• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to an embedded subscriber identity module (eUICC) capable of cooperating with a communication device (T), this module comprising: a communication profile (P1) configured to enable the subscriber identity module embedded to communicate with a telecommunications network (R) when said profile (P1) is active; a reception module (PSM) for receiving, from a remote server (SM-SR) of the mobile telephone network (R), a communication profile management request; and - a profile management module (MGP) configured to: ○ upon receipt of said management request, determine whether a rule is applicable among a predefined set of at least one rule (RL); and, if so, performing an action specified by the applicable rule in association with a communication profile of the onboard subscriber identity module.
    公开号:FR3018654A1
    申请号:FR1452152
    申请日:2014-03-14
    公开日:2015-09-18
    发明作者:Tomasz Wozniak;Guillaume Larignon
    申请人:Oberthur Technologies SA;
    IPC主号:
    专利说明:

    [0001] BACKGROUND OF THE INVENTION The present invention relates to an embedded subscriber identity module also called eUICC card (for "embedded Un / versa / Integrated Circuit Chip"), and more particularly relates to an eUICC card capable of realizing appropriate processing relative to a communication profile, such as a profile activation or deactivation operation for example. In known manner, a SIM card is configured to allow a communication device (such as a mobile phone for example) with which it is cooperating to use the communication network of a single telephone operator. To do this, the SIM card includes a unique identifier IMSI (for "International Mobile Subscriber Identity") associated with a particular subscription of a user with a given mobile operator. When a mobile phone wishes to use the services of a communication network, it sends the IMSI identifier of its SIM card to the network in order to identify itself to the latter. To authenticate with the network, the mobile phone sends a secret key contained in the SIM card. The operator verifies with the aid of a Home Location Register (HLR) database that the user has subscribed to the requested service and, if so, authorizes access to the mobile phone in question.
    [0002] Traditionally, the subscription data (identifiers, keys, algorithms ...) specific to the operator who issued the SIM card are stored permanently in a ROM memory of the SIM card so that the SIM card is not reprogrammable. This in particular makes it possible to reduce the risks of fraud with respect to the identity of the user by making it more difficult to modify or duplicate the SIM card or its subscription data. Therefore, the only way for a user to change their mobile operator is usually to manually replace their current SIM card in their mobile phone with a new SIM card issued by a new operator of their choice. This new SIM card contains the subscription data needed to access the network and services specific to the new operator. The emergence of reprogrammable SIM cards, and in particular embedded subscriber identity modules (also called eUICC cards as indicated above), allows the user to change operator without having to physically replace the SIM card in the card. cellphone. The main features of an eUICC card are defined in the document entitled "Reprogrammable SIMs Technology, Evolution and Implications - Final Report" dated September 25, 2012 (CSMG). This document, prepared by the GSMA ("Global System for Mobile Communications Association"), defines an eUICC card as a small, secure hardware element that can be soldered into a mobile terminal in order to implement the functions of a mobile device. traditional SIM card.
    [0003] In particular, an eUICC card is capable of containing a communication profile which, when it is active, enables the mobile phone to securely access the network of an operator and the services defined by the profile in question. By changing the active communication profile in the eUICC card, it is also possible to change the operator or change the access to associated services (e.g. voice or data services).
    [0004] The use of an eUICC card is particularly advantageous when it is difficult to physically replace a traditional SIM card and, more generally, when you want to easily switch from one operator to another. However, the specification and standardization of the operation and architecture of an eUICC board is still under development and calls for improvement. In particular, there is currently no satisfactory solution for managing the activation or deactivation of a communication profile in an eUICC card. More generally, there is a need for a solution allowing an eUICC card to effectively manage communication profiles.
    [0005] OBJECT AND SUMMARY OF THE INVENTION For this purpose, the present invention relates to an on-board subscriber identity module adapted to cooperate with a communication device, the on-board subscriber identity module comprising: at least one configured communication profile to enable the on-board subscriber identity module to communicate, via the communication device, with a mobile telephone network when said communication profile is active; - A receiving module adapted to receive, from a remote server of the mobile network, a communication profile management request; and a profile management module configured for: on receipt of said management request, determining whether at least one rule is applicable among a predefined set of at least one rule contained in memory in said embedded subscriber identity module; ; o and, if so, performing at least one action specified by said applicable rule in association with a communication profile of said embedded subscriber identity module. The present invention makes it possible to optimize the management of communication profiles in a secure element such as an embedded subscriber identity module from a set of at least one rule that can be applied by the management module. in profile. The present invention offers great flexibility in the management of the communication profiles as a function of events detected by the secure element such as in particular requests received from mobile telephone operators.
    [0006] The invention makes it possible to trigger predefined actions that are adapted to each management request received, such as, for example, the activation or deactivation of a profile, the creation or deletion of a profile, or the switching of a first line. a second profile. In a particular embodiment, the profile management module is able to consult the predefined set of at least one rule in order to determine which of these rules are applicable in response to the communication profile management request. The profile management module is capable of appropriately processing the received management request by performing one or more actions specified by the applicable rules in the predefined set.
    [0007] In a particular embodiment, each communication profile is contained in a dedicated secure domain of the embedded subscriber identity module. In a particular embodiment, said at least one action specified by said applicable rule comprises at least one of: triggering a switchover of said active communication profile to a second determined communication profile; triggering the deactivation of said active communication profile; triggering the activation of a second communication profile; the deletion of all or part of the data of said active communication profile, said data being stored in a non-volatile memory of said subscriber identity module; triggering the deactivation of at least one function of said active communication profile; triggering a timer to induce a determined waiting time between receipt of said management request of said profile, and the implementation of at least part of said at least one action; and - the notification to a remote server of the implementation of an action, for example an action of loading, activation, deactivation or deletion of a communication profile or all or part of the data of a communication profile.
    [0008] In particular, informing the remote server in advance of the forthcoming realization of a particular action (activation, deactivation, switching of profiles, etc.) in connection with a communication profile is advantageous in that it allows in particular for the corresponding mobile operator to trigger the necessary management operations relating to the profiles concerned at the appropriate moment (for example triggering the deletion of sensitive information (cryptographic keys, algorithms, etc.) contained in a profile about to be deactivated, before the effective deactivation of the profile P1). Said at least one function mentioned above comprises for example at least one of a contactless payment application and a transport access application.
    [0009] In a particular embodiment, the profile management module is configured to consult a database of communication profiles, said database being stored in a rewritable non-volatile memory of the embedded subscriber identity module, in order to obtain at least one additional piece of data enabling the implementation of said at least one specified action.
    [0010] In a particular embodiment, said profile database comprises, in association with each profile, at least one of: an identifier of a communication profile, a status indicating said communication profile as active or not active, a pointer to the memory address of said profile and a server address of the provider of said profile.
    [0011] In a particular embodiment, the management request requires deactivation of the active communication profile, the profile management module being configured to: - determine, from said communications profile database, an address of said remote server the telephony network associated with the active communication profile; and initiating sending a notification to said remote server using said address, to inform the remote server of the loading, activation, deactivation or deletion of a communication profile or all or part of data of an upcoming communication profile. In a particular embodiment, the profile management module is configured to determine, from the profile database, a notification application, the management module of the profile management module. profile being configured to send a command containing said address to the notification application to trigger the sending, by said notification application, notification to said remote server. In a particular embodiment, the notification (for example of deactivation) is sent to the remote server via a message of the "Short Message Service" (SMS) or "Unstructured Supplementary Service Data" (USSD) type, or via a message based on the "Hypertext Transfer" protocol, "Card Application Too / Transfer Protocol Kit" (HTTPs / CAT TP) or "Bearer Independent Protocol" (BIP). In a particular embodiment, the remote server is a SM-SR server of the telephony network. In a particular embodiment, the communication device is a mobile telephone terminal. Alternatively, the communication device is a communicating intelligent object (intermachine communication called "Machine-to-Machine"). The communicating intelligent object is, for example, a communicating meter that identifies the energy consumption of a building, and automatically transmits it through a telecommunications network to a distributor. The present invention also relates to a system comprising a communication device and an on-board subscriber identity module as defined above, in which the on-board subscriber identity module is able to cooperate with the communication device to communicate with the subscriber identity module. the communication network, the communication device being for example a mobile telephone terminal. Correlatively, the invention relates to a method of managing a communication profile implemented by an on-board subscriber identity module able to cooperate with a communication device, the method comprising: the use of a profile of communication contained in the embedded subscriber identity module for communicating via the communication device with a mobile telephone network when said communication profile is active, receiving a communication profile management request from a remote server of the network mobile telephony; upon receiving the management request, determining, by a profile management module, whether at least one rule is applicable among a predefined set of at least one rule contained in memory in the onboard subscriber identity module; and if so, the execution by the profile management module of at least one action specified by said applicable rule in association with a communication profile of the on-board subscriber identity module. In a particular embodiment, each communication profile is contained in a dedicated secure domain of said embedded subscriber identity module. In a particular embodiment, the various steps of the method of managing a communication profile are determined by computer program instructions. Accordingly, the invention also relates to a computer program on an information carrier (or recording medium), this program being capable of being implemented in a secure element such as an embedded subscriber identity module. or more generally by a processor, this program comprising instructions adapted to the implementation of the steps of a method of managing a communication profile as described above.
    [0012] This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any other form desirable shape. The invention also provides a computer-readable information carrier (or recording medium), and including instructions of a computer program as mentioned above. The information carrier may be any entity or device capable of storing the program. For example, the medium may comprise storage means, such as a ROM, for example a CD ROM or a microelectronic circuit ROM, or a magnetic recording medium, for example a diskette (floppy disc) or a disk hard. On the other hand, the information medium may be a transmissible medium such as an electrical or optical signal, which may be conveyed via an electrical or optical cable, by radio or by other means. The program according to the invention can be downloaded in particular on an Internet type network. Alternatively, the information carrier may be an integrated circuit in which the program is incorporated, the circuit being adapted to execute or to be used in the execution of the method in question.
    [0013] BRIEF DESCRIPTION OF THE DRAWINGS Other features and advantages of the present invention will emerge from the description given below, with reference to the accompanying drawings which illustrate an embodiment having no limiting character. In the figures: FIG. 1 represents, schematically, the architecture of an eUICC card according to a particular embodiment of the invention, this eUICC card being able to cooperate with a mobile terminal to allow access to a mobile phone network; FIG. 2 represents, in the form of a flowchart, the main steps of a method of managing a communication profile implemented by the eUICC card according to a particular embodiment of the invention; and FIG. 3 represents, in the form of a flow chart, the main steps of a method of managing a communication profile according to a variant of the embodiment of FIG. 2.
    [0014] DETAILED DESCRIPTION OF SEVERAL EMBODIMENTS The present invention relates to an on-board subscriber identity module called, and more particularly relates to an eUICC card capable of appropriately performing a processing relating to a communication profile, such as an operation of a subscriber. for example, enabling or disabling profiles. As already indicated, we will more simply name a subscriber identity module embedded by the name "eUICC card" in this document. FIG. 1 represents, schematically, the architecture of an eUICC card according to a particular embodiment of the invention, this eUICC card being able to cooperate with a mobile telephone terminal T to allow access to a The eUICC card is for example soldered or integrated in the terminal T. Although, in this document, the embodiments of the invention are described with reference to a mobile telephone terminal, the invention more generally applies to a communication device capable of cooperating with a secure element such as an eUICC card. The communication device T can for example be an intelligent object communicating as already explained above, capable of communicating via a telecommunications network with another machine (eg a meter of energy consumption of a building able to communicate through a telecommunications network with a distributor).
    [0015] In the embodiment described here, the mobile terminal T can use the eUICC card to securely access the network R and services provided by the associated telephone operator MNO1 or MNO2 (more generally called MNO for "Mobile Network Operator ").
    [0016] In this particular embodiment, the mobile terminal T comprises an operating system 0S2 capable of controlling in particular a communication interface COM. This COM interface comprises for example, in known manner, a transmitter / receiver coupled to an antenna. In the embodiment described here, the eUICC card is a secure element 10 comprising in particular an operating system OS1 (stored in a read-only memory for example) coupled to a rewritable non-volatile memory MR. The OS1 operating system includes a PSM software module and a profile management module which will be described in more detail later. On the other hand, the nonvolatile memory MR has a privileged ISD security domain and secondary security domains (SSD1 and SSD2 in this example). Each security domain (or secure domain) is a secure compartment of the eUICC card. The ISD security domain is preferred in that it is particularly suitable, and in a known manner, to create and delete secondary security domains in the nonvolatile memory MR, in cooperation with the MGP profile management module. . In addition, each SSD secondary security domain may include a communication profile (or operational profile) associated with a particular MNO operator. In a known manner, a communication profile can notably comprise subscription data (e.g. identifiers (IMSI etc.), cryptographic keys, algorithms (e.g., authentication), etc.). An MNO operator can only access the SSD secondary security domain of its own in the eUICC card. In the embodiment described here, each communication profile is contained in a dedicated security domain. In the example described here, the secondary security domain SSD1 comprises a communication profile P1 allowing, when active, the terminal T to communicate in a first mobile network associated with the MN01 telephony operator. The SSD1 domain furthermore includes APP1 applications specific to the MNO1 operator to which the user has subscribed. Alternatively, the APP1 applications defined for the profile P1 can be contained in the profile P1 itself. The secondary security domain SSD2 is here empty but is also capable of containing a communication profile P2 enabling, if it is active, the terminal T to communicate with the mobile network of the MNO2 operator, as well as APP2 applications. Furthermore, the MGP profile management module is able to communicate, via the terminal T (and in particular its COM interface), securely with a remote entity SM-SR (for "Subscnption Manager-Secure Routing"). R) to perform predefined actions in association with a communication profile (eg P1). As indicated later, the actions that can be implemented are varied and may include the installation, activation or deactivation of a communication profile 10 in a SSD1 or SSD2 secondary security domain. The PSM module is able to receive, from the remote SM-SR server, communication profile management requests that it transmits to the MGP profile management module. This MGP module is configured to manage one or more communication profiles (existing or future) in the eUICC card from an RL set of at least one rule contained in memory in the eUICC card. To do this, the MGP module is able to consult the rules RL to determine which one (s) are applicable (s) in response to a communication profile management request received from the SMSR server. The MGP is able to appropriately process the received RQ1 request by performing one or more actions specified by the applicable rules in the RL set. The RL rules are for example defined by the user of the eUICC card. The PSM and MGP modules may, where appropriate, correspond to a single software module implemented by the eUICC card. The MGP module is further capable of communicating with a PR communication profile register and an AR application register, both of which registers are contained in the nonvolatile memory MR. In this embodiment, the communication profile register PR organizes the communication profiles and their associated applications. This register PR takes for example the form of a database and may for example comprise in association at least two of the following elements: an ICC_ID profile identifier; - a status indicating whether the communication profile is active or not; a pointer to the memory address of the communication profile considered; at least one memory address pointing to one or more applications referenced in the AR application register; an address of the SM-DP server of the associated MNO operator; - access rights to particular services ... Once created or installed in a SSD secondary security domain, each communication profile is referenced in the PR profile register. The profile register PR creates in particular the memory addresses AD in the AR application register so that the applications necessary for managing the associated profile can be invoked easily by the MGP profile management module if necessary. In a particular embodiment, the profile management module is configured to consult the communication profile register in order to obtain at least one additional piece of data allowing the implementation of the action or actions specified by the rules applicable in the together RL. Moreover, the SM-SR server may be specific to each MNO mobile operator or shared by several MNOs (as is the case in FIG. 1). In a known manner, the SM-SR server is in charge of managing the eUICC cards of the users of mobile terminals and, in particular, of providing subscription information necessary to enable the users to access the services to which they have subscribed. The operators MNO1 and MNO2 are each able to communicate with a respective SM-DP server (i.e. SM-DP1 and SM-DP2). In a known manner, these SM-DP servers are configured to assemble and encrypt the information that the MNOs wish to provide to the user's eUICC card via the SM-SR server. In general, this information is encrypted so that the SM-SR server can not interpret it. In addition, the MNO1 and MNO2 operators here each have access to a respective database (DB1 and DB2) each containing subscription information in particular. The operating system OS1, and more particularly the software module MGP, is an example of a computer program within the meaning of the invention, this program comprising instructions for the execution of the steps of a method of managing the profile of communication according to a particular embodiment of the invention. The memory in which the operating system 0S2 is thus constitutes an example of a recording medium within the meaning of the invention, readable by a processor (not shown) of the eUICC card.
    [0017] A particular embodiment of the invention implemented by the eUICC card of FIG. 1 is now described with reference to FIG. 2. More precisely, the eUICC card implements the profile management method of the invention. by implementing in particular the MGP profile management module. We are now considering the case where the SM-SR server transmits, during a step E2, a communication profile management request RQ1 to the eUICC card. In the case envisaged here, the request RQ1 is a request to deactivate the communication profile P1, this being only a non-limiting example of a management request that can be processed by the MGP module. In this example, the management request RQ1 is received by the privileged security domain ISD and then transmitted to the software module PSM (step E4). Alternatively, the request RQ1 can be received directly by the PSM module. The PSM module is an example of a receiving module (or part of this module) within the meaning of the invention. The PSM module checks the request RQ1 and, if it is valid, transmits the request to the MGP profile management module (step E6). During a step E8, the MGP determines if at least one rule of the set RL is applicable in response to the management request RQ1. If no rule of the set RL is applicable, the management method terminates (step E10). In the opposite case, the MGP module executes at least one action specified by the applicable rule (s) denoted RL-A, this action being associated with a communication profile (existing or future) of the eUICC card. The action specified here can concern the profile P1 or possibly a P2 profile that can be created in the domain SSD2. In the embodiment described here, the MGP performs two actions specified by the applicable rule RL-A in response to the request RQ1 for deactivation of the profile P1, namely the actions E15 and E21 both relating to the management of the profile. communication Pl. Other examples of management requests and corresponding actions are of course conceivable as explained later. More specifically, the MGP module first undertakes to inform a server of the MNO1 operator concerned, for example the SM-DP1 server as shown here in FIG. 2, that the currently active profile P1 is about to be deactivated (step E15). To do this, the MGP module sends (E16) here first of all a request RQ2 to the profile register PR. In response, the MGP receives (E18) the AD address of the SM-DP server associated with the profile being processed (ie the address of the SM-DP1 server associated with P1 in this example). By consulting the profile register PR, the MGP module is able to verify that the profile P1 is referenced in said profile register PR.
    [0018] The MGP module then sends (E20) a message MSG1 to the server SM-DP1 to inform the latter that the profile P1 is about to be disabled. This message MSG1 is a deactivation notification sent to the remote server SM-DP1 via for example a message of the type "Short Message Service" (SMS) or "Unstructured Supplementary Service Data" (USSD), or via a message based on the protocol " Hypertext Transfer "," Card Application Toolkit Transfer Protocol "(HTTPs / CAT TP) or" Bearer Independent Protocol "(BIP). Notifications concerning other events can of course be sent on command of the MGP module using the technologies indicated above. Informing the SM-DP1 server in advance of the imminent deactivation of the profile P1 (or of another imminent event related to the profile P1) is advantageous in that it allows in particular for the corresponding operator MNO1 to trigger necessary management operations relating to the profile P1 (such as triggering the deletion of critical information contained in the profile P1 such as cryptographic keys, algorithms, etc.), if necessary before the effective deactivation of the profile P1. As explained by the further with reference to FIG. 3, other ways can be envisaged to allow the MGP module to warn the SM-DP1 server of the imminent deactivation of the profile P1. Still with reference to FIG. 2, the MGP profile management module also triggers, in the step E21, the deactivation of the profile P1 in accordance with the management request RQ1. To do this, the MGP module sends (E22) a request RQ3 to the profile register PR. In return, the MGP module receives (E24) from the profile register PR an identifier ID1 of an APP-DES application to be triggered, namely the application intended to disable the profile P1. The MGP module then sends (E28) a request RQ4 containing the identifier ID1 to the application register AR. In response, the MGP module receives (E30) from the application register AR ID2 data for triggering the execution of the APP-DES deactivation application. This data ID2 may comprise for example a memory address and / or any other appropriate parameters. Thus, during a step E32, the MGP profile management module sends (E32) a CMD1 command to the deactivation application APP-DES in order to control it to deactivate the communication profile P1 in the card. eUICC. The command CMD1 may include for this purpose an identifier of the profile P1 to disable. Once the P1 profile has been deactivated (E34), the MGP profile management module receives (E36) from the APP-DES application a notification MSG2 indicating that the deactivation of the profile P1 has been performed.
    [0019] In this embodiment, the MGP module then informs (E38) the profile register PR, by means of a notification MSG3, that the profile P1 has been deactivated. In this way, the profile register PR can for example update the active / inactive status of the profile P1 in question. Still in this example, the profile register also sends (E40) a message MSG4 to the PSM software module to inform the latter that the profile P1 has been disabled.
    [0020] Optionally, the MGP module may further send (E42) a message MSG5 to the remote server SM-DP1 to inform the latter that the profile P1 is now inactive. To do this, the same technologies as those mentioned above for the MSG1 message can be used.
    [0021] FIG. 3 represents a variant of the embodiment described with reference to FIG. 2. In FIG. 3, the steps E2 to E10 are carried out in the same manner as in FIG. 2. On the other hand, in the case of a positive result at FIG. determination step E8, the MGP module performs step E50 instead of step E15 previously described. In other words, the action performed in step E50 according to the applicable rule differs from the action E15 previously described with reference to FIG. 2. In essence, during this step E50, the MGP sends (E52) a request RQ10 to the PR profile register. In return, the MGP module receives (E54), from the profile register PR, the AD address of the remote server SM-DP1 as well as the identifier ID4 of an APP-NOTIF notification application to be invoked to warn the server remote SM-DP1 of the imminent deactivation of the P1 profile. The MGP module sends (E56) thus a request RQ11 containing the identifier ID4 to the registry of applications AR. In return, the MGP module receives from said AR register an ID5 data allowing the MGP module to trigger the execution of the APP-NOTIF notification application. This data ID4 may comprise for example a memory address. The MGP module then sends (E60) to the APP-NOTIF application a CMD2 command containing the AD address of the remote server DM-DP1 in order to trigger the sending (E62) by the APP-NOTIF application of a MSG6 notification to inform the server SM-DP1 (and therefore the operator MNO1) that the communication profile P1 is about to be disabled. The sending of MSG6 can for example implement the same technologies as those mentioned above for sending the MSG1 message. As already indicated with reference to FIG. 2, it is not mandatory for the server represented by the name SM-SP1 in FIG. 3 to be of SM-DP1 type. The MGP module then performs step E21 as previously described with reference to FIG. 2. The present variant therefore differs from the embodiment described in FIG. 2 in that the MGP module uses an appropriate APP-NOTIF notification application here. to inform the SM-DP1 server of the impending deactivation of the P1 profile. In all cases, the MGP module is able to trigger the sending of a notification to the appropriate SM-DP remote server by using the address received from the profile register PR.
    [0022] Many variants of the embodiments shown in FIGS. 2 and 3 are naturally conceivable. In particular, the notifications MSG1 and MSG6 sent respectively to steps E20 and E62 can also trigger various functions according to the desired configuration. According to one particular variant, the applicable rule RL-A can specify that each of the messages E20 and E62 comprises a parameter (for example of the MSISDN type) which, when received by the MNO operator concerned, makes it possible to trigger a transfer call (or "call forwarding" in English) to it. In practice, such a call transfer function aims at enabling a user to be contacted on a first telephone number associated with a first communication profile when this profile is deactivated. More precisely, when the rule RL-A applied triggers the implementation of the "call forwarding" function, the eUICC card (and more particularly the MGP profile management module) transmits a message to the MNO associated with the profile on the point d to be disabled (MNO1 in this case). This message informs the MNO that calls to a first telephone number associated with the profile to be deactivated must be redirected to a second telephone number associated with another operator. On receipt of a call to the first telephone number, the operator associated with the profile to be deactivated thus transfers the call to the network of the other operator concerned. As explained above, the profile management module according to the invention is not limited to the processing of profile deactivation queries. The profile management module is more generally capable of performing at least one predefined action in association with a communication profile (existing or future in the eUICC card), this action being specified in an applicable rule from a set RL from to less a rule. The predefined action to be carried out can be aimed, for example, at activating or deactivating a profile, switching (permanent or temporary) from a first to a second profile, deleting a profile or all or part of the data. associated with a profile, or the notification to a server of a particular event (such as at least one of the aforementioned actions). The following are examples of rules defining an action when a particular condition is satisfied: if the use of the currently active P communication profile has a cost (in terms of quality of service examples) beyond one a certain limit in the geographical area in which the terminal T is located, triggering a switchover to a more suitable communication profile; if the currently active communication profile does not satisfy a certain quality of service -) triggering the switchover to a more suitable communication profile; - deactivation requests from a particular SM-DP server are prohibited or allowed; if a deactivation request is received from a particular SM-DP server -> sending a message with a specific USSD data; if a deactivation request is received from a particular SM-DP server deleting all data, applications and / or files associated with the profile that is about to be disabled; if a profile failover request is received from a particular SM-DP server -> performing a file management operation (e.g. delete sensitive data such as cryptographic keys from particular files); if a profile failover request is received from a particular SM-DP server disabling the applications that are associated with the disabled profile; - if a profile failover request is received from a particular SM-DP server triggering a delay between switching from the first to the second profile to allow the execution of additional functions (eg deletion of certain data, sending a message, updating the AR application register ...); etc.
    [0023] In a particular embodiment, said at least one action specified by the rule applicable by the MGP module comprises at least one of: triggering a switch from the active communication profile to a second determined communication profile (distinct from the currently active profile); triggering the deactivation of the active communication profile; triggering the activation of a second communication profile (distinct from the currently active profile); the deletion of all or part of the data of the active communication profile (these data being in a non-volatile memory of the subscriber identity module); triggering the deactivation of at least one function of the active communication profile, said at least one function comprises at least one of a contactless payment application and a transport access application; triggering a timer in order to induce a determined waiting period between receiving said request for managing said profile, and implementing at least part of said at least one action; and - the notification to a remote server of the implementation of an action, for example an action of loading, activation, deactivation or deletion of a communication profile or all or part of the data of a communication profile.
    [0024] In general, the present invention therefore makes it possible to optimize the management of communication profiles in a secure element such as an on-board subscriber identity module from a set of at least one rule that may be applicable. by the profile management module. The present invention offers great flexibility in the management of profiles as a function of events detected by the secure element such as in particular requests received from mobile telephone operators. Those skilled in the art will understand that the embodiments and variants described above are only non-limiting examples of implementation of the invention. In particular, those skilled in the art may consider any combination of the variants and embodiments described above to meet a particular need.
    权利要求:
    Claims (16)
    [0001]
    REVENDICATIONS1. An embedded subscriber identity module (eUICC) capable of cooperating with a communication device (T), the on-board subscriber identity module 5 comprising: at least one communication profile (P1) configured to enable the identity module on-board subscriber (eUICC) communicating, via the communication device, with a mobile telephone network (R) when said communication profile is active; A receiving module (PSM) adapted to receive, from a remote server (SM-SR) of said mobile telephone network, a communication profile management request; and a Profile Management Module (MGP) configured for: o upon receiving said management request, determining whether at least one rule 15 is applicable among a predefined set (RL) of at least one rule contained in memory in said module embedded subscriber identity; and, if so, performing at least one action specified by said applicable rule in association with a communication profile of said embedded subscriber identity module (eUICC).
    [0002]
    An on-board subscriber identity module according to claim 1, wherein each communication profile (P1) is contained in a dedicated secure domain (SSD1, SSD2) of said embedded subscriber identity module. 25
    [0003]
    An on-board subscriber identity module according to claim 1 or 2, wherein said at least one action specified by said applicable rule comprises at least one of: triggering a switchover of said active communication profile to a second determined communication profile; triggering the deactivation of said active communication profile; triggering the activation of a second communication profile; removing all or part of the data of said active communication profile, said data being stored in a nonvolatile memory of said subscriber identity module; triggering the deactivation of at least one function of said active communication profile; triggering a timer to induce a determined waiting time between receipt of said management request of said profile, and the implementation of at least part of said at least one action; and notifying a remote server of the implementation of an action, for example an action of loading, activation, deactivation or deletion of a communication profile or all or part of the data of a profile Communication.
    [0004]
    The on-board subscriber identity module according to claim 3, wherein said at least one function comprises at least one of a contactless payment application and a transport access application.
    [0005]
    An on-board subscriber identity module according to any one of claims 1 to 4, wherein the profile management module (MGP) is configured to consult a communication profile database (PR), said database of data being stored in a rewritable non-volatile memory (MR) of said embedded subscriber identity module, in order to obtain at least one additional piece of data enabling the implementation of said at least one action.
    [0006]
    An on-board subscriber identity module according to claim 5, wherein said profile database (PR) comprises, in association with each profile (P1), at least one of: an identifier of a profile of communication, a status indicating said communication profile as active or not active, a pointer to the memory address of said profile and a provider server address (MNO / SM-SP) of said profile,
    [0007]
    The on-board subscriber identity module according to claim 5 or 6, wherein said management request requires the deactivation of the active communication profile (P1), the profile management module (MGP) being configured to: determine, at from said communication profile database (PR), an address (AD) of said remote server (SM-DP1) of the telephony network associated with the active communication profile (P1); and initiating sending a notification (MSG1; MSG6) to said remote server (SM-DP1) using said address (AD) to inform the remote server of loading, activation, deactivation or deleting a profilde communication or all or part of the data of an upcoming communication profile.
    [0008]
    The on-board subscriber identity module according to claim 7, wherein the profile management module (MGP) is configured to determine, from the profile database (PR), a notification application (APP- NOTIF), said profile management module being configured to send a command (CMD2) containing said address (AD) to the notification application (APP-NOTIF) in order to trigger the sending, by said notification application, of the notification (MSG6) to said remote server.
    [0009]
    An on-board subscriber identity module according to any of claims 6 to 8, wherein the notification is sent to said remote server via a Short Message Service (SMS) or Unstructured Supplementary Service Data message. (USSD), or via a message based on the "Hypertext Transfer" protocol, "Card Application Toolkit Transfer Protocol" (HTTPs / CAT TP) or "Bearer Independent Protocol" (BIP).
    [0010]
    An on-board subscriber identity module according to any one of claims 1 to 9, wherein the remote server (SM-SR) is an SM-SR server of said telephony network (R).
    [0011]
    An on-board subscriber identity module according to any one of claims 1 to 10, wherein the communication device (T) is a mobile telephone terminal.
    [0012]
    12. A system comprising a communication device (T) and embedded subscriber identity module (eUICC) according to any one of claims 1 to 11, wherein the embedded subscriber identity module (eUICC) is adapted to cooperating with said communication device (T) to communicate with said communication network (R), the communication device (T) being a mobile telephone terminal.
    [0013]
    13. A method of managing a communication profile implemented by an embedded subscriber identity module (eUICC) capable of cooperating with a communication device (T), the method comprising: the use of a profile communication device (P1) contained in the on-board subscriber identity module (eUICC) for communicating via the communication device (T) with a mobile telephone network (R) when said communication profile is active; receiving a communication profile management request (RQ1) from a remote server (SM-SR) of said mobile telephone network; upon receiving said management request, determining, by a profile management module (MGP), whether at least one rule is applicable among a predefined set (RL) of at least one rule contained in memory in said module of embedded subscriber identity (eUICC); and if so, the execution by the profile management module (MGP) of at least one action specified by said applicable rule in association with a communication profile of said embedded subscriber identity module.
    [0014]
    The management method according to claim 13, wherein each communication profile is contained in a dedicated secure domain (SSD1, SSD2) of said embedded subscriber identity module (eUICC).
    [0015]
    A computer program (OS) comprising instructions for performing the steps of a method of managing a communication profile according to claim 13 or 14 when said program is executed by a processor.
    [0016]
    16. A processor-readable recording medium on which a computer program (OS) is recorded including instructions for performing the steps of a method of managing a communication profile according to claim 13 or 14. .
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3117640B1|2018-08-29|Embedded subscriber identity module capable of managing communication profiles
    EP3029968B1|2019-07-31|Method for provisioning a subscriber profile inside a secure module
    EP3219157B1|2018-10-31|Euicc card storing short numbers per subscriber profile to notify a subscription management server
    EP3542563B1|2020-11-11|Installation of a profile in an embedded subscriber identity module
    CA2243530A1|1999-02-14|Improved process for the loading of a predetermined list of items by a mobile terminal driven by a subscriber identification module, with the corresponding command, subscriber identification number and mobile terminal
    EP3395089B1|2019-11-27|Embedded subscriber identity module comprising communication profiles
    EP3395090B1|2020-05-13|Method for controlling an embedded subscriber identity module
    FR3039738A1|2017-02-03|METHOD OF MANAGING A PROFILE RECORDED IN A SECURE ELEMENT, AND CORRESPONDING SECURE ELEMENT
    FR3013479A1|2015-05-22|NOTIFICATION METHOD FOR CONFIGURING A SECURE ELEMENT
    WO2008015126A1|2008-02-07|Customization of a radio communication terminal
    FR2892837A1|2007-05-04|File data downloading method for e.g. payment card, involves notifying campaign server that event relating to presence of communicating object satisfies transmitted campaign rules to initiate downloading of data towards object
    EP3195638B1|2018-07-04|Method for administering life cycles of communication profiles
    FR3077457A1|2019-08-02|METHOD FOR MANAGING ACCESS TO A TELECOMMUNICATION INFRASTRUCTURE COMPRISING PUBLIC AND PRIVATE NETWORKS AND ASSOCIATED DEVICES
    EP3637871A1|2020-04-15|Subscriber identification card for a mobile terminal
    EP3917184A1|2021-12-01|Method and devices for management of communication profiles
    WO2014029939A1|2014-02-27|Method for activating a new profile in a security element
    FR3078469A1|2019-08-30|CONFIGURING AN INBOARD SUBSCRIBER IDENTITY MODULE
    FR3002408A1|2014-08-22|Method for configuring supply profile of terminal e.g. mobile phone, by embedded universal integrated circuit card, involves obtaining and storing identifier of current supply profile compatible with current use region of terminal
    WO2021019162A1|2021-02-04|Dynamic adaption of a secure element execution environment to profiles
    EP2469959B1|2017-12-06|Method and apparatus for managing a service session between a multi-mode terminal and an ANDSF server
    WO2016207532A1|2016-12-29|Cellular-radio data processing method implemented by a sim card, especially for security purposes
    FR3034543A1|2016-10-07|SYSTEM AND METHOD FOR EXECUTING AN APPLICATION IN A TERMINAL WITH A CHIP CARD
    同族专利:
    公开号 | 公开日
    JP2017517987A|2017-06-29|
    EP3117640A1|2017-01-18|
    EP3117640B1|2018-08-29|
    KR102361211B1|2022-02-10|
    JP6619368B2|2019-12-11|
    WO2015136200A1|2015-09-17|
    US20170215063A1|2017-07-27|
    FR3018654B1|2017-07-07|
    KR20160132460A|2016-11-18|
    US10165437B2|2018-12-25|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2011036484A2|2009-09-22|2011-03-31|Truphone Limited|Subscriber identification management broker for fixed/mobile networks|
    KR101087083B1|2009-12-15|2011-11-25|에스케이플래닛 주식회사|Smart card, user equipment, mobile payment services system and method|
    KR20130006258A|2011-07-08|2013-01-16|주식회사 케이티|Method for changing mno of embedded sim based on dynamic key generation, embedded sim and recording medium for the same|
    EP2854432B1|2012-05-23|2021-07-14|Samsung Electronics Co., Ltd.|Method for control and enforcement of policy rule and euicc|
    KR101893934B1|2012-04-09|2018-08-31|주식회사 케이티|Method and Embedded UICC for Management and Execution of Policy Rule|FR3038421B1|2015-06-30|2017-08-18|Oberthur Technologies|METHOD FOR MANAGING PROFILES IN A SECURE ELEMENT|
    FR3042675B1|2015-10-15|2017-12-08|Oberthur Technologies|ELECTRONIC DEVICE COMPRISING A SECURE MODULE SUPPORTING A LOCAL MANAGEMENT MODE FOR CONFIGURING A SUBSCRIBING PROFILE|
    EP3179755A1|2015-12-08|2017-06-14|Gemalto M2M GmbH|Method for configuring a wireless device for using voice over lte|
    KR20170077489A|2015-12-28|2017-07-06|삼성전자주식회사|Method and apparatus for receiving/transmitting profile in communication system|
    CN109417696B|2016-06-23|2021-11-19|瑞典爱立信有限公司|Method and entity for ending subscription|
    CN108229213B|2016-12-15|2020-07-07|中国移动通信有限公司研究院|Access control method and system and electronic equipment|
    US10477383B2|2017-07-20|2019-11-12|T-Mobile Usa, Inc.|ESIM profile metadata provisioning|
    US10356604B2|2017-07-20|2019-07-16|T-Mobile Usa, Inc.|eSIM profile reuse for eUICCs|
    WO2019019185A1|2017-07-28|2019-01-31|华为技术有限公司|Method for updating network access application authentication information, terminal and server|
    US20190181901A1|2017-12-08|2019-06-13|T-Mobile Usa, Inc.|Local profile assistant and application programming interface|
    KR20190093383A|2018-02-01|2019-08-09|삼성전자주식회사|Electronic device for installing a profile and method for the same|
    KR20190105875A|2018-03-06|2019-09-18|삼성전자주식회사|Method performed by eletronic device comprising secure element and the electronic device thereof|
    DE102019000743A1|2019-02-01|2020-08-06|Giesecke+Devrient Mobile Security Gmbh|Methods and devices for managing subscription profiles of a security element|
    法律状态:
    2016-02-19| PLFP| Fee payment|Year of fee payment: 3 |
    2017-02-21| PLFP| Fee payment|Year of fee payment: 4 |
    2018-02-20| PLFP| Fee payment|Year of fee payment: 5 |
    2020-02-20| PLFP| Fee payment|Year of fee payment: 7 |
    2021-02-18| PLFP| Fee payment|Year of fee payment: 8 |
    2022-02-21| PLFP| Fee payment|Year of fee payment: 9 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1452152A|FR3018654B1|2014-03-14|2014-03-14|ON-SUB SUBSCRIBER IDENTITY MODULE SUITABLE FOR MANAGING COMMUNICATION PROFILES|FR1452152A| FR3018654B1|2014-03-14|2014-03-14|ON-SUB SUBSCRIBER IDENTITY MODULE SUITABLE FOR MANAGING COMMUNICATION PROFILES|
    PCT/FR2015/050573| WO2015136200A1|2014-03-14|2015-03-09|Embedded subscriber identity module capable of managing communication profiles|
    EP15713995.7A| EP3117640B1|2014-03-14|2015-03-09|Embedded subscriber identity module capable of managing communication profiles|
    JP2016574500A| JP6619368B2|2014-03-14|2015-03-09|Embedded subscriber identification module capable of managing communication profiles|
    US15/125,397| US10165437B2|2014-03-14|2015-03-09|Embedded subscriber identity module capable of managing communication profiles|
    KR1020167028396A| KR102361211B1|2014-03-14|2015-03-09|Embedded subscriber identity module capable of managing communication profiles|
    [返回顶部]