KR102012340B1 - Method and Enbedded UICC for Providing Policy Control Function - Google Patents
Method and Enbedded UICC for Providing Policy Control Function Download PDFInfo
- Publication number
- KR102012340B1 KR102012340B1 KR1020120117969A KR20120117969A KR102012340B1 KR 102012340 B1 KR102012340 B1 KR 102012340B1 KR 1020120117969 A KR1020120117969 A KR 1020120117969A KR 20120117969 A KR20120117969 A KR 20120117969A KR 102012340 B1 KR102012340 B1 KR 102012340B1
- Authority
- KR
- South Korea
- Prior art keywords
- pcf
- euicc
- rule
- policies
- update
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/18—Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to providing a policy control function (PCF) of the eUICC, and more particularly, to define the function and structure for the policy control function of the eUICC, and in this regard, the detailed structure of the policy control function of the eUICC It defines and provides a method of providing policy control function of the eUICC and eUICC therefor.
Description
The present invention provides a method for providing a policy control function (PCF: Policy Control Function, hereinafter "PCF") of the embedded UICC (eUICC), and eUICC for the same It is about.
A UICC (Universal Integrated Circuit Card) is a smart card that can be inserted into a terminal and used as a module for user authentication. The UICC may store the personal information of the user and the operator information on the mobile communication provider to which the user subscribes. For example, the UICC may include an International Mobile Subscriber Identity (IMSI) for identifying a user. The UICC is also called a Subscriber Identity Module (SIM) card in the case of the Global System for Mobile communications (GSM) scheme, and a Universal Subscriber Identity Module (USIM) card in the case of the Wideband Code Division Multiple Access (WCDMA) scheme.
When the user mounts the UICC on the user's terminal, the user is automatically authenticated using the information stored in the UICC so that the user can conveniently use the terminal. In addition, when the user replaces the terminal, the user can easily replace the terminal by mounting the UICC removed from the existing terminal to a new terminal.
Terminals requiring miniaturization, for example, terminals for machine-to-machine (M2M) communication, have difficulty in miniaturization of terminals when manufactured in a structure capable of detachable UICC. Thus, an eUICC structure has been proposed which is a removable UICC. The eUICC should contain user information using the UICC in IMSI format.
The existing UICC can be attached to or detached from the terminal, and the user can open the terminal regardless of the type of terminal or the mobile communication provider. However, from the manufacture of the terminal, the manufactured terminal can be assigned IMSI in the eUICC only when the premise that the terminal is used only for a specific mobile communication provider is satisfied. Both the mobile operator and the terminal manufacturer ordering the terminal have to pay attention to the product inventory and there is a problem that the product price increases. The user is inconvenient to change the mobile operator for the terminal. Therefore, even in the case of eUICC, there is a need for a method for allowing a user to open a terminal regardless of a mobile communication provider.
Meanwhile, the recent introduction of eUICC has made it necessary to remotely update subscriber information of various telecommunication carriers to UICC. Accordingly, a subscription management device (Subscription Manager) or profile for managing subscriber information is therefore required. A Profile Manager (hereinafter referred to as "PM") is under discussion.
These SMs are mainly discussed as being responsible for information management for eUICC, information management for various mobile operators, and authentication and remote information changes for mobile operators. It has not been decided yet.
In addition, although the PCF has been discussed to define eUICC related policies of various entities or entities surrounding the eUICC, the function or structure thereof has not been determined. Therefore, there is a problem that an eUICC related policy related to functions such as information management for eUICC, information management for various mobile communication providers, authentication and remote information change when changing the mobile communication service provider is not properly performed.
In this context, it is an object of the present invention to define the function and structure of the Policy Control Function (PCF) of the eUICC.
Another object of the present invention is to provide a method for providing a Policy Control Function (PCF) of an eUICC.
Another object of the present invention is to provide a detailed structure of the Policy Control Function (PCF) of the eUICC and a method of operating the PCF through the same.
In order to achieve the above object, in one aspect, the present invention is an embedded Universal Integrated Circuit Card (eUICC) for providing a policy control function (PCF), PCF rules for recording policy information (PCF Rule); And an PCUI engine that performs a policy based on the PCF rule when an eUICC external entity attempts to access a PCF application target.
In another aspect, the present invention provides a method for providing a Policy Control Function (PCF) of an embedded Universal Integrated Circuit Card (eUICC), wherein the PCF engine in the eUICC accesses an eUICC resource of an external entity. If this is attempted (S600), querying the PCF rule to be applied (S602); And (S602 ˜ S608) performing the PCF Enforcement on the basis of the PCF rule by the PCF engine.
Figure 1 shows the overall service architecture including the eUICC to which the present invention is applied.
2 shows a system architecture of an SM separation environment to which the present invention may be applied.
3 is a diagram illustrating a basic structure and operation of a PCF and an eUICC for the same according to an embodiment of the present invention.
4 is a diagram illustrating an example of a PCF rule structure according to an embodiment of the present invention.
5 is a diagram illustrating an example of a PCF application target according to an embodiment of the present invention.
6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.
Hereinafter, some embodiments of the present invention will be described in detail through exemplary drawings. In adding reference numerals to the components of each drawing, it should be noted that the same reference numerals are assigned to the same components as much as possible even though they are shown in different drawings. In addition, in describing the present invention, when it is determined that the detailed description of the related well-known configuration or function may obscure the gist of the present invention, the detailed description thereof will be omitted.
M2M (Machine-to-Machine) terminal, which is actively discussed in the current GSMA, should be small in size. In the case of using the existing UICC, a module for attaching the UICC to the M2M terminal must be separately inserted. If the M2M terminal is manufactured, it is difficult to miniaturize the M2M terminal.
Therefore, an embedded UICC structure that is not detachable from the UICC is being discussed. In this case, the eUICC mounted on the M2M terminal includes information on a mobile network operator (hereinafter referred to as “MNO”) that uses the UICC. It must be stored in the UICC in the form of an identifier (International Mobile Subscriber Identity, IMSI).
However, since the terminal manufactured from the time of manufacturing the M2M terminal can be assigned IMSI in the eUICC only if the premise that the terminal is used only in a specific MNO is established, both the M2M terminal or the MNO ordering the UICC or the M2M manufacturer manufacturing the M2M terminal have a lot of attention to the product inventory. There is a problem that can not only be assigned to the product price will rise, which is a big obstacle to the expansion of M2M terminal.
As such, unlike the conventional removable type SIM, the eUICC or eSIM that is integrally mounted on the terminal has many issues regarding the authority to open, additional service business initiative, and subscriber information security due to the physical structure difference. To this end, the international standardization bodies of GSMA and ETSI are conducting standardization activities on relevant elements such as carriers, manufacturers and SIM manufacturers, as well as necessary elements including top-level structures. As eSIM is discussed through standardization organizations, the central point of the issue is SM, called Subscription Manager, which issues and subscribes operator information (which can be used in other expressions such as Operator Credential, MNO Credential, Profile, eUICC Profile, Profile Package) to eSIM. (Subscription) Refers to an entity or its function / role that plays an overall administrative role for eSIM, such as handling a process for a change or MNO change.
Recently, in GSMA, SM has been classified into SM-DP (Data Preparation), which plays a role in generating operator information, and SM-SR (Secure Routing), which directly carries operator information on eSIM. Proposed a scheme to transmit the data, but the details are insufficient.
In this specification, eSIM and eUICC are used as equivalent concepts.
eSIM attaches the IC chip on the terminal circuit board at the terminal manufacturing stage, and then attaches the SIM data (open information, additional service information, etc.) in software form to OTA (Over The Air) or offline (technology-based connection such as USB to PC). Is a new concept of SIM technology in the manner of issuing through. IC chips used in eSIM generally support hardware-based Crypto Co-Processor (CCP) to provide hardware-based public key generation, and APIs that can be utilized in application (eg applet) based SIM platform (eg , Java Card Platform, etc.). Java Card Platform (Java Card Platform) is one of the platforms that can provide services and load multiple applications, such as smart cards.
Because of limited memory space and security, anyone should not load applications in SIM. Therefore, SIM requires a SIM service management platform that is responsible for loading and managing applications. The SIM service management platform issues data to the SIM memory area through authentication and security with management keys.The Global Platform and Remote File Management (RFM) and RAM (Remote Application Management) of ETSI TS 102.226 It is a standard technology of the service management platform.
SM, one of the important elements in the eSIM environment, eSIM is responsible for issuing communication and additional service data remotely through management keys (UICC OTA Key, GP ISD Key, etc.).
In the GSMA, the roles of SM are classified into SM-DP and SM-SR. SM-DP securely builds IMSI, K, OPc, additional service applications, additional service data, etc. in addition to the operation profile (or operator information) to make a credential package. SM-DP SR is responsible for securely downloading the credential package generated by SM-DP to eSIM through SIM remote management technology such as Over-The-Air (OTA) or GP Secure Communication Protocol (GP SCP).
In addition, we propose a structure called “Circle of Trust” in FIG. 1 below to establish an end-to-end trust relationship between an MNO and an eSIM by overlapping trust relationships between similar entities or entities. We proposed the concept of building. In other words, MNO1 is SM1, SM1 is SM4, SM4 forms a trust relationship with the eSIM, thereby forming a trust relationship between the MNO and eSIM.
Before describing the present invention, terms first used in the present specification will be described.
A mobile network operator (MNO) refers to a mobile communication operator, and refers to an entity that provides a communication service to a customer through a mobile network.
eUICC Supplier means a person who supplies eUICC module and embedded software (firmware and operating system, etc.).
Device Vendor includes a device's provider, in particular a wireless modem function via a mobile network driven by the MNO, and consequently means a supplier of a device requiring a UICC (or eUICC) form.
Provisioning refers to a process of loading a profile into an eUICC, and a provisioning profile refers to a profile used by a device to connect to a communication network for the purpose of provisioning another provisioning profile and an operation profile.
Subscription means a commercial relationship for providing a service between a subscriber and a wireless communication service provider.
eUICC access credentials refer to data in the eUICC that allows secure communication between the eUICC and external entities to be set up to manage profiles on the eUICC.
Profile access credentials are data that resides within a profile or within an eUICC, and means data that allows secure communications to be set up between the eUICC and external entities to protect or manage the profile structure and its data. .
A profile is a combination of file structures, data, and applications that can be provisioned or managed within an eUICC. It is a combination of operator information, operation profiles, provisioning profiles for provisioning, and other policy control functions (PCFs). It means all information that can exist in eUICC such as profile.
Operation Profile or operator information refers to all kinds of profiles related to Operational Subcription.
An Active Profile is called an Active Profile when a file or application is selectable by the UICC-Terminal interface under the control of the PCF associated with the MNO.
A PCF Rule (Policy Control Function Rule) is a rule defined by the MNO that controls the management of provisioning or operational profiles in the eUICC. Policy Control Function Rules can be in the network, the eUICC platform, or in a provisioning or operational profile.
PCF (Policy Control Function) refers to application / service that can enforce Policy Control Function Rules. Policy Control Function Rules can be executed in the eUICC platform and / or at the Subscription Manager level or the MNO level.
The Control Authority (CA) refers to an entity authorized by the MNO of update / delete / activate / deactivate remotely during the swap of an Operational or Provisioning Profile.
The SM (Subscription Manager) is a subscription management device, an entity that performs management functions of the eUICC, and is authorized by the MNO of update / delete / activate / deactivate remotely during the swap of Operational or Provisioning Profiles. This means entity.
Figure 1 shows the overall service architecture including the eSIM (eUICC) to which the present invention is applied.
The overall system is described as follows.
The eUICC system architecture to which the present invention can be applied may include a plurality of MNO systems, one or more SM systems, an eUICC manufacturer system, a device manufacturer system including an eUICC, an eUICC, and the like for each entity or subject. The explanation is as follows.
The dashed line in FIG. 1 shows the trust circle, and the two solid lines represent the secure link.
If a scenario is required where subscription information is stored and communicated, it should be done under the approval of the MNO and under the control of the MNO. There must be only one active profile on a single eUICC at a particular time, meaning that the active profile is added to a single HLR at a specific time.
MNO and eUICC should be able to decode MNO Credentials information, that is, profiles (operation profiles, provisioning profiles, etc.). The only exception to this could be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
Subscriptions cannot be switched within the eUICC outside of operator policy control. The user must be aware of any changes in the MNO content and its active subscription, must be able to avoid security risks, and have a level of security that is compatible with the current UICC model.
The MNO credential or profile may mean a subscription credential including K, algorithm, algorithm parameters, supplementary service application, supplementary service data, and the like.
The transfer of MNO credentials or profiles must be done in a secure manner from end to end. The transmission can be made in successive steps without breaking the security chain, and all steps in the transmission chain must be made under the recognition and approval of the MNO. No entity in the transport chain should be able to clearly see the MNO credential, but the only exception may be a third party authorized by a particular MNO, for example a SIM vendor. However, it is not a general function of a third party to do this.
The operator must have complete control over his credentials and the operator must have strong supervision and control over the SM operation.
SM functions must be provided by the MNO or a third party, if provided by the third party, there may be a commercial relationship established between the SM and the MNO.
The SM has no direct relationship with the MNO subscriber for subscription management. Although the MNO has a relationship with the subscriber and should be the entry point for the customer subscription, it is not intended to piggyback on the contractual relationship an M2M service provider (the M2M service provider is an MNO subscriber) may have with its customers.
While the MNOs are swapped, the donor and receiving MNOs may or may not have a prior agreement with each other. There must be a mechanism to approve pre-contracts. The donor operator's policy control function can be defined for the condition of removing his / her credential, and the policy control function (PCF) can implement this function.
The architecture introduces a feature defined as SM, and SM's primary role is to prepare and deliver a package or profile containing the MNO credentials to the eUICC. The SM function may be provided directly by the MNO, or the MNO may contract with a third party to obtain the SM service.
The role of SM can be divided into two sub-functions such as SM-SR and SM-DP.
Indeed, such SM-SR and SM-DP functions may be provided by other entities or may be provided by the same entity. Therefore, it is necessary to clearly demarcate the functions of SM-DP and SM-SR, and to define an interface between these entities.
SM-DP is responsible for secure preparation of package or profile to be delivered to eUICC, and works with SM-SR for actual transmission. The key functions of the SM-DP are 1) managing the functional characteristics and certification levels of the eUICC, and 2) one of the MNO credentials or profiles (e.g., IMSI, K, supplementary service applications, supplementary service data). Some of these are potentially managed by the MNO, and 3) the ability to calculate the OTA package for download by the SM-SR. Could be added.
If the SM-DP function is provided by a third party, security and trust relationships become very important. In addition to real-time provisioning, SM-DP can have a significant amount of background processing, and the requirements for performance, scalability and reliability are expected to be important.
SM-SR is responsible for securely routing and delivering the credential package to the corresponding eUICC. The key features of the SM-SR are 1) managing OTA communication with the eUICC via a ciphered VPN, and 2) other SM-SR to form an end-to-end up to the eUICC. To manage communication with eUICC, 3) to manage eUICC data used for SM-SR OTA communication provided by eUICC provider, and 4) to protect communication with eUICC by filtering only allowed entities. (Firewall function).
The SM-SR database is provided by eUICC vendors, device (such as M2M terminal) vendors, and potentially MNOs, and can be used by MNOs through the SM-SR mesh network.
The circle of trust enables end-to-end security links during provisioning profile delivery, while the SM-SR shares the trust circle for secure routing of the provisioning profile and eUICC discovery. MNOs can be linked with SM-SR and SM-DP entities in a trusted circle, or they can provide this functionality themselves. EUICC and MNO Credentials to prevent illegal use of eUICC (cloning, illegal use of credentials, denial of service, illegal MNO context changes, etc.) without violating MNO's contractual and legal obligations with respect to its customers. There is a need for a secure end-to-end link between.
That is, in FIG. 1, 110 represents a trust circle formed between SMs, more specifically, between SM-SR members, 120 represents a trust circle of MNO partners, and 130 represents an end-to-end trust link.
2 illustrates a configuration in which an SM-SR and an SM-DP are located in a system in an SM separation environment.
As shown in FIG. 2, the SM is divided into an SM-DP for safely preparing various profiles (operation profile, provisioning profile, etc.) related to the eUICC, and an SM-SR for routing the SM-SR. It can be linked with the SR in a trust relationship, SM-DP is linked to the MNO system.
Of course, the arrangement of the SM-DP and the MNO system may be implemented differently from FIG. 2. (Ie, the SM-DP may be linked with the SM-SR, and the MNO system may be linked with the SM-DP.
eSIM is a different SIM-based service, such as profiles are issued and managed internally by eSIM from eSIM external entities (MNOs, manufacturers, service providers, etc.), and unlike multiple SIMs, multiple profiles can be loaded simultaneously. Provide an environment. Accordingly, the entity that issues and manages the profile to the eSIM manages the security policy for the eSIM itself or the profile that is issued and managed by the eSIM and intends to enforce it if necessary. In the current eSIM environment, the concept of performing such a role is referred to as PCF and Policy Control Function, but the detailed shape and operation method of the PCF are not defined.
Accordingly, the present invention proposes a highly scalable PCF providing method in an eSIM environment. The highly scalable PCF providing method in the eSIM environment proposed by the present invention will be described in more detail below. However, below, eSIM is described and described as eUICC.
3 is a diagram illustrating the basic structure and operation of the
As shown in FIG. 3, a policy control function (PCF) 310 according to an embodiment of the present invention includes a
Referring to FIG. 3, when the user wants to approach the
The eUICC
The
The
In the following, detailed structures of the
First, the detailed structure of the
4 is a diagram illustrating an example of a
Referring to FIG. 4, the
The target mentioned above may be, for example, one of a file, an application, a profile, or the PCF rule itself.
Actions to be applied to the above-mentioned targets include, for example, Read, Write, Update, Lock, Unlock, Delete, Delete, It may include one or more of Backup and Select.
The above-mentioned confidential information may include, for example, a user PIN (Personal Identification Number) and various credentials defined in the eUICC environment. Here, the various credentials are, for example, eUICC Access Credential, Profile Access Credential, Profile Protection Credential, Authorized OEM Credential It may include one or more of an OEM Credential, a Service Provider Credential, an Application Access Credential, and the like.
The above-mentioned security method stores information on the security method using the confidential information. For example, whether it is encryption, authentication, integrity, etc. One or more provisionable security functions and security algorithm information applied to provide the security function may be stored. Here, the security algorithm information may include, for example, information about 3DES CBC Mode,
In addition to the above-described information, field (s) necessary for PCF application may be added.
Next, the detailed structure of the
The
The
When the
When the above content is described from the standpoint of the eUICC
For example, when the eUICC
As another example, when the user wants to back up a profile in the
The
This
5 is a diagram illustrating an example of a
As shown in FIG. 5, the PCF may be applied to the
In addition to the PCF being applied to the
On the other hand, the PCF (Policy Control Function, 310) described in this specification may mean a function such as defining, updating, or deleting a policy rule for implementing a policy.
In addition, the PCF (Policy Control Function) 310 described in the present specification not only means defining / update / delete function of a policy rule, but also executes a policy rule for implementing a policy. It may be a concept including a policy enforcement function (PEF), which means a function of).
In addition, the
In the following, the PCF providing method described above will be described again with reference to the flowchart of FIG. 6.
6 is a diagram illustrating an example of a PCF operation process according to a PCF providing method according to an embodiment of the present invention.
In the description with reference to FIG. 6, as mentioned above, the eUICC
Referring to FIG. 6, in the PCF providing method according to an embodiment of the present invention, when the PCUI providing method of the
In step S600 described above, the eUICC
In the above-described step S602, the
On the other hand, in the above-described step S602, the PCF engine 312 (in the case where step S600 is preceded), the PCF rule (311) excluding the credential among the PCF rules inquired and inquired the
In the "PCF application execution step" performed after the above-described step S602, the
In step S604 described above, the eUICC
In the above-described step S606, the
In step S608, the
In step S608, the eUICC
As described above, the present invention clearly defines the function and structure of the Policy Control Function (PCF) of the
In addition, the present invention may provide a method for providing a policy control function of the
In addition, the present invention can provide a detailed structure of the policy control function of the eUICC (300) and a PCF operation method through the same.
By using the present invention as described above, it is possible to establish and apply a policy for the profile, various common files, and the like in the eUICC (300). Extensive PCF rule provision method provides flexibility in responding to necessary actions, targets, and confidential information as the eUICC (eSIM) environment changes in the future. It may provide a basic structure of the
The above description is merely illustrative of the technical idea of the present invention, and those skilled in the art to which the present invention pertains may make various modifications and changes without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention but to describe the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be interpreted by the following claims, and all technical ideas within the equivalent scope should be interpreted as being included in the scope of the present invention.
Claims (18)
Receiving an update request for the PCF rule from the MNO system;
Updating the PCF rule according to the update request; And
Transmitting a result of performing an update on the PCF rule to the MNO system,
The PCF rule is in an eUICC platform, provisioning profile or operational profile,
Policy Control Function (PCF) is an application or service that can enforce the PCF rules, eUICC policy update method.
Updating the PCF rule,
Querying a policy control function (PCF) corresponding to the update request; And
And updating the PCF rule by applying the PCF.
How eUICC updates its policies.
The step of transmitting the result of performing the update to the PCF rule,
Calculating a result of applying the PCF; And
And transmitting the result of applying the calculated PCF to the MNO system.
How eUICC updates its policies.
The PCF rule is
Characterized in that the file in the form of one of extensible TLV (Type Length Value) and XML (eXtensible Markup Language) containing the policy information applied to the eUICC,
How eUICC updates its policies.
The PCF rule is
Characterized in that one or more of the object to be protected, the operation to be applied to the object, the secret information required for the operation, the secret-based security method,
How eUICC updates its policies.
The protection target,
Characterized in that it is one of a file, an application, a profile and the PCF rule itself.
How eUICC updates its policies.
The operation to be applied to the protection target,
Characterized in that it comprises one or more of Read, Write, Update, Lock, Unlock, Delete, Backup and Select ,
How eUICC updates its policies.
The secret information,
Characterized in that it includes a user identification number (Personal Identification Number) and credentials defined in the eUICC environment,
How eUICC updates its policies.
The security method,
Storing one or more security functions that can be provided among at least one of encryption, authentication, and integrity, and security algorithm information applied to provide the security functions.
How eUICC updates its policies.
Receiving an update request for a PCF rule from the MNO system, updating the PCF rule according to the update request, and transmitting a result of performing the update of the PCF rule to the MNO system,
The PCF rule is in an eUICC platform, provisioning profile or operational profile,
Policy Control Function (PCF) is an application or service capable of enforcing the PCF rule.
Requesting the eUICC to update the PCF rule; And
Receiving from the eUICC an update result of the PCF rule performed in the eUICC in response to the update request;
The PCF rule is in an eUICC platform, provisioning profile or operational profile,
Policy Control Function (PCF) is an application or service that can enforce the PCF rules, eUICC policy update method.
The result of performing the update on the PCF rule,
Characterized in that the eUICC is a result of querying a PCF (Policy Control Function) corresponding to the update request, updating the PCF rule by applying the PCF,
How eUICC updates its policies.
The PCF rule is
Characterized in that the file in the form of one of extensible TLV (Type Length Value) and XML (eXtensible Markup Language) containing the policy information applied to the eUICC,
How eUICC updates its policies.
The PCF rule is
Characterized in that one or more of the object to be protected, the operation to be applied to the object, the secret information required for the operation, the secret-based security method,
How eUICC updates its policies.
The protection target,
Characterized in that it is one of a file, an application, a profile and the PCF rule itself.
How eUICC updates its policies.
The operation to be applied to the protection target,
Characterized in that it comprises one or more of Read, Write, Update, Lock, Unlock, Delete, Backup and Select ,
How eUICC updates its policies.
The secret information,
Characterized in that it includes a user identification number (Personal Identification Number) and credentials defined in the eUICC environment,
How eUICC updates its policies.
The security method,
Storing one or more security functions that can be provided among at least one of encryption, authentication, and integrity, and security algorithm information applied to provide the security functions.
How eUICC updates its policies.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/KR2012/008759 WO2013065991A1 (en) | 2011-11-02 | 2012-10-24 | Method and euicc for providing a policy control function |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020110113374 | 2011-11-02 | ||
KR20110113374 | 2011-11-02 |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20130048691A KR20130048691A (en) | 2013-05-10 |
KR102012340B1 true KR102012340B1 (en) | 2019-10-21 |
Family
ID=48659688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120117969A KR102012340B1 (en) | 2011-11-02 | 2012-10-23 | Method and Enbedded UICC for Providing Policy Control Function |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR102012340B1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102331692B1 (en) * | 2014-06-30 | 2021-11-30 | 삼성전자 주식회사 | Method and apparatus for selecting profile of terminal in a mobile network |
US9930520B2 (en) * | 2014-11-17 | 2018-03-27 | Samsung Electronics Co., Ltd. | Apparatus and method for profile installation in communication system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100564755B1 (en) * | 2003-12-03 | 2006-03-27 | 한국전자통신연구원 | Method of loading successive USIM card applications |
KR20090046607A (en) * | 2007-11-06 | 2009-05-11 | 삼성전자주식회사 | Data storage device, mobile communication device and service provider system for automatically user information backup |
KR101042526B1 (en) * | 2008-12-05 | 2011-06-20 | 주식회사 케이티 | Method and Apparatus for Automatically Updating Change of Preferred Business Network to Mobile Station |
-
2012
- 2012-10-23 KR KR1020120117969A patent/KR102012340B1/en active IP Right Grant
Non-Patent Citations (1)
Title |
---|
GSM Association, "Embedded SIM Task Force Requirements and Use Cases", V1.0, 2011.02.21.* |
Also Published As
Publication number | Publication date |
---|---|
KR20130048691A (en) | 2013-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10694369B2 (en) | Profile management method, embedded UICC, and device provided with the embedded UICC | |
KR102026612B1 (en) | Method for Creating Trust Relationship and Embedded UICC | |
KR101954450B1 (en) | Method for Verification of Embedded UICC using eUICC Certificate, Method for Provisioning and MNO Switching, eUICC, MNO System and recording medium for the same | |
US9414220B2 (en) | Method for managing multiple profiles in an embedded UICC, and embedded UICC and terminal therefor | |
KR101891326B1 (en) | Subscription Changing Method for Embedded UICC using Trusted Subscription Manager and Embedded UICC Architecture therefor | |
US20180091978A1 (en) | Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality | |
CN107431920B (en) | Method and apparatus for receiving profile by terminal in mobile communication system | |
KR101792885B1 (en) | Method and Apparatus for managing key information of Embedded UICC, MNO System, Provisioning Method and MNO-Changing Method using the same | |
KR102001869B1 (en) | Method and Apparatus for managing Profile of Embedded UICC, Provisioning Method and MNO-Changing Method using the same | |
US9831903B1 (en) | Update of a trusted name list | |
US20170318465A1 (en) | Method for configuring profile of subscriber authenticating module embedded and installed in terminal device, and apparatus using same | |
KR101891330B1 (en) | Subscription Method for Embedded UICC using Trusted Subscription Manager and Embedded UICC Architecture therefor | |
US10826945B1 (en) | Apparatuses, methods and systems of network connectivity management for secure access | |
KR102012340B1 (en) | Method and Enbedded UICC for Providing Policy Control Function | |
KR102049377B1 (en) | Method and Embedded UICC for Managing eUICC Status, and Device for Providing Communication Service using the eUICC | |
KR20130049748A (en) | Method, embedded uicc, external entity, and backup apparatus for information backup | |
WO2019229188A1 (en) | Subscriber access to wireless networks | |
WO2013065991A1 (en) | Method and euicc for providing a policy control function | |
KR20200016784A (en) | Method, apparatus and system for authorizing remote profile management operations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
AMND | Amendment | ||
E902 | Notification of reason for refusal | ||
AMND | Amendment | ||
E601 | Decision to refuse application | ||
AMND | Amendment | ||
X701 | Decision to grant (after re-examination) | ||
GRNT | Written decision to grant |