• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention discloses a method for improved memory utilization of a Narrowband Internet of Things device (UE), which comprises a modem and an integrated Subscriber Identity Module (iSIM) each comprising dedicated memory and both are combined on a modem chip. The object of the invention to further reduce the cost per UE and hence to reduce the chip area and energy consumption of an integrated UICC chip will be solved therein that during provisioning of the iSIM on the modem chip of the UE, the modem switches to provisioning mode and allocates parts of its dedicated memory exclusively to the iSIM; the iSIM reuses the allocated parts of the modem memory for processing provisioning data; after leaving provisioning mode the allocated parts of the modem memory is cleaned up securely by a protection hardware block; and the parts of the modem memory shared with the iSIM are allocated back to the modem.
    公开号:EP3694240A1
    申请号:EP19195295.1
    申请日:2019-09-04
    公开日:2020-08-12
    发明作者:Martin FRÖHLICH
    申请人:Shenzhen Goodix Technology Co Ltd;
    IPC主号:H04W12-00
    专利说明:
    [0001] The invention relates to a method for improved memory utilization of a Narrowband Internet of Things device (UE), which comprises a modem and an integrated Subscriber Identity Module (iSIM) each comprising dedicated memory and both are combined on a modem chip.
    [0002] There are standards describing the "classical" SIM/UICC or the embedded version eSIM, see: https://www.gsma.com/esim/. Consumer benefits of such eSIMs include, that a simpler device setup is possible without the need to insert or replace a SIM card; devices can operate independently of a tethered smartphone, with their own subscriptions; and a range of new, enhanced mobile-connected devices benefit from the standardized eSIM.
    [0003] So far, integrated SIMs (iSIMs) are not yet standardized.
    [0004] All 3GPP based cellular user equipments (UE), also known as Narrowband Internet of Things devices, such as mobile phone, require a mechanism to prove their identity against the cellular network and to exchange keys for a secure connection.
    [0005] Therefore, the Universal Integrated Circuit Card (UICC - the hardware), with a USIM application (the software) running on it, is used. The UICC is a high secure hardware module that is connected (wired) to the UE. The USIM application contains all secret keys and provider specific information. The USIM application is provisioned by the cellular operator.
    [0006] The secret keys inside the USIM application stored on the UICC must not be read out. The keys are used to authenticate the UE against the core network with the help of a cryptographic algorithm. Furthermore, the USIM application generates the secret session keys for the UE.
    [0007] Thus, each UE requires a USIM application (running on the UICC) to attach to a core network successfully. Adding provider keys and provider specific setting (profile) is called provisioning.
    [0008] The modem to UICC communication is done via wired serial interface 4 which is standardized in ISO/IEC 7816-3.
    [0009] The disadvantage of an UICC is that a separated secure hardware element, a SIM card, is required. This causes additional system costs. Cost sensitive systems require a solution where the UICC becomes part of the modem inside the UE. Thus, the integration of the UICC (with the USIM application) is called for integrated Subscriber Identity Modules (iSIM).
    [0010] A quite simple solution for an iSIM is just to put the UICC chip and the modem chip in one package (SIP-System in package) or to have the UICC chip as part of the modem chip (figure 1).
    [0011] The objective of the invention is to further reduce the cost per UE and hence to reduce the chip area and energy consumption of an integrated UICC chip.
    [0012] The objective of the invention will be solved therein that during provisioning of the iSIM on the modem chip of the UE, the modem switches to provisioning mode and allocates parts of its dedicated memory exclusively to the iSIM; the iSIM reuses the allocated parts of the modem memory for processing provisioning data; after leaving provisioning mode the allocated parts of the modem memory is cleaned up securely by a protection hardware block; and the parts of the modem memory shared with the iSIM are allocated back to the modem.
    [0013] All SIMs are blank after production and require a provisioning procedure. During the provision the mobile operator stores a unique profile at the SIM. This happens at a special operation mode and not under "normal" modem operation.
    [0014] In normal operation mode the iSIM acts as subscriber identification module. It provides the modem the required profile information stored by the operator before and does the network authentication. In normal operation mode the modem behaves as a normal modem (normal network communication). Modem and iSIM are using its own dedicated memory as illustrated in figure 2 by the hatched areas.
    [0015] The provisioning is done via a cryptographic secured connection. This requires additional temporary memory, e.g. for signature checking or message handling.
    [0016] Since the provisioning is a special modem operation mode the modem itself can provide application memory to the iSIM that is usually used in normal operation by the modem itself, because in provisioning mode the modem itself can be powered off or is responsible to transfer provisioning data between iSIM and outer world. This requires only a minimum of memory.
    [0017] In provisioning mode, the iSIM requires more memory than in normal operation mode. This is caused by the strong usage of asymmetric cryptography (e.g. for signature checking) and the transferring of a whole profile. Usually, the provisioning is only done once or only a few times during the modem lifetime, for example for updating the profile of the UE, which is usually done when the operator was changed.
    [0018] So, the inventive method for improved memory utilization of a UE during provisioning mode can be also seen as a method of RAM sharing during the provisioning. The main advantage is to reuse the unused modem memory for the iSIM when the system is in provisioning mode and hence the reduced memory footprint of the integrated SIM.
    [0019] RAM sharing allows a reduction of the iSIM dedicated memory and hence a reduction of the chip size and power consumption.
    [0020] In a preferred embodiment of the inventive method, the iSIM uses a memory interface to the allocated memory of the modem for accessing the shared parts of the modem memory during provisioning mode. Memory of the modem is understood to be the same as modem memory.
    [0021] In another preferred embodiment of the inventive method, the protection hardware block controls an arbitration of a bus system between the modem and the iSIM for unambiguous utilization of the shared parts of the modem memory.
    [0022] The reuse of the shared parts of the modem memory must be done in a safe manner. The modem must not be able to access the granted (shared) iSIM memory. And after leaving the provisioning mode the shared modem memory must be cleaned up securely. This is achieved by a protection hardware block. This can be done by a reset or by overwriting the RAM with random data by means of a routine.
    [0023] In a further preferred embodiment of the inventive method, the iSIM comprises only dedicated memory for providing required profile information and doing network authentication. The memory size for it is smaller than the memory size needed during provisioning. The advantage of the present inventive method is that in provisioning mode the iSIM memory is increased with memory of the modem and hence the memory size of the iSIM can be reduced significantly.
    [0024] The invention will be explained in more detail using exemplary embodiments.
    [0025] The appended drawings show Fig. 1 Basic components of an iSIM (state-of-the-art); Fig. 2 Modem chip with modem and iSIM and dedicated memories and standardized serial interface (state-of-the-art); Fig. 3 Inventive method and hardware realization by reusing allocated parts of the modem memory during provisioning mode.
    [0026] Figure 3 illustrates the inventive method and the hardware-sided sharing of the allocated parts of the modem memory.
    [0027] The iSIM is in "normal operation" during profile/ID readout. During this, the USIM application requires not so much memory, so the complete memory of the modem is not used. But during provisioning the USIM application requires more memory. Therefore, during the so-called "provisioning" mode parts of the modem memory can be reused by the iSIM. The advantage is that the iSIM itself only needs memory for its application. The memory for dynamic runtime storage can be divided.
    [0028] iSIM applications are rarely active. Classically in NB-IoT devices, when the modem of the UE is turned on (powered-on), IDs are read-out of the iSIM and the modem communicates with the network and makes an attachment. The network sends secret data to the modem, whereas the modem forwards the data to the iSIM, which computes and checks if the data are correct. The iSIM gives the modem a kind of session key and data which is send back to the network by the modem. After that the iSIM is no longer needed. Hence, with the secure resource sharing as claimed by the inventive method, thus the shared parts of the modem memory and the corresponding access of it by the iSIM the chip area and energy consumption of the UE can be reduced significantly.
    [0029] After leaving the provisioning mode, the modem works in "normal operation" mode. The allocated part of the modem memory is cleaned by a protection hardware block (not shown in figure 3). This is done by a reset or by overwriting the RAM with random data by means of a routine, for example by an XOR-mask. Thereof, the memory is cleaned up securely.
    [0030] Both modes are appropriate for RAM sharing, because the UE does not require full memory during attach (profile/ID readout), or even less during the provisioning. List of Reference Signs
    [0031] 1modem chip2modem3integrated Subsciber Identity Module4serial interface5dedicated modem memory6dedicated iSIM memory7shared part of modem memory8interface for reuse of shared modem memory by the iSIM
    权利要求:
    Claims (4)
    [0001] A method for improved memory utilization of a Narrowband Internet of Things device - UE, which comprises a modem (2) and an integrated Subscriber Identity Module (3) - iSIM - each comprising dedicated memory (5, 6) and both combined on a modem chip (1), the method comprising the following steps:
    - during provisioning of the iSIM (3) on the modem chip (1) of the UE, the modem (2) switches to provisioning mode and allocates parts (7) of its dedicated memory (5) exclusively to the iSIM (3);
    - the iSIM (3) reuses the allocated parts of the modem memory (7) for processing provisioning data;
    - after leaving provisioning mode the allocated parts of the modem memory (7) is cleaned up securely by a protection hardware block; and
    - the parts of the modem memory (7) shared with the iSIM (3) are allocated back to the modem (2).
    [0002] The method for improved memory utilization of a UE during provisioning mode according to claim 1, wherein the iSIM (3) uses a memory interface (8) to the allocated memory (7) of the modem (2) for accessing the shared parts of the modem memory (7) during provisioning mode.
    [0003] The method for improved memory utilization of a UE during provisioning mode according to claim 1, wherein the protection hardware block controls an arbitration of a bus system between the modem (2) and the iSIM (3) for unambiguous utilization of the shared parts of the modem memory (7).
    [0004] The method for improved memory utilization of a UE during provisioning mode according to claim 1, wherein the iSIM (3) comprises only dedicated memory (6) for providing required profile information and doing network authentication.
    类似技术:
    公开号 | 公开日 | 专利标题
    US10187904B2|2019-01-22|Telecommunications network and method for time-based network access
    US10594679B2|2020-03-17|Network supporting two-factor authentication for modules with embedded universal integrated circuit cards
    JP5942011B2|2016-06-29|System for managing a plurality of subscriber information in UICC
    US9699642B2|2017-07-04|Electronic subscriber identity module selection
    US10003962B2|2018-06-19|Method and terminal for keeping subscriber identity module card in standby state
    US10638314B2|2020-04-28|Method and apparatus for downloading a profile in a wireless communication system
    US10237722B2|2019-03-19|System and method for multi-SIM profiles or embedded SIM
    US20180332464A9|2018-11-15|Apparatuses, methods and systems for configuring a trusted java card virtual machine using biometric information
    KR102242218B1|2021-04-21|User authentication method and apparatus, and wearable device registration method and apparatus
    KR102160597B1|2020-09-28|Method and apparatus for provisioning profile of embedded universal integrated circuit card
    EP2884785B1|2020-06-24|Service Sharing System and Apparatus
    US20160373920A1|2016-12-22|Managing network connectivity of a device comprising an embedded uicc
    US8914489B2|2014-12-16|Method of personalizing an application embedded in a secured electronic token
    US9439062B2|2016-09-06|Electronic subscriber identity module application identifier handling
    EP2893734B1|2016-04-27|Establishing a device-to-device communication session
    US9848284B2|2017-12-19|Portable mobile subscription
    EP2890167B1|2017-12-20|Method, terminal and universal integrated circuit card | for realizing subscriber identity module | card function in terminal
    US8761832B2|2014-06-24|Method and apparatus for controlling the UICC application file
    US20170064552A1|2017-03-02|Profile download method and apparatus for use in wireless communication system
    KR102001869B1|2019-07-19|Method and Apparatus for managing Profile of Embedded UICC, Provisioning Method and MNO-Changing Method using the same
    US9609458B2|2017-03-28|Mobile radio communication devices, servers, methods for controlling a mobile radio communication device, and methods for controlling a server
    US6799155B1|2004-09-28|Replacement of externally mounted user interface modules with software emulation of user interface module functions in embedded processor applications
    KR20130049726A|2013-05-14|Method for creating trust relationship and embedded uicc
    US8141137B2|2012-03-20|Authentication vector generation device, subscriber identity module, mobile communication system, authentication vector generation method, calculation method, and subscriber authentication method
    US8532295B2|2013-09-10|Method for the secure loading in a NFC chipset of data allowing access to a service
    同族专利:
    公开号 | 公开日
    WO2020160803A1|2020-08-13|
    CN112154681A|2020-12-29|
    US20210120423A1|2021-04-22|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2020-07-10| PUAI| Public reference made under article 153(3) epc to a published international application that has entered the european phase|Free format text: ORIGINAL CODE: 0009012 |
    2020-07-10| STAA| Information on the status of an ep patent application or granted ep patent|Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED |
    2020-08-12| AX| Request for extension of the european patent|Extension state: BA ME |
    2020-08-12| AK| Designated contracting states|Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
    2021-02-05| STAA| Information on the status of an ep patent application or granted ep patent|Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
    2021-03-10| 17P| Request for examination filed|Effective date: 20210203 |
    2021-03-10| RBV| Designated contracting states (corrected)|Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
    2021-10-19| STAA| Information on the status of an ep patent application or granted ep patent|Free format text: STATUS: EXAMINATION IS IN PROGRESS |
    2021-11-17| 17Q| First examination report despatched|Effective date: 20211018 |
    优先权:
    申请号 | 申请日 | 专利标题
    EP19155408||2019-02-05||CN201980033662.XA| CN112154681A|2019-02-05|2019-11-13|Method for improving memory utilization of NB-IoT UE with Integrated Subscriber Identity Moduleduring configuration|
    PCT/EP2019/081201| WO2020160803A1|2019-02-05|2019-11-13|A method for improved memory utilization of a nb-iot ue with an integrated subscriber identity moduleduring provisioning|
    US17/134,134| US20210120423A1|2019-02-05|2020-12-24|Method for Improved Memory Utilization of NB-IoT UE with Integrated Subscriber Identity Module During Provisioning|
    [返回顶部]