manufacturer wishing to manufacture a terminal equipped with an eUICC can order M eUICCs through the EUM/EUM server 200, and the EUM 200 corresponds to each eUICC for the M ordered eUICCs.
  • key materials may be provided to the factory IT/OEM (215) (step 230). Key materials provided by the EUM 200 may be transmitted as EUM-signed values.
  • the key material provided by the EUM 200 may include otPK.EUICC.KA for each eUICC, and otPK.EUICC.KA may be signed and transmitted with the private key of the eUICC.
  • the EUM 200 When the EUM (200) signs and transmits otPK.EUICC.KA with the private key of eUICC, it can be transmitted including eUICC certificate chain information. Additionally, the EUM 200 may further include eUICC information in the key material and provide it (step 230). eUICC information is information that factory IT/OEM can verify and can be transmitted as eUICC unsigned data. eUICC info may include at least one of an identifier indicating whether IFPP is supported, identification information indicating whether the profile can be installed on the eUICC more than twice at the factory, and a support method for installing the profile more than twice.
  • the eUICC info is not (step 230), but the factory IT/OEM (215) requests the terminal at a specific time before transmitting the BPP (step 275), and the terminal obtains it from the eUICC (225) and sends it to the factory IT/OEM (215). It can also be obtained through information transmitted to .
  • the factory IT/OEM 215 prior to performing (step 275), the factory IT/OEM 215 makes a request to the terminal 220, and the terminal 220 sends a request to the eUICC 225. By requesting eUICC info, the terminal 220 can obtain the eUICC info information returned by the eUICC 225.
  • the terminal 220 returns the eUICC info information obtained from the factory IT/OEM 215, and the factory IT/OEM 215 can check the eUICC info information.
  • the factory IT/OEM 215 may use the received eUICC info information to confirm predetermined information that determines the multiple BPP installation support method in IFPP and transmit the BPP (step 275). This can be equally applied to Figures 3 to 5, which will be described later.
  • the EUM 200 is otPK.
  • An index ID may be further included as identification information to identify EUICC.KA.
  • the index ID can be transmitted as an eUICC signed or unsigned value. If otPK.EUICC.KA or index ID is transmitted as an eUICC signed value, the EUM may further include the public key of the eUICC and transmit it to the factory IT/OEM 215. otPK.EUICC.KA or index ID may be included and transmitted in the eUICC certificate.
  • At least one information among otPK.EUICC.KA or an index ID for distinguishing otPK.EUICC.KA is additionally factory IT/OEM ( 215) can be selectively transmitted.
  • the index ID is information that is mapped to otPK.EUICC.KA, and can be transmitted as information for the eUICC 225 receiving it to use the index ID to determine otSK.EUICC.KA to be used for session key generation.
  • the EUM/EUM server 200 can provide the factory IT/OEM 215 with one eUICC key material required for BPP decryption for each eUICC.
  • the factory IT/OEM 215 that has received this may store encryption key information for the M ordered eUICCs in the factory IT server 215 (step 235).
  • the factory IT/OEM 215 may decide to load the profile on some or all of the N eUICCs of the M eUICCs ordered from the EUM 200.
  • the decision to load the profile may be based on a request for pre-loading the profile from the SP (service provider)/SP server 205.
  • the factory IT/OEM 215 provides the SP/SP server 205 with at least the number of Profile(s) and the list of EID(s) so that it can prepare a profile linked to the EID in advance.
  • One piece of information can be transmitted to the SP/SP server 205 (step 240).
  • the SP/SP server 205 may order a profile from the profile server/server vendor 210 (step 245). If you have an EID list by performing step 240 above or have obtained an EID list at a previous specific point, the SP/SP server 205 requests the profile server/server vendor 210 including the EID information when ordering a profile. You can.
  • the SP/SP server 205, the profile server/server vendor 210, and the factory IT/OEM 215 may share information that can specify an order with each other (step 250).
  • Information that can specify an order may be shared through identification information provided by the SP/SP server 205 or the profile server/server vendor 210 to the factory IT/OEM 215.
  • the identification information may include information such as a batch ID, an order ID, an ordered profile list or EID list, information regarding the start and end numbers of the profile list or EID lists, a factory serial number, or a producer identification number. It may include at least one piece of information about.
  • the factory IT/OEM 215 may request BPP from the profile server/server vendor 210.
  • the factory IT/OEM 215 requests BPP and provides key information corresponding to the eUICCs of the target terminals as many as N, which is the number of terminals on which the SP/SP server 205 will load the profile, among the key information of the eUICCs obtained in step 230. These can be transmitted to the profile server/server vendor 210 (step 255). This may be part or all of the key information received previously (step 230).
  • factory IT/OEM 215 receives one otPK.EUICC.KA for each eUICC from EUM/EUM server 230, factory IT/OEM 215 can transmit it. If the index ID is received as signed data in step 230, the factory IT/OEM 215 may further include it and transmit it.
  • the profile server/server vendor 210 includes the received profile order information (step 245), profile-EID link information (step 240), mutually shared order information (step 250), and encryption keys of target eUICCs to install the received profile. Encrypted profile packages may be generated in the profile server 210 by combining information collected in at least one of the information collection steps (step 255) (step 260).
  • the profile server/server vendor 210 provides the created profile packages and BPP encryption key information (for example, at least one of otPK.EUICC.KA, SM-DPf certificate, and certificate chain) to factory IT/OEM 215 ( 265 steps) can be done.
  • the profile server 210 receives the message in step 255 and, if there is an index ID, can verify the eUICC signature including the index ID in step 260. Additionally, this can be included in the reply message for BPP creation.
  • the generated encrypted profile packages and BPP encryption key information (e.g., otPK.EUICC.KA, at least one of SM-DPf signature2, which is the signature value of data containing otPK.EUICC.KA, SM-DPf certificate, and chain)
  • One or more messages may be transmitted to the factory IT/OEM 215 (step 265). Some or all of the data transmitted in the message may be provided as signed data.
  • the eUICC 225 stores only one otSK.EUICC.KA, the eUICC 225 does not need information to select which otSK.EUICC.KA to use for decoding the BPP received through (step 275). You can.
  • otPK.EUICC.KA or index ID may be transmitted in addition to the data signed by the profile server in step 265. If the index ID is included and transmitted in step 255, the index ID is used instead of otPK.EUICC.KA in the signed data of the profile server for the purpose of checking the corresponding otSK.EUICC.KA stored in the eUICC in step 265. It may be included and transmitted.
  • step 270 the operation of installing profiles for IFPP in the factory IT 215 in the eUICC 225 may be described. This step can be performed for N eUICCs.
  • the factory IT/OEM 215 can inject a profile into the terminal before shipping it from the factory. To this end, the factory IT/OEM 215 can obtain and store a series of encryption key information required for profile decryption for each BPP and eUICC.
  • the set of encryption key information may include the one-time public key of the eUICC 225 (hereinafter referred to as otPK.EUICC.KA).
  • a series of encryption key information required for profile decryption in the BPP and eUICC 225 can be transmitted to the factory IT 215 from the factory to individual terminals 220 through a wired or wireless network inside the factory.
  • BPP and a series of encryption key information may be included in one or more messages and transmitted to the terminal 220.
  • otPK.eUICC.KA is included and transmitted, otPK.eUICC.KA is included in the signed data from the profile server and can be received by the terminal 220.
  • otPK.eUICC.KA may be received included in signed data in one of the following ways. Of course, it is not limited to the examples below.
  • otPK.eUICC.KA may be received included in other signed data.
  • -SK.DPauth.SIG The private key of the profile server that uses the profile server's authentication on the profile server.
  • SK.DPpb.SIG may be the private key of the profile server used by the profile server for profile binding or the private key of the profile server used by the profile server for IFPP purposes.
  • xx indicating the purpose may be indicated with specific information indicating that xx is for IFPPP use.
  • the terminal 220 may receive BPP(s) from the factory IT 215 and provide the function of injecting the BPP(s) into the eUICC 225 in IFPP mode.
  • the terminal 220 may operate in a factory provisioning mode at the time of receiving the BPP, or the terminal 220 may recognize that it must enter IFPP at the time of receiving the BPP and initiate the operation.
  • the terminal 220 may enter the IFPP mode through an event input to a factory employee's terminal, a setting value, or recognition of a specific virtual private network (VPN). Meanwhile, entering IFPP mode through UI or setting values may be provided as a UI that is restricted so as not to be displayed to the user.
  • VPN virtual private network
  • the terminal 220 can transmit the BPP to the eUICC 225.
  • the BPP can be transmitted to the eUICC 225 through LPAf (not shown) or transmitted to the eUICC 225 without going through LPAf (not shown). There are (275 steps).
  • ES10x may be transmitted included in one or more messages.
  • the message received by the eUICC 225 from the terminal 220 may include information that allows the eUICC 225 to recognize that it is an operation for IFPP.
  • the eUICC 225 may determine and enter the profile installation operation for IFPP through a message received from the terminal 220.
  • the IFPP identifier parameter may be added to the ES10x message defined in 31/32, or it may be factory identification information that is not included for profile provisioning in a general environment (towards consumers, towards M2M, or towards IoT) after the terminal is shipped. For example, it may be one of the values such as factory serial number, batch ID, or producer identification information. Of course, it is not limited to this.
  • the terminal 220 may receive data including otPK.EUICC.KA from the profile server.
  • Data containing otPK.EUICC.KA may also be received as part of data signed as one of the following: Of course, it is not limited to the examples below.
  • the profile server s private key used by the profile server to authenticate the profile server.
  • Profile server s private key used by the profile server for profile binding.
  • the terminal 220 may transmit the signed data back to the eUICC 225 without going through LPAf or LPAf.
  • the eUICC 225 verifies the signature of the profile server 210 for the received data and generates a session key using the one-time private key (otSK.EUICC.KA) of the eUICC 225 previously stored in the eUICC. You can.
  • the eUICC 225 can decrypt and install the BPP through the session key (step 280).
  • the eUICC 225 may perform the following procedures depending on whether otPK.EUICC.KA is received.
  • otPK.EUICC.KA When otPK.EUICC.KA is not received: If the eUICC (225) has otSK.EUICC.KA, it can use it to generate a session key. If otSK.EUICC.KA does not exist, an error may be returned.
  • the eUICC 225 can discard otPK/SK.EUICC.KA used to install the BPP. If the profile installation fails, the eUICC 225 can maintain and store otPK/SK.EUICC.KA for next use.
  • the eUICC 225 may be able to reply by including otPK.EUICC.KA, a one-time eUICC public key to be used next, in the key material.
  • otPK.EUICC.KA a one-time eUICC public key to be used next, in the key material.
  • the eUICC (225) with the capability discards otSK.EUICC.KA used when the profile installation is successful and creates a new eUICC's encryption key pair (otSK/otPK.EUICC .KA) and save otSK.EUICC.KA (step 280).
  • the eUICC 225 can reply (step 285) by adding a key material including the corresponding otPK.EUICC.KA to the installation result.
  • the message replying from eUICC 225 may be transmitted as a signed or unsigned message of eUICC 225, but the key material may be transmitted as signed data of eUICC as in step 230, and the key material may be transmitted as signed data of eUICC 225. When transmitted as data, it may be transmitted with an additional eUICC certificate chain.
  • the eUICC 225 stores the stored encryption key information (otSK.EUICC.KA and the corresponding otPK .EUICC.KA, if you store the Index ID, the Index ID may also be included), create an eUICC one-time key pair to be used next time, and add the key material including otPK.EUICC.KA to the installation results. You can reply (step 285).
  • the message returned from the eUICC 225 may be provided in the form of Profile installation result (eUICCSigned(key material), encrypted(resultforDP), encrypted(resultforfactoryIT/OEM)).
  • installation result 1 can be explained as the installation result where the final notification target is factory IT/OEM.
  • Installation result 2 can be explained as the final notification target being the installation result of the profile server/server vendor.
  • Installation result 0 may include installation result 1 and installation result 2. Installation result 0 can be included in the reply message.
  • the eUICC 225 may transmit the profile installation result 0 to the terminal 220 without going through the LPAf or LPAf (step 285).
  • the terminal 220 may reply with an installation result of 0 to the IT/OEM 215.
  • the eUICC 225 may transmit the replying installation result message by including installation result 1, which is installation result data to be confirmed by the factory IT/OEM 215, and installation result 2, which is additionally confirmed by the profile server/server vendor 210. .
  • factory IT/OEM (215) receives a success response with an installation result of 1 and also receives the key material, the factory IT/OEM (215) deletes the used key material or changes the status to used and returns the received key. Material can be updated with the key material to be used for EID.
  • the eUICC 225 may reply with an installation result of 0 that further includes information about the encryption key pair creation error.
  • factory IT 215 may maintain the used key material and change the key material status (e.g. error, installation error, etc.).
  • Factory IT 215 may reply profile installation result 2 to the profile server/server vendor 210.
  • the factory IT/OEM 215 may individually reply to the profile server/server vendor 210 with installation results, or collect the results and provide them to the profile server/server vendor 210 in batches at a specific point in time. .
  • the profile server/server vendor 210 can check the processing results. If processing result 2 is received as signed information of the eUICC, the profile server may confirm the processing result by additionally verifying the signature of the eUICC 225 to see if it is in the same certificate chain. When receiving a success result with processing result 2, the profile server/server vendor 210 can manage otPK.EUICC.KA used for BPP installation by discarding it or changing its status to completed.
  • the profile server/server vendor 210 or factory IT/OEM 215 may also optionally provide installation result(s) to the SP/SP server 205.
  • the factory IT/OEM (215) performs the following procedure (step 235) on the eUICC ( 225), the BPP for installing the profile can be obtained, and the profile can be installed in the eUICC 235 through the terminal 230.
  • FIG. 3 is a diagram illustrating a usage method in which the eUICC generates and returns a one-time encryption key pair to be used next upon successful profile installation according to an embodiment of the present disclosure.
  • Figure 3 is the same as Figure 2, showing a method in which the factory IT/OEM has only one key material and the eUICC generates and returns the key material to be used next.
  • Figure 2 shows that when the eUICC supports the IFPP function or the IFPP function and the eUICC supports installation of multiple profiles, the factory IT/OEM enters the IFPP mode of the eUICC and selects the key material to be used next through the profile installation results. It can be assumed that this will be answered.
  • Figure 3 shows that even when the eUICC supports the IFPP function or the IFPP function and the eUICC supports installation of multiple profiles, key material is generated with a message sent from the factory IT/OEM 315 to the terminal 320. There may be a difference in the way eUICC generates and responds to key material only when an indicator indicating . Further details are given below.
  • Figure 3 uses the procedure of Figure 2 described above, but focuses on the operation according to the addition of identification information requesting the creation of otPK.EUICC.KA.
  • factory IT/OEM can receive eUICC information and key material required for installing a profile on the eUICC as a result of ordering an eUICC supporting the IFPP function.
  • the key material includes otPK.EUICC.KA, as shown in Figure 2, and may be information that further includes an eUICC certificate and authentication chain.
  • otPK.EUICC.KA may be transmitted as a signed value of eUICC.
  • factory IT/OEM 315 can receive eUICC info about the eUICC of the terminal.
  • eUICC info includes identification information indicating whether IFPP is supported, whether one eUICC supports IFPP multiple times, and whether eUICC supports IFPP multiple times, thereby generating otSK/PK.EUICC.KA to be used by eUICC. More may be included and received. Examples of information for determining whether IFPP is supported may include one of information such as IFPP standard or support version information and IFPP support identifier.
  • eUICC info may also be acquired by factory IT/OEM (315). Specifically, eUICC info may be obtained by requesting the factory IT/OEM 315 to the terminal 320 at a specific time before transmitting the BPP (step 375) rather than (step 330).
  • the eUICC info that the IT/OEM 315 requests and obtains from the terminal 320 can be obtained by the terminal 320 from the eUICC (325).
  • the factory IT/OEM 315 may check predetermined information that can determine the multiple BPP installation support method in IFPP from the eUICC info received from the EUM or terminal and transmit the BPP (step 375).
  • the EUM/EUM server 300 may prepare profiles for IFPP and transmit them to the factory IT/OEM 315.
  • a terminal manufacturer wishing to manufacture a terminal equipped with an eUICC can order M eUICCs through the EUM/EUM server 300, and the EUM 300 sends key materials for the ordered M eUICCs to the factory IT/OEM ( 315) and can be provided (step 330).
  • the EUM 300 may include otPK.EUICC.KA for each eUICC, and otPK.EUICC.KA may be transmitted as the signed value of the eUICC.
  • the information on key materials provided by the EUM 300 may be signed and transmitted by the EUM.
  • the factory IT/OEM 315 can map and store the EID of eUICC - otPK.EUICC.KA.
  • the factory IT/OEM 315 may decide to load the profile on the N eUICCs that are part of the M eUICCs ordered from the EUM 300 or the entire M eUICCs ordered. This may be in response to a request for preloading the profile from the SP (service provider)/SP server 305.
  • the factory IT/OEM (315) provides the SP/SP server (305) with at least the number of Profile(s) and the list of EID(s) so that it can prepare a profile linked to the EID in advance.
  • One piece of information can be transmitted to the SP/SP server 305 (step 340).
  • the SP/SP server 305 may order a profile from the profile server/server vendor 310 (step 345). If you have an EID list by performing step 340 or have obtained an EID list at a previous specific point, the SP/SP server 305 requests the profile server/server vendor 310 including the EID information when ordering a profile. You can.
  • the SP/SP server 305, the profile server/server vendor 310, and the factory IT/OEM 315 may share information that can specify an order with each other (step 350).
  • Information that can specify an order may be shared as identification information provided by the SP/SP server 305 or the profile server/server vendor 310 to the factory IT/OEM 315.
  • the identification information includes at least one of information such as a batch ID, an order ID, an ordered profile list or EID list, information about the start and end numbers of the profile list or EID lists, a factory serial number, or information about a producer identification number. It can be included.
  • the factory IT/OEM 315 may request BPP from the profile server/server vendor 310.
  • the factory IT/OEM (315) requests BPP (step 330) and, among the key information of the eUICCs, the SP/SP server (305) corresponds to the eUICCs of the target terminals as many as N, which is the number of terminals on which the profile will be loaded.
  • Key information may be transmitted to the profile server/server vendor 310 (step 355). This may be part or all of the key information received previously (step 330).
  • the factory IT/OEM 315 receives one otPK.EUICC.KA for each eUICC from the EUM/EUM server 330, it can select and transmit the corresponding otPK.EUICC.KA.
  • the profile server/server vendor 310 includes the received profile order information (step 345), profile-EID link information (step 340), mutually shared order information (step 350), and encryption keys of target eUICCs to install the received profile.
  • the generated profile packages and BPP encryption key information may be provided to the factory IT/OEM 315 (step 365).
  • the generated encrypted profile packages and BPP encryption key information (e.g., otPK.EUICC.KA, at least one of SM-DPf signature2, which is the signature value of data containing otPK.EUICC.KA, SM-DPf certificate, and chain)
  • One or more messages may be transmitted to the factory IT/OEM 315 (step 365), and some or all of the data transmitted in the messages may be provided as signed data of the profile server.
  • step 370 the operation of factory IT 315 installing profiles for IFPP in the eUICC can be described. This step can be performed for N eUICCs.
  • the factory IT/OEM 315 can inject a profile into the terminal before shipping it from the factory. To this end, factory IT/OEM 315 can obtain and store a series of encryption key information required for profile decryption in BPP and eUICC.
  • a series of encryption key information may include the eUICC's one-time public key (hereinafter referred to as otPK.EUICC.KA) for each eUICC.
  • a series of encryption key information required for profile decryption in the BPP and eUICC (325) included in the factory IT (315) can be transmitted from the factory to individual terminals (320) through a wired or wireless network inside the factory.
  • BPP and a series of encryption key information may be included in one or more messages and transmitted to the terminal 320.
  • otPK.eUICC.KA When otPK.eUICC.KA is transmitted and included in one or more messages, otPK.eUICC.KA can be received by the terminal 320 by being included in signed data from the profile server.
  • otPK.EUICC.KA is received as signed data from a profile server, as an example, it may be received as included in the signed data as one of the following: Of course, it is not limited to the examples below.
  • SK.DPpb.SIG may be the private key of the profile server used by the profile server for profile binding or the private key of the profile server used by the profile server for IFPP purposes.
  • xx in xx indicating the use may be indicated with specific information indicating that it is an IFPPP use.
  • eUICC info information acquired at a specific time before the factory IT/OEM 315 transmits the profile installation message in step 375 if the eUICC can install the profile multiple times in a factory environment, the factory IT/OEM 315
  • the OEM 315 may further include and transmit the otPK.EUICC.KA creation indicator in the message transmitted in step 375.
  • eUICC info information may be provided using a method in which eUICC generates an eUICC encryption key pair and replies otPK.EUICC.KA as a way to support profile installation multiple times. .
  • the terminal 330 may receive BPP from the factory IT 315 and provide the function of injecting BPP(s) into the eUICC 325 in IFPP mode.
  • the terminal 330 may operate in factory provisioning mode at the time of receiving the BPP, or the terminal 330 may recognize that it must enter IFPP at the time of receiving the BPP and initiate the operation.
  • the terminal 330 may enter IFPP mode through an event input to a factory employee's terminal, a setting value, or recognition of a specific VPN (virtual private network). Meanwhile, the terminal 330 entering the IFPP mode through a UI or setting value may be provided through a UI that is restricted from being displayed to the user in a general environment.
  • the terminal 330 may transmit the information received together from the BPP and the factory IT/OEM 315 (step 375) to the eUICC 325 (step 375).
  • the information transmitted from the factory IT/OEM (315) to the eUICC (325) can be transmitted to the eUICC (325) through LPAf (not shown) or transmitted to the eUICC (325) without going through LPAf (not shown). can (step 375).
  • a message transmitted to the eUICC using LPAf may be transmitted by being included in one or more messages of ES10x.
  • the message received by the eUICC 325 from the terminal 330 may include information that allows the eUICC 325 to recognize that the operation is for IFPP.
  • the eUICC 325 may determine that a profile installation operation is performed for IFPP through a message received from the terminal 330.
  • Information that can recognize an operation for IFPP is a new function defined for IFPP or existing SGP.21/22 to SGP.
  • the IFPP identifier parameter may be added to the ES10x message defined in 31/32, or it may be factory identification information that is not included for profile provisioning in a general environment (towards consumers, towards M3M, or towards IoT) after the terminal is shipped.
  • information that can recognize an operation for IFPP may be one of values such as factory serial number, batch ID, and producer identification information. Of course, it is not limited to this.
  • the terminal 330 may receive data containing otPK.EUICC.KA from the profile server, and data containing otPK.EUICC.KA may be received as included in data signed as one of the following. Of course, it is not limited to the examples below.
  • Profile server s private key used by the profile server for profile binding.
  • the terminal 330 may transmit data signed by the profile server back to the eUICC (325).
  • the terminal 330 may transmit data signed by the profile server to the eUICC 325 without going through the LPAf or LPAf.
  • the eUICC 325 verifies the signature of the profile server 310 for the data received by the eUICC 325 and generates a session key using the one-time private key (otSK.EUICC.KA) of the eUICC stored in advance. You can.
  • the eUICC 325 can decrypt the BPP through the session key and process the installation (step 380).
  • the eUICC 325 After verifying the signature of the profile server 310 in step 380, in the procedure for generating a session key in step 380, the eUICC 325 performs the following procedures depending on whether otPK.EUICC.KA is received. You can.
  • eUICC uses otSK.EUICC.KA saved for IFPP. If otSK.EUICC.KA does not exist in eUICC, an error is returned.
  • the eUICC 325 stores the otSK.EUICC used to install the BPP. If there is .KA and otPK.EUICC.KA stored correspondingly, otSK.EUICC.KA and otPK.EUICC.KA can be discarded. If the profile installation fails, the eUICC 325 can maintain and store at least one of otPK.EUICC.KA or otSK.EUICC.KA for next use.
  • the factory IT/OEM (315) may add an otPK generation identifier or set a flag for otPK generation and transmit it to the eUICC (325).
  • the eUICC (325) can reply to the factory IT/OEM (315) (step 385). there is.
  • the eUICC (325) After the flag is set and transmitted to the eUICC (325), when the profile installation is successful in the eUICC (325), the eUICC (325) next installs otPK.EUICC.KA and otSK.EUCC.KA required for additional installation of the eUICC profile.
  • the eUICC 325 may include otPK.EUICC.KA as an eUICC signed value in the installation result data and reply to the factory IT/OEM 315 (step 385).
  • step 375 If there is no otPK creation indicator in step 375 or the flag for otPK creation is transmitted as unset, when the profile installation is successful in the eUICC 325, the eUICC 325 will install otPK.EUICC.KA required for the next installation. and otSK.EUCC.KA, and accordingly, the installation result can be configured without otPK.EUICC.KA and sent back to the factory IT/OEM (315) (step 385).
  • step 375 if the otPK creation indicator or the flag for otPK creation is set and transmitted to the eUICC (325), the profile installation fails in (step 380), but if the reason for installation is a permanent error, the eUICC (325) can process the same as successful installation and generate an eUICC one-time key pair for use next time.
  • the eUICC 325 can reply by including otPK.EUICC.KA among the eUICC one-time key pair generated as key material.
  • data regarding installation result 0 may be transmitted including installation result 1 to be confirmed by the factory IT/OEM 315 and installation result 2 to be confirmed by the profile server/server vendor.
  • Installation result 2 can also be transmitted as eUICC signed data.
  • the eUICC 325 can transmit the profile installation result to the terminal 320 with or without LPAf and reply from the terminal 320 to the factory IT/OEM 315 (step 385).
  • factory IT/OEM 315 can delete the used key material or change the status to use complete.
  • the factory IT/OEM 315 can update the received key material with the key material used in the EID so that it can be used when creating the BPP next time.
  • factory IT 315 may maintain the used key material and change the key material status (e.g. error, installation error, etc.).
  • Factory IT 315 may reply back to the profile server/server vendor 310 with the profile installation result.
  • the factory IT/OEM 315 may individually reply to the profile server/server vendor 310 with installation results, or collect the results and provide them to the profile server/server vendor 310 in batches at a specific point in time.
  • the profile server/server vendor 310 receives the processing result as eUICC signed installation result data, it can confirm the processing result by verifying the signature of the eUICC.
  • the profile server/server vendor 310 receives a success result as a result of processing, the profile server/server vendor 310 can manage the otPK.EUICC.KA used for BPP installation by discarding it or changing the status to completed.
  • the profile server/server vendor 310 or factory IT/OEM 315 may also optionally provide installation result(s) to the SP/SP server 305.
  • step 390 uses the key material acquired and saved by the factory IT/OEM (315) in (step 385) of the previous installation or otPK.EUICC that was received due to installation failure in (step 385) and was not discarded when the previous installation failed. It can be performed using .KA, and the installation procedure can be performed according to the previously mentioned (step 335) to (step 390) procedures.
  • FIG. 4 is a diagram illustrating a method in which the eUICC generates a one-time encryption key pair to be used next when deleting a profile according to an embodiment of the present disclosure and sends a reply including the one-time public key.
  • the SP/SP server 405 may request a change to reduce the existing order from A to B (step 435).
  • Factory IT/OEM 415 which has received the reduction change, can delete C profiles corresponding to A-B from A terminal where the carrier's profile is installed and re-acquire key materials for profile installation at a specific point in time.
  • the step of the SP/SP server 405 requesting a change to reduce the existing order from A to B may be at a specific time before performing (step 440).
  • the factory IT/OEM 415 which has received the reduction change request, may perform step (step 440) for C eUICCs.
  • the factory IT/OEM 415 confirms the information that the eUICC can install the profile multiple times in the factory environment through the eUICC info information obtained at a specific time before transmitting the profile deletion message (step 445).
  • the factory IT/OEM 315 may further include the otPK.EUICC.KA creation indicator in the message in step 445 and transmit it.
  • the eUICC 430 As a support method for info of the eUICC 430, as previously described in FIG. 3, the eUICC 430 generates a one-time encryption key pair to be used next and returns otPK.EUICC.KA among them. It may further include identification information that explicitly indicates support as a method of giving.
  • the factory IT/OEM 415 may transmit a profile deletion request message including information about the profile, for example, the ICCID, to the terminal 420, and further include an indicator for a creation request for otPK.EUICC.KA. You can.
  • the terminal 420 that has received this can receive a function to delete the profile in IFPP mode from the factory IT 415.
  • the terminal 420 may be operating in factory mode at the time it receives a profile deletion request message.
  • the terminal 420 may enter the IFPP settings of SGP.41/42 through an event input to a factory employee's terminal, a setting value, or recognition of a specific VPN (virtual private network).
  • entering IFPP mode through UI or setting values may be provided as a UI that is restricted so that it is not displayed to the user in a general environment.
  • the terminal 420 may transmit the information received together from factory IT/OEM (step 445) to the eUICC 435 (step 445).
  • factory IT/OEM 415 may transmit information to eUICC 425. As described above, the factory IT/OEM 415 may transmit information to the eUICC 425 via LPAf (not shown) or may transmit information without going through LPAf (not shown) (step 445). According to an embodiment of the present disclosure, a message transmitted to the eUICC using LPAf (not shown) may be transmitted by being included in one or more messages of ES10x. According to an embodiment of the present disclosure, the transmitted function may have a form such as ES10c.DeleteProfileforIFPP. According to an embodiment of the present disclosure, the data transmitted to the eUICC using LPAf (not shown) is ES10c. Can be DeleteProfileforIFPP(ICCID or AID, [otpkCreateFlag]).
  • the eUICC 435 may determine that a profile installation operation is performed for IFPP through a message received from the terminal 420 and enter IFPP.
  • Information that can recognize an operation for IFPP is a new function defined for IFPP or existing SGP.21/22 to SGP.
  • the IFPP identifier parameter may be added to the ES10x message defined in 31/32, or it may be factory identification information that is not included for profile provisioning in a general environment (towards consumers, towards M3M, or towards IoT) after the terminal is shipped.
  • information that can recognize an operation for IFPP may be one of values such as factory serial number, batch ID, and producer identification information. Of course, this is just an example and does not exclude other information.
  • the eUICC 430 may operate as follows.
  • step 445 If an otPK creation indicator or a flag for otPK creation is set in step 445:
  • the profile specified by ICCID or AID is deleted, and the eUICC 425 next creates otPK.EUICC.KA and otSK.EUCC.KA necessary for profile installation in the eUICC, stores otSK.EUICC.KA, and installs the result. You can reply by including the otPK.EUICC.KA generated in the data as the eUICC signed value (step 455).
  • the eUICC 430 may reply (step 455) with an error and an error reason to the processing result 0 data.
  • eUICC can reply with error information included in at least one of installation result 1 and installation result 2 included in installation result 0.
  • step 445 if there is no otPK creation indicator or the flag for otPK creation is received as unset:
  • the eUICC 425 can delete only the profile specified by ICCID or AID without creating additional otSK/otPK.eUICC.KA, configure the installation result data, and send a reply (step 455).
  • the installation result 0 data returned by the eUICC may include installation result 1 to be confirmed by the factory IT/OEM (415), and may additionally include installation result 2 to be confirmed by the profile server/server vendor. If installation result 2 is included, installation result 2 may be transmitted as eUICC signed data.
  • the eUICC (435) can transmit the profile installation result to the terminal without going through LPAf or LPAf and reply to the factory IT/OEM (415) from the terminal (step 455).
  • the eUICC 435 may transmit installation result 2 data in addition to the installation result 1 data to be confirmed by factory IT 415 through the installation result 0 message returned to factory IT 415.
  • Installation result 2 data may include data signed by the eUICC to be verified by the profile server/server vendor 410. If the factory IT/OEM (415) receives a success response with an installation result of 1 and also receives the key material, the factory IT/OEM (415) makes the received key material usable in the EID so that it can be used when creating the BPP next time. It can be updated with key material.
  • the factory IT 415 may change the key material state to a changed state (e.g., error, installation error, etc.).
  • factory IT/OEM 415 When factory IT/OEM 415 receives installation result 2 out of profile installation result 0, it may transmit this to the profile server/server vendor 410.
  • the factory IT/OEM 415 may individually reply to the profile server/server vendor 410 with installation results, or collect the results and provide them to the profile server/server vendor 410 in batches at a specific point in time. .
  • the profile server/server vendor 410 can confirm the processing result by verifying the signature of the eUICC through whether it is in the same certificate chain.
  • the profile server/server vendor 410 may delete the information about the related profile accordingly or process it as information in which a deletion processing error occurred.
  • the profile server/server vendor 410 or factory IT/OEM 415 may also optionally provide installation result(s) to the SP/SP server 465.
  • the factory IT/OEM 415 installs the profile again in IFPP mode at a certain point after receiving the key material in step 455, before the eUICC is restocked or shipped from the factory. If necessary, the profile can be installed at the factory using the procedures following steps 235 through 335 of FIGS. 2 and 3.
  • FIG. 5 is a diagram illustrating a method of generating key material to be used by eUICC and returning it to factory IT according to an embodiment of the present disclosure.
  • Figure 5 may be a recovery scenario according to a synchronization error.
  • the factory IT/OEM 515 may be composed of one or more servers, terminals, etc., and accordingly creates a profile (BPP).
  • the device that manages the key material for the terminal and the device that injects/manages the terminal settings during the manufacturing process may be different terminals. Problems due to desynchronization may occur due to different terminals, and recovery scenarios for this are explained.
  • the factory IT/OEM 515 may obtain and store the BPP for IFPP installation prior to performing step 535.
  • this may be a BPP obtained and stored through the same procedure as steps 227 of FIG. 2 to 327 of FIG. 3.
  • the factory IT/OEM 515 transmits a message including the BPP to the terminal 525, and the terminal 520 sends the message including the BPP as shown in Figures 2 to 2. As in steps 275 to 375 mentioned in 3, it can be transmitted to the eUICC 525 with or without passing through LPAf (not shown).
  • the message that the eUICC 525 receives may include BPP.
  • the message received by the eUICC 525 may additionally include otPK.EUICC.KA.
  • the data generated by the profile server 510 and received by the eUICC 525 is transmitted as signed data of the profile server, and may be transmitted with the server's certificate information included.
  • the eUICC 525 may operate in one of the following ways.
  • the eUICC (525) If the eUICC (525) has the capability to generate and reply to key material for IFPP, the eUICC (525) returns an error that there is no otSK, generates otPK/otSK, and stores otSK.eUICC.KA. and reply with an error with key material including otPK.EUICC.KA (step 550).
  • the eUICC 525 may or may not transmit the profile installation result to the profile server/server vendor 510 (step 555). When the eUICC 525 transmits as in (step 555), it may be noted that the eUICC 525 may transmit at a specific point in time after (step 550).
  • the factory IT/OEM 515 updates the existing key material with the newly received key material and uses it when requesting BPP creation later. You can save it.
  • the key material previously received by the factory IT/OEM 515 can be received through eUICC signed data.
  • the factory IT/OEM 515 installs the corresponding eUICC for each eUICC as in the procedure previously described in FIGS. 2 and 3.
  • the key material is transmitted to the profile server/server vendor 510, and the profile server/server vendor 510 creates a BPP corresponding to each eUICC with the received key material (step 570) and transmits it (step 575). .
  • the factory IT/OEM 515 can process the installation of a profile for IFPP (step 580). Since step (580) can be performed as previously described in steps (270) to (370), description thereof will be omitted.
  • FIG. 6 is a diagram for explaining the operation of preparing a large number of profiles for IFPP according to an embodiment of the present disclosure. Specifically, FIG. 6 is a diagram illustrating an exemplary embodiment in detail of the procedure for (step 227) of FIG. 2 or (step 327) of FIG. 3.
  • a factory IT/OEM 615 that wishes to mount an eUICC can order eUICCs from the EUM/EUM server 600.
  • EUM (600) is otSK used in eUICC.
  • the eUICC.KA and PK.eUICC.KA pair can be created in advance and transmitted to the factory IT/OEM (615) (step 630).
  • the EUM (600) contains otPK.EUICC.KA, [Euicc info], [EID], and otPK.EUICC.KA signed with the EUM's secret key for each eUICC, It can be transmitted to the factory IT/OEM 615, including at least one of the EUICC's certificate (CERT.EUICC.SIG) and certificate chain, EID, or PK.EUICC.KA (step 630).
  • Transmitted information can be transmitted through an interface linked to factory IT (615) in the profile server. Transmitted information may be transmitted online or offline. Each transmitted information may represent the following: Of course, it is not limited to the examples below, and other information can also be displayed.
  • - CERT.EUICC.SIG may include the EID, which is the unique identification number of the eUICC, and the public key (PK.EUICC.SIG) for decrypting the eUICC signature. It can also be used to prove that the eUICC is authenticated by the EUM.
  • the parent certificate chain of CERT.EUICC.SIG may include CERT.EUM.SIG, a certificate containing the EUM public key.
  • eUICC info Information about eUICC capability, which may or may not include an indication of the capability indicating whether it is an eUICC that supports IFPP. If a specific order has the same eUICC capability, eUICC info may be transmitted for each order rather than for each eUICC. As described above, information about support for installing multiple profiles and how to support installation of multiple profiles may be further included and transmitted.
  • - PK.EUICC.SIG When the public EID or PK.EUICC.SIG of the eUICC for decrypting the eUICC signature is transmitted, it is transmitted as a value included in CERT.EUICC.SIG or transmitted without being included in CERT.EUICC.SIG If applicable, it can be transmitted as a separate parameter.
  • the factory IT/OEM (615) which has received the transmitted information, stores and retains the information, and at a certain point in time, the factory IT/OEM (615) stores N eUICCs that are part of the M eUICCs ordered from the EUM (600) or all eUICCs. You can decide to load the profile.
  • the SP/SP server 605 may request the factory IT/OEM 615 to pre-load the profiles on the terminals 620 to be shipped.
  • the factory IT/OEM 615 includes at least one of the number of profiles and information on the EID(s) so that the SP/SP server 605 can prepare a profile linked to the EID in advance. It can be transmitted to the SP/SP server 605 (step 633).
  • SP/SP server 605 may order a profile from profile server/server vendor 610 (step 635).
  • the SP/SP server 605 orders the profile and includes the EID information to the profile server/server vendor 610. ), you can also place an order.
  • the profile order message may be defined as a new function or in a form that further includes IFPP order identification information in the ES2+ order interface between the service provider and profile server defined in the existing GSMA RSP.
  • Information included in the order message may include at least one of the following. Of course, it is not limited to the following information and does not exclude the inclusion of other information.
  • the IFPP order identifier may be transmitted and included in the value of IFPP indication data.
  • the batch ID can be transmitted as one of the Profile type data values of the ES2+ ordering interface.
  • the profile server/server vendor 610 may be a profile server that supports only IFPP, or may be a profile server that supports IFPP as one of the functions of the profile server.
  • the profile server/server vendor 610 may be a server that supports SGP.21/22 (standard for profile provisioning to consumer devices such as smartphones) defined by GSMA.
  • the profile server/server vendor 610 may be a profile server that supports SGP.31/32 (a standard for profile provisioning to IoT-specific terminals).
  • the profile server/server vendor 610 may be a server that additionally supports functions for profile provisioning in the factory.
  • the profile server/server vendor 610 that has received the profile download order determines whether there is IFPP judgment information using a new function defined as IFPPorder or a new parameter of the existing ES2+.Downloadorder, and identifies and manages whether the profile download order is for IFPP. can do. Identification of whether it is for IFPP may be based on the IFPP order identifier or batch ID described above. Meanwhile, if the EID is not received together in step 635, the profile server/server vendor 610 can process the Profile by changing the status to allocated, and the EID is received together in step 335. In this case, you can prepare by linking the EID with the ICCID and changing the status of the profile to linked.
  • the profile server/server vendor 610 may receive a profile provision request (step 645).
  • the SP/SP server 605 or the profile server/server vendor 610 may share information that can specify a profile download order with the factory IT/OEM 615 (640) step).
  • the profile server/server vendor 610 When the profile server/server vendor 610 receives a request to provide a profile for IFPP from the factory IT/OEM 615, the profile server/server vendor 610 orders any of the profiles creation orders previously requested from the SP. You can check whether it corresponds to .
  • Information that can be used to confirm which order it corresponds to is information such as batch ID, address of the server that stores the profile, identification information of the service provider that requested profile creation, start and end numbers of the ordered profile list or EID list, or It may include at least one of an ordered profile list, an EID list, and a factory IT identification number.
  • the profile server/server vendor 610 may check the optionally included order identification information when receiving the profile request information, and if there are pre-prepared profiles for the optionally included order, the pre-prepared profiles are listed below.
  • BPPs can be prepared by encrypting with otPK.EUICC.KA corresponding to eUICC.
  • the factory IT/OEM 615 may wish to inject a profile into the terminal before shipping the terminal from the factory.
  • the factory IT/OEM 615 may request a BPP prepared for IFPP from the profile server/server vendor 610.
  • the way to indicate that this is an IFPP request from the factory IT (615) to the profile server/server vendor (610) is to send a message to a new function indicating that it is a BPP request for IFPP, or to send a message to the existing ES9+. It may include at least one of the following: an IFPP identification indication is transmitted using the function, or a parameter required only for IFPP (for example, at least one of otPK.eUICC.KA, batch ID, or SP ID) is included and transmitted. You can.
  • the profile server/server vendor 610 can determine how to indicate that it is an IFPP request.
  • ES9+ defined in the aforementioned existing SGP.22.
  • An example of using function is ES9+.
  • the factory IT/OEM 615 includes the SP (service provider) 605 among the key information of the eUICCs obtained in step 630.
  • Key information including otPK.EUICC.KA corresponding to the eUICC of target terminals may be transmitted to the profile server/server vendor 610 as many as the number of terminals on which the profile will be loaded.
  • the device eUICC info may be optionally included and transmitted as info or eUICC capability information.
  • the profile server/server vendor 610 When the profile server/server vendor 610 receives a message that can determine that it is a BPP request for IFPP from the factory IT 615 and receives key information for otPK.eUICC.KA, the profile server/server vendor ( 610) determines that the BPP for IFPP is ready, and the profile server/server vendor 610 may perform the step of creating a BPP for IFPP (step 650). The profile server/server vendor 610 may enter the process of creating BPP, an encrypted profile package, in IFPP mode.
  • the message received from the factory IT 615 contains information that can recognize this (for example, a new function defined for IFPP, existing ES9+
  • the message may include a case of receiving a new IFPP indication that can be recognized as a profile download request from the factory, or information including at least one of new parameters (encryption key information, etc.).
  • the profile server/server vendor 610 may generate a BPP for the IFPP by including one or more of the following procedures. To create BPPs for N IFPPs, the following procedure can be performed for each BPP.
  • the profile server/server vendor 610 may optionally perform a procedure to check whether the profile type received from the SP through the ES2+ order interface is suitable for installation on the target terminal/EID.
  • the profile order received in step 650 is checked, particularly whether the profile type specified in the order can be installed. It can be performed optionally. Accordingly, the profile server/server vendor 610 may or may not verify qualifications, including whether the EID/terminal is capable of installing a profile for IFPP.
  • Verification is performed when the profile server/server vendor 610 receives CERT.EUICC.SIG in (step 645).
  • the profile server/server vendor 610 may verify the CERT.EUICC.SIG received in step 645 with the EUM's certificate.
  • CERT.EUICC.SIG may contain an EID, which may consist of a sequence of numbers containing one of the EINs in the EUM certificate.
  • the profile server checks whether the EID included in CERT.EUICC.SIG matches one of the values of the allowed EINs (EUM identification IDs) included in CERT.EUM.SIG, the EUM certificate, and determines whether CERT.EUICC.SIG is a legitimate eUICC. Recognition can be verified.
  • the profile server/server vendor 610 can verify the signature by decrypting the private key of the eUICC used to sign the data including otPK.EUICC.KA with the public key of the eUICC included in CERT.EUICC.SIG.
  • the profile server/server vendor 610 may use otSK.DP.KA and otPK.EUICC.KA to generate a shared secret value to be used for a specific profile transfer session.
  • the profile server/server vendor 610 ServerChallenge information can be created. This can be provided if the eUICC (625) is designed to send the ServerChallenge value that the profile server/server vendor (610) sends to the eUICC (625) as is during the mutual authentication procedure between the profile server/server vendor (610) and the eUICC (625). there is.
  • the profile server/server vendor 610 may create a profile package bound to an EID including a session key, key replacement package, and ISD-P creation and configuration information.
  • the profile server/server vendor 610 If the profile server/server vendor 610 successfully creates a BPP for IFPP in step 650, the profile server/server vendor 610 sends the BPP and a series of information required for BPP installation to the factory IT/OEM 615. It can be transmitted through one or more messages.
  • Step 655 If the factory IT (615) has registered the push service with the profile server/server vendor (610) at the time of requesting the BPP, the BPP and the information required for BPP installation A series of information is transmitted in a push message at step 350 when the profile server/server vendor 610 prepares it, or the profile server/server vendor 610 notifies the profile is ready through a push message and responds to this by factory IT ( 615) may proceed with the procedure of accessing and obtaining a profile server/server vendor 610.
  • the profile server/server vendor 610 may transmit a series of encryption key information lists required for BPP verification in the BPP generated by the factory IT/OEM 615 and the mapped eUICC through one or more messages. Encryption key information, for example, public keys, may be transmitted included in a certificate or may be transmitted without being included in a certificate. Additionally, the information transmitted from the profile server/server vendor 610 may include order identification information, such as service provider ID, batch ID, or order ID. According to an embodiment of the present disclosure, the information transmitted from the profile server/server vendor 610 is ESbpp.BulkProfileResponse ([SP ID], ([Batch ID], (BPP including otPK.DP.KA, CERT.EUICC.
  • the information transmitted in step 355 may include messages such as SIG, [CERT.DPauth.SIG], CERT.DPpb.SIG, [ServerChallenge]) X N) and consists of one message or more than one message. It may be transmitted to IT/OEM (615) and stored in factory IT (615).
  • the factory IT 615 can map and store the received BPP, the EID mapped for each BPP, and the encryption key information for downloading and installing the BPP to the EID, and then perform provisioning of the profile (step 660).
  • the factory IT (615) transmits the encryption key information for downloading and installing the BPP and EID to the terminal 620, and the terminal 620 transmits the encryption key for downloading and installing the BPP to the eUICC (625).
  • the eUICC 625 may be performed including the procedure of verifying the transmitted BPP and the encryption key for installing it and installing the profile.
  • the procedure for installing BPP from the terminal 620 to the eUICC 625 may be to transmit a message to the eUICC 625 through LPAf (not shown) or to transmit a message to the eUICC 625 without going through the LPAf.
  • the message can be transmitted by being included in one or more messages included in ES10x.
  • the transmission method from the terminal may be one of the following methods. Of course, the method is not limited to the following.
  • FIG. 7 is a block diagram showing the structures of the profile server 700, factory IT 720, and terminal 740 in a wireless communication system according to an embodiment of the present disclosure.
  • the profile server 700 may include a communication unit 705, a control unit 710, and an encryption unit 715.
  • the communication unit 705 can transmit data to or receive data from other devices.
  • the communication unit 705 can transmit or receive an encrypted key, an encrypted profile, etc.
  • the communication unit 705 may be equipped with at least one communication module and an antenna.
  • the control unit 710 can control each component of the profile server 700 to install a profile according to the present invention.
  • the specific operation of the control unit 710 is as described above.
  • the profile server 700 determines whether the order is the same by referring to the service provider server, the manufacturer's server, or information received from the service provider and the manufacturer, and provides the profile and eUICC provided information for the same order. It can be processed to be mapped and stored in a storage unit (not shown). Additionally, the operation can be controlled to prepare in advance by mapping a profile to a specific EID by referring to the EID information received from the service provider.
  • the control unit 710 determines whether a profile needs to be prepared for IFPP using information received from a message received through the communication unit 705, and processes entry into the operation of preparing the profile. It can be done.
  • control unit 710 determines whether there is eUICC info in the information received from the message received through the communication unit 705, determines whether the eUICC info is an eUICC supporting IFPP, and determines whether the eUICC has a plurality of times. Determine whether low profile installation is possible or whether IFPP supports multiple profile installations by combining one or more of the methods to support multiple profile installations, as described previously in FIG. 6 It can be controlled to further perform an eligibility check procedure before creating a BPP by referring to one or more information among EID, eUICC info, and device info.
  • the profile server 700 receives the message received from factory IT through the communication unit 705, determines that the received message is a request to download a profile for IFPP, processes the operation to prepare profiles for the factory, and sends the processing result to the communication unit 705. ) can be sent to factory IT.
  • the encryption unit 715 may perform encryption or decryption of a key or profile under the control of the control unit 710.
  • the encryption unit 715 may include an HSM or may be named HSM itself, and may perform encryption and decryption of the profile without exposing the encryption key. Depending on implementation, the encryption unit 715 may be built into the control unit 710 or may be implemented in the form of software code driven by the control unit 710.
  • factory IT 720 may include a communication device 725, a control device 730, and a storage device 735.
  • the devices in the factory IT 720 may be configured as a single device that plays an independent role, such as a communication device or a storage device, or as one device of several devices. When devices are connected to each other, a communication device for connection is integrated and implemented. Refer to FIG. 8 for an example configuration.
  • Communication device 725 may transmit data to or receive data from other devices.
  • factory IT 720 operates as a single device including a storage device 735
  • factory IT 720 operates as a separate control device 730 that centrally controls the communication device 725 and the storage device 735.
  • Factory IT 720 may be composed of one or more devices as described above.
  • the communication device 725 may transmit or receive an encrypted key, an encrypted profile, etc.
  • the communication device 725 may be equipped with at least one communication module and an antenna.
  • the storage device 735 and the communication device 725 may be provided as one device for the factory IT 720 itself.
  • Factory IT 720 may transmit or receive at least one of encrypted key information and encrypted profiles to the profile server 700 through a communication device 725 that provides a communication connection with the outside. there is.
  • factory IT 720 transmits the stored encrypted profile to the terminal 720 through the communication device 725 or receives the installation result with or without key material from the terminal 720 or the key generated by the terminal (720). Material can be received.
  • the profile received from the profile server 700 or the encrypted key previously obtained from the EUM is stored in the storage device 713 by the control device 730 of the factory IT 720, It can be transmitted wired or wirelessly from the storage device responsible for profile injection to the terminal 740.
  • the storage device 735 of the factory IT 720 may store at least one encrypted profile. Additionally, encrypted key information for at least one encrypted profile can be stored.
  • the control device 730 determines this, updates the installation result information of the mapped profile, and stores the result information in the device 735. It can be updated and provided in batches to the profile server 700 through the communication device 725 at a specific point in time.
  • the storage device 735 is a hard disk type, random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), and electrically erasable programmable read-only (EEPROM). memory), PROM (programmable read-only memory), magnetic memory, magnetic disk, and optical disk.
  • Factory IT (710) may be composed of several devices as described above, and the communication device, control device, and storage device may be integrated into one device or a combination thereof, for example, a communication device and a storage device.
  • the device may also be implemented as an integrated device.
  • the communication device may provide communication services limited to a device for connecting to the terminal manufacturer's external network or only for connecting to the terminal manufacturer's internal network.
  • the terminal 740 may include a communication unit 745, a control unit 750, a storage unit 755, and an eUICC 760.
  • the communication unit 745 may transmit data to or receive data from other devices.
  • the communication unit 745 may receive an encrypted key, an encrypted profile, etc.
  • the communication unit 745 may be equipped with at least one communication module and an antenna.
  • the control unit 750 can control each component of the terminal 740 to install a profile according to the present invention.
  • the control unit 750 can control the overall operations of the terminal 740.
  • the control unit 750 may transmit and receive signals through the communication unit 745.
  • the control unit 750 can write and read data to and from the storage unit 755.
  • the control unit 750 may include at least one processor.
  • control unit 750 may include a communication processor (CP) that performs control for communication and an application processor (AP) that controls upper layers such as application programs.
  • CP communication processor
  • AP application processor
  • the control unit 750 requests the storage unit 755 for configuration information and displays it on the screen display unit (not shown) or receives the configuration information and Additional operations can be processed.
  • the control unit 750 matches the data recorded through the storage unit 755 or the information collected through the control unit 750 and the communication unit 745 for reference in selecting the profile installation at the factory.
  • the terminal can perform a processing process in which information can be inferred.
  • the control unit 750 can determine whether user consent is required for specific information stored in the terminal 740 and display it on a screen display unit (not shown).
  • the control unit 750 can control the terminal 740 to perform the corresponding operation.
  • the control unit 750 may include an LPA responsible for driving and controlling the eUICC 760, an application in which the LPA is integrated, and an application that manages factory installation.
  • the control unit 750 interprets the information received in the LPA or application and processes a specific command APDU request to the CP (communication processor), or collects part or all of the requested information from the storage unit 755 and stores the information in the LPA or application. It may include a terminal framework that responds to .
  • the control unit 755 compiles predetermined information obtained from the eUICC 760 through the terminal 740 and the communication unit 745, determines the operation of entering the IFPP mode, and controls the eUICC 760 to enter IFPP. can do.
  • the eUICC 760 may operate under the control of the control unit 750.
  • the eUICC 760 enters the IFPP mode, processes the profile installation procedure, and sends the processing result to the terminal ( You can reply at 740).
  • the control unit 750 receives profile information or a response message of the profile package received from factory IT 720, and determines whether there is profile installation request information for IFPP from the received profile information or response message.
  • the storage unit 755 may store data such as basic programs, application programs, and setting information for operation of the terminal 740.
  • the storage unit 755 includes a flash memory type, a hard disk type, a multimedia card micro type, and a card type memory (e.g. For example, SD or memory) and EEPROM (electrically erasable programmable read-only memory).
  • the storage unit 755 may be integrated and implemented as a control unit 750 and a system on chip (SoC).
  • SoC system on chip
  • the control unit 750 can perform various operations using various programs, content, data, etc. stored in the storage unit.
  • the eUICC 760 is a UICC chip built into the terminal 740 and can perform the function of storing, managing, and deleting at least one profile. Profile may collectively refer to data information such as one or more applications, subscriber authentication information, and phone book stored in the existing UICC card.
  • the eUICC 760 may be included as part of the terminal 740 as shown in FIG. 1, and is expressed as a separate module in FIGS. 2 to 6 to explain the operation between the terminal 740 and the eUICC 760.
  • the eUICC (760) may include a control unit, a storage unit, and a communication unit for installing a profile. Some of the applications within the eUICC 760 may be installed on the control unit 750, and the installed applications may include some of the LPA functions.
  • the control unit of the eUICC (760) obtains profile installation request or deletion request information through a message of the terminal 720 received through the communication unit, and then installs or deletes the profile and then installs the next profile. You can additionally check whether there is information about the request for generating key information.
  • the eUICC (760) determines operation by determining whether to enter IFPP through information in the received message or a new function defined for IFPP, and accordingly performs a profile installation or deletion procedure for IFPP and the received information. It can be processed by comparing and verifying the information in the storage unit of the eUICC (760).
  • an example of information processed through the control unit 750 by comparing and verifying information in the storage unit of the eUICC 760 is the remaining otPK.EUICC to be used next after installing or deleting a profile. This may be information such as the presence or absence of KA and whether it is necessary to create eUICC key material for next use after a specific operation (e.g. installing or deleting a profile).
  • factory IT 720 may include more or fewer components than the components described above.
  • the terminal 740 may be an electronic device, and the electronic device may be of various types.
  • Electronic devices may include, for example, portable communication devices (e.g., smartphones), computer devices, portable multimedia devices, portable medical devices, cameras, wearable devices, or consumer electronic devices.
  • the electronic device according to an embodiment of this document is not limited to the above-mentioned devices.
  • Figure 8 is a diagram briefly expressing the method and operation of transmitting a message requesting the creation of key material between the terminal 820 and the eUICC 825.
  • the factory IT/OEM 800 may obtain eUICC info (step 815) at a specific point in time prior to performing an operation requesting key material creation, that is, options 1 to 3.
  • the factory IT/OEM (800) may obtain and store eUICC info (step 815) from the EUM, or the factory IT/OEM (800) may send a message requesting eUICC info (step 815) to the eUICC (810). It may also be possible to obtain it as information received.
  • the factory IT/OEM 800 can acquire the key material to be used for the next profile installation using one of options 1 to 3.
  • Figures 2 and 5 may be an example of option 1 (steps 820 to 930), and Figures 3 and 4 may be an example of option 2 (steps 835 to 945), which were not shown in Figures 2 to 5.
  • Option 3 steps 850 to 960, which processes the request for key material creation with a new function rather than adding existing parameters for key material creation, may also be possible.
  • the factory IT/OEM (800) determines based on the previously obtained information that the eUICC has the capability to generate a key material and reply (step 815), the factory IT/OEM (800) will then use the terminal at a specific point in time.
  • the LPAf (not shown) of 805 may transmit a new function for obtaining key material to the eUICC 810 and return the key material from the eUICC 810 (step 860).
  • An example of using option 3 is not shown above, but in Figure 5 (step 550), when information is received that there is no one time public key as an error code without key material, the procedure is performed after (step 550) and before (step 565). It can be.
  • Figure 9 is a block diagram showing the structure of a terminal according to an embodiment of the present disclosure.
  • the terminal of the present disclosure may include a processor 920, a transceiver 910, and a memory 930.
  • the components of the terminal are not limited to the examples described above.
  • the terminal may include more or fewer components than the aforementioned components.
  • the processor 920, the transceiver 910, and the memory 930 may be implemented in the form of a single chip.
  • the processor 920 can control a series of processes in which the terminal can operate according to the above-described embodiment of the present disclosure.
  • the processor 920 may control the components of the terminal to perform the above-described embodiments of the present disclosure by executing a program stored in the memory 930.
  • the processor 920 may be an Application Processor (AP), a Communication Processor (CP), a circuit, an application-specific circuit, or at least one processor.
  • AP Application Processor
  • CP Communication Processor
  • the transceiver 910 can transmit and receive signals with factory IT. Signals transmitted and received from factory IT may include control information and data.
  • the transceiver 910 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency.
  • this is only an example of the transceiver unit 910, and the components of the transceiver unit 910 are not limited to the RF transmitter and RF receiver.
  • the transceiver 910 may receive a signal through a wireless channel and output it to the processor 920, and transmit the signal output from the processor 920 through a wireless channel.
  • the memory 930 may store programs and data necessary for operation of the terminal. Additionally, the memory 930 may store control information or data included in signals transmitted and received by the terminal.
  • the memory 930 may be composed of a storage medium such as ROM, RAM, hard disk, CD-ROM, and DVD, or a combination of storage media.
  • Figure 10 is a block diagram showing the structure of factory IT according to an embodiment of the present disclosure.
  • the factory IT of the present disclosure may include a processor 1020, a transceiver 1010, and a memory 1030.
  • the components of factory IT are not limited to the examples described above.
  • factory IT may include more or fewer components than those described above.
  • the processor 1020, the transceiver 1010, and the memory 1030 may be implemented in the form of a single chip.
  • the processor 1020 can control a series of processes in which factory IT can operate according to the above-described embodiment of the present disclosure.
  • the processor 1020 may control the components of factory IT so that the above-described embodiments of the present disclosure are performed by executing a program stored in the memory 1030.
  • the processor 1020 may be an Application Processor (AP), a Communication Processor (CP), a circuit, an application-specific circuit, or at least one processor.
  • AP Application Processor
  • CP Communication Processor
  • the transceiver 1010 can transmit and receive signals to and from a terminal. Signals transmitted and received from the terminal may include control information and data.
  • the transceiver 1010 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency.
  • this is only an example of the transceiver 1010, and the components of the transceiver 1010 are not limited to the RF transmitter and RF receiver.
  • the transceiver 1010 may receive a signal through a wireless channel and output it to the processor 1020, and transmit the signal output from the processor 1020 through a wireless channel.
  • the transceiver 1010 can transmit and receive signals with the profile server. Signals transmitted and received from the profile server may include control information and data.
  • the transceiver 1010 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency.
  • this is only an example of the transceiver 1010, and the components of the transceiver 1010 are not limited to the RF transmitter and RF receiver.
  • the transceiver 1010 may receive a signal through a wireless channel and output it to the processor 1020, and transmit the signal output from the processor 1020 through a wireless channel.
  • the memory 1030 may store programs and data necessary for the operation of factory IT. Additionally, the memory 1030 may store control information or data included in signals transmitted and received by factory IT.
  • the memory 1030 may be composed of a storage medium such as ROM, RAM, hard disk, CD-ROM, and DVD, or a combination of storage media.
  • Figure 11 is a block diagram showing the structure of a profile server according to an embodiment of the present disclosure.
  • the profile server of the present disclosure may include a processor 1120, a transceiver 1110, and a memory 1130.
  • the components of the profile server are not limited to the examples described above.
  • a profile server may include more or fewer components than those described above.
  • the processor 1120, the transceiver 1110, and the memory 1130 may be implemented in the form of a single chip.
  • the processor 1120 may control a series of processes by which the profile server may operate according to the above-described embodiment of the present disclosure.
  • the processor 1120 may control the components of the profile server to perform the above-described embodiments of the present disclosure by executing a program stored in the memory 1130.
  • the processor 1120 may be an Application Processor (AP), a Communication Processor (CP), a circuit, an application-specific circuit, or at least one processor.
  • AP Application Processor
  • CP Communication Processor
  • the transceiver 1110 can transmit and receive signals with factory IT. Signals transmitted and received from factory IT may include control information and data.
  • the transceiver 1110 may be comprised of an RF transmitter that up-converts and amplifies the frequency of a transmitted signal, and an RF receiver that amplifies the received signal with low noise and down-converts the frequency.
  • this is only an example of the transceiver unit 1110, and the components of the transceiver unit 1110 are not limited to the RF transmitter and RF receiver.
  • the transceiver 1110 may receive a signal through a wireless channel and output it to the processor 1120, and transmit the signal output from the processor 1120 through a wireless channel.
  • the memory 1130 may store programs and data necessary for the operation of the profile server. Additionally, the memory 1130 may store control information or data included in signals transmitted and received by the profile server.
  • the memory 1130 may be composed of a storage medium such as ROM, RAM, hard disk, CD-ROM, and DVD, or a combination of storage media.
  • FIG. 12 is a diagram showing the operation of the eUICC and profile server according to an embodiment of the present disclosure. Specifically, FIG. 12 is a diagram illustrating an example of operation when the eUICC and the profile server support multiple profile installations with IFPP, and the profile server supports both the otPK generation reply method and the multiple otPK storage method.
  • a terminal manufacturer wishing to manufacture a terminal equipped with an eUICC can order M eUICCs through the EUM/EUM server (1200).
  • the EUM 1200 may provide key materials corresponding to each eUICC for the M ordered eUICCs to the factory IT/OEM 1215 (step 1230). Key materials provided by the EUM 1200 may be transmitted as EUM-signed values.
  • the key material provided by the EUM (1200) may include otPK.EUICC.KA for each eUICC, and otPK.EUICC.KA may be signed and transmitted with the private key of the eUICC.
  • the EUM (1200) signs and transmits otPK.EUICC.KA with the eUICC's private key, it can be transmitted including eUICC certificate chain information.
  • eUICC Info may be delivered to SM-DPf before the profile server creates BPPs (step 1260). Accordingly, the EUM 1200 may further include and provide eUICC information (step 1230). Alternatively, the EUM (1200) may separately transmit eUICC information to the profile server (1210) on behalf of the Factory IT/OEM (1215).
  • eUICC information is information that factory IT/OEM can verify and can be transmitted as eUICC unsigned data.
  • eUICC info may include at least one of an identifier indicating whether IFPP is supported, identification information indicating whether the profile can be installed on the eUICC more than twice at the factory, and a method of supporting profile installation more than twice.
  • the method of supporting profile installation more than once is a method in which eUICC generates an eUICC encryption key pair and replies otPK.EUICC.KA (hereinafter used as "otPK generation reply", as an example, as described in detail in Figures 2 and 3)
  • otPK generation reply otPK returned by eUICC
  • multiple otPK storage multiple otPK storage
  • the factory IT/OEM (1215) can receive one otPK.eUICC.KA per eUICC from the EUM (1200) in step 1230. Otherwise, factory IT/OEM 1215 may receive at least one otPK.eUICC.KA for each eUICC from EUM 1200.
  • the factory IT/OEM 1215 may store encryption key information for the M ordered eUICCs in the factory IT server 1215 (step 1235).
  • the factory IT/OEM 1215 may decide to load the profile on some or all of the M eUICCs ordered from the EUM 1200.
  • the decision to load the profile may be based on a request for pre-loading the profile from the SP (service provider)/SP server 1205.
  • the factory IT/OEM (1215) provides the SP/SP server (1205) with at least one piece of information among the number of Profile(s) and the list of EID(s) so that a profile linked to the EID can be prepared in advance.
  • the profile is transmitted to 1205, and based on this, the SP/SP server 1205 can order the profiles from the profile server/server vendor 210 (step 1245).
  • the factory IT/OEM 1215 may request BPP from the profile server/server vendor 1210.
  • the factory IT/OEM (1215) requests BPP and provides key information corresponding to the eUICCs of the target terminals as many as N, which is the number of terminals on which the SP/SP server (1205) will load the profile, among the key information of the eUICCs obtained in step 1230. These can be transmitted to the profile server/server vendor 1210 (step 1255). This may be part or all of the key information received previously (step 1230).
  • the factory IT/OEM (1215) receives one otPK.EUICC.KA for each eUICC from the EUM/EUM server (1200), the factory IT/OEM (1215) can transmit it to the profile server (1210). . If the index ID was previously received as signed data in step 1230, the factory IT/OEM 1215 may further include it and transmit it.
  • the profile server 1210 can generate N BPPs (step 1260) using N key materials received from Factory IT/OEM 1215.
  • the operation of creating each BPP using the key material for each eUICC may be performed including at least one of the following operations.
  • DPf signature2 a signed DPf signature
  • the profile server has the created BPPs and certain information necessary for installing each BPP,
  • a reply message can be composed and transmitted (step 1265).
  • the message transmitted through ESbpp in (step 1265) may be a message containing at least one of N list of (BPP, signed (otPK or index id), DPf signature2), SM-DPf Certificate, and certificate chain. .
  • the profile server 1210 receives eUICC Info before step 1260,
  • step 1260 it is possible to determine whether to generate signed (otPK or index id) + DPf signature2.
  • the profile server 1210 may not generate signed (otPK or index id) + DPf signature2 in the process of generating each BPP (step 1260).
  • Factory IT/OEM (1215) stores the N list of (BPP, signed (otPK.EUICC.KA or index id) + DPf signature2), SM-DPf certificate and cert chain received in step 1265 and then sends it to the target terminal ( 1220), you can send BPP, [signed (otPK or index id)], [DPf signature2], SM-DPf certificate and cert chain.
  • Factory IT/OEM (1215) stores the N list of (BPP, signed (otPK.EUICC.KA or index id) + DPf signature2), SM-DPf certificate and cert chain received in step 1265 and then sends it to the target terminal ( 1220), you can transmit BPP, [signed (otPK or index id)], [DPf signature2], SM-DPf certificate and cert chain (step 1275 or 1290).
  • the FPA (not shown) of the terminal 1220 that has received this may transmit the parameters received through one or more ES10f functions to the eUICC 1225.
  • this may be a function such as ES10f.prepareLoading or ES10f.loadBoundProfilePackage.
  • the eUICC 1225 that has received this can prepare for profile installation and process profile installation (step 1280 or 1293).
  • the eUICC (1225) If the eUICC (1225) does not have the otPK generation reply capability, the eUICC (1225) returns an error (step 1275) when otPK.EUICC.KA or Index ID is not received from the FPA (not shown) of the terminal 1220 and performs the procedure. You can also terminate .
  • the eUICC 1225 which does not have the otPK generation reply capability, may perform profile installation preparation and installation procedures including at least one or more of the following operations in step 1280.
  • the eUICC 1225 which does not have the otPK creation reply capability, can reply to the FPA of the terminal 1220 with the profile installation result without otPK.EUICC.KA (step 1285).
  • this may be the format of profile Installation Result defined in SGP.22.
  • the eUICC (1225) proceeds to step 1293 after (step 1290) when otPK.EUICC.KA or Index ID is not received from the FPA (not shown) of the terminal 1220. It may be possible to proceed with
  • step 1293 of the eUICC 1225 may be a profile installation preparation and installation procedure that includes at least one of the following operations.
  • the eUICC 1225 may add a key material including the corresponding otPK.EUICC.KA to the installation result and reply with eUICC signed data (step 1295).
  • the factory IT/OEM (1215) can update the otPK.EUICC.KA returned through step 1295.
  • the factory IT/OEM (215) performs the procedure after (step 1255).
  • the BPP for installing the profile on the eUICC 1225 can be obtained and processed to install the profile on the eUICC 1225 through the terminal 1220.
  • the Profile Installation Result previously received in step 1285 or 1295 may be returned by the factory IT/OEM (1215) to the SM-DPf (1210) at a specific point in time.
  • the method includes obtaining information from a factory IT/OEM as to whether the eUICC is an eUICC capable of installing profiles on the eUICC multiple times at the factory in order to provision a large number of profiles to the terminals;
  • Factory IT/OEM transmitting the key material previously received from eUICC to the profile server for the next profile creation, and obtaining a new BPP created by the profile server; And transmitting the received BPP to the terminal in a factory environment to process profile installation; may include.
  • the method is to provision profiles to terminals in a factory environment.
  • the next step is to generate an eUICC one time key pair for profile installation on eUICC and generate key material including the one time public key, and reply to factory IT/OEM including the generated key material.
  • the key material may include a one-time eUICC encryption public key.
  • a computer-readable storage medium that stores one or more programs (software modules) may be provided.
  • One or more programs stored in a computer-readable storage medium are configured to be executable by one or more processors in an electronic device (configured for execution).
  • One or more programs include instructions that cause the electronic device to execute methods according to embodiments described in the claims or specification of the present disclosure.
  • These programs include random access memory, non-volatile memory including flash memory, read only memory (ROM), and electrically erasable programmable ROM. (EEPROM, electrically erasable programmable read only memory), magnetic disc storage device, compact disc-ROM (CD-ROM), digital versatile discs (DVDs), or other types of disk storage. It can be stored in an optical storage device or magnetic cassette. Alternatively, it may be stored in a memory consisting of a combination of some or all of these. Additionally, a plurality of each configuration memory may be included.
  • non-volatile memory including flash memory, read only memory (ROM), and electrically erasable programmable ROM.
  • EEPROM electrically erasable programmable read only memory
  • magnetic disc storage device compact disc-ROM (CD-ROM), digital versatile discs (DVDs), or other types of disk storage. It can be stored in an optical storage device or magnetic cassette. Alternatively, it may be stored in a memory consisting of a combination of some or all of these. Additionally, a
  • the program can be accessed through a communication network such as the Internet, an intranet, a local area network (LAN), a wide LAN (WLAN), or a storage area network (SAN), or a combination thereof. It may be stored in an attachable storage device that can be accessed. This storage device can be connected to a device performing an embodiment of the present disclosure through an external port. Additionally, a separate storage device on a communication network may be connected to the device performing an embodiment of the present disclosure.
  • a communication network such as the Internet, an intranet, a local area network (LAN), a wide LAN (WLAN), or a storage area network (SAN), or a combination thereof. It may be stored in an attachable storage device that can be accessed. This storage device can be connected to a device performing an embodiment of the present disclosure through an external port. Additionally, a separate storage device on a communication network may be connected to the device performing an embodiment of the present disclosure.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente divulgation se rapporte à un système de communication 5G ou 6G permettant de prendre en charge des débits de transmission de données supérieurs. Un procédé mis en œuvre par un terminal possédant un eUICC dans un système de communication sans fil peut comprendre les étapes consistant à : recevoir, en provenance d'une usine, un premier message comprenant un BPP pour une installation de profil et de premières informations de clé de chiffrement associées au BPP ; installer un profil sur la base du premier message par l'intermédiaire de l'eUICC ; et envoyer, à l'usine, un second message comprenant le résultat d'installation du profil.
PCT/KR2023/017994 2022-11-10 2023-11-09 Procédé et appareil de génération de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil WO2024101925A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20220149908 2022-11-10
KR10-2022-0149908 2022-11-10
KR10-2023-0143969 2023-10-25
KR1020230143969A KR20240068539A (ko) 2022-11-10 2023-10-25 무선 통신 시스템에서 프로파일 프로비저닝을 위한 eUICC의 암호화 키 생성 방법 및 장치

Publications (1)

Publication Number Publication Date
WO2024101925A1 true WO2024101925A1 (fr) 2024-05-16

Family

ID=91033287

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2023/017994 WO2024101925A1 (fr) 2022-11-10 2023-11-09 Procédé et appareil de génération de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil

Country Status (1)

Country Link
WO (1) WO2024101925A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180004119A (ko) * 2015-05-07 2018-01-10 삼성전자주식회사 프로파일 제공 방법 및 장치
KR20180069074A (ko) * 2015-11-13 2018-06-22 삼성전자주식회사 단말의 eUICC(embedded universal integrated circuit card)에 프로파일을 다운로드하는 방법 및 장치
US20190007835A1 (en) * 2017-06-30 2019-01-03 Apple Inc. Profile installation based on privilege level
US20210314148A1 (en) * 2020-04-03 2021-10-07 Apple Inc. Electronic subscriber identity module transfer credential wrapping
EP3741145B1 (fr) * 2018-01-15 2022-11-09 Telefonaktiebolaget LM Ericsson (publ) Gestion de profil d'un dispositif de communication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180004119A (ko) * 2015-05-07 2018-01-10 삼성전자주식회사 프로파일 제공 방법 및 장치
KR20180069074A (ko) * 2015-11-13 2018-06-22 삼성전자주식회사 단말의 eUICC(embedded universal integrated circuit card)에 프로파일을 다운로드하는 방법 및 장치
US20190007835A1 (en) * 2017-06-30 2019-01-03 Apple Inc. Profile installation based on privilege level
EP3741145B1 (fr) * 2018-01-15 2022-11-09 Telefonaktiebolaget LM Ericsson (publ) Gestion de profil d'un dispositif de communication
US20210314148A1 (en) * 2020-04-03 2021-10-07 Apple Inc. Electronic subscriber identity module transfer credential wrapping

Similar Documents

Publication Publication Date Title
WO2016163796A1 (fr) Procédé et appareil de téléchargement d'un profil dans un système de communication sans fil
WO2016080726A1 (fr) Appareil et procédé d'installation de profil dans un système de communication
WO2019050325A1 (fr) Procédé et appareil de prise en charge d'un transfert de profil entre des dispositifs dans un système de communication sans fil
WO2021241905A1 (fr) Sélection efficace de plmn lors d'une défaillance d'authentification pour chaque tranche de réseau dans un réseau d'itinérance
WO2016024695A1 (fr) Procédé et appareil de téléchargement de profil de dispositifs de groupe
WO2016178548A1 (fr) Procédé et appareil de fourniture de profil
WO2016153281A1 (fr) Procédé et appareil de téléchargement de profil dans un système de communication sans fil
WO2020171672A1 (fr) Procédé d'interfonctionnement entre un processus de téléchargement de faisceau et un processus de téléchargement de profil esim par un terminal ssp
WO2021066569A1 (fr) Procédé et appareil permettant la réinstallation d'un profil de sim dans un système de communication sans fil
WO2020080909A1 (fr) Procédé et appareil de traitement d'exception de gestion de profils à distance
WO2022031148A1 (fr) Procédé et appareil pour installer et gérer de multiples profils esim
WO2019107876A1 (fr) Procédé et appareil de gestion d'événement dans un système de communication
WO2022139373A1 (fr) Procédé et appareil de gestion d'informations d'authentification et d'abonnement dans un système de communication sans fil
WO2022014944A1 (fr) Traitement de nssai rejetées en raison d'une défaillance de nssaa
WO2022108357A1 (fr) Procédé et appareil de gestion de profils par prise en compte d'une euicc amovible prenant en charge de multiples profils activés
EP3854115A1 (fr) Procédé et appareil de traitement d'exception de gestion de profils à distance
EP3155866A1 (fr) Procédé et dispositif pour service de contenu sélectif dans un système de communication
WO2020171475A1 (fr) Procédé de changement de dispositif et appareil de système de communication sans fil
WO2014171711A1 (fr) Procédé pour favoriser la politique de restriction des changements de prestataires de services pour l'abonné dans les communications mobiles et appareil associé
WO2021201644A1 (fr) Procédé et appareil de gestion d'événement pour plate-forme sécurisée intelligente
WO2016133369A1 (fr) Procédé et appareil pour recevoir un profil par un terminal dans un système de communication mobile
WO2024101925A1 (fr) Procédé et appareil de génération de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil
WO2022092976A1 (fr) Procédé et dispositif de gestion de faisceau de communication de plateforme sécurisée intelligente
WO2024072114A1 (fr) Procédé et dispositif de gestion de clé de chiffrement euicc pour la fourniture de profil dans un système de communication sans fil
WO2024034949A1 (fr) Procédé et dispositif de fourniture de profil dans un système de communication sans fil

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23889182

Country of ref document: EP

Kind code of ref document: A1