+

WO2013066114A1 - Procédé de sauvegarde de sécurité d'un profil existant dans une carte uicc intégrée, carte uicc intégrée, entité externe et dispositif de sauvegarde de sécurité - Google Patents

Procédé de sauvegarde de sécurité d'un profil existant dans une carte uicc intégrée, carte uicc intégrée, entité externe et dispositif de sauvegarde de sécurité Download PDF

Info

Publication number
WO2013066114A1
WO2013066114A1 PCT/KR2012/009201 KR2012009201W WO2013066114A1 WO 2013066114 A1 WO2013066114 A1 WO 2013066114A1 KR 2012009201 W KR2012009201 W KR 2012009201W WO 2013066114 A1 WO2013066114 A1 WO 2013066114A1
Authority
WO
WIPO (PCT)
Prior art keywords
euicc
backup
profile
key
command
Prior art date
Application number
PCT/KR2012/009201
Other languages
English (en)
Korean (ko)
Inventor
이진형
Original Assignee
주식회사 케이티
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 케이티 filed Critical 주식회사 케이티
Priority claimed from KR1020120123718A external-priority patent/KR20130049748A/ko
Publication of WO2013066114A1 publication Critical patent/WO2013066114A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a technology for managing a profile in an embedded UICC (eUICC).
  • eUICC embedded UICC
  • a UICC Universal Integrated Circuit Card, hereinafter referred to as "UICC" is a smart card that can be inserted into a terminal and used as a module for user authentication.
  • the UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes.
  • the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user.
  • IMSI International Mobile Subscriber Identity
  • the UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.
  • SIM Subscriber Identity Module
  • GSM Global System for Mobile communications
  • USBMA Wideband Code Division Multiple Access
  • the user mounts the UICC on the user's terminal
  • the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal.
  • the user replaces the terminal the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.
  • Terminals requiring miniaturization for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC.
  • M2M machine-to-machine
  • an embedded UICC Embedded UICC
  • a removable UICC In the built-in UICC, user information using the UICC should be recorded in IMSI format.
  • the existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider.
  • the manufactured terminal can be assigned an IMSI in the embedded UICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied.
  • Both the mobile operator and the terminal manufacturer ordering the terminal have to pay attention to the product inventory and there is a problem that the product price increases.
  • the user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of the built-in UICC, a method for allowing a user to open the terminal regardless of the mobile communication provider is required.
  • the embedded SIM (hereinafter, referred to as "eSIM") that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference.
  • eSIM embedded SIM
  • the international standardization bodies of GSMA and ETSI are conducting standardization activities on the necessary elements, including top-level structures, with relevant companies such as operators, manufacturers and SIM vendors.
  • SM Session Management
  • Subscription Manager which plays an overall management role of eSIM by issuing Operator Credential (Profile) to eSIM and handling the process of subscription change. Means the entity or its function / role.
  • GSMA has proposed a structure that classifies the role of SM into SM-DP (Data Preparation), which plays a role of generating operator information, and SM-SR (Secure Routing), which carries carrier information directly to eSIM.
  • SM-DP Data Preparation
  • SM-SR Secure Routing
  • eSIM provides communication and supplementary services as the profile is issued in eSIM by software.
  • supplementary services after issuing eSIM, post-issuance (personalization process-real finance) from service provider (eg credit card company, bank, securities, etc.)
  • service provider eg credit card company, bank, securities, etc.
  • the process of issuing the information) and the modification is made to the initially loaded profile.
  • the user profile is backed up to the eSIM infrastructure (MNO, SM-DP, service provider server, manufacturer server, financial company server, etc.) There is no way to mount (restore) it back to a new eSIM-enabled device. If the backup technology does not exist, when the user post-issues the additional service on the eSIM-equipped device, a situation arises in which a user needs to reissue all the existing additional services when changing to a new eSIM-equipped device.
  • MNO mobile operator
  • SM-DP service provider server
  • manufacturer server manufacturer server
  • financial company server etc.
  • Another object of the present invention is to provide an interworking method between devices for backing up a profile in an eUICC.
  • Still another object of the present invention is to ensure that a profile backup in the eUICC is safely performed when the profile in the eUICC is backed up to another device.
  • Another object of the present invention is to provide a method of triggering a profile backup in an eUICC by a network and a method of triggering a profile backup in an eUICC by a terminal.
  • the present invention provides a method for backing up a profile in an embedded universal integrated circuit card (eUICC), the method comprising: encrypting a profile in the eUICC managed by the eUICC through interworking with an external entity; Sending, by the eUICC, the encrypted profile as a backup profile; Decrypting the backup profile by a decryption device including at least one of a backup device and an external entity; And the backup device provides a profile backup method in the eUICC comprising the step of backing up the decrypted backup profile.
  • eUICC embedded universal integrated circuit card
  • an embedded UICC for backing up the internal profile
  • an encryption module for encrypting the profile in the eUICC managed by interworking with an external entity
  • a communication module for transmitting the encrypted profile by the encryption module as a backup profile for backing up the encrypted profile to a backup device.
  • the present invention provides an external entity for a backup of a profile in an embedded embedded universal integrated circuit card (eUICC), the receiving module receiving a backup profile encrypted with the profile in the eUICC managed by the external entity; A decryption module for decrypting the encrypted backup profile; And a transmission module for transmitting the decrypted backup profile to the backup device.
  • eUICC embedded embedded universal integrated circuit card
  • the present invention is a backup device for the backup of the profile in the embedded embedded integrated integrated circuit card (eUICC), the external profile of the encrypted backup profile in the eUICC managed by interworking with an external object
  • eUICC embedded embedded integrated circuit card
  • And a backup module for backing up the decrypted backup profile is a backup device for the backup of the profile in the embedded embedded integrated integrated circuit card (eUICC), the external profile of the encrypted backup profile in the eUICC managed by interworking with an external object
  • a receiving module for receiving from the entity
  • a decryption module for decrypting the encrypted backup profile
  • And a backup module for backing up the decrypted backup profile.
  • the present invention provides a profile backup system in an embedded UICC (eUICC), which includes an eUICC that encrypts an internal profile managed through interworking with an external object and transmits the internal profile as a backup profile. device; A decryption apparatus for decrypting the backup profile; And a backup device for backing up the decrypted backup profile.
  • eUICC embedded UICC
  • Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.
  • eSIM eUICC
  • FIG. 2 shows a system architecture of an SM separation environment to which the present invention may be applied.
  • FIG. 3 is an overall flowchart of a provisioning process in a service architecture to which the present invention is applied.
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process to which the present invention is applied.
  • FIG. 5 is a diagram illustrating an overall system structure for profile backup in an eUICC environment according to an embodiment of the present invention.
  • FIG. 6 illustrates a flow of a profile backup method in an eUICC environment according to an embodiment of the present invention, and illustrates a network triggered method.
  • FIG. 7 illustrates a flow of a profile backup method in an eUICC environment according to another embodiment of the present invention, and illustrates a device triggered method.
  • FIG. 8 is a diagram schematically showing a system for profile backup in an eUICC according to an embodiment of the present invention.
  • FIG. 9 is a flowchart illustrating a profile backup method in an eUICC according to an embodiment of the present invention.
  • FIG. 10 is a detailed flowchart of a profile backup process triggering step in an eUICC according to an embodiment of the present invention.
  • FIG. 11 is another detailed flowchart of a profile backup process triggering step in an eUICC according to an embodiment of the present invention.
  • FIG. 12 is a block diagram of an eUICC for profile backup in an eUICC according to an embodiment of the present invention.
  • FIG. 13 is a block diagram of a subscription management apparatus for profile backup in an eUICC according to an embodiment of the present invention.
  • FIG. 14 is a block diagram of a backup apparatus for profile backup in an eUICC according to an embodiment of the present invention.
  • M2M (Machine-to-Machine) terminal which is actively discussed in the current GSMA, should be small in size.
  • a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.
  • the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as “MNO”) that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).
  • MNO mobile network operator
  • the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.
  • the built-in SIM (hereinafter, referred to as “eSIM” or “eUICC”) that is integrally mounted on the terminal has an opening authority, additional service business initiative, and subscriber information due to the physical structure difference.
  • eSIM embedded SIM
  • eUICC embedded SIM
  • the international standardization bodies of the GSMA and ETSI are conducting standardization activities on relevant elements such as operators, manufacturers, SIM vendors (Vendors), and other necessary elements, including top-level structures.
  • SM is at the center of issues as eSIM is discussed through standardization bodies, and issues an important profile (which can be called Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package, etc.) to eSIM and initiates the process of changing subscriptions. It refers to an entity or a function / role that plays an overall administrative role for eSIM, such as processing.
  • GSMA has proposed a structure that classifies SM into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which carries carrier information directly to eSIM. It does not mention the technical actual issuance method.
  • SM-DP Data Preparation
  • SM-SR Secure Routing
  • the present invention proposes a method for managing eSIM by utilizing dynamic encryption key (public key, etc.) generation in the SM role separation environment of GSMA.
  • eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through.
  • IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.).
  • Java Card Platform Java Card Platform is one of the platforms that can provide services and load multiple applications, such as smart cards.
  • SIM requires a SIM service management platform that is responsible for loading and managing applications.
  • the SIM service management platform issues data to the SIM memory area through authentication and security with management keys.
  • the Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
  • eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).
  • management keys UICC OTA Key, GP ISD Key, etc.
  • the management key or the eSIM management key or the eUICC management key is an access authentication key to the eSIM for safely delivering the operator information to the eSIM, and is a concept distinct from the encryption key (public key, etc.) mainly dealt with in the present invention. As described below, it may be expressed as eUICC access credentials.
  • SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package.
  • SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).
  • OTA Over-The-Air
  • GP SCP GP Secure Communication Protocol
  • MNO1 is SM1
  • SM1 is SM4
  • SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
  • a mobile network operator refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.
  • a subscription manager is a subscription management device and performs a management function of an eUICC.
  • eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).
  • Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • a device's provider in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
  • Provisioning refers to a process of loading a profile into an eUICC
  • a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.
  • Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.
  • eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.
  • Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .
  • a profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.
  • PCFs policy control functions
  • Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.
  • Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.
  • eSIM eUICC
  • the eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • MNO systems one or more SM systems
  • eUICC manufacturer system an eUICC manufacturer system
  • device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject.
  • the dashed line in FIG. 1 shows the trust circle, and the two solid lines represent the secure link.
  • the MNO and eUICC must be able to decode the MNO Credentials information, that is, the profile (operation profile, provisioning profile, etc.).
  • the profile operation profile, provisioning profile, etc.
  • the only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • Subscriptions cannot be switched within the eUICC outside of operator policy control.
  • the user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.
  • the MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.
  • MNO credentials or profiles must be done in a secure manner from end to end.
  • the transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO.
  • No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
  • the operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.
  • SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.
  • the SM has no direct relationship with the MNO subscriber for subscription management.
  • the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.
  • the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts.
  • the donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.
  • the architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC.
  • the SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.
  • SM can be divided into two sub-functions such as SM-SR and SM-DP.
  • SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.
  • SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission.
  • the key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Can be added.
  • SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.
  • SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC.
  • the key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC.
  • To manage communication with eUICC 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).
  • the SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.
  • the circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery.
  • MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves.
  • EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.
  • 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.
  • FIG. 2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.
  • the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.
  • SM-DP can be linked with SM-SR and MNO system can be linked with SM-DP
  • FIG. 3 is an overall flowchart of a provisioning process corresponding to a first subscription in a system to which the present invention is applied.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO. (Request activation; S310) Then, in step S320, the eUICC is transmitted between the MNO and the eUICC. Status request and technical capability control request / confirmation are performed (eUICC status request and technical capability control; S320).
  • IMEI device identification information
  • eICCid eUICC identification information
  • the eUICC uses PKI key information (key generation algorithm, key length, key generation method, etc.) that is its public key (PK) or profile access credential information.
  • PKI key information key generation algorithm, key length, key generation method, etc.
  • PK public key
  • profile access credential information Providing to the MNO system or SM-SR may be included.
  • step S330 the MNO verifies the eUICC identity between the SM-SR and collects information about the device (eUICC).
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR according to an embodiment of the present invention.
  • the acquisition of such a public key may be static or dynamic. If the static key is made publicly, the eUICC is already manufactured at the time of manufacture of the eUICC, and specifically disclosed through a cryptographic operation processor (CCP, etc.) in the eUICC. A key and a secret key are generated so that the eUICC stores a secret key, and the public key is shared by all SM-SRs so that the public key for a specific eUICC can be recognized. The public key for the eUICC is delivered to the MNO.
  • CCP cryptographic operation processor
  • Dynamic encryption key acquisition method when there is a request (including specific eUICC identification information) from the MNO, SM-SR requests the public key transmission to the corresponding eUICC, the corresponding eUICC in the terminal equipped with eUICC Issuance processing module (not limited to this term, may be referred to as communication module, provisioning module, issuing module, opening module, etc., and serves as communication and provisioning management with the outside of the eUICC-equipped terminal for eUICC provisioning) or within the eUICC Security module (encryption key generation module, encryption key processing module, security policy module, credential manager, profile manager) such as encryption key generation in eUICC and security operation using encryption key Module) to generate a public key and then deliver the public key to the SM-SR.
  • eUICC Issuance processing module not limited to this term, may be referred to as communication module, provisioning module, issuing module, opening module, etc., and serves as communication and provisioning management with the outside of the e
  • one security module mounted in the eUICC may be commonly installed in the eUICC according to an eUICC manufacturing step or an eUICC policy thereafter, and a plurality of security modules may be installed for each MNO according to the eUICC policy and each MNO policy.
  • the MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through the SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • Primary encryption, step S340 In this case, in order to provide authenticity, the SM-DP may generate an additional digital signature with its own private key. That is, in step S340, the SM-DP may sign the profile with its own private key or secret key for authentication.
  • the MNO sends the primary encrypted (eUICC) profile to the SM-SR and requests secondary encryption
  • the SM-SR uses the eUICC management keys (eUICC OTA key, GP ISD key, etc.) already stored.
  • the second eUICC profile is encrypted and transferred to the MNO.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S360).
  • the public key or certificate of the SM-DP may be transmitted to the eUICC together to provide authentication. have.
  • eUICC Since eUICC already knows eUICC management key, it decrypts first and then decrypts the profile to be used for provisioning by second decryption using the secret key corresponding to its public key (already known at the manufacturing or public key dynamic generation stage). can do. At this time, the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) Signature verification can be performed).
  • step S370 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR that have finished provisioning.
  • step S310 the eUICC identification information (eICCid, etc.) is public data and must be integrated and protected inside the eUICC.
  • step S320 and S330 the status request and technical possibility control provide proof of the eUICC identity (trusted eUICC), and should be able to confirm the eligibility of the eUICC characteristic for the MNO service.
  • a double encryption mechanism is used for generating and transmitting an eUICC profile. That is, the generation profile linked to the eUICC by the SM-DP is encrypted by an encryption mechanism that can only be read by the target eUICC, and the digital signature is performed by the SM-DP to confirm that the profile is generated from a legitimate SM-DP.
  • SM-SR encrypts the generated profile with an eUICC management key to authenticate and protect the eUICC during delivery.
  • the SM-SR database may be updated at the end of the subscription installation (Subscription installation).
  • FIG. 4 is an overall flowchart of a subscription change or MNO change process to which the present invention is applied.
  • the provisioning process of FIG. 3 is similar to the provisioning process of FIG. 3 (i.e., after the change, the new MNO corresponds to the MNO of FIG. 3), except that the new MNO negotiates and transfers rights to the donor MNO before and after profile generation for the new MNO. Is different. (Step S440 ")
  • the difference between the MNO change process of FIG. 4 and the provisioning process of FIG. 3 is that, using a provisioning or operation active profile, an activation request is sent to a donor MNO OTA bearer, and the new MNO is either new OTA or OTI. To request a path from the SM-SR to download the profile.
  • the eUICC transmits an activation request including device identification information (IMEI, etc.) and eUICC identification information (eICCid, etc.) to the MNO (Receiving MNO) to be changed. (Request activation; S410) Then, step S420 An eUICC status request and technical capability control request / confirmation is performed between the receiving MNO and the eUICC at (eUICC status request and technical capability control; S420).
  • IMEI device identification information
  • eICCid eUICC identification information
  • step S420 the eUICC selects PKI key information (key generation algorithm, key length, key generation method, etc.) that is its public key (PK) or profile access credential information.
  • PKI key information key generation algorithm, key length, key generation method, etc.
  • PK public key
  • step S420 the eUICC selects PKI key information (key generation algorithm, key length, key generation method, etc.) that is its public key (PK) or profile access credential information.
  • PK public key
  • profile access credential information The process provided by the corresponding MNO system or SM-SR may be included as in the provisioning process S320.
  • step S430 the receiving MNO collects eUICC identity verification and information about the device (eUICC) between the SM-SR (eUICC identity verification and collect information about device).
  • the MNO may obtain an encryption key for the corresponding eUICC, specifically, a public key corresponding to the eUICC, from the SM-SR according to an embodiment of the present invention. .
  • one security module mounted in the eUICC may be commonly installed in the eUICC according to an eUICC manufacturing step or an eUICC policy thereafter, and a plurality of security modules may be installed for each MNO according to the eUICC policy and each MNO policy.
  • Receiving MNO that has obtained the public key (encryption key) of the eUICC creates a new eUICC profile for the MNO through SM-DP, encrypts the profile with the acquired eUICC public key (encryption key), and sends it to the MNO.
  • the SM-DP may generate an additional digital signature with its private key. That is, in step S440 SM-DP can digitally sign the profile with its own private key or secret key for authentication.
  • a negotiation and rights transfer step S440 may be performed before or after step S440.
  • This negotiation and rights transfer step S440 may be performed by a new receiving MNO to a previous MNO (donor MNO). It is the process of requesting whether or not to make a decision and transferring the rights (information) due to the change of MNO.
  • a new Receiving MNO requests authentication of the donor MNO for subscription switching, and this authentication may be provided by a Policy Control Function.
  • the SM-SR stores the eUICC management key (eUICC OTA key, GP ISD key, etc.) already stored. Secondly encrypt the eUICC profile by using and transmits to the MNO.
  • eUICC management key eUICC OTA key, GP ISD key, etc.
  • the MNO transmits the double ciphered eUICC profile to the corresponding eUICC (step S460).
  • the public key or certificate of the SM-DP can be transmitted to the eUICC together to provide authentication. have.
  • eUICC Since eUICC already knows the eUICC management key, it decrypts it first, and then decrypts it with the secret key corresponding to its public key (which is already known at the manufacturing or public key dynamic generation stage), so that the profile to be used for MNO change is completely Can be decrypted At this time, the eUICC is the SM-DP's public key (in the case of a certificate, from a trusted third party) Signature verification can be performed).
  • step S470 the SM-SR database is updated according to a status request and a response between the eUICC and the SM-SR which have finished provisioning.
  • eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through.
  • IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg : Java Card Platform, etc.).
  • Java Card Platform Java Card Platform is one of the platforms that can provide services and load multiple applications, such as smart cards.
  • SIM requires a SIM service management platform that is responsible for loading and managing applications.
  • the SIM service management platform issues data to the SIM memory area through authentication and security with a management key, and the Global Platform and the Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
  • RFM Remote File Management
  • RAM Remote Application Management
  • SM one of the important elements in the eSIM environment, eSIM is responsible for issuing communication and additional service data through a management key remotely.
  • SM-DP securely builds business information (IMSI, K, OPc, additional service data, etc.) and forms credential packages.
  • SM-SR is a credential package generated by SM-DP. Secure download to eSIM via SIM remote management technologies such as OTA or GP Secure Communication Protocol (CP SCP).
  • CP SCP GP Secure Communication Protocol
  • the GSMA proposed the structure of "Circle of Trust" in the figure below to establish an end-to-end trust relationship between MNO and eSIM by overlapping trust relationships between similar entities.
  • MNO is SM1
  • SM1 is SM4
  • SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
  • eSIM provides communication and supplementary services by profiling software into eSIM.
  • profiling software eSIM.
  • post-issuance personalization process-
  • service provider eg credit card company, bank, securities, etc.
  • the process of issuing the actual financial information occurs and the modification is made to the initially loaded profile.
  • the user profile is backed up to the eSIM infrastructure (MNO, SM-DP, service provider server, manufacturer server, finance company server, etc.) There is no way to mount (restore) it back to a new eSIM-enabled device. If the backup technology does not exist, when the user post-issues the additional service on the eSIM-equipped device, a situation arises in which a user needs to reissue all the existing additional services when changing to a new eSIM-equipped device.
  • MNO eSIM infrastructure
  • SM-DP service provider server
  • manufacturer server manufacturer server
  • finance company server etc.
  • the present invention proposes a method of backing up the issued and post-issued profile in the eSIM based on the SM role separation environment proposed by the GSMA.
  • the present invention is not limited to the provisioning or MNO change process according to FIGS. 3 and 4 described above, and as long as a trust relationship can be established between entities related to the eUICC using the trust information defined in the present invention. This could apply to any other environment or system.
  • FIG. 5 is a diagram illustrating an overall system structure for profile backup in an eUICC environment according to an embodiment of the present invention.
  • the basic higher structure of the present invention is based on the GSMA proposed eSIM structure as shown in FIG.
  • the present invention securely backs up all profiles in the eSIM (including information changed due to post-issuance of additional services after issuance) using PK (Public Key Cryptography), such as MNO, SM-DP, manufacturers, service providers, financial companies. Etc.).
  • PK Public Key Cryptography
  • the backup and restoration target information of the present invention is a profile including data and applications of communication and additional services, and in the case of additional services, data of a state in which post-issuance is completed from a service provider (eg, credit card company, bank, securities, etc.); Means an application.
  • a service provider eg, credit card company, bank, securities, etc.
  • the phone book information, the opened operator profile (information such as the phone number is updated according to the subscriber information), and the additional service area may be financial information (eg, user account information). , Credit card information, etc.) may be an additional service profile in which issuance is completed.
  • financial information eg, user account information
  • various profiles created by the necessity of an entity capable of issuing a profile to the eSIM may be a backup target.
  • the basic structure of the present invention is as shown in Figure 5, the basic operation is to encrypt the profile in the eSIM using the public key of the backup host system (for example, Profile Backup Credential, Profile Protection Credential, Profile Access Credential, etc.), eSIM security If you encrypt it with a key (e.g. eUICC Access Credential, ISD Key, GP Key, UICC OTA Key, etc.) and pass it to the SM-SR, the SM-SR decrypts it and forwards it to the backup host system. Backup is performed by performing final decryption with private key of.
  • the public key of the backup host system for example, Profile Backup Credential, Profile Protection Credential, Profile Access Credential, etc.
  • eSIM security If you encrypt it with a key (e.g. eUICC Access Credential, ISD Key, GP Key, UICC OTA Key, etc.) and pass it to the SM-SR, the SM-SR decrypts it and forwards it to the backup host system
  • the backed up information will be restored into the eSIM following the basic issuance process.
  • the backup operation of the present invention can be classified into a case starting from a network and a case starting from an eSIM-equipped device, as shown in FIGS. 6 and 7, and details are as follows.
  • FIG. 6 illustrates a flow of a profile backup method in an eUICC environment according to an embodiment of the present invention, and illustrates a network triggered method.
  • Step S600 When the backup host system needs to back up the eSIM profile of a specific device, the backup host system generates a backup command applied with eSIM security key based security in conjunction with the SM-SR and transmits it to the eSIM-equipped device. (At this time, the public key or public certificate of the backup host system may be sent together.)
  • Step S602 The eSIM performs authentication and decryption of the command using the eSIM security key, encrypts the profile in the eSIM with the public key of the backup hosting system, and then re-encrypts the eSIM security key.
  • the public key of the backup hosting system can be obtained from a third party, and the eSIM can add signature information by signing its encrypted data with its own private key.
  • Step S604 The backup profile double encrypted by the eSIM is transmitted to the SM-SR.
  • Step S606 The SM-SR decrypts the double-encrypted backup profile with an eSIM security key.
  • Step S608 The backup profile (backup provider information) decrypted by the SM-SR is transmitted to the backup hosting system.
  • Step S610 The backup host system decrypts the backup provider information received from the SM-SR with its own private key to perform a backup process. (At this time, if the digital signature is included, signature verification can be performed with the eSIM's public key.)
  • FIG. 7 illustrates a flow of a profile backup method in an eUICC environment according to another embodiment of the present invention, and illustrates a device triggered method.
  • Step S700 The eSIM-equipped device sends a backup command (backup request) encrypted with the eSIM security key to the backup host system.
  • step S702 the backup host system transmits the received encrypted backup command to the SM-SR, requests decryption, and receives a response from the SM-SR.
  • step S704 the backup host system generates a backup approval command (response to the backup command) to which the eSIM security key-based security is applied in association with the SM-SR.
  • step S706 the backup host system transmits a backup approval command to the eSIM-equipped device. (At this time, the public key or public certificate of the backup host system may be sent together.)
  • Step S708 The eSIM performs authentication and decryption of the command using the eSIM security key, encrypts the operator information in the eSIM with the public key of the backup hosting system, and then re-encrypts the eSIM security key.
  • the public key of the backup hosting system can be obtained from a third party, and the eSIM can add signature information by signing its encrypted data with its own private key.
  • Step S710 The backup profile double encrypted by the eSIM is transmitted to the SM-SR.
  • Step S712 The SM-SR decrypts the backup profile double encrypted with the eSIM security key.
  • Step S714 The SM-SR transmits the decrypted backup profile to the backup hosting system.
  • Step S716 The backup hosting system decrypts the backup profile received from the SM-SR with its private key and performs the backup process. (At this time, if the digital signature is included, signature verification can be performed with the eSIM's public key.)
  • the GSMA in the SM role separation environment proposed by the GSMA to safely back up the profile (including changes through opening, post-issuance, user information input, etc.) to the eSIM infrastructure and restore to a new eSIM-equipped device It becomes possible. This enables the eSIM-equipped device to provide the service continuity that the existing USIM had (services stored in the USIM are continuously maintained with the USIM even when the terminal is changed). In addition, profiles can be exchanged between eSIM-equipped devices as needed.
  • the backup host system mentioned above is described as a backup device.
  • the eSIM and the eUICC are used as equivalent concepts, but for the sake of convenience of explanation, the following description will be referred to as the eUICC.
  • FIG. 8 is a diagram schematically illustrating a system (profile backup system in an eUICC) for profile backup in an eUICC 810 according to an embodiment of the present invention.
  • the system for backing up a profile in an eUICC 810 encrypts an internal profile managed through interworking with an external object and transmits the eUICC 810 as a backup profile.
  • Device 800 also referred to as a "terminal"
  • a decryption apparatus for decrypting a backup profile which is a profile encrypted by the eUICC 810
  • a backup apparatus 830 for backing up the backup profile decrypted by the decryption apparatus, and the like. It includes.
  • the decryption apparatus described above may include one or more of an external entity and a backup apparatus 830.
  • an external entity that manages a profile in the eUICC 810 and may also have a decryption function is also called an external device.
  • the subscription management device illustrated in FIG. SM the subscription management device illustrated in FIG. SM: Subscription Manager (820) or a Profile Manager (PM).
  • the external entity will be described as a subscription management device 820.
  • the subscription management device 820 may issue an operator credential profile to the eUICC 810 and process an overall management role of the eUICC 810 such as processing a subscription change process, or a function thereof. Can mean a role.
  • a subscription manager may be classified into SM-DP (Data Preparation), which plays a role of generating operator information, and SM-SR (Secure Routing), which directly carries operator information to the eUICC 810 in terms of roles.
  • the subscription management apparatus 820 described with reference to FIGS. 8 to 14 may be Secure Routing (SM-SR).
  • FIG. 9 is a flowchart illustrating a profile backup method in an eUICC 810 according to an embodiment of the present invention.
  • an eUICC encrypts a profile in an eUICC managed by interworking with a subscription management device 820.
  • a step S906 is performed, and the backup device 830 backs up the backup profile decrypted by the decryption device (S908).
  • the eUICC may encrypt a profile in the eUICC using one encryption key or two or more encryption keys.
  • the decryption apparatus including at least one of the backup apparatus 830, the subscription management apparatus 820, and the like, the backup transmitted from the eUICC using one decryption key or two or more decryption keys. Decrypt the profile.
  • the encryption key may vary according to an encryption method.
  • the encryption key may include one or more of a backup device public key and an eUICC security key
  • the decryption key may vary according to a decryption method corresponding to the encryption method.
  • it may include one or more of a backup device private key and an eUICC security key.
  • the backup device public key mentioned above may be, for example, one of a profile backup credential, a profile protection credential, a profile access credential, and the like.
  • the eUICC security key may be, for example, one of an eUICC access credential, an Issuer Security Domain (ISD) key, a GP Key, and a UICC OTA key.
  • ISD Issuer Security Domain
  • step S902 the eUICC encrypts the profile in the eUICC using two encryption keys (primary encryption key and secondary encryption key)
  • the eUICC uses the primary encryption key in the eUICC.
  • the profile may be primary encrypted, and the primary encrypted profile may be secondary encrypted using the secondary encryption key.
  • the primary encryption key may be a backup device public key
  • the secondary encryption key may be an eUICC security key.
  • the primary encryption key is described as a backup device public key
  • the secondary encryption key is described as an eUICC security key.
  • step S906 the decryption apparatus including the backup apparatus 830 and the subscription management apparatus 820 decrypts the backup profile, which is a profile twice encrypted in the eUICC, using two encryption keys. can do.
  • the subscription management device 820 first decrypts the backup profile (dual encrypted profile) transmitted from the eUICC with the primary decryption key using the eUICC security key, and then the backup device 830
  • the backup profile decrypted by the subscription management device 820 may be secondly decrypted with the secondary decryption key.
  • the primary decryption key may be an eUICC security key
  • the secondary decryption key may be a backup device private key.
  • the primary decryption key is described as an eUICC security key
  • the secondary decryption key is described as a backup device private key.
  • the profile (s) in the eUICC described herein may include one or more of data and applications related to one or more of communication services and additional services.
  • the profile (s) in the eUICC may include, for example, one or more of phonebook information and an opened operator profile in relation to a communication service.
  • the profile (s) in the eUICC may include, for example, one or more of data and applications in a state where issuance is completed from a service provider (eg, credit card company, bank, securities, etc.) with respect to the additional service.
  • a service provider eg, credit card company, bank, securities, etc.
  • the profile (s) in the eUICC described herein are created by the need for an entity that can issue a profile to the eUICC, as well as one or more of data and applications related to one or more of communication services and additional services. It may include various profiles.
  • the profile backup process in the eUICC proceeding from step S902 may be a method that is triggered in the network (Network-Triggered Backup Process), or triggered in the device (terminal) that contains the eUICC or eUICC It may also be the method (Terminal-Triggered Backup Process).
  • step S902 which is the start of the profile backup process in the eUICC
  • the backup device 830 transmits a backup command (network triggered backup process), or the eUICC or a device incorporating the eUICC transmits a backup command ( Terminal triggered backup process)
  • the method may further include a step (S900) of triggering a profile backup process in the eUICC.
  • step S900 for the network triggered backup process (see FIG. 6) and the step S900 for the terminal triggered backup process (see FIG. 7) will be described in more detail.
  • step S900 for the network triggered backup process (see FIG. 6) will be described in more detail.
  • an encrypted backup command based on the eUICC security key is generated through a backup command encryption request response procedure with the subscription management device 820. And (S1002), and the backup device 830 transmits an encrypted backup command based on the eUICC security key to a device having an eUICC or an eUICC (S1002).
  • Steps S1000 and S1002 described above are steps S600 of FIG. 6 illustrating a network triggered backup process.
  • the backup device 830 may transmit the backup device public key or the public certificate to the device having the eUICC together with an encrypted backup command based on the eUICC security key.
  • step S902 performed after step S900 including steps S1000 and S1002 described above, the eUICC converts a backup command (an encrypted backup command based on the eUICC security key) received from the backup device 830 into the eUICC security key in step S10S10S10. After authentication and decryption, the profile in the eUICC is encrypted.
  • a backup command an encrypted backup command based on the eUICC security key
  • step S900 for the terminal triggered backup process (see FIG. 7) will be described in more detail with reference to FIG. 11.
  • step S900 for a terminal triggered backup process when a device having an eUICC or an eUICC is required, a backup of a profile in the eUICC is required, and a backup command (backup request) is transmitted to the backup device 830.
  • a backup command (backup request) is transmitted to the backup device 830.
  • a backup approval command is received. Accordingly, the terminal triggered backup process is started by the step S902.
  • step S900 for the terminal triggered backup process includes: transmitting, by a device having an eUICC or an eUICC, an encrypted backup command based on an eUICC security key to the backup device 830.
  • the backup device 830 decrypts the encrypted backup command based on the eUICC security key through the subscription management device 820 and the backup command decryption request response procedure (S1102), and the backup device 830.
  • step S7100 corresponds to step S700
  • step S1102 corresponds to step S702
  • steps S1104 and S1106 correspond to step S704.
  • the backup device 830 may transmit the backup device public key or the public certificate to the device having the eUICC together with an encrypted backup approval command based on the eUICC security key.
  • the eUICC may encrypt the profile in the eUICC after authenticating and decrypting the encrypted backup approval command based on the eUICC security key with the eUICC security key.
  • FIG. 12 is a block diagram of an eUICC 810 embedded in a device 800 for profile backup in an eUICC according to an embodiment of the present invention.
  • the eUICC 810 for profile backup in the eUICC 810 encrypts a profile in the eUICC 810 managed through interworking with the subscription management device 820.
  • the above-described encryption module 1220 may encrypt the profile in the eUICC 810 only once, or may encrypt several times for higher security.
  • the encryption module 1220 may, for example, primaryly encrypt a profile in the eUICC 810 with a backup device public key and secondly encrypt the primary encrypted profile with an eUICC security key.
  • the profile backup process in the eUICC 810 which is initiated by the eUICC 810 encrypting the profile in the eUICC 810 and transmitting it as a backup profile, is a network (i.e. backup). It may be triggered by the device 830, or may be triggered by the terminal 800 (i.e., the eUICC 810).
  • the encryption module 1220 may perform the eUICC 810 upon receipt of a backup command from the backup device 830. I can encrypt my profile.
  • the backup command received from the backup device 830 is an encrypted command based on an eUICC security key
  • the encryption module 1220 decrypts one or more encryptions after decrypting an encrypted backup command based on an eUICC security key.
  • the key may be used to encrypt the profile in the eUICC 810.
  • the eUICC 810 sends a backup command when a backup of the profile in the eUICC 810 is required.
  • the backup trigger module 1210 may further include a backup trigger module 1210 that transmits a backup approval command to the backup device 830.
  • the encryption module 1220 In response to receiving the backup approval command from the backup device 830, the profile in the eUICC 810 may be encrypted.
  • the backup command transmitted to the backup device 830 may be an encrypted command based on an eUICC security key
  • the backup approval command received from the backup device 830 may be an encrypted command based on an eUICC security key.
  • FIG. 13 is a block diagram of a subscription management device 820 for profile backup in an eUICC 810 according to an embodiment of the present invention.
  • the subscription management apparatus 820 for profile backup in the eUICC 810 is a backup in which the profile in the eUICC 810 managed by the subscription management apparatus 820 is encrypted.
  • the backup profile received by the receiving module 1310 may be a double-encrypted profile in the eUICC 810.
  • the profile in the eUICC 810 may be first encrypted with the backup device public key and secondly encrypted with the eUICC security key.
  • the decryption module 1320 may first decrypt the backup profile, which is the first encrypted with the backup device public key and the second encrypted with the eUICC security key, with the eUICC security key.
  • the primary decrypted backup profile may be secondary decrypted by the backup device 830.
  • the profile backup process in the eUICC 810 may be triggered by the network (ie, the backup device 830) or may be triggered by the terminal 800 (ie, the eUICC 810).
  • a backup trigger support module that supports triggering a profile backup process in the eUICC 810 by the backup device 830 and / or the terminal). 1340 may be further included.
  • the backup trigger support module 1340 allows the backup device 830 to trigger the profile backup process in the eUICC 810.
  • the backup command may be encrypted and linked with the backup device 830 so that the backup command may be encrypted and transmitted to the device 800 having the eUICC 810 or the eUICC 810 embedded therein.
  • the backup trigger support module 1340 backs up the encrypted backup command by encrypting the backup command with respect to the backup command encryption request of the backup device 820, as in step S600 of FIG. 6 and step S1000 of FIG. 10. As a response to the command encryption request, it may transmit to the backup device 820.
  • the encryption for the backup command may be, for example, encryption based on an eUICC security key.
  • the backup trigger support module 1340 may use the eUICC 810 or the eUICC 810.
  • the backup trigger support module 1340 supports the encrypted backup command transmitted from the eUICC 810 to the backup device 830 in order to be decrypted, in steps S702 of FIG. 7 and S1102 of FIG. 11.
  • the backup command decryption request of the backup device 820 may decrypt the encrypted backup command and transmit the decrypted backup command to the backup device 820 as a response to the backup command decryption request.
  • the backup trigger support module 1340 may support the backup approval command encryption request of the backup device 820 as in step S704 of FIG. 7 and step S1104 of FIG. 11.
  • the backup approval command may be encrypted to transmit the encrypted backup approval command to the backup device 820 as a response to the backup approval command encryption request.
  • the decryption of the backup command transmitted from the eUICC 810 to the backup device 820 may be decryption based on the eUICC security key
  • the encryption of the backup approval command may be encryption based on the eUICC security key
  • the subscription management device 820 illustrated in FIG. 13 may be, for example, a subscription manager (SM), and the present invention is not limited thereto, and may be implemented in any device as long as the functions and roles thereof are similar. .
  • SM subscription manager
  • the subscription management device 820 when the subscription management device 820 is implemented as a subscription manager (SM), the subscription manager issues an operator credential profile to the eUICC 810 and processes a process for changing a subscription.
  • Such a subscription manager may be classified into SM-DP (Data Preparation), which plays a role of generating operator information, and SM-SR (Secure Routing), which directly carries operator information to the eUICC 810 in terms of roles.
  • the subscription management apparatus 820 described with reference to FIGS. 8 to 14 may be Secure Routing (SM-SR).
  • FIG. 14 is a block diagram of a backup device 830 for profile backup in an eUICC 810 according to an embodiment of the present invention.
  • the backup device 830 for backing up a profile in the eUICC 810 encrypts a profile in the eUICC 810 managed through interworking with the subscription management device 820.
  • the above-described backup profile received by the reception module 1410 from the subscription management device 820 includes a backup management profile in which the profile in the eUICC 810 is first encrypted with the backup device public key and secondly encrypted with the eUICC security key. In 820, the first decrypted backup profile.
  • the profile in the eUICC 810 is primary and secondary encrypted in the eUICC 810, and the double-encrypted profile (that is, the backup profile) is first decrypted in the subscription management device 820 and backed up. In device 830, secondary decoding is performed.
  • the decryption module 1420 may second-decrypt the backup profile decrypted by the subscription management device 820 with the backup device private key.
  • the profile backup process in the eUICC 810 may be triggered by the network (ie, the backup device 830) or may be triggered by the terminal 800 (ie, the eUICC 810).
  • the backup device 830 may include a backup trigger module 1440 for triggering the profile backup process in the eUICC 810. have.
  • the backup trigger module 1440 may transmit a backup command for the backup device 830 to trigger a profile backup process in the eUICC 810 to the device 800 having the eUICC 810 or the eUICC 810 embedded therein. .
  • the backup trigger module 1440 performs a backup command through interworking with the subscription management device 820, that is, in conjunction with the backup trigger support module 1340 of the subscription management device 820. Can be encrypted and transmitted.
  • the encryption for the backup command may be encryption based on the eUICC security key.
  • the backup device 830 may select the eUICC 810 or the eUICC 810.
  • the embedded device 800 may further include a backup trigger support module 1450 for performing a function related to triggering a profile backup process.
  • the backup trigger support module 1450 receives a backup command sent by the device UI 800 in which the eUICC 810 or the eUICC 810 is embedded to trigger a profile backup process in the eUICC 810, thereby receiving a backup approval command.
  • the eUICC 810 or the eUICC 810 may be transmitted to the device 800 having the built-in.
  • the backup trigger support module 1450 may execute an encrypted backup command transmitted by the eUICC 810 or the device 800 incorporating the eUICC 810 to trigger a profile backup process in the eUICC 810. Receiving and decrypting the encrypted backup command in association with the subscription management device 820, and then encrypting the command that is the subscription management device subscription management device subscription management device to embed the eUICC 810 or the eUICC 810 ( 800).
  • decryption of an encrypted backup command may be decryption based on an eUICC security key
  • encryption of a backup approval command may be encryption based on an eUICC security key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention se rapporte à une technologie pour gérer un profil dans une carte eUICC intégrée dans un terminal. De manière plus spécifique, cette invention concerne un procédé de sauvegarde de sécurité d'un profil existant dans une carte eUICC vers un autre dispositif, un dispositif de sauvegarde de sécurité du profil existant dans la carte eUICC et un procédé d'interconnexion de dispositifs.
PCT/KR2012/009201 2011-11-04 2012-11-02 Procédé de sauvegarde de sécurité d'un profil existant dans une carte uicc intégrée, carte uicc intégrée, entité externe et dispositif de sauvegarde de sécurité WO2013066114A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR10-2011-0114552 2011-11-04
KR20110114552 2011-11-04
KR10-2012-0123718 2012-11-02
KR1020120123718A KR20130049748A (ko) 2011-11-04 2012-11-02 내장 uicc 내 프로파일 백업 방법, 내장 uicc, 외부 개체, 백업 장치 및 시스템

Publications (1)

Publication Number Publication Date
WO2013066114A1 true WO2013066114A1 (fr) 2013-05-10

Family

ID=48192393

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/009201 WO2013066114A1 (fr) 2011-11-04 2012-11-02 Procédé de sauvegarde de sécurité d'un profil existant dans une carte uicc intégrée, carte uicc intégrée, entité externe et dispositif de sauvegarde de sécurité

Country Status (1)

Country Link
WO (1) WO2013066114A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015113351A1 (fr) * 2014-01-28 2015-08-06 中兴通讯股份有限公司 Procédé, terminal et serveur de traitement d'informations, et procédé et système de communication

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070097026A (ko) * 2004-10-27 2007-10-02 베리사인, 인코포레이티드 휴대용 장치들상의 데이터 처리를 위한 방법 및 장치
KR100764658B1 (ko) * 2006-05-18 2007-10-08 삼성전자주식회사 이동통신 단말기의 포털 사이트 접속 장치 및 방법
KR20090046607A (ko) * 2007-11-06 2009-05-11 삼성전자주식회사 자동적인 사용자 정보의 백업을 위한 정보 저장 장치,이동통신기기 및 사업자 시스템
KR100898055B1 (ko) * 2008-12-18 2009-05-19 주식회사 스마트카드연구소 Uicc의 개인 정보 보호 시스템 및 방법
US20100311468A1 (en) * 2009-06-08 2010-12-09 Guangming Shi Virtual sim card for mobile handsets

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070097026A (ko) * 2004-10-27 2007-10-02 베리사인, 인코포레이티드 휴대용 장치들상의 데이터 처리를 위한 방법 및 장치
KR100764658B1 (ko) * 2006-05-18 2007-10-08 삼성전자주식회사 이동통신 단말기의 포털 사이트 접속 장치 및 방법
KR20090046607A (ko) * 2007-11-06 2009-05-11 삼성전자주식회사 자동적인 사용자 정보의 백업을 위한 정보 저장 장치,이동통신기기 및 사업자 시스템
KR100898055B1 (ko) * 2008-12-18 2009-05-19 주식회사 스마트카드연구소 Uicc의 개인 정보 보호 시스템 및 방법
US20100311468A1 (en) * 2009-06-08 2010-12-09 Guangming Shi Virtual sim card for mobile handsets

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015113351A1 (fr) * 2014-01-28 2015-08-06 中兴通讯股份有限公司 Procédé, terminal et serveur de traitement d'informations, et procédé et système de communication
US9883402B2 (en) 2014-01-28 2018-01-30 Xi'an Zhongxing New Software Co. Ltd. Method, terminal and server for processing information, and communication method and system

Similar Documents

Publication Publication Date Title
WO2013036010A1 (fr) Procédé de certification utilisant un certificat d'uicc intégrée, procédés de mise à disposition et de changement de mno utilisant le procédé de certification, uicc intégrée correspondante, système de mno et support d'enregistrement
WO2013048084A2 (fr) Procédé de gestion de profil, uicc intégré, et dispositif pourvu de l'uicc intégré
WO2013036011A2 (fr) Procédé permettant de gérer un profil d'uicc intégrée et uicc intégrée, terminal équipé d'une uicc intégrée, procédé d'approvisionnement et procédé de modification de mno associé
WO2018101775A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2013036009A1 (fr) Procédé pour gérer une uicc intégrée et uicc intégrée correspondante, et système de mno, procédé de mise à disposition et procédé pour changer de mno les utilisant
WO2016178548A1 (fr) Procédé et appareil de fourniture de profil
WO2016153281A1 (fr) Procédé et appareil de téléchargement de profil dans un système de communication sans fil
WO2018147711A1 (fr) Appareil et procédé de contrôle d'accès de esim
WO2019017689A1 (fr) Procédé et système de détection d'anti-direction d'activité d'itinérance dans un réseau de communication sans fil
WO2020226466A1 (fr) Procédé et appareil pour gérer et vérifier un certificat
WO2013009045A2 (fr) Méthode de changement d'orm dans un module sim intégré basé sur la génération d'un module sim intégré, module sim intégré et support d'enregistrement prévus à cet effet
WO2017052136A1 (fr) Procédé et dispositif de téléchargement de profil dans un système de communications mobiles
WO2013066077A1 (fr) Procédé pour gérer plusieurs profils dans une carte uicc intégrée, carte uicc intégrée et terminal correspondant
EP3281436A1 (fr) Procédé et appareil de téléchargement d'un profil dans un système de communication sans fil
WO2016010312A1 (fr) Procédé et dispositif pour installer un profil d'une carte à circuit intégré universelle incorporée (euicc)
WO2020091310A1 (fr) Procédé et appareil de gestion de faisceaux de plateforme sécurisée intelligente
WO2020050701A1 (fr) Appareil et procédé au moyen desquels un dispositif ssp et un serveur négocient des certificats numériques
WO2020184995A1 (fr) Procédé et dispositif permettant de changer un terminal euicc
WO2014030893A1 (fr) Procédé de gestion de profil par module d'authentification d'abonné intégré dans un dispositif terminal, et dispositif d'authentification d'abonné l'utilisant
WO2019194639A1 (fr) Procédé et appareil pour négocier une version d'euicc
EP3530016A1 (fr) Appareil et procédé d'installation et de gestion de profils esim
WO2014077544A1 (fr) Procédé de configuration d'un profil de module d'authentification de souscripteur intégré et installé dans un dispositif de terminal, et appareil l'utilisant
WO2020171475A1 (fr) Procédé de changement de dispositif et appareil de système de communication sans fil
WO2022240144A1 (fr) Procédé et appareil d'identification de suppression de profil lors d'un changement de terminal euicc
WO2013066016A1 (fr) Procédé pour créer une relation de confiance et carte uicc intégrée correspondante

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12846631

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12846631

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载